mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-02-24 20:13:22 +01:00
Code Issues Releases Wiki Activity

Merge branch 'develop-olympus' into develop

Browse Source 
* develop-olympus:
  [ticket/9637] Do not cache SQL server version in all cases
  [ticket/9629] Allow style.php to retrieve its session ID from cookies
  [ticket/9678] Flash attachments are not displayed in subsilver2.
  [ticket/9677] Subsilver2 is missing the bbcode-helpline for inline-attachments.
  [ticket/9650] Do not allow banning the anonymous user by username

Conflicts:
	phpBB/styles/subsilver2/template/attachment.html
	phpBB/styles/subsilver2/template/posting_buttons.html
This commit is contained in:
Andreas Fischer 2010-07-11 01:54:03 +02:00
commit eeb65d2958
15 changed files with 77 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
phpBB/includes/acp/acp_users.php
View File

@ -231,6 +231,11 @@ class acp_users
trigger_error($user->lang['CANNOT_BAN_YOURSELF'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
}
if ($user_id == ANONYMOUS)
{
trigger_error($user->lang['CANNOT_BAN_ANONYMOUS'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
}
if ($user_row['user_type'] == USER_FOUNDER)
{
trigger_error($user->lang['CANNOT_BAN_FOUNDER'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);

11
phpBB/includes/db/firebird.php
View File

@ -63,10 +63,19 @@ class dbal_firebird extends dbal
/**
* Version information about used database
* @param bool $raw if true, only return the fetched sql_server_version
* @param bool $use_cache forced to false for Interbase
* @return string sql server version
*/
function sql_server_info($raw = false)
function sql_server_info($raw = false, $use_cache = true)
{
/**
* force $use_cache false. I didn't research why the caching code there is no caching code
* but I assume its because the IB extension provides a direct method to access it
* without a query.
*/
$use_cache = false;
if ($this->service_handle !== false && function_exists('ibase_server_info'))
{
return @ibase_server_info($this->service_handle, IBASE_SVC_SERVER_VERSION);

7
phpBB/includes/db/mssql.php
View File

@ -65,13 +65,14 @@ class dbal_mssql extends dbal
/**
* Version information about used database
* @param bool $raw if true, only return the fetched sql_server_version
* @param bool $use_cache If true, it is safe to retrieve the value from the cache
* @return string sql server version
*/
function sql_server_info($raw = false)
function sql_server_info($raw = false, $use_cache = true)
{
global $cache;
if (empty($cache) || ($this->sql_server_version = $cache->get('mssql_version')) === false)
if (!$use_cache || empty($cache) || ($this->sql_server_version = $cache->get('mssql_version')) === false)
{
$result_id = @mssql_query("SELECT SERVERPROPERTY('productversion'), SERVERPROPERTY('productlevel'), SERVERPROPERTY('edition')", $this->db_connect_id);
@ -84,7 +85,7 @@ class dbal_mssql extends dbal
$this->sql_server_version = ($row) ? trim(implode(' ', $row)) : 0;
if (!empty($cache))
if (!empty($cache) && $use_cache)
{
$cache->put('mssql_version', $this->sql_server_version);
}

7
phpBB/includes/db/mssql_odbc.php
View File

@ -76,13 +76,14 @@ class dbal_mssql_odbc extends dbal
/**
* Version information about used database
* @param bool $raw if true, only return the fetched sql_server_version
* @param bool $use_cache If true, it is safe to retrieve the value from the cache
* @return string sql server version
*/
function sql_server_info($raw = false)
function sql_server_info($raw = false, $use_cache = true)
{
global $cache;
if (empty($cache) || ($this->sql_server_version = $cache->get('mssqlodbc_version')) === false)
if (!$use_cache || empty($cache) || ($this->sql_server_version = $cache->get('mssqlodbc_version')) === false)
{
$result_id = @odbc_exec($this->db_connect_id, "SELECT SERVERPROPERTY('productversion'), SERVERPROPERTY('productlevel'), SERVERPROPERTY('edition')");
@ -95,7 +96,7 @@ class dbal_mssql_odbc extends dbal
$this->sql_server_version = ($row) ? trim(implode(' ', $row)) : 0;
if (!empty($cache))
if (!empty($cache) && $use_cache)
{
$cache->put('mssqlodbc_version', $this->sql_server_version);
}

7
phpBB/includes/db/mssqlnative.php
View File

@ -232,18 +232,19 @@ class dbal_mssqlnative extends dbal
/**
* Version information about used database
* @param bool $raw if true, only return the fetched sql_server_version
* @param bool $use_cache If true, it is safe to retrieve the value from the cache
* @return string sql server version
*/
function sql_server_info($raw = false)
function sql_server_info($raw = false, $use_cache = true)
{
global $cache;
if (empty($cache) || ($this->sql_server_version = $cache->get('mssql_version')) === false)
if (!$use_cache || empty($cache) || ($this->sql_server_version = $cache->get('mssql_version')) === false)
{
$arr_server_info = sqlsrv_server_info($this->db_connect_id);
$this->sql_server_version = $arr_server_info['SQLServerVersion'];
if (!empty($cache))
if (!empty($cache) && $use_cache)
{
$cache->put('mssql_version', $this->sql_server_version);
}

