mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-08-06 08:47:45 +02:00
Code Issues Releases Wiki Activity

- add additional auth check to the permission roles modules

Browse Source 
- added new function to return globally used expressions (get_preg_expression($mode)). This should be very helpful in getting wide spread similar checks (regular expressions) to one place reducing the risk of forgetting to change every location if you fix one. ;) We will add additional ones later, at the moment only the email check is retrieved...
- added "active module" var to the module class returning the current active module
- changed call to image magick
- add administrator to global moderators group by default
- extend auth_option column a little bit
- other bugfixes


git-svn-id: file:///svn/phpbb/trunk@6135 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Meik Sievertsen
2006-07-01 19:11:52 +00:00
parent 7ad5db1856
commit 6df6eb0e60
29 changed files with 256 additions and 131 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
phpBB/includes/acp/acp_attachments.php
View File

@@ -701,7 +701,7 @@ class acp_attachments
$sql = 'SELECT forum_id, forum_name, parent_id, forum_type, left_id, right_id
FROM ' . FORUMS_TABLE . '
ORDER BY left_id ASC';
$result = $db->sql_query($sql);
$result = $db->sql_query($sql, 600);
$right = $cat_right = $padding_inc = 0;
$padding = $forum_list = $holding = '';

3
phpBB/includes/acp/acp_main.php
View File

@@ -439,7 +439,7 @@ class acp_main
if ($auth->acl_get('a_user'))
{
$sql = 'SELECT user_id, username, user_regdate
$sql = 'SELECT user_id, username, user_regdate, user_lastvisit
FROM ' . USERS_TABLE . '
WHERE user_type = ' . USER_INACTIVE . '
ORDER BY user_regdate ASC';
@@ -449,6 +449,7 @@ class acp_main
{
$template->assign_block_vars('inactive', array(
'DATE' => $user->format_date($row['user_regdate']),
'LAST_VISIT' => (!$row['user_lastvisit']) ? ' - ' : $user->format_date($row['user_lastvisit']),
'USER_ID' => $row['user_id'],
'USERNAME' => $row['username'],
'U_USER_ADMIN' => append_sid("{$phpbb_admin_path}index.$phpEx", "i=users&mode=overview&u={$row['user_id']}"))

2
phpBB/includes/acp/acp_ranks.php
View File

@@ -130,7 +130,7 @@ class acp_ranks
{
foreach ($img_ary as $img)
{
$img = substr($path, 1) . (($path != '') ? '/' : '') . $img;
$img = $path . $img;
if (!in_array($img, $existing_imgs) || $action == 'edit')
{

3
phpBB/includes/acp/acp_search.php
View File

@@ -485,9 +485,6 @@ class acp_search
{
global $db;
/**
* @todo what is faster, doing a MAX() or an ORDER BY post_id and LIMIT 1?
*/
$sql = 'SELECT MAX(post_id) as max_post_id
FROM '. POSTS_TABLE;
$result = $db->sql_query($sql);

3
phpBB/includes/acp/acp_users.php
View File

@@ -736,6 +736,9 @@ class acp_users
user_update_name($user_row['username'], $update_username);
}
// Let the users permissions being updated
$auth->acl_clear_prefetch($user_id);
add_log('admin', 'LOG_USER_USER_UPDATE', $data['username']);
trigger_error($user->lang['USER_OVERVIEW_UPDATED'] . adm_back_link($this->u_action . '&u=' . $user_id));

