gauvain/san-reymoros
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Tentative de régler le bordel

Browse Source
This commit is contained in:
Gauvain Boiché
2020-03-31 15:58:31 +02:00
parent a1864c0414
commit 459b46df7b
345 changed files with 10758 additions and 4066 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
includes/acp/acp_attachments.php
View File

@@ -27,6 +27,9 @@ class acp_attachments
/** @var \phpbb\config\config */
protected $config;
/** @var \phpbb\language\language */
protected $language;
/** @var ContainerBuilder */
protected $phpbb_container;
@@ -54,6 +57,7 @@ class acp_attachments
$this->id = $id;
$this->db = $db;
$this->config = $config;
$this->language = $phpbb_container->get('language');
$this->template = $template;
$this->user = $user;
$this->phpbb_container = $phpbb_container;
@@ -128,7 +132,7 @@ class acp_attachments
$s_assigned_groups = array();
while ($row = $db->sql_fetchrow($result))
{
$row['group_name'] = (isset($user->lang['EXT_GROUP_' . $row['group_name']])) ? $user->lang['EXT_GROUP_' . $row['group_name']] : $row['group_name'];
$row['group_name'] = $this->language->is_set('EXT_GROUP_' . utf8_strtoupper($row['group_name'])) ? $this->language->lang('EXT_GROUP_' . utf8_strtoupper($row['group_name'])) : $row['group_name'];
$s_assigned_groups[$row['cat_id']][] = $row['group_name'];
}
$db->sql_freeresult($result);
@@ -573,7 +577,7 @@ class acp_attachments
$group_id = $db->sql_nextid();
}
$group_name = (isset($user->lang['EXT_GROUP_' . $group_name])) ? $user->lang['EXT_GROUP_' . $group_name] : $group_name;
$group_name = $this->language->is_set('EXT_GROUP_' . utf8_strtoupper($group_name)) ? $this->language->lang('EXT_GROUP_' . utf8_strtoupper($group_name)) : $group_name;
$phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_ATTACH_EXTGROUP_' . strtoupper($action), false, array($group_name));
}
@@ -606,7 +610,6 @@ class acp_attachments
$cat_lang = array(
ATTACHMENT_CATEGORY_NONE => $user->lang['NO_FILE_CAT'],
ATTACHMENT_CATEGORY_IMAGE => $user->lang['CAT_IMAGES'],
ATTACHMENT_CATEGORY_FLASH => $user->lang['CAT_FLASH_FILES'],
);
$group_id = $request->variable('g', 0);
@@ -875,7 +878,7 @@ class acp_attachments
'U_EDIT' => $this->u_action . "&action=edit&g={$row['group_id']}",
'U_DELETE' => $this->u_action . "&action=delete&g={$row['group_id']}",
'GROUP_NAME' => (isset($user->lang['EXT_GROUP_' . $row['group_name']])) ? $user->lang['EXT_GROUP_' . $row['group_name']] : $row['group_name'],
'GROUP_NAME' => $this->language->is_set('EXT_GROUP_' . utf8_strtoupper($row['group_name'])) ? $this->language->lang('EXT_GROUP_' . utf8_strtoupper($row['group_name'])) : $row['group_name'],
'CATEGORY' => $cat_lang[$row['cat_id']],
)
);
@@ -1244,15 +1247,11 @@ class acp_attachments
'ATTACHMENT_POSTER' => get_username_string('full', (int) $row['poster_id'], (string) $row['username'], (string) $row['user_colour'], (string) $row['username']),
'FILESIZE' => get_formatted_filesize((int) $row['filesize']),
'FILETIME' => $user->format_date((int) $row['filetime']),
'REAL_FILENAME' => (!$row['in_message']) ? utf8_basename((string) $row['real_filename']) : '',
'PHYSICAL_FILENAME' => utf8_basename((string) $row['physical_filename']),
'EXT_GROUP_NAME' => (!empty($extensions[$row['extension']]['group_name'])) ? $user->lang['EXT_GROUP_' . $extensions[$row['extension']]['group_name']] : '',
'REAL_FILENAME' => utf8_basename((string) $row['real_filename']),
'EXT_GROUP_NAME' => $this->language->is_set('EXT_GROUP_' . utf8_strtoupper($extensions[$row['extension']]['group_name'])) ? $this->language->lang('EXT_GROUP_' . utf8_strtoupper($extensions[$row['extension']]['group_name'])) : $extensions[$row['extension']]['group_name'],
'COMMENT' => $comment,
'TOPIC_TITLE' => (!$row['in_message']) ? (string) $row['topic_title'] : '',
'ATTACH_ID' => (int) $row['attach_id'],
'POST_ID' => (int) $row['post_msg_id'],
'TOPIC_ID' => (int) $row['topic_id'],
'POST_IDS' => (!empty($post_ids[$row['attach_id']])) ? (int) $post_ids[$row['attach_id']] : '',
'L_DOWNLOAD_COUNT' => $user->lang($l_downloaded_viewed, (int) $row['download_count']),
@@ -1385,7 +1384,6 @@ class acp_attachments
$types = array(
ATTACHMENT_CATEGORY_NONE => $user->lang['NO_FILE_CAT'],
ATTACHMENT_CATEGORY_IMAGE => $user->lang['CAT_IMAGES'],
ATTACHMENT_CATEGORY_FLASH => $user->lang['CAT_FLASH_FILES'],
);
if ($group_id)
@@ -1434,7 +1432,7 @@ class acp_attachments
$group_name = array();
while ($row = $db->sql_fetchrow($result))
{
$row['group_name'] = (isset($user->lang['EXT_GROUP_' . $row['group_name']])) ? $user->lang['EXT_GROUP_' . $row['group_name']] : $row['group_name'];
$row['group_name'] = $this->language->is_set('EXT_GROUP_' . utf8_strtoupper($row['group_name'])) ? $this->language->lang('EXT_GROUP_' . utf8_strtoupper($row['group_name'])) : $row['group_name'];
$group_name[] = $row;
}
$db->sql_freeresult($result);

198
includes/acp/acp_bbcodes.php
View File

@@ -33,7 +33,6 @@ class acp_bbcodes
// Set up general vars
$action = $request->variable('action', '');
$bbcode_id = $request->variable('bbcode', 0);
$submit = $request->is_set_post('submit');
$this->tpl_name = 'acp_bbcodes';
$this->page_title = 'ACP_BBCODES';
@@ -41,11 +40,6 @@ class acp_bbcodes
add_form_key($form_key);
if ($submit && !check_form_key($form_key))
{
trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING);
}
// Set up mode-specific vars
switch ($action)
{
@@ -163,7 +157,7 @@ class acp_bbcodes
* @var string bbcode_tpl The bbcode HTML replacement string
* @var string bbcode_helpline The bbcode help line string
* @var array hidden_fields Array of hidden fields for use when
* submitting form when $warn_text is true
* submitting form when $warn_unsafe is true
* @since 3.1.0-a3
*/
$vars = array(
@@ -178,8 +172,25 @@ class acp_bbcodes
);
extract($phpbb_dispatcher->trigger_event('core.acp_bbcodes_modify_create', compact($vars)));
$warn_text = preg_match('%<[^>]*\{text[\d]*\}[^>]*>%i', $bbcode_tpl);
if (!$warn_text || confirm_box(true))
$acp_utils = $phpbb_container->get('text_formatter.acp_utils');
$bbcode_info = $acp_utils->analyse_bbcode($bbcode_match, $bbcode_tpl);
$warn_unsafe = ($bbcode_info['status'] === $acp_utils::BBCODE_STATUS_UNSAFE);
if ($bbcode_info['status'] === $acp_utils::BBCODE_STATUS_INVALID_TEMPLATE)
{
trigger_error($user->lang['BBCODE_INVALID_TEMPLATE'] . adm_back_link($this->u_action), E_USER_WARNING);
}
if ($bbcode_info['status'] === $acp_utils::BBCODE_STATUS_INVALID_DEFINITION)
{
trigger_error($user->lang['BBCODE_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING);
}
if (!$warn_unsafe && !check_form_key($form_key))
{
trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING);
}
if (!$warn_unsafe || confirm_box(true))
{
$data = $this->build_regexp($bbcode_match, $bbcode_tpl);
@@ -196,7 +207,10 @@ class acp_bbcodes
$db->sql_freeresult($result);
// Grab the end, interrogate the last closing tag
if ($info['test'] === '1' || in_array(strtolower($data['bbcode_tag']), $hard_coded) || (preg_match('#\[/([^[]*)]$#', $bbcode_match, $regs) && in_array(strtolower($regs[1]), $hard_coded)))
if (isset($info['test']) && $info['test'] === '1'
|| in_array(strtolower($data['bbcode_tag']), $hard_coded)
|| (preg_match('#\[/([^[]*)]$#', $bbcode_match, $regs) && in_array(strtolower($regs[1]), $hard_coded))
)
{
trigger_error($user->lang['BBCODE_INVALID_TAG_NAME'] . adm_back_link($this->u_action), E_USER_WARNING);
}
@@ -211,11 +225,6 @@ class acp_bbcodes
$test = $data['bbcode_tag'];
}
if (!preg_match('%\\[' . $test . '[^]]*].*?\\[/' . $test . ']%s', $bbcode_match))
{
trigger_error($user->lang['BBCODE_OPEN_ENDED_TAG'] . adm_back_link($this->u_action), E_USER_WARNING);
}
if (strlen($data['bbcode_tag']) > 16)
{
trigger_error($user->lang['BBCODE_TAG_TOO_LONG'] . adm_back_link($this->u_action), E_USER_WARNING);
@@ -451,144 +460,7 @@ class acp_bbcodes
function build_regexp(&$bbcode_match, &$bbcode_tpl)
{
$bbcode_match = trim($bbcode_match);
$bbcode_tpl = trim($bbcode_tpl);
// Allow unicode characters for URL|LOCAL_URL|RELATIVE_URL|INTTEXT tokens
$utf8 = preg_match('/(URL|LOCAL_URL|RELATIVE_URL|INTTEXT)/', $bbcode_match);
$fp_match = preg_quote($bbcode_match, '!');
$fp_replace = preg_replace('#^\[(.*?)\]#', '[$1:$uid]', $bbcode_match);
$fp_replace = preg_replace('#\[/(.*?)\]$#', '[/$1:$uid]', $fp_replace);
$sp_match = preg_quote($bbcode_match, '!');
$sp_match = preg_replace('#^\\\\\[(.*?)\\\\\]#', '\[$1:$uid\]', $sp_match);
$sp_match = preg_replace('#\\\\\[/(.*?)\\\\\]$#', '\[/$1:$uid\]', $sp_match);
$sp_replace = $bbcode_tpl;
// @todo Make sure to change this too if something changed in message parsing
$tokens = array(
'URL' => array(
'!(?:(' . str_replace(array('!', '\#'), array('\!', '#'), get_preg_expression('url')) . ')|(' . str_replace(array('!', '\#'), array('\!', '#'), get_preg_expression('www_url')) . '))!ie' => "\$this->bbcode_specialchars(('\$1') ? '\$1' : 'http://\$2')"
),
'LOCAL_URL' => array(
'!(' . str_replace(array('!', '\#'), array('\!', '#'), get_preg_expression('relative_url')) . ')!e' => "\$this->bbcode_specialchars('$1')"
),
'RELATIVE_URL' => array(
'!(' . str_replace(array('!', '\#'), array('\!', '#'), get_preg_expression('relative_url')) . ')!e' => "\$this->bbcode_specialchars('$1')"
),
'EMAIL' => array(
'!(' . get_preg_expression('email') . ')!ie' => "\$this->bbcode_specialchars('$1')"
),
'TEXT' => array(
'!(.*?)!es' => "str_replace(array(\"\\r\\n\", '\\\"', '\\'', '(', ')'), array(\"\\n\", '\"', '&#39;', '&#40;', '&#41;'), trim('\$1'))"
),
'SIMPLETEXT' => array(
'!([a-zA-Z0-9-+.,_ ]+)!' => "$1"
),
'INTTEXT' => array(
'!([\p{L}\p{N}\-+,_. ]+)!u' => "$1"
),
'IDENTIFIER' => array(
'!([a-zA-Z0-9-_]+)!' => "$1"
),
'COLOR' => array(
'!([a-z]+|#[0-9abcdef]+)!i' => '$1'
),
'NUMBER' => array(
'!([0-9]+)!' => '$1'
)
);
$sp_tokens = array(
'URL' => '(?i)((?:' . str_replace(array('!', '\#'), array('\!', '#'), get_preg_expression('url')) . ')|(?:' . str_replace(array('!', '\#'), array('\!', '#'), get_preg_expression('www_url')) . '))(?-i)',
'LOCAL_URL' => '(?i)(' . str_replace(array('!', '\#'), array('\!', '#'), get_preg_expression('relative_url')) . ')(?-i)',
'RELATIVE_URL' => '(?i)(' . str_replace(array('!', '\#'), array('\!', '#'), get_preg_expression('relative_url')) . ')(?-i)',
'EMAIL' => '(' . get_preg_expression('email') . ')',
'TEXT' => '(.*?)',
'SIMPLETEXT' => '([a-zA-Z0-9-+.,_ ]+)',
'INTTEXT' => '([\p{L}\p{N}\-+,_. ]+)',
'IDENTIFIER' => '([a-zA-Z0-9-_]+)',
'COLOR' => '([a-zA-Z]+|#[0-9abcdefABCDEF]+)',
'NUMBER' => '([0-9]+)',
);
$pad = 0;
$modifiers = 'i';
$modifiers .= ($utf8) ? 'u' : '';
if (preg_match_all('/\{(' . implode('|', array_keys($tokens)) . ')[0-9]*\}/i', $bbcode_match, $m))
{
foreach ($m[0] as $n => $token)
{
$token_type = $m[1][$n];
reset($tokens[strtoupper($token_type)]);
list($match, $replace) = each($tokens[strtoupper($token_type)]);
// Pad backreference numbers from tokens
if (preg_match_all('/(?<!\\\\)\$([0-9]+)/', $replace, $repad))
{
$repad = $pad + count(array_unique($repad[0]));
$replace = preg_replace_callback('/(?<!\\\\)\$([0-9]+)/', function ($match) use ($pad) {
return '${' . ($match[1] + $pad) . '}';
}, $replace);
$pad = $repad;
}
// Obtain pattern modifiers to use and alter the regex accordingly
$regex = preg_replace('/!(.*)!([a-z]*)/', '$1', $match);
$regex_modifiers = preg_replace('/!(.*)!([a-z]*)/', '$2', $match);
for ($i = 0, $size = strlen($regex_modifiers); $i < $size; ++$i)
{
if (strpos($modifiers, $regex_modifiers[$i]) === false)
{
$modifiers .= $regex_modifiers[$i];
if ($regex_modifiers[$i] == 'e')
{
$fp_replace = "'" . str_replace("'", "\\'", $fp_replace) . "'";
}
}
if ($regex_modifiers[$i] == 'e')
{
$replace = "'.$replace.'";
}
}
$fp_match = str_replace(preg_quote($token, '!'), $regex, $fp_match);
$fp_replace = str_replace($token, $replace, $fp_replace);
$sp_match = str_replace(preg_quote($token, '!'), $sp_tokens[$token_type], $sp_match);
// Prepend the board url to local relative links
$replace_prepend = ($token_type === 'LOCAL_URL') ? generate_board_url() . '/' : '';
$sp_replace = str_replace($token, $replace_prepend . '${' . ($n + 1) . '}', $sp_replace);
}
$fp_match = '!' . $fp_match . '!' . $modifiers;
$sp_match = '!' . $sp_match . '!s' . (($utf8) ? 'u' : '');
if (strpos($fp_match, 'e') !== false)
{
$fp_replace = str_replace("'.'", '', $fp_replace);
$fp_replace = str_replace(".''.", '.', $fp_replace);
}
}
else
{
// No replacement is present, no need for a second-pass pattern replacement
// A simple str_replace will suffice
$fp_match = '!' . $fp_match . '!' . $modifiers;
$sp_match = $fp_replace;
$sp_replace = '';
}
// Lowercase tags
$bbcode_tag = preg_replace('/.*?\[([a-z0-9_-]+).*/i', '$1', $bbcode_match);
$bbcode_search = preg_replace('/.*?\[([a-z0-9_-]+).*/i', '$1', $bbcode_match);
if (!preg_match('/^[a-zA-Z0-9_-]+$/', $bbcode_tag))
{
@@ -596,25 +468,13 @@ class acp_bbcodes
trigger_error($user->lang['BBCODE_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING);
}
$fp_match = preg_replace_callback('#\[/?' . $bbcode_search . '#i', function ($match) {
return strtolower($match[0]);
}, $fp_match);
$fp_replace = preg_replace_callback('#\[/?' . $bbcode_search . '#i', function ($match) {
return strtolower($match[0]);
}, $fp_replace);
$sp_match = preg_replace_callback('#\[/?' . $bbcode_search . '#i', function ($match) {
return strtolower($match[0]);
}, $sp_match);
$sp_replace = preg_replace_callback('#\[/?' . $bbcode_search . '#i', function ($match) {
return strtolower($match[0]);
}, $sp_replace);
return array(
'bbcode_tag' => $bbcode_tag,
'first_pass_match' => $fp_match,
'first_pass_replace' => $fp_replace,
'second_pass_match' => $sp_match,
'second_pass_replace' => $sp_replace
'first_pass_match' => '/(?!)/',
'first_pass_replace' => '',
// Use a non-matching, valid regexp to effectively disable this BBCode
'second_pass_match' => '/(?!)/',
'second_pass_replace' => ''
);
}
}

