Un-b0rked ACL options caching, small general fixes

git-svn-id: file:///svn/phpbb/trunk@3338 89ea8834-ac86-4346-8a33-228a782c2dd0

phpBB/admin/admin_forums.php

@@ -192,10 +192,10 @@ switch ($mode)
 			'parent_id'			=> $parent_id, 
 			'left_id'			=> $left_id,
 			'right_id'			=> $right_id, 
-			'forum_status'		=> ITEM_UNLOCKED,
+			'forum_status'		=> intval($_POST['forum_status']),
 			'forum_postable'	=> (!empty($_POST['forum_postable'])) ? 1 : 0,
-			'forum_name'		=> sql_quote($_POST['forum_name']),
-			'forum_desc'		=> sql_quote($_POST['forum_desc']), 
+			'forum_name'		=> $_POST['forum_name'],
+			'forum_desc'		=> $_POST['forum_desc'], 
 			'forum_style'		=> (!empty($_POST['forum_style'])) ? intval($_POST['forum_style']) : 'NULL', 
 			'enable_post_count'	=> (!empty($_POST['disable_post_count'])) ? 0 : 1,
 			'enable_icons'		=> (!empty($_POST['enable_icons'])) ? 1 : 0, 
@@ -282,6 +282,8 @@ switch ($mode)
 			//
 			// wasn't this form submitted? is anyone trying to remotely delete forums
 			//
+			// NOTE/TODO: this should not be possible because of session_id verification so this part can be removed
+			//
 			trigger_error('Did not submit', E_USER_ERROR);
 		}
 

phpBB/admin/pagestart.php

@@ -25,6 +25,7 @@ if (!defined('IN_PHPBB'))
 }
 
 define('IN_ADMIN', true);
+define('NEED_SID', true);
 include($phpbb_root_path . 'common.'.$phpEx);
 
 // Start session management
@@ -33,17 +34,6 @@ $user->setup();
 $auth->acl($user->data);
 // End session management
 
-//
-// If session_ids do not match, rewrite the URL correctly then redirect the user
-//
-if ($_REQUEST['sid'] != $user->data['session_id'])
-{
-	$url = preg_replace('/sid=([^&]*)(&?)/i', '', $_SERVER['REQUEST_URI']);
-	$url = preg_replace('/\?$/', '', $url);
-	$url .= ((strpos($url, '?')) ? '&' : '?') . 'sid=' . $user->data['session_id'];
-	redirect($url);
-}
-
 // -----------------------------
 // Functions
 function page_header($sub_title, $meta = '', $table_html = true)

phpBB/common.php

@@ -80,7 +80,6 @@ define('GROUP_SPECIAL', 3);
 define('ITEM_UNLOCKED', 0);
 define('ITEM_LOCKED', 1);
 define('ITEM_MOVED', 2);
-define('ITEM_CATEGORY', 3);
 
 // Topic types
 define('POST_NORMAL', 0);
@@ -183,7 +182,7 @@ if ( empty($acl_options) )
 }
 */
 
-if (!$config = $cache->load('config'))
+if (!$config = $cache->get('config'))
 {
 	$config = array();
 
@@ -195,7 +194,18 @@ if (!$config = $cache->load('config'))
 		$config[$row['config_name']] = $row['config_value'];
 	}
 
-	$cache->save('config', $config);
+	$cache->put('config', $config);
+}
+
+if ($cache->exists('acl_options'))
+{
+	$acl_options = $cache->get('acl_options');
+}
+else
+{
+	require_once($phpbb_root_path . 'includes/functions_admin.' . $phpEx);
+	$auth_admin = new auth_admin();
+	$acl_options = $auth_admin->acl_cache_options();
 }
 
 /*

phpBB/db/mysql.php

@@ -397,6 +397,11 @@ class sql_db
 	
 	function sql_error($sql = '')
 	{
+		$result = array(
+			'message' => @mysql_error(),
+			'code' => @mysql_errno()
+		);
+
 		if ( !$this->return_on_error )
 		{
 			if ( $this->transaction )
@@ -411,8 +416,6 @@ class sql_db
 			trigger_error($message, E_USER_ERROR);
 		}
 
