mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-07-30 21:40:43 +02:00
Code Issues Releases Wiki Activity

- clean up marklist calls (global function)

Browse Source 
- added new feature: test out others permissions (admin permissions will not be copied)
- changed attachment processing by directly using the template engine
- fixed some attachment related bugs
- additional tiny fixes


git-svn-id: file:///svn/phpbb/trunk@5790 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Meik Sievertsen
2006-04-17 13:09:50 +00:00
parent 8c2f02ca00
commit a0f8e1323a
49 changed files with 664 additions and 411 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
phpBB/includes/acp/acp_main.php
View File

@@ -154,7 +154,7 @@ class acp_main
switch ($action)
{
case 'online':
if (!$auth->acl_get('a_defaults'))
if (!$auth->acl_get('a_board'))
{
trigger_error($user->lang['NO_ADMIN']);
}
@@ -165,7 +165,7 @@ class acp_main
break;
case 'stats':
if (!$auth->acl_get('a_defaults'))
if (!$auth->acl_get('a_board'))
{
trigger_error($user->lang['NO_ADMIN']);
}
@@ -215,7 +215,7 @@ class acp_main
break;
case 'user':
if (!$auth->acl_get('a_defaults'))
if (!$auth->acl_get('a_board'))
{
trigger_error($user->lang['NO_ADMIN']);
}
@@ -256,7 +256,7 @@ class acp_main
break;
case 'date':
if (!$auth->acl_get('a_defaults'))
if (!$auth->acl_get('a_board'))
{
trigger_error($user->lang['NO_ADMIN']);
}
@@ -347,7 +347,7 @@ class acp_main
'U_ACTION' => "{$phpbb_admin_path}index.$phpEx$SID",
'S_ACTION_OPTIONS' => $s_action_options,
'S_ACTION_OPTIONS' => ($auth->acl_get('a_board')) ? $s_action_options : '',
)
);

4
phpBB/includes/acp/acp_users.php
View File

@@ -734,7 +734,9 @@ class acp_users
'U_SHOW_IP' => $this->u_action . "&u=$user_id&ip=" . (($ip == 'ip') ? 'hostname' : 'ip'),
'U_WHOIS' => $this->u_action . "&action=whois&user_ip={$user_row['user_ip']}",
'U_SWITCH_PERMISSIONS' => ($auth->acl_get('a_switchperm') && $user->data['user_id'] != $user_row['user_id']) ? "{$phpbb_root_path}ucp.$phpEx$SID&mode=switch_perm&u={$user_row['user_id']}" : '',
'USER' => $user_row['username'],
'USER_REGISTERED' => $user->format_date($user_row['user_regdate']),
'REGISTERED_IP' => ($ip == 'hostname') ? gethostbyaddr($user_row['user_ip']) : $user_row['user_ip'],

53
phpBB/includes/acp/auth.php
View File

@@ -1101,6 +1101,59 @@ class auth_admin extends auth
}
}
}
/**
* Use permissions from another user. This transferes a permission set from one user to another.
* The other user is always able to revert back to his permission set.
* This function does not check for lower/higher permissions, it is possible for the user to gain
* "more" permissions by this.
*
*/
function ghost_permissions($from_user_id, $to_user_id)
{
global $db;
if ($to_user_id == ANONYMOUS)
{
return false;
}
$hold_ary = $this->acl_raw_data($from_user_id, false, false);
if (isset($hold_ary[$from_user_id]))
{
$hold_ary = $hold_ary[$from_user_id];
}
// Key 0 in $hold_ary are global options, all others are forum_ids
// We disallow copying admin permissions
foreach ($this->acl_options['global'] as $opt => $id)
{
if (strpos($opt, 'a_') === 0)
{
$hold_ary[0][$opt] = ACL_NO;
}
}
// Force a_switchperm to be allowed
$hold_ary[0]['a_switchperm'] = ACL_YES;
$user_permissions = $this->build_bitstring($hold_ary);
if (!$user_permissions)
{
return false;
}
$sql = 'UPDATE ' . USERS_TABLE . "
SET user_permissions = '" . $db->sql_escape($user_permissions) . "',
user_perm_from = $from_user_id
WHERE user_id = " . $to_user_id;
$db->sql_query($sql);
return true;
}
}
?>