62
includes/acp/acp_board.php
View File

@@ -85,34 +85,26 @@ class acp_board
$display_vars = array(
'title' => 'ACP_BOARD_FEATURES',
'vars' => array(
'legend1' => 'ACP_BOARD_FEATURES',
'allow_privmsg' => array('lang' => 'BOARD_PM', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true),
'allow_topic_notify' => array('lang' => 'ALLOW_TOPIC_NOTIFY', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => false),
'allow_forum_notify' => array('lang' => 'ALLOW_FORUM_NOTIFY', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => false),
'allow_namechange' => array('lang' => 'ALLOW_NAME_CHANGE', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => false),
'allow_attachments' => array('lang' => 'ALLOW_ATTACHMENTS', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => false),
'allow_pm_attach' => array('lang' => 'ALLOW_PM_ATTACHMENTS', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => false),
'allow_pm_report' => array('lang' => 'ALLOW_PM_REPORT', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true),
'allow_bbcode' => array('lang' => 'ALLOW_BBCODE', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => false),
'allow_smilies' => array('lang' => 'ALLOW_SMILIES', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => false),
'allow_sig' => array('lang' => 'ALLOW_SIG', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => false),
'legend1' => 'ACP_BOARD_FEATURES',
'allow_privmsg' => array('lang' => 'BOARD_PM', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true),
'allow_topic_notify' => array('lang' => 'ALLOW_TOPIC_NOTIFY', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => false),
'allow_forum_notify' => array('lang' => 'ALLOW_FORUM_NOTIFY', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => false),
'allow_namechange' => array('lang' => 'ALLOW_NAME_CHANGE', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => false),
'allow_attachments' => array('lang' => 'ALLOW_ATTACHMENTS', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => false),
'allow_pm_attach' => array('lang' => 'ALLOW_PM_ATTACHMENTS', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => false),
'allow_pm_report' => array('lang' => 'ALLOW_PM_REPORT', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true),
'allow_bbcode' => array('lang' => 'ALLOW_BBCODE', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => false),
'allow_smilies' => array('lang' => 'ALLOW_SMILIES', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => false),
'allow_sig' => array('lang' => 'ALLOW_SIG', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => false),
'allow_board_notifications' => array('lang' => 'ALLOW_BOARD_NOTIFICATIONS', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => false),
'allow_nocensors' => array('lang' => 'ALLOW_NO_CENSORS', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true),
'allow_bookmarks' => array('lang' => 'ALLOW_BOOKMARKS', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true),
'allow_birthdays' => array('lang' => 'ALLOW_BIRTHDAYS', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true),
'display_last_subject' => array('lang' => 'DISPLAY_LAST_SUBJECT', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true),
'allow_quick_reply' => array('lang' => 'ALLOW_QUICK_REPLY', 'validate' => 'bool', 'type' => 'custom', 'method' => 'quick_reply', 'explain' => true),
'allow_nocensors' => array('lang' => 'ALLOW_NO_CENSORS', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true),
'allow_bookmarks' => array('lang' => 'ALLOW_BOOKMARKS', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true),
'allow_birthdays' => array('lang' => 'ALLOW_BIRTHDAYS', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true),
'display_last_subject' => array('lang' => 'DISPLAY_LAST_SUBJECT', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true),
'display_unapproved_posts' => array('lang' => 'DISPLAY_UNAPPROVED_POSTS', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true),
'allow_quick_reply' => array('lang' => 'ALLOW_QUICK_REPLY', 'validate' => 'bool', 'type' => 'custom', 'method' => 'quick_reply', 'explain' => true),
'legend2' => 'ACP_LOAD_SETTINGS',
'load_birthdays' => array('lang' => 'YES_BIRTHDAYS', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true),
'load_moderators' => array('lang' => 'YES_MODERATORS', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => false),
'load_jumpbox' => array('lang' => 'YES_JUMPBOX', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => false),
'load_cpf_memberlist' => array('lang' => 'LOAD_CPF_MEMBERLIST', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => false),
'load_cpf_pm' => array('lang' => 'LOAD_CPF_PM', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => false),
'load_cpf_viewprofile' => array('lang' => 'LOAD_CPF_VIEWPROFILE', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => false),
'load_cpf_viewtopic' => array('lang' => 'LOAD_CPF_VIEWTOPIC', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => false),
'legend3' => 'ACP_SUBMIT_CHANGES',
'legend2' => 'ACP_SUBMIT_CHANGES',
)
);
break;
@@ -263,7 +255,6 @@ class acp_board
'vars' => array(
'legend1' => 'GENERAL_SETTINGS',
'max_name_chars' => array('lang' => 'USERNAME_LENGTH', 'validate' => 'int:8:180', 'type' => false, 'method' => false, 'explain' => false,),
'max_pass_chars' => array('lang' => 'PASSWORD_LENGTH', 'validate' => 'int:8:255', 'type' => false, 'method' => false, 'explain' => false,),
'require_activation' => array('lang' => 'ACC_ACTIVATION', 'validate' => 'int', 'type' => 'select', 'method' => 'select_acc_activation', 'explain' => true),
'new_member_post_limit' => array('lang' => 'NEW_MEMBER_POST_LIMIT', 'validate' => 'int:0:255', 'type' => 'number:0:255', 'explain' => true, 'append' => ' ' . $user->lang['POSTS']),
@@ -426,7 +417,6 @@ class acp_board
'remote_upload_verify' => array('lang' => 'UPLOAD_CERT_VALID', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true),
'check_dnsbl' => array('lang' => 'CHECK_DNSBL', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true),
'email_check_mx' => array('lang' => 'EMAIL_CHECK_MX', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true),
'max_pass_chars' => array('lang' => 'PASSWORD_LENGTH', 'validate' => 'int:8:255', 'type' => false, 'method' => false, 'explain' => false,),
'min_pass_chars' => array('lang' => 'PASSWORD_LENGTH', 'validate' => 'int:1', 'type' => 'custom', 'method' => 'password_length', 'explain' => true),
'pass_complex' => array('lang' => 'PASSWORD_TYPE', 'validate' => 'string', 'type' => 'select', 'method' => 'select_password_chars', 'explain' => true),
'chg_passforce' => array('lang' => 'FORCE_PASS_CHANGE', 'validate' => 'int:0:999', 'type' => 'number:0:999', 'explain' => true, 'append' => ' ' . $user->lang['DAYS']),
@@ -450,6 +440,7 @@ class acp_board
'email_enable' => array('lang' => 'ENABLE_EMAIL', 'validate' => 'bool', 'type' => 'radio:enabled_disabled', 'explain' => true),
'board_email_form' => array('lang' => 'BOARD_EMAIL_FORM', 'validate' => 'bool', 'type' => 'radio:enabled_disabled', 'explain' => true),
'email_package_size' => array('lang' => 'EMAIL_PACKAGE_SIZE', 'validate' => 'int:0', 'type' => 'number:0:99999', 'explain' => true),
'email_max_chunk_size' => array('lang' => 'EMAIL_MAX_CHUNK_SIZE', 'validate' => 'int:1:99999', 'type' => 'number:1:99999', 'explain' => true),
'board_contact' => array('lang' => 'CONTACT_EMAIL', 'validate' => 'email', 'type' => 'email:25:100', 'explain' => true),
'board_contact_name' => array('lang' => 'CONTACT_EMAIL_NAME', 'validate' => 'string', 'type' => 'text:25:50', 'explain' => true),
'board_email' => array('lang' => 'ADMIN_EMAIL', 'validate' => 'email', 'type' => 'email:25:100', 'explain' => true),
@@ -539,13 +530,16 @@ class acp_board
if ($submit)
{
if (strpos($data['type'], 'password') === 0 && $config_value === '********')
if (isset($data['type']) && strpos($data['type'], 'password') === 0 && $config_value === '********')
{
// Do not update password fields if the content is ********,
// because that is the password replacement we use to not
// send the password to the output
/**
* Do not update password fields if the content is ********,
* because that is the password replacement we use to not
* send the password to the output
*/
continue;
}
$config->set($config_name, $config_value);
if ($config_name == 'allow_quick_reply' && isset($_POST['allow_quick_reply_enable']))
@@ -903,13 +897,13 @@ class acp_board
}
/**
* Maximum/Minimum password length
* Minimum password length
*/
function password_length($value, $key)
{
global $user;
return '<input id="' . $key . '" type="number" min="1" max="999" name="config[min_pass_chars]" value="' . $value . '" /> ' . $user->lang['MIN_CHARS'] . '&nbsp;&nbsp;<input type="number" min="8" max="255" name="config[max_pass_chars]" value="' . $this->new_config['max_pass_chars'] . '" /> ' . $user->lang['MAX_CHARS'];
return '<input id="' . $key . '" type="number" min="1" max="999" name="config[min_pass_chars]" value="' . $value . '" /> ' . $user->lang['MIN_CHARS'];
}
/**

14
includes/acp/acp_database.php
View File

@@ -58,7 +58,6 @@ class acp_database
$type = $request->variable('type', '');
$table = array_intersect($this->db_tools->sql_list_tables(), $request->variable('table', array('')));
$format = $request->variable('method', '');
$where = $request->variable('where', '');
if (!count($table))
{
@@ -70,12 +69,9 @@ class acp_database
trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING);
}
$store = $structure = $schema_data = false;
if ($where == 'store')
{
$store = true;
}
$store = true;
$structure = false;
$schema_data = false;
if ($type == 'full' || $type == 'structure')
{
@@ -216,7 +212,7 @@ class acp_database
}
else if (confirm_box(true))
{
switch ($backup_info['extensions'])
switch ($backup_info['extension'])
{
case 'sql':
$fp = fopen($backup_info['file_name'], 'rb');
@@ -252,8 +248,6 @@ class acp_database
switch ($db->get_sql_layer())
{
case 'mysql':
case 'mysql4':
case 'mysqli':
case 'sqlite3':
while (($sql = $fgetd($fp, ";\n", $read, $seek, $eof)) !== false)

202
includes/acp/acp_extensions.php
View File

@@ -38,7 +38,7 @@ class acp_extensions
private $phpbb_container;
private $php_ini;
function main()
function main($id, $mode)
{
// Start the page
global $config, $user, $template, $request, $phpbb_extension_manager, $phpbb_root_path, $phpbb_log, $phpbb_dispatcher, $phpbb_container;
@@ -172,23 +172,27 @@ class acp_extensions
}
$extension = $this->ext_manager->get_extension($ext_name);
if (!$extension->is_enableable())
{
trigger_error($this->user->lang['EXTENSION_NOT_ENABLEABLE'] . adm_back_link($this->u_action), E_USER_WARNING);
}
$this->check_is_enableable($extension);
if ($this->ext_manager->is_enabled($ext_name))
{
redirect($this->u_action);
}
$this->tpl_name = 'acp_ext_enable';
$this->template->assign_vars(array(
'PRE' => true,
'L_CONFIRM_MESSAGE' => $this->user->lang('EXTENSION_ENABLE_CONFIRM', $md_manager->get_metadata('display-name')),
'U_ENABLE' => $this->u_action . '&amp;action=enable&amp;ext_name=' . urlencode($ext_name) . '&amp;hash=' . generate_link_hash('enable.' . $ext_name),
));
if (confirm_box(true))
{
redirect($this->u_action . '&amp;action=enable&amp;ext_name=' . urlencode($ext_name) . '&amp;hash=' . generate_link_hash('enable.' . $ext_name));
}
else
{
confirm_box(false, $this->user->lang('EXTENSION_ENABLE_CONFIRM', $md_manager->get_metadata('display-name')), build_hidden_fields(array(
'i' => $id,
'mode' => $mode,
'action' => 'enable_pre',
'ext_name' => $ext_name,
)));
}
break;
case 'enable':
@@ -203,10 +207,8 @@ class acp_extensions
}
$extension = $this->ext_manager->get_extension($ext_name);
if (!$extension->is_enableable())
{
trigger_error($this->user->lang['EXTENSION_NOT_ENABLEABLE'] . adm_back_link($this->u_action), E_USER_WARNING);
}
$this->check_is_enableable($extension);
try
{
@@ -215,9 +217,8 @@ class acp_extensions
// Are we approaching the time limit? If so we want to pause the update and continue after refreshing
if ((time() - $start_time) >= $safe_time_limit)
{
$this->template->assign_var('S_NEXT_STEP', true);
meta_refresh(0, $this->u_action . '&amp;action=enable&amp;ext_name=' . urlencode($ext_name) . '&amp;hash=' . generate_link_hash('enable.' . $ext_name));
trigger_error('EXTENSION_ENABLE_IN_PROGRESS', E_USER_NOTICE);
}
}
@@ -233,14 +234,29 @@ class acp_extensions
}
catch (\phpbb\db\migration\exception $e)
{
$this->template->assign_var('MIGRATOR_ERROR', $e->getLocalisedMessage($this->user));
trigger_error($this->user->lang('MIGRATION_EXCEPTION_ERROR', $e->getLocalisedMessage($this->user)), E_USER_WARNING);
}
$this->tpl_name = 'acp_ext_enable';
if ($this->request->is_ajax())
{
$actions = $this->output_actions('enabled', [
'DISABLE' => $this->u_action . '&amp;action=disable_pre&amp;ext_name=' . urlencode($ext_name),
]);
$this->template->assign_vars(array(
'U_RETURN' => $this->u_action . '&amp;action=list',
));
$data = [
'EXT_ENABLE_SUCCESS' => true,
'ACTIONS' => $actions,
'REFRESH_DATA' => [
'url' => '',
'time' => 0,
],
];
$json_response = new \phpbb\json_response;
$json_response->send($data);
}
trigger_error($this->user->lang('EXTENSION_ENABLE_SUCCESS') . adm_back_link($this->u_action), E_USER_NOTICE);
break;
case 'disable_pre':
@@ -249,13 +265,19 @@ class acp_extensions
redirect($this->u_action);
}
$this->tpl_name = 'acp_ext_disable';
$this->template->assign_vars(array(
'PRE' => true,
'L_CONFIRM_MESSAGE' => $this->user->lang('EXTENSION_DISABLE_CONFIRM', $md_manager->get_metadata('display-name')),
'U_DISABLE' => $this->u_action . '&amp;action=disable&amp;ext_name=' . urlencode($ext_name) . '&amp;hash=' . generate_link_hash('disable.' . $ext_name),
));
if (confirm_box(true))
{
redirect($this->u_action . '&amp;action=disable&amp;ext_name=' . urlencode($ext_name) . '&amp;hash=' . generate_link_hash('disable.' . $ext_name));
}
else
{
confirm_box(false, $this->user->lang('EXTENSION_DISABLE_CONFIRM', $md_manager->get_metadata('display-name')), build_hidden_fields(array(
'i' => $id,
'mode' => $mode,
'action' => 'disable_pre',
'ext_name' => $ext_name,
)));
}
break;
case 'disable':
@@ -272,15 +294,32 @@ class acp_extensions
$this->template->assign_var('S_NEXT_STEP', true);
meta_refresh(0, $this->u_action . '&amp;action=disable&amp;ext_name=' . urlencode($ext_name) . '&amp;hash=' . generate_link_hash('disable.' . $ext_name));
trigger_error('EXTENSION_DISABLE_IN_PROGRESS', E_USER_NOTICE);
}
}
$this->log->add('admin', $this->user->data['user_id'], $this->user->ip, 'LOG_EXT_DISABLE', time(), array($ext_name));
$this->tpl_name = 'acp_ext_disable';
if ($this->request->is_ajax())
{
$actions = $this->output_actions('disabled', [
'ENABLE' => $this->u_action . '&amp;action=enable_pre&amp;ext_name=' . urlencode($ext_name),
'DELETE_DATA' => $this->u_action . '&amp;action=delete_data_pre&amp;ext_name=' . urlencode($ext_name),
]);
$this->template->assign_vars(array(
'U_RETURN' => $this->u_action . '&amp;action=list',
));
$data = [
'EXT_DISABLE_SUCCESS' => true,
'ACTIONS' => $actions,
'REFRESH_DATA' => [
'url' => '',
'time' => 0,
],
];
$json_response = new \phpbb\json_response;
$json_response->send($data);
}
trigger_error($this->user->lang('EXTENSION_DISABLE_SUCCESS') . adm_back_link($this->u_action), E_USER_NOTICE);
break;
case 'delete_data_pre':
@@ -288,13 +327,20 @@ class acp_extensions
{
redirect($this->u_action);
}
$this->tpl_name = 'acp_ext_delete_data';
$this->template->assign_vars(array(
'PRE' => true,
'L_CONFIRM_MESSAGE' => $this->user->lang('EXTENSION_DELETE_DATA_CONFIRM', $md_manager->get_metadata('display-name')),
'U_PURGE' => $this->u_action . '&amp;action=delete_data&amp;ext_name=' . urlencode($ext_name) . '&amp;hash=' . generate_link_hash('delete_data.' . $ext_name),
));
if (confirm_box(true))
{
redirect($this->u_action . '&amp;action=delete_data&amp;ext_name=' . urlencode($ext_name) . '&amp;hash=' . generate_link_hash('delete_data.' . $ext_name));
}
else
{
confirm_box(false, $this->user->lang('EXTENSION_DELETE_DATA_CONFIRM', $md_manager->get_metadata('display-name')), build_hidden_fields(array(
'i' => $id,
'mode' => $mode,
'action' => 'delete_data_pre',
'ext_name' => $ext_name,
)));
}
break;
case 'delete_data':
@@ -313,20 +359,36 @@ class acp_extensions
$this->template->assign_var('S_NEXT_STEP', true);
meta_refresh(0, $this->u_action . '&amp;action=delete_data&amp;ext_name=' . urlencode($ext_name) . '&amp;hash=' . generate_link_hash('delete_data.' . $ext_name));
trigger_error('EXTENSION_DELETE_DATA_IN_PROGRESS', E_USER_NOTICE);
}
}
$this->log->add('admin', $this->user->data['user_id'], $this->user->ip, 'LOG_EXT_PURGE', time(), array($ext_name));
}
catch (\phpbb\db\migration\exception $e)
{
$this->template->assign_var('MIGRATOR_ERROR', $e->getLocalisedMessage($this->user));
trigger_error($this->user->lang('MIGRATION_EXCEPTION_ERROR', $e->getLocalisedMessage($this->user)), E_USER_WARNING);
}
$this->tpl_name = 'acp_ext_delete_data';
if ($this->request->is_ajax())
{
$actions = $this->output_actions('disabled', [
'ENABLE' => $this->u_action . '&amp;action=enable_pre&amp;ext_name=' . urlencode($ext_name),
]);
$this->template->assign_vars(array(
'U_RETURN' => $this->u_action . '&amp;action=list',
));
$data = [
'EXT_DELETE_DATA_SUCCESS' => true,
'ACTIONS' => $actions,
'REFRESH_DATA' => [
'url' => '',
'time' => 0,
],
];
$json_response = new \phpbb\json_response;
$json_response->send($data);
}
trigger_error($this->user->lang('EXTENSION_DELETE_DATA_SUCCESS') . adm_back_link($this->u_action), E_USER_NOTICE);
break;
case 'details':
@@ -605,17 +667,37 @@ class acp_extensions
*
* @param string $block
* @param array $actions
* @return array List of actions to be performed on the extension
*/
private function output_actions($block, $actions)
{
foreach ($actions as $lang => $url)
$vars_ary = array();
foreach ($actions as $lang => $options)
{
$this->template->assign_block_vars($block . '.actions', array(
$url = $options;
if (is_array($options))
{
$url = $options['url'];
}
$vars = array(
'L_ACTION' => $this->user->lang('EXTENSION_' . $lang),
'L_ACTION_EXPLAIN' => (isset($this->user->lang['EXTENSION_' . $lang . '_EXPLAIN'])) ? $this->user->lang('EXTENSION_' . $lang . '_EXPLAIN') : '',
'U_ACTION' => $url,
));
'ACTION_AJAX' => 'ext_' . strtolower($lang),
);
if (isset($options['color']))
{
$vars['COLOR'] = $options['color'];
}
$this->template->assign_block_vars($block . '.actions', $vars);
$vars_ary[] = $vars;
}
return $vars_ary;
}
/**
@@ -662,4 +744,28 @@ class acp_extensions
));
}
}
/**
* Checks whether the extension can be enabled. Triggers error if not.
* Error message can be set by the extension.
*
* @param \phpbb\extension\extension_interface $extension Extension to check
*/
protected function check_is_enableable(\phpbb\extension\extension_interface $extension)
{
$message = $extension->is_enableable();
if ($message !== true)
{
if (empty($message))
{
$message = $this->user->lang('EXTENSION_NOT_ENABLEABLE');
}
else if (is_array($message))
{
$message = implode('<br>', $message);
}
trigger_error($message . adm_back_link($this->u_action), E_USER_WARNING);
}
}
}

