diff options
Diffstat (limited to 'phpBB/includes')
22 files changed, 173 insertions, 93 deletions
diff --git a/phpBB/includes/acm/acm_memcache.php b/phpBB/includes/acm/acm_memcache.php index 52b8832749..e54fa36c38 100644 --- a/phpBB/includes/acm/acm_memcache.php +++ b/phpBB/includes/acm/acm_memcache.php @@ -37,6 +37,12 @@ if (!defined('PHPBB_ACM_MEMCACHE_HOST')) define('PHPBB_ACM_MEMCACHE_HOST', 'localhost'); } +if (!defined('PHPBB_ACM_MEMCACHE')) +{ + //can define multiple servers with host1/port1,host2/port2 format + define('PHPBB_ACM_MEMCACHE', PHPBB_ACM_MEMCACHE_HOST . '/' . PHPBB_ACM_MEMCACHE_PORT); +} + /** * ACM for Memcached * @package acm @@ -54,7 +60,11 @@ class acm extends acm_memory parent::acm_memory(); $this->memcache = new Memcache; - $this->memcache->connect(PHPBB_ACM_MEMCACHE_HOST, PHPBB_ACM_MEMCACHE_PORT); + foreach(explode(',', PHPBB_ACM_MEMCACHE) as $u) + { + $parts = explode('/', $u); + $this->memcache->addServer(trim($parts[0]), trim($parts[1])); + } $this->flags = (PHPBB_ACM_MEMCACHE_COMPRESS) ? MEMCACHE_COMPRESSED : 0; } @@ -125,4 +135,4 @@ class acm extends acm_memory } } -?>
\ No newline at end of file +?> diff --git a/phpBB/includes/acp/acp_attachments.php b/phpBB/includes/acp/acp_attachments.php index 25e51814c4..980558c830 100644 --- a/phpBB/includes/acp/acp_attachments.php +++ b/phpBB/includes/acp/acp_attachments.php @@ -90,6 +90,7 @@ class acp_attachments $s_assigned_groups = array(); while ($row = $db->sql_fetchrow($result)) { + $row['group_name'] = (isset($user->lang['EXT_GROUP_' . $row['group_name']])) ? $user->lang['EXT_GROUP_' . $row['group_name']] : $row['group_name']; $s_assigned_groups[$row['cat_id']][] = $row['group_name']; } $db->sql_freeresult($result); @@ -494,6 +495,10 @@ class acp_attachments $sql = 'SELECT group_id FROM ' . EXTENSION_GROUPS_TABLE . " WHERE LOWER(group_name) = '" . $db->sql_escape(utf8_strtolower($new_group_name)) . "'"; + if ($group_id) + { + $sql .= ' AND group_id <> ' . $group_id; + } $result = $db->sql_query($sql); if ($db->sql_fetchrow($result)) @@ -551,6 +556,7 @@ class acp_attachments $group_id = $db->sql_nextid(); } + $group_name = (isset($user->lang['EXT_GROUP_' . $group_name])) ? $user->lang['EXT_GROUP_' . $group_name] : $group_name; add_log('admin', 'LOG_ATTACH_EXTGROUP_' . strtoupper($action), $group_name); } @@ -858,7 +864,7 @@ class acp_attachments 'U_EDIT' => $this->u_action . "&action=edit&g={$row['group_id']}", 'U_DELETE' => $this->u_action . "&action=delete&g={$row['group_id']}", - 'GROUP_NAME' => $row['group_name'], + 'GROUP_NAME' => (isset($user->lang['EXT_GROUP_' . $row['group_name']])) ? $user->lang['EXT_GROUP_' . $row['group_name']] : $row['group_name'], 'CATEGORY' => $cat_lang[$row['cat_id']], ) ); @@ -1118,6 +1124,7 @@ class acp_attachments $group_name = array(); while ($row = $db->sql_fetchrow($result)) { + $row['group_name'] = (isset($user->lang['EXT_GROUP_' . $row['group_name']])) ? $user->lang['EXT_GROUP_' . $row['group_name']] : $row['group_name']; $group_name[] = $row; } $db->sql_freeresult($result); diff --git a/phpBB/includes/acp/acp_board.php b/phpBB/includes/acp/acp_board.php index a5feac1902..7680d8996c 100644 --- a/phpBB/includes/acp/acp_board.php +++ b/phpBB/includes/acp/acp_board.php @@ -888,8 +888,8 @@ class acp_board $old_tz = $user->timezone; $old_dst = $user->dst; - $user->timezone = $config['board_timezone']; - $user->dst = $config['board_dst']; + $user->timezone = $config['board_timezone'] * 3600; + $user->dst = $config['board_dst'] * 3600; $dateformat_options = ''; diff --git a/phpBB/includes/acp/acp_database.php b/phpBB/includes/acp/acp_database.php index abfad2b90b..0582d6204e 100644 --- a/phpBB/includes/acp/acp_database.php +++ b/phpBB/includes/acp/acp_database.php @@ -394,6 +394,7 @@ class acp_database case 'mssql': case 'mssql_odbc': + case 'mssqlnative': while (($sql = $fgetd($fp, "GO\n", $read, $seek, $eof)) !