mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-02-24 12:03:21 +01:00
Code Issues Releases Wiki Activity

Merge branch 'develop' of git://github.com/phpbb/phpbb3 into ticket/11103

Browse Source
This commit is contained in:
Nathan Guse 2012-10-12 17:09:12 -05:00
commit 94a3dc5ff7
17 changed files with 329 additions and 83 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
phpBB/includes/acp/acp_language.php
View File

@ -100,11 +100,25 @@ class acp_language
switch ($method)
{
case 'ftp':
$transfer = new ftp(request_var('host', ''), request_var('username', ''), request_var('password', ''), request_var('root_path', ''), request_var('port', ''), request_var('timeout', ''));
$transfer = new ftp(
request_var('host', ''),
request_var('username', ''),
htmlspecialchars_decode($request->untrimmed_variable('password', '')),
request_var('root_path', ''),
request_var('port', ''),
request_var('timeout', '')
);
break;
case 'ftp_fsock':
$transfer = new ftp_fsock(request_var('host', ''), request_var('username', ''), request_var('password', ''), request_var('root_path', ''), request_var('port', ''), request_var('timeout', ''));
$transfer = new ftp_fsock(
request_var('host', ''),
request_var('username', ''),
htmlspecialchars_decode($request->untrimmed_variable('password', '')),
request_var('root_path', ''),
request_var('port', ''),
request_var('timeout', '')
);
break;
default:
@ -404,7 +418,14 @@ class acp_language
trigger_error($user->lang['INVALID_UPLOAD_METHOD'], E_USER_ERROR);
}
$transfer = new $method(request_var('host', ''), request_var('username', ''), request_var('password', ''), request_var('root_path', ''), request_var('port', ''), request_var('timeout', ''));
$transfer = new $method(
request_var('host', ''),
request_var('username', ''),
htmlspecialchars_decode($request->untrimmed_variable('password', '')),
request_var('root_path', ''),
request_var('port', ''),
request_var('timeout', '')
);
if (($result = $transfer->open_session()) !== true)
{

6
phpBB/includes/acp/acp_users.php
View File

@ -32,7 +32,7 @@ class acp_users
{
global $config, $db, $user, $auth, $template, $cache;
global $phpbb_root_path, $phpbb_admin_path, $phpEx, $table_prefix, $file_uploads;
global $phpbb_dispatcher;
global $phpbb_dispatcher, $request;
$user->add_lang(array('posting', 'ucp', 'acp/users'));
$this->tpl_name = 'acp_users';
@ -770,8 +770,8 @@ class acp_users
'username' => utf8_normalize_nfc(request_var('user', $user_row['username'], true)),
'user_founder' => request_var('user_founder', ($user_row['user_type'] == USER_FOUNDER) ? 1 : 0),
'email' => strtolower(request_var('user_email', $user_row['user_email'])),
'new_password' => request_var('new_password', '', true),
'password_confirm' => request_var('password_confirm', '', true),
'new_password' => $request->variable('new_password', '', true),
'password_confirm' => $request->variable('password_confirm', '', true),
);
// Validation data - we do not check the password complexity setting here

4
phpBB/includes/auth/auth_db.php
View File

@ -41,6 +41,10 @@ function login_db($username, $password, $ip = '', $browser = '', $forwarded_for
global $db, $config;
global $request;
// Auth plugins get the password untrimmed.
// For compatibility we trim() here.
$password = trim($password);
// do not allow empty password
if (!$password)
{

4
phpBB/includes/functions.php
View File

@ -3069,11 +3069,11 @@ function login_box($redirect = '', $l_explain = '', $l_success = '', $admin = fa
trigger_error('NO_AUTH_ADMIN');
}
$password = request_var('password_' . $credential, '', true);
$password = $request->untrimmed_variable('password_' . $credential, '', true);
}
else
{
$password = request_var('password', '', true);
$password = $request->untrimmed_variable('password', '', true);
}
$username = request_var('username', '', true);

