mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-05-11 10:05:19 +02:00
Code Issues Releases Wiki Activity

Merge pull request #5525 from kasimi/ticket/15954

Browse Source 
[ticket/15954] Add safeguards to include() calls
This commit is contained in:
Marc Alexander 2019-02-11 08:01:17 +01:00
commit deebd282a7
9 changed files with 88 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
phpBB/includes/mcp/mcp_ban.php
View File

@ -34,7 +34,10 @@ class mcp_ban
} }
// Include the admin banning interface... // Include the admin banning interface...
include($phpbb_root_path . 'includes/acp/acp_ban.' . $phpEx); if (!class_exists('acp_ban'))
{
include($phpbb_root_path . 'includes/acp/acp_ban.' . $phpEx);
}
$bansubmit = $request->is_set_post('bansubmit'); $bansubmit = $request->is_set_post('bansubmit');
$unbansubmit = $request->is_set_post('unbansubmit'); $unbansubmit = $request->is_set_post('unbansubmit');

5
phpBB/includes/mcp/mcp_front.php
View File

@ -290,7 +290,10 @@ function mcp_front_view($id, $mode, $action)
if ($total) if ($total)
{ {
include($phpbb_root_path . 'includes/functions_privmsgs.' . $phpEx); if (!function_exists('get_recipient_strings'))
{
include($phpbb_root_path . 'includes/functions_privmsgs.' . $phpEx);
}
$sql_ary = array( $sql_ary = array(
'SELECT' => 'r.report_id, r.report_time, p.msg_id, p.message_subject, p.message_time, p.to_address, p.bcc_address, p.message_attachment, u.username, u.username_clean, u.user_colour, u.user_id, u2.username as author_name, u2.username_clean as author_name_clean, u2.user_colour as author_colour, u2.user_id as author_id', 'SELECT' => 'r.report_id, r.report_time, p.msg_id, p.message_subject, p.message_time, p.to_address, p.bcc_address, p.message_attachment, u.username, u.username_clean, u.user_colour, u.user_id, u2.username as author_name, u2.username_clean as author_name_clean, u2.user_colour as author_colour, u2.user_id as author_id',

20
phpBB/includes/mcp/mcp_main.php
View File

@ -174,7 +174,10 @@ class mcp_main
switch ($mode) switch ($mode)
{ {
case 'front': case 'front':
include($phpbb_root_path . 'includes/mcp/mcp_front.' . $phpEx); if (!function_exists('mcp_front_view'))
{
include($phpbb_root_path . 'includes/mcp/mcp_front.' . $phpEx);
}
$user->add_lang('acp/common'); $user->add_lang('acp/common');
@ -185,7 +188,10 @@ class mcp_main
break; break;
case 'forum_view': case 'forum_view':
include($phpbb_root_path . 'includes/mcp/mcp_forum.' . $phpEx); if (!function_exists('mcp_forum_view'))
{
include($phpbb_root_path . 'includes/mcp/mcp_forum.' . $phpEx);
}
$user->add_lang('viewforum'); $user->add_lang('viewforum');
@ -208,7 +214,10 @@ class mcp_main
break; break;
case 'topic_view': case 'topic_view':
include($phpbb_root_path . 'includes/mcp/mcp_topic.' . $phpEx); if (!function_exists('mcp_topic_view'))
{
include($phpbb_root_path . 'includes/mcp/mcp_topic.' . $phpEx);
}
mcp_topic_view($id, $mode, $action); mcp_topic_view($id, $mode, $action);
@ -217,7 +226,10 @@ class mcp_main
break; break;
case 'post_details': case 'post_details':
include($phpbb_root_path . 'includes/mcp/mcp_post.' . $phpEx); if (!function_exists('mcp_post_details'))
{
include($phpbb_root_path . 'includes/mcp/mcp_post.' . $phpEx);
}
mcp_post_details($id, $mode, $action); mcp_post_details($id, $mode, $action);