37
phpBB/includes/auth.php
View File

@@ -325,12 +325,34 @@ class auth
{
if (strpos($opt, 'a_') === 0)
{
$hold_ary[0][$opt] = 1;
$hold_ary[0][$opt] = ACL_YES;
}
}
}
$hold_str = $this->build_bitstring($hold_ary);
if ($hold_str)
{
$userdata['user_permissions'] = $hold_str;
$sql = 'UPDATE ' . USERS_TABLE . "
SET user_permissions = '" . $db->sql_escape($userdata['user_permissions']) . "',
user_perm_from = 0
WHERE user_id = " . $userdata['user_id'];
$db->sql_query($sql);
}
return;
}
/**
* Build bitstring from permission set
*/
function build_bitstring(&$hold_ary)
{
$hold_str = '';
if (sizeof($hold_ary))
{
ksort($hold_ary);
@@ -379,16 +401,10 @@ class auth
}
unset($bitstring);
$userdata['user_permissions'] = rtrim($hold_str);
$sql = 'UPDATE ' . USERS_TABLE . "
SET user_permissions = '" . $db->sql_escape($userdata['user_permissions']) . "'
WHERE user_id = " . $userdata['user_id'];
$db->sql_query($sql);
$hold_str = rtrim($hold_str);
}
unset($hold_ary);
return;
return $hold_str;
}
/**
@@ -401,7 +417,8 @@ class auth
$where_sql = ($user_id !== false) ? ' WHERE user_id ' . ((is_array($user_id)) ? ' IN (' . implode(', ', array_map('intval', $user_id)) . ')' : " = $user_id") : '';
$sql = 'UPDATE ' . USERS_TABLE . "
SET user_permissions = ''
SET user_permissions = '',
user_perm_from = 0
$where_sql";
$db->sql_query($sql);

25
phpBB/includes/functions.php
View File

@@ -147,23 +147,6 @@ function unique_id($extra = 0, $prefix = false)
return uniqid(($prefix === false) ? mt_rand() : $prefix, true);
}
/**
* Get userdata
* @param mixed $user user id or username
*/
function get_userdata($user)
{
global $db;
$sql = 'SELECT *
FROM ' . USERS_TABLE . '
WHERE ';
$sql .= ((is_integer($user)) ? "user_id = $user" : "username = '" . $db->sql_escape($user) . "'") . " AND user_id <> " . ANONYMOUS;
$result = $db->sql_query($sql);
return ($row = $db->sql_fetchrow($result)) ? $row : false;
}
/**
* Generate sort selection fields
*/
@@ -1654,10 +1637,11 @@ function decode_message(&$message, $bbcode_uid = '')
'#<!\-\- w \-\-><a href="http:\/\/(.*?)" target="_blank">.*?</a><!\-\- w \-\->#',
'#<!\-\- l \-\-><a href="(.*?)">.*?</a><!\-\- l \-\->#',
'#<!\-\- s(.*?) \-\-><img src="\{SMILIES_PATH\}\/.*? \/><!\-\- s\1 \-\->#',
'#<!\-\- .*? \-\->#s',
'#<.*?>#s'
);
$replace = array('\1', '\1', '\1', '\1', '\1', '&lt;\1&gt;');
$replace = array('\1', '\1', '\1', '\1', '\1', '', '&lt;\1&gt;');
$message = preg_replace($match, $replace, $message);
@@ -1863,7 +1847,7 @@ function parse_inline_attachments(&$text, &$attachments, &$update_count, $forum_
{
global $config, $user;
$attachments = display_attachments($forum_id, NULL, $attachments, $update_count, $preview, true);
$attachments = display_attachments($forum_id, NULL, $attachments, $update_count, false, true);
$tpl_size = sizeof($attachments);
$unset_tpl = array();
@@ -2013,7 +1997,7 @@ function add_log()
$forum_id = ($mode == 'mod') ? intval(array_shift($args)) : '';
$topic_id = ($mode == 'mod') ? intval(array_shift($args)) : '';
$action = array_shift($args);
$data = (!sizeof($args)) ? '' : $db->sql_escape(serialize($args));
$data = (!sizeof($args)) ? '' : serialize($args);
$sql_ary = array(
'user_id' => $user->data['user_id'],
@@ -2533,6 +2517,7 @@ function page_header($page_title = '')
'U_SEARCH_ACTIVE_TOPICS'=> "{$phpbb_root_path}search.$phpEx$SID&amp;search_id=active_topics",
'U_DELETE_COOKIES' => "{$phpbb_root_path}ucp.$phpEx$SID&amp;mode=delete_cookies",
'U_TEAM' => "{$phpbb_root_path}memberlist.$phpEx$SID&amp;mode=leaders",
'U_RESTORE_PERMISSIONS' => ($user->data['user_perm_from'] && $auth->acl_get('a_switchperm')) ? "{$phpbb_root_path}ucp.$phpEx$SID&amp;mode=restore_perm" : '',
'S_USER_LOGGED_IN' => ($user->data['user_id'] != ANONYMOUS) ? true : false,
'S_REGISTERED_USER' => $user->data['is_registered'],