== false) { $db->sql_query($sql); diff --git a/phpBB/includes/acp/acp_forums.php b/phpBB/includes/acp/acp_forums.php index bde59ec870..7b7671573e 100644 --- a/phpBB/includes/acp/acp_forums.php +++ b/phpBB/includes/acp/acp_forums.php @@ -1705,6 +1705,9 @@ class acp_forums ) ); + // Amount of rows we select and delete in one iteration. + $batch_size = 500; + foreach ($tables_ary as $field => $tables) { $start = 0; @@ -1714,7 +1717,7 @@ class acp_forums $sql = "SELECT $field FROM " . POSTS_TABLE . ' WHERE forum_id = ' . $forum_id; - $result = $db->sql_query_limit($sql, 500, $start); + $result = $db->sql_query_limit($sql, $batch_size, $start); $ids = array(); while ($row = $db->sql_fetchrow($result)) @@ -1733,7 +1736,7 @@ class acp_forums } } } - while ($row); + while (sizeof($ids) == $batch_size); } unset($ids); diff --git a/phpBB/includes/acp/acp_language.php b/phpBB/includes/acp/acp_language.php index fedae6fe67..c2cb2f9c11 100644 --- a/phpBB/includes/acp/acp_language.php +++ b/phpBB/includes/acp/acp_language.php @@ -1120,12 +1120,12 @@ class acp_language { while (($file = readdir($dp)) !== false) { - if (!is_dir($phpbb_root_path . 'language/' . $file)) + if ($file[0] == '.' || !is_dir($phpbb_root_path . 'language/' . $file)) { continue; } - if ($file[0] != '.' && file_exists("{$phpbb_root_path}language/$file/iso.txt")) + if (file_exists("{$phpbb_root_path}language/$file/iso.txt")) { if (!in_array($file, $installed)) { diff --git a/phpBB/includes/acp/acp_profile.php b/phpBB/includes/acp/acp_profile.php index fc08c7e8e8..2288a0728b 100644 --- a/phpBB/includes/acp/acp_profile.php +++ b/phpBB/includes/acp/acp_profile.php @@ -1480,6 +1480,7 @@ class acp_profile case 'mssql': case 'mssql_odbc': + case 'mssqlnative': // We are defining the biggest common value, because of the possibility to edit the min/max values of each field. $sql = 'ALTER TABLE [' . PROFILE_FIELDS_DATA_TABLE . "] ADD [$field_ident] "; diff --git a/phpBB/includes/acp/acp_reasons.php b/phpBB/includes/acp/acp_reasons.php index 8d7bc88769..dbc9fcb6cc 100644 --- a/phpBB/includes/acp/acp_reasons.php +++ b/phpBB/includes/acp/acp_reasons.php @@ -233,6 +233,7 @@ class acp_reasons // Standard? What's that? case 'mssql': case 'mssql_odbc': + case 'mssqlnative': // Change the reports using this reason to 'other' $sql = "DECLARE @ptrval binary(16) diff --git a/phpBB/includes/acp/acp_styles.php b/phpBB/includes/acp/acp_styles.php index d2a0f9210f..3310560c73 100644 --- a/phpBB/includes/acp/acp_styles.php +++ b/phpBB/includes/acp/acp_styles.php @@ -643,13 +643,13 @@ parse_css_file = {PARSE_CSS_FILE} { while (($file = readdir($dp)) !== false) { - if (!is_dir($phpbb_root_path . 'styles/' . $file)) + if ($file[0] == '.' || !is_dir($phpbb_root_path . 