6
phpBB/includes/mcp/mcp_topic.php
View File

@ -93,7 +93,11 @@ function mcp_topic_view($id, $mode, $action)
// Restore or pprove posts? // Restore or pprove posts?
if (($action == 'restore' || $action == 'approve') && $auth->acl_get('m_approve', $topic_info['forum_id'])) if (($action == 'restore' || $action == 'approve') && $auth->acl_get('m_approve', $topic_info['forum_id']))
{ {
include($phpbb_root_path . 'includes/mcp/mcp_queue.' . $phpEx); if (!class_exists('mcp_queue'))
{
include($phpbb_root_path . 'includes/mcp/mcp_queue.' . $phpEx);
}
include_once($phpbb_root_path . 'includes/functions_posting.' . $phpEx); include_once($phpbb_root_path . 'includes/functions_posting.' . $phpEx);
include_once($phpbb_root_path . 'includes/functions_messenger.' . $phpEx); include_once($phpbb_root_path . 'includes/functions_messenger.' . $phpEx);

5
phpBB/includes/ucp/ucp_groups.php
View File

@ -399,7 +399,10 @@ class ucp_groups
$action = (isset($_POST['addusers'])) ? 'addusers' : $request->variable('action', ''); $action = (isset($_POST['addusers'])) ? 'addusers' : $request->variable('action', '');
$group_id = $request->variable('g', 0); $group_id = $request->variable('g', 0);
include($phpbb_root_path . 'includes/functions_display.' . $phpEx); if (!function_exists('phpbb_get_user_rank'))
{
include($phpbb_root_path . 'includes/functions_display.' . $phpEx);
}
add_form_key('ucp_groups'); add_form_key('ucp_groups');

10
phpBB/includes/ucp/ucp_main.php
View File

@ -245,7 +245,10 @@ class ucp_main
case 'subscribed': case 'subscribed':
include($phpbb_root_path . 'includes/functions_display.' . $phpEx); if (!function_exists('topic_status'))
{
include($phpbb_root_path . 'includes/functions_display.' . $phpEx);
}
$user->add_lang('viewforum'); $user->add_lang('viewforum');
@ -481,7 +484,10 @@ class ucp_main
break; break;
} }
include($phpbb_root_path . 'includes/functions_display.' . $phpEx); if (!function_exists('topic_status'))
{
include($phpbb_root_path . 'includes/functions_display.' . $phpEx);
}
$user->add_lang('viewforum'); $user->add_lang('viewforum');