191
phpBB/includes/functions_display.php
View File

@@ -578,13 +578,13 @@ function gen_forum_auth_level($mode, $forum_id, $forum_status)
global $SID, $template, $auth, $user;
$locked = ($forum_status == ITEM_LOCKED && !$auth->acl_get('m_edit', $forum_id)) ? true : false;
$rules = array(
($auth->acl_get('f_post', $forum_id) && !$locked) ? $user->lang['RULES_POST_CAN'] : $user->lang['RULES_POST_CANNOT'],
($auth->acl_get('f_reply', $forum_id) && !$locked) ? $user->lang['RULES_REPLY_CAN'] : $user->lang['RULES_REPLY_CANNOT'],
($auth->acl_gets('f_edit', 'm_edit', $forum_id) && !$locked) ? $user->lang['RULES_EDIT_CAN'] : $user->lang['RULES_EDIT_CANNOT'],
($auth->acl_gets('f_delete', 'm_delete', $forum_id) && !$locked) ? $user->lang['RULES_DELETE_CAN'] : $user->lang['RULES_DELETE_CANNOT'],
($auth->acl_get('f_attach', $forum_id) && $auth->acl_get('u_attach', $forum_id) && !$locked) ? $user->lang['RULES_ATTACH_CAN'] : $user->lang['RULES_ATTACH_CANNOT']
($auth->acl_get('f_attach', $forum_id) && $auth->acl_get('u_attach') && !$locked) ? $user->lang['RULES_ATTACH_CAN'] : $user->lang['RULES_ATTACH_CANNOT']
);
foreach ($rules as $rule)
@@ -670,41 +670,13 @@ function topic_status(&$topic_row, $replies, $unread_topic, &$folder_img, &$fold
function display_attachments($forum_id, $blockname, &$attachment_data, &$update_count, $force_physical = false, $return = false)
{
global $template, $cache, $user;
global $attachment_tpl, $extensions, $config, $phpbb_root_path, $phpEx, $SID;
global $extensions, $config, $phpbb_root_path, $phpEx, $SID;
// $starttime = explode(' ', microtime());
// $starttime = $starttime[1] + $starttime[0];
$return_tpl = array();
$blocks = array(ATTACHMENT_CATEGORY_WM => 'WM_STREAM', ATTACHMENT_CATEGORY_RM => 'RM_STREAM', ATTACHMENT_CATEGORY_THUMB => 'THUMBNAIL', ATTACHMENT_CATEGORY_IMAGE => 'IMAGE');
if (!isset($attachment_tpl))
{
if (!($attachment_tpl = $cache->get('attachment_tpl')))
{
$attachment_tpl = array();
$template_filename = $phpbb_root_path . 'styles/' . $user->theme['template_path'] . '/template/attachment.html';
if (($attachment_template = file_get_contents($template_filename)) === false)
{
trigger_error('Could not load template file "' . $template_filename . '"');
}
// replace \ with \\ and then ' with \'.
$attachment_template = str_replace('\\', '\\\\', $attachment_template);
$attachment_template = str_replace("'", "\'", $attachment_template);
preg_match_all('#<!-- BEGIN (.*?) -->(.*?)<!-- END (.*?) -->#s', $attachment_template, $tpl);
foreach ($tpl[1] as $num => $block_name)
{
$attachment_tpl[$block_name] = $tpl[2][$num];
}
unset($tpl);
$cache->put('attachment_tpl', $attachment_tpl);
}
}
$template->set_filenames(array(
'attachment_tpl' => 'attachment.html')
);
if (empty($extensions) || !is_array($extensions))
{
@@ -714,62 +686,55 @@ function display_attachments($forum_id, $blockname, &$attachment_data, &$update_
foreach ($attachment_data as $attachment)
{
// We need to reset/empty the _file block var, because this function might be called more than once
$template->reset_block_vars('_file');
$block_array = array();
// Some basics...
$attachment['extension'] = strtolower(trim($attachment['extension']));
$filename = $phpbb_root_path . $config['upload_path'] . '/' . basename($attachment['physical_filename']);
$thumbnail_filename = $phpbb_root_path . $config['upload_path'] . '/thumb_' . basename($attachment['physical_filename']);
$upload_image = '';
$upload_icon = '';
if ($user->img('icon_attach', '') && !$extensions[$attachment['extension']]['upload_icon'])
{
$upload_image = $user->img('icon_attach', '');
$upload_icon = $user->img('icon_attach', '');
}
else if ($extensions[$attachment['extension']]['upload_icon'])
{
$upload_image = '<img src="' . $phpbb_root_path . $config['upload_icons_path'] . '/' . trim($extensions[$attachment['extension']]['upload_icon']) . '" alt="" border="0" />';
$upload_icon = '<img src="' . $phpbb_root_path . $config['upload_icons_path'] . '/' . trim($extensions[$attachment['extension']]['upload_icon']) . '" alt="" />';
}
$filesize = $attachment['filesize'];
$size_lang = ($filesize >= 1048576) ? $user->lang['MB'] : ( ($filesize >= 1024) ? $user->lang['KB'] : $user->lang['BYTES'] );
$filesize = ($filesize >= 1048576) ? round((round($filesize / 1048576 * 100) / 100), 2) : (($filesize >= 1024) ? round((round($filesize / 1024 * 100) / 100), 2) : $filesize);
$display_name = basename($attachment['real_filename']);
$comment = str_replace("\n", '<br />', censor_text($attachment['comment']));
$block_array += array(
'UPLOAD_ICON' => $upload_icon,
'FILESIZE' => $filesize,
'SIZE_LANG' => $size_lang,
'DOWNLOAD_NAME' => basename($attachment['real_filename']),
'COMMENT' => $comment,
);
$denied = false;
if (!extension_allowed($forum_id, $attachment['extension'], $extensions))
{
$denied = true;
$template_array['VAR'] = array('{L_DENIED}');
$template_array['VAL'] = array(sprintf($user->lang['EXTENSION_DISABLED_AFTER_POSTING'], $attachment['extension']));
$tpl = str_replace($template_array['VAR'], $template_array['VAL'], $attachment_tpl['DENIED']);
// Replace {L_*} lang strings
$tpl = preg_replace('/{L_([A-Z_]+)}/e', "(!empty(\$user->lang['\$1'])) ? \$user->lang['\$1'] : ucwords(strtolower(str_replace('_', ' ', '\$1')))", $tpl);
