From 42251d008c06ad0f475f116643c6583fc9a4eda7 Mon Sep 17 00:00:00 2001 From: Henry Sudhof Date: Mon, 30 Apr 2007 10:46:17 +0000 Subject: [PATCH] Prepare to be yelled at and brace for the tide of bug reports: I had hoped we would not have to do this, but it seems that we have to. -Route all avatar downloads through download.php - adrien -Change the way inline attachments are delivered -Fixes a few (unreported) bugs, notably avatar upload during group generation -#10079 git-svn-id: file:///svn/phpbb/trunk@7429 89ea8834-ac86-4346-8a33-228a782c2dd0 --- phpBB/develop/adjust_avatars.php | 142 ++++++++++++ phpBB/download.php | 209 ++++++++++++++++-- phpBB/includes/acp/acp_attachments.php | 2 +- phpBB/includes/acp/acp_groups.php | 2 +- phpBB/includes/acp/acp_users.php | 2 +- phpBB/includes/functions.php | 4 +- phpBB/includes/functions_convert.php | 15 +- phpBB/includes/functions_display.php | 4 +- phpBB/includes/functions_posting.php | 2 +- phpBB/includes/functions_upload.php | 6 +- phpBB/includes/functions_user.php | 70 +++++- phpBB/includes/ucp/ucp_groups.php | 2 +- .../install/convertors/functions_phpbb20.php | 2 +- phpBB/install/database_update.php | 3 + phpBB/install/install_convert.php | 2 +- phpBB/install/install_install.php | 6 +- phpBB/install/schemas/schema_data.sql | 1 + .../styles/prosilver/template/attachment.html | 10 +- .../subsilver2/template/attachment.html | 2 +- 19 files changed, 443 insertions(+), 43 deletions(-) create mode 100755 phpBB/develop/adjust_avatars.php diff --git a/phpBB/develop/adjust_avatars.php b/phpBB/develop/adjust_avatars.php new file mode 100755 index 0000000000..87514166ff --- /dev/null +++ b/phpBB/develop/adjust_avatars.php @@ -0,0 +1,142 @@ +session_begin(); +$auth->acl($user->data); +$user->setup(); + +$echos = 0; + +if (!isset($config['avatar_salt'])) +{ + $cache->purge(); + if (!isset($config['avatar_salt'])) + { + die('database not up to date'); + } + die('database not up to date'); +} + +// let's start with the users using a group_avatar. +$sql = 'SELECT group_id, group_avatar + FROM ' . GROUPS_TABLE . + ' WHERE group_avatar_type = ' . AVATAR_UPLOAD; + +// We'll skip these, so remember them +$group_avatars = array(); + +echo '
Updating groups' . "\n"; + +$result = $db->sql_query($sql); + +while ($row = $db->sql_fetchrow($result)) +{ + + $new_avatar_name = adjust_avatar($row['group_avatar'], 'g' . $row['group_id']); + $group_avatars[] = $new_avatar_name; + + // failure is probably due to the avatar name already being adjusted + if ($new_avatar_name !== false) + { + $sql = 'UPDATE ' . USERS_TABLE . " + SET user_avatar = '$new_avatar_name' + WHERE user_avatar = '{$row['group_avatar']}' + AND user_avatar_type = " . AVATAR_UPLOAD; + $db->sql_query($sql); + + $sql = 'UPDATE ' . GROUPS_TABLE . " + SET group_avatar = '$new_avatar_name' + WHERE group_id = {$row['group_id']}"; + $db->sql_query($sql); + } + else + { + echo '
Failed updating group ' . $row['group_id'] . "\n"; + } + + if ($echos > 200) + { + echo '
' . "\n"; + $echos = 0; + } + + echo '.'; + $echos++; + + flush(); +} +$db->sql_freeresult($result); + +$sql = 'SELECT user_id, username, user_avatar, user_avatar_type + FROM ' . USERS_TABLE . ' + WHERE user_avatar_type = ' . AVATAR_UPLOAD . ' + AND ' . $db->sql_in_set('user_avatar', $group_avatars, true); + +$result = $db->sql_query($sql); + +echo '
