phpBB

Code Changes

File: includes/functions.php

  Unmodified   Added   Modified   Removed
Line 680Line 680
				}
}
}

				}
}
}


return;

 
	}
else if ($mode == 'topics')
{

	}
else if ($mode == 'topics')
{

Line 808Line 806

unset($tracking);
}


unset($tracking);
}


return;

 
	}
else if ($mode == 'topic')
{

	}
else if ($mode == 'topic')
{

Line 923Line 919
			$user->set_cookie('track', tracking_serialize($tracking), $post_time + 31536000);
$request->overwrite($config['cookie_name'] . '_track', tracking_serialize($tracking), \phpbb\request\request_interface::COOKIE);
}

			$user->set_cookie('track', tracking_serialize($tracking), $post_time + 31536000);
$request->overwrite($config['cookie_name'] . '_track', tracking_serialize($tracking), \phpbb\request\request_interface::COOKIE);
}


return;

 
	}
else if ($mode == 'post')
{

	}
else if ($mode == 'post')
{

Line 949Line 943

$db->sql_return_on_error(false);
}


$db->sql_return_on_error(false);
}


return;

 
	}

	}

 

/**
* This event is used for performing actions directly after forums,
* topics or posts have been marked as read.
*
* @event core.markread_after
* @var string mode Variable containing marking mode value
* @var mixed forum_id Variable containing forum id, or false
* @var mixed topic_id Variable containing topic id, or false
* @var int post_time Variable containing post time
* @var int user_id Variable containing the user id
* @since 3.2.6-RC1
*/
$vars = array(
'mode',
'forum_id',
'topic_id',
'post_time',
'user_id',
);
extract($phpbb_dispatcher->trigger_event('core.markread_after', compact($vars)));

}

/**

}

/**

Line 1828Line 1841
	else
{
garbage_collection();

	else
{
garbage_collection();

	}

// Redirect via an HTML form for PITA webservers
if (@preg_match('#WebSTAR|Xitami#', getenv('SERVER_SOFTWARE')))
{
header('Refresh: 0; URL=' . $url);

echo '<!DOCTYPE html>';
echo '<html dir="' . $user->lang['DIRECTION'] . '" lang="' . $user->lang['USER_LANG'] . '">';
echo '<head>';
echo '<meta charset="utf-8">';
echo '<meta http-equiv="X-UA-Compatible" content="IE=edge">';
echo '<meta http-equiv="refresh" content="0; url=' . str_replace('&', '&amp;', $url) . '" />';
echo '<title>' . $user->lang['REDIRECT'] . '</title>';
echo '</head>';
echo '<body>';
echo '<div style="text-align: center;">' . sprintf($user->lang['URL_REDIRECT'], '<a href="' . str_replace('&', '&amp;', $url) . '">', '</a>') . '</div>';
echo '</body>';
echo '</html>';

exit;

 
	}

// Behave as per HTTP/1.1 spec for others

	}

// Behave as per HTTP/1.1 spec for others

Line 2130Line 2122
/**
* Build Confirm box
* @param boolean $check True for checking if confirmed (without any additional parameters) and false for displaying the confirm box

/**
* Build Confirm box
* @param boolean $check True for checking if confirmed (without any additional parameters) and false for displaying the confirm box

* @param string $title Title/Message used for confirm box.

* @param string|array $title Title/Message used for confirm box.

*		message text is _CONFIRM appended to title.
* If title cannot be found in user->lang a default one is displayed
* If title_CONFIRM cannot be found in user->lang the text given is used.

*		message text is _CONFIRM appended to title.
* If title cannot be found in user->lang a default one is displayed
* If title_CONFIRM cannot be found in user->lang the text given is used.

 
*       If title is an array, the first array value is used as explained per above,
* all other array values are sent as parameters to the language function.