8
phpBB/includes/acp/info/acp_permission_roles.php
View File

@@ -20,10 +20,10 @@ class acp_permission_roles_info
'title' => 'ACP_PERMISSION_ROLES',
'version' => '1.0.0',
'modes' => array(
'admin_roles' => array('title' => 'ACP_ADMIN_ROLES', 'auth' => 'acl_a_roles', 'cat' => array('ACP_PERMISSION_ROLES')),
'user_roles' => array('title' => 'ACP_USER_ROLES', 'auth' => 'acl_a_roles', 'cat' => array('ACP_PERMISSION_ROLES')),
'mod_roles' => array('title' => 'ACP_MOD_ROLES', 'auth' => 'acl_a_roles', 'cat' => array('ACP_PERMISSION_ROLES')),
'forum_roles' => array('title' => 'ACP_FORUM_ROLES', 'auth' => 'acl_a_roles', 'cat' => array('ACP_PERMISSION_ROLES')),
'admin_roles' => array('title' => 'ACP_ADMIN_ROLES', 'auth' => 'acl_a_roles && acl_a_aauth', 'cat' => array('ACP_PERMISSION_ROLES')),
'user_roles' => array('title' => 'ACP_USER_ROLES', 'auth' => 'acl_a_roles && acl_a_uauth', 'cat' => array('ACP_PERMISSION_ROLES')),
'mod_roles' => array('title' => 'ACP_MOD_ROLES', 'auth' => 'acl_a_roles && acl_a_mauth', 'cat' => array('ACP_PERMISSION_ROLES')),
'forum_roles' => array('title' => 'ACP_FORUM_ROLES', 'auth' => 'acl_a_roles && acl_a_fauth', 'cat' => array('ACP_PERMISSION_ROLES')),
),
);
}

38
phpBB/includes/functions.php
View File

@@ -1515,7 +1515,11 @@ function login_box($redirect = '', $l_explain = '', $l_success = '', $admin = fa
if ($admin && !$auth->acl_get('a_'))
{
// Not authd
add_log('admin', 'LOG_ADMIN_AUTH_FAIL');
// anonymous/inactive users are never able to go to the ACP even if they have the relevant permissions
if ($user->data['is_registered'])
{
add_log('admin', 'LOG_ADMIN_AUTH_FAIL');
}
trigger_error('NO_AUTH_ADMIN');
}
@@ -1548,7 +1552,12 @@ function login_box($redirect = '', $l_explain = '', $l_success = '', $admin = fa
}
else
{
add_log('admin', 'LOG_ADMIN_AUTH_FAIL');
// Only log the failed attempt if a real user tried to.
// anonymous/inactive users are never able to go to the ACP even if they have the relevant permissions
if ($user->data['is_registered'])
{
add_log('admin', 'LOG_ADMIN_AUTH_FAIL');
}
}
}
@@ -1566,12 +1575,6 @@ function login_box($redirect = '', $l_explain = '', $l_success = '', $admin = fa
trigger_error($message . '<br /><br />' . sprintf($l_redirect, '<a href="' . $redirect . '">', '</a>'));
}
// The user wanted to re-authenticate, but something failed - log this
if ($admin)
{
add_log('admin', 'LOG_ADMIN_AUTH_FAIL');
}
// Something failed, determine what...
if ($result['status'] == LOGIN_BREAK)
{
@@ -1950,7 +1953,7 @@ function make_clickable($text, $server_url = false)
$magic_url_replace[] = "'\$1<!-- w --><a href=\"http://\$2\" target=\"_blank\">' . ((strlen('\$2') > 55) ? substr(str_replace('&amp;', '&', '\$2'), 0, 39) . ' ... ' . substr(str_replace('&amp;', '&', '\$2'), -10) : '\$2') . '</a><!-- w -->'";
// matches an email@domain type address at the start of a line, or after a space or after what might be a BBCode.
$magic_url_match[] = '#(^|[\n ]|\()([a-z0-9&\-_.]+?@[\w\-]+\.(?:[\w\-\.]+\.)?[\w]+)#ie';
$magic_url_match[] = '/(^|[\n ]|\()(' . get_preg_expression('email') . ')/ie';
$magic_url_replace[] = "'\$1<!-- e --><a href=\"mailto:\$2\">' . ((strlen('\$2') > 55) ? substr('\$2', 0, 39) . ' ... ' . substr('\$2', -10) : '\$2') . '</a><!-- e -->'";
}
@@ -2254,6 +2257,23 @@ function get_backtrace()
return $output;
}
/**
* This function returns a regular expression pattern for commonly used expressions
* Use with / as delimiter
* mode can be: email|
*/
function get_preg_expression($mode)
{
switch ($mode)
{
case 'email':
return '[a-z0-9&\'\.\-_\+]+@[a-z0-9\-]+\.([a-z0-9\-]+\.)*?[a-z]+';
break;
}
return '';
}
// Handler, header and footer
/**