Updating users' . "\n"; + +while ($row = $db->sql_fetchrow($result)) +{ + + $new_avatar_name = adjust_avatar($row['user_avatar'], $row['user_id']); + + // failure is probably due to the avatar name already being adjusted + if ($new_avatar_name !== false) + { + $sql = 'UPDATE ' . USERS_TABLE . " + SET user_avatar = '$new_avatar_name' + WHERE user_id = {$row['user_id']}"; + $db->sql_query($sql); + } + else + { + echo '
Failed updating user ' . $row['user_id'] . "\n"; + } + + if ($echos > 200) + { + echo '
' . "\n"; + $echos = 0; + } + + echo '.'; + $echos++; + + flush(); +} + +$db->sql_freeresult($result); + +echo 'FINISHED'; + +// Done +$db->sql_close(); + +function adjust_avatar($old_name, $midfix) +{ + global $config, $phpbb_root_path; + + $avatar_path = $phpbb_root_path . $config['avatar_path']; + if (@file_exists($avatar_path . '/' . $old_name) && @is_writable($avatar_path . '/' . $old_name)) + { + $new_name = $config['avatar_salt'] . '_' . $midfix . '.' . substr(strrchr($old_name, '.'), 1); + @rename($avatar_path . '/' . $old_name, $avatar_path . '/' . $new_name); + return $midfix . '.' . substr(strrchr($old_name, '.'), 1); + } + return false; +} +?> \ No newline at end of file diff --git a/phpBB/download.php b/phpBB/download.php index b333023872..5b2f7b17cf 100644 --- a/phpBB/download.php +++ b/phpBB/download.php @@ -14,9 +14,87 @@ define('IN_PHPBB', true); $phpbb_root_path = './'; $phpEx = substr(strrchr(__FILE__, '.'), 1); + +if (isset($_GET['avatar'])) +{ + require($phpbb_root_path . 'config.' . $phpEx); + require($phpbb_root_path . 'includes/acm/acm_' . $acm_type . '.' . $phpEx); + require($phpbb_root_path . 'includes/cache.' . $phpEx); + require($phpbb_root_path . 'includes/db/' . $dbms . '.' . $phpEx); + require($phpbb_root_path . 'includes/constants.' . $phpEx); + + $db = new $sql_db(); + $cache = new cache(); + + // Connect to DB + if (!@$db->sql_connect($dbhost, $dbuser, $dbpasswd, $dbname, $dbport, false, false)) + { + exit; + } + + $config = $cache->obtain_config(); + $filename = $_GET['avatar']; + $avatar_group = false; + if ($filename[0] === 'g') + { + $avatar_group = true; + $filename = substr($filename, 1); + } + + // '==' is not a bug - . as the first char is as bad as no dot at all + if (strpos($filename, '.') == false) + { + header('HTTP/1.0 403 forbidden'); + if (!empty($cache)) + { + $cache->unload(); + } + $db->sql_close(); + exit; + } + + $ext = substr(strrchr($filename, '.'), 1); + $filename = intval($filename); + + if (!in_array($ext, array('png', 'gif', 'jpg', 'jpeg'))) + { + // no way such an avatar could exist. They are not following the rules, stop the show. + header("HTTP/1.0 403 forbidden"); + if (!empty($cache)) + { + $cache->unload(); + } + $db->sql_close(); + exit; + } + + if (!$filename) + { + // no way such an avatar could exist. They are not following the rules, stop the show. + header("HTTP/1.0 403 forbidden"); + if (!empty($cache)) + { + $cache->unload(); + } + $db->sql_close(); + exit; + } + + send_avatar_to_browser(($avatar_group ? 'g' : '') . $filename . '.' . $ext); + + if (!empty($cache)) + { + $cache->unload(); + } + $db->sql_close(); + exit; +} + +// implicit else: we are not in avatar mode include($phpbb_root_path . 