When a non-fatal error occurs at the beginning of the script before any custom
error handler is set one of two situations can be encountered:
1) if the ini option output buffer is disabled:
- headers are sent to the http client
- the error message is output
2) if the ini option output_buffer is enabled or the script
is run within an ob_start()/ob_end() wrapper:
- the error message is written to the output buffer
Once the script reaches page_header() phpbb starts gzip compression if enabled.
This is done through ob_start with a ob_gzhandler as a callback. The
compression is skipped if headers have already been sent. In situation 1) the
error message sent in plain text comes with headers and this gzip compression
is skipped. The client receives a plaintext version of the page. However in
situation 2) headers have not been sent yet and the rest of the page will be
compressed. The result is a plaintext error message followed by compressed
output. The client does not understand this output resulting in either an
error message or simply a blank page in the browser.
In addition to the above situation this problem occurs with errors that are
triggered after the custom error handler is loaded. The problem has been
noticed before, and a workaround was found. The error handler would call
ob_flush() for particular configuration settings before outputting the error
message. This resulted in headers being sent when output buffering was enabled
thus disabling gzip compression for the rest of the page. The constraints under
which ob_flush() was called were lessened over time whenever a new case was
found that would trigger this problem. Eventually ob_flush() would be called
even when code causing an E_NOTICE was simply run within an ob_start/ob_end.
This makes it impossible to use output buffering to retrieve the content of an
error message without prohibiting the page from setting headers afterwards.
This commit removes all flushing in msg_handler completely and instead fixes
the problem for both errors before and after the error handler is registered.
GZIP compression is only enabled if there is at most one level of output
buffering (e.g. the output_buffer php.ini option is enabled) and if there has
not yet been any output in this buffer. This should avoid any partial output
compression.
PHPBB3-10188
* develop-olympus:
[ticket/10218] Prevent startime from being overwritten by deregister_globals()
[ticket/10218] Moving global deregistration, etc. to startup.php
Conflicts:
phpBB/install/database_update.php
* prep-release-3.0.9:
[ticket/10218] Prevent startime from being overwritten by deregister_globals()
[ticket/10218] Moving global deregistration, etc. to startup.php
Conflicts:
phpBB/install/database_update.php
* Marshalrusty/ticket/10218:
[ticket/10218] Prevent startime from being overwritten by deregister_globals()
[ticket/10218] Moving global deregistration, etc. to startup.php
Removes the semicolon at end of oracle CREATE TABLE queries and adds a
semicolon to the end of a SELECT query inside of the trigger for a new
table's auto increment column before the end keyword
PHPBB3-10214
* develop-olympus:
[ticket/9892] Correct copyright year
[ticket/9892] Remove incorrect use of camel case
[ticket/9892] Removing closing php tag from create_schema_files
[ticket/9892] Transaction support for database update sql execution function
[ticket/9892] count is a keyword in firebird, so renaming this alias
[ticket/9892] Q&A CAPTCHA did not work on firebird, so no need to change config
[ticket/9892] Shorten login_attempt key names to avoid firebird length problems
[ticket/9892] Drop Q&A CAPTCHA tables if left in inconsistent state
[ticket/9892] Adding a number of tests for db_tools
[ticket/9892] Table prefix lengths influence index lengths in db_tools
[ticket/9892] Shorten the index names on the q&a captcha
[ticket/9892] column & index name limits, firebird auto increment in db_tools
Conflicts:
phpBB/develop/create_schema_files.php
- Column names are limited to 30 characters
- Index names are limited to 31 characters.
On some dbms the index name contains both table name and actual index name
so the limit applies to the sum of the lenghts of table name and index name.
- Auto incremented column names are limited to 26 characters to provide an
additional 4 characters for sequence names
The code for firebird auto increment support using generators/sequences with
triggers was copied from create_schema_files.php
PHPBB3-9892
* develop-olympus:
[ticket/9992] Clarify explanations of ip and account limits on login
[ticket/9992] Add a comma to language for IP_LOGIN_LIMIT_MAX_EXPLAIN
[ticket/9992] Use sql_fetchfield for single row and single column result
[ticket/9992] Adding a limit on login attempts per IP.
