mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-05-11 01:55:24 +02:00
Code Issues Releases Wiki Activity

cleanage

Browse Source 
git-svn-id: file:///svn/phpbb/trunk@8822 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Meik Sievertsen 2008-09-04 14:10:17 +00:00
parent 3a330753f4
commit c83e6f7e94
3 changed files with 17 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
phpBB/includes/functions.php
View File

@ -2158,10 +2158,12 @@ function meta_refresh($time, $url)
function generate_link_hash($link_name) function generate_link_hash($link_name)
{ {
global $user; global $user;
if (!isset($user->data["hash_$link_name"])) if (!isset($user->data["hash_$link_name"]))
{ {
$user->data["hash_$link_name"] = substr(sha1($user->data['user_form_salt'] . $link_name), 0, 8); $user->data["hash_$link_name"] = substr(sha1($user->data['user_form_salt'] . $link_name), 0, 8);
} }
return $user->data["hash_$link_name"]; return $user->data["hash_$link_name"];
} }
@ -2184,16 +2186,18 @@ function check_link_hash($token, $link_name)
function add_form_key($form_name) function add_form_key($form_name)
{ {
global $config, $template, $user; global $config, $template, $user;
$now = time(); $now = time();
$token_sid = ($user->data['user_id'] == ANONYMOUS && !empty($config['form_token_sid_guests'])) ? $user->session_id : ''; $token_sid = ($user->data['user_id'] == ANONYMOUS && !empty($config['form_token_sid_guests'])) ? $user->session_id : '';
$token = sha1($now . $user->data['user_form_salt'] . $form_name . $token_sid); $token = sha1($now . $user->data['user_form_salt'] . $form_name . $token_sid);
$s_fields = build_hidden_fields(array( $s_fields = build_hidden_fields(array(
'creation_time' => $now, 'creation_time' => $now,
'form_token' => $token, 'form_token' => $token,
)); ));
$template->assign_vars(array( $template->assign_vars(array(
'S_FORM_TOKEN' => $s_fields, 'S_FORM_TOKEN' => $s_fields,
)); ));
} }
@ -2219,23 +2223,26 @@ function check_form_key($form_name, $timespan = false, $return_page = '', $trigg
$creation_time = abs(request_var('creation_time', 0)); $creation_time = abs(request_var('creation_time', 0));
$token = request_var('form_token', ''); $token = request_var('form_token', '');
$diff = (time() - $creation_time); $diff = time() - $creation_time;
if (($diff <= $timespan) || $timespan === -1) // If creation_time and the time() now is zero we can assume it was not a human doing this (the check for if ($diff)...
if ($diff && ($diff <= $timespan || $timespan === -1))
{ {
$token_sid = ($user->data['user_id'] == ANONYMOUS && !empty($config['form_token_sid_guests'])) ? $user->session_id : ''; $token_sid = ($user->data['user_id'] == ANONYMOUS && !empty($config['form_token_sid_guests'])) ? $user->session_id : '';
$key = sha1($creation_time . $user->data['user_form_salt'] . $form_name . $token_sid); $key = sha1($creation_time . $user->data['user_form_salt'] . $form_name . $token_sid);
if ($key === $token) if ($key === $token)
{ {
return true; return true;
} }
} }
} }
if ($trigger) if ($trigger)
{ {
trigger_error($user->lang['FORM_INVALID'] . $return_page); trigger_error($user->lang['FORM_INVALID'] . $return_page);
} }
return false; return false;
} }
@ -3100,7 +3107,7 @@ function msg_handler($errno, $msg_text, $errfile, $errline)
} }
// Another quick fix for those having gzip compression enabled, but do not flush if the coder wants to catch "something". ;) // Another quick fix for those having gzip compression enabled, but do not flush if the coder wants to catch "something". ;)
if ($config['gzip_compress']) if (!empty($config['gzip_compress']))
{ {
if (@extension_loaded('zlib') && !headers_sent() && !ob_get_level()) if (@extension_loaded('zlib') && !headers_sent() && !ob_get_level())
{ {
@ -3734,7 +3741,7 @@ function exit_handler()
} }
// As a pre-caution... some setups display a blank page if the flush() is not there. // As a pre-caution... some setups display a blank page if the flush() is not there.
(!$config['gzip_compress']) ? @flush() : @ob_flush(); (empty($config['gzip_compress'])) ? @flush() : @ob_flush();
exit; exit;
} }

2
phpBB/includes/functions_display.php
View File

@ -1013,7 +1013,7 @@ function watch_topic_forum($mode, &$s_watching, $user_id, $forum_id, $topic_id,
$uid = request_var('uid', 0); $uid = request_var('uid', 0);
if ($uid != $user_id) if ($uid != $user_id)
{ {
$redirect_url = append_sid("{$phpbb_root_path}view$mode.$phpEx", "$u_url=$match_id&amp;start=$start"); $redirect_url = append_sid("view$mode", "$u_url=$match_id&amp;start=$start");
$message = $user->lang['ERR_UNWATCHING'] . '<br /><br />' . sprintf($user->lang['RETURN_' . strtoupper($mode)], '<a href="' . $redirect_url . '">', '</a>'); $message = $user->lang['ERR_UNWATCHING'] . '<br /><br />' . sprintf($user->lang['RETURN_' . strtoupper($mode)], '<a href="' . $redirect_url . '">', '</a>');
trigger_error($message); trigger_error($message);
} }

2
phpBB/includes/ucp/ucp_groups.php
View File

@ -437,7 +437,7 @@ class ucp_groups
$group_name = $group_row['group_name']; $group_name = $group_row['group_name'];
$group_type = $group_row['group_type']; $group_type = $group_row['group_type'];
$avatar_img = (!empty($group_row['group_avatar'])) ? get_user_avatar($group_row['group_avatar'], $group_row['group_avatar_type'], $group_row['group_avatar_width'], $group_row['group_avatar_height'], 'GROUP_AVATAR') : '<img src="' . $phpbb_root_path . 'adm/images/no_avatar.gif" alt="" />'; $avatar_img = (!empty($group_row['group_avatar'])) ? get_user_avatar($group_row['group_avatar'], $group_row['group_avatar_type'], $group_row['group_avatar_width'], $group_row['group_avatar_height'], 'GROUP_AVATAR') : '<img src="' . PHPBB_ROOT_PATH . PHPBB_ADMIN_PATH . 'images/no_avatar.gif" alt="" />';
$template->assign_vars(array( $template->assign_vars(array(
'GROUP_NAME' => ($group_type == GROUP_SPECIAL) ? $user->lang['G_' . $group_name] : $group_name, 'GROUP_NAME' => ($group_type == GROUP_SPECIAL) ? $user->lang['G_' . $group_name] : $group_name,