Line 137 | Line 137 |
---|
}
/**
|
}
/**
|
* Set config value. Creates missing config entry.
| * Sets a configuration option's value. * * Please note that this function does not update the is_dynamic value for * an already existing config option. * * @param string $config_name The configuration option's name * @param string $config_value New configuration value * @param bool $is_dynamic Whether this variable should be cached (false) or * if it changes too frequently (true) to be * efficiently cached. * * @return null
|
*/ function set_config($config_name, $config_value, $is_dynamic = false) {
| */ function set_config($config_name, $config_value, $is_dynamic = false) {
|
Line 166 | Line 177 |
---|
}
/**
|
}
/**
|
* Set dynamic config value with arithmetic operation.
| * Increments an integer config value directly in the database. * * @param string $config_name The configuration option's name * @param int $increment Amount to increment by * @param bool $is_dynamic Whether this variable should be cached (false) or * if it changes too frequently (true) to be * efficiently cached. * * @return null
|
*/ function set_config_count($config_name, $increment, $is_dynamic = false) {
| */ function set_config_count($config_name, $increment, $is_dynamic = false) {
|
Line 175 | Line 194 |
---|
switch ($db->sql_layer) { case 'firebird':
|
switch ($db->sql_layer) { case 'firebird':
|
| // Precision must be from 1 to 18 $sql_update = 'CAST(CAST(config_value as DECIMAL(18, 0)) + ' . (int) $increment . ' as VARCHAR(255))'; break;
|
case 'postgres':
|
case 'postgres':
|
$sql_update = 'CAST(CAST(config_value as DECIMAL(255, 0)) + ' . (int) $increment . ' as VARCHAR(255))';
| // Need to cast to text first for PostgreSQL 7.x $sql_update = 'CAST(CAST(config_value::text as DECIMAL(255, 0)) + ' . (int) $increment . ' as VARCHAR(255))';
|
break;
// MySQL, SQlite, mssql, mssql_odbc, oracle
| break;
// MySQL, SQlite, mssql, mssql_odbc, oracle
|
Line 236 | Line 260 |
---|
if ($dss_seeded !== true && ($config['rand_seed_last_update'] < time() - rand(1,10))) {
|
if ($dss_seeded !== true && ($config['rand_seed_last_update'] < time() - rand(1,10))) {
|
set_config('rand_seed', $config['rand_seed'], true);
| |
set_config('rand_seed_last_update', time(), true);
|
set_config('rand_seed_last_update', time(), true);
|
| set_config('rand_seed', $config['rand_seed'], true);
|
$dss_seeded = true; }
return substr($val, 4, 16);
|
$dss_seeded = true; }
return substr($val, 4, 16);
|
| }
/** * Wrapper for mt_rand() which allows swapping $min and $max parameters. * * PHP does not allow us to swap the order of the arguments for mt_rand() anymore. * (since PHP 5.3.4, see http://bugs.php.net/46587) * * @param int $min Lowest value to be returned * @param int $max Highest value to be returned * * @return int Random integer between $min and $max (or $max and $min) */ function phpbb_mt_rand($min, $max) { return ($min > $max) ? mt_rand($max, $min) : mt_rand($min, $max); }
/** * Wrapper for getdate() which returns the equivalent array for UTC timestamps. * * @param int $time Unix timestamp (optional) * * @return array Returns an associative array of information related to the timestamp. * See http://www.php.net/manual/en/function.getdate.php */ function phpbb_gmgetdate($time = false) { if ($time === false) { $time = time(); }
// getdate() interprets timestamps in local time. // What follows uses the fact that getdate() and // date('Z') balance each other out. return getdate($time - date('Z'));
|
}
/** * Return formatted string for filesizes *
|
}
/** * Return formatted string for filesizes *
|
* @param int $value filesize in bytes
| * @param mixed $value filesize in bytes * (non-negative number; int, float or string)
|
* @param bool $string_only true if language string should be returned * @param array $allowed_units only allow these units (data array indexes) *
| * @param bool $string_only true if language string should be returned * @param array $allowed_units only allow these units (data array indexes) *
|
Line 259 | Line 321 |
---|
global $user;
$available_units = array(
|
global $user;
$available_units = array(
|
| 'tb' => array( 'min' => 1099511627776, // pow(2, 40) 'index' => 4, 'si_unit' => 'TB', 'iec_unit' => 'TIB', ),
|
'gb' => array( 'min' => 1073741824, // pow(2, 30) 'index' => 3,
| 'gb' => array( 'min' => 1073741824, // pow(2, 30) 'index' => 3,
|
Line 434 | Line 502 |
---|
*/ function phpbb_check_hash($password, $hash) {
|
*/ function phpbb_check_hash($password, $hash) {
|
| if (strlen($password) > 4096) { // If the password is too huge, we will simply reject it // and not let the server try to hash it. return false; }
|
$itoa64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'; if (strlen($hash) == 34) {
| $itoa64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'; if (strlen($hash) == 34) {
|
Line 512 | Line 587 |
---|