2
phpBB/includes/functions_admin.php
View File

@@ -245,7 +245,7 @@ function get_forum_list($acl_list = 'f_list', $id_only = true, $postable_only =
// This query is identical to the jumpbox one
$expire_time = ($no_cache) ? 0 : 120;
$sql = 'SELECT forum_id, parent_id, forum_name, forum_type, left_id, right_id
$sql = 'SELECT forum_id, forum_name, parent_id, forum_type, left_id, right_id
FROM ' . FORUMS_TABLE . '
ORDER BY left_id ASC';
$result = $db->sql_query($sql, $expire_time);

82
phpBB/includes/functions_module.php
View File

@@ -20,8 +20,8 @@ class p_master
var $p_mode;
var $p_parent;
var $active_module = false;
var $acl_forum_id = false;
var $module_ary = array();
/**
@@ -239,6 +239,7 @@ class p_master
function set_active($id = false, $mode = false)
{
$icat = false;
$this->active_module = false;
if (request_var('icat', ''))
{
@@ -247,20 +248,20 @@ class p_master
}
$category = false;
foreach ($this->module_ary as $row_id => $itep_ary)
foreach ($this->module_ary as $row_id => $item_ary)
{
// If this is a module and it's selected, active
// If this is a category and the module is the first within it, active
// If this is a module and no mode selected, select first mode
// If no category or module selected, go active for first module in first category
if (
(($itep_ary['name'] === $id || $itep_ary['id'] === (int) $id) && (($itep_ary['mode'] == $mode && !$itep_ary['cat']) || ($icat && $itep_ary['cat']))) ||
($itep_ary['parent'] === $category && !$itep_ary['cat'] && !$icat) ||
(($itep_ary['name'] === $id || $itep_ary['id'] === (int) $id) && !$mode && !$itep_ary['cat']) ||
(!$id && !$mode && !$itep_ary['cat'])
(($item_ary['name'] === $id || $item_ary['id'] === (int) $id) && (($item_ary['mode'] == $mode && !$item_ary['cat']) || ($icat && $item_ary['cat']))) ||
($item_ary['parent'] === $category && !$item_ary['cat'] && !$icat) ||
(($item_ary['name'] === $id || $item_ary['id'] === (int) $id) && !$mode && !$item_ary['cat']) ||
(!$id && !$mode && !$item_ary['cat'])
)
{
if ($itep_ary['cat'])
if ($item_ary['cat'])
{
$id = $icat;
$icat = false;
@@ -268,20 +269,21 @@ class p_master
continue;
}
$this->p_id = $itep_ary['id'];
$this->p_parent = $itep_ary['parent'];
$this->p_name = $itep_ary['name'];
$this->p_mode = $itep_ary['mode'];
$this->p_left = $itep_ary['left'];
$this->p_right = $itep_ary['right'];
$this->p_id = $item_ary['id'];
$this->p_parent = $item_ary['parent'];
$this->p_name = $item_ary['name'];
$this->p_mode = $item_ary['mode'];
$this->p_left = $item_ary['left'];
$this->p_right = $item_ary['right'];
$this->module_cache['parents'] = $this->module_cache['parents'][$this->p_id];
$this->active_module = $item_ary['id'];
break;
}
else if (($itep_ary['cat'] && $itep_ary['id'] === (int) $id) || ($itep_ary['parent'] === $category && $itep_ary['cat']))
else if (($item_ary['cat'] && $item_ary['id'] === (int) $id) || ($item_ary['parent'] === $category && $item_ary['cat']))
{
$category = $itep_ary['id'];
$category = $item_ary['id'];
}
}
}
@@ -298,6 +300,11 @@ class p_master
$module_path = $phpbb_root_path . 'includes/' . $this->p_class;
$icat = request_var('icat', '');
if ($this->active_module === false)
{
trigger_error('Module not accessible', E_USER_ERROR);
}
if (!class_exists("{$this->p_class}_$this->p_name"))
{
if (!file_exists("$module_path/{$this->p_class}_$this->p_name.$phpEx"))
@@ -464,10 +471,10 @@ class p_master
// 1) In a linear fashion
// 2) In a combined tabbed + linear fashion ... tabs for the categories
// and a linear list for subcategories/items
foreach ($this->module_ary as $row_id => $itep_ary)
foreach ($this->module_ary as $row_id => $item_ary)
{
// Skip hidden modules
if (!$itep_ary['display'])
if (!$item_ary['display'])
{
continue;
}
@@ -475,7 +482,7 @@ class p_master
// Skip branch
if ($right_id !== false)
{
if ($itep_ary['left'] < $right_id)
if ($item_ary['left'] < $right_id)
{
continue;
}
@@ -484,14 +491,14 @@ class p_master
}
// Category with no members on their way down (we have to check every level)
if (!$itep_ary['name'])