'common.' . $phpEx); $download_id = request_var('id', 0); +$mode = request_var('mode', ''); $thumbnail = request_var('t', false); // Start session management, do not update session page. @@ -158,25 +236,116 @@ else if (($display_cat == ATTACHMENT_CATEGORY_NONE || $display_cat == ATTACHMENT $db->sql_query($sql); } -// Determine the 'presenting'-method -if ($download_mode == PHYSICAL_LINK) +if ($mode === 'view' && (strpos($attachment['mimetype'], 'image') === 0) && strpos(strtolower($user->browser), 'msie') !== false) { - // This presenting method should no longer be used - if (!@is_dir($phpbb_root_path . $config['upload_path'])) - { - trigger_error($user->lang['PHYSICAL_DOWNLOAD_NOT_POSSIBLE']); - } - - redirect($phpbb_root_path . $config['upload_path'] . '/' . $attachment['physical_filename']); - exit; + wrap_img_in_html(append_sid('./download.' . $phpEx, 'id=' . $attachment['attach_id']), $attachment['real_filename']); } else { - send_file_to_browser($attachment, $config['upload_path'], $extensions[$attachment['extension']]['display_cat']); - exit; + // Determine the 'presenting'-method + if ($download_mode == PHYSICAL_LINK) + { + // This presenting method should no longer be used + if (!@is_dir($phpbb_root_path . $config['upload_path'])) + { + trigger_error($user->lang['PHYSICAL_DOWNLOAD_NOT_POSSIBLE']); + } + + redirect($phpbb_root_path . $config['upload_path'] . '/' . $attachment['physical_filename']); + exit; + } + else + { + send_file_to_browser($attachment, $config['upload_path'], $extensions[$attachment['extension']]['display_cat']); + exit; + } } +/** +* A simplified function to deliver avatars +* The argument needs to be checked before calling this function. +*/ +function send_avatar_to_browser($file) +{ + global $config, $phpbb_root_path; + $prefix = $config['avatar_salt'] . '_'; + $img_dir = $config['avatar_path']; + $browser = $_SERVER['HTTP_USER_AGENT']; + + // Adjust img_dir path (no trailing slash) + if (substr($img_dir, -1, 1) == '/' || substr($img_dir, -1, 1) == '\\') + { + $img_dir = substr($img_dir, 0, -1) . '/'; + } + $img_dir = str_replace(array('../', '..\\', './', '.\\'), '', $img_dir); + if ($img_dir && ($img_dir[0] == '/' || $img_dir[0] == '\\')) + { + $img_dir = ''; + } + $file_path = $phpbb_root_path . $img_dir . '/' . $prefix . $file; + + if ((@file_exists($file_path) && @is_readable($file_path)) || headers_sent()) + { + header('Pragma: public'); + + $image_data = (getimagesize($file_path)); + header('Content-Type: ' . image_type_to_mime_type($image_data[2])); + + if (strpos(strtolower($browser), 'msie') !== false) + { + header('Content-Disposition: attachment; ' . header_filename($file)); + if (strpos(strtolower($browser), 'msie 6.0') !== false) + { + header('Expires: -1'); + } + else + { + header('Expires: ' . gmdate('D, d M Y H:i:s \G\M\T', time() + 31536000)); + } + } + else + { + header('Content-Disposition: inline; ' . header_filename($file)); + header('Expires: ' . gmdate('D, d M Y H:i:s \G\M\T', time() + 31536000)); + } + + $size = @filesize($file_path); + if ($size) + { + header("Content-Length: $size"); + } + + readfile($file_path); + flush(); + } + else + { + header('HTTP/1.0 404 not found'); + } +} + +/** +* Wraps an url into a simple html page. Used to display attachments in IE. +* this is a workaround for now; might be moved to template system later +* direct any complaints to 1 Microsoft Way, Redmond +*/ +function wrap_img_in_html($src, $title) +{ + echo ''; + echo ''; + echo ''; + echo ''; + echo '' . $title . ''; + echo ''; + echo ''; + echo '
