mirror of
https://github.com/phpbb/phpbb.git
synced 2025-05-05 15:16:16 +02:00
Correctly check empty subjects/messages (Bug #17915)
Do not check usernames against word censor list. Disallowed usernames is already checked and word censor belong to posts. (Bug #17745) Additionally include non-postable forums for moderators forums shown within the teams list. (Bug #17265) git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@8306 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Meik Sievertsen
parent
1074925720
commit
a7984e660d
@ -20,11 +20,11 @@ if (!defined('IN_PHPBB'))
|
||||
*
|
||||
* Jabber class from Flyspray project
|
||||
*
|
||||
* @version class.jabber2.php 1306 2007-06-21
|
||||
* @version class.jabber2.php 1488 2007-11-25
|
||||
* @copyright 2006 Flyspray.org
|
||||
* @author Florian Schmitz (floele)
|
||||
*
|
||||
* Modified by Acyd Burn
|
||||
* Only slightly modified by Acyd Burn
|
||||
*
|
||||
* @package phpBB3
|
||||
*/
|
||||
@ -286,7 +286,7 @@ class jabber
|
||||
$read = trim(fread($this->connection, 4096));
|
||||
$data .= $read;
|
||||
}
|
||||
while (time() <= $start + $timeout && ($wait || $data == '' || $read != '' || (substr(rtrim($data), -1) != '>')));
|
||||
while (time() <= $start + $timeout && !feof($this->connection) && ($wait || $data == '' || $read != '' || (substr(rtrim($data), -1) != '>')));
|
||||
|
||||
if ($data != '')
|
||||
{
|
||||
@ -385,7 +385,6 @@ class jabber
|
||||
{
|
||||
case 'stream:stream':
|
||||
// Connection initialised (or after authentication). Not much to do here...
|
||||
$this->session['id'] = $xml['stream:stream'][0]['@']['id'];
|
||||
|
||||
if (isset($xml['stream:stream'][0]['#']['stream:features']))
|
||||
{
|
||||
@ -397,6 +396,16 @@ class jabber
|
||||
$this->features = $this->listen();
|
||||
}
|
||||
|
||||
$second_time = isset($this->session['id']);
|
||||
$this->session['id'] = $xml['stream:stream'][0]['@']['id'];
|
||||
|
||||
if ($second_time)
|
||||
{
|
||||
// If we are here for the second time after TLS, we need to continue logging in
|
||||
$this->login();
|
||||
return;
|
||||
}
|
||||
|
||||
// go on with authentication?
|
||||
if (isset($this->features['stream:features'][0]['#']['bind']) || !empty($this->session['tls']))
|
||||
{
|
||||
@ -519,9 +528,10 @@ class jabber
|
||||
'response' => $this->encrypt_password(array_merge($decoded, array('nc' => '00000001'))),
|
||||
'charset' => 'utf-8',
|
||||
'nc' => '00000001',
|
||||
'qop' => 'auth', // only auth being supported
|
||||
);
|
||||
|
||||
foreach (array('nonce', 'qop', 'digest-uri', 'realm', 'cnonce') as $key)
|
||||
foreach (array('nonce', 'digest-uri', 'realm', 'cnonce') as $key)
|
||||
{
|
||||
if (isset($decoded[$key]))
|
||||
{
|
||||
|
||||
@ -137,6 +137,9 @@ function user_update_name($old_name, $new_name)
|
||||
{
|
||||
set_config('newest_username', $new_name, true);
|
||||
}
|
||||
|
||||
// Because some tables/caches use username-specific data we need to purge this here.