if (!$return)
{
$template->assign_block_vars($blockname, array(
'DISPLAY_ATTACHMENT' => $tpl)
);
}
else
{
$return_tpl[] = $tpl;
}
$block_array += array(
'S_DENIED' => true,
'DENIED_MESSAGE' => sprintf($user->lang['EXTENSION_DISABLED_AFTER_POSTING'], $attachment['extension'])
);
}
if (!$denied)
{
$l_downloaded_viewed = '';
$download_link = '';
$additional_array['VAR'] = $additional_array['VAL'] = array();
$l_downloaded_viewed = $download_link = '';
$display_cat = $extensions[$attachment['extension']]['display_cat'];
if ($display_cat == ATTACHMENT_CATEGORY_IMAGE)
@@ -800,102 +765,108 @@ function display_attachments($forum_id, $blockname, &$attachment_data, &$update_
{
// Images
case ATTACHMENT_CATEGORY_IMAGE:
$img_source = $filename;
$update_count[] = $attachment['attach_id'];
$l_downloaded_viewed = $user->lang['VIEWED'];
$download_link = $img_source;
break;
$download_link = $filename;
$block_array += array(
'S_IMAGE' => true,
);
$update_count[] = $attachment['attach_id'];
break;
// Images, but display Thumbnail
case ATTACHMENT_CATEGORY_THUMB:
$thumb_source = $thumbnail_filename;
$l_downloaded_viewed = $user->lang['VIEWED'];
$download_link = (!$force_physical) ? $phpbb_root_path . "download.$phpEx$SID&amp;id=" . $attachment['attach_id'] : $filename;
$download_link = (!$force_physical && $attachment['attach_id']) ? $phpbb_root_path . "download.$phpEx$SID&amp;id=" . $attachment['attach_id'] : $filename;
$additional_array['VAR'][] = '{THUMB_IMG}';
$additional_array['VAL'][] = $thumb_source;
break;
$block_array += array(
'S_THUMBNAIL' => true,
'THUMB_IMAGE' => $thumbnail_filename,
);
break;
// Windows Media Streams
case ATTACHMENT_CATEGORY_WM:
$l_downloaded_viewed = $user->lang['VIEWED'];
$download_link = $filename;
$block_array += array(
'S_WM_FILE' => true,
);
// Viewed/Heared File ... update the download count (download.php is not called here)
$update_count[] = $attachment['attach_id'];
break;
break;
// Real Media Streams
case ATTACHMENT_CATEGORY_RM:
$l_downloaded_viewed = $user->lang['VIEWED'];
$download_link = $filename;
$additional_array['VAR'][] = '{U_FORUM}';
$additional_array['VAL'][] = generate_board_url();
$additional_array['VAR'][] = '{ATTACH_ID}';
$additional_array['VAL'][] = $attachment['attach_id'];
$block_array += array(
'S_RM_FILE' => true,
'U_FORUM' => generate_board_url(),
'ATTACH_ID' => $attachment['attach_id'],
);
// Viewed/Heared File ... update the download count (download.php is not called here)
$update_count[] = $attachment['attach_id'];
break;
/*
// Macromedia Flash Files
/* // Macromedia Flash Files
case SWF_CAT:
list($width, $height) = swf_getdimension($filename);
$l_downloaded_viewed = $user->lang['VIEWED'];
$download_link = $filename;
$additional_array = array(
'WIDTH' => $width,
'HEIGHT' => $height
$block_array += array(
'S_SWF_FILE' => true,
'WIDTH' => $width,
'HEIGHT' => $height,
);
// Viewed/Heared File ... update the download count (download.php is not called here)
$update_count[] = $attachment['attach_id'];
break;
break;
*/
default:
$l_downloaded_viewed = $user->lang['DOWNLOADED'];
$download_link = (!$force_physical) ? $phpbb_root_path . "download.$phpEx$SID&amp;id=" . $attachment['attach_id'] : $filename;
break;
$download_link = (!$force_physical && $attachment['attach_id']) ? $phpbb_root_path . "download.$phpEx$SID&amp;id=" . $attachment['attach_id'] : $filename;
$block_array += array(
'S_FILE' => true,
);
break;
}
$l_download_count = (!isset($attachment['download_count']) || $attachment['download_count'] == 0) ? $user->lang['DOWNLOAD_NONE'] : (($attachment['download_count'] == 1) ? sprintf($user->lang['DOWNLOAD_COUNT'], $attachment['download_count']) : sprintf($user->lang['DOWNLOAD_COUNTS'], $attachment['download_count']));
$current_block = ($display_cat) ? $blocks[$display_cat] : 'FILE';
$template_array['VAR'] = array_merge($additional_array['VAR'], array(
'{DOWNLOAD_NAME}', '{FILESIZE}', '{SIZE_VAR}', '{COMMENT}', '{U_DOWNLOAD_LINK}', '{UPLOAD_IMG}', '{L_DOWNLOADED_VIEWED}', '{L_DOWNLOAD_COUNT}')
$block_array += array(
'U_DOWNLOAD_LINK' => $download_link,
'L_DOWNLOADED_VIEWED' => $l_downloaded_viewed,
'L_DOWNLOAD_COUNT' => $l_download_count
);
}
$template_array['VAL'] = array_merge($additional_array['VAL'], array(
$display_name, $filesize, $size_lang, $comment, $download_link, $upload_image, $l_downloaded_viewed, $l_download_count)
$template->assign_block_vars('_file', $block_array);
$tpl = $template->assign_display('attachment_tpl');
if (!$return)
{
$template->assign_block_vars($blockname, array(
'DISPLAY_ATTACHMENT' => $tpl)
);
$tpl = str_replace($template_array['VAR'], $template_array['VAL'], $attachment_tpl[$current_block]);
// Replace {L_*} lang strings
$tpl = preg_replace('/{L_([A-Z_]+)}/e', "(!empty(\$user->lang['\$1'])) ? \$user->lang['\$1'] : ucwords(strtolower(str_replace('_', ' ', '\$1')))", $tpl);
if (!$return)
{
$template->assign_block_vars($blockname, array(
'DISPLAY_ATTACHMENT' => $tpl)
);
}
else
{
$return_tpl[] = $tpl;
}
}
else
{
$return_tpl[] = $tpl;
}
}
return $return_tpl;
// $mtime = explode(' ', microtime());
// $totaltime = $mtime[0] + $mtime[1] - $starttime;
}
/**

