This will further harden the ACP security by adding link hashes to links and
form tokens to forms that did not have these yet and result in modified
settings or write action on the filesystem or database. These few links and
forms were still relying on the global ACP protection, mainly due to them
not posing further risks of compromising data. After this change these will
now also be properly protected against tampering.
PHPBB3-14789
* There MUST NOT be trailing whitespace at the end of lines.
* There MUST NOT be whitespace before the first content of a file.
* There MUST NOT be whitespace after the last content of a file.
* Functions MUST NOT contain multiple empty lines in a row.
PHPBB3-12458
Closing tags converted using Oleg's script.
remove-php-end-tags.py -a .
Trailing newlines added using the following where $ext is file extension.
find . -type f -name "*.$ext" -print | xargs printf "e %s\nw\n" | ed -s;
Extensions: php, css, html, js, xml.
PHPBB3-9556
super globals
- disabled super globals in common.php. See commit r9101 for
more information
- cleaned up/simplified a few lines along the way.
git-svn-id: file:///svn/phpbb/trunk@9102 89ea8834-ac86-4346-8a33-228a782c2dd0
Changes:
- Ascraeus now uses constants for the phpbb root path and the php extension. This ensures more security for external applications and modifications (no more overwriting of root path and extension possible through insecure mods and register globals enabled) as well as no more globalizing needed.
- A second change implemented here is an additional short-hand-notation for append_sid(). It is allowed to omit the root path and extension now (for example calling append_sid('memberlist')) - in this case the root path and extension get added automatically. The hook is called after these are added.
git-svn-id: file:///svn/phpbb/trunk@8572 89ea8834-ac86-4346-8a33-228a782c2dd0
- changed the way make_forum_select() is returning the forum list - now including skipped forums but being disabled. This should make identifying the correct forum much more easier.
- Changed some permission namings based on suggestions by the community
- Tried to comply to the permission field ordering within the language files while displaying permission sets. Hopefully it's worth the additional processing time.
- Disable submit buttons after clicking for installation and conversions.
git-svn-id: file:///svn/phpbb/trunk@6930 89ea8834-ac86-4346-8a33-228a782c2dd0
- removing utf8 characters from email files (has been discussed internally, you guys know why)
- making sure some opendir calls are checked before calling readdir.
git-svn-id: file:///svn/phpbb/trunk@6912 89ea8834-ac86-4346-8a33-228a782c2dd0
- finally allow custom permission settings files (in acp/ as well as in mods/)
git-svn-id: file:///svn/phpbb/trunk@6539 89ea8834-ac86-4346-8a33-228a782c2dd0
- using E_USER_WARNING if an error occurred within the ACP (sadly not able to use it as a default for trigger_error - it seems to be hardcoded in PHP)
git-svn-id: file:///svn/phpbb/trunk@6320 89ea8834-ac86-4346-8a33-228a782c2dd0
