Unsure if this works with the mysterious, uncommented block in front of it, the parsed_urls thingy... whoever wrote it, please prod me. :) Or add comments.
git-svn-id: file:///svn/phpbb/trunk@9151 89ea8834-ac86-4346-8a33-228a782c2dd0
Changed phpbb_chmod() to set the group bit, even if the PHP user is the owner. (somehow this sounds complicated, i hope you get the idea).
git-svn-id: file:///svn/phpbb/trunk@9132 89ea8834-ac86-4346-8a33-228a782c2dd0
"Given a choice between dancing pigs and security, users will pick
dancing pigs every time." (Gary McGraw and Edward Felten)
What stays the same?
- request_var() keeps working as it used to, alternatively you can directly use
request::variable() which allows choosing which super global you want to read
So what's new?
- request::disable_super_globals() which disables super globals. This
function causes any direct use of $_POST, $_GET, $_REQUEST or $_COOKIE to
result in an E_USER_ERROR. We hope that this will force MOD authors to at
least think about validation as they will have to read about how to use the
request class.
- request::is_set() / request::is_set_post will be used instead of using isset
directly on super globals
- request_var() now supports arrays with arbitrary depth
- request_var() can be used with an array as the variable name to directly
access values in mutli dimensional arrays.
What's next?
- request::disable_super_globals() will be active by default (set in
common.php)
- all code will be adjusted to use the new class consistently
- tests for the request class to make sure it works as designed and will not
change behaviour between releases
I've also already updated all the code within functions.php to use the request class.
git-svn-id: file:///svn/phpbb/trunk@9101 89ea8834-ac86-4346-8a33-228a782c2dd0
- Do not display last post link and sort display options for search engines. (Bug #15088)
git-svn-id: file:///svn/phpbb/trunk@8988 89ea8834-ac86-4346-8a33-228a782c2dd0
As of phpBB 3.0.x, we take our "generic" CSS for a theme and later on combine it with the imagesets and languages as needed... What we did for 3.0.x involved dynamically resolving the variables in the CSS and then sending it off, caching it at several layers (except the one that mattered). The biggest issue with style.php is that it is one giant str_replace on every page load, no matter what; cache be damned. Instead, the trick is to cache the full compilation earlier on...
Further work to do: kill all the old crap and fully integrate the new solution
git-svn-id: file:///svn/phpbb/trunk@8649 89ea8834-ac86-4346-8a33-228a782c2dd0
Changes:
- Ascraeus now uses constants for the phpbb root path and the php extension. This ensures more security for external applications and modifications (no more overwriting of root path and extension possible through insecure mods and register globals enabled) as well as no more globalizing needed.
- A second change implemented here is an additional short-hand-notation for append_sid(). It is allowed to omit the root path and extension now (for example calling append_sid('memberlist')) - in this case the root path and extension get added automatically. The hook is called after these are added.
git-svn-id: file:///svn/phpbb/trunk@8572 89ea8834-ac86-4346-8a33-228a782c2dd0
- let the error handler deal with E_STRICT (same as E_WARNING/E_NOTICE) and E_RECOVERABLE_ERROR (same as E_USER_ERROR)
git-svn-id: file:///svn/phpbb/trunk@8466 89ea8834-ac86-4346-8a33-228a782c2dd0