$output = '*';
// Check for correct hash
|
$output = '*';
// Check for correct hash
|
if (substr($setting, 0, 3) != '$H$')
| if (substr($setting, 0, 3) != '$H$' && substr($setting, 0, 3) != '$P$')
|
{ return $output; }
| { return $output; }
|
Line 575 | Line 650 |
---|
function phpbb_email_hash($email) { return sprintf('%u', crc32(strtolower($email))) . strlen($email);
|
function phpbb_email_hash($email) { return sprintf('%u', crc32(strtolower($email))) . strlen($email);
|
| }
/** * Wrapper for version_compare() that allows using uppercase A and B * for alpha and beta releases. * * See http://www.php.net/manual/en/function.version-compare.php * * @param string $version1 First version number * @param string $version2 Second version number * @param string $operator Comparison operator (optional) * * @return mixed Boolean (true, false) if comparison operator is specified. * Integer (-1, 0, 1) otherwise. */ function phpbb_version_compare($version1, $version2, $operator = null) { $version1 = strtolower($version1); $version2 = strtolower($version2);
if (is_null($operator)) { return version_compare($version1, $version2); } else { return version_compare($version1, $version2, $operator); }
|
}
/**
| }
/**
|
Line 909 | Line 1012 |
---|
*/ function is_absolute($path) {
|
*/ function is_absolute($path) {
|
return ($path[0] == '/' || (DIRECTORY_SEPARATOR == '\\' && preg_match('#^[a-z]:[/\\\]#i', $path))) ? true : false;
| return (isset($path[0]) && $path[0] == '/' || preg_match('#^[a-z]:[/\\\]#i', $path)) ? true : false;
|
}
/**
| }
/**
|
Line 1104 | Line 1207 |
---|
return $realpath; }
|
return $realpath; }
|
| }
/** * Eliminates useless . and .. components from specified path. * * @param string $path Path to clean * @return string Cleaned path */ function phpbb_clean_path($path) { $exploded = explode('/', $path); $filtered = array(); foreach ($exploded as $part) { if ($part === '.' && !empty($filtered)) { continue; }
if ($part === '..' && !empty($filtered) && $filtered[sizeof($filtered) - 1] !== '..') { array_pop($filtered); } else { $filtered[] = $part; } } $path = implode('/', $filtered); return $path;
|
}
if (!function_exists('htmlspecialchars_decode'))
| }
if (!function_exists('htmlspecialchars_decode'))
|
Line 1698 | Line 1831 |
---|
if ($config['load_db_lastread'] && $user->data['is_registered']) { // Get list of the unread topics
|
if ($config['load_db_lastread'] && $user->data['is_registered']) { // Get list of the unread topics
|
$last_mark = $user->data['user_lastmark'];
| $last_mark = (int) $user->data['user_lastmark'];
|
$sql_array = array( 'SELECT' => 't.topic_id, t.topic_last_post_time, tt.mark_time as topic_mark_time, ft.mark_time as forum_mark_time',
| $sql_array = array( 'SELECT' => 't.topic_id, t.topic_last_post_time, tt.mark_time as topic_mark_time, ft.mark_time as forum_mark_time',
|
Line 1717 | Line 1850 |
---|
),
'WHERE' => "
|
),
'WHERE' => "
|
| t.topic_last_post_time > $last_mark AND
|
( (tt.mark_time IS NOT NULL AND t.topic_last_post_time > tt.mark_time) OR (tt.mark_time IS NULL AND ft.mark_time IS NOT NULL AND t.topic_last_post_time > ft.mark_time) OR
|
( (tt.mark_time IS NOT NULL AND t.topic_last_post_time > tt.mark_time) OR (tt.mark_time IS NULL AND ft.mark_time IS NOT NULL AND t.topic_last_post_time > ft.mark_time) OR
|
(tt.mark_time IS NULL AND ft.mark_time IS NULL AND t.topic_last_post_time > $last_mark)
| (tt.mark_time IS NULL AND ft.mark_time IS NULL)
|
) $sql_extra $sql_sort",
| ) $sql_extra $sql_sort",
|
Line 1809 | Line 1943 |
---|
*/ function update_forum_tracking_info($forum_id, $forum_last_post_time, $f_mark_time = false, $mark_time_forum = false) {
|
*/ function update_forum_tracking_info($forum_id, $forum_last_post_time, $f_mark_time = false, $mark_time_forum = false) {
|
global $db, $tracking_topics, $user, $config;
| global $db, $tracking_topics, $user, $config, $auth;
|
// Determine the users last forum mark time if not given. if ($mark_time_forum === false)
| // Determine the users last forum mark time if not given. if ($mark_time_forum === false)
|
Line 1831 | Line 1965 |
---|
$mark_time_forum = (isset($tracking_topics['f'][$forum_id])) ? (int) (base_convert($tracking_topics['f'][$forum_id], 36, 10) + $config['board_startdate']) : $user->data['user_lastmark']; } }
|
$mark_time_forum = (isset($tracking_topics['f'][$forum_id])) ? (int) (base_convert($tracking_topics['f'][$forum_id], 36, 10) + $config['board_startdate']) : $user->data['user_lastmark']; } }
|
| // Handle update of unapproved topics info. // Only update for moderators having m_approve permission for the forum. $sql_update_unapproved = ($auth->acl_get('m_approve', $forum_id)) ? '': 'AND t.topic_approved = 1';
|
// Check the forum for any left unread topics. // If there are none, we mark the forum as read.
| // Check the forum for any left unread topics. // If there are none, we mark the forum as read.