'styles/' . $file)) { continue; } $subpath = ($mode != 'style') ? "$mode/" : ''; - if ($file[0] != '.' && file_exists("{$phpbb_root_path}styles/$file/$subpath$mode.cfg")) + if (file_exists("{$phpbb_root_path}styles/$file/$subpath$mode.cfg")) { if ($cfg = file("{$phpbb_root_path}styles/$file/$subpath$mode.cfg")) { diff --git a/phpBB/includes/acp/acp_users.php b/phpBB/includes/acp/acp_users.php index 4905840e02..bd64f1e89e 100644 --- a/phpBB/includes/acp/acp_users.php +++ b/phpBB/includes/acp/acp_users.php @@ -105,7 +105,7 @@ class acp_users LEFT JOIN ' . SESSIONS_TABLE . ' s ON (s.session_user_id = u.user_id) WHERE u.user_id = ' . $user_id . ' ORDER BY s.session_time DESC'; - $result = $db->sql_query($sql); + $result = $db->sql_query_limit($sql, 1); $user_row = $db->sql_fetchrow($result); $db->sql_freeresult($result); @@ -1550,6 +1550,31 @@ class acp_users WHERE user_id = $user_id"; $db->sql_query($sql); + // Check if user has an active session + if ($user_row['session_id']) + { + // We'll update the session if user_allow_viewonline has changed and the user is a bot + // Or if it's a regular user and the admin set it to hide the session + if ($user_row['user_allow_viewonline'] != $sql_ary['user_allow_viewonline'] && $user_row['user_type'] == USER_IGNORE + || $user_row['user_allow_viewonline'] && !$sql_ary['user_allow_viewonline']) + { + // We also need to check if the user has the permission to cloak. + $user_auth = new auth(); + $user_auth->acl($user_row); + + $session_sql_ary = array( + 'session_viewonline' => ($user_auth->acl_get('u_hideonline')) ? $sql_ary['user_allow_viewonline'] : true, + ); + + $sql = 'UPDATE ' . SESSIONS_TABLE . ' + SET ' . $db->sql_build_array('UPDATE', $session_sql_ary) . " + WHERE session_user_id = $user_id"; + $db->sql_query($sql); + + unset($user_auth); + } + } + trigger_error($user->lang['USER_PREFS_UPDATED'] . adm_back_link($this->u_action . '&u=' . $user_id)); } @@ -2084,7 +2109,7 @@ class acp_users LEFT JOIN ' . SESSIONS_TABLE . ' s ON (s.session_user_id = u.user_id) WHERE u.user_id = ' . $user_id . ' ORDER BY s.session_time DESC'; - $result = $db->sql_query($sql); + $result = $db->sql_query_limit($sql, 1); $user_row = $db->sql_fetchrow($result); $db->sql_freeresult($result); } diff --git a/phpBB/includes/constants.php b/phpBB/includes/constants.php index f58b29d232..8d31eaba7f 100644 --- a/phpBB/includes/constants.php +++ b/phpBB/includes/constants.php @@ -25,7 +25,7 @@ if (!defined('IN_PHPBB')) */ // phpBB Version -define('PHPBB_VERSION', '3.0.7'); +define('PHPBB_VERSION', '3.0.7-PL1'); // QA-related // define('PHPBB_QA', 1); diff --git a/phpBB/includes/db/postgres.php b/phpBB/includes/db/postgres.php index d117e8c948..b3139b3d79 100644 --- a/phpBB/includes/db/postgres.php +++ b/phpBB/includes/db/postgres.php @@ -76,7 +76,14 @@ class dbal_postgres extends dbal $this->persistency = $persistency; - $this->db_connect_id = ($this->persistency) ? @pg_pconnect($connect_string, $new_link) : @pg_connect($connect_string, $new_link); + if ($this->persistency) + { + $this->db_connect_id = (!$new_link) ? @pg_pconnect($connect_string) : @pg_pconnect($connect_string, PGSQL_CONNECT_FORCE_NEW); + } + else + { + $this->db_connect_id = (!$new_link) ? @pg_connect($connect_string) : @pg_connect($connect_string, PGSQL_CONNECT_FORCE_NEW); + } if ($this->db_connect_id) { diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index e8f45b654f..01f17fa521 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -114,7 +114,7 @@ function request_var($var_name, $default, $multibyte = false, $cookie = false) { $_v = null; } - set_var($_k, $_k, $sub_key_type); + set_var($_k, $_k, $sub_key_type, $multibyte); set_var($var[$k][$_k], $_v, $sub_type, $multibyte); } } @@ -175,11 +175,8 @@ function set_config_count($config_name, $increment, $is_dynamic = false) switch ($db->sql_layer) { case 'firebird': - $sql_update = 'CAST(CAST(config_value as integer) + ' . (int) $increment . ' as VARCHAR(255))'; - break; - case 'postgres': - $sql_update = 'int4(config_value) + ' . (int) $increment; + $sql_update = 'CAST(CAST(config_value as DECIMAL(255, 0)) + ' . (int) $increment . ' as VARCHAR(255))'; break; // MySQL, SQlite, mssql, mssql_odbc, oracle @@ -2139,8 +2136,8 @@ function append_sid($url, $params = false, $is_amp = true, $session_id = false) { global $_SID, $_EXTRA_URL, $phpbb_hook; - // Developers using the hook function need to globalise the $_SID and $_EXTRA_URL on their own and also handle it appropiatly. - // They could mimick most of what is within this function + // Developers using the hook function need to globalise the $_SID and $_EXTRA_URL on their own and also handle it appropriately. + // They could mimic most of what is within this function if (!empty($phpbb_hook) && $phpbb_hook->call_hook(__FUNCTION__, $url, $params, $is_amp, $session_id)) { if ($phpbb_hook->hook_return(__FUNCTION__)) @@ -2297,6 +2294,8 @@ function redirect($url, $return = false, $disable_cd_check = false) { global $db, $cache, $config, $user, $phpbb_root_path; + $failover_flag = false; + if (empty($user->lang)) { $user->add_lang('common'); @@ -2344,65 +2343,69 @@ function redirect($url, $return = false, $disable_cd_check = false) if (!file_exists($pathinfo['dirname'])) { // fallback to "last known user page" + // at least this way we know the user does not leave the phpBB root $url = generate_board_url() . '/' . $user->page['page']; - break; + $failover_flag = true; } } - // Is the uri pointing to the current directory? - if ($pathinfo['dirname'] == '.') + if (!$failover_flag) { - $url = str_replace('./', '', $url); - - // Strip / from the beginning - if ($url && substr($url, 0, 1) == '/') + // Is the uri pointing to the current directory? + if ($pathinfo['dirname'] == '.') { - $url = substr($url, 1); - } + $url = str_replace('./', '', $url); - if ($user->page['page_dir']) - { - $url = generate_board_url() . '/' . $user->page['page_dir'] . '/' . $url; + // Strip / from the beginning + if ($url && substr($url, 0, 1) == '/') + { + $url = substr($url, 1); + } + + if ($user->page['page_dir']) + { + $url = generate_board_url() . '/' . $user->page['page_dir'] . '/' . $url; + } + else + { + $url = generate_board_url() . '/' . $url; + } } else { - $url = generate_board_url() . '/' . $url; - } - } - else - { - // Used ./ before, but $phpbb_root_path is working better with urls within another root path - $root_dirs = explode('/', str_replace('\\', '/', phpbb_realpath($phpbb_root_path))); - $page_dirs = explode('/', str_replace('\\', '/', phpbb_realpath($pathinfo['dirname']))); - $intersection = array_intersect_assoc($root_dirs, $page_dirs); + // Used ./ before, but $phpbb_root_path is working better with urls within another root path + $root_dirs = explode('/', str_replace('\\', '/', phpbb_realpath($phpbb_root_path))); + $page_dirs = explode('/', str_replace('\\', '/', phpbb_realpath($pathinfo['dirname']))); + $intersection = array_intersect_assoc($root_dirs, $page_dirs); - $root_dirs = array_diff_assoc($root_dirs, $intersection); - $page_dirs = array_diff_assoc($page_dirs, $intersection); + $root_dirs = array_diff_assoc($root_dirs, $intersection); + $page_dirs = array_diff_assoc($page_dirs, $intersection); - $dir = str_repeat('../', sizeof($root_dirs)) . implode('/', $page_dirs); + $dir = str_repeat('../', sizeof($root_dirs)) . implode('/', $page_dirs); - // Strip / from the end - if ($dir && substr($dir, -1, 1) == '/') - { - $dir = substr($dir, 0, -1); - } + // Strip / from the end + if ($dir && substr($dir, -1, 1) == '/') + { + $dir = substr($dir, 0, -1); + } - // Strip / from the beginning - if ($dir && substr($dir, 0, 1) == '/') - { - $dir = substr($dir, 1); - } + // Strip / from the beginning + if ($dir && substr($dir, 0, 1) == '/') + { + $dir = substr($dir, 1); + } - $url = str_replace($pathinfo['dirname'] . '/', '', $url); + $url = str_replace($pathinfo['dirname'] . '/', '', $url); - // Strip / from the beginning - if (substr($url, 0, 1) == '/') - { - $url = substr($url, 1); - } + // Strip / from the beginning + if (substr($url, 0, 1) == '/') + { + $url = substr($url, 1); + } - $url = (!empty($dir) ? $dir . '/' : '') . $url; - $url = generate_board_url() . '/' . $url; + $url = (!empty($dir) ? $dir . '/' : '') . $url; + $url = generate_board_url() . '/' . $url; + } } } @@ -3403,13 +3406,14 @@ function phpbb_checkdnsrr($host, $type = '') { $type = (!$type) ? 'MX' : $type; - if (DIRECTORY_SEPARATOR == '\\') + // Call checkdnsrr() if available. This is also the case on Windows with PHP 5.3 or later. + if (function_exists('checkdnsrr')) + { + // The dot indicates to search the DNS root (helps those having DNS prefixes on the same domain) + return checkdnsrr($host . '.', $type); + } + else if (DIRECTORY_SEPARATOR == '\\' && function_exists('exec')) { - if (!function_exists('exec')) - { - return NULL; - } - // @exec('nslookup -retry=1 -timout=1 -type=' . escapeshellarg($type) . ' ' . escapeshellarg($host), $output); @exec('nslookup -type=' . escapeshellarg($type) . ' ' . escapeshellarg($host) . '.', $output); @@ -3435,11 +3439,6 @@ function phpbb_checkdnsrr($host, $type = '') return false; } - else if (function_exists('checkdnsrr')) - { - // The dot indicates to search the DNS root (helps those having DNS prefixes on the same domain) - return (checkdnsrr($host . '.', $type)) ? true : false; - } return NULL; } @@ -4251,7 +4250,7 @@ function page_header($page_title = '', $display_online_list = true, $item_id = 0 'S_TOPIC_ID' => $topic_id, 'S_LOGIN_ACTION' => ((!defined('ADMIN_START')) ? append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=login') : append_sid("index.$phpEx", false, true, $user->session_id)), - 'S_LOGIN_REDIRECT' => build_hidden_fields(array('redirect' => str_replace('&', '&', build_url()))), + 'S_LOGIN_REDIRECT' => build_hidden_fields(array('redirect' => build_url())), 'S_ENABLE_FEEDS' => ($config['feed_enable']) ? true : false, 'S_ENABLE_FEEDS_OVERALL' => ($config['feed_overall']) ? true : false, diff --git a/phpBB/includes/functions_admin.php b/phpBB/includes/functions_admin.php index 93244be55c..4cd2962e3b 100644 --- a/phpBB/includes/functions_admin.php +++ b/phpBB/includes/functions_admin.php @@ -96,16 +96,12 @@ function make_forum_select($select_id = false, $ignore_id = false, $ignore_acl = $right = $row['right_id']; $disabled = false; - if (!$ignore_acl && $auth->acl_get('f_list', $row['forum_id'])) + if (!$ignore_acl && $auth->acl_gets(array('f_list', 'a_forum', 'a_forumadd', 'a_forumdel'), $row['forum_id'])) { if ($only_acl_post && !$auth->acl_get('f_post', $row['forum_id']) || (!$auth->acl_get('m_approve', $row['forum_id']) && !