52
includes/acp/acp_forums.php
View File

@@ -131,11 +131,12 @@ class acp_forums
'forum_rules_link' => $request->variable('forum_rules_link', ''),
'forum_image' => $request->variable('forum_image', ''),
'forum_style' => $request->variable('forum_style', 0),
'display_subforum_list' => $request->variable('display_subforum_list', false),
'display_on_index' => $request->variable('display_on_index', false),
'display_subforum_list' => $request->variable('display_subforum_list', true),
'display_subforum_limit'=> $request->variable('display_subforum_limit', false),
'display_on_index' => $request->variable('display_on_index', true),
'forum_topics_per_page' => $request->variable('topics_per_page', 0),
'enable_indexing' => $request->variable('enable_indexing', true),
'enable_icons' => $request->variable('enable_icons', false),
'enable_icons' => $request->variable('enable_icons', true),
'enable_prune' => $request->variable('enable_prune', false),
'enable_post_review' => $request->variable('enable_post_review', true),
'enable_quick_reply' => $request->variable('enable_quick_reply', false),
@@ -454,10 +455,11 @@ class acp_forums
'forum_image' => '',
'forum_style' => 0,
'display_subforum_list' => true,
'display_on_index' => false,
'display_subforum_limit' => false,
'display_on_index' => true,
'forum_topics_per_page' => 0,
'enable_indexing' => true,
'enable_icons' => false,
'enable_icons' => true,
'enable_prune' => false,
'prune_days' => 7,
'prune_viewed' => 7,
@@ -676,6 +678,7 @@ class acp_forums
'S_ENABLE_INDEXING' => ($forum_data['enable_indexing']) ? true : false,
'S_TOPIC_ICONS' => ($forum_data['enable_icons']) ? true : false,
'S_DISPLAY_SUBFORUM_LIST' => ($forum_data['display_subforum_list']) ? true : false,
'S_DISPLAY_SUBFORUM_LIMIT' => ($forum_data['display_subforum_limit']) ? true : false,
'S_DISPLAY_ON_INDEX' => ($forum_data['display_on_index']) ? true : false,
'S_PRUNE_ENABLE' => ($forum_data['enable_prune']) ? true : false,
'S_PRUNE_SHADOW_ENABLE' => ($forum_data['enable_shadow_prune']) ? true : false,
@@ -986,6 +989,23 @@ class acp_forums
$errors[] = $user->lang['FORUM_NAME_EMPTY'];
}
/**
* Replace Emojis and other 4bit UTF-8 chars not allowed by MySql to UCR / NCR.
* Using their Numeric Character Reference's Hexadecimal notation.
*/
$forum_data_ary['forum_name'] = utf8_encode_ucr($forum_data_ary['forum_name']);
/**
* This should never happen again.
* Leaving the fallback here just in case there will be the need of it.
*/
if (preg_match_all('/[\x{10000}-\x{10FFFF}]/u', $forum_data_ary['forum_name'], $matches))
{
$character_list = implode('<br>', $matches[0]);
$errors[] = $user->lang('FORUM_NAME_EMOJI', $character_list);
}
if (utf8_strlen($forum_data_ary['forum_desc']) > 4000)
{
$errors[] = $user->lang['FORUM_DESC_TOO_LONG'];
@@ -1416,8 +1436,8 @@ class acp_forums
* This event may be triggered, when a forum is deleted
*
* @event core.acp_manage_forums_move_children
* @var int from_id If of the current parent forum
* @var int to_id If of the new parent forum
* @var int from_id Id of the current parent forum
* @var int to_id Id of the new parent forum
* @var array errors Array of errors, should be strings and not
* language key.
* @since 3.1.0-a1
@@ -1522,8 +1542,8 @@ class acp_forums
* Event when we move content from one forum to another
*
* @event core.acp_manage_forums_move_content
* @var int from_id If of the current parent forum
* @var int to_id If of the new parent forum
* @var int from_id Id of the current parent forum
* @var int to_id Id of the new parent forum
* @var bool sync Shall we sync the "to"-forum's data
* @var array errors Array of errors, should be strings and not
* language key. If this array is not empty,
@@ -1569,6 +1589,19 @@ class acp_forums
$db->sql_query($sql);
}
/**
* Event when content has been moved from one forum to another
*
* @event core.acp_manage_forums_move_content_after
* @var int from_id Id of the current parent forum
* @var int to_id Id of the new parent forum
* @var bool sync Shall we sync the "to"-forum's data
*
* @since 3.2.9-RC1
*/
$vars = array('from_id', 'to_id', 'sync');
extract($phpbb_dispatcher->trigger_event('core.acp_manage_forums_move_content_after', compact($vars)));
if ($sync)
{
// Delete ghost topics that link back to the same forum then resync counters
@@ -1871,7 +1904,6 @@ class acp_forums
switch ($db->get_sql_layer())
{
case 'mysql4':
case 'mysqli':
// Delete everything else and thank MySQL for offering multi-table deletion

11
includes/acp/acp_help_phpbb.php
View File

@@ -32,7 +32,7 @@ class acp_help_phpbb
include($phpbb_root_path . 'includes/questionnaire/questionnaire.' . $phpEx);
}
$collect_url = "https://www.phpbb.com/stats/receive_stats.php";
$collect_url = "https://www.phpbb.com/statistics/send";
$this->tpl_name = 'acp_help_phpbb';
$this->page_title = 'ACP_HELP_PHPBB';
@@ -90,13 +90,15 @@ class acp_help_phpbb
if (!empty($response))
{
if ((strpos($response, 'Thank you') !== false || strpos($response, 'Flood protection') !== false))
$decoded_response = json_decode(htmlspecialchars_decode($response), true);
if ($decoded_response && isset($decoded_response['status']) && $decoded_response['status'] == 'ok')
{
trigger_error($user->lang('THANKS_SEND_STATISTICS') . adm_back_link($this->u_action));
}
else
{
trigger_error($user->lang('FAIL_SEND_STATISTICS') . adm_back_link($this->u_action));
trigger_error($user->lang('FAIL_SEND_STATISTICS') . adm_back_link($this->u_action), E_USER_WARNING);
}
}
@@ -106,7 +108,8 @@ class acp_help_phpbb
$template->assign_vars(array(
'U_COLLECT_STATS' => $collect_url,
'S_COLLECT_STATS' => (!empty($config['help_send_statistics'])) ? true : false,
'RAW_DATA' => $collector->get_data_for_form(),
'S_STATS' => $collector->get_data_raw(),
'S_STATS_DATA' => json_encode($collector->get_data_raw()),
'U_ACP_MAIN' => append_sid("{$phpbb_admin_path}index.$phpEx"),
'U_ACTION' => $this->u_action,
// Pass earliest time we should try to send stats again

2
includes/acp/acp_main.php
View File

@@ -657,7 +657,7 @@ class acp_main
}
// Warn if install is still present
if (file_exists($phpbb_root_path . 'install') && !is_file($phpbb_root_path . 'install'))
if (!defined('IN_INSTALL') && !$phpbb_container->getParameter('allow_install_dir') && file_exists($phpbb_root_path . 'install') && !is_file($phpbb_root_path . 'install'))
{
$template->assign_var('S_REMOVE_INSTALL', true);
}

4
includes/acp/acp_permissions.php
View File

@@ -694,8 +694,8 @@ class acp_permissions
}
// We loop through the auth settings defined in our submit
list($ug_id, ) = each($psubmit);
list($forum_id, ) = each($psubmit[$ug_id]);
$ug_id = key($psubmit);
$forum_id = key($psubmit[$ug_id]);
$settings = $request->variable('setting', array(0 => array(0 => array('' => 0))), false, \phpbb\request\request_interface::POST);
if (empty($settings) || empty($settings[$ug_id]) || empty($settings[$ug_id][$forum_id]))

1
includes/acp/acp_prune.php
View File

@@ -537,6 +537,7 @@ class acp_prune
AND ug.user_id <> ' . ANONYMOUS . '
AND u.user_type <> ' . USER_FOUNDER . '
AND ug.user_pending = 0
AND ug.group_leader = 0
AND u.user_id = ug.user_id
' . (!empty($user_ids) ? ' AND ' . $db->sql_in_set('ug.user_id', $user_ids) : '');
$result = $db->sql_query($sql);

2
includes/acp/acp_reasons.php
View File

@@ -222,8 +222,6 @@ class acp_reasons
{
// The ugly one!
case 'mysqli':
case 'mysql4':
case 'mysql':
// Change the reports using this reason to 'other'
$sql = 'UPDATE ' . REPORTS_TABLE . '
SET reason_id = ' . $other_reason_id . ", report_text = CONCAT('" . $db->sql_escape($reason_row['reason_description']) . "\n\n', report_text)

33
includes/acp/acp_styles.php
View File

@@ -259,6 +259,19 @@ class acp_styles
// Get list of styles to uninstall
$ids = $this->request_vars('id', 0, true);
// Don't remove prosilver, you can still deactivate it.
$sql = 'SELECT style_id
FROM ' . STYLES_TABLE . "
WHERE style_name = '" . $this->db->sql_escape('prosilver') . "'";
$result = $this->db->sql_query($sql);
$prosilver_id = (int) $this->db->sql_fetchfield('style_id');
$this->db->sql_freeresult($result);
if ($prosilver_id && in_array($prosilver_id, $ids))
{
trigger_error($this->user->lang('UNINSTALL_PROSILVER') . adm_back_link($this->u_action), E_USER_WARNING);
}
// Check if confirmation box was submitted
if (confirm_box(true))
{
@@ -998,11 +1011,14 @@ class acp_styles
'L_ACTION' => $this->user->lang['EXPORT']
); */
// Uninstall
$actions[] = array(
'U_ACTION' => $this->u_action . '&amp;action=uninstall&amp;hash=' . generate_link_hash('uninstall') . '&amp;id=' . $style['style_id'],
'L_ACTION' => $this->user->lang['STYLE_UNINSTALL']
);
if ($style['style_name'] !== 'prosilver')
{
// Uninstall
$actions[] = array(
'U_ACTION' => $this->u_action . '&amp;action=uninstall&amp;hash=' . generate_link_hash('uninstall') . '&amp;id=' . $style['style_id'],
'L_ACTION' => $this->user->lang['STYLE_UNINSTALL']
);
}
// Preview
$actions[] = array(
@@ -1123,7 +1139,14 @@ class acp_styles
*/
protected function read_style_cfg($dir)
{
// This should never happen, we give them a red warning because of its relevance.
if (!file_exists($this->styles_path . $dir . '/style.cfg'))
{
trigger_error($this->user->lang('NO_STYLE_CFG', $dir), E_USER_WARNING);
}
static $required = array('name', 'phpbb_version', 'copyright');
$cfg = parse_cfg_file($this->styles_path . $dir . '/style.cfg');
// Check if it is a valid file

16
includes/acp/acp_update.php
View File

@@ -59,17 +59,19 @@ class acp_update
$update_link = $phpbb_root_path . 'install/app.' . $phpEx;
$template->assign_vars(array(
'S_UP_TO_DATE' => empty($updates_available),
'U_ACTION' => $this->u_action,
'U_VERSIONCHECK_FORCE' => append_sid($this->u_action . '&amp;versioncheck_force=1'),
$template_ary = [
'S_UP_TO_DATE' => empty($updates_available),
'U_ACTION' => $this->u_action,
'U_VERSIONCHECK_FORCE' => append_sid($this->u_action . '&amp;versioncheck_force=1'),
'CURRENT_VERSION' => $config['version'],
'CURRENT_VERSION' => $config['version'],
'UPDATE_INSTRUCTIONS' => sprintf($user->lang['UPDATE_INSTRUCTIONS'], $update_link),
'UPDATE_INSTRUCTIONS' => $user->lang('UPDATE_INSTRUCTIONS', $update_link),
'S_VERSION_UPGRADEABLE' => !empty($upgrades_available),
'UPGRADE_INSTRUCTIONS' => !empty($upgrades_available) ? $user->lang('UPGRADE_INSTRUCTIONS', $upgrades_available['current'], $upgrades_available['announcement']) : false,
));
];
$template->assign_vars($template_ary);
// Incomplete update?
if (phpbb_version_compare($config['version'], PHPBB_VERSION, '<'))

13
includes/acp/acp_users.php
View File

@@ -844,9 +844,9 @@ class acp_users
// Validation data - we do not check the password complexity setting here
$check_ary = array(
'new_password' => array(
array('string', true, $config['min_pass_chars'], $config['max_pass_chars']),
array('string', true, $config['min_pass_chars'], 0),
array('password')),
'password_confirm' => array('string', true, $config['min_pass_chars'], $config['max_pass_chars']),
'password_confirm' => array('string', true, $config['min_pass_chars'], 0),
);
// Check username if altered
@@ -855,7 +855,7 @@ class acp_users
$check_ary += array(
'username' => array(
array('string', false, $config['min_name_chars'], $config['max_name_chars']),
array('username', $user_row['username'])
array('username', $user_row['username'], true)
),
);
}
@@ -966,10 +966,7 @@ class acp_users
if ($update_email !== false)
{
$sql_ary += array(
'user_email' => $update_email,
'user_email_hash' => phpbb_email_hash($update_email),
);
$sql_ary += ['user_email' => $update_email];
$phpbb_log->add('user', $user->data['user_id'], $user->ip, 'LOG_USER_UPDATE_EMAIL', false, array(
'reportee_id' => $user_id,
@@ -1130,7 +1127,7 @@ class acp_users
$template->assign_vars(array(
'L_NAME_CHARS_EXPLAIN' => $user->lang($config['allow_name_chars'] . '_EXPLAIN', $user->lang('CHARACTERS', (int) $config['min_name_chars']), $user->lang('CHARACTERS', (int) $config['max_name_chars'])),
'L_CHANGE_PASSWORD_EXPLAIN' => $user->lang($config['pass_complex'] . '_EXPLAIN', $user->lang('CHARACTERS', (int) $config['min_pass_chars']), $user->lang('CHARACTERS', (int) $config['max_pass_chars'])),
'L_CHANGE_PASSWORD_EXPLAIN' => $user->lang($config['pass_complex'] . '_EXPLAIN', $user->lang('CHARACTERS', (int) $config['min_pass_chars'])),
'L_POSTS_IN_QUEUE' => $user->lang('NUM_POSTS_IN_QUEUE', $user_row['posts_in_queue']),
'S_FOUNDER' => ($user->data['user_type'] == USER_FOUNDER) ? true : false,

