mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-08-06 08:47:45 +02:00
Code Issues Releases Wiki Activity

Merge branch 'develop' of https://github.com/phpbb/phpbb3 into feature/softdelete-1-permission-rebase

Browse Source 
* 'develop' of https://github.com/phpbb/phpbb3: (544 commits)
  [feature/events] Fix improperly named event in documentation
  [feature/events] Fix alphabetization of events
  [feature/events] Put events in alphabetical order
  [feature/events] Make EVENTS.md lowercase
  [ticket/11285] Use more granularity in dependency checks in compress test
  [ticket/10880] The m_approve permisson no longer implies f_noapprove.
  [ticket/10803] Show failure message until user dismisses it
  [ticket/10954] Add missing semi-colon
  [ticket/10954] Make sure to mark subforums unread and add small fixes
  [feature/events] Use ` to escape HTML tags in markdown
  [feature/events] Remove HTML tags from markdown so they don't get parsed
  [ticket/10954] Miscellaneous coding fixes
  [feature/events] Remove extraneous space
  [feature/events] Add markdown template event documentation file
  [feature/events] forumlist_body_last_post_title_after -> _prepend (subsilver2)
  [feature/events] Fix overall_footer_end -> overall_footer_after (subsilver2)
  [feature/events] Fix typo in event name
  [ticket/10763] Use self when calling get_extension() in filespec class
  [feature/events] Fix more subsilver2 events
  [feature/events] Fix some subsilver2 events
  ...

Conflicts:
	phpBB/install/database_update.php
	phpBB/posting.php
This commit is contained in:
Joas Schilling
2012-12-20 22:51:38 +01:00
parent 70a409d4b5 d118295676
commit e34b8ed094
297 changed files with 7665 additions and 1970 deletions
Download Patch File Download Diff File Expand all files Collapse all files