* @param string $hidden Hidden variables
* @param string $html_body Template used for confirm box
* @param string $u_action Custom form action

* @param string $hidden Hidden variables
* @param string $html_body Template used for confirm box
* @param string $u_action Custom form action

 
*
* @return bool True if confirmation was successful, false if not

*/
function confirm_box($check, $title = '', $hidden = '', $html_body = 'confirm_body.html', $u_action = '')
{
global $user, $template, $db, $request;

*/
function confirm_box($check, $title = '', $hidden = '', $html_body = 'confirm_body.html', $u_action = '')
{
global $user, $template, $db, $request;

	global $config, $phpbb_path_helper;

	global $config, $language, $phpbb_path_helper, $phpbb_dispatcher;


if (isset($_POST['cancel']))
{
return false;
}



if (isset($_POST['cancel']))
{
return false;
}


	$confirm = ($user->lang['YES'] === $request->variable('confirm', '', true, \phpbb\request\request_interface::POST));

	$confirm = ($language->lang('YES') === $request->variable('confirm', '', true, \phpbb\request\request_interface::POST));


if ($check && $confirm)
{


if ($check && $confirm)
{

Line 2181Line 2177

// generate activation key
$confirm_key = gen_rand_string(10);


// generate activation key
$confirm_key = gen_rand_string(10);

 

// generate language strings
if (is_array($title))
{
$key = array_shift($title);
$count = array_shift($title);
$confirm_title = $language->is_set($key) ? $language->lang($key, $count, $title) : $language->lang('CONFIRM');
$confirm_text = $language->is_set($key . '_CONFIRM') ? $language->lang($key . '_CONFIRM', $count, $title) : $key;
}
else
{
$confirm_title = $language->is_set($title) ? $language->lang($title) : $language->lang('CONFIRM');
$confirm_text = $language->is_set($title . '_CONFIRM') ? $language->lang($title . '_CONFIRM') : $title;
}


if (defined('IN_ADMIN') && isset($user->data['session_admin']) && $user->data['session_admin'])
{


if (defined('IN_ADMIN') && isset($user->data['session_admin']) && $user->data['session_admin'])
{

		adm_page_header((!isset($user->lang[$title])) ? $user->lang['CONFIRM'] : $user->lang[$title]);

		adm_page_header($confirm_title);

	}
else
{

	}
else
{

		page_header((!isset($user->lang[$title])) ? $user->lang['CONFIRM'] : $user->lang[$title]);

		page_header($confirm_title);

	}

$template->set_filenames(array(

	}

$template->set_filenames(array(

Line 2208Line 2218
	$u_action .= ((strpos($u_action, '?') === false) ? '?' : '&amp;') . 'confirm_key=' . $confirm_key;

$template->assign_vars(array(

	$u_action .= ((strpos($u_action, '?') === false) ? '?' : '&amp;') . 'confirm_key=' . $confirm_key;

$template->assign_vars(array(

		'MESSAGE_TITLE'		=> (!isset($user->lang[$title])) ? $user->lang['CONFIRM'] : $user->lang($title, 1),
'MESSAGE_TEXT' => (!isset($user->lang[$title . '_CONFIRM'])) ? $title : $user->lang[$title . '_CONFIRM'],

		'MESSAGE_TITLE'		=> $confirm_title,
'MESSAGE_TEXT' => $confirm_text,





		'YES_VALUE'			=> $user->lang['YES'],

		'YES_VALUE'			=> $language->lang('YES'),

		'S_CONFIRM_ACTION'	=> $u_action,
'S_HIDDEN_FIELDS' => $hidden . $s_hidden_fields,
'S_AJAX_REQUEST' => $request->is_ajax(),

		'S_CONFIRM_ACTION'	=> $u_action,
'S_HIDDEN_FIELDS' => $hidden . $s_hidden_fields,
'S_AJAX_REQUEST' => $request->is_ajax(),