21
includes/acp/auth.php
View File

@@ -460,8 +460,7 @@ class auth_admin extends \phpbb\auth\auth
'S_GROUP_MODE' => ($user_mode == 'group') ? true : false)
);
@reset($content_array);
while (list($ug_id, $ug_array) = each($content_array))
foreach ($content_array as $ug_id => $ug_array)
{
// Build role dropdown options
$current_role_id = (isset($cur_roles[$ug_id][$forum_id])) ? $cur_roles[$ug_id][$forum_id] : 0;
@@ -471,8 +470,7 @@ class auth_admin extends \phpbb\auth\auth
$s_role_options = '';
$current_role_id = (isset($cur_roles[$ug_id][$forum_id])) ? $cur_roles[$ug_id][$forum_id] : 0;
@reset($roles);
while (list($role_id, $role_row) = each($roles))
foreach ($roles as $role_id => $role_row)
{
$role_description = (!empty($user->lang[$role_row['role_description']])) ? $user->lang[$role_row['role_description']] : nl2br($role_row['role_description']);
$role_name = (!empty($user->lang[$role_row['role_name']])) ? $user->lang[$role_row['role_name']] : $role_row['role_name'];
@@ -559,8 +557,7 @@ class auth_admin extends \phpbb\auth\auth
'S_GROUP_MODE' => ($user_mode == 'group') ? true : false)
);
@reset($content_array);
while (list($forum_id, $forum_array) = each($content_array))
foreach ($content_array as $forum_id => $forum_array)
{
// Build role dropdown options
$current_role_id = (isset($cur_roles[$ug_id][$forum_id])) ? $cur_roles[$ug_id][$forum_id] : 0;
@@ -570,8 +567,7 @@ class auth_admin extends \phpbb\auth\auth
$current_role_id = (isset($cur_roles[$ug_id][$forum_id])) ? $cur_roles[$ug_id][$forum_id] : 0;
$s_role_options = '';
@reset($roles);
while (list($role_id, $role_row) = each($roles))
foreach ($roles as $role_id => $role_row)
{
$role_description = (!empty($user->lang[$role_row['role_description']])) ? $user->lang[$role_row['role_description']] : nl2br($role_row['role_description']);
$role_name = (!empty($user->lang[$role_row['role_name']])) ? $user->lang[$role_row['role_name']] : $role_row['role_name'];
@@ -1138,8 +1134,7 @@ class auth_admin extends \phpbb\auth\auth
/* @var $phpbb_permissions \phpbb\permissions */
$phpbb_permissions = $phpbb_container->get('acl.permissions');
@reset($category_array);
while (list($cat, $cat_array) = each($category_array))
foreach ($category_array as $cat => $cat_array)
{
if (!$phpbb_permissions->category_defined($cat))
{
@@ -1169,8 +1164,7 @@ class auth_admin extends \phpbb\auth\auth
}
unset($key_array, $values_array);
*/
@reset($cat_array['permissions']);
while (list($permission, $allowed) = each($cat_array['permissions']))
foreach ($cat_array['permissions'] as $permission => $allowed)
{
if (!$phpbb_permissions->permission_defined($permission))
{
@@ -1237,8 +1231,7 @@ class auth_admin extends \phpbb\auth\auth
$permissions = $permission_row[$forum_id];
ksort($permissions);
@reset($permissions);
while (list($permission, $auth_setting) = each($permissions))
foreach ($permissions as $permission => $auth_setting)
{
$cat = $phpbb_permissions->get_permission_category($permission);

2
includes/bbcode.php
View File

@@ -44,7 +44,7 @@ class bbcode
/**
* Init bbcode cache entries if bitfield is specified
*
* @param string $bbcode_bitfield The bbcode bitfield
* @param string $bitfield The bbcode bitfield
*/
function bbcode_set_bitfield($bitfield = '')
{

8
includes/compatibility_globals.php
View File

@@ -18,6 +18,14 @@ if (!defined('IN_PHPBB'))
exit;
}
//
// Deprecated globals
//
define('ATTACHMENT_CATEGORY_WM', 2); // Windows Media Files - Streaming - @deprecated 3.2
define('ATTACHMENT_CATEGORY_RM', 3); // Real Media Files - Streaming - @deprecated 3.2
define('ATTACHMENT_CATEGORY_QUICKTIME', 6); // Quicktime/Mov files - @deprecated 3.2
define('ATTACHMENT_CATEGORY_FLASH', 5); // Flash/SWF files - @deprecated 3.3
/**
* Sets compatibility globals in the global scope
*

6
includes/constants.php
View File

@@ -28,7 +28,7 @@ if (!defined('IN_PHPBB'))
*/
// phpBB Version
@define('PHPBB_VERSION', '3.2.7');
@define('PHPBB_VERSION', '3.3.0');
// QA-related
// define('PHPBB_QA', 1);
@@ -171,11 +171,7 @@ define('CONFIRM_REPORT', 4);
// Categories - Attachments
define('ATTACHMENT_CATEGORY_NONE', 0);
define('ATTACHMENT_CATEGORY_IMAGE', 1); // Inline Images
define('ATTACHMENT_CATEGORY_WM', 2); // Windows Media Files - Streaming - @deprecated 3.2
define('ATTACHMENT_CATEGORY_RM', 3); // Real Media Files - Streaming - @deprecated 3.2
define('ATTACHMENT_CATEGORY_THUMB', 4); // Not used within the database, only while displaying posts
define('ATTACHMENT_CATEGORY_FLASH', 5); // Flash/SWF files
define('ATTACHMENT_CATEGORY_QUICKTIME', 6); // Quicktime/Mov files - @deprecated 3.2
// BBCode UID length
define('BBCODE_UID_LEN', 8);

6
includes/diff/engine.php
View File

@@ -285,8 +285,9 @@ class diff_engine
$matches = $ymatches[$line];
reset($matches);
while (list(, $y) = each($matches))
while ($y = current($matches))
{
next($matches);
if (empty($this->in_seq[$y]))
{
$k = $this->_lcs_pos($y);
@@ -296,8 +297,9 @@ class diff_engine
}
// no reset() here
while (list(, $y) = each($matches))
while ($y = current($matches))
{
next($matches);
if ($y > $this->seq[$k - 1])
{
// Optimization: this is a common case: next match is just replacing previous match.

5
includes/functions_acp.php
View File

@@ -112,12 +112,13 @@ function adm_page_header($page_title)
'CONTAINER_EXCEPTION' => $phpbb_container->hasParameter('container_exception') ? $phpbb_container->getParameter('container_exception') : false,
));
// An array of http headers that phpbb will set. The following event may override these.
// An array of http headers that phpBB will set. The following event may override these.
$http_headers = array(
// application/xhtml+xml not used because of IE
'Content-type' => 'text/html; charset=UTF-8',
'Cache-Control' => 'private, no-cache="set-cookie"',
'Expires' => gmdate('D, d M Y H:i:s', time()) . ' GMT',
'Referrer-Policy' => 'strict-origin-when-cross-origin',
);
/**
@@ -176,7 +177,7 @@ function adm_page_footer($copyright_html = true)
'TRANSLATION_INFO' => (!empty($user->lang['TRANSLATION_INFO'])) ? $user->lang['TRANSLATION_INFO'] : '',
'S_COPYRIGHT_HTML' => $copyright_html,
'CREDIT_LINE' => $user->lang('POWERED_BY', '<a href="https://www.phpbb.com/">phpBB</a>&reg; Forum Software &copy; phpBB Limited'),
'T_JQUERY_LINK' => !empty($config['allow_cdn']) && !empty($config['load_jquery_url']) ? $config['load_jquery_url'] : "{$phpbb_root_path}assets/javascript/jquery.min.js",
'T_JQUERY_LINK' => !empty($config['allow_cdn']) && !empty($config['load_jquery_url']) ? $config['load_jquery_url'] : "{$phpbb_root_path}assets/javascript/jquery-3.4.1.min.js",
'S_ALLOW_CDN' => !empty($config['allow_cdn']),
'VERSION' => $config['version'])
);

75
includes/functions_admin.php
View File

@@ -543,6 +543,20 @@ function move_topics($topic_ids, $forum_id, $auto_sync = true)
$topic_ids = array($topic_ids);
}
/**
* Perform additional actions before topics move
*
* @event core.move_topics_before
* @var array topic_ids Array of the moved topic ids
* @var string forum_id The forum id from where the topics are moved
* @since 3.2.9-RC1
*/
$vars = array(
'topic_ids',
'forum_id',
);
extract($phpbb_dispatcher->trigger_event('core.move_topics_before', compact($vars)));
$sql = 'DELETE FROM ' . TOPICS_TABLE . '
WHERE ' . $db->sql_in_set('topic_moved_id', $topic_ids) . '
AND forum_id = ' . $forum_id;
@@ -593,6 +607,22 @@ function move_topics($topic_ids, $forum_id, $auto_sync = true)
}
unset($table_ary);
/**
* Perform additional actions after topics move
*
* @event core.move_topics_after
* @var array topic_ids Array of the moved topic ids
* @var string forum_id The forum id from where the topics were moved
* @var array forum_ids Array of the forums where the topics were moved (includes also forum_id)
* @since 3.2.9-RC1
*/
$vars = array(
'topic_ids',
'forum_id',
'forum_ids',
);
extract($phpbb_dispatcher->trigger_event('core.move_topics_after', compact($vars)));
if ($auto_sync)
{
sync('forum', 'forum_id', $forum_ids, true, true);
@@ -1160,28 +1190,6 @@ function delete_posts($where_type, $where_ids, $auto_sync = true, $posted_sync =
return count($post_ids);
}
/**
* Delete Attachments
*
* @deprecated 3.2.0-a1 (To be removed: 3.4.0)
*
* @param string $mode can be: post|message|topic|attach|user
* @param mixed $ids can be: post_ids, message_ids, topic_ids, attach_ids, user_ids
* @param bool $resync set this to false if you are deleting posts or topics
*/
function delete_attachments($mode, $ids, $resync = true)
{
global $phpbb_container;
/** @var \phpbb\attachment\manager $attachment_manager */
$attachment_manager = $phpbb_container->get('attachment.manager');
$num_deleted = $attachment_manager->delete($mode, $ids, $resync);
unset($attachment_manager);
return $num_deleted;
}
/**
* Deletes shadow topics pointing to a specified forum.
*
@@ -1293,23 +1301,6 @@ function update_posted_info(&$topic_ids)
$db->sql_multi_insert(TOPICS_POSTED_TABLE, $sql_ary);
}
/**
* Delete attached file
*
* @deprecated 3.2.0-a1 (To be removed: 3.4.0)
*/
function phpbb_unlink($filename, $mode = 'file', $entry_removed = false)
{
global $phpbb_container;
/** @var \phpbb\attachment\manager $attachment_manager */
$attachment_manager = $phpbb_container->get('attachment.manager');
$unlink = $attachment_manager->unlink($filename, $mode, $entry_removed);
unset($attachment_manager);
return $unlink;
}
/**
* All-encompasing sync function
*
@@ -1393,7 +1384,6 @@ function sync($mode, $where_type = '', $where_ids = '', $resync_parents = false,
$db->sql_transaction('begin');
switch ($db->get_sql_layer())
{
case 'mysql4':
case 'mysqli':
$sql = 'DELETE FROM ' . TOPICS_TABLE . '
USING ' . TOPICS_TABLE . ' t1, ' . TOPICS_TABLE . " t2
@@ -2692,8 +2682,7 @@ function phpbb_update_foes($db, $auth, $group_id = false, $user_id = false)
switch ($db->get_sql_layer())
{
case 'mysqli':
case 'mysql4':
$sql = 'DELETE ' . (($db->get_sql_layer() === 'mysqli' || version_compare($db->sql_server_info(true), '4.1', '>=')) ? 'z.*' : ZEBRA_TABLE) . '
$sql = 'DELETE z.*
FROM ' . ZEBRA_TABLE . ' z, ' . USER_GROUP_TABLE . ' ug
WHERE z.zebra_id = ug.user_id
AND z.foe = 1
@@ -2849,8 +2838,6 @@ function get_database_size()
// This code is heavily influenced by a similar routine in phpMyAdmin 2.2.0
switch ($db->get_sql_layer())
{
case 'mysql':
case 'mysql4':
case 'mysqli':
$sql = 'SELECT VERSION() AS mysql_version';
$result = $db->sql_query($sql);