7
phpBB/includes/db/mysql.php
View File

@ -96,13 +96,14 @@ class dbal_mysql extends dbal
/**
* Version information about used database
* @param bool $raw if true, only return the fetched sql_server_version
* @param bool $use_cache If true, it is safe to retrieve the value from the cache
* @return string sql server version
*/
function sql_server_info($raw = false)
function sql_server_info($raw = false, $use_cache = true)
{
global $cache;
if (empty($cache) || ($this->sql_server_version = $cache->get('mysql_version')) === false)
if (!$use_cache || empty($cache) || ($this->sql_server_version = $cache->get('mysql_version')) === false)
{
$result = @mysql_query('SELECT VERSION() AS version', $this->db_connect_id);
$row = @mysql_fetch_assoc($result);
@ -110,7 +111,7 @@ class dbal_mysql extends dbal
$this->sql_server_version = $row['version'];
if (!empty($cache))
if (!empty($cache) && $use_cache)
{
$cache->put('mysql_version', $this->sql_server_version);
}

8
phpBB/includes/db/mysqli.php
View File

@ -80,14 +80,14 @@ class dbal_mysqli extends dbal
/**
* Version information about used database
* @param bool $raw if true, only return the fetched sql_server_version
* @param bool $use_cache If true, it is safe to retrieve the value from the cache
* @return string sql server version
*/
function sql_server_info($raw = false)
function sql_server_info($raw = false, $use_cache = true)
{
global $cache;
if (empty($cache) || ($this->sql_server_version = $cache->get('mysqli_version')) === false)
if (!$use_cache || empty($cache) || ($this->sql_server_version = $cache->get('mysqli_version')) === false)
{
$result = @mysqli_query($this->db_connect_id, 'SELECT VERSION() AS version');
$row = @mysqli_fetch_assoc($result);
@ -95,7 +95,7 @@ class dbal_mysqli extends dbal
$this->sql_server_version = $row['version'];
if (!empty($cache))
if (!empty($cache) && $use_cache)
{
$cache->put('mysqli_version', $this->sql_server_version);
}

10
phpBB/includes/db/oracle.php
View File

@ -56,10 +56,18 @@ class dbal_oracle extends dbal
/**
* Version information about used database
* @param bool $raw if true, only return the fetched sql_server_version
* @param bool $use_cache forced to false for Oracle
* @return string sql server version
*/
function sql_server_info($raw = false)
function sql_server_info($raw = false, $use_cache = true)
{
/**
* force $use_cache false. I didn't research why the caching code below is commented out
* but I assume its because the Oracle extension provides a direct method to access it
* without a query.
*/
$use_cache = false;
/*
global $cache;

7
phpBB/includes/db/postgres.php
View File

@ -108,13 +108,14 @@ class dbal_postgres extends dbal
/**
* Version information about used database
* @param bool $raw if true, only return the fetched sql_server_version
* @param bool $use_cache If true, it is safe to retrieve the value from the cache
* @return string sql server version
*/
function sql_server_info($raw = false)
function sql_server_info($raw = false, $use_cache = true)
{
global $cache;
if (empty($cache) || ($this->sql_server_version = $cache->get('pgsql_version')) === false)
if (!$use_cache || empty($cache) || ($this->sql_server_version = $cache->get('pgsql_version')) === false)
{
$query_id = @pg_query($this->db_connect_id, 'SELECT VERSION() AS version');
$row = @pg_fetch_assoc($query_id, null);
@ -122,7 +123,7 @@ class dbal_postgres extends dbal
$this->sql_server_version = (!empty($row['version'])) ? trim(substr($row['version'], 10)) : 0;
if (!empty($cache))
if (!empty($cache) && $use_cache)
{
$cache->put('pgsql_version', $this->sql_server_version);
}

11
phpBB/includes/db/sqlite.php
View File

@ -50,19 +50,24 @@ class dbal_sqlite extends dbal
/**
* Version information about used database
* @param bool $raw if true, only return the fetched sql_server_version
* @param bool $use_cache if true, it is safe to retrieve the stored value from the cache
* @return string sql server version
*/
function sql_server_info($raw = false)
function sql_server_info($raw = false, $use_cache = true)
{
global $cache;
if (empty($cache) || ($this->sql_server_version = $cache->get('sqlite_version')) === false)
if (!$use_cache || empty($cache) || ($this->sql_server_version = $cache->get('sqlite_version')) === false)
{
$result = @sqlite_query('SELECT sqlite_version() AS version', $this->db_connect_id);
$row = @sqlite_fetch_array($result, SQLITE_ASSOC);
$this->sql_server_version = (!empty($row['version'])) ? $row['version'] : 0;
$cache->put('sqlite_version', $this->sql_server_version);
if (!empty($cache) && $use_cache)
{
$cache->put('sqlite_version', $this->sql_server_version);
}
}
return ($raw) ? $this->sql_server_version : 'SQLite ' . $this->sql_server_version;

