mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-07-30 21:40:43 +02:00
Code Issues Releases Wiki Activity

Merge branch 'master' into ticket/12629

Browse Source
This commit is contained in:
Marc Alexander
2018-10-26 10:16:04 +02:00
committed by GitHub
parent 9a5edd2874 316ac77cdf
commit ecf343f577
114 changed files with 1902 additions and 967 deletions
Download Patch File Download Diff File Expand all files Collapse all files

71
phpBB/includes/functions.php
View File

@@ -61,8 +61,17 @@ function phpbb_load_extensions_autoloaders($phpbb_root_path)
*/
function gen_rand_string($num_chars = 8)
{
// [a, z] + [0, 9] = 36
return substr(strtoupper(base_convert(bin2hex(random_bytes($num_chars + 1)), 16, 36)), 0, $num_chars);
$range = array_merge(range('A', 'Z'), range(0, 9));
$size = count($range);
$output = '';
for ($i = 0; $i < $num_chars; $i++)
{
$rand = random_int(0, $size-1);
$output .= $range[$rand];
}
return $output;
}
/**
@@ -76,13 +85,17 @@ function gen_rand_string($num_chars = 8)
*/
function gen_rand_string_friendly($num_chars = 8)
{
$rand_str = bin2hex(random_bytes($num_chars + 1));
$range = array_merge(range('A', 'N'), range('P', 'Z'), range(1, 9));
$size = count($range);
// Remove Z and Y from the base_convert(), replace 0 with Z and O with Y
// [a, z] + [0, 9] - {z, y} = [a, z] + [0, 9] - {0, o} = 34
$rand_str = str_replace(array('0', 'O'), array('Z', 'Y'), strtoupper(base_convert($rand_str, 16, 34)));
$output = '';
for ($i = 0; $i < $num_chars; $i++)
{
$rand = random_int(0, $size-1);
$output .= $range[$rand];
}
return substr($rand_str, 0, $num_chars);
return $output;
}
/**
@@ -90,7 +103,7 @@ function gen_rand_string_friendly($num_chars = 8)
*/
function unique_id()
{
return bin2hex(random_bytes(8));
return gen_rand_string(32);
}
/**
@@ -1719,14 +1732,14 @@ function redirect($url, $return = false, $disable_cd_check = false)
if ($url_parts === false)
{
// Malformed url
trigger_error('INSECURE_REDIRECT', E_USER_ERROR);
trigger_error('INSECURE_REDIRECT', E_USER_WARNING);
}
else if (!empty($url_parts['scheme']) && !empty($url_parts['host']))
{
// Attention: only able to redirect within the same domain if $disable_cd_check is false (yourdomain.com -> www.yourdomain.com will not work)
if (!$disable_cd_check && $url_parts['host'] !== $user->host)
{
trigger_error('INSECURE_REDIRECT', E_USER_ERROR);
trigger_error('INSECURE_REDIRECT', E_USER_WARNING);
}
}
else if ($url[0] == '/')
@@ -1766,13 +1779,13 @@ function redirect($url, $return = false, $disable_cd_check = false)
if (!$disable_cd_check && strpos($url, generate_board_url(true) . '/') !== 0)
{
trigger_error('INSECURE_REDIRECT', E_USER_ERROR);
trigger_error('INSECURE_REDIRECT', E_USER_WARNING);
}
// Make sure no linebreaks are there... to prevent http response splitting for PHP < 4.4.2
if (strpos(urldecode($url), "\n") !== false || strpos(urldecode($url), "\r") !== false || strpos($url, ';') !== false)
{
trigger_error('INSECURE_REDIRECT', E_USER_ERROR);
trigger_error('INSECURE_REDIRECT', E_USER_WARNING);
}
// Now, also check the protocol and for a valid url the last time...
@@ -1781,7 +1794,7 @@ function redirect($url, $return = false, $disable_cd_check = false)
if ($url_parts === false || empty($url_parts['scheme']) || !in_array($url_parts['scheme'], $allowed_protocols))
{
trigger_error('INSECURE_REDIRECT', E_USER_ERROR);
trigger_error('INSECURE_REDIRECT', E_USER_WARNING);
}
/**
@@ -2338,10 +2351,12 @@ function login_box($redirect = '', $l_explain = '', $l_success = '', $admin = fa
* @event core.login_box_redirect
* @var string redirect Redirect string
* @var bool admin Is admin?
* @var array result Result from auth provider
* @since 3.1.0-RC5
