Menu
▾
▴
[mxbb-commits] core/includes/sessions/phpbb3 constants.php, 1.6, 1.7 session.php, 1.48, 1.49
|
From: Florin C B. <ory...@us...> - 2013-06-05 14:06:31
|
Update of /cvsroot/mxbb/core/includes/sessions/phpbb3 In directory sfp-cvs-1.v30.ch3.sourceforge.com:/tmp/cvs-serv28990/includes/sessions/phpbb3 Modified Files: constants.php session.php Log Message: updates for phpBB3 backend and subsilver2 style Index: constants.php =================================================================== RCS file: /cvsroot/mxbb/core/includes/sessions/phpbb3/constants.php,v retrieving revision 1.6 retrieving revision 1.7 diff -C2 -d -r1.6 -r1.7 *** constants.php 23 Apr 2010 19:39:53 -0000 1.6 --- constants.php 5 Jun 2013 14:05:59 -0000 1.7 *************** *** 235,237 **** --- 235,241 ---- // Additional tables + // Additional constants + @define('INHERIT_LANG_NONE', 0); + @define('INHERIT_LANG_EN', 1); + @define('INHERIT_LANG_DEFAULT', 2); ?> \ No newline at end of file Index: session.php =================================================================== RCS file: /cvsroot/mxbb/core/includes/sessions/phpbb3/session.php,v retrieving revision 1.48 retrieving revision 1.49 diff -C2 -d -r1.48 -r1.49 *** session.php 18 Apr 2013 01:56:40 -0000 1.48 --- session.php 5 Jun 2013 14:05:59 -0000 1.49 *************** *** 235,239 **** --- 235,241 ---- $this->update_session_page = $update_session_page; $this->browser = (!empty($_SERVER['HTTP_USER_AGENT'])) ? htmlspecialchars((string) $_SERVER['HTTP_USER_AGENT']) : ''; + $this->referer = (!empty($_SERVER['HTTP_REFERER'])) ? htmlspecialchars((string) $_SERVER['HTTP_REFERER']) : ''; $this->forwarded_for = (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) ? (string) $_SERVER['HTTP_X_FORWARDED_FOR'] : ''; + $this->host = (!empty($_SERVER['HTTP_HOST'])) ? (string) $_SERVER['HTTP_HOST'] : 'localhost'; $this->page = $this->extract_current_page($phpbb_root_path); *************** *** 242,255 **** if ($board_config['forwarded_for_check']) { ! $this->forwarded_for = preg_replace('#, +#', ', ', $this->forwarded_for); // Whoa these look impressive! // The code to generate the following two regular expressions which match valid IPv4/IPv6 addresses // can be found in the develop directory ! $ipv4 = '#^(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])$#'; ! $ipv6 = '#^(?:(?:(?:[\dA-F]{1,4}:){6}(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:::(?:[\dA-F]{1,4}:){5}(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:):(?:[\dA-F]{1,4}:){4}(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,2}:(?:[\dA-F]{1,4}:){3}(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,3}:(?:[\dA-F]{1,4}:){2}(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,4}:(?:[\dA-F]{1,4}:)(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,5}:(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,6}:[\dA-F]{1,4})|(?:(?:[\dA-F]{1,4}:){1,7}:))$#i'; ! // split the list of IPs ! $ips = explode(', ', $this->forwarded_for); foreach ($ips as $ip) { --- 244,257 ---- if ($board_config['forwarded_for_check']) { ! $this->forwarded_for = preg_replace('#[ ]{2,}#', ' ', str_replace(array(',', ' '), ' ', $this->forwarded_for)); // Whoa these look impressive! // The code to generate the following two regular expressions which match valid IPv4/IPv6 addresses // can be found in the develop directory ! $ipv4 = phpBB3::get_preg_expression('ipv4'); //'#^(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])$#'; ! $ipv6 = phpBB3::get_preg_expression('ipv6'); //'#^(?:(?:(?:[\dA-F]{1,4}:){6}(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:::(?:[\dA-F]{1,4}:){5}(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:):(?:[\dA-F]{1,4}:){4}(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,2}:(?:[\dA-F]{1,4}:){3}(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,3}:(?:[\dA-F]{1,4}:){2}(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,4}:(?:[\dA-F]{1,4}:)(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,5}:(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,6}:[\dA-F]{1,4})|(?:(?:[\dA-F]{1,4}:){1,7}:))$#i'; ! // split the list of IPs ! $ips = explode(' ', $this->forwarded_for); foreach ($ips as $ip) { *************** *** 263,267 **** } } ! // Add forum to the page for tracking online users - also adding a "x" to the end to properly identify the number $this->page['page'] .