explode('|', '') and explode('|', NULL) both return array(0 => '') which can
cause filespec::check_content() to reject everything starting with a '<'
character in case $config['mime_triggers'] is an empty string or not set.
fileupload::set_disallowed_content() now filters out empty strings by calling
array_diff() on the passed array, so setting $config['mime_triggers'] to an
empty string will turn off mime checking completely.
On the other side we want to fail safe if $config['mime_triggers'] is not set
at all. To do this, the array fileupload::$disallowed_content now contains some
default strings to be filtered out.
PHPBB3-9764
When magic_quotes_gpc is 'On' it also affects the $_FILES array and a filename
like 'bantu"s testfile.txt' will be returned as 'bantu\"s testfile.txt'.
Because utf8_basename() also strips off anything before the last backslash
the filename was returned as '"s testfile.txt'.
Calling stripslashes() before utf8_basename() solves the problem.
PHPBB3-9615
Remember that the recent changes broke compatibility with old uploaded avatars and that there were changes to the database entries.
git-svn-id: file:///svn/phpbb/trunk@7453 89ea8834-ac86-4346-8a33-228a782c2dd0
-Route all avatar downloads through download.php - adrien
-Change the way inline attachments are delivered
-Fixes a few (unreported) bugs, notably avatar upload during group generation
-#10079
git-svn-id: file:///svn/phpbb/trunk@7429 89ea8834-ac86-4346-8a33-228a782c2dd0
- permission fixes for conversions
- use more appropiate error message within convertor if source tables could not be found
- other tiny fixes
git-svn-id: file:///svn/phpbb/trunk@6925 89ea8834-ac86-4346-8a33-228a782c2dd0
- removing extension from physical filename for uploaded attachments (as has been suggested some time ago from our community), can still be used by using the new 'unique_ext' mode on file cleaning
- fixed a bug with copying attachments if copying a topic
- made sure no attachment files get removed used at another location
- changed media player "embed" code. For some this may result in no auto-resizing - though a download link has been added.
git-svn-id: file:///svn/phpbb/trunk@6831 89ea8834-ac86-4346-8a33-228a782c2dd0
- important bugfix for the mcp and determining allowed ids in general (if global announcements are included)
git-svn-id: file:///svn/phpbb/trunk@6787 89ea8834-ac86-4346-8a33-228a782c2dd0
- implemented provided patch/diff file for bug #5350 (Highway of Life) with some tiny changes and alterations
- more username/colour changes/fixes
- added a note about PM rule-dependant message removals so the user is not wondering too much if he can't remember his rules. :)
- some column changes to fix unicode issues
- bugfixes
git-svn-id: file:///svn/phpbb/trunk@6650 89ea8834-ac86-4346-8a33-228a782c2dd0
- added optional MX and DNSBL checks
- added backtrace (triggering sql error) on error within sql_in_set as well as making sure it is handling an array
- let users having f_list access to a forum actually see the forum without a topic list and not displaying an error message - this allows for giving people access to subforums but not the parent forum without the need to add the (sub-)forum to the index.
- some additional bugfixes
git-svn-id: file:///svn/phpbb/trunk@6414 89ea8834-ac86-4346-8a33-228a782c2dd0
- changed attachment handling a bit
- tried to remove target tags out of the code
- do not add session ids to urls for bots as well as not creating a new session on each page view for them
I bet i introduced some bugs too. ;)
git-svn-id: file:///svn/phpbb/trunk@6364 89ea8834-ac86-4346-8a33-228a782c2dd0
- added forum icon in front of forums in permissions acp
- added trace permissions in permission masks (thanks naderman for writing the first code and for the idea... :))
- some bugfixes
- PHP6 fix
git-svn-id: file:///svn/phpbb/trunk@5824 89ea8834-ac86-4346-8a33-228a782c2dd0
- added new feature: test out others permissions (admin permissions will not be copied)
- changed attachment processing by directly using the template engine
- fixed some attachment related bugs
- additional tiny fixes
git-svn-id: file:///svn/phpbb/trunk@5790 89ea8834-ac86-4346-8a33-228a782c2dd0
- fix a bunch of bugs
- <!-- $Id$ --> is no longer allowed in template (.html) files
- changed layout of private message screens (folders are menu items)
- removed unread mode for private messages
- added new feature to template engine - "jump out of loop" or "loop another loop within my loop" :D (will be documented within the coding guidelines)
- added autologin field to sessions
- check session length checks
- added add_log statement to sessions to track session valid to invalid changes if ip/browser change depending on config settings (only debug)
- added multibyte support for various variables (exception at the moment is usernames which needs some discussion)
- hopefully not broke something. :/
git-svn-id: file:///svn/phpbb/trunk@5765 89ea8834-ac86-4346-8a33-228a782c2dd0
- use getenv instead of $_ENV (with $_ENV the case could be wrong)
- permission fixes (there was a bug arising with getting permission flags - re-added them and handled roles deletion differently)
- implemented max login attempts
- changed the expected return parameters for logins/sessions
- added acp page for editing report/denial reasons
- other fixes here and there
git-svn-id: file:///svn/phpbb/trunk@5622 89ea8834-ac86-4346-8a33-228a782c2dd0
