1
0
mirror of https://github.com/phpbb/phpbb.git synced 2025-08-01 14:30:32 +02:00

Merge branch 'develop' of https://github.com/phpbb/phpbb3 into ticket/10714

* 'develop' of https://github.com/phpbb/phpbb3: (158 commits)
  [ticket/11015] Move comment in the right place.
  [ticket/11015] Correctly transform 'mysqli' etc. in phpbb_convert_30_dbms_to_31
  [ticket/11015] Fix 3.0 to 3.1 dbms conversion for mysqli.
  [ticket/11015] Change permission adding in database updater to new style.
  [ticket/11015] Change more docblocks to phpbb_db_driver.
  [ticket/11015] Installer still needs 3.0-style dbms name.
  [ticket/11262] Add .lock in cache directory to .gitignore
  [ticket/11015] Include functions.php because it is not always included.
  [ticket/11265] Add assertions for board installation success.
  [ticket/11263] Fix PHP Notice: Undefined variable: extension_manager
  [ticket/11015] Convert database drivers to new spelling in post setup sync.
  [ticket/11015] Convert connect test to the new syntax.
  [ticket/11015] Restore whitespace to avoid conflict when merging develop.
  [ticket/10975] Add a test for viewing a profile.
  [ticket/10975] Test restricting by first character.
  [ticket/10975] Avoid rewriting global config twice.
  [ticket/10975] Test memberlist, not user creation.
  [ticket/10975] Some quick tests to check the memberlist behaviour
  [ticket/11162] Reformat.
  [ticket/10491] Make recreate_database static.
  ...
This commit is contained in:
Joas Schilling
2012-12-14 18:45:04 +01:00
105 changed files with 2030 additions and 405 deletions

View File

@@ -4870,13 +4870,108 @@ function phpbb_http_login($param)
trigger_error('NOT_AUTHORISED');
}
/**
* Escapes and quotes a string for use as an HTML/XML attribute value.
*
* This is a port of Python xml.sax.saxutils quoteattr.
*
* The function will attempt to choose a quote character in such a way as to
* avoid escaping quotes in the string. If this is not possible the string will
* be wrapped in double quotes and double quotes will be escaped.
*
* @param string $data The string to be escaped
* @param array $entities Associative array of additional entities to be escaped
* @return string Escaped and quoted string
*/
function phpbb_quoteattr($data, $entities = null)
{
$data = str_replace('&', '&', $data);
$data = str_replace('>', '>', $data);
$data = str_replace('<', '&lt;', $data);
$data = str_replace("\n", '&#10;', $data);
$data = str_replace("\r", '&#13;', $data);
$data = str_replace("\t", '&#9;', $data);
if (!empty($entities))
{
$data = str_replace(array_keys($entities), array_values($entities), $data);
}
if (strpos($data, '"') !== false)
{
if (strpos($data, "'") !== false)
{
$data = '"' . str_replace('"', '&quot;', $data) . '"';
}
else
{
$data = "'" . $data . "'";
}
}
else
{
$data = '"' . $data . '"';
}
return $data;
}
/**
* Converts query string (GET) parameters in request into hidden fields.
*
* Useful for forwarding GET parameters when submitting forms with GET method.
*
* It is possible to omit some of the GET parameters, which is useful if
* they are specified in the form being submitted.
*
* sid is always omitted.
*
* @param phpbb_request $request Request object
* @param array $exclude A list of variable names that should not be forwarded
* @return string HTML with hidden fields
*/
function phpbb_build_hidden_fields_for_query_params($request, $exclude = null)
{
$names = $request->variable_names(phpbb_request_interface::GET);
$hidden = '';
foreach ($names as $name)
{
// Sessions are dealt with elsewhere, omit sid always
if ($name == 'sid')
{
continue;
}
// Omit any additional parameters requested
if (!empty($exclude) && in_array($name, $exclude))
{
continue;
}
$escaped_name = phpbb_quoteattr($name);
// Note: we might retrieve the variable from POST or cookies
// here. To avoid exposing cookies, skip variables that are
// overwritten somewhere other than GET entirely.
$value = $request->variable($name, '', true);
$get_value = $request->variable($name, '', true, phpbb_request_interface::GET);
if ($value === $get_value)
{
$escaped_value = phpbb_quoteattr($value);
$hidden .= "<input type='hidden' name=$escaped_name value=$escaped_value />";
}
}
return $hidden;
}
/**
* Generate page header
*/
function page_header($page_title = '', $display_online_list = true, $item_id = 0, $item = 'forum')
{
global $db, $config, $template, $SID, $_SID, $_EXTRA_URL, $user, $auth, $phpEx, $phpbb_root_path;
global $phpbb_dispatcher;
global $phpbb_dispatcher, $request;
if (defined('HEADER_INC'))
{
@@ -5065,6 +5160,8 @@ function page_header($page_title = '', $display_online_list = true, $item_id = 0
$timezone_name = $user->lang['timezones'][$timezone_name];
}
$hidden_fields_for_jumpbox = phpbb_build_hidden_fields_for_query_params($request, array('f'));
// The following assigns all _common_ variables that may be used at any point in a template.
$template->assign_vars(array(
'SITENAME' => $config['sitename'],
@@ -5079,6 +5176,7 @@ function page_header($page_title = '', $display_online_list = true, $item_id = 0
'RECORD_USERS' => $l_online_record,
'PRIVATE_MESSAGE_INFO' => $l_privmsgs_text,
'PRIVATE_MESSAGE_INFO_UNREAD' => $l_privmsgs_text_unread,
'HIDDEN_FIELDS_FOR_JUMPBOX' => $hidden_fields_for_jumpbox,
'S_USER_NEW_PRIVMSG' => $user->data['user_new_privmsg'],
'S_USER_UNREAD_PRIVMSG' => $user->data['user_unread_privmsg'],
@@ -5428,6 +5526,52 @@ function phpbb_to_numeric($input)
return ($input > PHP_INT_MAX) ? (float) $input : (int) $input;
}
/**
* Convert either 3.0 dbms or 3.1 db driver class name to 3.1 db driver class name.
*
* If $dbms is a valid 3.1 db driver class name, returns it unchanged.
* Otherwise prepends phpbb_db_driver_ to the dbms to convert a 3.0 dbms
* to 3.1 db driver class name.
*
* @param string $dbms dbms parameter
* @return db driver class
*/
function phpbb_convert_30_dbms_to_31($dbms)
{
// Note: this check is done first because mysqli extension
// supplies a mysqli class, and class_exists($dbms) would return
// true for mysqli class.
// However, per the docblock any valid 3.1 driver name should be
// recognized by this function, and have priority over 3.0 dbms.
if (class_exists('phpbb_db_driver_' . $dbms))
{
return 'phpbb_db_driver_' . $dbms;
}
if (class_exists($dbms))
{
// Additionally we could check that $dbms extends phpbb_db_driver.
// http://php.net/manual/en/class.reflectionclass.php
// Beware of possible performance issues:
// http://stackoverflow.com/questions/294582/php-5-reflection-api-performance
// We could check for interface implementation in all paths or
// only when we do not prepend phpbb_db_driver_.
/*
$reflection = new \ReflectionClass($dbms);
if ($reflection->isSubclassOf('phpbb_db_driver'))
{
return $dbms;
}
*/
return $dbms;
}
throw new \RuntimeException("You have specified an invalid dbms driver: $dbms");
}
/**
* Create a Symfony Request object from phpbb_request object
*