190
includes/functions_compatibility.php
View File

@@ -22,7 +22,7 @@ if (!defined('IN_PHPBB'))
/**
* Get user avatar
*
* @deprecated 3.1.0-a1 (To be removed: 3.3.0)
* @deprecated 3.1.0-a1 (To be removed: 4.0.0)
*
* @param string $avatar Users assigned avatar name
* @param int $avatar_type Type of avatar
@@ -50,7 +50,7 @@ function get_user_avatar($avatar, $avatar_type, $avatar_width, $avatar_height, $
/**
* Hash the password
*
* @deprecated 3.1.0-a2 (To be removed: 3.3.0)
* @deprecated 3.1.0-a2 (To be removed: 4.0.0)
*
* @param string $password Password to be hashed
*
@@ -68,7 +68,7 @@ function phpbb_hash($password)
/**
* Check for correct password
*
* @deprecated 3.1.0-a2 (To be removed: 3.3.0)
* @deprecated 3.1.0-a2 (To be removed: 4.0.0)
*
* @param string $password The password in plain text
* @param string $hash The stored password hash
@@ -92,7 +92,7 @@ function phpbb_check_hash($password, $hash)
* @param string $path Path to clean
* @return string Cleaned path
*
* @deprecated 3.1.0 (To be removed: 3.3.0)
* @deprecated 3.1.0 (To be removed: 4.0.0)
*/
function phpbb_clean_path($path)
{
@@ -136,7 +136,7 @@ function phpbb_clean_path($path)
*
* @return string Returns the options for timezone selector only
*
* @deprecated 3.1.0 (To be removed: 3.3.0)
* @deprecated 3.1.0 (To be removed: 4.0.0)
*/
function tz_select($default = '', $truncate = false)
{
@@ -150,7 +150,7 @@ function tz_select($default = '', $truncate = false)
* via admin_permissions. Changes of usernames and group names
* must be carried through for the moderators table.
*
* @deprecated 3.1.0 (To be removed: 3.3.0)
* @deprecated 3.1.0 (To be removed: 4.0.0)
* @return null
*/
function cache_moderators()
@@ -162,7 +162,7 @@ function cache_moderators()
/**
* Removes moderators and administrators from foe lists.
*
* @deprecated 3.1.0 (To be removed: 3.3.0)
* @deprecated 3.1.0 (To be removed: 4.0.0)
* @param array|bool $group_id If an array, remove all members of this group from foe lists, or false to ignore
* @param array|bool $user_id If an array, remove this user from foe lists, or false to ignore
* @return null
@@ -182,7 +182,7 @@ function update_foes($group_id = false, $user_id = false)
* @param string &$rank_img the rank image as full img tag is stored here after execution
* @param string &$rank_img_src the rank image source is stored here after execution
*
* @deprecated 3.1.0-RC5 (To be removed: 3.3.0)
* @deprecated 3.1.0-RC5 (To be removed: 4.0.0)
*
* Note: since we do not want to break backwards-compatibility, this function will only properly assign ranks to guests if you call it for them with user_posts == false
*/
@@ -232,7 +232,7 @@ function get_remote_file($host, $directory, $filename, &$errstr, &$errno, $port
*
* @return int|bool Returns the log_id, if the entry was added to the database, false otherwise.
*
* @deprecated 3.1.0 (To be removed: 3.3.0)
* @deprecated 3.1.0 (To be removed: 4.0.0)
*/
function add_log()
{
@@ -280,7 +280,7 @@ function add_log()
*
* @return null
*
* @deprecated 3.1.0 (To be removed: 3.3.0)
* @deprecated 3.1.0 (To be removed: 4.0.0)
*/
function set_config($config_name, $config_value, $is_dynamic = false, \phpbb\config\config $set_config = null)
{
@@ -310,7 +310,7 @@ function set_config($config_name, $config_value, $is_dynamic = false, \phpbb\con
*
* @return null
*
* @deprecated 3.1.0 (To be removed: 3.3.0)
* @deprecated 3.1.0 (To be removed: 4.0.0)
*/
function set_config_count($config_name, $increment, $is_dynamic = false, \phpbb\config\config $set_config = null)
{
@@ -331,7 +331,7 @@ function set_config_count($config_name, $increment, $is_dynamic = false, \phpbb\
* See {@link \phpbb\request\request_interface::variable \phpbb\request\request_interface::variable} for
* documentation of this function's use.
*
* @deprecated 3.1.0 (To be removed: 3.3.0)
* @deprecated 3.1.0 (To be removed: 4.0.0)
* @param mixed $var_name The form variable's name from which data shall be retrieved.
* If the value is an array this may be an array of indizes which will give
* direct access to a value at any depth. E.g. if the value of "var" is array(1 => "a")
@@ -389,7 +389,7 @@ function request_var($var_name, $default, $multibyte = false, $cookie = false, $
/**
* Get tables of a database
*
* @deprecated 3.1.0 (To be removed: 3.3.0)
* @deprecated 3.1.0 (To be removed: 4.0.0)
*/
function get_tables($db)
{
@@ -492,7 +492,7 @@ function phpbb_realpath($path)
* @param $number int|float The number we want to get the plural case for. Float numbers are floored.
* @return int The plural-case we need to use for the number plural-rule combination
*
* @deprecated 3.2.0-dev (To be removed: 3.3.0)
* @deprecated 3.2.0-dev (To be removed: 4.0.0)
*/
function phpbb_get_plural_form($rule, $number)
{
@@ -511,3 +511,165 @@ function phpbb_pcre_utf8_support()
{
return true;
}
/**
* Casts a variable to the given type.
*
* @deprecated 3.1 (To be removed 4.0.0)
*/
function set_var(&$result, $var, $type, $multibyte = false)
{
// no need for dependency injection here, if you have the object, call the method yourself!
$type_cast_helper = new \phpbb\request\type_cast_helper();
$type_cast_helper->set_var($result, $var, $type, $multibyte);
}
/**
* Delete Attachments
*
* @deprecated 3.2.0-a1 (To be removed: 4.0.0)
*
* @param string $mode can be: post|message|topic|attach|user
* @param mixed $ids can be: post_ids, message_ids, topic_ids, attach_ids, user_ids
* @param bool $resync set this to false if you are deleting posts or topics
*/
function delete_attachments($mode, $ids, $resync = true)
{
global $phpbb_container;
/** @var \phpbb\attachment\manager $attachment_manager */
$attachment_manager = $phpbb_container->get('attachment.manager');
$num_deleted = $attachment_manager->delete($mode, $ids, $resync);
unset($attachment_manager);
return $num_deleted;
}
/**
* Delete attached file
*
* @deprecated 3.2.0-a1 (To be removed: 4.0.0)
*/
function phpbb_unlink($filename, $mode = 'file', $entry_removed = false)
{
global $phpbb_container;
/** @var \phpbb\attachment\manager $attachment_manager */
$attachment_manager = $phpbb_container->get('attachment.manager');
$unlink = $attachment_manager->unlink($filename, $mode, $entry_removed);
unset($attachment_manager);
return $unlink;
}
/**
* Display reasons
*
* @deprecated 3.2.0-dev (To be removed: 4.0.0)
*/
function display_reasons($reason_id = 0)
{
global $phpbb_container;
$phpbb_container->get('phpbb.report.report_reason_list_provider')->display_reasons($reason_id);
}
/**
* Upload Attachment - filedata is generated here
* Uses upload class
*
* @deprecated 3.2.0-a1 (To be removed: 4.0.0)
*
* @param string $form_name The form name of the file upload input
* @param int $forum_id The id of the forum
* @param bool $local Whether the file is local or not
* @param string $local_storage The path to the local file
* @param bool $is_message Whether it is a PM or not
* @param array $local_filedata A filespec object created for the local file
*
* @return array File data array
*/
function upload_attachment($form_name, $forum_id, $local = false, $local_storage = '', $is_message = false, $local_filedata = false)
{
global $phpbb_container;
/** @var \phpbb\attachment\manager $attachment_manager */
$attachment_manager = $phpbb_container->get('attachment.manager');
$file = $attachment_manager->upload($form_name, $forum_id, $local, $local_storage, $is_message, $local_filedata);
unset($attachment_manager);
return $file;
}
/**
* Wrapper for php's checkdnsrr function.
*
* @param string $host Fully-Qualified Domain Name
* @param string $type Resource record type to lookup
* Supported types are: MX (default), A, AAAA, NS, TXT, CNAME
* Other types may work or may not work
*
* @return mixed true if entry found,
* false if entry not found,
* null if this function is not supported by this environment
*
* Since null can also be returned, you probably want to compare the result
* with === true or === false,
*
* @deprecated 3.3.0-b2 (To be removed: 4.0.0)
*/
function phpbb_checkdnsrr($host, $type = 'MX')
{
return checkdnsrr($host, $type);
}
/*
* Wrapper for inet_ntop()
*
* Converts a packed internet address to a human readable representation
* inet_ntop() is supported by PHP since 5.1.0, since 5.3.0 also on Windows.
*
* @param string $in_addr A 32bit IPv4, or 128bit IPv6 address.
*
* @return mixed false on failure,
* string otherwise
*
* @deprecated 3.3.0-b2 (To be removed: 4.0.0)
*/
function phpbb_inet_ntop($in_addr)
{
return inet_ntop($in_addr);
}
/**
* Wrapper for inet_pton()
*
* Converts a human readable IP address to its packed in_addr representation
* inet_pton() is supported by PHP since 5.1.0, since 5.3.0 also on Windows.
*
* @param string $address A human readable IPv4 or IPv6 address.
*
* @return mixed false if address is invalid,
* in_addr representation of the given address otherwise (string)
*
* @deprecated 3.3.0-b2 (To be removed: 4.0.0)
*/
function phpbb_inet_pton($address)
{
return inet_pton($address);
}
/**
* Hashes an email address to a big integer
*
* @param string $email Email address
*
* @return string Unsigned Big Integer
*
* @deprecated 3.3.0-b2 (To be removed: 4.0.0)
*/
function phpbb_email_hash($email)
{
return sprintf('%u', crc32(strtolower($email))) . strlen($email);
}

4
includes/functions_compress.php
View File

@@ -305,8 +305,8 @@ class compress_zip extends compress
}
}
}
// This is a directory, we are not writting files
continue;
// This is a directory, we are not writing files
continue 2;
}
else
{

23
includes/functions_content.php
View File

@@ -1245,11 +1245,6 @@ function parse_attachments($forum_id, &$message, &$attachments, &$update_count_a
$display_cat = ATTACHMENT_CATEGORY_NONE;
}
if ($display_cat == ATTACHMENT_CATEGORY_FLASH && !$user->optionget('viewflash'))
{
$display_cat = ATTACHMENT_CATEGORY_NONE;
}
$download_link = append_sid("{$phpbb_root_path}download/file.$phpEx", 'id=' . $attachment['attach_id']);
$l_downloaded_viewed = 'VIEWED_COUNTS';
@@ -1281,21 +1276,6 @@ function parse_attachments($forum_id, &$message, &$attachments, &$update_count_a
$update_count_ary[] = $attachment['attach_id'];
break;
// Macromedia Flash Files
case ATTACHMENT_CATEGORY_FLASH:
list($width, $height) = @getimagesize($filename);
$block_array += array(
'S_FLASH_FILE' => true,
'WIDTH' => $width,
'HEIGHT' => $height,
'U_VIEW_LINK' => $download_link . '&amp;view=1',
);
// Viewed/Heared File ... update the download count
$update_count_ary[] = $attachment['attach_id'];
break;
default:
$l_downloaded_viewed = 'DOWNLOAD_COUNTS';
@@ -1482,6 +1462,8 @@ function truncate_string($string, $max_length = 60, $max_store_length = 255, $al
* Get username details for placing into templates.
* This function caches all modes on first call, except for no_profile and anonymous user - determined by $user_id.
*
* @html Username spans and links
*
* @param string $mode Can be profile (for getting an url to the profile), username (for obtaining the username), colour (for obtaining the user colour), full (for obtaining a html string representing a coloured link to the users profile) or no_profile (the same as full but forcing no profile link)
* @param int $user_id The users id
* @param string $username The users name
@@ -1501,6 +1483,7 @@ function get_username_string($mode, $user_id, $username, $username_colour = '',
{
global $phpbb_root_path, $phpEx;
/** @html Username spans and links for usage in the template */
$_profile_cache['base_url'] = append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=viewprofile&amp;u={USER_ID}');
$_profile_cache['tpl_noprofile'] = '<span class="username">{USERNAME}</span>';
$_profile_cache['tpl_noprofile_colour'] = '<span style="color: {USERNAME_COLOUR};" class="username-coloured">{USERNAME}</span>';

18
includes/functions_convert.php
View File

@@ -206,16 +206,6 @@ function get_group_id($group_name)
return $group_mapping['REGISTERED'];
}
/**
* Generate the email hash stored in the users table
*
* Note: Deprecated, calls should directly go to phpbb_email_hash()
*/
function gen_email_hash($email)
{
return phpbb_email_hash($email);
}
/**
* Convert a boolean into the appropriate phpBB constant indicating whether the topic is locked
*/
@@ -1219,7 +1209,8 @@ function get_config()
if (is_array($convert->config_schema['table_format']))
{
$convert_config = array();
list($key, $val) = each($convert->config_schema['table_format']);
$key = key($convert->config_schema['table_format']);
$val = current($convert->config_schema['table_format']);
do
{
@@ -1647,11 +1638,6 @@ function mass_auth($ug_type, $forum_id, $ug_id, $acl_list, $setting = ACL_NO)
case 'insert':
switch ($db->get_sql_layer())
{
case 'mysql':
case 'mysql4':
$sql = 'VALUES ' . implode(', ', preg_replace('#^(.*?)$#', '(\1)', $sql_subary));
break;
case 'sqlite3':
case 'mssqlnative':
$sql = implode(' UNION ALL ', preg_replace('#^(.*?)$#', 'SELECT \1', $sql_subary));

56
includes/functions_display.php
View File

@@ -30,6 +30,7 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod
$forum_rows = $subforums = $forum_ids = $forum_ids_moderator = $forum_moderators = $active_forum_ary = array();
$parent_id = $visible_forums = 0;
$parent_subforum_limit = false;
// Mark forums read?
$mark_read = $request->variable('mark', '');
@@ -70,7 +71,7 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod
$data = array(
'NO_UNREAD_POSTS' => $user->lang['NO_UNREAD_POSTS'],
'UNREAD_POSTS' => $user->lang['UNREAD_POSTS'],
'U_MARK_FORUMS' => ($user->data['is_registered'] || $config['load_anon_lastread']) ? append_sid("{$phpbb_root_path}index.$phpEx", 'hash=' . generate_link_hash('global') . '&mark=forums&mark_time=' . time()) : '',
'U_MARK_FORUMS' => ($user->data['is_registered'] || $config['load_anon_lastread']) ? append_sid("{$phpbb_root_path}index.$phpEx", 'hash=' . generate_link_hash('global') . '&mark=forums&mark_time=' . time(), false) : '',
'MESSAGE_TITLE' => $user->lang['INFORMATION'],
'MESSAGE_TEXT' => $user->lang['FORUMS_MARKED']
);
@@ -266,6 +267,7 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod
// Direct child of current branch
$parent_id = $forum_id;
$parent_subforum_limit = $row['display_subforum_limit'];
$forum_rows[$forum_id] = $row;
if ($row['forum_type'] == FORUM_CAT && $row['parent_id'] == $root_data['forum_id'])
@@ -278,7 +280,7 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod
}
else if ($row['forum_type'] != FORUM_CAT)
{
$subforums[$parent_id][$forum_id]['display'] = ($row['display_on_index']) ? true : false;
$subforums[$parent_id][$forum_id]['display'] = ($row['display_on_index'] && (!$parent_subforum_limit || $parent_id == $row['parent_id']));
$subforums[$parent_id][$forum_id]['name'] = $row['forum_name'];
$subforums[$parent_id][$forum_id]['orig_forum_last_post_time'] = $row['forum_last_post_time'];
$subforums[$parent_id][$forum_id]['children'] = array();
@@ -355,7 +357,7 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod
$data = array(
'NO_UNREAD_POSTS' => $user->lang['NO_UNREAD_POSTS'],
'UNREAD_POSTS' => $user->lang['UNREAD_POSTS'],
'U_MARK_FORUMS' => ($user->data['is_registered'] || $config['load_anon_lastread']) ? append_sid("{$phpbb_root_path}viewforum.$phpEx", 'hash=' . generate_link_hash('global') . '&f=' . $root_data['forum_id'] . '&mark=forums&mark_time=' . time()) : '',
'U_MARK_FORUMS' => ($user->data['is_registered'] || $config['load_anon_lastread']) ? append_sid("{$phpbb_root_path}viewforum.$phpEx", 'hash=' . generate_link_hash('global') . '&f=' . $root_data['forum_id'] . '&mark=forums&mark_time=' . time(), false) : '',
'MESSAGE_TITLE' => $user->lang['INFORMATION'],
'MESSAGE_TEXT' => $user->lang['FORUMS_MARKED']
);
@@ -539,7 +541,8 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod
{
if ($row['forum_password_last_post'] === '' && $auth->acl_gets('f_read', 'f_list_topics', $row['forum_id_last_post']))
{
$last_post_subject = censor_text($row['forum_last_post_subject']);
$last_post_subject = utf8_decode_ncr(censor_text($row['forum_last_post_subject']));
$last_post_subject_truncated = truncate_string($last_post_subject, 30, 255, false, $user->lang['ELLIPSIS']);
}
else
@@ -547,11 +550,12 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod
$last_post_subject = $last_post_subject_truncated = '';
}
$last_post_time = $user->format_date($row['forum_last_post_time']);
$last_post_time_rfc3339 = gmdate(DATE_RFC3339, $row['forum_last_post_time']);
$last_post_url = append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'f=' . $row['forum_id_last_post'] . '&amp;p=' . $row['forum_last_post_id']) . '#p' . $row['forum_last_post_id'];
}
else
{
$last_post_subject = $last_post_time = $last_post_url = $last_post_subject_truncated = '';
$last_post_subject = $last_post_time = $last_post_time_rfc3339 = $last_post_url = $last_post_subject_truncated = '';
}
// Output moderator listing ... if applicable
@@ -622,6 +626,7 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod
'LAST_POST_SUBJECT' => $last_post_subject,
'LAST_POST_SUBJECT_TRUNCATED' => $last_post_subject_truncated,
'LAST_POST_TIME' => $last_post_time,
'LAST_POST_TIME_RFC3339'=> $last_post_time_rfc3339,
'LAST_POSTER' => get_username_string('username', $row['forum_last_poster_id'], $row['forum_last_poster_name'], $row['forum_last_poster_colour']),
'LAST_POSTER_COLOUR' => get_username_string('colour', $row['forum_last_poster_id'], $row['forum_last_poster_name'], $row['forum_last_poster_colour']),
'LAST_POSTER_FULL' => get_username_string('full', $row['forum_last_poster_id'], $row['forum_last_poster_name'], $row['forum_last_poster_colour']),
@@ -783,25 +788,25 @@ function generate_forum_nav(&$forum_data_ary)
}
$navlinks_parents[] = array(
'S_IS_CAT' => ($parent_type == FORUM_CAT) ? true : false,
'S_IS_LINK' => ($parent_type == FORUM_LINK) ? true : false,
'S_IS_POST' => ($parent_type == FORUM_POST) ? true : false,
'FORUM_NAME' => $parent_name,
'FORUM_ID' => $parent_forum_id,
'MICRODATA' => $microdata_attr . '="' . $parent_forum_id . '"',
'U_VIEW_FORUM' => append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $parent_forum_id),
'S_IS_CAT' => ($parent_type == FORUM_CAT) ? true : false,
'S_IS_LINK' => ($parent_type == FORUM_LINK) ? true : false,
'S_IS_POST' => ($parent_type == FORUM_POST) ? true : false,
'BREADCRUMB_NAME' => $parent_name,
'FORUM_ID' => $parent_forum_id,
'MICRODATA' => $microdata_attr . '="' . $parent_forum_id . '"',
'U_BREADCRUMB' => append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $parent_forum_id),
);
}
}
$navlinks = array(
'S_IS_CAT' => ($forum_data_ary['forum_type'] == FORUM_CAT) ? true : false,
'S_IS_LINK' => ($forum_data_ary['forum_type'] == FORUM_LINK) ? true : false,
'S_IS_POST' => ($forum_data_ary['forum_type'] == FORUM_POST) ? true : false,
'FORUM_NAME' => $forum_data_ary['forum_name'],
'FORUM_ID' => $forum_data_ary['forum_id'],
'MICRODATA' => $microdata_attr . '="' . $forum_data_ary['forum_id'] . '"',
'U_VIEW_FORUM' => append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $forum_data_ary['forum_id']),
'S_IS_CAT' => ($forum_data_ary['forum_type'] == FORUM_CAT) ? true : false,
'S_IS_LINK' => ($forum_data_ary['forum_type'] == FORUM_LINK) ? true : false,
'S_IS_POST' => ($forum_data_ary['forum_type'] == FORUM_POST) ? true : false,
'BREADCRUMB_NAME' => $forum_data_ary['forum_name'],
'FORUM_ID' => $forum_data_ary['forum_id'],
'MICRODATA' => $microdata_attr . '="' . $forum_data_ary['forum_id'] . '"',
'U_BREADCRUMB' => append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $forum_data_ary['forum_id']),
);
$forum_template_data = array(
@@ -1117,7 +1122,6 @@ function display_custom_bbcodes()
'BBCODE_TAG' => $row['bbcode_tag'],
'BBCODE_TAG_CLEAN' => str_replace('=', '-', $row['bbcode_tag']),
'BBCODE_HELPLINE' => $row['bbcode_helpline'],
'A_BBCODE_HELPLINE' => str_replace(array('&amp;', '&quot;', "'", '&lt;', '&gt;'), array('&', '"', "\'", '<', '>'), $row['bbcode_helpline']),
);
/**
@@ -1148,18 +1152,6 @@ function display_custom_bbcodes()
$phpbb_dispatcher->dispatch('core.display_custom_bbcodes');
}
/**
* Display reasons
*
* @deprecated 3.2.0-dev
*/
function display_reasons($reason_id = 0)
{
global $phpbb_container;
$phpbb_container->get('phpbb.report.report_reason_list_provider')->display_reasons($reason_id);
}
/**
* Display user activity (action forum/topic)
*/