51
phpBB/includes/functions_template.php
View File

@@ -40,6 +40,10 @@ class template_compile
{
var $template;
// Various storage arrays
var $block_names = array();
var $block_else_level = array();
/**
* constuctor
*/
@@ -120,57 +124,54 @@ class template_compile
switch ($blocks[1][$curr_tb])
{
case 'BEGIN':
$this->template->block_else_level[] = false;
$this->block_else_level[] = false;
$compile_blocks[] = '<?php ' . $this->compile_tag_block($blocks[2][$curr_tb]) . ' ?>';
break;
break;
case 'BEGINELSE':
$this->template->block_else_level[sizeof($this->template->block_else_level) - 1] = true;
$this->block_else_level[sizeof($this->block_else_level) - 1] = true;
$compile_blocks[] = '<?php }} else { ?>';
break;
break;
case 'END':
array_pop($this->template->block_names);
$compile_blocks[] = '<?php ' . ((array_pop($this->template->block_else_level)) ? '}' : '}}') . ' ?>';
break;
array_pop($this->block_names);
$compile_blocks[] = '<?php ' . ((array_pop($this->block_else_level)) ? '}' : '}}') . ' ?>';
break;
case 'IF':
$compile_blocks[] = '<?php ' . $this->compile_tag_if($blocks[2][$curr_tb], false) . ' ?>';
break;
break;
case 'ELSE':
$compile_blocks[] = '<?php } else { ?>';
break;
break;
case 'ELSEIF':
$compile_blocks[] = '<?php ' . $this->compile_tag_if($blocks[2][$curr_tb], true) . ' ?>';
break;
break;
case 'ENDIF':
$compile_blocks[] = '<?php } ?>';
break;
break;
case 'DEFINE':
$compile_blocks[] = '<?php ' . $this->compile_tag_define($blocks[2][$curr_tb], true) . ' ?>';
break;
break;
case 'UNDEFINE':
$compile_blocks[] = '<?php ' . $this->compile_tag_define($blocks[2][$curr_tb], false) . ' ?>';
break;
break;
case 'INCLUDE':
$temp = '';
list(, $temp) = each($include_blocks);
$temp = array_shift($include_blocks);
$compile_blocks[] = '<?php ' . $this->compile_tag_include($temp) . ' ?>';
$this->template->_tpl_include($temp, false);
break;
break;
case 'INCLUDEPHP':
if ($config['tpl_php'])
{
$temp = '';
list(, $temp) = each($includephp_blocks);
$compile_blocks[] = '<?php ' . $this->compile_tag_include_php($temp) . ' ?>';
$compile_blocks[] = '<?php ' . $this->compile_tag_include_php(array_shift($includephp_blocks)) . ' ?>';
}
else
{
@@ -181,9 +182,7 @@ class template_compile
case 'PHP':
if ($config['tpl_php'])
{
$temp = '';
list(, $temp) = each($php_blocks);
$compile_blocks[] = '<?php ' . $temp . ' ?>';
$compile_blocks[] = '<?php ' . array_shift($php_blocks) . ' ?>';
}
else
{
@@ -306,9 +305,9 @@ class template_compile
}
$tag_template_php = '';
array_push($this->template->block_names, $tag_args);
array_push($this->block_names, $tag_args);
if (sizeof($this->template->block_names) < 2)
if (sizeof($this->block_names) < 2)
{
// Block is not nested.
$tag_template_php = '$_' . $tag_args . "_count = (isset(\$this->_tpldata['$tag_args'])) ? sizeof(\$this->_tpldata['$tag_args']) : 0;";
@@ -321,11 +320,11 @@ class template_compile
if ($no_nesting !== false)
{
// We need to implode $no_nesting times from the end...
$namespace = implode('.', array_slice($this->template->block_names, -$no_nesting));
$namespace = implode('.', array_slice($this->block_names, -$no_nesting));
}
else
{
$namespace = implode('.', $this->template->block_names);
$namespace = implode('.', $this->block_names);
}
// Get a reference to the data array for this block that depends on the

