mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-08-10 10:44:20 +02:00
Code Issues Releases Wiki Activity

Merge branch '3.2.x'

Browse Source
This commit is contained in:
Marc Alexander
2019-04-29 08:40:16 +02:00
parent f6f6d79398 055d7658db
commit c5a995ec8d
23 changed files with 237 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
phpBB/phpbb/avatar/driver/upload.php
View File

@@ -157,7 +157,8 @@ class upload extends \phpbb\avatar\driver\driver
// Do not allow specifying the port (see RFC 3986) or IP addresses
// remote_upload() will do its own check for allowed filetypes
if (preg_match('@^(http|https|ftp)://[^/:?#]+:[0-9]+[/:?#]@i', $url) ||
if (!preg_match('#^(http|https|ftp)://(?:(.*?\.)*?[a-z0-9\-]+?\.[a-z]{2,4}|(?:\d{1,3}\.){3,5}\d{1,3}):?([0-9]*?).*?\.('. implode('|', $this->allowed_extensions) . ')$#i', $url) ||
preg_match('@^(http|https|ftp)://[^/:?#]+:[0-9]+[/:?#]@i', $url) ||
preg_match('#^(http|https|ftp)://(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])#i', $url) ||
preg_match('#^(http|https|ftp)://(?:(?:(?:[\dA-F]{1,4}:){6}(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:::(?:[\dA-F]{1,4}:){0,5}(?:[\dA-F]{1,4}(?::[\dA-F]{1,4})?|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:):(?:[\dA-F]{1,4}:){4}(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,2}:(?:[\dA-F]{1,4}:){3}(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,3}:(?:[\dA-F]{1,4}:){2}(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,4}:(?:[\dA-F]{1,4}:)(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,5}:(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,6}:[\dA-F]{1,4})|(?:(?:[\dA-F]{1,4}:){1,7}:)|(?:::))#i', $url))
{

2
phpBB/phpbb/avatar/manager.php
View File

@@ -271,7 +271,7 @@ class manager
$config_name = $driver->get_config_name();
return array(
'allow_avatar_' . $config_name => array('lang' => 'ALLOW_' . strtoupper(str_replace('\\', '_', $config_name)), 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => false),
'allow_avatar_' . $config_name => array('lang' => 'ALLOW_' . strtoupper(str_replace('\\', '_', $config_name)), 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true),
);
}

34
phpBB/phpbb/db/migration/data/v32x/disable_remote_avatar.php Normal file
View File

@@ -0,0 +1,34 @@
<?php
/**
*
* This file is part of the phpBB Forum Software package.
*
* @copyright (c) phpBB Limited <https://www.phpbb.com>
* @license GNU General Public License, version 2 (GPL-2.0)
*
* For full copyright and license information, please see
* the docs/CREDITS.txt file.
*
*/
namespace phpbb\db\migration\data\v32x;
use phpbb\db\migration\migration;
class disable_remote_avatar extends migration
{
static public function depends_on()
{
return array(
'\phpbb\db\migration\data\v32x\v325',
);
}
public function update_data()
{
return array(
array('config.update', array('allow_avatar_remote', '0')),
array('config.update', array('allow_avatar_remote_upload', '0')),
);
}
}

42
phpBB/phpbb/db/migration/data/v32x/smtp_dynamic_data.php Normal file
View File

@@ -0,0 +1,42 @@
<?php
/**
*
* This file is part of the phpBB Forum Software package.
*
* @copyright (c) phpBB Limited <https://www.phpbb.com>
* @license GNU General Public License, version 2 (GPL-2.0)
*
* For full copyright and license information, please see
* the docs/CREDITS.txt file.
*
*/
namespace phpbb\db\migration\data\v32x;
class smtp_dynamic_data extends \phpbb\db\migration\migration
{
static public function depends_on()
{
return array(
'\phpbb\db\migration\data\v32x\v326rc1',
);
}
public function update_data()
{
return array(
array('custom', array(array($this, 'set_smtp_dynamic'))),
);
}
public function set_smtp_dynamic()
{
$smtp_auth_entries = [
'smtp_password',
'smtp_username',
];
$this->sql_query('UPDATE ' . CONFIG_TABLE . '
SET is_dynamic = 1
WHERE ' . $this->db->sql_in_set('config_name', $smtp_auth_entries));
}
}