31
phpBB/includes/ucp/ucp_pm.php
View File

@ -82,7 +82,10 @@ class ucp_pm
$mode = 'view'; $mode = 'view';
} }
include($phpbb_root_path . 'includes/functions_privmsgs.' . $phpEx); if (!function_exists('get_folder'))
{
include($phpbb_root_path . 'includes/functions_privmsgs.' . $phpEx);
}
switch ($mode) switch ($mode)
{ {
@ -104,7 +107,10 @@ class ucp_pm
break; break;
} }
include($phpbb_root_path . 'includes/ucp/ucp_pm_compose.' . $phpEx); if (!function_exists('compose_pm'))
{
include($phpbb_root_path . 'includes/ucp/ucp_pm_compose.' . $phpEx);
}
compose_pm($id, $mode, $action, $user_folders); compose_pm($id, $mode, $action, $user_folders);
$tpl_file = 'posting_body'; $tpl_file = 'posting_body';
@ -114,7 +120,10 @@ class ucp_pm
set_user_message_limit(); set_user_message_limit();
get_folder($user->data['user_id']); get_folder($user->data['user_id']);
include($phpbb_root_path . 'includes/ucp/ucp_pm_options.' . $phpEx); if (!function_exists('message_options'))
{
include($phpbb_root_path . 'includes/ucp/ucp_pm_options.' . $phpEx);
}
message_options($id, $mode, $global_privmsgs_rules, $global_rule_conditions); message_options($id, $mode, $global_privmsgs_rules, $global_rule_conditions);
$tpl_file = 'ucp_pm_options'; $tpl_file = 'ucp_pm_options';
@ -125,8 +134,10 @@ class ucp_pm
get_folder($user->data['user_id']); get_folder($user->data['user_id']);
$this->p_name = 'pm'; $this->p_name = 'pm';
// Call another module... please do not try this at home... Hoochie Coochie Man if (!class_exists('ucp_main'))
include($phpbb_root_path . 'includes/ucp/ucp_main.' . $phpEx); {
include($phpbb_root_path . 'includes/ucp/ucp_main.' . $phpEx);
}
$module = new ucp_main($this); $module = new ucp_main($this);
$module->u_action = $this->u_action; $module->u_action = $this->u_action;
@ -375,7 +386,10 @@ class ucp_pm
if ($action == 'view_folder') if ($action == 'view_folder')
{ {
include($phpbb_root_path . 'includes/ucp/ucp_pm_viewfolder.' . $phpEx); if (!function_exists('view_folder'))
{
include($phpbb_root_path . 'includes/ucp/ucp_pm_viewfolder.' . $phpEx);
}
view_folder($id, $mode, $folder_id, $folder); view_folder($id, $mode, $folder_id, $folder);
$tpl_file = 'ucp_pm_viewfolder'; $tpl_file = 'ucp_pm_viewfolder';
@ -393,7 +407,10 @@ class ucp_pm
trigger_error('NO_MESSAGE'); trigger_error('NO_MESSAGE');
} }
include($phpbb_root_path . 'includes/ucp/ucp_pm_viewmessage.' . $phpEx); if (!function_exists('view_message'))
{
include($phpbb_root_path . 'includes/ucp/ucp_pm_viewmessage.' . $phpEx);
}
view_message($id, $mode, $folder_id, $msg_id, $folder, $message_row); view_message($id, $mode, $folder_id, $msg_id, $folder, $message_row);
$tpl_file = ($view == 'print') ? 'ucp_pm_viewmessage_print' : 'ucp_pm_viewmessage'; $tpl_file = ($view == 'print') ? 'ucp_pm_viewmessage_print' : 'ucp_pm_viewmessage';

17
phpBB/includes/ucp/ucp_pm_compose.php
View File

@ -33,9 +33,20 @@ function compose_pm($id, $mode, $action, $user_folders = array())
// Needed for handle_message_list_actions() // Needed for handle_message_list_actions()
global $refresh, $submit, $preview; global $refresh, $submit, $preview;
include($phpbb_root_path . 'includes/functions_posting.' . $phpEx); if (!function_exists('generate_smilies'))
include($phpbb_root_path . 'includes/functions_display.' . $phpEx); {
include($phpbb_root_path . 'includes/message_parser.' . $phpEx); include($phpbb_root_path . 'includes/functions_posting.' . $phpEx);
}
if (!function_exists('display_custom_bbcodes'))
{
include($phpbb_root_path . 'includes/functions_display.' . $phpEx);
}
if (!class_exists('parse_message'))
{
include($phpbb_root_path . 'includes/message_parser.' . $phpEx);
}
if (!$action) if (!$action)
{ {

11
phpBB/includes/ucp/ucp_profile.php
View File

@ -469,8 +469,15 @@ class ucp_profile
trigger_error('NO_AUTH_SIGNATURE'); trigger_error('NO_AUTH_SIGNATURE');
} }
include($phpbb_root_path . 'includes/functions_posting.' . $phpEx); if (!function_exists('generate_smilies'))
include($phpbb_root_path . 'includes/functions_display.' . $phpEx); {
include($phpbb_root_path . 'includes/functions_posting.' . $phpEx);
}
if (!function_exists('display_custom_bbcodes'))
{
include($phpbb_root_path . 'includes/functions_display.' . $phpEx);
}
$preview = $request->is_set_post('preview'); $preview = $request->is_set_post('preview');