mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-05-08 00:25:19 +02:00
Code Issues Releases Wiki Activity

Correctly check empty subjects/messages (Bug #17915)

Browse Source 
Do not check usernames against word censor list. Disallowed usernames is already checked and word censor belong to posts. (Bug #17745)
Additionally include non-postable forums for moderators forums shown within the teams list. (Bug #17265)


git-svn-id: file:///svn/phpbb/trunk@8306 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Meik Sievertsen 2008-01-05 16:10:10 +00:00
parent a4633d8ac0
commit f0dea06097
7 changed files with 35 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
phpBB/includes/functions_jabber.php
View File

@ -20,11 +20,11 @@ if (!defined('IN_PHPBB'))
* *
* Jabber class from Flyspray project * Jabber class from Flyspray project
* *
* @version class.jabber2.php 1306 2007-06-21 * @version class.jabber2.php 1488 2007-11-25
* @copyright 2006 Flyspray.org * @copyright 2006 Flyspray.org
* @author Florian Schmitz (floele) * @author Florian Schmitz (floele)
* *
* Modified by Acyd Burn * Only slightly modified by Acyd Burn
* *
* @package phpBB3 * @package phpBB3
*/ */
@ -286,7 +286,7 @@ class jabber
$read = trim(fread($this->connection, 4096)); $read = trim(fread($this->connection, 4096));
$data .= $read; $data .= $read;
} }
while (time() <= $start + $timeout && ($wait || $data == '' || $read != '' || (substr(rtrim($data), -1) != '>'))); while (time() <= $start + $timeout && !feof($this->connection) && ($wait || $data == '' || $read != '' || (substr(rtrim($data), -1) != '>')));
if ($data != '') if ($data != '')
{ {
@ -385,7 +385,6 @@ class jabber
{ {
case 'stream:stream': case 'stream:stream':
// Connection initialised (or after authentication). Not much to do here... // Connection initialised (or after authentication). Not much to do here...
$this->session['id'] = $xml['stream:stream'][0]['@']['id'];
if (isset($xml['stream:stream'][0]['#']['stream:features'])) if (isset($xml['stream:stream'][0]['#']['stream:features']))
{ {
@ -397,6 +396,16 @@ class jabber
$this->features = $this->listen(); $this->features = $this->listen();
} }
$second_time = isset($this->session['id']);
$this->session['id'] = $xml['stream:stream'][0]['@']['id'];
if ($second_time)
{
// If we are here for the second time after TLS, we need to continue logging in
$this->login();
return;
}
// go on with authentication? // go on with authentication?
if (isset($this->features['stream:features'][0]['#']['bind']) || !empty($this->session['tls'])) if (isset($this->features['stream:features'][0]['#']['bind']) || !empty($this->session['tls']))
{ {
@ -519,9 +528,10 @@ class jabber
'response' => $this->encrypt_password(array_merge($decoded, array('nc' => '00000001'))), 'response' => $this->encrypt_password(array_merge($decoded, array('nc' => '00000001'))),
'charset' => 'utf-8', 'charset' => 'utf-8',
'nc' => '00000001', 'nc' => '00000001',
'qop' => 'auth', // only auth being supported
); );
foreach (array('nonce', 'qop', 'digest-uri', 'realm', 'cnonce') as $key) foreach (array('nonce', 'digest-uri', 'realm', 'cnonce') as $key)
{ {
if (isset($decoded[$key])) if (isset($decoded[$key]))
{ {

17
phpBB/includes/functions_user.php
View File

@ -137,6 +137,9 @@ function user_update_name($old_name, $new_name)
{ {
set_config('newest_username', $new_name, true); set_config('newest_username', $new_name, true);
} }
// Because some tables/caches use username-specific data we need to purge this here.
$cache->destroy('sql', MODERATOR_CACHE_TABLE);
} }
/** /**
@ -1422,20 +1425,6 @@ function validate_username($username, $allowed_username = false)
} }
} }
$sql = 'SELECT word
FROM ' . WORDS_TABLE;
$result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result))
{
if (preg_match('#(' . str_replace('\*', '.*?', preg_quote($row['word'], '#')) . ')#i', $username))
{
$db->sql_freeresult($result);
return 'USERNAME_DISALLOWED';
}
}
$db->sql_freeresult($result);
return false; return false;
} }