|
Line 1843 | Line 1981 |
---|
} else {
|
} else {
|
$sql = 'SELECT t.forum_id FROM ' . TOPICS_TABLE . ' t LEFT JOIN ' . TOPICS_TRACK_TABLE . ' tt ON (tt.topic_id = t.topic_id AND tt.user_id = ' . $user->data['user_id'] . ')
| $sql = 'SELECT t.forum_id FROM ' . TOPICS_TABLE . ' t LEFT JOIN ' . TOPICS_TRACK_TABLE . ' tt ON (tt.topic_id = t.topic_id AND tt.user_id = ' . $user->data['user_id'] . ')
|
WHERE t.forum_id = ' . $forum_id . ' AND t.topic_last_post_time > ' . $mark_time_forum . '
|
WHERE t.forum_id = ' . $forum_id . ' AND t.topic_last_post_time > ' . $mark_time_forum . '
|
AND t.topic_moved_id = 0 AND (tt.topic_id IS NULL OR tt.mark_time < t.topic_last_post_time) GROUP BY t.forum_id';
| AND t.topic_moved_id = 0 ' . $sql_update_unapproved . ' AND (tt.topic_id IS NULL OR tt.mark_time < t.topic_last_post_time)';
|
$result = $db->sql_query_limit($sql, 1); $row = $db->sql_fetchrow($result); $db->sql_freeresult($result);
| $result = $db->sql_query_limit($sql, 1); $row = $db->sql_fetchrow($result); $db->sql_freeresult($result);
|
Line 1867 | Line 2009 |
---|
} else {
|
} else {
|
$sql = 'SELECT topic_id FROM ' . TOPICS_TABLE . ' WHERE forum_id = ' . $forum_id . ' AND topic_last_post_time > ' . $mark_time_forum . ' AND topic_moved_id = 0';
| $sql = 'SELECT t.topic_id FROM ' . TOPICS_TABLE . ' t WHERE t.forum_id = ' . $forum_id . ' AND t.topic_last_post_time > ' . $mark_time_forum . ' AND t.topic_moved_id = 0 ' . $sql_update_unapproved;
|
$result = $db->sql_query($sql);
$check_forum = $tracking_topics['tf'][$forum_id];
| $result = $db->sql_query($sql);
$check_forum = $tracking_topics['tf'][$forum_id];
|
Line 2056 | Line 2199 |
---|
$start_cnt = min(max(1, $on_page - 4), $total_pages - 5); $end_cnt = max(min($total_pages, $on_page + 4), 6);
|
$start_cnt = min(max(1, $on_page - 4), $total_pages - 5); $end_cnt = max(min($total_pages, $on_page + 4), 6);
|
$page_string .= ($start_cnt > 1) ? ' ... ' : $seperator;
| $page_string .= ($start_cnt > 1) ? '<span class="page-dots"> ... </span>' : $seperator;
|
for ($i = $start_cnt + 1; $i < $end_cnt; $i++) {
| for ($i = $start_cnt + 1; $i < $end_cnt; $i++) {
|
Line 2067 | Line 2210 |
---|
} }
|
} }
|
$page_string .= ($end_cnt < $total_pages) ? ' ... ' : $seperator;
| $page_string .= ($end_cnt < $total_pages) ? '<span class="page-dots"> ... </span>' : $seperator;
|
} else {
| } else {
|
Line 2153 | Line 2296 |
---|
function append_sid($url, $params = false, $is_amp = true, $session_id = false) { global $_SID, $_EXTRA_URL, $phpbb_hook;
|
function append_sid($url, $params = false, $is_amp = true, $session_id = false) { global $_SID, $_EXTRA_URL, $phpbb_hook;
|
| if ($params === '' || (is_array($params) && empty($params))) { // Do not append the ? if the param-list is empty anyway. $params = false; }
|
// Developers using the hook function need to globalise the $_SID and $_EXTRA_URL on their own and also handle it appropriately. // They could mimic most of what is within this function
| // Developers using the hook function need to globalise the $_SID and $_EXTRA_URL on their own and also handle it appropriately. // They could mimic most of what is within this function
|
Line 2248 | Line 2397 |
---|
/** * Generate board url (example: http://www.example.com/phpBB)
|
/** * Generate board url (example: http://www.example.com/phpBB)
|
| *
|
* @param bool $without_script_path if set to true the script path gets not appended (example: http://www.example.com)
|
* @param bool $without_script_path if set to true the script path gets not appended (example: http://www.example.com)
|
| * * @return string the generated board url
|
*/ function generate_board_url($without_script_path = false) {
| */ function generate_board_url($without_script_path = false) {
|
Line 2340 | Line 2492 |
---|
// Attention: only able to redirect within the same domain if $disable_cd_check is false (yourdomain.com -> www.yourdomain.com will not work) if (!$disable_cd_check && $url_parts['host'] !== $user->host) {
|
// Attention: only able to redirect within the same domain if $disable_cd_check is false (yourdomain.com -> www.yourdomain.com will not work) if (!$disable_cd_check && $url_parts['host'] !== $user->host) {
|
$url = generate_board_url();
| trigger_error('Tried to redirect to potentially insecure url.', E_USER_ERROR);
|
} } else if ($url[0] == '/')
| } } else if ($url[0] == '/')
|
Line 2353 | Line 2505 |
---|
// Relative uri $pathinfo = pathinfo($url);
|
// Relative uri $pathinfo = pathinfo($url);
|
if (!$disable_cd_check && !file_exists($pathinfo['dirname']))
| if (!$disable_cd_check && !file_exists($pathinfo['dirname'] . '/'))
|
{ $url = str_replace('../', '', $url); $pathinfo = pathinfo($url);
|
{ $url = str_replace('../', '', $url); $pathinfo = pathinfo($url);
|
if (!file_exists($pathinfo['dirname']))
| if (!file_exists($pathinfo['dirname'] . '/'))
|
{ // fallback to "last known user page" // at least this way we know the user does not leave the phpBB root
| { // fallback to "last known user page" // at least this way we know the user does not leave the phpBB root
|
Line 2425 | Line 2577 |
---|
$url = generate_board_url() . '/' . $url; } }
|
$url = generate_board_url() . '/' . $url; } }
|
| }
// Make sure we don't redirect to external URLs if (!$disable_cd_check && strpos($url, generate_board_url(true) . '/') !== 0) { trigger_error('Tried to redirect to potentially insecure url.', E_USER_ERROR);
|
}
// Make sure no linebreaks are there... to prevent http response splitting for PHP < 4.4.2
| }
// Make sure no linebreaks are there... to prevent http response splitting for PHP < 4.4.2
|
Line 2595 | Line 2753 |
---|
// For XHTML compatibility we change back & to & $template->assign_vars(array(
|
// For XHTML compatibility we change back & to & $template->assign_vars(array(
|
'META' => '<meta http-equiv="refresh" content="' . $time . ';url=' . $url . '" />')
| 'META' => '<meta http-equiv="refresh" content="' . $time . '; url=' . $url . '" />')
|
);
return $url;
| );
return $url;
|
Line 2619 | Line 2777 |
---|
* * @param int $code HTTP status code * @param string $message Message for the status code
|
* * @param int $code HTTP status code * @param string $message Message for the status code
|
* @return void
| * @return null
|
*/ function send_status_line($code, $message) {
| */ function send_status_line($code, $message) {
|
Line 2630 | Line 2788 |
---|
} else {
|
} else {
|
if (isset($_SERVER['HTTP_VERSION']))
| if (!empty($_SERVER['SERVER_PROTOCOL']) && is_string($_SERVER['SERVER_PROTOCOL']) && preg_match('#^HTTP/[0-9]\.[0-9]$#', $_SERVER['SERVER_PROTOCOL']))
|
{
|
{
|
$version = $_SERVER['HTTP_VERSION'];
| $version = $_SERVER['SERVER_PROTOCOL'];
|
} else {
| } else {
|
Line 2722 | Line 2880 |
---|
$diff = time() - $creation_time;
// If creation_time and the time() now is zero we can assume it was not a human doing this (the check for if ($diff)...