30
includes/functions_download.php
View File

@@ -196,7 +196,7 @@ function send_file_to_browser($attachment, $upload_dir, $category)
}
// Now the tricky part... let's dance
header('Cache-Control: public');
header('Cache-Control: private');
// Send out the Headers. Do not set Content-Disposition to inline please, it is a security measure for users using the Internet Explorer.
header('Content-Type: ' . $attachment['mimetype']);
@@ -206,28 +206,20 @@ function send_file_to_browser($attachment, $upload_dir, $category)
header('X-Content-Type-Options: nosniff');
}
if ($category == ATTACHMENT_CATEGORY_FLASH && $request->variable('view', 0) === 1)
if (empty($user->browser) || ((strpos(strtolower($user->browser), 'msie') !== false) && !phpbb_is_greater_ie_version($user->browser, 7)))
{
// We use content-disposition: inline for flash files and view=1 to let it correctly play with flash player 10 - any other disposition will fail to play inline
header('Content-Disposition: inline');
header('Content-Disposition: attachment; ' . header_filename(htmlspecialchars_decode($attachment['real_filename'])));
if (empty($user->browser) || (strpos(strtolower($user->browser), 'msie 6.0') !== false))
{
header('Expires: ' . gmdate('D, d M Y H:i:s', time()) . ' GMT');
}
}
else
{
if (empty($user->browser) || ((strpos(strtolower($user->browser), 'msie') !== false) && !phpbb_is_greater_ie_version($user->browser, 7)))
header('Content-Disposition: ' . ((strpos($attachment['mimetype'], 'image') === 0) ? 'inline' : 'attachment') . '; ' . header_filename(htmlspecialchars_decode($attachment['real_filename'])));
if (phpbb_is_greater_ie_version($user->browser, 7) && (strpos($attachment['mimetype'], 'image') !== 0))
{
header('Content-Disposition: attachment; ' . header_filename(htmlspecialchars_decode($attachment['real_filename'])));
if (empty($user->browser) || (strpos(strtolower($user->browser), 'msie 6.0') !== false))
{
header('Expires: ' . gmdate('D, d M Y H:i:s', time()) . ' GMT');
}
}
else
{
header('Content-Disposition: ' . ((strpos($attachment['mimetype'], 'image') === 0) ? 'inline' : 'attachment') . '; ' . header_filename(htmlspecialchars_decode($attachment['real_filename'])));
if (phpbb_is_greater_ie_version($user->browser, 7) && (strpos($attachment['mimetype'], 'image') !== 0))
{
header('X-Download-Options: noopen');
}
header('X-Download-Options: noopen');
}
}
@@ -451,7 +443,7 @@ function set_modified_headers($stamp, $browser)
{
send_status_line(304, 'Not Modified');
// seems that we need those too ... browsers
header('Cache-Control: public');
header('Cache-Control: private');
header('Expires: ' . gmdate('D, d M Y H:i:s', time() + 31536000) . ' GMT');
return true;
}

44
includes/functions_messenger.php
View File

@@ -181,10 +181,9 @@ class messenger
/**
* Adds X-AntiAbuse headers
*
* @param array $config Configuration array
* @param user $user A user object
*
* @return null
* @param \phpbb\config\config $config Config object
* @param \phpbb\user $user User object
* @return void
*/
function anti_abuse_headers($config, $user)
{
@@ -1582,6 +1581,14 @@ class smtp_class
*/
protected function starttls()
{
global $config;
// allow SMTPS (what was used by phpBB 3.0) if hostname is prefixed with tls:// or ssl://
if (strpos($config['smtp_host'], 'tls://') === 0 || strpos($config['smtp_host'], 'ssl://') === 0)
{
return true;
}
if (!function_exists('stream_socket_enable_crypto'))
{
return false;
@@ -1604,7 +1611,9 @@ class smtp_class
if (socket_set_blocking($this->socket, 1))
{
$result = stream_socket_enable_crypto($this->socket, true, STREAM_CRYPTO_METHOD_TLS_CLIENT);
// https://secure.php.net/manual/en/function.stream-socket-enable-crypto.php#119122
$crypto = (phpbb_version_compare(PHP_VERSION, '5.6.7', '<')) ? STREAM_CRYPTO_METHOD_TLS_CLIENT : STREAM_CRYPTO_METHOD_SSLv23_CLIENT;
$result = stream_socket_enable_crypto($this->socket, true, $crypto);
socket_set_blocking($this->socket, (int) $stream_meta['blocked']);
}
@@ -1884,14 +1893,21 @@ function mail_encode($str, $eol = "\r\n")
}
/**
* Wrapper for sending out emails with the PHP's mail function
*/
* Wrapper for sending out emails with the PHP's mail function
*/
function phpbb_mail($to, $subject, $msg, $headers, $eol, &$err_msg)
{
global $config, $phpbb_root_path, $phpEx;
// We use the EOL character for the OS here because the PHP mail function does not correctly transform line endings. On Windows SMTP is used (SMTP is \r\n), on UNIX a command is used...
// Reference: http://bugs.php.net/bug.php?id=15841
// Convert Numeric Character References to UTF-8 chars (ie. Emojis)
$subject = utf8_decode_ncr($subject);
$msg = utf8_decode_ncr($msg);
/**
* We use the EOL character for the OS here because the PHP mail function does not correctly transform line endings.
* On Windows SMTP is used (SMTP is \r\n), on UNIX a command is used...
* Reference: http://bugs.php.net/bug.php?id=15841
*/
$headers = implode($eol, $headers);
if (!class_exists('\phpbb\error_collector'))
@@ -1902,10 +1918,14 @@ function phpbb_mail($to, $subject, $msg, $headers, $eol, &$err_msg)
$collector = new \phpbb\error_collector;
$collector->install();
// On some PHP Versions mail() *may* fail if there are newlines within the subject.
// Newlines are used as a delimiter for lines in mail_encode() according to RFC 2045 section 6.8.
// Because PHP can't decide what is wanted we revert back to the non-RFC-compliant way of separating by one space (Use '' as parameter to mail_encode() results in SPACE used)
/**
* On some PHP Versions mail() *may* fail if there are newlines within the subject.
* Newlines are used as a delimiter for lines in mail_encode() according to RFC 2045 section 6.8.
* Because PHP can't decide what is wanted we revert back to the non-RFC-compliant way of separating by one space
* (Use '' as parameter to mail_encode() results in SPACE used)
*/
$additional_parameters = $config['email_force_sender'] ? '-f' . $config['board_email'] : '';
$result = mail($to, mail_encode($subject, ''), wordwrap(utf8_wordwrap($msg), 997, "\n", true), $headers, $additional_parameters);
$collector->uninstall();

12
includes/functions_module.php
View File

@@ -123,7 +123,7 @@ class p_master
// We "could" build a true tree with this function - maybe mod authors want to use this...
// Functions for traversing and manipulating the tree are not available though
// We might re-structure the module system to use true trees in 3.2.x...
// We might re-structure the module system to use true trees in 4.0
// $tree = $this->build_tree($this->module_cache['modules'], $this->module_cache['parents']);
// Clean up module cache array to only let survive modules the user can access
@@ -445,7 +445,7 @@ class p_master
break;
default:
if (!preg_match('#(?:' . implode(array_keys($valid_tokens), ')|(?:') . ')#', $token))
if (!preg_match('#(?:' . implode(')|(?:', array_keys($valid_tokens)) . ')#', $token))
{
$token = '';
}
@@ -933,6 +933,14 @@ class p_master
'U_TITLE' => $u_title
);
if (isset($this->module_cache['parents'][$item_ary['id']]) || $item_ary['id'] == $this->p_id)
{
$template->assign_block_vars('navlinks', array(
'BREADCRUMB_NAME' => $item_ary['lang'],
'U_BREADCRUMB' => $u_title,
));
}
$template->assign_block_vars($use_tabular_offset, array_merge($tpl_ary, array_change_key_case($item_ary, CASE_UPPER)));
}

106
includes/functions_posting.php
View File

@@ -52,9 +52,29 @@ function generate_smilies($mode, $forum_id)
page_header($user->lang['SMILIES']);
$sql = 'SELECT COUNT(smiley_id) AS item_count
FROM ' . SMILIES_TABLE . '
GROUP BY smiley_url';
$sql_ary = [
'SELECT' => 'COUNT(s.smiley_id) AS item_count',
'FROM' => [
SMILIES_TABLE => 's',
],
'GROUP_BY' => 's.smiley_url',
];
/**
* Modify SQL query that fetches the total number of smilies in window mode
*
* @event core.generate_smilies_count_sql_before
* @var int forum_id Forum where smilies are generated
* @var array sql_ary Array with the SQL query
* @since 3.2.9-RC1
*/
$vars = [
'forum_id',
'sql_ary',
];
extract($phpbb_dispatcher->trigger_event('core.generate_smilies_count_sql_before', compact($vars)));
$sql = $db->sql_build_query('SELECT', $sql_ary);
$result = $db->sql_query($sql, 3600);
$smiley_count = 0;
@@ -114,6 +134,22 @@ function generate_smilies($mode, $forum_id)
}
$db->sql_freeresult($result);
/**
* Modify smilies before they are assigned to the template
*
* @event core.generate_smilies_modify_rowset
* @var string mode Smiley mode, either window or inline
* @var int forum_id Forum where smilies are generated
* @var array smilies Smiley rows fetched from the database
* @since 3.2.9-RC1
*/
$vars = [
'mode',
'forum_id',
'smilies',
];
extract($phpbb_dispatcher->trigger_event('core.generate_smilies_modify_rowset', compact($vars)));
if (count($smilies))
{
$root_path = (defined('PHPBB_USE_BOARD_URL_PATH') && PHPBB_USE_BOARD_URL_PATH) ? generate_board_url() . '/' : $phpbb_path_helper->get_web_root_path();
@@ -397,34 +433,6 @@ function posting_gen_topic_types($forum_id, $cur_topic_type = POST_NORMAL)
//
// Attachment related functions
//
/**
* Upload Attachment - filedata is generated here
* Uses upload class
*
* @deprecated 3.2.0-a1 (To be removed: 3.4.0)
*
* @param string $form_name The form name of the file upload input
* @param int $forum_id The id of the forum
* @param bool $local Whether the file is local or not
* @param string $local_storage The path to the local file
* @param bool $is_message Whether it is a PM or not
* @param array $local_filedata A filespec object created for the local file
*
* @return array File data array
*/
function upload_attachment($form_name, $forum_id, $local = false, $local_storage = '', $is_message = false, $local_filedata = false)
{
global $phpbb_container;
/** @var \phpbb\attachment\manager $attachment_manager */
$attachment_manager = $phpbb_container->get('attachment.manager');
$file = $attachment_manager->upload($form_name, $forum_id, $local, $local_storage, $is_message, $local_filedata);
unset($attachment_manager);
return $file;
}
/**
* Calculate the needed size for Thumbnail
*/
@@ -641,12 +649,6 @@ function create_thumbnail($source, $destination, $mimetype)
imagecopyresampled($new_image, $image, 0, 0, 0, 0, $new_width, $new_height, $width, $height);
}
// If we are in safe mode create the destination file prior to using the gd functions to circumvent a PHP bug
if (@ini_get('safe_mode') || @strtolower(ini_get('safe_mode')) == 'on')
{
@touch($destination);
}
switch ($type['format'])
{
case IMG_GIF:
@@ -978,6 +980,30 @@ function topic_review($topic_id, $forum_id, $mode = 'topic_review', $cur_post_id
AND u.user_id = p.poster_id',
);
/**
* Event to modify the SQL query for topic reviews
*
* @event core.topic_review_modify_sql_ary
* @var int topic_id The topic ID that is being reviewed
* @var int forum_id The topic's forum ID
* @var string mode The topic review mode
* @var int cur_post_id Post offset ID
* @var bool show_quote_button Flag indicating if the quote button should be displayed
* @var array post_list Array with the post IDs
* @var array sql_ary Array with the SQL query
* @since 3.2.8-RC1
*/
$vars = array(
'topic_id',
'forum_id',
'mode',
'cur_post_id',
'show_quote_button',
'post_list',
'sql_ary',
);
extract($phpbb_dispatcher->trigger_event('core.topic_review_modify_sql_ary', compact($vars)));
$sql = $db->sql_build_query('SELECT', $sql_ary);
$result = $db->sql_query($sql);
@@ -1284,6 +1310,7 @@ function delete_post($forum_id, $topic_id, $post_id, &$data, $is_soft = false, $
delete_topics('topic_id', array($topic_id), false);
$phpbb_content_visibility->remove_topic_from_statistic($data, $sql_data);
$config->increment('num_posts', -1, false);
$update_sql = update_post_information('forum', $forum_id, true);
if (count($update_sql))
@@ -2054,6 +2081,11 @@ function submit_post($mode, $subject, $username, $topic_type, &$poll_ary, &$data
continue;
}
if (preg_match('/[\x{10000}-\x{10FFFF}]/u', $attach_row['attach_comment']))
{
trigger_error('ATTACH_COMMENT_NO_EMOJIS');
}
if (!$attach_row['is_orphan'])
{
// update entry in db if attachment already stored in db and filespace

59
includes/functions_privmsgs.php
View File

@@ -490,7 +490,7 @@ function place_pm_into_folder(&$global_privmsgs_rules, $release = false)
'bcc' => explode(':', $row['bcc_address']),
'friend' => (isset($zebra[$row['author_id']])) ? $zebra[$row['author_id']]['friend'] : 0,
'foe' => (isset($zebra[$row['author_id']])) ? $zebra[$row['author_id']]['foe'] : 0,
'user_in_group' => array($user->data['group_id']),
'user_in_group' => $user->data['group_id'],
'author_in_group' => array())
);
@@ -1966,7 +1966,7 @@ function submit_pm($mode, $subject, &$data_ary, $put_in_outbox = true)
*/
function message_history($msg_id, $user_id, $message_row, $folder, $in_post_mode = false)
{
global $db, $user, $template, $phpbb_root_path, $phpEx, $auth;
global $db, $user, $template, $phpbb_root_path, $phpEx, $auth, $phpbb_dispatcher;
// Select all receipts and the author from the pm we currently view, to only display their pm-history
$sql = 'SELECT author_id, user_id
@@ -1985,9 +1985,7 @@ function message_history($msg_id, $user_id, $message_row, $folder, $in_post_mode
$recipients = array_unique($recipients);
// Get History Messages (could be newer)
$sql = 'SELECT t.*, p.*, u.*
FROM ' . PRIVMSGS_TABLE . ' p, ' . PRIVMSGS_TO_TABLE . ' t, ' . USERS_TABLE . ' u
WHERE t.msg_id = p.msg_id
$sql_where = 't.msg_id = p.msg_id
AND p.author_id = u.user_id
AND t.folder_id NOT IN (' . PRIVMSGS_NO_BOX . ', ' . PRIVMSGS_HOLD_BOX . ')
AND ' . $db->sql_in_set('t.author_id', $recipients, false, true) . "
@@ -1998,13 +1996,37 @@ function message_history($msg_id, $user_id, $message_row, $folder, $in_post_mode
if (!$message_row['root_level'])
{
$sql .= " AND (p.root_level = $msg_id OR (p.root_level = 0 AND p.msg_id = $msg_id))";
$sql_where .= " AND (p.root_level = $msg_id OR (p.root_level = 0 AND p.msg_id = $msg_id))";
}
else
{
$sql .= " AND (p.root_level = " . $message_row['root_level'] . ' OR p.msg_id = ' . $message_row['root_level'] . ')';
$sql_where .= " AND (p.root_level = " . $message_row['root_level'] . ' OR p.msg_id = ' . $message_row['root_level'] . ')';
}
$sql .= ' ORDER BY p.message_time DESC';
$sql_ary = array(
'SELECT' => 't.*, p.*, u.*',
'FROM' => array(
PRIVMSGS_TABLE => 'p',
PRIVMSGS_TO_TABLE => 't',
USERS_TABLE => 'u'
),
'LEFT_JOIN' => array(),
'WHERE' => $sql_where,
'ORDER_BY' => 'p.message_time DESC',
);
/**
* Event to modify the SQL query before the message history in private message is queried
*
* @event core.message_history_modify_sql_ary
* @var array sql_ary The SQL array to get the data of the message history in private message
* @since 3.2.8-RC1
*/
$vars = array('sql_ary');
extract($phpbb_dispatcher->trigger_event('core.message_history_modify_sql_ary', compact($vars)));
$sql = $db->sql_build_query('SELECT', $sql_ary);
unset($sql_ary);
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
@@ -2087,7 +2109,7 @@ function message_history($msg_id, $user_id, $message_row, $folder, $in_post_mode
$previous_history_pm = $prev_id;
}
$template->assign_block_vars('history_row', array(
$template_vars = array(
'MESSAGE_AUTHOR_QUOTE' => (($decoded_message) ? addslashes(get_username_string('username', $author_id, $row['username'], $row['user_colour'], $row['username'])) : ''),
'MESSAGE_AUTHOR_FULL' => get_username_string('full', $author_id, $row['username'], $row['user_colour'], $row['username']),
'MESSAGE_AUTHOR_COLOUR' => get_username_string('colour', $author_id, $row['username'], $row['user_colour'], $row['username']),
@@ -2109,8 +2131,25 @@ function message_history($msg_id, $user_id, $message_row, $folder, $in_post_mode
'USER_ID' => $row['user_id'],
'U_VIEW_MESSAGE' => "$url&amp;f=$folder_id&amp;p=" . $row['msg_id'],
'U_QUOTE' => (!$in_post_mode && $auth->acl_get('u_sendpm') && $author_id != ANONYMOUS) ? "$url&amp;mode=compose&amp;action=quote&amp;f=" . $folder_id . "&amp;p=" . $row['msg_id'] : '',
'U_POST_REPLY_PM' => ($author_id != $user->data['user_id'] && $author_id != ANONYMOUS && $auth->acl_get('u_sendpm')) ? "$url&amp;mode=compose&amp;action=reply&amp;f=$folder_id&amp;p=" . $row['msg_id'] : '')
'U_POST_REPLY_PM' => ($author_id != $user->data['user_id'] && $author_id != ANONYMOUS && $auth->acl_get('u_sendpm')) ? "$url&amp;mode=compose&amp;action=reply&amp;f=$folder_id&amp;p=" . $row['msg_id'] : ''
);
/**
* Modify the template vars for displaying the message history in private message
*
* @event core.message_history_modify_template_vars
* @var array template_vars Array containing the query
* @var array row Array containing the action user row
* @since 3.2.8-RC1
*/
$vars = array(
'template_vars',
'row',
);
extract($phpbb_dispatcher->trigger_event('core.message_history_modify_template_vars', compact($vars)));
$template->assign_block_vars('history_row', $template_vars);
unset($rowset[$i]);
$prev_id = $id;
}