'; + echo '' . $title . ''; + echo '
'; + echo ''; + echo ''; +} + /** * Send file to browser */ @@ -240,8 +409,20 @@ function send_file_to_browser($attachment, $upload_dir, $category) // Send out the Headers. Do not set Content-Disposition to inline please, it is a security measure for users using the Internet Explorer. header('Content-Type: ' . $attachment['mimetype']); - header('Content-Disposition: ' . ((strpos($attachment['mimetype'], 'image') === 0) ? 'inline' : 'attachment') . '; ' . header_filename(htmlspecialchars_decode($attachment['real_filename']))); - + + if (strpos(strtolower($user->browser), 'msie') !== false) + { + header('Content-Disposition: attachment; ' . header_filename(htmlspecialchars_decode($attachment['real_filename']))); + if (strpos(strtolower($user->browser), 'msie 6.0') !== false) + { + header('expires: -1'); + } + } + else + { + header('Content-Disposition: ' . ((strpos($attachment['mimetype'], 'image') === 0) ? 'inline' : 'attachment') . '; ' . header_filename(htmlspecialchars_decode($attachment['real_filename']))); + } + if ($size) { header("Content-Length: $size"); diff --git a/phpBB/includes/acp/acp_attachments.php b/phpBB/includes/acp/acp_attachments.php index adaf39a8c5..ed8daf911f 100644 --- a/phpBB/includes/acp/acp_attachments.php +++ b/phpBB/includes/acp/acp_attachments.php @@ -983,7 +983,7 @@ class acp_attachments 'PHYSICAL_FILENAME' => basename($row['physical_filename']), 'ATTACH_ID' => $row['attach_id'], 'POST_IDS' => (!empty($post_ids[$row['attach_id']])) ? $post_ids[$row['attach_id']] : '', - 'U_FILE' => append_sid($phpbb_root_path . 'download.' . $phpEx, 'id=' . $row['attach_id'])) + 'U_FILE' => append_sid($phpbb_root_path . 'download.' . $phpEx, 'mode=view&id=' . $row['attach_id'])) ); } $db->sql_freeresult($result); diff --git a/phpBB/includes/acp/acp_groups.php b/phpBB/includes/acp/acp_groups.php index 29000b2c63..0cd2c2527b 100644 --- a/phpBB/includes/acp/acp_groups.php +++ b/phpBB/includes/acp/acp_groups.php @@ -355,7 +355,7 @@ class acp_groups } } - if ((isset($submit_ary['avatar']) && $submit_ary['avatar'] && (!isset($group_row['group_avatar']) || $group_row['group_avatar'] != $submit_ary['avatar'])) || $delete) + if ((isset($submit_ary['avatar']) && $submit_ary['avatar'] && (!isset($group_row['group_avatar']))) || $delete) { if (isset($group_row['group_avatar']) && $group_row['group_avatar']) { diff --git a/phpBB/includes/acp/acp_users.php b/phpBB/includes/acp/acp_users.php index db6c1f83e3..3387dc8d25 100644 --- a/phpBB/includes/acp/acp_users.php +++ b/phpBB/includes/acp/acp_users.php @@ -1620,7 +1620,7 @@ class acp_users 'S_IN_MESSAGE' => $row['in_message'], - 'U_DOWNLOAD' => append_sid("{$phpbb_root_path}download.$phpEx", 'id=' . $row['attach_id']), + 'U_DOWNLOAD' => append_sid("{$phpbb_root_path}download.$phpEx", 'mode=view&id=' . $row['attach_id']), 'U_VIEW_TOPIC' => $view_topic) ); } diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index 391968680a..0592401756 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -2878,16 +2878,18 @@ function parse_attachments($forum_id, &$message, &$attachments, &$update_count, $display_cat = ATTACHMENT_CATEGORY_NONE; } - $download_link = append_sid("{$phpbb_root_path}download.