272
phpBB/includes/functions.php
View File

@@ -7,6 +7,8 @@
*
*/
use Symfony\Component\HttpFoundation\Request;
/**
* @ignore
*/
@@ -229,7 +231,8 @@ function phpbb_gmgetdate($time = false)
/**
* Return formatted string for filesizes
*
* @param int $value filesize in bytes
* @param mixed $value filesize in bytes
* (non-negative number; int, float or string)
* @param bool $string_only true if language string should be returned
* @param array $allowed_units only allow these units (data array indexes)
*
@@ -241,6 +244,12 @@ function get_formatted_filesize($value, $string_only = true, $allowed_units = fa
global $user;
$available_units = array(
'tb' => array(
'min' => 1099511627776, // pow(2, 40)
'index' => 4,
'si_unit' => 'TB',
'iec_unit' => 'TIB',
),
'gb' => array(
'min' => 1073741824, // pow(2, 30)
'index' => 3,
@@ -2848,12 +2857,10 @@ function meta_refresh($time, $url, $disable_cd_check = false)
*
* @param int $code HTTP status code
* @param string $message Message for the status code
* @return void
* @return null
*/
function send_status_line($code, $message)
{
global $request;
if (substr(strtolower(@php_sapi_name()), 0, 3) === 'cgi')
{
// in theory, we shouldn't need that due to php doing it. Reality offers a differing opinion, though
@@ -2861,18 +2868,35 @@ function send_status_line($code, $message)
}
else
{
if ($request->server('SERVER_PROTOCOL'))
{
$version = $request->server('SERVER_PROTOCOL');
}
else
{
$version = 'HTTP/1.0';
}
$version = phpbb_request_http_version();
header("$version $code $message", true, $code);
}
}
/**
* Returns the HTTP version used in the current request.
*
* Handles the case of being called before $request is present,
* in which case it falls back to the $_SERVER superglobal.
*
* @return string HTTP version
*/
function phpbb_request_http_version()
{
global $request;
if ($request && $request->server('SERVER_PROTOCOL'))
{
return $request->server('SERVER_PROTOCOL');
}
else if (isset($_SERVER['SERVER_PROTOCOL']))
{
return $_SERVER['SERVER_PROTOCOL'];
}
return 'HTTP/1.0';
}
//Form validation
@@ -4192,12 +4216,12 @@ function msg_handler($errno, $msg_text, $errfile, $errline)
$log_text .= '<br /><br />BACKTRACE<br />' . $backtrace;
}
if (defined('IN_INSTALL') || defined('DEBUG_EXTRA') || isset($auth) && $auth->acl_get('a_'))
if (defined('IN_INSTALL') || defined('DEBUG') || isset($auth) && $auth->acl_get('a_'))
{
$msg_text = $log_text;
}
if ((defined('DEBUG') || defined('IN_CRON') || defined('IMAGE_OUTPUT')) && isset($db))
if ((defined('IN_CRON') || defined('IMAGE_OUTPUT')) && isset($db))
{
// let's avoid loops
$db->sql_return_on_error(true);
@@ -4772,7 +4796,7 @@ function phpbb_get_plural_form($rule, $number)
*
* @param array $param Parameter array, see $param_defaults array.
*
* @return void
* @return null
*/
function phpbb_http_login($param)
{
@@ -4870,13 +4894,108 @@ function phpbb_http_login($param)
trigger_error('NOT_AUTHORISED');
}
/**
* Escapes and quotes a string for use as an HTML/XML attribute value.
*
* This is a port of Python xml.sax.saxutils quoteattr.
*
* The function will attempt to choose a quote character in such a way as to
* avoid escaping quotes in the string. If this is not possible the string will
* be wrapped in double quotes and double quotes will be escaped.
*
* @param string $data The string to be escaped
* @param array $entities Associative array of additional entities to be escaped
* @return string Escaped and quoted string
*/
function phpbb_quoteattr($data, $entities = null)
{
$data = str_replace('&', '&amp;', $data);
$data = str_replace('>', '&gt;', $data);
$data = str_replace('<', '&lt;', $data);
$data = str_replace("\n", '&#10;', $data);
$data = str_replace("\r", '&#13;', $data);
$data = str_replace("\t", '&#9;', $data);
if (!empty($entities))
{
$data = str_replace(array_keys($entities), array_values($entities), $data);
}
if (strpos($data, '"') !== false)
{
if (strpos($data, "'") !== false)
{
$data = '"' . str_replace('"', '&quot;', $data) . '"';
}
else
{
$data = "'" . $data . "'";
}
}
else
{
$data = '"' . $data . '"';
}
return $data;
}
/**
* Converts query string (GET) parameters in request into hidden fields.
*
* Useful for forwarding GET parameters when submitting forms with GET method.
*
* It is possible to omit some of the GET parameters, which is useful if
* they are specified in the form being submitted.
*
* sid is always omitted.
*
* @param phpbb_request $request Request object
* @param array $exclude A list of variable names that should not be forwarded
* @return string HTML with hidden fields
*/
function phpbb_build_hidden_fields_for_query_params($request, $exclude = null)
{
$names = $request->variable_names(phpbb_request_interface::GET);
$hidden = '';
foreach ($names as $name)
{
// Sessions are dealt with elsewhere, omit sid always
if ($name == 'sid')
{
continue;
}
// Omit any additional parameters requested
if (!empty($exclude) && in_array($name, $exclude))
{
continue;
}
$escaped_name = phpbb_quoteattr($name);
// Note: we might retrieve the variable from POST or cookies
// here. To avoid exposing cookies, skip variables that are
// overwritten somewhere other than GET entirely.
$value = $request->variable($name, '', true);
$get_value = $request->variable($name, '', true, phpbb_request_interface::GET);
if ($value === $get_value)
{
$escaped_value = phpbb_quoteattr($value);
$hidden .= "<input type='hidden' name=$escaped_name value=$escaped_value />";
}
}
return $hidden;
}
/**
* Generate page header
*/
function page_header($page_title = '', $display_online_list = true, $item_id = 0, $item = 'forum')
{
global $db, $config, $template, $SID, $_SID, $_EXTRA_URL, $user, $auth, $phpEx, $phpbb_root_path;
global $phpbb_dispatcher;
global $phpbb_dispatcher, $request;
if (defined('HEADER_INC'))
{
