mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-08-06 08:47:45 +02:00
Code Issues Releases Wiki Activity

Merge branch '3.3.x'

Browse Source
This commit is contained in:
Máté Bartus
2021-01-22 19:14:53 +01:00
parent 64ee69b519 c2b0533fb8
commit 29e7226c96
73 changed files with 218 additions and 206 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
phpBB/install/convert/controller/convertor.php
View File

@@ -506,7 +506,7 @@ class convertor
{
/** @var \phpbb\db\driver\driver_interface $src_db */
$src_db = new $src_dbms();
$src_db->sql_connect($src_dbhost, $src_dbuser, htmlspecialchars_decode($src_dbpasswd), $src_dbname, $src_dbport, false, true);
$src_db->sql_connect($src_dbhost, $src_dbuser, htmlspecialchars_decode($src_dbpasswd, ENT_COMPAT), $src_dbname, $src_dbport, false, true);
$same_db = false;
}
else

20
phpBB/install/convert/convertor.php
View File

@@ -132,7 +132,7 @@ class convertor
$dbms = $convert->src_dbms;
/** @var \phpbb\db\driver\driver $src_db */
$src_db = new $dbms();
$src_db->sql_connect($convert->src_dbhost, $convert->src_dbuser, htmlspecialchars_decode($convert->src_dbpasswd), $convert->src_dbname, $convert->src_dbport, false, true);
$src_db->sql_connect($convert->src_dbhost, $convert->src_dbuser, htmlspecialchars_decode($convert->src_dbpasswd, ENT_COMPAT), $convert->src_dbname, $convert->src_dbport, false, true);
$same_db = false;
}
else
@@ -763,7 +763,7 @@ class convertor
{
if (!$db->sql_query($insert_query . $waiting_sql))
{
$this->db_error($user->lang['DB_ERR_INSERT'], htmlspecialchars($insert_query . $waiting_sql) . '<br /><br />' . htmlspecialchars(print_r($db->_sql_error(), true)), __LINE__, __FILE__, true);
$this->db_error($user->lang['DB_ERR_INSERT'], htmlspecialchars($insert_query . $waiting_sql, ENT_COMPAT) . '<br /><br />' . htmlspecialchars(print_r($db->_sql_error(), true), ENT_COMPAT), __LINE__, __FILE__, true);
}
}
@@ -782,7 +782,7 @@ class convertor
if (!$db->sql_query($insert_sql))
{
$this->db_error($user->lang['DB_ERR_INSERT'], htmlspecialchars($insert_sql) . '<br /><br />' . htmlspecialchars(print_r($db->_sql_error(), true)), __LINE__, __FILE__, true);
$this->db_error($user->lang['DB_ERR_INSERT'], htmlspecialchars($insert_sql, ENT_COMPAT) . '<br /><br />' . htmlspecialchars(print_r($db->_sql_error(), true), ENT_COMPAT), __LINE__, __FILE__, true);
}
$db->sql_return_on_error(false);
@@ -817,7 +817,7 @@ class convertor
foreach ($waiting_rows as $waiting_sql)
{
$db->sql_query($insert_query . $waiting_sql);
$this->db_error($user->lang['DB_ERR_INSERT'], htmlspecialchars($insert_query . $waiting_sql) . '<br /><br />' . htmlspecialchars(print_r($db->_sql_error(), true)), __LINE__, __FILE__, true);
$this->db_error($user->lang['DB_ERR_INSERT'], htmlspecialchars($insert_query . $waiting_sql, ENT_COMPAT) . '<br /><br />' . htmlspecialchars(print_r($db->_sql_error(), true), ENT_COMPAT), __LINE__, __FILE__, true);
}
$db->sql_return_on_error(false);
@@ -1468,6 +1468,12 @@ class convertor
$value = array($value);
}
// Add ENT_COMPAT default flag to html specialchars/entities functions, see PHPBB3-16690
if (in_array($execution, ['htmlspecialchars', 'htmlentities', 'htmlspecialchars_decode', 'html_entitity_decode']))
{
$value[] = ENT_COMPAT;
}
$value = call_user_func_array($execution, $value);
}
else if (strpos($type, 'execute') === 0)
@@ -1517,6 +1523,12 @@ class convertor
$value = array($value);
}
// Add ENT_COMPAT default flag to html specialchars/entities functions, see PHPBB3-16690
if (in_array($execution, ['htmlspecialchars', 'htmlentities', 'htmlspecialchars_decode', 'html_entitity_decode']))
{
$value[] = ENT_COMPAT;
}
$value = call_user_func_array($execution, $value);
}
else if (strpos($type, 'execute') === 0)