Line 2224Line 2234
	if ($request->is_ajax())
{
$u_action .= '&confirm_uid=' . $user->data['user_id'] . '&sess=' . $user->session_id . '&sid=' . $user->session_id;

	if ($request->is_ajax())
{
$u_action .= '&confirm_uid=' . $user->data['user_id'] . '&sess=' . $user->session_id . '&sid=' . $user->session_id;

		$json_response = new \phpbb\json_response;
$json_response->send(array(

		$data = array(


			'MESSAGE_BODY'		=> $template->assign_display('body'),

			'MESSAGE_BODY'		=> $template->assign_display('body'),

			'MESSAGE_TITLE'		=> (!isset($user->lang[$title])) ? $user->lang['CONFIRM'] : $user->lang[$title],
'MESSAGE_TEXT' => (!isset($user->lang[$title . '_CONFIRM'])) ? $title : $user->lang[$title . '_CONFIRM'],

			'MESSAGE_TITLE'		=> $confirm_title,
'MESSAGE_TEXT' => $confirm_text,





			'YES_VALUE'			=> $user->lang['YES'],

			'YES_VALUE'			=> $language->lang('YES'),

			'S_CONFIRM_ACTION'	=> str_replace('&amp;', '&', $u_action), //inefficient, rewrite whole function
'S_HIDDEN_FIELDS' => $hidden . $s_hidden_fields

			'S_CONFIRM_ACTION'	=> str_replace('&amp;', '&', $u_action), //inefficient, rewrite whole function
'S_HIDDEN_FIELDS' => $hidden . $s_hidden_fields

		));






















		);

/**
* This event allows an extension to modify the ajax output of confirm box.
*
* @event core.confirm_box_ajax_before
* @var string u_action Action of the form
* @var array data Data to be sent
* @var string hidden Hidden fields generated by caller
* @var string s_hidden_fields Hidden fields generated by this function
* @since 3.2.8-RC1
*/
$vars = array(
'u_action',
'data',
'hidden',
's_hidden_fields',
);
extract($phpbb_dispatcher->trigger_event('core.confirm_box_ajax_before', compact($vars)));

$json_response = new \phpbb\json_response;
$json_response->send($data);

	}

if (defined('IN_ADMIN') && isset($user->data['session_admin']) && $user->data['session_admin'])

	}

if (defined('IN_ADMIN') && isset($user->data['session_admin']) && $user->data['session_admin'])

Line 2244Line 2274
	{
page_footer();
}

	{
page_footer();
}

 

exit; // unreachable, page_footer() above will call exit()

}

/**

}

/**

Line 2255Line 2287
	global $request, $phpbb_container, $phpbb_dispatcher, $phpbb_log;

$err = '';

	global $request, $phpbb_container, $phpbb_dispatcher, $phpbb_log;

$err = '';

 
	$form_name = 'login';


// Make sure user->setup() has been called
if (!$user->is_setup())


// Make sure user->setup() has been called
if (!$user->is_setup())

Line 2330Line 2363
			trigger_error('NO_AUTH_ADMIN_USER_DIFFER');
}


			trigger_error('NO_AUTH_ADMIN_USER_DIFFER');
}


 
		// Check form key
if ($password && !defined('IN_CHECK_BAN') && !check_form_key($form_name))
{
$result = array(
'status' => false,
'error_msg' => 'FORM_INVALID',
);
}
else
{

		// If authentication is successful we redirect user to previous page
$result = $auth->login($username, $password, $autologin, $viewonline, $admin);

		// If authentication is successful we redirect user to previous page
$result = $auth->login($username, $password, $autologin, $viewonline, $admin);

 
		}


// If admin authentication and login, we will log if it was a success or not...
// We also break the operation on the first non-success login - it could be argued that the user already knows


// If admin authentication and login, we will log if it was a success or not...
// We also break the operation on the first non-success login - it could be argued that the user already knows

Line 4081Line 4125
*
* @return string Avatar html
*/

*
* @return string Avatar html
*/

function phpbb_get_group_avatar($user_row, $alt = 'GROUP_AVATAR', $ignore_config = false, $lazy = false)

function phpbb_get_group_avatar($group_row, $alt = 'GROUP_AVATAR', $ignore_config = false, $lazy = false)