* @changed 3.1.9-RC1 Removed undefined return variable
* @changed 3.2.4-RC1 Added result
*/
$vars = array('redirect', 'admin');
$vars = array('redirect', 'admin', 'result');
extract($phpbb_dispatcher->trigger_event('core.login_box_redirect', compact($vars)));
// append/replace SID (may change during the session for AOL users)
@@ -2514,7 +2529,7 @@ function login_box($redirect = '', $l_explain = '', $l_success = '', $admin = fa
*/
function login_forum_box($forum_data)
{
global $db, $phpbb_container, $request, $template, $user, $phpbb_dispatcher;
global $db, $phpbb_container, $request, $template, $user, $phpbb_dispatcher, $phpbb_root_path, $phpEx;
$password = $request->variable('password', '', true);
@@ -2599,6 +2614,8 @@ function login_forum_box($forum_data)
'body' => 'login_forum.html')
);
make_jumpbox(append_sid("{$phpbb_root_path}viewforum.$phpEx"), $forum_data['forum_id']);
page_footer();
}
@@ -4211,7 +4228,8 @@ function page_header($page_title = '', $display_online_list = false, $item_id =
}
else
{
$u_login_logout = append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=login');
$redirect = $request->variable('redirect', rawurlencode($user->page['page']));
$u_login_logout = append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=login&amp;redirect=' . $redirect);
$l_login_logout = $user->lang['LOGIN'];
}
@@ -4477,7 +4495,7 @@ function page_header($page_title = '', $display_online_list = false, $item_id =
'S_COOKIE_NOTICE' => !empty($config['cookie_notice']),
'T_THEME_NAME' => rawurlencode($user->style['style_path']),
'T_THEME_LANG_NAME' => $user->data['user_lang'],
'T_THEME_LANG_NAME' => $user->lang_name,
'T_TEMPLATE_NAME' => $user->style['style_path'],
'T_SUPER_TEMPLATE_NAME' => rawurlencode((isset($user->style['style_parent_tree']) && $user->style['style_parent_tree']) ? $user->style['style_parent_tree'] : $user->style['style_path']),
'T_IMAGES' => 'images',
@@ -4541,7 +4559,9 @@ function page_header($page_title = '', $display_online_list = false, $item_id =
*/
function phpbb_check_and_display_sql_report(\phpbb\request\request_interface $request, \phpbb\auth\auth $auth, \phpbb\db\driver\driver_interface $db)
{
if ($request->variable('explain', false) && $auth->acl_get('a_') && defined('DEBUG'))
global $phpbb_container;
if ($phpbb_container->getParameter('debug.sql_explain') && $request->variable('explain', false) && $auth->acl_get('a_'))
{
$db->sql_report('display');
}
@@ -4571,9 +4591,10 @@ function phpbb_generate_debug_output(\phpbb\db\driver\driver_interface $db, \php
$totaltime = microtime(true) - $GLOBALS['starttime'];
$debug_info[] = sprintf('<span title="SQL time: %.3fs / PHP time: %.3fs">Time: %.3fs</span>', $db->get_sql_time(), ($totaltime - $db->get_sql_time()), $totaltime);
}
}
$debug_info[] = sprintf('<span title="Cached: %d">Queries: %d</span>', $db->sql_num_queries(true), $db->sql_num_queries());
if ($phpbb_container->getParameter('debug.memory'))
{
$memory_usage = memory_get_peak_usage();
if ($memory_usage)
{
@@ -4581,18 +4602,20 @@ function phpbb_generate_debug_output(\phpbb\db\driver\driver_interface $db, \php
$debug_info[] = 'Peak Memory Usage: ' . $memory_usage;
}
}
if (defined('DEBUG'))
{
$debug_info[] = 'GZIP: ' . (($config['gzip_compress'] && @extension_loaded('zlib')) ? 'On' : 'Off');
if ($user->load)
{
$debug_info[] = 'Load: ' . $user->load;
}
}
if ($auth->acl_get('a_') && $phpbb_container->getParameter('debug.sql_explain'))
if ($phpbb_container->getParameter('debug.sql_explain'))
{
$debug_info[] = sprintf('<span title="Cached: %d">Queries: %d</span>', $db->sql_num_queries(true), $db->sql_num_queries());
if ($auth->acl_get('a_'))
{
$debug_info[] = '<a href="' . build_url() . '&amp;explain=1">SQL Explain</a>';
}