= (isset($_REQUEST['f'])) ? ((strpos($this->page['page'], '?') !== false) ? '&' : '?') . '_f_=' . (int) $_REQUEST['f'] . 'x' : ''; --- 265,273 ---- } } ! else ! { ! $this->forwarded_for = ''; ! } ! // Add forum to the page for tracking online users - also adding a "x" to the end to properly identify the number $this->page['page'] .= (isset($_REQUEST['f'])) ? ((strpos($this->page['page'], '?') !== false) ? '&' : '?') . '_f_=' . (int) $_REQUEST['f'] . 'x' : ''; *************** *** 295,298 **** --- 301,336 ---- // it's pretty clear that in the majority of cases you'll at least be left with a proxy/cache ip. $this->ip = (!empty($_SERVER['REMOTE_ADDR'])) ? htmlspecialchars($_SERVER['REMOTE_ADDR']) : ''; + $this->ip = preg_replace('#[ ]{2,}#', ' ', str_replace(array(',', ' '), ' ', $this->ip)); + + // split the list of IPs + $ips = explode(' ', $this->ip); + + // Default IP if REMOTE_ADDR is invalid + $this->ip = '127.0.0.1'; + + foreach ($ips as $ip) + { + // check IPv4 first, the IPv6 is hopefully only going to be used very seldomly + if (!empty($ip) && !preg_match(phpBB3::get_preg_expression('ipv4'), $ip) && !preg_match(phpBB3::get_preg_expression('ipv6'), $ip)) + { + // Just break + break; + } + + // Quick check for IPv4-mapped address in IPv6 + if (stripos($ip, '::ffff:') === 0) + { + $ipv4 = substr($ip, 7); + + if (preg_match(phpBB3::get_preg_expression('ipv4'), $ipv4)) + { + $ip = $ipv4; + } + } + + // Use the last in chain + $this->ip = $ip; + } + $this->load = false; *************** *** 346,350 **** --- 384,399 ---- $s_forwarded_for = ($board_config['forwarded_for_check']) ? substr($this->data['session_forwarded_for'], 0, 254) : ''; $u_forwarded_for = ($board_config['forwarded_for_check']) ? substr($this->forwarded_for, 0, 254) : ''; + + // referer checks + // The @ before $config['referer_validation'] suppresses notices present while running the updater + $check_referer_path = (@$board_config['referer_validation'] == REFERER_VALIDATE_PATH); + $referer_valid = true; + // we assume HEAD and TRACE to be foul play and thus only whitelist GET + if (@$board_config['referer_validation'] && isset($_SERVER['REQUEST_METHOD']) && strtolower($_SERVER['REQUEST_METHOD']) !== 'get') + { + $referer_valid = $this->validate_referer($check_referer_path); + } + if ($u_ip === $s_ip && $s_browser === $u_browser && $s_forwarded_for === $u_forwarded_for) { *************** *** 398,406 **** { $sql_ary['session_page'] = substr($this->page['page'], 0, 199); } $sql = 'UPDATE ' . SESSIONS_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $sql_ary) . " WHERE session_id = '" . $db->sql_escape($this->session_id) . "'"; ! $db->sql_query($sql); } --- 447,476 ---- { $sql_ary['session_page'] = substr($this->page['page'], 0, 199); + $sql_ary['session_forum_id'] = $this->page['forum']; //Added for phpBB 3.0.2 by Ory } + $db->sql_return_on_error(true); + $sql = 'UPDATE ' . SESSIONS_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $sql_ary) . " WHERE session_id = '" . $db->sql_escape($this->session_id) . "'"; ! $result = $db->sql_query($sql); ! ! $db->sql_return_on_error(false); ! ! // If the database is not yet updated, there will be an error due to the session_forum_id ! // @todo REMOVE for 3.0.2 ! if ($result === false) ! { ! unset($sql_ary['session_forum_id']); ! ! $sql = 'UPDATE ' . SESSIONS_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $sql_ary) . " ! WHERE session_id = '" . $db->sql_escape($this->session_id) . "'"; ! $db->sql_query($sql); ! } ! ! if ($this->data['user_id'] != ANONYMOUS && !empty($board_config['new_member_post_limit']) && $this->data['user_new'] && $board_config['new_member_post_limit'] <= $this->data['user_posts']) ! { ! $this->leave_newly_registered(); ! } } *************** *** 417,421 **** if (defined('DEBUG_EXTRA') && $this->data['user_id'] != ANONYMOUS) { ! mx_add_log('critical', 'LOG_IP_BROWSER_FORWARDED_CHECK', $u_ip, $s_ip, $u_browser, $s_browser, htmlspecialchars($u_forwarded_for), htmlspecialchars($s_forwarded_for)); } } --- 487,498 ---- if (defined('DEBUG_EXTRA') && $this->data['user_id'] != ANONYMOUS) { ! if ($referer_valid) ! { ! mx_add_log('critical', 'LOG_IP_BROWSER_FORWARDED_CHECK', $u_ip, $s_ip, $u_browser, $s_browser, htmlspecialchars($u_forwarded_for), htmlspecialchars($s_forwarded_for)); ! } ! else ! { ! mx_add_log('critical', 'LOG_REFERER_INVALID', $this->referer); ! } } } *************** *** 677,680 **** --- 754,758 ---- 'session_admin' => ($set_admin) ? 