|
$diff = time() - $creation_time;
// If creation_time and the time() now is zero we can assume it was not a human doing this (the check for if ($diff)...
|
if ($diff && ($diff <= $timespan || $timespan === -1))
| if (defined('DEBUG_TEST') || $diff && ($diff <= $timespan || $timespan === -1))
|
{ $token_sid = ($user->data['user_id'] == ANONYMOUS && !empty($config['form_token_sid_guests'])) ? $user->session_id : ''; $key = sha1($creation_time . $user->data['user_form_salt'] . $form_name . $token_sid);
| { $token_sid = ($user->data['user_id'] == ANONYMOUS && !empty($config['form_token_sid_guests'])) ? $user->session_id : ''; $key = sha1($creation_time . $user->data['user_form_salt'] . $form_name . $token_sid);
|
Line 3127 | Line 3285 |
---|
page_header($user->lang['LOGIN'], false);
$template->assign_vars(array(
|
page_header($user->lang['LOGIN'], false);
$template->assign_vars(array(
|
| 'FORUM_NAME' => isset($forum_data['forum_name']) ? $forum_data['forum_name'] : '',
|
'S_LOGIN_ACTION' => build_url(array('f')), 'S_HIDDEN_FIELDS' => build_hidden_fields(array('f' => $forum_data['forum_id']))) );
| 'S_LOGIN_ACTION' => build_url(array('f')), 'S_HIDDEN_FIELDS' => build_hidden_fields(array('f' => $forum_data['forum_id']))) );
|
Line 3214 | Line 3373 |
---|
}
// Determine first occurrence, since in values the equal sign is allowed
|
}
// Determine first occurrence, since in values the equal sign is allowed
|
$key = strtolower(trim(substr($line, 0, $delim_pos)));
| $key = htmlspecialchars(strtolower(trim(substr($line, 0, $delim_pos))));
|
$value = trim(substr($line, $delim_pos + 1));
if (in_array($value, array('off', 'false', '0')))
| $value = trim(substr($line, $delim_pos + 1));
if (in_array($value, array('off', 'false', '0')))
|
Line 3231 | Line 3390 |
---|
} else if (($value[0] == "'" && $value[sizeof($value) - 1] == "'") || ($value[0] == '"' && $value[sizeof($value) - 1] == '"')) {
|
} else if (($value[0] == "'" && $value[sizeof($value) - 1] == "'") || ($value[0] == '"' && $value[sizeof($value) - 1] == '"')) {
|
$value = substr($value, 1, sizeof($value)-2);
| $value = htmlspecialchars(substr($value, 1, sizeof($value)-2)); } else { $value = htmlspecialchars($value);
|
}
$parsed_items[$key] = $value;
|
}
$parsed_items[$key] = $value;
|
| } if (isset($parsed_items['inherit_from']) && isset($parsed_items['name']) && $parsed_items['inherit_from'] == $parsed_items['name']) { unset($parsed_items['inherit_from']);
|
}
return $parsed_items;
| }
return $parsed_items;
|
Line 3307 | Line 3475 |
---|
}
/**
|
}
/**
|
* Return a nicely formatted backtrace (parts from the php manual by diz at ysagoon dot com)
| * Return a nicely formatted backtrace. * * Turns the array returned by debug_backtrace() into HTML markup. * Also filters out absolute paths to phpBB root. * * @return string HTML markup
|
*/ function get_backtrace() {
|
*/ function get_backtrace() {
|
global $phpbb_root_path;
| |
$output = '<div style="font-family: monospace;">'; $backtrace = debug_backtrace();
|
$output = '<div style="font-family: monospace;">'; $backtrace = debug_backtrace();
|
$path = phpbb_realpath($phpbb_root_path);
| |
|
|
foreach ($backtrace as $number => $trace) {
| |
// We skip the first one, because it only shows this file/function
|
// We skip the first one, because it only shows this file/function
|
if ($number == 0)
| unset($backtrace[0]);
foreach ($backtrace as $trace)
|
{
|
{
|
continue; }
| |
// Strip the current directory from path
|
// Strip the current directory from path
|
if (empty($trace['file'])) { $trace['file'] = ''; } else { $trace['file'] = str_replace(array($path, '\\'), array('', '/'), $trace['file']); $trace['file'] = substr($trace['file'], 1); } $args = array();
| $trace['file'] = (empty($trace['file'])) ? '(not given by php)' : htmlspecialchars(phpbb_filter_root_path($trace['file'])); $trace['line'] = (empty($trace['line'])) ? '(not given by php)' : $trace['line'];
|
|
|
// If include/require/include_once is not called, do not show arguments - they may contain sensible information if (!in_array($trace['function'], array('include', 'require', 'include_once')))
| // Only show function arguments for include etc. // Other parameters may contain sensible information $argument = ''; if (!empty($trace['args'][0]) && in_array($trace['function'], array('include', 'require', 'include_once', 'require_once')))
|
{
|
{
|