if (!$item_ary['name'])
{
$empty_category = true;
// We go through the branch and look for an activated module
foreach (array_slice($this->module_ary, $row_id + 1) as $temp_row)
{
if ($temp_row['left'] > $itep_ary['left'] && $temp_row['left'] < $itep_ary['right'])
if ($temp_row['left'] > $item_ary['left'] && $temp_row['left'] < $item_ary['right'])
{
// Module there and displayed?
if ($temp_row['name'] && $temp_row['display'])
@@ -507,18 +514,18 @@ class p_master
// Skip the branch
if ($empty_category)
{
$right_id = $itep_ary['right'];
$right_id = $item_ary['right'];
continue;
}
}
// Select first id we can get
if (!$current_id && (in_array($itep_ary['id'], array_keys($this->module_cache['parents'])) || $itep_ary['id'] == $this->p_id))
if (!$current_id && (in_array($item_ary['id'], array_keys($this->module_cache['parents'])) || $item_ary['id'] == $this->p_id))
{
$current_id = $itep_ary['id'];
$current_id = $item_ary['id'];
}
$depth = $itep_ary['depth'];
$depth = $item_ary['depth'];
if ($depth > $current_depth)
{
@@ -534,30 +541,30 @@ class p_master
}
}
$u_title = $module_url . $delim . 'i=' . (($itep_ary['cat']) ? $itep_ary['id'] : $itep_ary['name'] . (($itep_ary['is_duplicate']) ? '&amp;icat=' . $current_id : '') . '&amp;mode=' . $itep_ary['mode']);
$u_title .= (!$itep_ary['cat'] && isset($itep_ary['url_extra'])) ? $itep_ary['url_extra'] : '';
$u_title = $module_url . $delim . 'i=' . (($item_ary['cat']) ? $item_ary['id'] : $item_ary['name'] . (($item_ary['is_duplicate']) ? '&amp;icat=' . $current_id : '') . '&amp;mode=' . $item_ary['mode']);
$u_title .= (!$item_ary['cat'] && isset($item_ary['url_extra'])) ? $item_ary['url_extra'] : '';
// Only output a categories items if it's currently selected
if (!$depth || ($depth && (in_array($itep_ary['parent'], array_values($this->module_cache['parents'])) || $itep_ary['parent'] == $this->p_parent)))
if (!$depth || ($depth && (in_array($item_ary['parent'], array_values($this->module_cache['parents'])) || $item_ary['parent'] == $this->p_parent)))
{
$use_tabular_offset = (!$depth) ? 't_block1' : $tabular_offset;
$tpl_ary = array(
'L_TITLE' => $itep_ary['lang'],
'S_SELECTED' => (in_array($itep_ary['id'], array_keys($this->module_cache['parents'])) || $itep_ary['id'] == $this->p_id) ? true : false,
'L_TITLE' => $item_ary['lang'],
'S_SELECTED' => (in_array($item_ary['id'], array_keys($this->module_cache['parents'])) || $item_ary['id'] == $this->p_id) ? true : false,
'U_TITLE' => $u_title
);
$template->assign_block_vars($use_tabular_offset, array_merge($tpl_ary, array_change_key_case($itep_ary, CASE_UPPER)));
$template->assign_block_vars($use_tabular_offset, array_merge($tpl_ary, array_change_key_case($item_ary, CASE_UPPER)));
}
$tpl_ary = array(
'L_TITLE' => $itep_ary['lang'],
'S_SELECTED' => (in_array($itep_ary['id'], array_keys($this->module_cache['parents'])) || $itep_ary['id'] == $this->p_id) ? true : false,
'L_TITLE' => $item_ary['lang'],
'S_SELECTED' => (in_array($item_ary['id'], array_keys($this->module_cache['parents'])) || $item_ary['id'] == $this->p_id) ? true : false,
'U_TITLE' => $u_title
);
$template->assign_block_vars($linear_offset, array_merge($tpl_ary, array_change_key_case($itep_ary, CASE_UPPER)));
$template->assign_block_vars($linear_offset, array_merge($tpl_ary, array_change_key_case($item_ary, CASE_UPPER)));
$current_depth = $depth;
}
@@ -593,7 +600,10 @@ class p_master
{
$this->p_class = $class;
$this->p_name = $name;
// Set active module to true instead of using the id
$this->active_module = true;
$this->load_active($mode);
}
@@ -633,9 +643,9 @@ class p_master
*/
function set_display($id, $mode = false, $display = true)
{
foreach ($this->module_ary as $row_id => $itep_ary)
foreach ($this->module_ary as $row_id => $item_ary)
{
if (($itep_ary['name'] === $id || $itep_ary['id'] === (int) $id) && (!$mode || $itep_ary['mode'] === $mode))
if (($item_ary['name'] === $id || $item_ary['id'] === (int) $id) && (!$mode || $item_ary['mode'] === $mode))
{
$this->module_ary[$row_id]['display'] = (int) $display;
}