1 : 0, 'session_viewonline' => ($viewonline) ? 1 : 0, + 'session_lang' => (string) $this->lang_name, ); *************** *** 785,789 **** $method($this->data, $new_session); } ! if ($this->data['user_id'] != ANONYMOUS) { --- 863,867 ---- $method($this->data, $new_session); } ! //else if ($this->data['user_id'] != ANONYMOUS) { *************** *** 1287,1290 **** --- 1365,1424 ---- global $mx_request_vars, $portal_config; //added for mxp global $lang; //added for mxp + + $session_lang = ''; + + //Added here for reference and future implementation of a lang block in mx_coreblocks were board_config can be taken from portal_config + if ($board_config['lang_select_enable'] || $board_config['lang_click_enable']) + { + $session_lang_save = phpBB3::request_var('session_lang_save', false); + if (isset($session_lang_save) && $session_lang_save && $this->data['session_lang']) + { + $sql = 'UPDATE ' . USERS_TABLE . " + SET user_lang = '" . $this->data['session_lang'] . "' + WHERE user_id = " . $this->data['user_id']; + $db->sql_query($sql); + } + + $session_lang_reset = phpBB3::request_var('session_lang_reset', false); + if (isset($session_lang_reset) && $session_lang_reset) + { + $session_lang = ''; + } + else + { + $session_lang = phpBB3::request_var('session_lang', ''); + } + + if ((isset($session_lang) && $session_lang) || $session_lang_reset) + { + $sql = 'UPDATE ' . SESSIONS_TABLE . " + SET session_lang = '" . $session_lang . "' + WHERE session_id = '" . $this->session_id . "'"; + $db->sql_query($sql); + } + elseif (isset($this->data['session_lang']) && $this->data['session_lang']) + { + $session_lang = $this->data['session_lang']; + } + } + + if (($board_config['lang_select_enable'] || $board_config['lang_click_enable']) && isset($session_lang) && $session_lang) + { + $this->data['user_lang'] = $session_lang; + $this->lang_name = (file_exists($this->lang_path . $this->data['user_lang'] . "/common.$phpEx")) ? $this->data['user_lang'] : basename($this->encode_lang($this->lang['default_lang'])); + + if ($this->data['user_id'] != ANONYMOUS) + { + $this->date_format = $this->data['user_dateformat']; + $this->timezone = $this->data['user_timezone'] * 3600; + $this->dst = $this->data['user_dst'] * 3600; + } + else + { + $this->date_format = $board_config['default_dateformat']; + $this->timezone = $board_config['board_timezone'] * 3600; + $this->dst = $board_config['board_dst'] * 3600; + } + } $lang_set = !$lang_set ? (defined('IN_ADMIN') ? 'acp/common' : 'common') : $lang_set; *************** *** 1306,1326 **** $this->timezone = $board_config['board_timezone'] * 3600; $this->dst = $board_config['board_dst'] * 3600; ! } ! if ((@include $this->lang_path . "common.$phpEx") === false) { - //this will fix the path for anonymouse users if ((@include $phpbb_root_path . $this->lang_path . "common.$phpEx") === false) { ! die('Language file ' . $this->lang_path . "common.$phpEx" . ' couldn\'t be opened.'); } } - - // // We include common language file here to not load it every time a custom language file is included - // $this->add_lang($lang_set); - unset($lang_set); } --- 1440,1524 ---- $this->timezone = $board_config['board_timezone'] * 3600; $this->dst = $board_config['board_dst'] * 3600; ! ! /** ! * If a guest user is surfing, we try to guess his/her language first by obtaining the browser language ! * If re-enabled we need to make sure only those languages installed are checked ! * Commented out so we do not loose the code. ! * language checking added 2008-08-15 by Martin Truckenbrodt ! **/ ! if (isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])) ! { ! $lang_iso_xx_yy = array(); ! $lang_iso_xx = array(); ! $accept_lang_xx_yy = array(); ! $accept_lang_xx = array(); + $sql = 'SELECT lang_iso FROM ' . LANG_TABLE; + $result = $db->sql_query($sql, 3600); ! while ($row = $db->sql_fetchrow($result)) ! { ! if (file_exists($phpbb_root_path . 