unset($trace['args']); } else { // Path... if (!empty($trace['args'][0])) { $argument = htmlspecialchars($trace['args'][0]); $argument = str_replace(array($path, '\\'), array('', '/'), $argument); $argument = substr($argument, 1); $args[] = "'{$argument}'"; }
| $argument = htmlspecialchars(phpbb_filter_root_path($trace['args'][0]));
|
}
$trace['class'] = (!isset($trace['class'])) ? '' : $trace['class']; $trace['type'] = (!isset($trace['type'])) ? '' : $trace['type'];
$output .= '<br />';
|
}
$trace['class'] = (!isset($trace['class'])) ? '' : $trace['class']; $trace['type'] = (!isset($trace['type'])) ? '' : $trace['type'];
$output .= '<br />';
|
$output .= '<b>FILE:</b> ' . htmlspecialchars($trace['file']) . '<br />';
| $output .= '<b>FILE:</b> ' . $trace['file'] . '<br />';
|
$output .= '<b>LINE:</b> ' . ((!empty($trace['line'])) ? $trace['line'] : '') . '<br />';
|
$output .= '<b>LINE:</b> ' . ((!empty($trace['line'])) ? $trace['line'] : '') . '<br />';
|
$output .= '<b>CALL:</b> ' . htmlspecialchars($trace['class'] . $trace['type'] . $trace['function']) . '(' . ((sizeof($args)) ? implode(', ', $args) : '') . ')<br />';
| $output .= '<b>CALL:</b> ' . htmlspecialchars($trace['class'] . $trace['type'] . $trace['function']); $output .= '(' . (($argument !== '') ? "'$argument'" : '') . ')<br />';
|
} $output .= '</div>'; return $output;
| } $output .= '</div>'; return $output;
|
Line 3379 | Line 3530 |
---|
case 'email': // Regex written by James Watts and Francisco Jose Martin Moreno // http://fightingforalostcause.net/misc/2006/compare-email-regex.php
|
case 'email': // Regex written by James Watts and Francisco Jose Martin Moreno // http://fightingforalostcause.net/misc/2006/compare-email-regex.php
|
return '([\w\!\#$\%\&\'\*\+\-\/\=\?\^\`{\|\}\~]+\.)*(?:[\w\!\#$\%\'\*\+\-\/\=\?\^\`{\|\}\~]|&)+@((((([a-z0-9]{1}[a-z0-9\-]{0,62}[a-z0-9]{1})|[a-z])\.)+[a-z]{2,6})|(\d{1,3}\.){3}\d{1,3}(\:\d{1,5})?)';
| return '([\w\!\#$\%\&\'\*\+\-\/\=\?\^\`{\|\}\~]+\.)*(?:[\w\!\#$\%\'\*\+\-\/\=\?\^\`{\|\}\~]|&)+@((((([a-z0-9]{1}[a-z0-9\-]{0,62}[a-z0-9]{1})|[a-z])\.)+[a-z]{2,63})|(\d{1,3}\.){3}\d{1,3}(\:\d{1,5})?)';
|
break;
case 'bbcode_htm':
| break;
case 'bbcode_htm':
|
Line 3422 | Line 3573 |
---|
case 'relative_url_inline': $inline = ($mode == 'relative_url') ? ')' : ''; return "(?:[a-z0-9\-._~!$&'($inline*+,;=:@|]+|%[\dA-F]{2})*(?:/(?:[a-z0-9\-._~!$&'($inline*+,;=:@|]+|%[\dA-F]{2})*)*(?:\?(?:[a-z0-9\-._~!$&'($inline*+,;=:@/?|]+|%[\dA-F]{2})*)?(?:\#(?:[a-z0-9\-._~!$&'($inline*+,;=:@/?|]+|%[\dA-F]{2})*)?";
|
case 'relative_url_inline': $inline = ($mode == 'relative_url') ? ')' : ''; return "(?:[a-z0-9\-._~!$&'($inline*+,;=:@|]+|%[\dA-F]{2})*(?:/(?:[a-z0-9\-._~!$&'($inline*+,;=:@|]+|%[\dA-F]{2})*)*(?:\?(?:[a-z0-9\-._~!$&'($inline*+,;=:@/?|]+|%[\dA-F]{2})*)?(?:\#(?:[a-z0-9\-._~!$&'($inline*+,;=:@/?|]+|%[\dA-F]{2})*)?";
|
| break;
case 'table_prefix': return '#^[a-zA-Z][a-zA-Z0-9_]*$#';
|
break; }
return '';
|
break; }
return '';
|
| }
/** * Generate regexp for naughty words censoring * Depends on whether installed PHP version supports unicode properties * * @param string $word word template to be replaced * @param bool $use_unicode whether or not to take advantage of PCRE supporting unicode * * @return string $preg_expr regex to use with word censor */ function get_censor_preg_expression($word, $use_unicode = true) { static $unicode_support = null;
// Check whether PHP version supports unicode properties if (is_null($unicode_support)) { $unicode_support = ((version_compare(PHP_VERSION, '5.1.0', '>=') || (version_compare(PHP_VERSION, '5.0.0-dev', '<=') && version_compare(PHP_VERSION, '4.4.0', '>='))) && @preg_match('/\p{L}/u', 'a') !== false) ? true : false; }
// Unescape the asterisk to simplify further conversions $word = str_replace('\*', '*', preg_quote($word, '#'));
if ($use_unicode && $unicode_support) { // Replace asterisk(s) inside the pattern, at the start and at the end of it with regexes $word = preg_replace(array('#(?<=[\p{Nd}\p{L}_])\*+(?=[\p{Nd}\p{L}_])#iu', '#^\*+#', '#\*+$#'), array('([\x20]*?|[\p{Nd}\p{L}_-]*?)', '[\p{Nd}\p{L}_-]*?', '[\p{Nd}\p{L}_-]*?'), $word);
// Generate the final substitution $preg_expr = '#(?<![\p{Nd}\p{L}_-])(' . $word . ')(?![\p{Nd}\p{L}_-])#iu'; } else { // Replace the asterisk inside the pattern, at the start and at the end of it with regexes $word = preg_replace(array('#(?<=\S)\*+(?=\S)#iu', '#^\*+#', '#\*+$#'), array('(\x20*?\S*?)', '\S*?', '\S*?'), $word);
// Generate the final substitution $preg_expr = '#(?<!\S)(' . $word . ')(?!\S)#iu'; }
return $preg_expr;
|
}
/**
| }
/**
|