33
phpBB/includes/functions_upload.php
View File

@@ -164,6 +164,39 @@ class filespec
return array_pop($filename);
}
/**
* Get mimetype
*/
function get_mimetype($filename)
{
if (function_exists('mime_content_type'))
{
$mimetype = mime_content_type($filename);
}
else
{
$mimetype = 'application/octetstream';
}
// Opera adds the name to the mime type
$mimetype = (strpos($mimetype, '; name') !== false) ? str_replace(strstr($mimetype, '; name'), '', $mimetype) : $mimetype;
if (!$mimetype)
{
$mimetype = 'application/octetstream';
}
return $mimetype;
}
/**
* Get filesize
*/
function get_filesize($filename)
{
return @filesize($filename);
}
/**
* Move file to destination folder
*

7
phpBB/includes/mcp/mcp_warn.php
View File

@@ -306,7 +306,12 @@ function mcp_warn_user_view($id, $mode, $action)
$sql_where = ($user_id) ? "user_id = $user_id" : "username = '" . $db->sql_escape($username) . "'";
$userrow = get_userdata($user_id);
$sql = 'SELECT *
FROM ' . USERS_TABLE . '
WHERE ' . $sql_where;
$result = $db->sql_query($sql);
$userrow = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
$user_id = $userrow['user_id'];

101
phpBB/includes/message_parser.php
View File

@@ -977,9 +977,9 @@ class parse_message extends bbcode_firstpass
$this->filename_data['filecomment'] = request_var('filecomment', '', true);
$upload_file = (isset($_FILES[$form_name]) && $_FILES[$form_name]['name'] != 'none' && trim($_FILES[$form_name]['name'])) ? true : false;
$add_file = (isset($_POST['add_file']));
$delete_file = (isset($_POST['delete_file']));
$edit_comment = (isset($_POST['edit_comment']));
$add_file = (isset($_POST['add_file'])) ? true : false;
$delete_file = (isset($_POST['delete_file'])) ? true : false;
$edit_comment = (isset($_POST['edit_comment'])) ? true : false;
$cfg = array();
$cfg['max_attachments'] = ($is_message) ? $config['max_attachments_pm'] : $config['max_attachments'];
@@ -1063,6 +1063,9 @@ class parse_message extends bbcode_firstpass
if ($edit_comment)
{
$actual_comment_list = request_var('comment_list', array(''), true);
$edit_comment = key(request_var('edit_comment', array(0 => '')));
$this->attachment_data[$edit_comment]['comment'] = $actual_comment_list[$edit_comment];
}
if (($add_file || $preview) && $upload_file)
@@ -1105,26 +1108,102 @@ class parse_message extends bbcode_firstpass
}
}
// Get Attachment Data
/**
* Get Attachment Data
*/
function get_submitted_attachment_data()
{
global $user, $db, $phpbb_root_path, $phpEx, $config;
$this->filename_data['filecomment'] = request_var('filecomment', '', true);
$this->attachment_data = (isset($_POST['attachment_data'])) ? $_POST['attachment_data'] : array();
//
$data_prepare = array('physical_filename' => 's', 'real_filename' => 's', 'comment' => 's', 'extension' => 's', 'mimetype' => 's',
'filesize' => 'i', 'filetime' => 'i', 'attach_id' => 'i', 'thumbnail' => 'i');
// Regenerate data array...
$attach_ids = $filenames = array();
foreach ($this->attachment_data as $pos => $var_ary)
{
foreach ($data_prepare as $var => $type)
if ($var_ary['attach_id'])
{
if ($type == 's')
$attach_ids[(int) $this->attachment_data[$pos]['attach_id']] = $pos;
}
else
{
$filenames[$pos] = '';
set_var($filenames[$pos], $this->attachment_data[$pos]['physical_filename'], 'string');
$filenames[$pos] = basename($filenames[$pos]);
}
}
$this->attachment_data = array();
// Regenerate already posted attachments...
if (sizeof($attach_ids))
{
// Get the data from the attachments
$sql = 'SELECT attach_id, physical_filename, real_filename, extension, mimetype, filesize, filetime, thumbnail
FROM ' . ATTACHMENTS_TABLE . '
WHERE attach_id IN (' . implode(', ', array_keys($attach_ids)) . ')
AND poster_id = ' . $user->data['user_id'];
$result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result))
{
if (isset($attach_ids[$row['attach_id']]))
{
$this->attachment_data[$pos][$var] = trim(htmlspecialchars(str_replace(array("\r\n", "\r", '\xFF'), array("\n", "\n", ' '), stripslashes($this->attachment_data[$pos][$var]))));
$pos = $attach_ids[$row['attach_id']];
$this->attachment_data[$pos] = $row;
set_var($this->attachment_data[$pos]['comment'], $_POST['attachment_data'][$pos]['comment'], 'string', true);
unset($attach_ids[$row['attach_id']]);
}
}
$db->sql_freeresult($result);
if (sizeof($attach_ids))
{
trigger_error('NO_ACCESS_ATTACHMENT');
}
}
// Regenerate newly uploaded attachments
if (sizeof($filenames))
{
include_once($phpbb_root_path . 'includes/functions_upload.' . $phpEx);
$sql = 'SELECT attach_id
FROM ' . ATTACHMENTS_TABLE . "
WHERE LOWER(physical_filename) IN ('" . implode("', '", array_map('strtolower', $filenames)) . "')";
$result = $db->sql_query_limit($sql, 1);
$row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
if ($row)
{
trigger_error('NO_ACCESS_ATTACHMENT');
}
foreach ($filenames as $pos => $physical_filename)
{
$this->attachment_data[$pos] = array(
'physical_filename' => $physical_filename,
'extension' => strtolower(filespec::get_extension($phpbb_root_path . $config['upload_path'] . '/' . $physical_filename)),
'filesize' => filespec::get_filesize($phpbb_root_path . $config['upload_path'] . '/' . $physical_filename),
'attach_id' => 0,
'thumbnail' => (file_exists($phpbb_root_path . $config['upload_path'] . '/thumb_' . $physical_filename)) ? 1 : 0,
);
set_var($this->attachment_data[$pos]['comment'], $_POST['attachment_data'][$pos]['comment'], 'string', true);
set_var($this->attachment_data[$pos]['real_filename'], $_POST['attachment_data'][$pos]['real_filename'], 'string', true);
set_var($this->attachment_data[$pos]['filetime'], $_POST['attachment_data'][$pos]['filetime'], 'int');
if (strpos($_POST['attachment_data'][$pos]['mimetype'], 'image/') !== false)
{
set_var($this->attachment_data[$pos]['mimetype'], $_POST['attachment_data'][$pos]['mimetype'], 'string');
}
else
{
$this->attachment_data[$pos][$var] = (int) $this->attachment_data[$pos][$var];
$this->attachment_data[$pos]['mimetype'] = filespec::get_mimetype($phpbb_root_path . $config['upload_path'] . '/' . $physical_filename);
}
}
}