4
includes/functions_transfer.php
View File

@@ -810,7 +810,7 @@ class ftp_fsock extends transfer
$server_ip = substr($socket_name, 0, strrpos($socket_name, ':'));
}
if (!isset($server_ip) || preg_match(get_preg_expression('ipv4'), $server_ip))
if (isset($server_ip) && filter_var($server_ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4)) // ipv4
{
// Passive mode
$this->_send_command('PASV', '', false);
@@ -831,7 +831,7 @@ class ftp_fsock extends transfer
$server_ip = $temp[0] . '.' . $temp[1] . '.' . $temp[2] . '.' . $temp[3];
$server_port = $temp[4] * 256 + $temp[5];
}
else
else // ipv6
{
// Extended Passive Mode - RFC2428
$this->_send_command('EPSV', '', false);

34
includes/functions_user.php
View File

@@ -204,7 +204,6 @@ function user_add($user_row, $cp_data = false, $notifications_data = null)
'username_clean' => $username_clean,
'user_password' => (isset($user_row['user_password'])) ? $user_row['user_password'] : '',
'user_email' => strtolower($user_row['user_email']),
'user_email_hash' => phpbb_email_hash($user_row['user_email']),
'group_id' => $user_row['group_id'],
'user_type' => $user_row['user_type'],
);
@@ -1455,12 +1454,7 @@ function user_unban($mode, $ban)
*/
function user_ipwhois($ip)
{
if (empty($ip))
{
return '';
}
if (!preg_match(get_preg_expression('ipv4'), $ip) && !preg_match(get_preg_expression('ipv6'), $ip))
if (!filter_var($ip, FILTER_VALIDATE_IP))
{
return '';
}
@@ -1732,7 +1726,7 @@ function phpbb_validate_timezone($timezone)
* @return mixed Either false if validation succeeded or a string which will be
* used as the error message (with the variable name appended)
*/
function validate_username($username, $allowed_username = false)
function validate_username($username, $allowed_username = false, $allow_all_names = false)
{
global $config, $db, $user, $cache;
@@ -1815,13 +1809,16 @@ function validate_username($username, $allowed_username = false)
return 'USERNAME_TAKEN';
}
$bad_usernames = $cache->obtain_disallowed_usernames();
foreach ($bad_usernames as $bad_username)
if (!$allow_all_names)
{
if (preg_match('#^' . $bad_username . '$#', $clean_username))
$bad_usernames = $cache->obtain_disallowed_usernames();
foreach ($bad_usernames as $bad_username)
{
return 'USERNAME_DISALLOWED';
if (preg_match('#^' . $bad_username . '$#', $clean_username))
{
return 'USERNAME_DISALLOWED';
}
}
}
@@ -1907,7 +1904,7 @@ function phpbb_validate_email($email, $config = null)
{
list(, $domain) = explode('@', $email);
if (phpbb_checkdnsrr($domain, 'A') === false && phpbb_checkdnsrr($domain, 'MX') === false)
if (checkdnsrr($domain, 'A') === false && checkdnsrr($domain, 'MX') === false)
{
return 'DOMAIN_NO_MX_RECORD';
}
@@ -1942,16 +1939,17 @@ function validate_user_email($email, $allowed_email = false)
return $validate_email;
}
if (($ban = $user->check_ban(false, false, $email, true)) !== false)
$ban = $user->check_ban(false, false, $email, true);
if (!empty($ban))
{
return ($ban === true) ? 'EMAIL_BANNED' : (!empty($ban['ban_give_reason']) ? $ban['ban_give_reason'] : $ban);
return !empty($ban['ban_give_reason']) ? $ban['ban_give_reason'] : 'EMAIL_BANNED';
}
if (!$config['allow_emailreuse'])
{
$sql = 'SELECT user_email_hash
$sql = 'SELECT user_email
FROM ' . USERS_TABLE . "
WHERE user_email_hash = " . $db->sql_escape(phpbb_email_hash($email));
WHERE user_email = '" . $db->sql_escape($email) . "'";
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);

2
includes/mcp/mcp_ban.php
View File

@@ -269,7 +269,7 @@ class mcp_ban
}
else if ($post_id)
{
$post_info = phpbb_get_post_data($post_id, 'm_ban');
$post_info = phpbb_get_post_data(array($post_id), 'm_ban');
if (count($post_info) && !empty($post_info[$post_id]))
{

2
includes/mcp/mcp_logs.php
View File

@@ -44,7 +44,7 @@ class mcp_logs
if (is_array($action))
{
list($action, ) = each($action);
$action = key($action);
}
else
{

16
includes/mcp/mcp_main.php
View File

@@ -41,6 +41,22 @@ class mcp_main
$quickmod = ($mode == 'quickmod') ? true : false;
/**
* Event to perform additional actions before an MCP action is executed.
*
* @event core.mcp_main_before
* @var string action The action that is about to be performed
* @var string mode The mode in which the MCP is accessed, e.g. front, forum_view, topic_view, post_details, quickmod
* @var boolean quickmod Whether or not the action is performed via QuickMod
* @since 3.2.8-RC1
*/
$vars = [
'action',
'mode',
'quickmod',
];
extract($phpbb_dispatcher->trigger_event('core.mcp_main_before', compact($vars)));
switch ($action)
{
case 'lock':

2
includes/mcp/mcp_notes.php
View File

@@ -42,7 +42,7 @@ class mcp_notes
if (is_array($action))
{
list($action, ) = each($action);
$action = key($action);
}
$this->page_title = 'MCP_NOTES';

36
includes/mcp/mcp_topic.php
View File

@@ -142,14 +142,36 @@ function mcp_topic_view($id, $mode, $action)
}
$start = $pagination->validate_start($start, $posts_per_page, $total);
$sql = 'SELECT u.username, u.username_clean, u.user_colour, p.*
FROM ' . POSTS_TABLE . ' p, ' . USERS_TABLE . ' u
WHERE ' . (($action == 'reports') ? 'p.post_reported = 1 AND ' : '') . '
$sql_where = (($action == 'reports') ? 'p.post_reported = 1 AND ' : '') . '
p.topic_id = ' . $topic_id . '
AND ' . $phpbb_content_visibility->get_visibility_sql('post', $topic_info['forum_id'], 'p.') . '
AND p.poster_id = u.user_id ' .
$limit_time_sql . '
ORDER BY ' . $sort_order_sql;
$limit_time_sql;
$sql_ary = array(
'SELECT' => 'u.username, u.username_clean, u.user_colour, p.*',
'FROM' => array(
POSTS_TABLE => 'p',
USERS_TABLE => 'u'
),
'LEFT_JOIN' => array(),
'WHERE' => $sql_where,
'ORDER_BY' => $sort_order_sql,
);
/**
* Event to modify the SQL query before the MCP topic review posts is queried
*
* @event core.mcp_topic_modify_sql_ary
* @var array sql_ary The SQL array to get the data of the MCP topic review posts
* @since 3.2.8-RC1
*/
$vars = array('sql_ary');
extract($phpbb_dispatcher->trigger_event('core.mcp_topic_modify_sql_ary', compact($vars)));
$sql = $db->sql_build_query('SELECT', $sql_ary);
unset($sql_ary);
$result = $db->sql_query_limit($sql, $posts_per_page, $start);
$rowset = $post_id_list = array();
@@ -220,7 +242,7 @@ function mcp_topic_view($id, $mode, $action)
);
extract($phpbb_dispatcher->trigger_event('core.mcp_topic_modify_post_data', compact($vars)));
foreach ($rowset as $i => $row)
foreach ($rowset as $current_row_number => $row)
{
$message = $row['post_text'];
$post_subject = ($row['post_subject'] != '') ? $row['post_subject'] : $topic_info['topic_title'];
@@ -314,7 +336,7 @@ function mcp_topic_view($id, $mode, $action)
}
}
unset($rowset[$i]);
unset($rowset[$current_row_number]);
}
// Display topic icons for split topic

2
includes/mcp/mcp_warn.php
View File

@@ -41,7 +41,7 @@ class mcp_warn
if (is_array($action))
{
list($action, ) = each($action);
$action = key($action);
}
$this->page_title = 'MCP_WARN';

32
includes/message_parser.php
View File

@@ -46,6 +46,7 @@ class bbcode_firstpass extends bbcode
var $message = '';
var $warn_msg = array();
var $parsed_items = array();
var $mode;
/**
* Parse BBCode
@@ -1128,8 +1129,6 @@ class parse_message extends bbcode_firstpass
var $allow_quote_bbcode = true;
var $allow_url_bbcode = true;
var $mode;
/**
* The plupload object used for dealing with attachments
* @var \phpbb\plupload\plupload
@@ -1524,6 +1523,35 @@ class parse_message extends bbcode_firstpass
}
}
/**
* Check attachment form token depending on submit type
*
* @param \phpbb\language\language $language Language
* @param \phpbb\request\request_interface $request Request
* @param string $form_name Form name for checking form key
*
* @return bool True if form token is not needed or valid, false if needed and invalid
*/
function check_attachment_form_token(\phpbb\language\language $language, \phpbb\request\request_interface $request, $form_name)
{
$add_file = $request->is_set_post('add_file');
$delete_file = $request->is_set_post('delete_file');
if (($add_file || $delete_file) && !check_form_key($form_name))
{
$this->warn_msg[] = $language->lang('FORM_INVALID');
if ($request->is_ajax() && $this->plupload)
{
$this->plupload->emit_error(-400, 'FORM_INVALID');
}
return false;
}
return true;
}
/**
* Parse Attachments
*/

8
includes/questionnaire/questionnaire.php
View File

@@ -68,7 +68,7 @@ class phpbb_questionnaire_data_collector
function get_data_for_form()
{
return base64_encode(serialize($this->get_data_raw()));
return base64_encode(json_encode($this->get_data_raw()));
}
/**
@@ -110,7 +110,6 @@ class phpbb_questionnaire_php_data_provider
'version' => PHP_VERSION,
'sapi' => PHP_SAPI,
'int_size' => defined('PHP_INT_SIZE') ? PHP_INT_SIZE : '',
'safe_mode' => (int) @ini_get('safe_mode'),
'open_basedir' => (int) @ini_get('open_basedir'),
'memory_limit' => @ini_get('memory_limit'),
'allow_url_fopen' => (int) @ini_get('allow_url_fopen'),
@@ -121,13 +120,11 @@ class phpbb_questionnaire_php_data_provider
'disable_functions' => @ini_get('disable_functions'),
'disable_classes' => @ini_get('disable_classes'),
'enable_dl' => (int) @ini_get('enable_dl'),
'magic_quotes_gpc' => (int) @ini_get('magic_quotes_gpc'),
'register_globals' => (int) @ini_get('register_globals'),
'filter.default' => @ini_get('filter.default'),
'zend.ze1_compatibility_mode' => (int) @ini_get('zend.ze1_compatibility_mode'),
'unicode.semantics' => (int) @ini_get('unicode.semantics'),
'zend_thread_safty' => (int) function_exists('zend_thread_id'),
'extensions' => get_loaded_extensions(),
'extensions' => implode(',', get_loaded_extensions()),
);
}
}
@@ -405,7 +402,6 @@ class phpbb_questionnaire_phpbb_data_provider
'max_login_attempts' => true,
'max_name_chars' => true,
'max_num_search_keywords' => true,
'max_pass_chars' => true,
'max_poll_options' => true,
'max_post_chars' => true,
'max_post_font_size' => true,

6
includes/startup.php
View File

@@ -23,11 +23,11 @@ $level = E_ALL & ~E_NOTICE & ~E_DEPRECATED;
error_reporting($level);
/**
* Minimum Requirement: PHP 5.4.0
* Minimum Requirement: PHP 7.1.3
*/
if (version_compare(PHP_VERSION, '5.4') < 0)
if (version_compare(PHP_VERSION, '7.1.3', '<'))
{
die('You are running an unsupported PHP version. Please upgrade to PHP 5.4.0 or higher before trying to install or update to phpBB 3.2');
die('You are running an unsupported PHP version. Please upgrade to PHP 7.1.3 or higher before trying to install or update to phpBB 3.3');
}
// Register globals and magic quotes have been dropped in PHP 5.4 so no need for extra checks

30
includes/ucp/ucp_attachments.php
View File

@@ -29,7 +29,7 @@ class ucp_attachments
function main($id, $mode)
{
global $template, $user, $db, $config, $phpEx, $phpbb_root_path, $phpbb_container, $request;
global $template, $user, $db, $config, $phpEx, $phpbb_root_path, $phpbb_container, $request, $auth;
$start = $request->variable('start', 0);
$sort_key = $request->variable('sk', 'a');
@@ -41,16 +41,27 @@ class ucp_attachments
if ($delete && count($delete_ids))
{
// Validate $delete_ids...
$sql = 'SELECT attach_id
FROM ' . ATTACHMENTS_TABLE . '
WHERE poster_id = ' . $user->data['user_id'] . '
AND is_orphan = 0
AND ' . $db->sql_in_set('attach_id', $delete_ids);
$sql = 'SELECT a.attach_id, p.post_edit_locked, t.topic_status, f.forum_id, f.forum_status
FROM ' . ATTACHMENTS_TABLE . ' a
LEFT JOIN ' . POSTS_TABLE . ' p
ON (a.post_msg_id = p.post_id AND a.in_message = 0)
LEFT JOIN ' . TOPICS_TABLE . ' t
ON (t.topic_id = p.topic_id AND a.in_message = 0)
LEFT JOIN ' . FORUMS_TABLE . ' f
ON (f.forum_id = t.forum_id AND a.in_message = 0)
WHERE a.poster_id = ' . $user->data['user_id'] . '
AND a.is_orphan = 0
AND ' . $db->sql_in_set('a.attach_id', $delete_ids);
$result = $db->sql_query($sql);
$delete_ids = array();
while ($row = $db->sql_fetchrow($result))
{
if (!$auth->acl_get('m_edit', $row['forum_id']) && ($row['forum_status'] == ITEM_LOCKED || $row['topic_status'] == ITEM_LOCKED || $row['post_edit_locked']))
{
continue;
}
$delete_ids[] = $row['attach_id'];
}
$db->sql_freeresult($result);
@@ -124,10 +135,12 @@ class ucp_attachments
$pagination = $phpbb_container->get('pagination');
$start = $pagination->validate_start($start, $config['topics_per_page'], $num_attachments);
$sql = 'SELECT a.*, t.topic_title, p.message_subject as message_title
$sql = 'SELECT a.*, t.topic_title, pr.message_subject as message_title, p.post_edit_locked, t.topic_status, f.forum_id, f.forum_status
FROM ' . ATTACHMENTS_TABLE . ' a
LEFT JOIN ' . POSTS_TABLE . ' p ON (a.post_msg_id = p.post_id AND a.in_message = 0)
LEFT JOIN ' . TOPICS_TABLE . ' t ON (a.topic_id = t.topic_id AND a.in_message = 0)
LEFT JOIN ' . PRIVMSGS_TABLE . ' p ON (a.post_msg_id = p.msg_id AND a.in_message = 1)
LEFT JOIN ' . FORUMS_TABLE . ' f ON (f.forum_id = t.forum_id AND a.in_message = 0)
LEFT JOIN ' . PRIVMSGS_TABLE . ' pr ON (a.post_msg_id = pr.msg_id AND a.in_message = 1)
WHERE a.poster_id = ' . $user->data['user_id'] . "
AND a.is_orphan = 0
ORDER BY $order_by";
@@ -164,6 +177,7 @@ class ucp_attachments
'TOPIC_ID' => $row['topic_id'],
'S_IN_MESSAGE' => $row['in_message'],
'S_LOCKED' => !$row['in_message'] && !$auth->acl_get('m_edit', $row['forum_id']) && ($row['forum_status'] == ITEM_LOCKED || $row['topic_status'] == ITEM_LOCKED || $row['post_edit_locked']),
'U_VIEW_ATTACHMENT' => append_sid("{$phpbb_root_path}download/file.$phpEx", 'id=' . $row['attach_id']),
'U_VIEW_TOPIC' => $view_topic)