Line 3613 | Line 3810 |
---|
{ return true; }
|
{ return true; }
|
| break;
|
default:
|
default:
|
case 'A':
| |
case 'AAAA':
|
case 'AAAA':
|
| // AAAA records returned by nslookup on Windows XP/2003 have this format. // Later Windows versions use the A record format below for AAAA records. if (stripos($line, "$host AAAA IPv6 address") === 0) { return true; } // No break
case 'A':
|
if (!empty($host_matches)) { // Second line
| if (!empty($host_matches)) { // Second line
|
Line 3685 | Line 3891 |
---|
if (strpos($errfile, 'cache') === false && strpos($errfile, 'template.') === false) {
|
if (strpos($errfile, 'cache') === false && strpos($errfile, 'template.') === false) {
|
// flush the content, else we get a white page if output buffering is on if ((int) @ini_get('output_buffering') === 1 || strtolower(@ini_get('output_buffering')) === 'on') { @ob_flush(); }
// Another quick fix for those having gzip compression enabled, but do not flush if the coder wants to catch "something". ;) if (!empty($config['gzip_compress'])) { if (@extension_loaded('zlib') && !headers_sent() && !ob_get_level()) { @ob_flush(); } }
// remove complete path to installation, with the risk of changing backslashes meant to be there $errfile = str_replace(array(phpbb_realpath($phpbb_root_path), '\\'), array('', '/'), $errfile); $msg_text = str_replace(array(phpbb_realpath($phpbb_root_path), '\\'), array('', '/'), $msg_text); echo '<b>[phpBB Debug] PHP Notice</b>: in file <b>' . $errfile . '</b> on line <b>' . $errline . '</b>: <b>' . $msg_text . '</b><br />' . "\n";
| $errfile = phpbb_filter_root_path($errfile); $msg_text = phpbb_filter_root_path($msg_text); $error_name = ($errno === E_WARNING) ? 'PHP Warning' : 'PHP Notice'; echo '<b>[phpBB Debug] ' . $error_name . '</b>: in file <b>' . $errfile . '</b> on line <b>' . $errline . '</b>: <b>' . $msg_text . '</b><br />' . "\n";
|
// we are writing an image - the user won't see the debug, so let's place it in the log if (defined('IMAGE_OUTPUT') || defined('IN_CRON'))
| // we are writing an image - the user won't see the debug, so let's place it in the log if (defined('IMAGE_OUTPUT') || defined('IN_CRON'))
|
Line 3742 | Line 3933 |
---|
{ $l_notify = '<p>Please notify the board administrator or webmaster: <a href="mailto:' . $config['board_contact'] . '">' . $config['board_contact'] . '</a></p>'; }
|
{ $l_notify = '<p>Please notify the board administrator or webmaster: <a href="mailto:' . $config['board_contact'] . '">' . $config['board_contact'] . '</a></p>'; }
|
| }
$log_text = $msg_text; $backtrace = get_backtrace(); if ($backtrace) { $log_text .= '<br /><br />BACKTRACE<br />' . $backtrace; }
if (defined('IN_INSTALL') || defined('DEBUG_EXTRA') || isset($auth) && $auth->acl_get('a_')) { $msg_text = $log_text;
|
}
if ((defined('DEBUG') || defined('IN_CRON') || defined('IMAGE_OUTPUT')) && isset($db)) { // let's avoid loops $db->sql_return_on_error(true);
|
}
if ((defined('DEBUG') || defined('IN_CRON') || defined('IMAGE_OUTPUT')) && isset($db)) { // let's avoid loops $db->sql_return_on_error(true);
|
add_log('critical', 'LOG_GENERAL_ERROR', $msg_title, $msg_text);
| add_log('critical', 'LOG_GENERAL_ERROR', $msg_title, $log_text);
|
$db->sql_return_on_error(false); }
| $db->sql_return_on_error(false); }
|
Line 3792 | Line 3995 |
---|
echo ' </div>'; echo ' </div>'; echo ' <div id="page-footer">';
|
echo ' </div>'; echo ' </div>'; echo ' <div id="page-footer">';
|
echo ' Powered by phpBB © 2000, 2002, 2005, 2007 <a href="http://www.phpbb.com/">phpBB Group</a>';
| echo ' Powered by <a href="https://www.phpbb.com/">phpBB</a>® Forum Software © phpBB Group';
|
echo ' </div>'; echo '</div>'; echo '</body>';
| echo ' </div>'; echo '</div>'; echo '</body>';
|
Line 3877 | Line 4080 |
---|
// If we notice an error not handled here we pass this back to PHP by returning false // This may not work for all php versions return false;
|
// If we notice an error not handled here we pass this back to PHP by returning false // This may not work for all php versions return false;
|
| }
/** * Removes absolute path to phpBB root directory from error messages * and converts backslashes to forward slashes. * * @param string $errfile Absolute file path * (e.g. /var/www/phpbb3/phpBB/includes/functions.php) * Please note that if $errfile is outside of the phpBB root, * the root path will not be found and can not be filtered. * @return string Relative file path * (e.g. /includes/functions.php) */ function phpbb_filter_root_path($errfile) { static $root_path;
