ok... i hope i haven't messed too much with the code and everything is still working.

Changes:
- Ascraeus now uses constants for the phpbb root path and the php extension. This ensures more security for external applications and modifications (no more overwriting of root path and extension possible through insecure mods and register globals enabled) as well as no more globalizing needed.
- A second change implemented here is an additional short-hand-notation for append_sid(). It is allowed to omit the root path and extension now (for example calling append_sid('memberlist')) - in this case the root path and extension get added automatically. The hook is called after these are added.

git-svn-id: file:///svn/phpbb/trunk@8572 89ea8834-ac86-4346-8a33-228a782c2dd0

phpBB/includes/functions_admin.php

@@ -630,7 +630,7 @@ function delete_topics($where_type, $where_ids, $auto_sync = true, $post_count_s
 */
 function delete_posts($where_type, $where_ids, $auto_sync = true, $posted_sync = true, $post_count_sync = true, $call_delete_topics = true)
 {
-	global $db, $config, $phpbb_root_path, $phpEx;
+	global $db, $config;
 
 	if ($where_type === 'range')
 	{
@@ -739,12 +739,12 @@ function delete_posts($where_type, $where_ids, $auto_sync = true, $posted_sync =
 	// Remove the message from the search index
 	$search_type = basename($config['search_type']);
 
-	if (!file_exists($phpbb_root_path . 'includes/search/' . $search_type . '.' . $phpEx))
+	if (!file_exists(PHPBB_ROOT_PATH . 'includes/search/' . $search_type . '.' . PHP_EXT))
 	{
 		trigger_error('NO_SUCH_SEARCH_MODULE');
 	}
 
-	include_once("{$phpbb_root_path}includes/search/$search_type.$phpEx");
+	include_once(PHPBB_ROOT_PATH . "includes/search/$search_type." . PHP_EXT);
 
 	$error = false;
 	$search = new $search_type($error);
@@ -1101,7 +1101,7 @@ function update_posted_info(&$topic_ids)
 */
 function phpbb_unlink($filename, $mode = 'file', $entry_removed = false)
 {
-	global $db, $phpbb_root_path, $config;
+	global $db, $config;
 
 	// Because of copying topics or modifications a physical filename could be assigned more than once. If so, do not remove the file itself.
 	$sql = 'SELECT COUNT(attach_id) AS num_entries
@@ -1118,7 +1118,7 @@ function phpbb_unlink($filename, $mode = 'file', $entry_removed = false)
 	}
 
 	$filename = ($mode == 'thumbnail') ? 'thumb_' . basename($filename) : basename($filename);
-	return @unlink($phpbb_root_path . $config['upload_path'] . '/' . $filename);
+	return @unlink(PHPBB_ROOT_PATH . $config['upload_path'] . '/' . $filename);
 }
 
 /**
@@ -2154,7 +2154,7 @@ function remove_comments(&$output)
 */
 function cache_moderators()
 {
-	global $db, $cache, $auth, $phpbb_root_path, $phpEx;
+	global $db, $cache, $auth;
 
 	// Remove cached sql results
 	$cache->destroy('sql', MODERATOR_CACHE_TABLE);
@@ -2323,11 +2323,11 @@ function cache_moderators()
 */
 function view_log($mode, &$log, &$log_count, $limit = 0, $offset = 0, $forum_id = 0, $topic_id = 0, $user_id = 0, $limit_days = 0, $sort_by = 'l.log_time DESC')
 {
-	global $db, $user, $auth, $phpEx, $phpbb_root_path, $phpbb_admin_path;
+	global $db, $user, $auth;
 
 	$topic_id_list = $reportee_id_list = $is_auth = $is_mod = array();
 
-	$profile_url = (defined('IN_ADMIN')) ? append_sid("{$phpbb_admin_path}index.$phpEx", 'i=users&mode=overview') : append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=viewprofile');
+	$profile_url = (defined('IN_ADMIN')) ? append_sid(PHPBB_ADMIN_PATH . 'index.' . PHP_EXT, 'i=users&mode=overview') : append_sid('memberlist', 'mode=viewprofile');
 
 	switch ($mode)
 	{
@@ -2411,7 +2411,7 @@ function view_log($mode, &$log, &$log_count, $limit = 0, $offset = 0, $forum_id
 			'forum_id'			=> $row['forum_id'],
 			'topic_id'			=> $row['topic_id'],
 
-			'viewforum'			=> ($row['forum_id'] && $auth->acl_get('f_read', $row['forum_id'])) ? append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $row['forum_id']) : false,
+			'viewforum'			=> ($row['forum_id'] && $auth->acl_get('f_read', $row['forum_id'])) ? append_sid('viewforum', 'f=' . $row['forum_id']) : false,
 			'action'			=> (isset($user->lang[$row['log_operation']])) ? $user->lang[$row['log_operation']] : '{' . ucfirst(str_replace('_', ' ', $row['log_operation'])) . '}',
 		);
 
@@ -2498,8 +2498,8 @@ function view_log($mode, &$log, &$log_count, $limit = 0, $offset = 0, $forum_id
 
 		foreach ($log as $key => $row)
 		{
-			$log[$key]['viewtopic'] = (isset($is_auth[$row['topic_id']])) ? append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'f=' . $is_auth[$row['topic_id']] . '&t=' . $row['topic_id']) : false;
-			$log[$key]['viewlogs'] = (isset($is_mod[$row['topic_id']])) ? append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=logs&mode=topic_logs&t=' . $row['topic_id'], true, $user->session_id) : false;
+			$log[$key]['viewtopic'] = (isset($is_auth[$row['topic_id']])) ? append_sid('viewtopic', 'f=' . $is_auth[$row['topic_id']] . '&t=' . $row['topic_id']) : false;
+			$log[$key]['viewlogs'] = (isset($is_mod[$row['topic_id']])) ? append_sid('mcp', 'i=logs&mode=topic_logs&t=' . $row['topic_id'], true, $user->session_id) : false;
 		}
 	}
 
@@ -3005,7 +3005,7 @@ function tidy_database()
 */
 function add_permission_language()
 {
-	global $user, $phpEx;
+	global $user;
 
 	// First of all, our own file. We need to include it as the first file because it presets all relevant variables.
 	$user->add_lang('acp/permissions_phpbb');
@@ -3021,9 +3021,9 @@ function add_permission_language()
 		{
 			while (($file = readdir($dh)) !== false)
 			{
-				if ($file !== 'permissions_phpbb.' . $phpEx && strpos($file, 'permissions_') === 0 && substr($file, -(strlen($phpEx) + 1)) === '.' . $phpEx)
+				if ($file !== 'permissions_phpbb.' . PHP_EXT && strpos($file, 'permissions_') === 0 && substr($file, -(strlen(PHP_EXT) + 1)) === '.' . PHP_EXT)
 				{
-					$files_to_add[] = $path . substr($file, 0, -(strlen($phpEx) + 1));
+					$files_to_add[] = $path . substr($file, 0, -(strlen(PHP_EXT) + 1));
 				}
 			}
 			closedir($dh);