$phpEx", 'id=' . $attachment['attach_id'] . '&f=' . (int) $forum_id); + $download_link = append_sid("{$phpbb_root_path}download.$phpEx", 'id=' . $attachment['attach_id'] . '&f=' . (int) $forum_id . '&mode=view'); switch ($display_cat) { // Images case ATTACHMENT_CATEGORY_IMAGE: $l_downloaded_viewed = 'VIEWED_COUNT'; + $inline_link = append_sid("{$phpbb_root_path}download.$phpEx", 'id=' . $attachment['attach_id'] . '&f=' . (int) $forum_id); $block_array += array( 'S_IMAGE' => true, + 'U_INLINE_LINK' => $inline_link, ); $update_count[] = $attachment['attach_id']; diff --git a/phpBB/includes/functions_convert.php b/phpBB/includes/functions_convert.php index 16972b3704..c02d736695 100644 --- a/phpBB/includes/functions_convert.php +++ b/phpBB/includes/functions_convert.php @@ -630,7 +630,10 @@ function import_smiley($source, $use_target = false) return $result['target']; } -function import_avatar($source, $use_target = false) +/* +* +*/ +function import_avatar($source, $use_target = false, $user_id = false) { if (empty($source) || preg_match('#^https?:#i', $source) || preg_match('#blank\.(gif|png)$#i', $source)) { @@ -643,9 +646,15 @@ function import_avatar($source, $use_target = false) { $convert->p_master->error(sprintf($user->lang['CONV_ERROR_NO_AVATAR_PATH'], 'import_avatar()'), __LINE__, __FILE__); } - + + if ($use_target === false && $user_id !== false) + { + $use_target = $config['avatar_salt'] . '_' . $user_id . '.' . substr(strrchr($source, '.'), 1); + } + $result = _import_check('avatar_path', $source, $use_target); - return $result['target']; + + return ((!empty($user_id)) ? $user_id : $use_target) . '.' . substr(strrchr($source, '.'), 1); } /** diff --git a/phpBB/includes/functions_display.php b/phpBB/includes/functions_display.php index 26e7f050a8..6ae606c6a5 100644 --- a/phpBB/includes/functions_display.php +++ b/phpBB/includes/functions_display.php @@ -1117,7 +1117,7 @@ function get_user_rank($user_rank, $user_posts, &$rank_title, &$rank_img, &$rank */ function get_user_avatar($avatar, $avatar_type, $avatar_width, $avatar_height, $alt = 'USER_AVATAR') { - global $user, $config, $phpbb_root_path; + global $user, $config, $phpbb_root_path, $phpEx; if (empty($avatar) || !$avatar_type) { @@ -1129,7 +1129,7 @@ function get_user_avatar($avatar, $avatar_type, $avatar_width, $avatar_height, $ switch ($avatar_type) { case AVATAR_UPLOAD: - $avatar_img = $phpbb_root_path . $config['avatar_path'] . '/'; + $avatar_img = $phpbb_root_path . "download.$phpEx?avatar="; break; case AVATAR_GALLERY: diff --git a/phpBB/includes/functions_posting.php b/phpBB/includes/functions_posting.php index afacb6e85c..4b7d8ff8c0 100644 --- a/phpBB/includes/functions_posting.php +++ b/phpBB/includes/functions_posting.php @@ -745,7 +745,7 @@ function posting_gen_attachment_entry($attachment_data, &$filename_data) $hidden .= ''; } - $download_link = append_sid("{$phpbb_root_path}download.$phpEx", 'id=' . (int) $attach_row['attach_id'], false, ($attach_row['is_orphan']) ? $user->session_id : false); + $download_link = append_sid("{$phpbb_root_path}download.