8
phpBB/includes/functions_jabber.php
View File

@ -68,7 +68,7 @@ class jabber
}
$this->password = $password;
$this->use_ssl = ($use_ssl && $this->can_use_ssl()) ? true : false;
$this->use_ssl = ($use_ssl && self::can_use_ssl()) ? true : false;
// Change port if we use SSL
if ($this->port == 5222 && $this->use_ssl)
@ -83,7 +83,7 @@ class jabber
/**
* Able to use the SSL functionality?
*/
function can_use_ssl()
static public function can_use_ssl()
{
// Will not work with PHP >= 5.2.1 or < 5.2.3RC2 until timeout problem with ssl hasn't been fixed (http://bugs.php.net/41236)
return ((version_compare(PHP_VERSION, '5.2.1', '<') || version_compare(PHP_VERSION, '5.2.3RC2', '>=')) && @extension_loaded('openssl')) ? true : false;
@ -92,7 +92,7 @@ class jabber
/**
* Able to use TLS?
*/
function can_use_tls()
static public function can_use_tls()
{
if (!@extension_loaded('openssl') || !function_exists('stream_socket_enable_crypto') || !function_exists('stream_get_meta_data') || !function_exists('socket_set_blocking') || !function_exists('stream_get_wrappers'))
{
@ -442,7 +442,7 @@ class jabber
}
// Let's use TLS if SSL is not enabled and we can actually use it
if (!$this->session['ssl'] && $this->can_use_tls() && $this->can_use_ssl() && isset($xml['stream:features'][0]['#']['starttls']))
if (!$this->session['ssl'] && self::can_use_tls() && self::can_use_ssl() && isset($xml['stream:features'][0]['#']['starttls']))
{
$this->add_to_log('Switching to TLS.');
$this->send("<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>\n");

125
phpBB/includes/request/request.php
View File

@ -200,46 +200,31 @@ class phpbb_request implements phpbb_request_interface
*/
public function variable($var_name, $default, $multibyte = false, $super_global = phpbb_request_interface::REQUEST)
{
$path = false;
return $this->_variable($var_name, $default, $multibyte, $super_global, true);
}
// deep direct access to multi dimensional arrays
if (is_array($var_name))
{
$path = $var_name;
// make sure at least the variable name is specified
if (empty($path))
{
return (is_array($default)) ? array() : $default;
}
// the variable name is the first element on the path
$var_name = array_shift($path);
}
if (!isset($this->input[$super_global][$var_name]))
{
return (is_array($default)) ? array() : $default;
}
$var = $this->input[$super_global][$var_name];
if ($path)
{
// walk through the array structure and find the element we are looking for
foreach ($path as $key)
{
if (is_array($var) && isset($var[$key]))
{
$var = $var[$key];
}
else
{
return (is_array($default)) ? array() : $default;
}
}
}
$this->type_cast_helper->recursive_set_var($var, $default, $multibyte);
return $var;
/**
* Get a variable, but without trimming strings.
* Same functionality as variable(), except does not run trim() on strings.
* This method should be used when handling passwords.
*
* @param string|array $var_name The form variable's name from which data shall be retrieved.
* If the value is an array this may be an array of indizes which will give
* direct access to a value at any depth. E.g. if the value of "var" is array(1 => "a")
* then specifying array("var", 1) as the name will return "a".
* @param mixed $default A default value that is returned if the variable was not set.
* This function will always return a value of the same type as the default.
* @param bool $multibyte If $default is a string this paramater has to be true if the variable may contain any UTF-8 characters
* Default is false, causing all bytes outside the ASCII range (0-127) to be replaced with question marks
* @param phpbb_request_interface::POST|GET|REQUEST|COOKIE $super_global
* Specifies which super global should be used
*
* @return mixed The value of $_REQUEST[$var_name] run through {@link set_var set_var} to ensure that the type is the
* the same as that of $default. If the variable is not set $default is returned.
*/
public function untrimmed_variable($var_name, $default, $multibyte, $super_global = phpbb_request_interface::REQUEST)
{
return $this->_variable($var_name, $default, $multibyte, $super_global, false);
}
/**
@ -351,4 +336,66 @@ class phpbb_request implements phpbb_request_interface
return array_keys($this->input[$super_global]);
}
/**
* Helper function used by variable() and untrimmed_variable().
*
* @param string|array $var_name The form variable's name from which data shall be retrieved.
* If the value is an array this may be an array of indizes which will give
* direct access to a value at any depth. E.g. if the value of "var" is array(1 => "a")
* then specifying array("var", 1) as the name will return "a".
* @param mixed $default A default value that is returned if the variable was not set.
* This function will always return a value of the same type as the default.
* @param bool $multibyte If $default is a string this paramater has to be true if the variable may contain any UTF-8 characters
* Default is false, causing all bytes outside the ASCII range (0-127) to be replaced with question marks
* @param phpbb_request_interface::POST|GET|REQUEST|COOKIE $super_global
* Specifies which super global should be used
* @param bool $trim Indicates whether trim() should be applied to string values.
*
* @return mixed The value of $_REQUEST[$var_name] run through {@link set_var set_var} to ensure that the type is the
* the same as that of $default. If the variable is not set $default is returned.
*/
protected function _variable($var_name, $default, $multibyte = false, $super_global = phpbb_request_interface::REQUEST, $trim = true)
{
$path = false;
// deep direct access to multi dimensional arrays
if (is_array($var_name))
{
$path = $var_name;
// make sure at least the variable name is specified
if (empty($path))
{
return (is_array($default)) ? array() : $default;
}
// the variable name is the first element on the path
$var_name = array_shift($path);
}
if (!isset($this->input[$super_global][$var_name]))
{
return (is_array($default)) ? array() : $default;
}
$var = $this->input[$super_global][$var_name];
if ($path)
{
// walk through the array structure and find the element we are looking for
foreach ($path as $key)
{
if (is_array($var) && isset($var[$key]))
{
$var = $var[$key];
}
else
{
return (is_array($default)) ? array() : $default;
}
}
}
$this->type_cast_helper->recursive_set_var($var, $default, $multibyte, $trim);
return $var;
}
}

