diff --git a/phpBB/adm/index.php b/phpBB/adm/index.php
index e69e83d041..a3b173ac7a 100644
--- a/phpBB/adm/index.php
+++ b/phpBB/adm/index.php
@@ -45,8 +45,8 @@ define('IN_ADMIN', true);
$phpbb_admin_path = (defined('PHPBB_ADMIN_PATH')) ? PHPBB_ADMIN_PATH : './';
// Some oft used variables
-$safe_mode = (@ini_get('safe_mode') || @strtolower(ini_get('safe_mode')) == 'on') ? true : false;
-$file_uploads = (@ini_get('file_uploads') || strtolower(@ini_get('file_uploads')) == 'on') ? true : false;
+$safe_mode = (@ini_get('safe_mode') == '1' || @strtolower(ini_get('safe_mode')) === 'on') ? true : false;
+$file_uploads = (@ini_get('file_uploads') == '1' || strtolower(@ini_get('file_uploads')) === 'on') ? true : false;
$module_id = request_var('i', '');
$mode = request_var('mode', '');
diff --git a/phpBB/docs/CHANGELOG.html b/phpBB/docs/CHANGELOG.html
index 00f54c0abf..d2e4ed52ee 100644
--- a/phpBB/docs/CHANGELOG.html
+++ b/phpBB/docs/CHANGELOG.html
@@ -86,6 +86,10 @@
- [Change] Validate birthdays (Bug #15004)
- [Fix] Allow correct avatar caching for CGI installations. (thanks wildbill)
+ - [Fix] Fix disabling of word censor, now possible again
+ - [Fix] Allow single quotes in db password to be stored within config.php in installer
+ - [Fix] Correctly quote db password for re-display in installer (Bug #16695 / thanks to m313 for reporting too - #s17235)
+ - [Fix] Correctly handle empty imageset entries (Bug #16865)
1.i. Changes since 3.0.RC8
diff --git a/phpBB/includes/functions_profile_fields.php b/phpBB/includes/functions_profile_fields.php
index 6cccd7ffe5..63b506c5b8 100644
--- a/phpBB/includes/functions_profile_fields.php
+++ b/phpBB/includes/functions_profile_fields.php
@@ -666,7 +666,7 @@ class custom_profile
}
$profile_row['s_year_options'] = '';
- for ($i = $now['year'] - 100; $i <= $now['year']; $i++)
+ for ($i = $now['year'] - 100; $i <= $now['year'] + 100; $i++)
{
$profile_row['s_year_options'] .= '";
}
diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php
index 6149063dea..0c61f01b02 100644
--- a/phpBB/includes/session.php
+++ b/phpBB/includes/session.php
@@ -1477,6 +1477,7 @@ class user extends session
$sql = 'SELECT image_name, image_filename, image_lang, image_height, image_width
FROM ' . STYLES_IMAGESET_DATA_TABLE . '
WHERE imageset_id = ' . $this->theme['imageset_id'] . "
+ AND image_filename <> ''
AND image_lang IN ('" . $db->sql_escape($this->img_lang) . "', '')";
$result = $db->sql_query($sql, 3600);
diff --git a/phpBB/includes/ucp/ucp_register.php b/phpBB/includes/ucp/ucp_register.php
index 91660020e9..09649ebe68 100644
--- a/phpBB/includes/ucp/ucp_register.php
+++ b/phpBB/includes/ucp/ucp_register.php
@@ -46,8 +46,8 @@ class ucp_register
// not so fast, buddy
- if (($submit && !check_form_key('ucp_register', false, '', false, $config['min_time_reg']))
- || (!$submit && !check_form_key('ucp_register_terms', false, '', false, $config['min_time_terms'])))
+ if (!check_form_key('ucp_register', false, '', false, $config['min_time_reg'])
+ && !check_form_key('ucp_register_terms', false, '', false, $config['min_time_terms']))
{
$agreed = false;
}
@@ -103,12 +103,13 @@ class ucp_register
// If we change the language, we want to pass on some more possible parameter.
if ($change_lang)
{
- // We do not include the password!
+ // We do not include the password
$s_hidden_fields = array_merge($s_hidden_fields, array(
'username' => utf8_normalize_nfc(request_var('username', '', true)),
'email' => strtolower(request_var('email', '')),
'email_confirm' => strtolower(request_var('email_confirm', '')),
'confirm_code' => request_var('confirm_code', ''),
+ 'confirm_id' => request_var('confirm_id', ''),
'lang' => $user->lang_name,
'tz' => request_var('tz', (float) $config['board_timezone']),
));
@@ -451,13 +452,32 @@ class ucp_register
$confirm_image = '';
// Visual Confirmation - Show images
+
if ($config['enable_confirm'])
{
- $str = '';
- if (!$change_lang)
+ if ($change_lang)
+ {
+ $str = '&change_lang=' . $change_lang;
+ $sql = 'SELECT code
+ FROM ' . CONFIRM_TABLE . "
+ WHERE confirm_id = '" . $db->sql_escape($confirm_id) . "'
+ AND session_id = '" . $db->sql_escape($user->session_id) . "'
+ AND confirm_type = " . CONFIRM_REG;
+ $result = $db->sql_query($sql);
+ if (!$row = $db->sql_fetchrow($result))
+ {
+ $confirm_id = '';
+ }
+ $db->sql_freeresult($result);
+ }
+ else
+ {
+ $str = '';
+ }
+ if (!$change_lang || !$confirm_id)
{
$user->confirm_gc(CONFIRM_REG);
-
+
$sql = 'SELECT COUNT(session_id) AS attempts
FROM ' . CONFIRM_TABLE . "
WHERE session_id = '" . $db->sql_escape($user->session_id) . "'
@@ -487,11 +507,6 @@ class ucp_register
);
$db->sql_query($sql);
}
- else
- {
- $str .= '&change_lang=' . $change_lang;
- }
-
$confirm_image = '
';
$s_hidden_fields .= '';
}
diff --git a/phpBB/install/install_install.php b/phpBB/install/install_install.php
index 2c4d9a0fda..bce3cec730 100755
--- a/phpBB/install/install_install.php
+++ b/phpBB/install/install_install.php
@@ -151,7 +151,7 @@ class install_install extends module
// We also give feedback on whether we're running in safe mode
$result = '' . $lang['YES'];
- if (@ini_get('safe_mode') || strtolower(@ini_get('safe_mode')) == 'on')
+ if (@ini_get('safe_mode') == '1' || strtolower(@ini_get('safe_mode')) == 'on')
{
$result .= ', ' . $lang['PHP_SAFE_MODE'];
}
diff --git a/phpBB/style.php b/phpBB/style.php
index f177d30c03..75c440bb63 100644
--- a/phpBB/style.php
+++ b/phpBB/style.php
@@ -116,6 +116,7 @@ if ($id)
$sql = 'SELECT *
FROM ' . STYLES_IMAGESET_DATA_TABLE . '
WHERE imageset_id = ' . $theme['imageset_id'] . "
+ AND image_filename <> ''
AND image_lang IN ('" . $db->sql_escape($user_image_lang) . "', '')";
$result = $db->sql_query($sql, 3600);