-		$result['message'] = @mysql_error();
-		$result['code'] = @mysql_errno();
 
 		return $result;
 	}

phpBB/includes/acm/cache_file.php

@@ -67,7 +67,7 @@ class acm
 		}
 	}
 
-	function save($varname, $var)
+	function put($varname, $var)
 	{
 		$this->vars[$varname] = $var;
 		$this->vars_ts[$varname] = time();
@@ -84,7 +84,7 @@ class acm
 		}
 	}
 
-	function load($varname, $expire_time = 0)
+	function get($varname, $expire_time = 0)
 	{
 		return ($this->exists($varname, $expire_time)) ? $this->vars[$varname] : null;
 	}

phpBB/includes/functions.php

@@ -50,7 +50,7 @@ function set_config($config_name, $config_value)
 	}
 
 	$config[$config_name] = $config_value;
-	$cache->save('config', $config);
+	$cache->put('config', $config);
 
 }
 
@@ -214,9 +214,7 @@ function make_jumpbox($action, $forum_id = false)
 	$sql = 'SELECT forum_id, forum_name, forum_postable, left_id, right_id
 		FROM ' . FORUMS_TABLE . '
 		ORDER BY left_id ASC';
-	
-	// Cache the forums list for 60 seconds
-	$result = $db->sql_query($sql, 60);
+	$result = $db->sql_query($sql);
 
 	$right = $cat_right = 0;
 	$padding = $forum_list = $holding = '';
@@ -265,7 +263,7 @@ function make_jumpbox($action, $forum_id = false)
 		}
 
 		$nav_links['chapter forum'][$row['forum_id']] = array (
-			'url' => ($row['forum_status'] == ITEM_CATEGORY) ? "index.$phpEx$SIDc=" : "viewforum.$phpEx$SID&f=" . $row['forum_id'],
+			'url' => "viewforum.$phpEx$SID&f=" . $row['forum_id'],
 			'title' => $row['forum_name']
 		);
 	}
@@ -676,7 +674,7 @@ function obtain_word_list(&$orig_word, &$replacement_word)
 	global $db, $cache;
 	if ($cache->exists('word_censors'))
 	{
-		$words = $cache->load('word_censors');
+		$words = $cache->get('word_censors');
 		$orig_word = $words['orig'];
 		$replacement_word = $words['replacement'];
 	}
@@ -693,7 +691,7 @@ function obtain_word_list(&$orig_word, &$replacement_word)
 		}
 
 		$words = array('orig' => $orig_word, 'replacement' => $replacement_word);
-		$cache->save('word_censors', $words);
+		$cache->put('word_censors', $words);
 	}
 
 	return true;

phpBB/includes/functions_admin.php

@@ -807,7 +807,7 @@ class auth_admin extends auth
 
 	function acl_cache_options($options = false)
 	{
-		global $db;
+		global $db, $cache;
 
 		$options = array();
 
@@ -833,6 +833,7 @@ class auth_admin extends auth
 			$db->sql_freeresult($result);
 		}
 
+/*
 		// Re-cache options
 		$cache_str = "\$acl_options = array(\n";
 		foreach ($options as $type => $options_ary)
@@ -848,6 +849,9 @@ class auth_admin extends auth
 
 		config_cache_write('\$acl_options = array\(.*?\);', $cache_str);
 		$this->acl_clear_prefetch();
+*/
+		$cache->put('acl_options', $options);
+		$this->acl_clear_prefetch();
 
 		return $options;
 	}

phpBB/includes/functions_display.php

@@ -19,13 +19,21 @@
  *
  ***************************************************************************/
 
-function display_forums($root_data=array(), $display_moderators=TRUE)
+function display_forums($root_data = '', $display_moderators = TRUE)
 {
 	global $db, $template, $auth, $user, $phpEx, $SID, $forum_moderators;
 
-	$where_sql = ($root_data['forum_id']) ? ' WHERE left_id > ' . $root_data['left_id'] . ' AND left_id < ' . $root_data['right_id'] : '';
+	if (!$root_data)
+	{
+		$root_data = array('forum_id' => 0);
+		$where_sql = '';
+	}
+	else
+	{
+		$where_sql = ' WHERE left_id > ' . $root_data['left_id'] . ' AND left_id < ' . $root_data['right_id'];
+	}
 