[ticket/9992] Make sql_create_table and sql_table_exists available in updater
* naderman/ticket/9992:
[ticket/9992] Clarify explanations of ip and account limits on login
[ticket/9992] Add a comma to language for IP_LOGIN_LIMIT_MAX_EXPLAIN
[ticket/9992] Use sql_fetchfield for single row and single column result
[ticket/9992] Adding a limit on login attempts per IP.
[ticket/9992] Make sql_create_table and sql_table_exists available in updater
A new table was created to save all failed login attempts with
corresponding information on username, ip and useragent. By default
the limit is 50 login attempts within 6 hours per IP. The limit is
relatively high to avoid big problems on sites behind a reverse
proxy that don't receive the forwarded-for value as REMOTE_ADDR but
see all users as coming from the same IP address. But if these
users run into problems a special forwarded-for option is available
to limit logins by forwarded-for value instead of ip.
PHPBB3-9992
* develop-olympus:
[ticket/10198] range validation for strings should limit characters not bytes
[ticket/10198] validate_config_vars() improperly validates multibyte strings
Conflicts:
phpBB/adm/index.php
* develop-olympus:
[ticket/9802] Remove unnecessary htmlspecialchars() call on REMOTE_ADDR.
[ticket/9802] Only check for IPv4-mapped address when address is IPv6.
[ticket/9802] Fix tiny logic bug in loop determining REMOTE_ADDR.
[ticket/9802] Remove redundant character class definition from preg_replace.
[ticket/9802] Fix redundant str_replace call. No need to replace ' ' with ' '.
Conflicts:
phpBB/includes/session.php
* ticket/bantu/9802:
[ticket/9802] Remove unnecessary htmlspecialchars() call on REMOTE_ADDR.
[ticket/9802] Only check for IPv4-mapped address when address is IPv6.
[ticket/9802] Fix tiny logic bug in loop determining REMOTE_ADDR.
[ticket/9802] Remove redundant character class definition from preg_replace.
[ticket/9802] Fix redundant str_replace call. No need to replace ' ' with ' '.
* develop-olympus:
[ticket/6712] Properly explain result of setting the bump interval to 0.
[ticket/6712] Add phpbb_ function name prefix, more docs, rename current_time
[ticket/6712] Pass $post_data by the value instead of by the reference.
[ticket/6712] Bump does not create new topic icon on index.
Conflicts:
phpBB/includes/functions_posting.php
* ticket/rxu/6712:
[ticket/6712] Properly explain result of setting the bump interval to 0.
[ticket/6712] Add phpbb_ function name prefix, more docs, rename current_time
[ticket/6712] Pass $post_data by the value instead of by the reference.
[ticket/6712] Bump does not create new topic icon on index.
* develop-olympus:
[ticket/217] Use positive assertions in tests.
[ticket/217] Silence errors in tests, not code.
[ticket/217] Use positive parameter statement for bbcode_init()
[ticket/217] Adjust patch, add tests
[ticket/217] Multiline [url] not converted
* ticket/rxu/217:
[ticket/217] Use positive assertions in tests.
[ticket/217] Silence errors in tests, not code.
[ticket/217] Use positive parameter statement for bbcode_init()
[ticket/217] Adjust patch, add tests
[ticket/217] Multiline [url] not converted
* naderman/ticket/7057:
[ticket/7057] Use GET for quicksearch and add session id to hidden fields
[ticket/7057] Remove trailing whitespace in functions.php
* develop-olympus:
[ticket/8138] Add autocomplete="off" to acp_board and ldap settings
[ticket/8138] Add autocomplete="off" to a user and forum ACP.
Conflicts:
phpBB/adm/index.php