{

{

	$row = \phpbb\avatar\manager::clean_row($user_row, 'group');

	$row = \phpbb\avatar\manager::clean_row($group_row, 'group');

	return phpbb_get_avatar($row, $alt, $ignore_config, $lazy);
}


	return phpbb_get_avatar($row, $alt, $ignore_config, $lazy);
}


Line 4387Line 4431
	/** @var \phpbb\controller\helper $controller_helper */
$controller_helper = $phpbb_container->get('controller.helper');
$notification_mark_hash = generate_link_hash('mark_all_notifications_read');

	/** @var \phpbb\controller\helper $controller_helper */
$controller_helper = $phpbb_container->get('controller.helper');
$notification_mark_hash = generate_link_hash('mark_all_notifications_read');

 

$s_login_redirect = build_hidden_fields(array('redirect' => $phpbb_path_helper->remove_web_root_path(build_url())));

// Add form token for login box, in case page is presenting a login form.
add_form_key('login', '_LOGIN');

/**
* Workaround for missing template variable in pre phpBB 3.2.6 styles.
* @deprecated 3.2.7 (To be removed: 3.3.0-a1)
*/
$form_token_login = $template->retrieve_var('S_FORM_TOKEN_LOGIN');
if (!empty($form_token_login))
{
$s_login_redirect .= $form_token_login;
// Remove S_FORM_TOKEN_LOGIN as it's already appended to S_LOGIN_REDIRECT
$template->assign_var('S_FORM_TOKEN_LOGIN', '');
}


// The following assigns all _common_ variables that may be used at any point in a template.
$template->assign_vars(array(


// The following assigns all _common_ variables that may be used at any point in a template.
$template->assign_vars(array(

Line 4477Line 4538
		'S_TOPIC_ID'			=> $topic_id,

'S_LOGIN_ACTION' => ((!defined('ADMIN_START')) ? append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=login') : append_sid("{$phpbb_admin_path}index.$phpEx", false, true, $user->session_id)),

		'S_TOPIC_ID'			=> $topic_id,

'S_LOGIN_ACTION' => ((!defined('ADMIN_START')) ? append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=login') : append_sid("{$phpbb_admin_path}index.$phpEx", false, true, $user->session_id)),

		'S_LOGIN_REDIRECT'		=> build_hidden_fields(array('redirect' => $phpbb_path_helper->remove_web_root_path(build_url()))),

		'S_LOGIN_REDIRECT'		=> $s_login_redirect,


'S_ENABLE_FEEDS' => ($config['feed_enable']) ? true : false,
'S_ENABLE_FEEDS_OVERALL' => ($config['feed_overall']) ? true : false,


'S_ENABLE_FEEDS' => ($config['feed_enable']) ? true : false,
'S_ENABLE_FEEDS_OVERALL' => ($config['feed_overall']) ? true : false,

Line 4528Line 4589

if ($send_headers)
{


if ($send_headers)
{

		// An array of http headers that phpbb will set. The following event may override these.

		// An array of http headers that phpBB will set. The following event may override these.

		$http_headers += array(
// application/xhtml+xml not used because of IE
'Content-type' => 'text/html; charset=UTF-8',
'Cache-Control' => 'private, no-cache="set-cookie"',
'Expires' => gmdate('D, d M Y H:i:s', time()) . ' GMT',

		$http_headers += array(
// application/xhtml+xml not used because of IE
'Content-type' => 'text/html; charset=UTF-8',
'Cache-Control' => 'private, no-cache="set-cookie"',
'Expires' => gmdate('D, d M Y H:i:s', time()) . ' GMT',

 
			'Referrer-Policy' => 'strict-origin-when-cross-origin',

		);
if (!empty($user->data['is_bot']))
{

		);
if (!empty($user->data['is_bot']))
{