mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-02-20 08:05:19 +01:00
Code Issues Releases Wiki Activity
php-phpbb/phpBB/style.php
Vjacheslav Trushkin 1842323ca9 [ticket/10399] Correctly encoding template component urls (3.0) 
Changes in style.php

PHPBB3-10399
2011-12-04 11:43:55 +02:00

293 lines
8.0 KiB
PHP
Raw Blame History

<?php
/**
*
* @package phpBB3
* @version $Id$
* @copyright (c) 2005 phpBB Group
* @license http://opensource.org/licenses/gpl-license.php GNU Public License
*
*/
/**
* @ignore
*/
define('IN_PHPBB', true);
$phpbb_root_path = (defined('PHPBB_ROOT_PATH')) ? PHPBB_ROOT_PATH : './';
$phpEx = substr(strrchr(__FILE__, '.'), 1);
require($phpbb_root_path . 'includes/startup.' . $phpEx);
require($phpbb_root_path . 'config.' . $phpEx);
if (!defined('PHPBB_INSTALLED') || empty($dbms) || empty($acm_type))
{
exit;
}
// Load Extensions
if (!empty($load_extensions) && function_exists('dl'))
{
$load_extensions = explode(',', $load_extensions);
foreach ($load_extensions as $extension)
{
@dl(trim($extension));
}
}
$id = (isset($_GET['id'])) ? intval($_GET['id']) : 0;
// This is a simple script to grab and output the requested CSS data stored in the DB
// We include a session_id check to try and limit 3rd party linking ... unless they
// happen to have a current session it will output nothing. We will also cache the
// resulting CSS data for five minutes ... anything to reduce the load on the SQL
// server a little
if ($id)
{
// Include files
require($phpbb_root_path . 'includes/acm/acm_' . $acm_type . '.' . $phpEx);
require($phpbb_root_path . 'includes/cache.' . $phpEx);
require($phpbb_root_path . 'includes/db/' . $dbms . '.' . $phpEx);
require($phpbb_root_path . 'includes/constants.' . $phpEx);
require($phpbb_root_path . 'includes/functions.' . $phpEx);
$db = new $sql_db();
$cache = new cache();
// Connect to DB
if (!@$db->sql_connect($dbhost, $dbuser, $dbpasswd, $dbname, $dbport, false, false))
{
exit;
}
unset($dbpasswd);
$config = $cache->obtain_config();
$user = false;
// try to get a session ID from REQUEST array
$sid = request_var('sid', '');
if (!$sid)
{
// if that failed, then look in the cookies
$sid = request_var($config['cookie_name'] . '_sid', '', false, true);
}
if (strspn($sid, 'abcdefABCDEF0123456789') !== strlen($sid))
{
$sid = '';
}
if ($sid)
{
$sql = 'SELECT u.user_id, u.user_lang
FROM ' . SESSIONS_TABLE . ' s, ' . USERS_TABLE . " u
WHERE s.session_id = '" . $db->sql_escape($sid) . "'
AND s.session_user_id = u.user_id";
$result = $db->sql_query($sql);
$user = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
}
$recompile = $config['load_tplcompile'];
if (!$user)
{
$id = ($id) ? $id : $config['default_style'];
// Commented out because calls do not always include the SID anymore
// $recompile = false;
$user = array('user_id' => ANONYMOUS);
}
$sql = 'SELECT s.style_id, c.theme_id, c.theme_data, c.theme_path, c.theme_name, c.theme_mtime, i.*, t.template_path
FROM ' . STYLES_TABLE . ' s, ' . STYLES_TEMPLATE_TABLE . ' t, ' . STYLES_THEME_TABLE . ' c, ' . STYLES_IMAGESET_TABLE . ' i
WHERE s.style_id = ' . $id . '
AND t.template_id = s.template_id
AND c.theme_id = s.theme_id
AND i.imageset_id = s.imageset_id';
$result = $db->sql_query($sql, 300);
$theme = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
if (!$theme)
{
exit;
}
if ($user['user_id'] == ANONYMOUS)
{
$user['user_lang'] = $config['default_lang'];
}
$user_image_lang = (file_exists($phpbb_root_path . 'styles/' . $theme['imageset_path'] . '/imageset/' . $user['user_lang'])) ? $user['user_lang'] : $config['default_lang'];
// Same query in session.php
$sql = 'SELECT *
FROM ' . STYLES_IMAGESET_DATA_TABLE . '
WHERE imageset_id = ' . $theme['imageset_id'] . "
AND image_filename <> ''
AND image_lang IN ('" . $db->sql_escape($user_image_lang) . "', '')";
$result = $db->sql_query($sql, 3600);
$img_array = array();
while ($row = $db->sql_fetchrow($result))
{
$img_array[$row['image_name']] = $row;
}
$db->sql_freeresult($result);
// gzip_compression
if ($config['gzip_compress'])