$auth->acl_get('f_noapprove', $row['forum_id']))) { $disabled = true; } - else if (!$only_acl_post && !$auth->acl_gets(array('f_list', 'a_forum', 'a_forumadd', 'a_forumdel'), $row['forum_id'])) - { - $disabled = true; - } } else if (!$ignore_acl) { @@ -675,7 +671,7 @@ function delete_topics($where_type, $where_ids, $auto_sync = true, $post_count_s $db->sql_transaction('begin'); - $table_ary = array(TOPICS_TRACK_TABLE, TOPICS_POSTED_TABLE, POLL_VOTES_TABLE, POLL_OPTIONS_TABLE, TOPICS_WATCH_TABLE, TOPICS_TABLE); + $table_ary = array(BOOKMARKS_TABLE, TOPICS_TRACK_TABLE, TOPICS_POSTED_TABLE, POLL_VOTES_TABLE, POLL_OPTIONS_TABLE, TOPICS_WATCH_TABLE, TOPICS_TABLE); foreach ($table_ary as $table) { diff --git a/phpBB/includes/functions_compress.php b/phpBB/includes/functions_compress.php index f17c780a65..f422eaa8c1 100644 --- a/phpBB/includes/functions_compress.php +++ b/phpBB/includes/functions_compress.php @@ -502,8 +502,8 @@ class compress_tar extends compress function compress_tar($mode, $file, $type = '') { $type = (!$type) ? $file : $type; - $this->isgz = (strpos($type, '.tar.gz') !== false || strpos($type, '.tgz') !== false) ? true : false; - $this->isbz = (strpos($type, '.tar.bz2') !== false) ? true : false; + $this->isgz = preg_match('#(\.tar\.gz|\.tgz)$#', $type); + $this->isbz = preg_match('#\.tar\.bz2$#', $type); $this->mode = &$mode; $this->file = &$file; diff --git a/phpBB/includes/functions_display.php b/phpBB/includes/functions_display.php index f49aa42324..ea77551fc4 100644 --- a/phpBB/includes/functions_display.php +++ b/phpBB/includes/functions_display.php @@ -660,7 +660,7 @@ function topic_generate_pagination($replies, $url) $times = 1; for ($j = 0; $j < $replies + 1; $j += $per_page) { - $pagination .= '<a href="' . $url . '&start=' . $j . '">' . $times . '</a>'; + $pagination .= '<a href="' . $url . ($j == 0 ? '' : '&start=' . $j) . '">' . $times . '</a>'; if ($times == 1 && $total_pages > 5) { $pagination .= ' ... '; diff --git a/phpBB/includes/functions_posting.php b/phpBB/includes/functions_posting.php index 49ea382411..4cb3941ce0 100644 --- a/phpBB/includes/functions_posting.php +++ b/phpBB/includes/functions_posting.php @@ -85,10 +85,10 @@ function generate_smilies($mode, $forum_id) if ($mode == 'window') { - $sql = 'SELECT smiley_url, MIN(emotion) as emotion, MIN(code) AS code, smiley_width, smiley_height + $sql = 'SELECT smiley_url, MIN(emotion) as emotion, MIN(code) AS code, smiley_width, smiley_height, MIN(smiley_order) AS min_smiley_order FROM ' . SMILIES_TABLE . ' GROUP BY smiley_url, smiley_width, smiley_height - ORDER BY MIN(smiley_order)'; + ORDER BY min_smiley_order'; $result = $db->sql_query_limit($sql, $config['smilies_per_page'], $start, 3600); } else @@ -1146,7 +1146,7 @@ function topic_review($topic_id, $forum_id, $mode = 'topic_review', $cur_post_id } } - unset($rowset[$i]); + unset($rowset[$post_list[$i]]); } if ($mode == 'topic_review') diff --git a/phpBB/includes/functions_profile_fields.php b/phpBB/includes/functions_profile_fields.php index 61e3587158..fa1cc98e10 100644 --- a/phpBB/includes/functions_profile_fields.php +++ b/phpBB/includes/functions_profile_fields.php @@ -366,6 +366,7 @@ class custom_profile case 'sqlite': case 'mssql': case 'mssql_odbc': + case 'mssqlnative': $right_delim = ']'; $left_delim = '['; break; diff --git a/phpBB/includes/functions_upload.php b/phpBB/includes/functions_upload.php index 054af29045..51fed45ebd 100644 --- a/phpBB/includes/functions_upload.php +++ b/phpBB/includes/functions_upload.php @@ -775,7 +775,18 @@ class fileupload { if ($get_info) { - $data .