phpBB

Code Changes

File: includes/functions.php

  Unmodified   Added   Modified   Removed
Line 65Line 65

/**
* Generates an alphanumeric random string of given length


/**
* Generates an alphanumeric random string of given length

 
*
* @param int $num_chars Length of random string, defaults to 8.
* This number should be less or equal than 64.

*
* @return string
*/
function gen_rand_string($num_chars = 8)
{

*
* @return string
*/
function gen_rand_string($num_chars = 8)
{

	// [a, z] + [0, 9] = 36
return substr(strtoupper(base_convert(unique_id(), 16, 36)), 0, $num_chars);










	$range = array_merge(range('A', 'Z'), range(0, 9));
$size = count($range);

$output = '';
for ($i = 0; $i < $num_chars; $i++)
{
$rand = random_int(0, $size-1);
$output .= $range[$rand];
}

return $output;

}

/**
* Generates a user-friendly alphanumeric random string of given length
* We remove 0 and O so users cannot confuse those in passwords etc.

}

/**
* Generates a user-friendly alphanumeric random string of given length
* We remove 0 and O so users cannot confuse those in passwords etc.

 
*
* @param int $num_chars Length of random string, defaults to 8.
* This number should be less or equal than 64.

*
* @return string
*/
function gen_rand_string_friendly($num_chars = 8)
{

*
* @return string
*/
function gen_rand_string_friendly($num_chars = 8)
{

	$rand_str = unique_id();


	$range = array_merge(range('A', 'N'), range('P', 'Z'), range(1, 9));
$size = count($range);





	// Remove Z and Y from the base_convert(), replace 0 with Z and O with Y
// [a, z] + [0, 9] - {z, y} = [a, z] + [0, 9] - {0, o} = 34
$rand_str = str_replace(array('0', 'O'), array('Z', 'Y'), strtoupper(base_convert($rand_str, 16, 34)));




	$output = '';
for ($i = 0; $i < $num_chars; $i++)
{
$rand = random_int(0, $size-1);
$output .= $range[$rand];
}





	return substr($rand_str, 0, $num_chars);

	return $output;

}

/**

}

/**

Line 96Line 115
*/
function unique_id()
{

*/
function unique_id()
{

	return bin2hex(random_bytes(8));

	return strtolower(gen_rand_string(16));

}

/**

}

/**

Line 1725Line 1744
	if ($url_parts === false)
{
// Malformed url

	if ($url_parts === false)
{
// Malformed url

		trigger_error('INSECURE_REDIRECT', E_USER_ERROR);

		trigger_error('INSECURE_REDIRECT', E_USER_WARNING);

	}
else if (!empty($url_parts['scheme']) && !empty($url_parts['host']))
{
// Attention: only able to redirect within the same domain if $disable_cd_check is false (yourdomain.com -> www.yourdomain.com will not work)
if (!$disable_cd_check && $url_parts['host'] !== $user->host)
{

	}
else if (!empty($url_parts['scheme']) && !empty($url_parts['host']))
{
// Attention: only able to redirect within the same domain if $disable_cd_check is false (yourdomain.com -> www.yourdomain.com will not work)
if (!$disable_cd_check && $url_parts['host'] !== $user->host)
{

			trigger_error('INSECURE_REDIRECT', E_USER_ERROR);

			trigger_error('INSECURE_REDIRECT', E_USER_WARNING);

		}
}
else if ($url[0] == '/')

		}
}
else if ($url[0] == '/')

Line 1772Line 1791

if (!$disable_cd_check && strpos($url, generate_board_url(true) . '/') !== 0)
{


if (!$disable_cd_check && strpos($url, generate_board_url(true) . '/') !== 0)
{

		trigger_error('INSECURE_REDIRECT', E_USER_ERROR);

		trigger_error('INSECURE_REDIRECT', E_USER_WARNING);

	}

// Make sure no linebreaks are there... to prevent http response splitting for PHP < 4.4.2
if (strpos(urldecode($url), "\n") !== false || strpos(urldecode($url), "\r") !== false || strpos($url, ';') !== false)
{

	}

// Make sure no linebreaks are there... to prevent http response splitting for PHP < 4.4.2
if (strpos(urldecode($url), "\n") !== false || strpos(urldecode($url), "\r") !== false || strpos($url, ';') !== false)
{

		trigger_error('INSECURE_REDIRECT', E_USER_ERROR);

		trigger_error('INSECURE_REDIRECT', E_USER_WARNING);

	}

// Now, also check the protocol and for a valid url the last time...

	}

// Now, also check the protocol and for a valid url the last time...