'language/' . $row['lang_iso'] . "/common.$phpEx")) ! { ! $lang_iso_xx_yy[] = $row['lang_iso']; ! if (strlen($row['lang_iso']) > 4) ! { ! $lang_iso_xx[$row['lang_iso']] = substr($row['lang_iso'], 0, 2); ! } ! } ! } ! $accept_lang_ary = explode(',', $_SERVER['HTTP_ACCEPT_LANGUAGE']); ! ! foreach ($accept_lang_ary as $accept_lang) ! { ! // Set correct format ... guess full xx_yy form ! $accept_lang_xx_yy = basename(substr($accept_lang, 0, 2) . '_' . strtolower(substr($accept_lang, 3, 2))); ! // Set correct format ... guess only xx form ! $accept_lang_xx = basename(substr($accept_lang, 0, 2)); ! ! // browser xx-YY == board xx_yy and ! // browser xx == board xx ! if (in_array($accept_lang_xx_yy, $lang_iso_xx_yy)) ! { ! $this->lang_name = $board_config['default_lang'] = $accept_lang_xx_yy; ! break; ! } ! // browser xx-YY => xx == board xx ! else if (in_array($accept_lang_xx, $lang_iso_xx_yy)) ! { ! $this->lang_name = $board_config['default_lang'] = $accept_lang_xx; ! break; ! } ! // browser xx == board xx_yy => xx ! else if (in_array($accept_lang_xx, $lang_iso_xx) && $lang_iso_xx != '') ! { ! $this->lang_name = $board_config['default_lang'] = array_search($accept_lang_xx, $lang_iso_xx); ! break; ! } ! // board default language ! else ! { ! $this->lang_name = (file_exists($phpbb_root_path . 'language/' . $this->encode_lang($this->lang['default_lang']) . "/common.$phpEx")) ? $this->encode_lang($this->lang['default_lang']) : 'en'; ! } ! } ! $this->data['user_lang'] = $this->lang_name; ! } ! /* ! */ ! } ! ! /* We include common language file here to not load it every time a custom language file is included ! $lang = &$this->lang; ! */ ! $include_result = (defined('DEBUG_EXTRA')) ? "" : "@"; // Do not suppress error if in DEBUG_EXTRA mode ! if (("$include_result".include $this->lang_path . "common.$phpEx") === false) { if ((@include $phpbb_root_path . $this->lang_path . "common.$phpEx") === false) { ! die('Language file ' . $this->lang_path . "common.$phpEx" . ' couldn\'t be opened.'); //this will fix the path for anonymouse users } } // We include common language file here to not load it every time a custom language file is included $this->add_lang($lang_set); unset($lang_set); } *************** *** 1839,1847 **** $language_filename = $this->lang_path . (($use_help) ? 'help_' : '') . $lang_file . '.' . $phpEx; } ! //fix for mxp ! if ((@include $language_filename) === false) { - //this will fix the path for anonymouse users if ((@include $phpbb_root_path . $language_filename) === false) { --- 2037,2071 ---- $language_filename = $this->lang_path . (($use_help) ? 'help_' : '') . $lang_file . '.' . $phpEx; } + + if (!file_exists($language_filename)) + { + global $config; ! if ($this->lang_name == 'en') ! { ! // The user's selected language is missing the file, the board default's language is missing the file, and the file doesn't exist in /en. ! $language_filename = str_replace($this->lang_path . 'en', $this->lang_path . $this->data['user_lang'], $language_filename); ! $include_result = (defined('DEBUG_EXTRA')) ? trigger_error('Language file ' . $language_filename . ' couldn\'t be opened.', E_USER_ERROR) : ""; // Do not suppress error if in DEBUG_EXTRA mode ! } ! else if ($this->lang_name == basename($config['default_lang'])) ! { ! // Fall back to the English Language ! $this->lang_name = 'en'; ! $this->set_lang($lang, $help, $lang_file, $use_db, $use_help); ! } ! else if ($this->lang_name == $this->data['user_lang']) ! { ! // Fall back to the board default language ! $this->lang_name = basename($config['default_lang']); ! $this->set_lang($lang, $help, $lang_file, $use_db, $use_help); ! } ! ! // Reset the lang name ! $this->lang_name = (file_exists($this->lang_path . $this->data['user_lang'] . "/common.$phpEx")) ? $this->data['user_lang'] : basename($config['default_lang']); ! return; ! } ! $include_result = (defined('DEBUG_EXTRA')) ? "@" : ""; //Fix for mxp; Do not suppress error if in DEBUG_EXTRA mode ! if (("$include_result".include $language_filename) === false) { if ((@include $phpbb_root_path . $language_filename) === false) { |