2
phpBB/includes/functions.php
View File

@ -4318,7 +4318,7 @@ function page_header($page_title = '', $display_online_list = true, $item_id = 0
'T_ICONS_PATH' => "{$web_path}{$config['icons_path']}/",
'T_RANKS_PATH' => "{$web_path}{$config['ranks_path']}/",
'T_UPLOAD_PATH' => "{$web_path}{$config['upload_path']}/",
'T_STYLESHEET_LINK' => (!$user->theme['theme_storedb']) ? "{$web_path}styles/" . $user->theme['theme_path'] . '/theme/stylesheet.css' : append_sid("{$phpbb_root_path}style.$phpEx", 'id=' . $user->theme['style_id'] . '&lang=' . $user->data['user_lang'], true, $user->session_id),
'T_STYLESHEET_LINK' => (!$user->theme['theme_storedb']) ? "{$web_path}styles/" . $user->theme['theme_path'] . '/theme/stylesheet.css' : append_sid("{$phpbb_root_path}style.$phpEx", 'id=' . $user->theme['style_id'] . '&lang=' . $user->data['user_lang']),
'T_STYLESHEET_NAME' => $user->theme['theme_name'],
'T_THEME_NAME' => $user->theme['theme_path'],

7
phpBB/includes/functions_user.php
View File

@ -837,14 +837,15 @@ function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reas
FROM ' . USERS_TABLE . '
WHERE ' . $db->sql_in_set('username_clean', $sql_usernames);
// Do not allow banning yourself
// Do not allow banning yourself, the guest account, or founders.
$non_bannable = array($user->data['user_id'], ANONYMOUS);
if (sizeof($founder))
{
$sql .= ' AND ' . $db->sql_in_set('user_id', array_merge(array_keys($founder), array($user->data['user_id'])), true);
$sql .= ' AND ' . $db->sql_in_set('user_id', array_merge(array_keys($founder), $non_bannable), true);
}
else
{
$sql .= ' AND user_id <> ' . $user->data['user_id'];
$sql .= ' AND ' . $db->sql_in_set('user_id', $non_bannable, true);
}
$result = $db->sql_query($sql);

2
phpBB/install/install_convert.php
View File

@ -685,7 +685,7 @@ class install_convert extends module
// Thanks MySQL, for silently converting...
case 'mysql':
case 'mysql4':
if (version_compare($src_db->sql_server_info(true), '4.1.3', '>='))
if (version_compare($src_db->sql_server_info(true, false), '4.1.3', '>='))
{
$convert->mysql_convert = true;
}

1
phpBB/language/en/acp/users.php
View File

@ -42,6 +42,7 @@ $lang = array_merge($lang, array(
'BAN_ALREADY_ENTERED' => 'The ban had been previously entered successfully. The ban list has not been updated.',
'BAN_SUCCESSFUL' => 'Ban entered successfully.',
'CANNOT_BAN_ANONYMOUS' => 'You are not allowed to ban the anonymous account. Permissions for anonymous users can be set under the Permissions tab.',
'CANNOT_BAN_FOUNDER' => 'You are not allowed to ban founder accounts.',
'CANNOT_BAN_YOURSELF' => 'You are not allowed to ban yourself.',
'CANNOT_DEACTIVATE_BOT' => 'You are not allowed to deactivate bot accounts. Please deactivate the bot within the bots page instead.',

21
phpBB/style.php
View File

@ -45,15 +45,8 @@ if (!empty($load_extensions) && function_exists('dl'))
}
}
$sid = (isset($_GET['sid']) && !is_array($_GET['sid'])) ? htmlspecialchars($_GET['sid']) : '';
$id = (isset($_GET['id'])) ? intval($_GET['id']) : 0;
if (strspn($sid, 'abcdefABCDEF0123456789') !== strlen($sid))
{
$sid = '';
}
// This is a simple script to grab and output the requested CSS data stored in the DB
// We include a session_id check to try and limit 3rd party linking ... unless they
// happen to have a current session it will output nothing. We will also cache the
@ -81,6 +74,20 @@ if ($id)
$config = $cache->obtain_config();
$user = false;
// try to get a session ID from REQUEST array
$sid = request_var('sid', '');
if (!$sid)
{
// if that failed, then look in the cookies
$sid = request_var($config['cookie_name'] . '_sid', '', false, true);
}
if (strspn($sid, 'abcdefABCDEF0123456789') !== strlen($sid))
{
$sid = '';
}
if ($sid)
{
$sql = 'SELECT u.user_id, u.user_lang