phpBB

Code Changes

File: style.php

  Unmodified   Added   Modified   Removed
Line 14Line 14
define('IN_PHPBB', true);
$phpbb_root_path = (defined('PHPBB_ROOT_PATH')) ? PHPBB_ROOT_PATH : './';
$phpEx = substr(strrchr(__FILE__, '.'), 1);

define('IN_PHPBB', true);
$phpbb_root_path = (defined('PHPBB_ROOT_PATH')) ? PHPBB_ROOT_PATH : './';
$phpEx = substr(strrchr(__FILE__, '.'), 1);

 

require($phpbb_root_path . 'includes/startup.' . $phpEx);

require($phpbb_root_path . 'config.' . $phpEx);


require($phpbb_root_path . 'config.' . $phpEx);


if (version_compare(PHP_VERSION, '6.0.0-dev', '<'))

if (!defined('PHPBB_INSTALLED') || empty($dbms) || empty($acm_type))

{

{

	set_magic_quotes_runtime(0);

	exit;

}

// Load Extensions

}

// Load Extensions

if (!empty($load_extensions))

if (!empty($load_extensions) && function_exists('dl'))

{
$load_extensions = explode(',', $load_extensions);


{
$load_extensions = explode(',', $load_extensions);


Line 32Line 34
	}
}


	}
}



$sid = (isset($_GET['sid']) && !is_array($_GET['sid'])) ? htmlspecialchars($_GET['sid']) : '';

 
$id = (isset($_GET['id'])) ? intval($_GET['id']) : 0;

$id = (isset($_GET['id'])) ? intval($_GET['id']) : 0;


if (strspn($sid, 'abcdefABCDEF0123456789') !== strlen($sid))
{
$sid = '';
}

 

// This is a simple script to grab and output the requested CSS data stored in the DB
// We include a session_id check to try and limit 3rd party linking ... unless they


// This is a simple script to grab and output the requested CSS data stored in the DB
// We include a session_id check to try and limit 3rd party linking ... unless they

Line 48Line 43
// server a little
if ($id)
{

// server a little
if ($id)
{

	if (empty($acm_type) || empty($dbms))
{
die('Hacking attempt');
}


 
	// Include files
require($phpbb_root_path . 'includes/acm/acm_' . $acm_type . '.' . $phpEx);
require($phpbb_root_path . 'includes/cache.' . $phpEx);
require($phpbb_root_path . 'includes/db/' . $dbms . '.' . $phpEx);
require($phpbb_root_path . 'includes/constants.' . $phpEx);

	// Include files
require($phpbb_root_path . 'includes/acm/acm_' . $acm_type . '.' . $phpEx);
require($phpbb_root_path . 'includes/cache.' . $phpEx);
require($phpbb_root_path . 'includes/db/' . $dbms . '.' . $phpEx);
require($phpbb_root_path . 'includes/constants.' . $phpEx);

 
	require($phpbb_root_path . 'includes/functions.' . $phpEx);


$db = new $sql_db();
$cache = new cache();


$db = new $sql_db();
$cache = new cache();

Line 71Line 62

$config = $cache->obtain_config();
$user = false;


$config = $cache->obtain_config();
$user = false;

 

// try to get a session ID from REQUEST array
$sid = request_var('sid', '');

if (!$sid)
{
// if that failed, then look in the cookies
$sid = request_var($config['cookie_name'] . '_sid', '', false, true);
}

if (strspn($sid, 'abcdefABCDEF0123456789') !== strlen($sid))
{
$sid = '';
}


if ($sid)
{


if ($sid)
{

Line 86Line 91
	$recompile = $config['load_tplcompile'];
if (!$user)
{

	$recompile = $config['load_tplcompile'];
if (!$user)
{

		$id			= $config['default_style'];
$recompile = false;


		$id			= ($id) ? $id : $config['default_style'];
// Commented out because calls do not always include the SID anymore
// $recompile = false;

		$user		= array('user_id' => ANONYMOUS);
}


		$user		= array('user_id' => ANONYMOUS);
}


	$sql = 'SELECT s.style_id, c.theme_data, c.theme_path, c.theme_name, c.theme_mtime, i.*, t.template_path

	$sql = 'SELECT s.style_id, c.theme_id, c.theme_data, c.theme_path, c.theme_name, c.theme_mtime, i.*, t.template_path

		FROM ' . STYLES_TABLE . ' s, ' . STYLES_TEMPLATE_TABLE . ' t, ' . STYLES_THEME_TABLE . ' c, ' . STYLES_IMAGESET_TABLE . ' i
WHERE s.style_id = ' . $id . '
AND t.template_id = s.template_id