5
phpBB/includes/functions_posting.php
View File

@@ -521,9 +521,10 @@ function create_thumbnail($source, $destination, $mimetype)
$used_imagick = false;
if ($config['img_imagick'])
// Only use imagemagick if defined and the passthru function not disabled
if ($config['img_imagick'] && function_exists('passthru'))
{
passthru($config['img_imagick'] . 'convert' . ((defined('PHP_OS') && preg_match('#win#i', PHP_OS)) ? '.exe' : '') . ' -quality 85 -antialias -sample ' . $new_width . 'x' . $new_height . ' "' . str_replace('\\', '/', $source) . '" +profile "*" "' . str_replace('\\', '/', $destination) . '"');
passthru(escapeshellcmd($config['img_imagick']) . 'convert' . ((defined('PHP_OS') && preg_match('#win#i', PHP_OS)) ? '.exe' : '') . ' -quality 85 -antialias -sample ' . $new_width . 'x' . $new_height . ' "' . str_replace('\\', '/', $source) . '" +profile "*" "' . str_replace('\\', '/', $destination) . '"');
if (file_exists($destination))
{
$used_imagick = true;

2
phpBB/includes/functions_template.php
View File

@@ -464,7 +464,7 @@ class template_compile
{
preg_match('#^((?:[a-z0-9\-_]+\.)+)?\$(?=[A-Z])([A-Z0-9_\-]*)(?: = (\'?)([^\']*)(\'?))?$#', $tag_args, $match);
if (empty($match[2]) || (empty($match[4]) && $op))
if (empty($match[2]) || (!isset($match[4]) && $op))
{
return;
}

2
phpBB/includes/functions_user.php
View File

@@ -1095,7 +1095,7 @@ function validate_email($email)
return false;
}
if (!preg_match('#^[a-z0-9\.\-_\+]+?@(.*?\.)*?[a-z0-9\-_]+?\.[a-z]{2,4}$#i', $email))
if (!preg_match('/^' . get_preg_expression('email') . '$/i', $email))
{
return 'EMAIL_INVALID';
}

2
phpBB/includes/message_parser.php
View File

@@ -720,7 +720,7 @@ class bbcode_firstpass extends bbcode
$validated = true;
if (!preg_match('!([a-z0-9]+[a-z0-9\-\._]*@(?:(?:[0-9]{1,3}\.){3,5}[0-9]{1,3}|[a-z0-9]+[a-z0-9\-\._]*\.[a-z]+))!i', $email))
if (!preg_match('/^' . get_preg_expression('email') . '$/i', $email))
{
$validated = false;
}