{
// IE6 is not able to compress the style (do not ask us why!)
$browser = (!empty($_SERVER['HTTP_USER_AGENT'])) ? strtolower(htmlspecialchars((string) $_SERVER['HTTP_USER_AGENT'])) : '';
if ($browser && strpos($browser, 'msie 6.0') === false && @extension_loaded('zlib') && !headers_sent())
{
ob_start('ob_gzhandler');
}
}
// Expire time of seven days if not recached
$expire_time = 7*86400;
$recache = false;
// Re-cache stylesheet data if necessary
if ($recompile || empty($theme['theme_data']))
{
$recache = (empty($theme['theme_data'])) ? true : false;
$update_time = time();
// We test for stylesheet.css because it is faster and most likely the only file changed on common themes
if (!$recache && $theme['theme_mtime'] < @filemtime("{$phpbb_root_path}styles/" . $theme['theme_path'] . '/theme/stylesheet.css'))
{
$recache = true;
$update_time = @filemtime("{$phpbb_root_path}styles/" . $theme['theme_path'] . '/theme/stylesheet.css');
}
else if (!$recache)
{
$last_change = $theme['theme_mtime'];
$dir = @opendir("{$phpbb_root_path}styles/{$theme['theme_path']}/theme");
if ($dir)
{
while (($entry = readdir($dir)) !== false)
{
if (substr(strrchr($entry, '.'), 1) == 'css' && $last_change < @filemtime("{$phpbb_root_path}styles/{$theme['theme_path']}/theme/{$entry}"))
{
$recache = true;
break;
}
}
closedir($dir);
}
}
}
if ($recache)
{
include_once($phpbb_root_path . 'includes/acp/acp_styles.' . $phpEx);
$theme['theme_data'] = acp_styles::db_theme_data($theme);
$theme['theme_mtime'] = $update_time;
// Save CSS contents
$sql_ary = array(
'theme_mtime' => $theme['theme_mtime'],
'theme_data' => $theme['theme_data']
);
$sql = 'UPDATE ' . STYLES_THEME_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $sql_ary) . "
WHERE theme_id = {$theme['theme_id']}";
$db->sql_query($sql);
$cache->destroy('sql', STYLES_THEME_TABLE);
}
// Only set the expire time if the theme changed data is older than 30 minutes - to cope with changes from the ACP
if ($recache || $theme['theme_mtime'] > (time() - 1800))
{
header('Expires: 0');
}
else
{
header('Expires: ' . gmdate('D, d M Y H:i:s \G\M\T', time() + $expire_time));
}
header('Content-type: text/css; charset=UTF-8');
// Parse Theme Data
$replace = array(
'{T_THEME_PATH}' => "{$phpbb_root_path}styles/" . rawurlencode($theme['theme_path']) . '/theme',
'{T_TEMPLATE_PATH}' => "{$phpbb_root_path}styles/" . rawurlencode($theme['template_path']) . '/template',
'{T_IMAGESET_PATH}' => "{$phpbb_root_path}styles/" . rawurlencode($theme['imageset_path']) . '/imageset',
'{T_IMAGESET_LANG_PATH}' => "{$phpbb_root_path}styles/" . rawurlencode($theme['imageset_path']) . '/imageset/' . $user_image_lang,
'{T_STYLESHEET_NAME}' => $theme['theme_name'],
'{S_USER_LANG}' => $user['user_lang']
);
$theme['theme_data'] = str_replace(array_keys($replace), array_values($replace), $theme['theme_data']);
$matches = array();
preg_match_all('#\{IMG_([A-Za-z0-9_]*?)_(WIDTH|HEIGHT|SRC)\}#', $theme['theme_data'], $matches);
$imgs = $find = $replace = array();
if (isset($matches[0]) && sizeof($matches[0]))
{
foreach ($matches[1] as $i => $img)
{
$img = strtolower($img);
$find[] = $matches[0][$i];
if (!isset($img_array[$img]))
{
$replace[] = '';
continue;
}
if (!isset($imgs[$img]))
{
$img_data = &$img_array[$img];
$imgsrc = ($img_data['image_lang'] ? $img_data['image_lang'] . '/' : '') . $img_data['image_filename'];
$imgs[$img] = array(
'src' => $phpbb_root_path . 'styles/' . rawurlencode($theme['imageset_path']) . '/imageset/' . $imgsrc,
'width' => $img_data['image_width'],
'height' => $img_data['image_height'],
);
}
switch ($matches[2][$i])
{
case 'SRC':
$replace[] = $imgs[$img]['src'];
break;
case 'WIDTH':
$replace[] = $imgs[$img]['width'];
break;
case 'HEIGHT':
$replace[] = $imgs[$img]['height'];
break;
default:
continue;
}
}
if (sizeof($find))
{
$theme['theme_data'] = str_replace($find, $replace, $theme['theme_data']);
}
}
echo $theme['theme_data'];
if (!empty($cache))
{
$cache->unload();
}
$db->sql_close();
}
exit;
?>
Reference in New Issue View Git Blame Copy Permalink