* prep-release-3.0.8:
[prep-release-3.0.8] Incrementing version number to 3.0.8 and update changelog
[ticket/9903] Script for detecting potentially malicious flash bbcodes
[ticket/9904] Update WebPI Parameters.xml to work with WebMatrix.
[ticket/9903] Fix XSS in BBcode-parser's Flash-BBcode.
Conflicts:
phpBB/includes/constants.php
phpBB/install/database_update.php
phpBB/install/schemas/schema_data.sql
Fix a regression introduced by 58dc5a191c0203ea6d98c37df26b0830b3bf8203.
The problem is that $user->add_lang() includes language strings from the board
root folder instead of the update folder. Because the database updater is run
first, the root folder files have not been upgrade yet. Thus, the language
strings we're looking for cannot be found.
Since the language strings we are looking for have been moved from the
install.php language file to acp/attachments.php it should be possible to
always find them in either file. When there is an acp/attachments.php file in
the update package, it can also be used.
We now also loop through all the installed languages as well, because the board
could have been installed in a language other than the admin's current
language.
PHPBB3-9885
PHPBB3-7717
* ticket/bantu/9167:
[ticket/9167] Detect and remove any dead left over shadow topics on update.
[ticket/9167] Remove shadow topics from remaining forums when deleting a forum
Conflicts:
phpBB/install/database_update.php
The modules were grouped by left_id so num_modules is always one (hopefully), but the number of rows is the actual value we'd like to know. Removing the GROUP BY resolves the issue.
PHPBB3-9628
If you are using SQL Server, please try to test this new dbal so we can safely include it in 3.0.8. If you
want to try it on a current phpBB version you can apply the latest version of the patch to your board which
you can find attached to the bug tracker ticket (look in the comments for the latest version, the one in the
ticket itself is outdated): http://www.phpbb.com/bugs/phpbb3/ticket.php?ticket_id=57055
git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@10489 89ea8834-ac86-4346-8a33-228a782c2dd0
To explain what this is about, first a short phpBB code history lesson: ;-)
r9823 originally introduced the usage of our template class for emails. The
messenger class uses set_custom_template() to initialise the template object
which neither disables storedb nor inheritance. These two values are set in
$user->theme rather than inside a particular template instance (quite a design
failure if I may add). Thus the html page that is displayed to the user also
determines these settings for the email templates. This obviously causes
problems because both emails and other custom templates can quite simply not
be stored in the database because the db table only stores the filename, not
the path and requires a template id.
r9839 then generally disabled storedb and template inheritance for custom
templates to fix Bug #40515. This works for custom templates, but not for
emails where lots of template objects are created. In such a situation the
last call to set(_custom)_template() would now determine the values of storedb
and inheritance in _tpl_load. So any page sending emails would neither load
its template from the database nor use template inheritance. The same revision
also introduced orig_tpl_* variables in set_template() which on their own are
very much pointless, but could allow resetting the storedb and inheritance
values if they were used to reset $user->theme just before template execution
in _tpl_load.
In r10150 these orig_tpl_* variables are correctly used to access information
about the template of the page being displayed - contrary to the last template
used - from within the bbcode, fixing Bug #51285. However r10150 also introduces
a pointless $template_mode parameter for set_custom_template(). $template_mode
is really just a boolean flag (value you can be 'template' or an arbitrary other
value) that if it set circumvents the unsetting of storedb and template
inheritance. The very code that had been added to prevent issues with emails and
custom templates. Fixing the problem introduced by r8839 but at the same time
reintroducing the much greater problem from the original implementation of email
templates.
And now an explanation of what I did:
Based on this I have now changed the set_custom_template method to always
disable storedb. It can now properly use inheritance, you simply tell it the
path where the parent template can be found, by default the path is false which
will turn inheritance off. To make this work the template class now always
overwrites $user->theme storedb and inheritance variabbles with orig_tpl_* just
before rendering a template in _tpl_load. This way they are guaranteed to always
contain the value they had at the time set_template/set_custom_template were
called. This fixes [Bug #54505].
In summary, using global state is simply a horrible idea in object oriented
programming. Always Pass values, that an object depends on, as parameters - never
through magic global variables. Following this principle will safe you from a lot
of headaches.
Please test this patch as much as possible to make sure templates still work
properly for you, focus on multiple languages, missing language files, and
custom templates in systems that make use of the template class outside of
phpBB itself.
git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@10460 89ea8834-ac86-4346-8a33-228a782c2dd0