$phpEx", 'mode=view&id=' . (int) $attach_row['attach_id'], false, ($attach_row['is_orphan']) ? $user->session_id : false); $template->assign_block_vars('attach_row', array( 'FILENAME' => basename($attach_row['real_filename']), diff --git a/phpBB/includes/functions_upload.php b/phpBB/includes/functions_upload.php index cd14b26169..92c6b1a938 100644 --- a/phpBB/includes/functions_upload.php +++ b/phpBB/includes/functions_upload.php @@ -81,7 +81,7 @@ class filespec * @param string $prefix Prefix applied to filename * @access public */ - function clean_filename($mode = 'unique', $prefix = '') + function clean_filename($mode = 'unique', $prefix = '', $user_id = '') { if ($this->init_error) { @@ -110,6 +110,10 @@ class filespec $this->realname = $prefix . md5(unique_id()); break; + case 'avatar': + $this->realname = $prefix . $user_id . '.' . $this->extension; + break; + case 'unique_ext': default: $this->realname = $prefix . md5(unique_id()) . '.' . $this->extension; diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php index 02665810ac..055ab7c283 100644 --- a/phpBB/includes/functions_user.php +++ b/phpBB/includes/functions_user.php @@ -1489,6 +1489,8 @@ function validate_email($email, $allowed_email = false) return false; } + + /** * Remove avatar */ @@ -1499,15 +1501,16 @@ function avatar_delete($mode, $row) // Check if the users avatar is actually *not* a group avatar if ($mode == 'user') { - if (strpos($row['user_avatar'], 'g' . $row['group_id'] . '_') === 0 || strpos($row['user_avatar'], $row['user_id'] . '_') !== 0) + if (strpos($row['user_avatar'], 'g') === 0 || (((int)$row['user_avatar'] !== 0) && ((int)$row['user_avatar'] !== (int)$row['user_id']))) { return false; } } - - if (file_exists($phpbb_root_path . $config['avatar_path'] . '/' . basename($row[$mode . '_avatar']))) + + $filename = get_avatar_filename($row[$mode . '_avatar']); + if (file_exists($phpbb_root_path . $config['avatar_path'] . '/' . $filename)) { - @unlink($phpbb_root_path . $config['avatar_path'] . '/' . basename($row[$mode . '_avatar'])); + @unlink($phpbb_root_path . $config['avatar_path'] . '/' . $filename); return true; } @@ -1612,8 +1615,9 @@ function avatar_upload($data, &$error) { $file = $upload->remote_upload($data['uploadurl']); } - - $file->clean_filename('real', $data['user_id'] . '_'); + + $prefix = $config['avatar_salt'] . '_'; + $file->clean_filename('avatar', $prefix, $data['user_id']); $destination = $config['avatar_path']; @@ -1638,7 +1642,29 @@ function avatar_upload($data, &$error) $error = array_merge($error, $file->error); } - return array(AVATAR_UPLOAD, $file->get('realname'), $file->get('width'), $file->get('height')); + return array(AVATAR_UPLOAD, $data['user_id'] . '_' . substr(time(), -5) . '.' . $file->get('extension'), $file->get('width'), $file->get('height')); +} + +/** +* Generates avatar filename from the database entry +*/ +function get_avatar_filename($avatar_entry) +{ + global $config; + + + if ($avatar_entry[0] === 'g') + { + $avatar_group = true; + $avatar_entry = substr($avatar_entry, 1); + } + else + { + $avatar_group = false; + } + $ext = substr(strrchr($avatar_entry, '.'), 1); + $avatar_entry = intval($avatar_entry); + return $config['avatar_salt'] . '_' . (($avatar_group) ? 'g' : '') . $avatar_entry . '.' . $ext; } /** @@ -1858,7 +1884,7 @@ function avatar_process_user(&$error, $custom_userdata = false) $userdata = ($custom_userdata === false) ? $user->data : $custom_userdata; // Delete old avatar if present - if ($userdata['user_avatar'] && $sql_ary['user_avatar'] != $userdata['user_avatar'] && $userdata['user_avatar_type'] != AVATAR_GALLERY) + if ($userdata['user_avatar'] && empty($sql_ary['user_avatar']) && $userdata['user_avatar_type'] != AVATAR_GALLERY) { avatar_delete('user', $userdata); } @@ -1966,6 +1992,10 @@ function group_create(&$group_id, $type, $name, $desc, $group_attributes, $allow if (!