22
phpBB/includes/request/type_cast_helper.php
View File

@ -93,15 +93,23 @@ class phpbb_request_type_cast_helper implements phpbb_request_type_cast_helper_i
* @param mixed $type The variable type. Will be used with {@link settype()}
* @param bool $multibyte Indicates whether string values may contain UTF-8 characters.
* Default is false, causing all bytes outside the ASCII range (0-127) to be replaced with question marks.
* @param bool $trim Indicates whether trim() should be applied to string values.
* Default is true.
*/
public function set_var(&$result, $var, $type, $multibyte = false)
public function set_var(&$result, $var, $type, $multibyte = false, $trim = true)
{
settype($var, $type);
$result = $var;
if ($type == 'string')
{
$result = trim(str_replace(array("\r\n", "\r", "\0"), array("\n", "\n", ''), $result));
$result = str_replace(array("\r\n", "\r", "\0"), array("\n", "\n", ''), $result);
if ($trim)
{
$result = trim($result);
}
$result = htmlspecialchars($result, ENT_COMPAT, 'UTF-8');
if ($multibyte)
@ -141,8 +149,10 @@ class phpbb_request_type_cast_helper implements phpbb_request_type_cast_helper_i
* @param bool $multibyte Indicates whether string keys and values may contain UTF-8 characters.
* Default is false, causing all bytes outside the ASCII range (0-127) to
* be replaced with question marks.
* @param bool $trim Indicates whether trim() should be applied to string values.
* Default is true.
*/
public function recursive_set_var(&$var, $default, $multibyte)
public function recursive_set_var(&$var, $default, $multibyte, $trim = true)
{
if (is_array($var) !== is_array($default))
{
@ -153,7 +163,7 @@ class phpbb_request_type_cast_helper implements phpbb_request_type_cast_helper_i
if (!is_array($default))
{
$type = gettype($default);
$this->set_var($var, $var, $type, $multibyte);
$this->set_var($var, $var, $type, $multibyte, $trim);
}
else
{
@ -174,9 +184,9 @@ class phpbb_request_type_cast_helper implements phpbb_request_type_cast_helper_i
foreach ($_var as $k => $v)
{
$this->set_var($k, $k, $key_type, $multibyte, $multibyte);
$this->set_var($k, $k, $key_type, $multibyte);
$this->recursive_set_var($v, $default_value, $multibyte);
$this->recursive_set_var($v, $default_value, $multibyte, $trim);
$var[$k] = $v;
}
}

36
phpBB/includes/search/fulltext_mysql.php
View File

@ -27,9 +27,9 @@ class phpbb_search_fulltext_mysql extends phpbb_search_base
protected $config;
protected $db;
protected $user;
public $word_length = array();
public $search_query;
public $common_words = array();
protected $word_length = array();
protected $search_query;
protected $common_words = array();
/**
* Constructor
@ -58,6 +58,36 @@ class phpbb_search_fulltext_mysql extends phpbb_search_base
return 'MySQL Fulltext';
}
/**
* Returns the search_query
*
* @return string search query
*/
public function get_search_query()
{
return $this->search_query;
}
/**
* Returns the common_words array
*
* @return array common words that are ignored by search backend
*/
public function get_common_words()
{
return $this->common_words;
}
/**
* Returns the word_length array
*
* @return array min and max word length for searching
*/
public function get_word_length()
{
return $this->word_length;
}
/**
* Checks for correct MySQL version and stores min/max word length in the config
*