-	if($user->data['user_id'] != ANONYMOUS)
+	if ($user->data['user_id'] != ANONYMOUS)
 	{
 		$lastread_select = ", lr.lastread_time";
 		$lastread_sql = "
@@ -34,8 +42,8 @@ function display_forums($root_data=array(), $display_moderators=TRUE)
 				AND (f.forum_id = lr.forum_id OR f.forum_id = -lr.forum_id)
 				AND lr.lastread_time >= f.forum_last_post_time)";
 
-		// Temp fix
-		$where_sql .= ' GROUP BY f.forum_id';
+		// Temp fix for index
+		//$where_sql .= ' GROUP BY f.forum_id';
 	}
 	else
 	{
@@ -230,4 +238,4 @@ function display_forums($root_data=array(), $display_moderators=TRUE)
 		));
 	}
 }
-?>
+?>

phpBB/includes/page_tail.php

@@ -52,7 +52,10 @@ $template->assign_vars(array(
 ));
 
 
-$cache->save_cache();
+if (!empty($cache))
+{
+	$cache->save_cache();
+}
 $template->display('body');
 
 exit;

phpBB/includes/session.php

@@ -42,8 +42,7 @@ class session
 		{
 			$sessiondata = ( isset($_COOKIE[$config['cookie_name'] . '_data']) ) ? unserialize(stripslashes($_COOKIE[$config['cookie_name'] . '_data'])) : '';
 			$this->session_id = ( isset($_COOKIE[$config['cookie_name'] . '_sid']) ) ? $_COOKIE[$config['cookie_name'] . '_sid'] : '';
-			$SID = (defined('IN_ADMIN')) ? '?sid=' . $this->session_id : '?sid=';
-//			$SID = (defined('ADD_SID')) ? '?sid=' . $this->session_id : '?sid=';
+			$SID = (defined('NEED_SID')) ? '?sid=' . $this->session_id : '?sid=';
 		}
 		else
 		{
@@ -79,7 +78,8 @@ class session
 		}
 
 		// session_id exists so go ahead and attempt to grab all data in preparation
-		if (!empty($this->session_id))
+		// Added session check
+		if (!empty($this->session_id) && (!defined('NEED_SID') || $this->session_id == $_GET['sid']))
 		{
 			$sql = "SELECT u.*, s.*
 				FROM " . SESSIONS_TABLE . " s, " . USERS_TABLE . " u
@@ -113,6 +113,14 @@ class session
 			}
 		}
 
+		// Session check failed, redirect the user to the index page
+		// TODO: we could delay it until we grab user's data and display a localised error message
+		if (defined('NEED_SID'))
+		{
+			// NOTE: disabled until we decide how to deal with this
+			//redirect("index.$phpEx$SID");
+		}
+
 		// If we reach here then no (valid) session exists. So we'll create a new one,
 		// using the cookie user_id if available to pull basic user prefs.
 		$autologin = (isset($sessiondata['autologinid'])) ? $sessiondata['autologinid'] : '';
@@ -309,7 +317,7 @@ class session
 				$db->sql_query($sql);
 			}
 
-			$del_user_id .= (($del_user_id != '') ? ', ' : '') . ' \'' . $row['session_user_id'] . '\'';
+			$del_user_id .= (($del_user_id != '') ? ', ' : '') . " '" . $row['session_user_id'] . "'";
 			$del_sessions++;
 		}
 
@@ -440,12 +448,11 @@ class user extends session
 				AND c.theme_id = s.style_id
 				AND i.imageset_id = s.imageset_id";
 
-		// Cache this query for 60 seconds
-		$result = $db->sql_query($sql, 60);
+		$result = $db->sql_query($sql);
 
 		if (!($this->theme = $db->sql_fetchrow($result)))
 		{
-			message_die(ERROR, 'Could not get style data');
+			trigger_error('Could not get style data');
 		}
 
 		$template->set_template($this->theme['template_path']);
@@ -701,6 +708,7 @@ class auth
 
 		$method = trim($config['auth_method']);
 