@@ -5065,6 +5184,8 @@ function page_header($page_title = '', $display_online_list = true, $item_id = 0
$timezone_name = $user->lang['timezones'][$timezone_name];
}
$hidden_fields_for_jumpbox = phpbb_build_hidden_fields_for_query_params($request, array('f'));
// The following assigns all _common_ variables that may be used at any point in a template.
$template->assign_vars(array(
'SITENAME' => $config['sitename'],
@@ -5079,6 +5200,7 @@ function page_header($page_title = '', $display_online_list = true, $item_id = 0
'RECORD_USERS' => $l_online_record,
'PRIVATE_MESSAGE_INFO' => $l_privmsgs_text,
'PRIVATE_MESSAGE_INFO_UNREAD' => $l_privmsgs_text_unread,
'HIDDEN_FIELDS_FOR_JUMPBOX' => $hidden_fields_for_jumpbox,
'S_USER_NEW_PRIVMSG' => $user->data['user_new_privmsg'],
'S_USER_UNREAD_PRIVMSG' => $user->data['user_unread_privmsg'],
@@ -5210,8 +5332,12 @@ function page_header($page_title = '', $display_online_list = true, $item_id = 0
/**
* Generate page footer
*
* @param bool $run_cron Whether or not to run the cron
* @param bool $display_template Whether or not to display the template
* @param bool $exit_handler Whether or not to run the exit_handler()
*/
function page_footer($run_cron = true)
function page_footer($run_cron = true, $display_template = true, $exit_handler = true)
{
global $db, $config, $template, $user, $auth, $cache, $starttime, $phpbb_root_path, $phpEx;
global $request, $phpbb_dispatcher;
@@ -5242,14 +5368,14 @@ function page_footer($run_cron = true)
$mtime = explode(' ', microtime());
$totaltime = $mtime[0] + $mtime[1] - $starttime;
if ($request->variable('explain', false) && $auth->acl_get('a_') && defined('DEBUG_EXTRA') && method_exists($db, 'sql_report'))
if ($request->variable('explain', false) && $auth->acl_get('a_') && defined('DEBUG') && method_exists($db, 'sql_report'))
{
$db->sql_report('display');
}
$debug_output = sprintf('Time : %.3fs | ' . $db->sql_num_queries() . ' Queries | GZIP : ' . (($config['gzip_compress'] && @extension_loaded('zlib')) ? 'On' : 'Off') . (($user->load) ? ' | Load : ' . $user->load : ''), $totaltime);
if ($auth->acl_get('a_') && defined('DEBUG_EXTRA'))
if ($auth->acl_get('a_') && defined('DEBUG'))
{
if (function_exists('memory_get_peak_usage'))
{
@@ -5306,10 +5432,17 @@ function page_footer($run_cron = true)
}
}
$template->display('body');
if ($display_template)
{
$template->display('body');
}
garbage_collection();
exit_handler();
if ($exit_handler)
{
exit_handler();
}
}
/**
@@ -5327,7 +5460,10 @@ function garbage_collection()
* @event core.garbage_collection
* @since 3.1-A1
*/
$phpbb_dispatcher->dispatch('core.garbage_collection');
if (!empty($phpbb_dispatcher))
{
$phpbb_dispatcher->dispatch('core.garbage_collection');
}
// Unload cache, must be done before the DB connection if closed
if (!empty($cache))
@@ -5413,3 +5549,95 @@ function phpbb_to_numeric($input)
{
return ($input > PHP_INT_MAX) ? (float) $input : (int) $input;
}
/**
* Convert either 3.0 dbms or 3.1 db driver class name to 3.1 db driver class name.
*
* If $dbms is a valid 3.1 db driver class name, returns it unchanged.
* Otherwise prepends phpbb_db_driver_ to the dbms to convert a 3.0 dbms
* to 3.1 db driver class name.
*
* @param string $dbms dbms parameter
* @return db driver class
*/
function phpbb_convert_30_dbms_to_31($dbms)
{
// Note: this check is done first because mysqli extension
// supplies a mysqli class, and class_exists($dbms) would return
// true for mysqli class.
// However, per the docblock any valid 3.1 driver name should be
// recognized by this function, and have priority over 3.0 dbms.
if (class_exists('phpbb_db_driver_' . $dbms))
{
return 'phpbb_db_driver_' . $dbms;
}
if (class_exists($dbms))
{
// Additionally we could check that $dbms extends phpbb_db_driver.
// http://php.net/manual/en/class.reflectionclass.php
// Beware of possible performance issues:
// http://stackoverflow.com/questions/294582/php-5-reflection-api-performance
// We could check for interface implementation in all paths or
// only when we do not prepend phpbb_db_driver_.
/*
$reflection = new \ReflectionClass($dbms);
if ($reflection->isSubclassOf('phpbb_db_driver'))
{
return $dbms;
}
*/
return $dbms;
}
throw new \RuntimeException("You have specified an invalid dbms driver: $dbms");
}
/**
* Create a Symfony Request object from phpbb_request object
*
* @param phpbb_request $request Request object
* @return Request A Symfony Request object
*/
function phpbb_create_symfony_request(phpbb_request $request)
{
// This function is meant to sanitize the global input arrays
$sanitizer = function(&$value, $key) {
$type_cast_helper = new phpbb_request_type_cast_helper();
$type_cast_helper->set_var($value, $value, gettype($value), true);
};
// We need to re-enable the super globals so we can access them here
$request->enable_super_globals();
$get_parameters = $_GET;
$post_parameters = $_POST;
$server_parameters = $_SERVER;
$files_parameters = $_FILES;
$cookie_parameters = $_COOKIE;
// And now disable them again for security
$request->disable_super_globals();
array_walk_recursive($get_parameters, $sanitizer);
array_walk_recursive($post_parameters, $sanitizer);
// Until we fix the issue with relative paths, we have to fake path info
// to allow urls like app.php?controller=foo/bar
$controller = $request->variable('controller', '');
$path_info = '/' . $controller;
$request_uri = $server_parameters['REQUEST_URI'];
// Remove the query string from REQUEST_URI
if ($pos = strpos($request_uri, '?'))
{
$request_uri = substr($request_uri, 0, $pos);
}
// Add the path info (i.e. controller route) to the REQUEST_URI
$server_parameters['REQUEST_URI'] = $request_uri . $path_info;
$server_parameters['SCRIPT_NAME'] = '';
return new Request($get_parameters, $post_parameters, array(), $cookie_parameters, $files_parameters, $server_parameters);
}