This will further harden the ACP security by adding link hashes to links and
form tokens to forms that did not have these yet and result in modified
settings or write action on the filesystem or database. These few links and
forms were still relying on the global ACP protection, mainly due to them
not posing further risks of compromising data. After this change these will
now also be properly protected against tampering.
PHPBB3-14789
using keyword_search method instead of get_name to distinguish between the
search backend classes present in includes/search and other helper classes.
PHPBB3-10946
I added two function avatar_explanation_string() and avatar_error_wrong_size()
for easier handling of the "pixels"-languages, as they are used quite often.
PHPBB3-10345
Search backends are now required to be autoloadable. The database updater to
3.1 tries to guess the class name as phpbb_search_<oldname> which works for
the default backends we ship.
PHPBB3-10323
To have a generic solution there is now a sql_buffer_nested_transaction()
which indicates that the given SQL driver requires buffering to run a
transaction while iterating over another result set.
PHPBB3-9685
* feature/igorw/request-class:
[feature/request-class] Convert some remaining cookies
[feature/request-class] Adjust misleading comment
[feature/request-class] Remove direct access to _REQUEST in acp_search
[feature/request-class] Special case of direct access to _REQUEST
Closing tags converted using Oleg's script.
remove-php-end-tags.py -a .
Trailing newlines added using the following where $ext is file extension.
find . -type f -name "*.$ext" -print | xargs printf "e %s\nw\n" | ed -s;
Extensions: php, css, html, js, xml.
PHPBB3-9556
super globals
- disabled super globals in common.php. See commit r9101 for
more information
- cleaned up/simplified a few lines along the way.
git-svn-id: file:///svn/phpbb/trunk@9102 89ea8834-ac86-4346-8a33-228a782c2dd0
Changes:
- Ascraeus now uses constants for the phpbb root path and the php extension. This ensures more security for external applications and modifications (no more overwriting of root path and extension possible through insecure mods and register globals enabled) as well as no more globalizing needed.
- A second change implemented here is an additional short-hand-notation for append_sid(). It is allowed to omit the root path and extension now (for example calling append_sid('memberlist')) - in this case the root path and extension get added automatically. The hook is called after these are added.
git-svn-id: file:///svn/phpbb/trunk@8572 89ea8834-ac86-4346-8a33-228a782c2dd0