|
||||
$cache->destroy('sql', MODERATOR_CACHE_TABLE);
|
||||
}
|
||||
|
||||
/**
|
||||
@ -1472,20 +1475,6 @@ function validate_username($username, $allowed_username = false)
|
||||
}
|
||||
}
|
||||
|
||||
$sql = 'SELECT word
|
||||
FROM ' . WORDS_TABLE;
|
||||
$result = $db->sql_query($sql);
|
||||
|
||||
while ($row = $db->sql_fetchrow($result))
|
||||
{
|
||||
if (preg_match('#(' . str_replace('\*', '.*?', preg_quote($row['word'], '#')) . ')#i', $username))
|
||||
{
|
||||
$db->sql_freeresult($result);
|
||||
return 'USERNAME_DISALLOWED';
|
||||
}
|
||||
}
|
||||
$db->sql_freeresult($result);
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
|
||||
@ -913,9 +913,14 @@ class bbcode_firstpass extends bbcode
|
||||
|
||||
$url = ($var1) ? $var1 : $var2;
|
||||
|
||||
if (!$url || ($var1 && !$var2))
|
||||
if ($var1 && !$var2)
|
||||
{
|
||||
return '';
|
||||
$var2 = $var1;
|
||||
}
|
||||
|
||||
if (!$url)
|
||||
{
|
||||
return '[url' . (($var1) ? '=' . $var1 : '') . ']' . $var2 . '[/url]';
|
||||
}
|
||||
|
||||
$valid = false;
|
||||
@ -1088,7 +1093,7 @@ class parse_message extends bbcode_firstpass
|
||||
}
|
||||
|
||||
// Check for "empty" message
|
||||
if ($mode !== 'sig' && !utf8_clean_string($this->message))
|
||||
if ($mode !== 'sig' && utf8_clean_string($this->message) === '')
|
||||
{
|
||||
$this->warn_msg[] = $user->lang['TOO_FEW_CHARS'];
|
||||
return $this->warn_msg;
|
||||
|
||||
@ -494,12 +494,12 @@ function compose_pm($id, $mode, $action)
|
||||
}
|
||||
else
|
||||
{
|
||||
if (!$subject || !utf8_clean_string($subject))
|
||||
if (utf8_clean_string($subject) === '')
|
||||
{
|
||||
$error[] = $user->lang['EMPTY_MESSAGE_SUBJECT'];
|
||||
}
|
||||
|
||||
if (!$message)
|
||||
if (utf8_clean_string($message) === '')
|
||||
{
|
||||
$error[] = $user->lang['TOO_FEW_CHARS'];
|
||||
}
|
||||
@ -600,7 +600,7 @@ function compose_pm($id, $mode, $action)
|
||||
// Subject defined
|
||||
if ($submit)
|
||||
{
|
||||
if (!$subject || !utf8_clean_string($subject))
|
||||
if (utf8_clean_string($subject) === '')
|
||||
{
|
||||
$error[] = $user->lang['EMPTY_MESSAGE_SUBJECT'];
|
||||
}
|
||||
|
||||
@ -460,7 +460,7 @@ $lang = array_merge($lang, array(
|
||||
'NO_VISIBLE_CHANGES' => 'No visible changes',
|
||||
'NOTICE' => 'Notice',
|
||||
'NUM_CONFLICTS' => 'Number of conflicts',
|
||||
'NUMBER_OF_FILES_COLLECTED' => 'Currently having differences about %1$d from %2$d files collected.<br />Please wait until file collection finished.',
|
||||
'NUMBER_OF_FILES_COLLECTED' => 'Currently differences of %1$d of %2$d files have been checked.<br />Please wait until all files are checked.',
|
||||
|
||||
'OLD_UPDATE_FILES' => 'Update files are out of date. The update files found are for updating from phpBB %1$s to phpBB %2$s but the latest version of phpBB is %3$s.',
|
||||
|
||||
|
||||
@ -141,10 +141,9 @@ switch ($mode)
|
||||
unset($admin_memberships);
|
||||
|
||||
$sql = 'SELECT forum_id, forum_name
|
||||
FROM ' . FORUMS_TABLE . '
|
||||
WHERE forum_type = ' . FORUM_POST;
|
||||
FROM ' . FORUMS_TABLE;
|
||||
$result = $db->sql_query($sql);
|
||||
|
||||
|
||||
$forums = array();
|
||||
while ($row = $db->sql_fetchrow($result))
|
||||
{
|
||||
|
||||
@ -520,12 +520,12 @@ if ($save && $user->data['is_registered'] && $auth->acl_get('u_savedrafts') && (
|
||||
}
|
||||
else
|
||||
{
|
||||
if (!$subject || !utf8_clean_string($subject))
|
||||
if (utf8_clean_string($subject) === '')
|
||||
{
|
||||
$error[] = $user->lang['EMPTY_SUBJECT'];
|
||||
}
|
||||
|
||||
if (!$message)
|
||||
if (utf8_clean_string($message) === '')
|
||||
{
|
||||
$error[] = $user->lang['TOO_FEW_CHARS'];
|
||||
}
|
||||
@ -769,7 +769,7 @@ if ($submit || $preview || $refresh)
|
||||
}
|
||||
|
||||
// Parse subject
|
||||
if (!$preview && !$refresh && !utf8_clean_string($post_data['post_subject']) && ($mode == 'post' || ($mode == 'edit' && $post_data['topic_first_post_id'] == $post_id)))
|
||||
if (!$preview && !$refresh && utf8_clean_string($post_data['post_subject']) === '' && ($mode == 'post' || ($mode == 'edit' && $post_data['topic_first_post_id'] == $post_id)))
|
||||
{
|
||||
$error[] = $user->lang['EMPTY_SUBJECT'];
|
||||
}
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user