11
phpBB/includes/message_parser.php
View File

@ -913,9 +913,14 @@ class bbcode_firstpass extends bbcode
$url = ($var1) ? $var1 : $var2; $url = ($var1) ? $var1 : $var2;
if (!$url || ($var1 && !$var2)) if ($var1 && !$var2)
{ {
return ''; $var2 = $var1;
}
if (!$url)
{
return '[url' . (($var1) ? '=' . $var1 : '') . ']' . $var2 . '[/url]';
} }
$valid = false; $valid = false;
@ -1088,7 +1093,7 @@ class parse_message extends bbcode_firstpass
} }
// Check for "empty" message // Check for "empty" message
if ($mode !== 'sig' && !utf8_clean_string($this->message)) if ($mode !== 'sig' && utf8_clean_string($this->message) === '')
{ {
$this->warn_msg[] = $user->lang['TOO_FEW_CHARS']; $this->warn_msg[] = $user->lang['TOO_FEW_CHARS'];
return $this->warn_msg; return $this->warn_msg;

6
phpBB/includes/ucp/ucp_pm_compose.php
View File

@ -494,12 +494,12 @@ function compose_pm($id, $mode, $action)
} }
else else
{ {
if (!$subject || !utf8_clean_string($subject)) if (utf8_clean_string($subject) === '')
{ {
$error[] = $user->lang['EMPTY_MESSAGE_SUBJECT']; $error[] = $user->lang['EMPTY_MESSAGE_SUBJECT'];
} }
if (!$message) if (utf8_clean_string($message) === '')
{ {
$error[] = $user->lang['TOO_FEW_CHARS']; $error[] = $user->lang['TOO_FEW_CHARS'];
} }
@ -600,7 +600,7 @@ function compose_pm($id, $mode, $action)
// Subject defined // Subject defined
if ($submit) if ($submit)
{ {
if (!$subject || !utf8_clean_string($subject)) if (utf8_clean_string($subject) === '')
{ {
$error[] = $user->lang['EMPTY_MESSAGE_SUBJECT']; $error[] = $user->lang['EMPTY_MESSAGE_SUBJECT'];
} }

2
phpBB/language/en/install.php
View File

@ -462,7 +462,7 @@ $lang = array_merge($lang, array(
'NO_VISIBLE_CHANGES' => 'No visible changes', 'NO_VISIBLE_CHANGES' => 'No visible changes',
'NOTICE' => 'Notice', 'NOTICE' => 'Notice',
'NUM_CONFLICTS' => 'Number of conflicts', 'NUM_CONFLICTS' => 'Number of conflicts',
'NUMBER_OF_FILES_COLLECTED' => 'Currently having differences about %1$d from %2$d files collected.<br />Please wait until file collection finished.', 'NUMBER_OF_FILES_COLLECTED' => 'Currently differences of %1$d of %2$d files have been checked.<br />Please wait until all files are checked.',
'OLD_UPDATE_FILES' => 'Update files are out of date. The update files found are for updating from phpBB %1$s to phpBB %2$s but the latest version of phpBB is %3$s.', 'OLD_UPDATE_FILES' => 'Update files are out of date. The update files found are for updating from phpBB %1$s to phpBB %2$s but the latest version of phpBB is %3$s.',

3
phpBB/memberlist.php
View File

@ -141,8 +141,7 @@ switch ($mode)
unset($admin_memberships); unset($admin_memberships);
$sql = 'SELECT forum_id, forum_name $sql = 'SELECT forum_id, forum_name
FROM ' . FORUMS_TABLE . ' FROM ' . FORUMS_TABLE;
WHERE forum_type = ' . FORUM_POST;
$result = $db->sql_query($sql); $result = $db->sql_query($sql);
$forums = array(); $forums = array();

6
phpBB/posting.php
View File

@ -520,12 +520,12 @@ if ($save && $user->data['is_registered'] && $auth->acl_get('u_savedrafts') && (
} }
else else
{ {
if (!$subject || !utf8_clean_string($subject)) if (utf8_clean_string($subject) === '')
{ {
$error[] = $user->lang['EMPTY_SUBJECT']; $error[] = $user->lang['EMPTY_SUBJECT'];
} }
if (!$message) if (utf8_clean_string($message) === '')
{ {
$error[] = $user->lang['TOO_FEW_CHARS']; $error[] = $user->lang['TOO_FEW_CHARS'];
} }
@ -769,7 +769,7 @@ if ($submit || $preview || $refresh)
} }
// Parse subject // Parse subject
if (!$preview && !$refresh && !utf8_clean_string($post_data['post_subject']) && ($mode == 'post' || ($mode == 'edit' && $post_data['topic_first_post_id'] == $post_id))) if (!$preview && !$refresh && utf8_clean_string($post_data['post_subject']) === '' && ($mode == 'post' || ($mode == 'edit' && $post_data['topic_first_post_id'] == $post_id)))
{ {
$error[] = $user->lang['EMPTY_SUBJECT']; $error[] = $user->lang['EMPTY_SUBJECT'];
} }