39
phpBB/phpbb/db/migration/data/v32x/v326.php Normal file
View File

@@ -0,0 +1,39 @@
<?php
/**
*
* This file is part of the phpBB Forum Software package.
*
* @copyright (c) phpBB Limited <https://www.phpbb.com>
* @license GNU General Public License, version 2 (GPL-2.0)
*
* For full copyright and license information, please see
* the docs/CREDITS.txt file.
*
*/
namespace phpbb\db\migration\data\v32x;
class v326 extends \phpbb\db\migration\migration
{
public function effectively_installed()
{
return phpbb_version_compare($this->config['version'], '3.2.6', '>=');
}
static public function depends_on()
{
return array(
'\phpbb\db\migration\data\v32x\v326rc1',
'\phpbb\db\migration\data\v32x\disable_remote_avatar',
'\phpbb\db\migration\data\v32x\smtp_dynamic_data',
);
}
public function update_data()
{
return array(
array('config.update', array('version', '3.2.6')),
);
}
}

2
phpBB/phpbb/install/helper/config.php
View File

@@ -330,6 +330,8 @@ class config
fwrite($fp, $file_content);
fclose($fp);
// Enforce 0600 permission for install config
$this->filesystem->chmod([$this->install_config_file], 0600);
}
/**

38
phpBB/phpbb/search/fulltext_native.php
View File

@@ -190,7 +190,7 @@ class fulltext_native extends \phpbb\search\base
*/
public function split_keywords($keywords, $terms)
{
$tokens = '+-|()*';
$tokens = '+-|()* ';
$keywords = trim($this->cleanup($keywords, $tokens));
@@ -224,12 +224,10 @@ class fulltext_native extends \phpbb\search\base
$keywords[$i] = '|';
break;
case '*':
if ($i === 0 || ($keywords[$i - 1] !== '*' && strcspn($keywords[$i - 1], $tokens) === 0))
// $i can never be 0 here since $open_bracket is initialised to false
if (strpos($tokens, $keywords[$i - 1]) !== false && ($i + 1 === $n || strpos($tokens, $keywords[$i + 1]) !== false))
{
if ($i === $n - 1 || ($keywords[$i + 1] !== '*' && strcspn($keywords[$i + 1], $tokens) === 0))
{
$keywords = substr($keywords, 0, $i) . substr($keywords, $i + 1);
}
$keywords[$i] = '|';
}
break;
}
@@ -264,7 +262,7 @@ class fulltext_native extends \phpbb\search\base
}
}
if ($open_bracket)
if ($open_bracket !== false)
{
$keywords .= ')';
}
@@ -307,6 +305,20 @@ class fulltext_native extends \phpbb\search\base
}
}
// Remove non trailing wildcards from each word to prevent a full table scan (it's now using the database index)
$match = '#\*(?!$|\s)#';
$replace = '$1';
$keywords = preg_replace($match, $replace, $keywords);
// Only allow one wildcard in the search query to limit the database load
$match = '#\*#';
$replace = '$1';
$count_wildcards = substr_count($keywords, '*');
// Reverse the string to remove all wildcards except the first one
$keywords = strrev(preg_replace($match, $replace, strrev($keywords), $count_wildcards - 1));
unset($count_wildcards);
// set the search_query which is shown to the user
$this->search_query = $keywords;
@@ -409,8 +421,16 @@ class fulltext_native extends \phpbb\search\base
{
if (strpos($word_part, '*') !== false)
{
$id_words[] = '\'' . $this->db->sql_escape(str_replace('*', '%', $word_part)) . '\'';
$non_common_words[] = $word_part;
$len = utf8_strlen(str_replace('*', '', $word_part));
if ($len >= $this->word_length['min'] && $len <= $this->word_length['max'])
{
$id_words[] = '\'' . $this->db->sql_escape(str_replace('*', '%', $word_part)) . '\'';
$non_common_words[] = $word_part;
}
else
{
$this->common_words[] = $word_part;
}
}
else if (isset($words[$word_part]))
{