53
phpBB/includes/template.php
View File

@@ -18,21 +18,7 @@ if (!defined('IN_PHPBB'))
/**
* @package phpBB3
*
* Template class.
*
* psoTFX - Completion of file caching, decompilation routines and implementation of
* conditionals/keywords and associated changes
*
* The interface was inspired by PHPLib templates, and the template file (formats are
* quite similar)
*
* The keyword/conditional implementation is currently based on sections of code from
* the Smarty templating engine (c) 2001 ispi of Lincoln, Inc. which is released
* (on its own and in whole) under the LGPL. Section 3 of the LGPL states that any code
* derived from an LGPL application may be relicenced under the GPL, this applies
* to this source
*
* DEFINE directive inspired by a request by Cyberalien
* Base Template class.
*/
class template
{
@@ -52,11 +38,6 @@ class template
// this will hash handle names to the compiled/uncompiled code for that handle.
var $compiled_code = array();
// Various counters and storage arrays
var $block_names = array();
var $block_else_level = array();
var $block_nesting_level = 0;
var $static_lang;
/**
@@ -153,7 +134,7 @@ class template
* Display the handle and assign the output to a template variable
* @public
*/
function assign_display($handle, $template_var, $return_content = false, $include_once = true)
function assign_display($handle, $template_var = '', $return_content = true, $include_once = false)
{
ob_start();
$this->display($handle, $include_once);
@@ -357,6 +338,36 @@ class template
return true;
}
/**
* Reset/empty complete block
* @public
*/
function reset_block_vars($blockname)
{
if (strpos($blockname, '.') !== false)
{
// Nested block.
$blocks = explode('.', $blockname);
$blockcount = sizeof($blocks) - 1;
$str = &$this->_tpldata;
for ($i = 0; $i < $blockcount; $i++)
{
$str = &$str[$blocks[$i]];
$str = &$str[sizeof($str) - 1];
}
unset($str[$blocks[$blockcount]]);
}
else
{
// Top-level block.
unset($this->_tpldata[$blockname]);
}
return true;
}
/**
* Change already assigned key variable pair (one-dimensional - single loop entry)
*