36
phpBB/includes/search/fulltext_native.php
View File

@ -23,9 +23,9 @@ if (!defined('IN_PHPBB'))
class phpbb_search_fulltext_native extends phpbb_search_base
{
protected $stats = array();
public $word_length = array();
public $search_query;
public $common_words = array();
protected $word_length = array();
protected $search_query;
protected $common_words = array();
protected $must_contain_ids = array();
protected $must_not_contain_ids = array();
@ -73,6 +73,36 @@ class phpbb_search_fulltext_native extends phpbb_search_base
return 'phpBB Native Fulltext';
}
/**
* Returns the search_query
*
* @return string search query
*/
public function get_search_query()
{
return $this->search_query;
}
/**
* Returns the common_words array
*
* @return array common words that are ignored by search backend
*/
public function get_common_words()
{
return $this->common_words;
}
/**
* Returns the word_length array
*
* @return array min and max word length for searching
*/
public function get_word_length()
{
return $this->word_length;
}
/**
* This function fills $this->search_query with the cleaned user search query.
*

36
phpBB/includes/search/fulltext_postgres.php
View File

@ -31,9 +31,9 @@ class phpbb_search_fulltext_postgres extends phpbb_search_base
protected $config;
protected $db;
protected $user;
public $search_query;
public $common_words = array();
public $word_length = array();
protected $search_query;
protected $common_words = array();
protected $word_length = array();
/**
* Constructor
@ -72,6 +72,36 @@ class phpbb_search_fulltext_postgres extends phpbb_search_base
return 'PostgreSQL Fulltext';
}
/**
* Returns the search_query
*
* @return string search query
*/
public function get_search_query()
{
return $this->search_query;
}
/**
* Returns the common_words array
*
* @return array common words that are ignored by search backend
*/
public function get_common_words()
{
return $this->common_words;
}
/**
* Returns the word_length array
*
* @return array min and max word length for searching
*/
public function get_word_length()
{
return $this->word_length;
}
/**
* Returns if phrase search is supported or not
*

36
phpBB/includes/search/fulltext_sphinx.php
View File

@ -42,8 +42,8 @@ class phpbb_search_fulltext_sphinx
protected $dbtype;
protected $user;
protected $config_file_data = '';
public $search_query;
public $common_words = array();
protected $search_query;
protected $common_words = array();
/**
* Constructor
@ -87,7 +87,7 @@ class phpbb_search_fulltext_sphinx
$error = false;
}
/**
* Returns the name of this search backend to be displayed to administrators
*
@ -98,6 +98,36 @@ class phpbb_search_fulltext_sphinx
return 'Sphinx Fulltext';
}
/**
* Returns the search_query
*
* @return string search query
*/
public function get_search_query()
{
return $this->search_query;
}
/**
* Returns false as there is no word_len array
*
* @return false
*/
public function get_word_length()
{
return false;
}
/**
* Returns the common_words array
*
* @return array common words that are ignored by search backend
*/
public function get_common_words()
{
return $this->common_words;
}
/**
* Checks permissions and paths, if everything is correct it generates the config file
*

6
phpBB/includes/ucp/ucp_profile.php
View File

@ -46,9 +46,9 @@ class ucp_profile
$data = array(
'username' => utf8_normalize_nfc(request_var('username', $user->data['username'], true)),
'email' => strtolower(request_var('email', $user->data['user_email'])),
'new_password' => request_var('new_password', '', true),
'cur_password' => request_var('cur_password', '', true),
'password_confirm' => request_var('password_confirm', '', true),
'new_password' => $request->variable('new_password', '', true),
'cur_password' => $request->variable('cur_password', '', true),
'password_confirm' => $request->variable('password_confirm', '', true),
);
add_form_key('ucp_reg_details');

4
phpBB/includes/ucp/ucp_register.php
View File

@ -170,8 +170,8 @@ class ucp_register
$data = array(
'username' => utf8_normalize_nfc(request_var('username', '', true)),
'new_password' => request_var('new_password', '', true),
'password_confirm' => request_var('password_confirm', '', true),
'new_password' => $request->variable('new_password', '', true),
'password_confirm' => $request->variable('password_confirm', '', true),
'email' => strtolower(request_var('email', '')),
'lang' => basename(request_var('lang', $user->lang_name)),
'tz' => request_var('tz', $timezone),