= @fread($fsock, 1024); + $block = @fread($fsock, 1024); + $filesize += strlen($block); + + if ($this->max_filesize && $filesize > $this->max_filesize) + { + $max_filesize = get_formatted_filesize($this->max_filesize, false); + + $file = new fileerror(sprintf($user->lang[$this->error_prefix . 'WRONG_FILESIZE'], $max_filesize['value'], $max_filesize['unit'])); + return $file; + } + + $data .= $block; } else { @@ -791,6 +802,18 @@ class fileupload { $upload_ary['type'] = rtrim(str_replace('content-type: ', '', strtolower($line))); } + else if ($this->max_filesize && stripos($line, 'content-length: ') !== false) + { + $length = (int) str_replace('content-length: ', '', strtolower($line)); + + if ($length && $length > $this->max_filesize) + { + $max_filesize = get_formatted_filesize($this->max_filesize, false); + + $file = new fileerror(sprintf($user->lang[$this->error_prefix . 'WRONG_FILESIZE'], $max_filesize['value'], $max_filesize['unit'])); + return $file; + } + } else if (stripos($line, '404 not found') !== false) { $file = new fileerror($user->lang[$this->error_prefix . 'URL_NOT_FOUND']); diff --git a/phpBB/includes/message_parser.php b/phpBB/includes/message_parser.php index 50aad8588a..952b55cc8c 100644 --- a/phpBB/includes/message_parser.php +++ b/phpBB/includes/message_parser.php @@ -300,7 +300,7 @@ class bbcode_firstpass extends bbcode if ($config['max_' . $this->mode . '_img_height'] || $config['max_' . $this->mode . '_img_width']) { - $stats = @getimagesize($in); + $stats = @getimagesize(htmlspecialchars_decode($in)); if ($stats === false) { diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php index 11f1896332..0a01b4e73b 100644 --- a/phpBB/includes/session.php +++ b/phpBB/includes/session.php @@ -83,7 +83,7 @@ class session $query_string = trim(implode('&', $use_args)); // basenamed page name (for example: index.php) - $page_name = basename($script_name); + $page_name = (substr($script_name, -1, 1) == '/') ? '' : basename($script_name); $page_name = urlencode(htmlspecialchars($page_name)); // current directory within the phpBB root (for example: adm) @@ -608,6 +608,12 @@ class session } else { + // Bot user, if they have a SID in the Request URI we need to get rid of it + // otherwise they'll index this page with the SID, duplicate content oh my! + if (isset($_GET['sid'])) + { + redirect(build_url(array('sid'))); + } $this->data['session_last_visit'] = $this->time_now; } @@ -977,7 +983,7 @@ class session } // only called from CRON; should be a safe workaround until the infrastructure gets going - if (!class_exists('captcha_factory')) + if (!class_exists('phpbb_captcha_factory')) { include($phpbb_root_path . "includes/captcha/captcha_factory." . $phpEx); } diff --git a/phpBB/includes/ucp/ucp_pm_compose.php b/phpBB/includes/ucp/ucp_pm_compose.php index 4d72d45f81..b596e72c41 100644 --- a/phpBB/includes/ucp/ucp_pm_compose.php +++ b/phpBB/includes/ucp/ucp_pm_compose.php @@ -1054,7 +1054,7 @@ function compose_pm($id, $mode, $action) 'S_COMPOSE_PM' => true, 'S_EDIT_POST' => ($action == 'edit'), 'S_SHOW_PM_ICONS' => $s_pm_icons, - 'S_BBCODE_ALLOWED' => $bbcode_status, + 'S_BBCODE_ALLOWED' => ($bbcode_status) ? 1 : 0, 'S_BBCODE_CHECKED' => ($bbcode_checked) ? ' checked="checked"' : '', 'S_SMILIES_ALLOWED' => $smilies_status, 'S_SMILIES_CHECKED' => ($smilies_checked) ? ' checked="checked"' : '', |