$group_id) { $group_id = $db->sql_nextid(); + if ($sql_ary['group_avatar_type'] == AVATAR_UPLOAD) + { + group_correct_avatar($group_id, $sql_ary['group_avatar']); + } } // Set user attributes @@ -2016,6 +2046,30 @@ function group_create(&$group_id, $type, $name, $desc, $group_attributes, $allow return (sizeof($error)) ? $error : false; } + +/** +* Changes a group avatar's filename to conform to the naming scheme +*/ +function group_correct_avatar($group_id, $old_entry) +{ + global $config, $db, $phpbb_root_path; + + $group_id = (int)$group_id; + $ext = substr(strrchr($old_entry, '.'), 1); + $old_filename = get_avatar_filename($old_entry); + $new_filename = $config['avatar_salt'] . "_g$group_id.$ext"; + $new_entry = 'g' . $group_id . '_' . substr(time(), -5) . ".$ext"; + + $avatar_path = $phpbb_root_path . $config['avatar_path']; + if (@rename($avatar_path . '/'. $old_filename, $avatar_path . '/' . $new_filename)) + { + $sql = 'UPDATE ' . GROUPS_TABLE . ' + SET group_avatar = \'' . $db->sql_escape($new_entry) . "' + WHERE group_id = $group_id"; + $db->sql_query($sql); + } +} + /** * Group Delete */ diff --git a/phpBB/includes/ucp/ucp_groups.php b/phpBB/includes/ucp/ucp_groups.php index 519c0220e7..5b891cf1bb 100644 --- a/phpBB/includes/ucp/ucp_groups.php +++ b/phpBB/includes/ucp/ucp_groups.php @@ -544,7 +544,7 @@ class ucp_groups } } - if ((isset($submit_ary['avatar']) && $submit_ary['avatar'] && (!isset($group_row['group_avatar']) || $group_row['group_avatar'] != $submit_ary['avatar'])) || $delete) + if ((isset($submit_ary['avatar']) && $submit_ary['avatar'] && (!isset($group_row['group_avatar']))) || $delete) { if (isset($group_row['group_avatar']) && $group_row['group_avatar']) { diff --git a/phpBB/install/convertors/functions_phpbb20.php b/phpBB/install/convertors/functions_phpbb20.php index dd09a4454d..85960bfb70 100644 --- a/phpBB/install/convertors/functions_phpbb20.php +++ b/phpBB/install/convertors/functions_phpbb20.php @@ -1419,7 +1419,7 @@ function phpbb_import_avatar($user_avatar) else if ($convert_row['user_avatar_type'] == 1) { // Uploaded avatar - return import_avatar($user_avatar); + return import_avatar($user_avatar, false, $convert_row['user_id']); } else if ($convert_row['user_avatar_type'] == 2) { diff --git a/phpBB/install/database_update.php b/phpBB/install/database_update.php index d7bd1b3782..82faa022ad 100644 --- a/phpBB/install/database_update.php +++ b/phpBB/install/database_update.php @@ -1087,11 +1087,14 @@ if (version_compare($current_version, '3.0.b5', '<=')) } unset($sql_in); + set_config('avatar_salt', md5(mt_rand())); + $sql = 'UPDATE ' . ACL_OPTIONS_TABLE . ' SET is_local = 0 WHERE auth_option = \'m_warn\''; $db->sql_query($sql); $sql = 'UPDATE ' . MODULES_TABLE . ' SET module_auth = \'acl_m_warn && acl_f_read,$id\' WHERE module_basename = \'warn\' AND module_mode = \'warn_post\''; $db->sql_query($sql); + $no_updates = false; } diff --git a/phpBB/install/install_convert.php b/phpBB/install/install_convert.php index c114b3f219..4c8d4aca1f 