+		// NOTE: don't we need $phpbb_root_path here?
 		if (file_exists('includes/auth/auth_' . $method . '.' . $phpEx))
 		{
 			include_once('includes/auth/auth_' . $method . '.' . $phpEx);

phpBB/index.php

@@ -25,16 +25,7 @@ include($phpbb_root_path . 'extension.inc');
 include($phpbb_root_path . 'common.'.$phpEx);
 
 // Get posted/get info
-$cat_id = (!empty($_GET['c'])) ? intval($_GET['c']) : 0;
-
-if (isset($_GET['mark']) || isset($_POST['mark']))
-{
-	$mark_read = (isset($_POST['mark'])) ? $_POST['mark'] : $_GET['mark'];
-}
-else
-{
-	$mark_read = '';
-}
+$mark_read = (isset($_REQUEST['mark'])) ? $_REQUEST['mark'] : '';
 
 // Start session management
 $user->start();
@@ -55,7 +46,7 @@ if ($mark_read == 'forums')
 	);
 
 	$message = $user->lang['Forums_marked_read'] . '<br /><br />' . sprintf($user->lang['Click_return_index'], '<a href="' . "index.$phpEx$SID" . '">', '</a> ');
-	message_die(MESSAGE, $message);
+	trigger_error($message);
 }
 
 // Set some stats, get posts count from forums data if we... hum... retrieve all forums data
@@ -79,7 +70,7 @@ else
 }
 
 include($phpbb_root_path . 'includes/functions_display.' . $phpEx);
-display_forums(array('forum_id' => 0));
+display_forums();
 
 if ($total_posts == 0)
 {

phpBB/mcp.php

@@ -45,7 +45,7 @@
 //    * Limit read/post/reply/etc. permissions
 
 define('IN_PHPBB', true);
-define('ADD_SID', true);
+define('NEED_SID', true);
 $phpbb_root_path = './';
 include($phpbb_root_path . 'extension.inc');
 include($phpbb_root_path . 'common.'.$phpEx);

phpBB/posting.php

@@ -37,6 +37,11 @@
 import_request_variables('GP', 's_');
 
 define('IN_PHPBB', true);
+if (count($_POST))
+{
+	define('NEED_SID', true);
+}
+
 $phpbb_root_path = './';
 include($phpbb_root_path . 'extension.inc');
 include($phpbb_root_path . 'common.'.$phpEx);
@@ -633,8 +638,8 @@ $urls_checked = (isset($enable_urls)) ? !$enable_urls : 0;
 $sig_checked = (isset($attach_sig)) ? $attach_sig : (($config['allow_sigs']) ? $user->data['user_atachsig'] : 0);
 $notify_checked = (isset($notify_set)) ? $notify_set : (($user->data['user_id'] != ANONYMOUS) ? $user->data['user_notify'] : 0);
 
-// Page title & action URL
-$s_action = "posting.$phpEx$SID&mode=$s_mode&f=" . intval($forum_id);
+// Page title & action URL, include session_id for security purpose
+$s_action = "posting.$phpEx?sid=" . $user->session_id . "&mode=$s_mode&f=" . intval($forum_id);
 switch ($s_mode)
 {
 	case 'post':

phpBB/viewforum.php

@@ -271,7 +271,7 @@ if ($forum_data['forum_postable'])
 		'POST_IMG' 		=> (intval($forum_data['forum_status']) == ITEM_LOCKED) ? $user->img('post_locked', $post_alt) : $user->img('post_new', $post_alt),
 		'PAGINATION'	=> generate_pagination("viewforum.$phpEx$SID&f=$forum_id&topicdays=$topic_days", $topics_count, $config['topics_per_page'], $start),
 		'PAGE_NUMBER'	=> sprintf($user->lang['Page_of'], (floor( $start / $config['topics_per_page'] ) + 1), ceil( $topics_count / $config['topics_per_page'] )),
-		'MOD_CP' 		=> ($auth->acl_gets('m_', 'a_', $forum_id)) ? sprintf($user->lang['MCP'], '<a href="modcp.' . $phpEx . $SID . '&amp;f=' . $forum_id . '">', '</a>') : '',
+		'MOD_CP' 		=> ($auth->acl_gets('m_', 'a_', $forum_id)) ? sprintf($user->lang['MCP'], '<a href="mcp.' . $phpEx . '?sid=' . $user->session_id . '&amp;f=' . $forum_id . '">', '</a>') : '',
 		'MODERATORS'	=> (sizeof($forum_moderators[$forum_id])) ? implode(', ', $forum_moderators[$forum_id]) : $user->lang['None'],
 