		FROM ' . STYLES_TABLE . ' s, ' . STYLES_TEMPLATE_TABLE . ' t, ' . STYLES_THEME_TABLE . ' c, ' . STYLES_IMAGESET_TABLE . ' i
WHERE s.style_id = ' . $id . '
AND t.template_id = s.template_id

Line 113Line 119

$user_image_lang = (file_exists($phpbb_root_path . 'styles/' . $theme['imageset_path'] . '/imageset/' . $user['user_lang'])) ? $user['user_lang'] : $config['default_lang'];



$user_image_lang = (file_exists($phpbb_root_path . 'styles/' . $theme['imageset_path'] . '/imageset/' . $user['user_lang'])) ? $user['user_lang'] : $config['default_lang'];


 
	// Same query in session.php

	$sql = 'SELECT *
FROM ' . STYLES_IMAGESET_DATA_TABLE . '
WHERE imageset_id = ' . $theme['imageset_id'] . "

	$sql = 'SELECT *
FROM ' . STYLES_IMAGESET_DATA_TABLE . '
WHERE imageset_id = ' . $theme['imageset_id'] . "

 
		AND image_filename <> ''

		AND image_lang IN ('" . $db->sql_escape($user_image_lang) . "', '')";
$result = $db->sql_query($sql, 3600);


		AND image_lang IN ('" . $db->sql_escape($user_image_lang) . "', '')";
$result = $db->sql_query($sql, 3600);


Line 188Line 196
		);

$sql = 'UPDATE ' . STYLES_THEME_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $sql_ary) . "

		);

$sql = 'UPDATE ' . STYLES_THEME_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $sql_ary) . "

			WHERE theme_id = $id";

			WHERE theme_id = {$theme['theme_id']}";

		$db->sql_query($sql);

$cache->destroy('sql', STYLES_THEME_TABLE);

		$db->sql_query($sql);

$cache->destroy('sql', STYLES_THEME_TABLE);

Line 208Line 216

// Parse Theme Data
$replace = array(


// Parse Theme Data
$replace = array(

		'{T_THEME_PATH}'			=> "{$phpbb_root_path}styles/" . $theme['theme_path'] . '/theme',
'{T_TEMPLATE_PATH}' => "{$phpbb_root_path}styles/" . $theme['template_path'] . '/template',
'{T_IMAGESET_PATH}' => "{$phpbb_root_path}styles/" . $theme['imageset_path'] . '/imageset',
'{T_IMAGESET_LANG_PATH}' => "{$phpbb_root_path}styles/" . $theme['imageset_path'] . '/imageset/' . $user_image_lang,

		'{T_THEME_PATH}'			=> "{$phpbb_root_path}styles/" . rawurlencode($theme['theme_path']) . '/theme',
'{T_TEMPLATE_PATH}' => "{$phpbb_root_path}styles/" . rawurlencode($theme['template_path']) . '/template',
'{T_IMAGESET_PATH}' => "{$phpbb_root_path}styles/" . rawurlencode($theme['imageset_path']) . '/imageset',
'{T_IMAGESET_LANG_PATH}' => "{$phpbb_root_path}styles/" . rawurlencode($theme['imageset_path']) . '/imageset/' . $user_image_lang,

		'{T_STYLESHEET_NAME}'		=> $theme['theme_name'],
'{S_USER_LANG}' => $user['user_lang']
);

		'{T_STYLESHEET_NAME}'		=> $theme['theme_name'],
'{S_USER_LANG}' => $user['user_lang']
);

Line 240Line 248
				$img_data = &$img_array[$img];
$imgsrc = ($img_data['image_lang'] ? $img_data['image_lang'] . '/' : '') . $img_data['image_filename'];
$imgs[$img] = array(

				$img_data = &$img_array[$img];
$imgsrc = ($img_data['image_lang'] ? $img_data['image_lang'] . '/' : '') . $img_data['image_filename'];
$imgs[$img] = array(

					'src'		=> $phpbb_root_path . 'styles/' . $theme['imageset_path'] . '/imageset/' . $imgsrc,

					'src'		=> $phpbb_root_path . 'styles/' . rawurlencode($theme['imageset_path']) . '/imageset/' . $imgsrc,

					'width'		=> $img_data['image_width'],
'height' => $img_data['image_height'],
);

					'width'		=> $img_data['image_width'],
'height' => $img_data['image_height'],
);