if (empty($root_path)) { $root_path = phpbb_realpath(dirname(__FILE__) . '/../'); }
return str_replace(array($root_path, '\\'), array('[ROOT]', '/'), $errfile);
|
}
/**
| }
/**
|
Line 4143 | Line 4369 |
---|
* * @param array $param Parameter array, see $param_defaults array. *
|
* * @param array $param Parameter array, see $param_defaults array. *
|
* @return void
| * @return null
|
*/ function phpbb_http_login($param) {
| */ function phpbb_http_login($param) {
|
Line 4246 | Line 4472 |
---|
*/ function page_header($page_title = '', $display_online_list = true, $item_id = 0, $item = 'forum') {
|
*/ function page_header($page_title = '', $display_online_list = true, $item_id = 0, $item = 'forum') {
|
global $db, $config, $template, $SID, $_SID, $user, $auth, $phpEx, $phpbb_root_path;
| global $db, $config, $template, $SID, $_SID, $_EXTRA_URL, $user, $auth, $phpEx, $phpbb_root_path;
|
if (defined('HEADER_INC')) {
| if (defined('HEADER_INC')) {
|
Line 4258 | Line 4484 |
---|
// gzip_compression if ($config['gzip_compress']) {
|
// gzip_compression if ($config['gzip_compress']) {
|
if (@extension_loaded('zlib') && !headers_sent())
| // to avoid partially compressed output resulting in blank pages in // the browser or error messages, compression is disabled in a few cases: // // 1) if headers have already been sent, this indicates plaintext output // has been started so further content must not be compressed // 2) the length of the current output buffer is non-zero. This means // there is already some uncompressed content in this output buffer // so further output must not be compressed // 3) if more than one level of output buffering is used because we // cannot test all output buffer level content lengths. One level // could be caused by php.ini output_buffering. Anything // beyond that is manual, so the code wrapping phpBB in output buffering // can easily compress the output itself. // if (@extension_loaded('zlib') && !headers_sent() && ob_get_level() <= 1 && ob_get_length() == 0)
|
{ ob_start('ob_gzhandler'); }
| { ob_start('ob_gzhandler'); }
|
Line 4377 | Line 4617 |
---|
if (strpos($user_lang, '-x-') !== false) { $user_lang = substr($user_lang, 0, strpos($user_lang, '-x-'));
|
if (strpos($user_lang, '-x-') !== false) { $user_lang = substr($user_lang, 0, strpos($user_lang, '-x-'));
|
| }
$s_search_hidden_fields = array(); if ($_SID) { $s_search_hidden_fields['sid'] = $_SID; }
if (!empty($_EXTRA_URL)) { foreach ($_EXTRA_URL as $url_param) { $url_param = explode('=', $url_param, 2); $s_search_hidden_fields[$url_param[0]] = $url_param[1]; }
|
}
// The following assigns all _common_ variables that may be used at any point in a template.
| }
// The following assigns all _common_ variables that may be used at any point in a template.
|
Line 4468 | Line 4723 |
---|
'S_LOAD_UNREADS' => ($config['load_unreads_search'] && ($config['load_anon_lastread'] || $user->data['is_registered'])) ? true : false,
|
'S_LOAD_UNREADS' => ($config['load_unreads_search'] && ($config['load_anon_lastread'] || $user->data['is_registered'])) ? true : false,
|
'T_THEME_PATH' => "{$web_path}styles/" . $user->theme['theme_path'] . '/theme', 'T_TEMPLATE_PATH' => "{$web_path}styles/" . $user->theme['template_path'] . '/template', 'T_SUPER_TEMPLATE_PATH' => (isset($user->theme['template_inherit_path']) && $user->theme['template_inherit_path']) ? "{$web_path}styles/" . $user->theme['template_inherit_path'] . '/template' : "{$web_path}styles/" . $user->theme['template_path'] . '/template', 'T_IMAGESET_PATH' => "{$web_path}styles/" . $user->theme['imageset_path'] . '/imageset', 'T_IMAGESET_LANG_PATH' => "{$web_path}styles/" . $user->theme['imageset_path'] . '/imageset/' . $user->data['user_lang'],
| 'S_SEARCH_HIDDEN_FIELDS' => build_hidden_fields($s_search_hidden_fields),
'T_THEME_PATH' => "{$web_path}styles/" . rawurlencode($user->theme['theme_path']) . '/theme', 'T_TEMPLATE_PATH' => "{$web_path}styles/" . rawurlencode($user->theme['template_path']) . '/template', 'T_SUPER_TEMPLATE_PATH' => (isset($user->theme['template_inherit_path']) && $user->theme['template_inherit_path']) ? "{$web_path}styles/" . rawurlencode($user->theme['template_inherit_path']) . '/template' : "{$web_path}styles/" . rawurlencode($user->theme['template_path']) . '/template', 'T_IMAGESET_PATH' => "{$web_path}styles/" . rawurlencode($user->theme['imageset_path']) . '/imageset', 'T_IMAGESET_LANG_PATH' => "{$web_path}styles/" . rawurlencode($user->theme['imageset_path']) . '/imageset/' . $user->lang_name,