Line 1787Line 1806

if ($url_parts === false || empty($url_parts['scheme']) || !in_array($url_parts['scheme'], $allowed_protocols))
{


if ($url_parts === false || empty($url_parts['scheme']) || !in_array($url_parts['scheme'], $allowed_protocols))
{

		trigger_error('INSECURE_REDIRECT', E_USER_ERROR);

		trigger_error('INSECURE_REDIRECT', E_USER_WARNING);

	}

/**

	}

/**

Line 2344Line 2363
			* @event core.login_box_redirect
* @var string redirect Redirect string
* @var bool admin Is admin?

			* @event core.login_box_redirect
* @var string redirect Redirect string
* @var bool admin Is admin?

 
			* @var	array	result		Result from auth provider

			* @since 3.1.0-RC5
* @changed 3.1.9-RC1 Removed undefined return variable

			* @since 3.1.0-RC5
* @changed 3.1.9-RC1 Removed undefined return variable

 
			* @changed 3.2.4-RC1 Added result

			*/

			*/

			$vars = array('redirect', 'admin');

			$vars = array('redirect', 'admin', 'result');

			extract($phpbb_dispatcher->trigger_event('core.login_box_redirect', compact($vars)));

// append/replace SID (may change during the session for AOL users)

			extract($phpbb_dispatcher->trigger_event('core.login_box_redirect', compact($vars)));

// append/replace SID (may change during the session for AOL users)

Line 2520Line 2541
*/
function login_forum_box($forum_data)
{

*/
function login_forum_box($forum_data)
{

	global $db, $phpbb_container, $request, $template, $user, $phpbb_dispatcher;

	global $db, $phpbb_container, $request, $template, $user, $phpbb_dispatcher, $phpbb_root_path, $phpEx;


$password = $request->variable('password', '', true);



$password = $request->variable('password', '', true);


Line 2604Line 2625
	$template->set_filenames(array(
'body' => 'login_forum.html')
);

	$template->set_filenames(array(
'body' => 'login_forum.html')
);

 

make_jumpbox(append_sid("{$phpbb_root_path}viewforum.$phpEx"), $forum_data['forum_id']);


page_footer();
}


page_footer();
}

Line 4424Line 4447
		'U_SEARCH_ACTIVE_TOPICS'=> append_sid("{$phpbb_root_path}search.$phpEx", 'search_id=active_topics'),
'U_DELETE_COOKIES' => append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=delete_cookies'),
'U_CONTACT_US' => ($config['contact_admin_form_enable'] && $config['email_enable']) ? append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=contactadmin') : '',

		'U_SEARCH_ACTIVE_TOPICS'=> append_sid("{$phpbb_root_path}search.$phpEx", 'search_id=active_topics'),
'U_DELETE_COOKIES' => append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=delete_cookies'),
'U_CONTACT_US' => ($config['contact_admin_form_enable'] && $config['email_enable']) ? append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=contactadmin') : '',

		'U_TEAM'				=> ($user->data['user_id'] != ANONYMOUS && !$auth->acl_get('u_viewprofile')) ? '' : append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=team'),

		'U_TEAM'				=> (!$auth->acl_get('u_viewprofile')) ? '' : append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=team'),

		'U_TERMS_USE'			=> append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=terms'),
'U_PRIVACY' => append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=privacy'),
'UA_PRIVACY' => addslashes(append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=privacy')),

		'U_TERMS_USE'			=> append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=terms'),
'U_PRIVACY' => append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=privacy'),
'UA_PRIVACY' => addslashes(append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=privacy')),

Line 4487Line 4510
		'S_COOKIE_NOTICE'		=> !empty($config['cookie_notice']),

'T_THEME_NAME' => rawurlencode($user->style['style_path']),

		'S_COOKIE_NOTICE'		=> !empty($config['cookie_notice']),

'T_THEME_NAME' => rawurlencode($user->style['style_path']),

		'T_THEME_LANG_NAME'		=> $user->data['user_lang'],

		'T_THEME_LANG_NAME'		=> $user->lang_name,

		'T_TEMPLATE_NAME'		=> $user->style['style_path'],
'T_SUPER_TEMPLATE_NAME' => rawurlencode((isset($user->style['style_parent_tree']) && $user->style['style_parent_tree']) ? $user->style['style_parent_tree'] : $user->style['style_path']),
'T_IMAGES' => 'images',

		'T_TEMPLATE_NAME'		=> $user->style['style_path'],
'T_SUPER_TEMPLATE_NAME' => rawurlencode((isset($user->style['style_parent_tree']) && $user->style['style_parent_tree']) ? $user->style['style_parent_tree'] : $user->style['style_path']),
'T_IMAGES' => 'images',