18
phpBB/install/install_update.php
View File

@ -862,7 +862,14 @@ class install_update extends module
$test_connection = false;
if ($test_ftp_connection || $submit)
{
$transfer = new $method(request_var('host', ''), request_var('username', ''), request_var('password', ''), request_var('root_path', ''), request_var('port', ''), request_var('timeout', ''));
$transfer = new $method(
request_var('host', ''),
request_var('username', ''),
htmlspecialchars_decode($request->untrimmed_variable('password', '')),
request_var('root_path', ''),
request_var('port', ''),
request_var('timeout', '')
);
$test_connection = $transfer->open_session();
// Make sure that the directory is correct by checking for the existence of common.php
@ -948,7 +955,14 @@ class install_update extends module
}
else
{
$transfer = new $method(request_var('host', ''), request_var('username', ''), request_var('password', ''), request_var('root_path', ''), request_var('port', ''), request_var('timeout', ''));
$transfer = new $method(
request_var('host', ''),
request_var('username', ''),
htmlspecialchars_decode($request->untrimmed_variable('password', '')),
request_var('root_path', ''),
request_var('port', ''),
request_var('timeout', '')
);
$transfer->open_session();
}

22
phpBB/search.php
View File

@ -287,14 +287,24 @@ if ($keywords || $author || $author_id || $search_id || $submit)
trigger_error($error);
}
$common_words = $search->get_common_words();
// let the search module split up the keywords
if ($keywords)
{
$correct_query = $search->split_keywords($keywords, $search_terms);
if (!$correct_query || (empty($search->search_query) && !sizeof($author_id_ary) && !$search_id))
if (!$correct_query || (!$search->get_search_query() && !sizeof($author_id_ary) && !$search_id))
{
$ignored = (sizeof($search->common_words)) ? sprintf($user->lang['IGNORED_TERMS_EXPLAIN'], implode(' ', $search->common_words)) . '<br />' : '';
trigger_error($ignored . $user->lang('NO_KEYWORDS', $user->lang('CHARACTERS', (int) $search->word_length['min']), $user->lang('CHARACTERS', (int) $search->word_length['max'])));
$ignored = (sizeof($common_words)) ? sprintf($user->lang['IGNORED_TERMS_EXPLAIN'], implode(' ', $common_words)) . '<br />' : '';
$word_length = $search->get_word_length();
if ($word_length)
{
trigger_error($ignored . $user->lang('NO_KEYWORDS', $user->lang('CHARACTERS', (int) $word_length['min']), $user->lang('CHARACTERS', (int) $word_length['max'])));
}
else
{
trigger_error($ignored);
}
}
}
@ -526,7 +536,7 @@ if ($keywords || $author || $author_id || $search_id || $submit)
sort($m_approve_fid_ary);
sort($author_id_ary);
if (!empty($search->search_query))
if ($search->get_search_query())
{
$total_match_count = $search->keyword_search($show_results, $search_fields, $search_terms, $sort_by_sql, $sort_key, $sort_dir, $sort_days, $ex_fid_ary, $m_approve_fid_ary, $topic_id, $author_id_ary, $sql_author_match, $id_ary, $start, $per_page);
}
@ -609,8 +619,8 @@ if ($keywords || $author || $author_id || $search_id || $submit)
'SEARCH_TITLE' => $l_search_title,
'SEARCH_MATCHES' => $l_search_matches,
'SEARCH_WORDS' => $keywords,
'SEARCHED_QUERY' => $search->search_query,
'IGNORED_WORDS' => (sizeof($search->common_words)) ? implode(' ', $search->common_words) : '',
'SEARCHED_QUERY' => $search->get_search_query(),
'IGNORED_WORDS' => (sizeof($common_words)) ? implode(' ', $common_words) : '',
'PAGE_NUMBER' => phpbb_on_page($template, $user, $u_search, $total_match_count, $per_page, $start),
'PHRASE_SEARCH_DISABLED' => $phrase_search_disabled,

2
phpBB/styles/subsilver2/template/simple_footer.html
View File

@ -2,7 +2,7 @@
</div>
<div id="wrapfooter">
<span class="copyright">{CREDIT_LINE}
<span class="copyright">{CREDIT_LINE}</span>
</div>
<script type="text/javascript" src="{T_JQUERY_LINK}"></script>

20
tests/request/type_cast_helper_test.php
View File

@ -48,4 +48,24 @@ class phpbb_type_cast_helper_test extends phpbb_test_case
$this->assertEquals($expected, $data);
}
public function test_simple_untrimmed_recursive_set_var()
{
$data = " eviL<3\t\t";
$expected = " eviL&lt;3\t\t";
$this->type_cast_helper->recursive_set_var($data, '', true, false);
$this->assertEquals($expected, $data);
}
public function test_nested_untrimmed_recursive_set_var()
{
$data = array(" eviL<3\t\t");
$expected = array(" eviL&lt;3\t\t");
$this->type_cast_helper->recursive_set_var($data, array(0 => ''), true, false);
$this->assertEquals($expected, $data);
}
}