100644 --- a/phpBB/install/install_convert.php +++ b/phpBB/install/install_convert.php @@ -1457,7 +1457,7 @@ class install_convert extends module } else { - $sync_batch -= $batch_size; + $sync_batch--; } $url = $this->save_convert_progress('&sync_batch=' . $sync_batch); diff --git a/phpBB/install/install_install.php b/phpBB/install/install_install.php index 30d3440ee7..3ea5fde7ee 100755 --- a/phpBB/install/install_install.php +++ b/phpBB/install/install_install.php @@ -1269,7 +1269,11 @@ class install_install extends module 'UPDATE ' . $table_prefix . "config SET config_value = '" . $db->sql_escape($admin_name) . "' WHERE config_name = 'newest_username'", - + + 'UPDATE ' . $table_prefix . "config + SET config_value = '" . md5(mt_rand()) . "' + WHERE config_name = 'avatar_salt'", + 'UPDATE ' . $table_prefix . "users SET username = '" . $db->sql_escape($admin_name) . "', user_password='" . $db->sql_escape(md5($admin_pass1)) . "', user_ip = '" . $db->sql_escape($user_ip) . "', user_lang = '" . $db->sql_escape($default_lang) . "', user_email='" . $db->sql_escape($board_email1) . "', user_dateformat='" . $db->sql_escape($lang['default_dateformat']) . "', user_email_hash = " . (crc32($board_email1) . strlen($board_email1)) . ", username_clean = '" . $db->sql_escape(utf8_clean_string($admin_name)) . "' WHERE username = 'Admin'", diff --git a/phpBB/install/schemas/schema_data.sql b/phpBB/install/schemas/schema_data.sql index d07a45a9e0..6fa07c6f68 100644 --- a/phpBB/install/schemas/schema_data.sql +++ b/phpBB/install/schemas/schema_data.sql @@ -44,6 +44,7 @@ INSERT INTO phpbb_config (config_name, config_value) VALUES ('avatar_max_width', INSERT INTO phpbb_config (config_name, config_value) VALUES ('avatar_min_height', '20'); INSERT INTO phpbb_config (config_name, config_value) VALUES ('avatar_min_width', '20'); INSERT INTO phpbb_config (config_name, config_value) VALUES ('avatar_path', 'images/avatars/upload'); +INSERT INTO phpbb_config (config_name, config_value) VALUES ('avatar_salt', 'phpbb_avatar'); INSERT INTO phpbb_config (config_name, config_value) VALUES ('board_contact', 'contact@yourdomain.tld'); INSERT INTO phpbb_config (config_name, config_value) VALUES ('board_disable', '0'); INSERT INTO phpbb_config (config_name, config_value) VALUES ('board_disable_msg', ''); diff --git a/phpBB/styles/prosilver/template/attachment.html b/phpBB/styles/prosilver/template/attachment.html index de46720baf..a51f1ebc57 100644 --- a/phpBB/styles/prosilver/template/attachment.html +++ b/phpBB/styles/prosilver/template/attachment.html @@ -14,7 +14,7 @@
-
{_file.DOWNLOAD_NAME}
+
{_file.DOWNLOAD_NAME}
{_file.COMMENT}
{_file.DOWNLOAD_NAME} ({_file.FILESIZE} {_file.SIZE_LANG}) {_file.L_DOWNLOAD_COUNT}
@@ -22,14 +22,14 @@
-
{_file.UPLOAD_ICON} {_file.DOWNLOAD_NAME}
+
{_file.UPLOAD_ICON} {_file.DOWNLOAD_NAME}
{_file.COMMENT}
({_file.FILESIZE} {_file.SIZE_LANG}) {_file.L_DOWNLOAD_COUNT}
-
+ - - + + diff --git a/phpBB/styles/subsilver2/template/attachment.html b/phpBB/styles/subsilver2/template/attachment.html index 0b1ef32c0e..b8071bec06 100644 --- a/phpBB/styles/subsilver2/template/attachment.html +++ b/phpBB/styles/subsilver2/template/attachment.html @@ -15,7 +15,7 @@ - {_file.DOWNLOAD_NAME}
+ {_file.DOWNLOAD_NAME}
{_file.DOWNLOAD_NAME} [ {_file.FILESIZE} {_file.SIZE_LANG} | {_file.L_DOWNLOAD_COUNT} ]