74
phpBB/includes/ucp/ucp_pm_compose.php
View File

@@ -73,8 +73,8 @@ function compose_pm($id, $mode, $action)
{
trigger_error('NO_AUTH_SEND_MESSAGE');
}
break;
break;
case 'reply':
case 'quote':
case 'forward':
@@ -112,7 +112,7 @@ function compose_pm($id, $mode, $action)
AND t.msg_id = p.msg_id
AND p.msg_id = $msg_id";
}
break;
break;
case 'edit':
if (!$msg_id)
@@ -127,7 +127,7 @@ function compose_pm($id, $mode, $action)
AND t.folder_id = ' . PRIVMSGS_OUTBOX . "
AND t.msg_id = $msg_id
AND t.msg_id = p.msg_id";
break;
break;
case 'delete':
if (!$auth->acl_get('u_pm_delete'))
@@ -144,11 +144,11 @@ function compose_pm($id, $mode, $action)
FROM ' . PRIVMSGS_TO_TABLE . '
WHERE user_id = ' . $user->data['user_id'] . "
AND msg_id = $msg_id";
break;
break;
case 'smilies':
generate_smilies('window', 0);
break;
break;
default:
trigger_error('NO_ACTION_MODE');
@@ -175,42 +175,46 @@ function compose_pm($id, $mode, $action)
$db->sql_freeresult($result);
$msg_id = (int) $post['msg_id'];
$enable_urls = $post['enable_magic_url'];
$enable_sig = (isset($post['enable_sig'])) ? $post['enable_sig'] : 0;
$message_attachment = (isset($post['message_attachement'])) ? $post['message_attachement'] : 0;
$message_text = $post['message_text'];
$message_subject = $post['message_subject'];
$quote_username = (isset($post['quote_username'])) ? $post['quote_username'] : '';
$message_time = $post['message_time'];
$icon_id = (isset($post['icon_id'])) ? $post['icon_id'] : 0;
$folder_id = (isset($post['folder_id'])) ? $post['folder_id'] : 0;
$bbcode_uid = $post['bbcode_uid'];
$msg_id = (int) $post['msg_id'];
$folder_id = (isset($post['folder_id'])) ? $post['folder_id'] : 0;
$message_text = (isset($post['message_text'])) ? $post['message_text'] : '';
if (!$post['author_id'] && $msg_id)
{
trigger_error('NO_AUTHOR');
}
if (($action == 'reply' || $action == 'quote' || $action == 'quotepost') && !sizeof($address_list) && !$refresh && !$submit && !$preview)
if ($action != 'delete')
{
$address_list = array('u' => array($post['author_id'] => 'to'));
}
else if ($action == 'edit' && !sizeof($address_list) && !$refresh && !$submit && !$preview)
{
// Rebuild TO and BCC Header
$address_list = rebuild_header(array('to' => $post['to_address'], 'bcc' => $post['bcc_address']));
}
$enable_urls = $post['enable_magic_url'];
$enable_sig = (isset($post['enable_sig'])) ? $post['enable_sig'] : 0;
if ($action == 'quotepost')
{
$check_value = 0;
}
else
{
$check_value = (($post['enable_bbcode']+1) << 8) + (($post['enable_smilies']+1) << 4) + (($enable_urls+1) << 2) + (($post['enable_sig']+1) << 1);
$message_attachment = (isset($post['message_attachement'])) ? $post['message_attachement'] : 0;
$message_subject = $post['message_subject'];
$message_time = $post['message_time'];
$bbcode_uid = $post['bbcode_uid'];
$quote_username = (isset($post['quote_username'])) ? $post['quote_username'] : '';
$icon_id = (isset($post['icon_id'])) ? $post['icon_id'] : 0;
if (($action == 'reply' || $action == 'quote' || $action == 'quotepost') && !sizeof($address_list) && !$refresh && !$submit && !$preview)
{
$address_list = array('u' => array($post['author_id'] => 'to'));
}
else if ($action == 'edit' && !sizeof($address_list) && !$refresh && !$submit && !$preview)
{
// Rebuild TO and BCC Header
$address_list = rebuild_header(array('to' => $post['to_address'], 'bcc' => $post['bcc_address']));
}
if ($action == 'quotepost')
{
$check_value = 0;
}
else
{
$check_value = (($post['enable_bbcode']+1) << 8) + (($post['enable_smilies']+1) << 4) + (($enable_urls+1) << 2) + (($post['enable_sig']+1) << 1);
}
}
}
else
@@ -247,8 +251,6 @@ function compose_pm($id, $mode, $action)
$icon_id = 0;
}
$message_parser = new parse_message();
$message_parser->message = ($action == 'reply') ? '' : $message_text;
@@ -547,7 +549,7 @@ function compose_pm($id, $mode, $action)
$extensions = $update_count = array();
$template->assign_var('S_HAS_ATTACHMENTS', true);
display_attachments(0, 'attachment', $message_parser->attachment_data, $update_count, true);
display_attachments(0, 'attachment', $message_parser->attachment_data, $update_count);
}
$preview_subject = censor_text($subject);

7
phpBB/includes/ucp/ucp_pm_viewmessage.php
View File

@@ -381,7 +381,12 @@ function get_user_informations($user_id, $user_row)
if (empty($user_row))
{
$user_row = get_userdata((int) $user_id);
$sql = 'SELECT *
FROM ' . USERS_TABLE . '
WHERE user_id = ' . (int) $user_id;
$result = $db->sql_query($sql);
$user_row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
}
// Grab ranks