|
'T_IMAGES_PATH' => "{$web_path}images/", 'T_SMILIES_PATH' => "{$web_path}{$config['smilies_path']}/", 'T_AVATAR_PATH' => "{$web_path}{$config['avatar_path']}/",
| 'T_IMAGES_PATH' => "{$web_path}images/", 'T_SMILIES_PATH' => "{$web_path}{$config['smilies_path']}/", 'T_AVATAR_PATH' => "{$web_path}{$config['avatar_path']}/",
|
Line 4480 | Line 4737 |
---|
'T_ICONS_PATH' => "{$web_path}{$config['icons_path']}/", 'T_RANKS_PATH' => "{$web_path}{$config['ranks_path']}/", 'T_UPLOAD_PATH' => "{$web_path}{$config['upload_path']}/",
|
'T_ICONS_PATH' => "{$web_path}{$config['icons_path']}/", 'T_RANKS_PATH' => "{$web_path}{$config['ranks_path']}/", 'T_UPLOAD_PATH' => "{$web_path}{$config['upload_path']}/",
|
'T_STYLESHEET_LINK' => (!$user->theme['theme_storedb']) ? "{$web_path}styles/" . $user->theme['theme_path'] . '/theme/stylesheet.css' : append_sid("{$phpbb_root_path}style.$phpEx", 'id=' . $user->theme['style_id'] . '&lang=' . $user->data['user_lang']),
| 'T_STYLESHEET_LINK' => (!$user->theme['theme_storedb']) ? "{$web_path}styles/" . rawurlencode($user->theme['theme_path']) . '/theme/stylesheet.css' : append_sid("{$phpbb_root_path}style.$phpEx", 'id=' . $user->theme['style_id'] . '&lang=' . $user->lang_name),
|
'T_STYLESHEET_NAME' => $user->theme['theme_name'],
|
'T_STYLESHEET_NAME' => $user->theme['theme_name'],
|
'T_THEME_NAME' => $user->theme['theme_path'], 'T_TEMPLATE_NAME' => $user->theme['template_path'], 'T_SUPER_TEMPLATE_NAME' => (isset($user->theme['template_inherit_path']) && $user->theme['template_inherit_path']) ? $user->theme['template_inherit_path'] : $user->theme['template_path'], 'T_IMAGESET_NAME' => $user->theme['imageset_path'],
| 'T_THEME_NAME' => rawurlencode($user->theme['theme_path']), 'T_TEMPLATE_NAME' => rawurlencode($user->theme['template_path']), 'T_SUPER_TEMPLATE_NAME' => rawurlencode((isset($user->theme['template_inherit_path']) && $user->theme['template_inherit_path']) ? $user->theme['template_inherit_path'] : $user->theme['template_path']), 'T_IMAGESET_NAME' => rawurlencode($user->theme['imageset_path']),
|
'T_IMAGESET_LANG_NAME' => $user->data['user_lang'], 'T_IMAGES' => 'images', 'T_SMILIES' => $config['smilies_path'],
| 'T_IMAGESET_LANG_NAME' => $user->data['user_lang'], 'T_IMAGES' => 'images', 'T_SMILIES' => $config['smilies_path'],
|
Line 4507 | Line 4764 |
---|
header('Cache-Control: private, no-cache="set-cookie"'); header('Expires: 0'); header('Pragma: no-cache');
|
header('Cache-Control: private, no-cache="set-cookie"'); header('Expires: 0'); header('Pragma: no-cache');
|
| if (!empty($user->data['is_bot'])) { // Let reverse proxies know we detected a bot. header('X-PHPBB-IS-BOT: yes'); }
|
return; }
| return; }
|
Line 4552 | Line 4815 |
---|
$template->assign_vars(array( 'DEBUG_OUTPUT' => (defined('DEBUG')) ? $debug_output : '', 'TRANSLATION_INFO' => (!empty($user->lang['TRANSLATION_INFO'])) ? $user->lang['TRANSLATION_INFO'] : '',
|
$template->assign_vars(array( 'DEBUG_OUTPUT' => (defined('DEBUG')) ? $debug_output : '', 'TRANSLATION_INFO' => (!empty($user->lang['TRANSLATION_INFO'])) ? $user->lang['TRANSLATION_INFO'] : '',
|
| 'CREDIT_LINE' => $user->lang('POWERED_BY', '<a href="https://www.phpbb.com/">phpBB</a>® Forum Software © phpBB Group'),
|
'U_ACP' => ($auth->acl_get('a_') && !empty($user->data['is_registered'])) ? append_sid("{$phpbb_root_path}adm/index.$phpEx", false, true, $user->session_id) : '') );
// Call cron-type script $call_cron = false;
|
'U_ACP' => ($auth->acl_get('a_') && !empty($user->data['is_registered'])) ? append_sid("{$phpbb_root_path}adm/index.$phpEx", false, true, $user->session_id) : '') );
// Call cron-type script $call_cron = false;
|
if (!defined('IN_CRON') && $run_cron && !$config['board_disable'])
| if (!defined('IN_CRON') && $run_cron && !$config['board_disable'] && !$user->data['is_bot'])
|
{ $call_cron = true; $time_now = (!empty($user->time_now) && is_int($user->time_now)) ? $user->time_now : time();
| { $call_cron = true; $time_now = (!empty($user->time_now) && is_int($user->time_now)) ? $user->time_now : time();
|
Line 4662 | Line 4926 |
---|
}
// As a pre-caution... some setups display a blank page if the flush() is not there.
|
}
// As a pre-caution... some setups display a blank page if the flush() is not there.
|
(empty($config['gzip_compress'])) ? @flush() : @ob_flush();
| (ob_get_level() > 0) ? @ob_flush() : @flush();
|
exit; }
| exit; }
|