 		'FOLDER_IMG' 			=> $user->img('folder', 'No_new_posts'),
@@ -291,7 +291,7 @@ if ($forum_data['forum_postable'])
 		'L_POSTED' 				=> $user->lang['Posted'],
 		'L_JOINED' 				=> $user->lang['Joined'],
 		'L_AUTHOR' 				=> $user->lang['Author'],
-		'L_NO_TOPICS' 			=> ( $forum_data['forum_status'] == FORUM_LOCKED ) ? $user->lang['Forum_locked'] : $user->lang['No_topics_post_one'],
+		'L_NO_TOPICS' 			=> ( $forum_data['forum_status'] == ITEM_LOCKED ) ? $user->lang['Forum_locked'] : $user->lang['No_topics_post_one'],
 		'L_GOTO_PAGE' 			=> $user->lang['Goto_page'],
 
 		'S_SELECT_SORT_DIR' => $select_sort_dir,

phpBB/viewtopic.php

@@ -387,7 +387,7 @@ $template->assign_vars(array(
     'TOPIC_TITLE' 	=> $topic_title,
 	'PAGINATION' 	=> $pagination,
 	'PAGE_NUMBER' 	=> on_page($topic_replies, $config['posts_per_page'], $start),
-	'MCP' 			=> ($auth->acl_gets('m_', 'a_', $forum_id)) ? sprintf($user->lang['MCP'], '<a href="mcp.' . $phpEx . $SID . '&amp;f=' . $forum_id . '">', '</a>') : '',
+	'MCP' 			=> ($auth->acl_gets('m_', 'a_', $forum_id)) ? sprintf($user->lang['MCP'], '<a href="mcp.' . $phpEx . '?sid=' . $user->session_id . '&amp;f=' . $forum_id . '">', '</a>') : '',
 	'MODERATORS'	=> (sizeof($forum_moderators[$forum_id])) ? implode(', ', $forum_moderators[$forum_id]) : $user->lang['None'],
 
 	'POST_IMG' 	=> $post_img,
@@ -401,7 +401,7 @@ $template->assign_vars(array(
 	'S_TOPIC_ACTION' 		=> "viewtopic.$phpEx$SID&amp;t=" . $topic_id . "&amp;start=$start",
 	'S_AUTH_LIST' 			=> $s_forum_rules,
 	'S_TOPIC_MOD' 			=> ( $topic_mod != '' ) ? '<select name="mode">' . $topic_mod . '</select>' : '',
-	'S_MOD_ACTION' 			=> "mcp.$phpEx$SID&amp;t=$topic_id",
+	'S_MOD_ACTION' 			=> "mcp.$phpEx?sid=" . $user->session_id . "&amp;t=$topic_id",
 	'S_WATCH_TOPIC' 		=> $s_watching_topic,
 
 	'U_VIEW_TOPIC' 			=> "viewtopic.$phpEx$SID&amp;t=$topic_id&amp;start=$start&amp;postdays=$post_days&amp;postorder=$post_order&amp;highlight=$highlight",
@@ -710,7 +710,7 @@ if ($row = $db->sql_fetchrow($result))
 
 		if ($auth->acl_gets('m_ip', 'a_', $forum_id))
 		{
-			$temp_url = "mcp.$phpEx$SID&amp;mode=ip&amp;p=" . $row['post_id'] . "&amp;t=" . $topic_id;
+			$temp_url = "mcp.$phpEx?sid=" . $user->session_id . "&amp;mode=ip&amp;p=" . $row['post_id'] . "&amp;t=" . $topic_id;
 			$ip_img = '<a href="' . $temp_url . '">' . $user->img('icon_ip', $user->lang['VIEW_IP']) . '</a>';
 			$ip = '<a href="' . $temp_url . '">' . $user->lang['VIEW_IP'] . '</a>';
 		}