33
includes/ucp/ucp_groups.php
View File

@@ -136,7 +136,7 @@ class ucp_groups
{
trigger_error($user->lang['NOT_MEMBER_OF_GROUP'] . $return_page);
}
list(, $row) = each($row);
$row = current($row);
$sql = 'SELECT group_type
FROM ' . GROUPS_TABLE . '
@@ -240,7 +240,7 @@ class ucp_groups
{
trigger_error($user->lang['NOT_MEMBER_OF_GROUP'] . $return_page);
}
list(, $row) = each($row);
$row = current($row);
if (!$row['group_leader'])
{
@@ -460,7 +460,7 @@ class ucp_groups
{
trigger_error($user->lang['NOT_MEMBER_OF_GROUP'] . $return_page);
}
list(, $row) = each($row);
$row = current($row);
if (!$row['group_leader'])
{
@@ -534,7 +534,12 @@ class ucp_groups
'teampage' => $group_row['group_teampage'],
);
if ($config['allow_avatar'])
if (!check_form_key('ucp_groups'))
{
$error[] = $user->lang['FORM_INVALID'];
}
if (!count($error) && $config['allow_avatar'])
{
// Handle avatar
$driver_name = $phpbb_avatar_manager->clean_driver_name($request->variable('avatar_driver', ''));
@@ -556,11 +561,6 @@ class ucp_groups
$error = array_merge($error, $phpbb_avatar_manager->localize_errors($user, $avatar_error));
}
if (!check_form_key('ucp_groups'))
{
$error[] = $user->lang['FORM_INVALID'];
}
// Validate submitted colour value
if ($colour_error = validate_data($submit_ary, array('colour' => array('hex_colour', true))))
{
@@ -754,7 +754,7 @@ class ucp_groups
{
trigger_error($user->lang['NOT_MEMBER_OF_GROUP'] . $return_page);
}
list(, $row) = each($row);
$row = current($row);
if (!$row['group_leader'])
{
@@ -875,11 +875,16 @@ class ucp_groups
trigger_error($user->lang['NO_GROUP'] . $return_page);
}
if (!check_form_key('ucp_groups'))
{
trigger_error($user->lang('FORM_INVALID') . $return_page);
}
if (!($row = group_memberships($group_id, $user->data['user_id'])))
{
trigger_error($user->lang['NOT_MEMBER_OF_GROUP'] . $return_page);
}
list(, $row) = each($row);
$row = current($row);
if (!$row['group_leader'])
{
@@ -906,7 +911,7 @@ class ucp_groups
{
trigger_error($user->lang['NOT_MEMBER_OF_GROUP'] . $return_page);
}
list(, $row) = each($row);
$row = current($row);
if (!$row['group_leader'])
{
@@ -985,7 +990,7 @@ class ucp_groups
{
trigger_error($user->lang['NOT_MEMBER_OF_GROUP'] . $return_page);
}
list(, $row) = each($row);
$row = current($row);
if (!$row['group_leader'])
{
@@ -1046,7 +1051,7 @@ class ucp_groups
{
trigger_error($user->lang['NOT_MEMBER_OF_GROUP'] . $return_page);
}
list(, $row) = each($row);
$row = current($row);
if (!$row['group_leader'])
{

7
includes/ucp/ucp_pm.php
View File

@@ -193,6 +193,8 @@ class ucp_pm
trigger_error('NO_AUTH_READ_HOLD_MESSAGE');
}
add_form_key('ucp_pm_view');
// First Handle Mark actions and moving messages
$submit_mark = (isset($_POST['submit_mark'])) ? true : false;
$move_pm = (isset($_POST['move_pm'])) ? true : false;
@@ -207,6 +209,11 @@ class ucp_pm
$submit_mark = false;
}
if (($move_pm || $submit_mark) && !check_form_key('ucp_pm_view'))
{
trigger_error('FORM_INVALID');
}
// Move PM
if ($move_pm)
{

22
includes/ucp/ucp_pm_compose.php
View File

@@ -26,7 +26,7 @@ if (!defined('IN_PHPBB'))
function compose_pm($id, $mode, $action, $user_folders = array())
{
global $template, $db, $auth, $user, $cache;
global $phpbb_root_path, $phpEx, $config;
global $phpbb_root_path, $phpEx, $config, $language;
global $request, $phpbb_dispatcher, $phpbb_container;
// Damn php and globals - i know, this is horrible
@@ -799,7 +799,10 @@ function compose_pm($id, $mode, $action, $user_folders = array())
extract($phpbb_dispatcher->trigger_event('core.ucp_pm_compose_modify_parse_before', compact($vars)));
// Parse Attachments - before checksum is calculated
$message_parser->parse_attachments('fileupload', $action, 0, $submit, $preview, $refresh, true);
if ($message_parser->check_attachment_form_token($language, $request, 'ucp_pm_compose'))
{
$message_parser->parse_attachments('fileupload', $action, 0, $submit, $preview, $refresh, true);
}
if (count($message_parser->warn_msg) && !($remove_u || $remove_g || $add_to || $add_bcc))
{
@@ -996,7 +999,10 @@ function compose_pm($id, $mode, $action, $user_folders = array())
{
$quote_attributes['post_id'] = $post['msg_id'];
}
if ($action === 'quote')
{
$quote_attributes['msg_id'] = $post['msg_id'];
}
/** @var \phpbb\language\language $language */
$language = $phpbb_container->get('language');
/** @var \phpbb\textformatter\utils_interface $text_formatter_utils */
@@ -1007,6 +1013,16 @@ function compose_pm($id, $mode, $action, $user_folders = array())
if (($action == 'reply' || $action == 'quote' || $action == 'quotepost') && !$preview && !$refresh)
{
$message_subject = ((!preg_match('/^Re:/', $message_subject)) ? 'Re: ' : '') . censor_text($message_subject);
/**
* This event allows you to modify the PM subject of the PM being quoted
*
* @event core.pm_modify_message_subject
* @var string message_subject String with the PM subject already censored.
* @since 3.2.8-RC1
*/
$vars = array('message_subject');
extract($phpbb_dispatcher->trigger_event('core.pm_modify_message_subject', compact($vars)));
}
if ($action == 'forward' && !$preview && !$refresh && !$submit)

7
includes/ucp/ucp_pm_viewfolder.php
View File

@@ -32,6 +32,8 @@ function view_folder($id, $mode, $folder_id, $folder)
$folder_info = get_pm_from($folder_id, $folder, $user->data['user_id']);
add_form_key('ucp_pm_view_folder');
if (!$submit_export)
{
$user->add_lang('viewforum');
@@ -197,6 +199,11 @@ function view_folder($id, $mode, $folder_id, $folder)
$enclosure = $request->variable('enclosure', '');
$delimiter = $request->variable('delimiter', '');
if (!check_form_key('ucp_pm_view_folder'))
{
trigger_error('FORM_INVALID');
}
if ($export_type == 'CSV' && ($delimiter === '' || $enclosure === ''))
{
$template->assign_var('PROMPT', true);

10
includes/ucp/ucp_profile.php
View File

@@ -70,9 +70,9 @@ class ucp_profile
// Do not check cur_password, it is the old one.
$check_ary = array(
'new_password' => array(
array('string', true, $config['min_pass_chars'], $config['max_pass_chars']),
array('string', true, $config['min_pass_chars'], 0),
array('password')),
'password_confirm' => array('string', true, $config['min_pass_chars'], $config['max_pass_chars']),
'password_confirm' => array('string', true, $config['min_pass_chars'], 0),
'email' => array(
array('string', false, 6, 60),
array('user_email')),
@@ -131,9 +131,7 @@ class ucp_profile
'username' => ($auth->acl_get('u_chgname') && $config['allow_namechange']) ? $data['username'] : $user->data['username'],
'username_clean' => ($auth->acl_get('u_chgname') && $config['allow_namechange']) ? utf8_clean_string($data['username']) : $user->data['username_clean'],
'user_email' => ($auth->acl_get('u_chgemail')) ? $data['email'] : $user->data['user_email'],
'user_email_hash' => ($auth->acl_get('u_chgemail')) ? phpbb_email_hash($data['email']) : $user->data['user_email_hash'],
'user_password' => ($auth->acl_get('u_chgpasswd') && $data['new_password']) ? $passwords_manager->hash($data['new_password']) : $user->data['user_password'],
'user_passchg' => ($auth->acl_get('u_chgpasswd') && $data['new_password']) ? time() : 0,
);
if ($auth->acl_get('u_chgname') && $config['allow_namechange'] && $data['username'] != $user->data['username'])
@@ -147,6 +145,8 @@ class ucp_profile
if ($auth->acl_get('u_chgpasswd') && $data['new_password'] && !$passwords_manager->check($data['new_password'], $user->data['user_password']))
{
$sql_ary['user_passchg'] = time();
$user->reset_login_keys();
$phpbb_log->add('user', $user->data['user_id'], $user->ip, 'LOG_USER_NEW_PASSWORD', false, array(
'reportee_id' => $user->data['user_id'],
@@ -266,7 +266,7 @@ class ucp_profile
'CUR_PASSWORD' => '',
'L_USERNAME_EXPLAIN' => $user->lang($config['allow_name_chars'] . '_EXPLAIN', $user->lang('CHARACTERS', (int) $config['min_name_chars']), $user->lang('CHARACTERS', (int) $config['max_name_chars'])),
'L_CHANGE_PASSWORD_EXPLAIN' => $user->lang($config['pass_complex'] . '_EXPLAIN', $user->lang('CHARACTERS', (int) $config['min_pass_chars']), $user->lang('CHARACTERS', (int) $config['max_pass_chars'])),
'L_CHANGE_PASSWORD_EXPLAIN' => $user->lang($config['pass_complex'] . '_EXPLAIN', $user->lang('CHARACTERS', (int) $config['min_pass_chars'])),
'S_FORCE_PASSWORD' => ($auth->acl_get('u_chgpasswd') && $config['chg_passforce'] && $user->data['user_passchg'] < time() - ($config['chg_passforce'] * 86400)) ? true : false,
'S_CHANGE_USERNAME' => ($config['allow_namechange'] && $auth->acl_get('u_chgname')) ? true : false,

63
includes/ucp/ucp_register.php
View File

@@ -39,12 +39,23 @@ class ucp_register
trigger_error('UCP_REGISTER_DISABLE');
}
$coppa = $request->is_set('coppa') ? (int) $request->variable('coppa', false) : false;
$coppa = $request->is_set('coppa_yes') ? 1 : ($request->is_set('coppa_no') ? 0 : false);
$coppa = $request->is_set('coppa') ? $request->variable('coppa', 0) : $coppa;
$agreed = $request->variable('agreed', false);
$submit = $request->is_set_post('submit');
$change_lang = $request->variable('change_lang', '');
$user_lang = $request->variable('lang', $user->lang_name);
if ($agreed && !check_form_key('ucp_register'))
{
$agreed = false;
}
if ($coppa !== false && !check_form_key('ucp_register'))
{
$coppa = false;
}
/**
* Add UCP register data before they are assigned to the template or submitted
*
@@ -67,14 +78,7 @@ class ucp_register
);
extract($phpbb_dispatcher->trigger_event('core.ucp_register_requests_after', compact($vars)));
if ($agreed)
{
add_form_key('ucp_register');
}
else
{
add_form_key('ucp_register_terms');
}
add_form_key('ucp_register');
if ($change_lang || $user_lang != $config['default_lang'])
{
@@ -168,11 +172,8 @@ class ucp_register
$template_vars = array(
'S_LANG_OPTIONS' => (count($lang_row) > 1) ? language_select($user_lang) : '',
'L_COPPA_NO' => sprintf($user->lang['UCP_COPPA_BEFORE'], $coppa_birthday),
'L_COPPA_YES' => sprintf($user->lang['UCP_COPPA_ON_AFTER'], $coppa_birthday),
'U_COPPA_NO' => append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=register&amp;coppa=0'),
'U_COPPA_YES' => append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=register&amp;coppa=1'),
'L_COPPA_NO' => $user->lang('UCP_COPPA_BEFORE', $coppa_birthday),
'L_COPPA_YES' => $user->lang('UCP_COPPA_ON_AFTER', $coppa_birthday),
'S_SHOW_COPPA' => true,
'S_HIDDEN_FIELDS' => build_hidden_fields($s_hidden_fields),
@@ -275,9 +276,9 @@ class ucp_register
array('string', false, $config['min_name_chars'], $config['max_name_chars']),
array('username', '')),
'new_password' => array(
array('string', false, $config['min_pass_chars'], $config['max_pass_chars']),
array('string', false, $config['min_pass_chars'], 0),
array('password')),
'password_confirm' => array('string', false, $config['min_pass_chars'], $config['max_pass_chars']),
'password_confirm' => array('string', false, $config['min_pass_chars'], 0),
'email' => array(
array('string', false, 6, 60),
array('user_email')),
@@ -451,6 +452,9 @@ class ucp_register
{
$message = $user->lang['ACCOUNT_ADDED'];
$email_template = 'user_welcome';
// Autologin after registration
$user->session_create($user_id, 0, false, 1);
}
if ($config['email_enable'])
@@ -599,6 +603,31 @@ class ucp_register
break;
}
/* @var $provider_collection \phpbb\auth\provider_collection */
$provider_collection = $phpbb_container->get('auth.provider_collection');
$auth_provider = $provider_collection->get_provider();
$auth_provider_data = $auth_provider->get_login_data();
if ($auth_provider_data)
{
if (isset($auth_provider_data['VARS']))
{
$template->assign_vars($auth_provider_data['VARS']);
}
if (isset($auth_provider_data['BLOCK_VAR_NAME']))
{
foreach ($auth_provider_data['BLOCK_VARS'] as $block_vars)
{
$template->assign_block_vars($auth_provider_data['BLOCK_VAR_NAME'], $block_vars);
}
}
$template->assign_vars(array(
'PROVIDER_TEMPLATE_FILE' => $auth_provider_data['TEMPLATE_FILE'],
));
}
// Assign template vars for timezone select
phpbb_timezone_select($template, $user, $data['tz'], true);
@@ -610,7 +639,7 @@ class ucp_register
'L_REG_COND' => $l_reg_cond,
'L_USERNAME_EXPLAIN' => $user->lang($config['allow_name_chars'] . '_EXPLAIN', $user->lang('CHARACTERS', (int) $config['min_name_chars']), $user->lang('CHARACTERS', (int) $config['max_name_chars'])),
'L_PASSWORD_EXPLAIN' => $user->lang($config['pass_complex'] . '_EXPLAIN', $user->lang('CHARACTERS', (int) $config['min_pass_chars']), $user->lang('CHARACTERS', (int) $config['max_pass_chars'])),
'L_PASSWORD_EXPLAIN' => $user->lang($config['pass_complex'] . '_EXPLAIN', $user->lang('CHARACTERS', (int) $config['min_pass_chars'])),
'S_LANG_OPTIONS' => language_select($data['lang']),
'S_TZ_PRESELECT' => !$submit,

2
includes/ucp/ucp_resend.php
View File

@@ -47,7 +47,7 @@ class ucp_resend
$sql = 'SELECT user_id, group_id, username, user_email, user_type, user_lang, user_actkey, user_inactive_reason
FROM ' . USERS_TABLE . "
WHERE user_email_hash = '" . $db->sql_escape(phpbb_email_hash($email)) . "'
WHERE user_email = '" . $db->sql_escape($email) . "'
AND username_clean = '" . $db->sql_escape(utf8_clean_string($username)) . "'";
$result = $db->sql_query($sql);
$user_row = $db->sql_fetchrow($result);

43
includes/utf/utf_tools.php
View File

@@ -418,24 +418,43 @@ function utf8_recode($string, $encoding)
}
/**
* Replace all UTF-8 chars that are not in ASCII with their NCR
*
* @param string $text UTF-8 string in NFC
* @return string ASCII string using NCRs for non-ASCII chars
*/
* Replace some special UTF-8 chars that are not in ASCII with their UCR.
* using their Numeric Character Reference's Hexadecimal notation.
*
* Doesn't interfere with Japanese or Cyrillic etc.
* Unicode character visualization will depend on the character support
* of your web browser and the fonts installed on your system.
*
* @see https://en.wikibooks.org/wiki/Unicode/Character_reference/1F000-1FFFF
*
* @param string $text UTF-8 string in NFC
* @return string ASCII string using NCR for non-ASCII chars
*/
function utf8_encode_ucr($text)
{
return preg_replace_callback('/[\\xF0-\\xF4].../', 'utf8_encode_ncr_callback', $text);
}
/**
* Replace all UTF-8 chars that are not in ASCII with their NCR
* using their Numeric Character Reference's Hexadecimal notation.
*
* @param string $text UTF-8 string in NFC
* @return string ASCII string using NCRs for non-ASCII chars
*/
function utf8_encode_ncr($text)
{
return preg_replace_callback('#[\\xC2-\\xF4][\\x80-\\xBF]{1,3}#', 'utf8_encode_ncr_callback', $text);
}
/**
* Callback used in encode_ncr()
*
* Takes a UTF-8 char and replaces it with its NCR. Attention, $m is an array
*
* @param array $m 0-based numerically indexed array passed by preg_replace_callback()
* @return string A HTML NCR if the character is valid, or the original string otherwise
*/
* Callback used in utf8_encode_ncr() and utf8_encode_ucr()
*
* Takes a UTF-8 char and replaces it with its NCR. Attention, $m is an array
*
* @param array $m 0-based numerically indexed array passed by preg_replace_callback()
* @return string A HTML NCR if the character is valid, or the original string otherwise
*/
function utf8_encode_ncr_callback($m)
{
return '&#' . utf8_ord($m[0]) . ';';