1
0
mirror of https://github.com/phpbb/phpbb.git synced 2025-10-23 20:56:08 +02:00

Correctly check empty subjects/messages (Bug #17915)

Do not check usernames against word censor list. Disallowed usernames is already checked and word censor belong to posts. (Bug #17745)
Additionally include non-postable forums for moderators forums shown within the teams list. (Bug #17265)


git-svn-id: file:///svn/phpbb/trunk@8306 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Meik Sievertsen
2008-01-05 16:10:10 +00:00
parent a4633d8ac0
commit f0dea06097
7 changed files with 35 additions and 32 deletions

View File

@@ -20,11 +20,11 @@ if (!defined('IN_PHPBB'))
*
* Jabber class from Flyspray project
*
* @version class.jabber2.php 1306 2007-06-21
* @version class.jabber2.php 1488 2007-11-25
* @copyright 2006 Flyspray.org
* @author Florian Schmitz (floele)
*
* Modified by Acyd Burn
* Only slightly modified by Acyd Burn
*
* @package phpBB3
*/
@@ -286,7 +286,7 @@ class jabber
$read = trim(fread($this->connection, 4096));
$data .= $read;
}
while (time() <= $start + $timeout && ($wait || $data == '' || $read != '' || (substr(rtrim($data), -1) != '>')));
while (time() <= $start + $timeout && !feof($this->connection) && ($wait || $data == '' || $read != '' || (substr(rtrim($data), -1) != '>')));
if ($data != '')
{
@@ -385,7 +385,6 @@ class jabber
{
case 'stream:stream':
// Connection initialised (or after authentication). Not much to do here...
$this->session['id'] = $xml['stream:stream'][0]['@']['id'];
if (isset($xml['stream:stream'][0]['#']['stream:features']))
{
@@ -397,6 +396,16 @@ class jabber
$this->features = $this->listen();
}
$second_time = isset($this->session['id']);
$this->session['id'] = $xml['stream:stream'][0]['@']['id'];
if ($second_time)
{
// If we are here for the second time after TLS, we need to continue logging in
$this->login();
return;
}
// go on with authentication?
if (isset($this->features['stream:features'][0]['#']['bind']) || !empty($this->session['tls']))
{
@@ -519,9 +528,10 @@ class jabber
'response' => $this->encrypt_password(array_merge($decoded, array('nc' => '00000001'))),
'charset' => 'utf-8',
'nc' => '00000001',
'qop' => 'auth', // only auth being supported
);
foreach (array('nonce', 'qop', 'digest-uri', 'realm', 'cnonce') as $key)
foreach (array('nonce', 'digest-uri', 'realm', 'cnonce') as $key)
{
if (isset($decoded[$key]))
{

View File

@@ -137,6 +137,9 @@ function user_update_name($old_name, $new_name)
{
set_config('newest_username', $new_name, true);
}
// Because some tables/caches use username-specific data we need to purge this here.
$cache->destroy('sql', MODERATOR_CACHE_TABLE);
}
/**
@@ -1422,20 +1425,6 @@ function validate_username($username, $allowed_username = false)
}
}
$sql = 'SELECT word
FROM ' . WORDS_TABLE;
$result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result))
{
if (preg_match('#(' . str_replace('\*', '.*?', preg_quote($row['word'], '#')) . ')#i', $username))
{
$db->sql_freeresult($result);
return 'USERNAME_DISALLOWED';
}
}
$db->sql_freeresult($result);
return false;
}

View File

@@ -913,9 +913,14 @@ class bbcode_firstpass extends bbcode
$url = ($var1) ? $var1 : $var2;
if (!$url || ($var1 && !$var2))
if ($var1 && !$var2)
{
return '';
$var2 = $var1;
}
if (!$url)
{
return '[url' . (($var1) ? '=' . $var1 : '') . ']' . $var2 . '[/url]';
}
$valid = false;
@@ -1088,7 +1093,7 @@ class parse_message extends bbcode_firstpass
}
// Check for "empty" message
if ($mode !== 'sig' && !utf8_clean_string($this->message))
if ($mode !== 'sig' && utf8_clean_string($this->message) === '')
{
$this->warn_msg[] = $user->lang['TOO_FEW_CHARS'];
return $this->warn_msg;

View File

@@ -494,12 +494,12 @@ function compose_pm($id, $mode, $action)
}
else
{
if (!$subject || !utf8_clean_string($subject))
if (utf8_clean_string($subject) === '')
{
$error[] = $user->lang['EMPTY_MESSAGE_SUBJECT'];
}
if (!$message)
if (utf8_clean_string($message) === '')
{
$error[] = $user->lang['TOO_FEW_CHARS'];
}
@@ -600,7 +600,7 @@ function compose_pm($id, $mode, $action)
// Subject defined
if ($submit)
{
if (!$subject || !utf8_clean_string($subject))
if (utf8_clean_string($subject) === '')
{
$error[] = $user->lang['EMPTY_MESSAGE_SUBJECT'];
}

View File

@@ -462,7 +462,7 @@ $lang = array_merge($lang, array(
'NO_VISIBLE_CHANGES' => 'No visible changes',
'NOTICE' => 'Notice',
'NUM_CONFLICTS' => 'Number of conflicts',
'NUMBER_OF_FILES_COLLECTED' => 'Currently having differences about %1$d from %2$d files collected.<br />Please wait until file collection finished.',
'NUMBER_OF_FILES_COLLECTED' => 'Currently differences of %1$d of %2$d files have been checked.<br />Please wait until all files are checked.',
'OLD_UPDATE_FILES' => 'Update files are out of date. The update files found are for updating from phpBB %1$s to phpBB %2$s but the latest version of phpBB is %3$s.',

View File

@@ -141,8 +141,7 @@ switch ($mode)
unset($admin_memberships);
$sql = 'SELECT forum_id, forum_name
FROM ' . FORUMS_TABLE . '
WHERE forum_type = ' . FORUM_POST;
FROM ' . FORUMS_TABLE;
$result = $db->sql_query($sql);
$forums = array();

View File

@@ -520,12 +520,12 @@ if ($save && $user->data['is_registered'] && $auth->acl_get('u_savedrafts') && (
}
else
{
if (!$subject || !utf8_clean_string($subject))
if (utf8_clean_string($subject) === '')
{
$error[] = $user->lang['EMPTY_SUBJECT'];
}
if (!$message)
if (utf8_clean_string($message) === '')
{
$error[] = $user->lang['TOO_FEW_CHARS'];
}
@@ -769,7 +769,7 @@ if ($submit || $preview || $refresh)
}
// Parse subject
if (!$preview && !$refresh && !utf8_clean_string($post_data['post_subject']) && ($mode == 'post' || ($mode == 'edit' && $post_data['topic_first_post_id'] == $post_id)))
if (!$preview && !$refresh && utf8_clean_string($post_data['post_subject']) === '' && ($mode == 'post' || ($mode == 'edit' && $post_data['topic_first_post_id'] == $post_id)))
{
$error[] = $user->lang['EMPTY_SUBJECT'];
}