Menu
▾
▴
[mxbb-commits] core/includes mx_functions.php,1.51,1.52 mx_functions_admincp.php,1.12,1.13 mx_functions_auth.php,1.4,1.5 mx_functions_core.php,1.15,1.16 mx_functions_phpbb.php,1.15,1.16 page_header.php,1.26,1.27 page_tail.php,1.18,1.19
Update of /cvsroot/mxbb/core/includes In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv31135/includes Modified Files: mx_functions.php mx_functions_admincp.php mx_functions_auth.php mx_functions_core.php mx_functions_phpbb.php page_header.php page_tail.php Log Message: - Security patch for 2.0.18 - added custom cache (eg for portal_configs etc) - minor fixes Index: mx_functions_auth.php =================================================================== RCS file: /cvsroot/mxbb/core/includes/mx_functions_auth.php,v retrieving revision 1.4 retrieving revision 1.5 diff -C2 -d -r1.4 -r1.5 *** mx_functions_auth.php 1 Oct 2005 14:10:45 -0000 1.4 --- mx_functions_auth.php 8 Dec 2005 14:41:48 -0000 1.5 *************** *** 421,432 **** if( $mode == 'kb' ) { ! include_once($mx_root_path . 'modules/mx_kb/includes/functions_kb_auth.' . $phpEx); ! $auth_func = 'kb_auth'; } else { ! $auth_func = 'auth'; } ! $is_auth_ary = $auth_func(AUTH_VIEW, AUTH_LIST_ALL, $userdata); // --- 421,433 ---- if( $mode == 'kb' ) { ! include_once($mx_root_path . 'modules/mx_kb/kb/includes/functions_auth.' . $phpEx); ! $mx_kb_auth = new mx_kb_auth(); ! $is_auth_ary = $mx_kb_auth->auth(AUTH_VIEW, AUTH_LIST_ALL, $userdata); } else { ! $is_auth_ary = auth(AUTH_VIEW, AUTH_LIST_ALL, $userdata); } ! // Index: page_tail.php =================================================================== RCS file: /cvsroot/mxbb/core/includes/page_tail.php,v retrieving revision 1.18 retrieving revision 1.19 diff -C2 -d -r1.18 -r1.19 *** page_tail.php 25 Nov 2005 02:52:16 -0000 1.18 --- page_tail.php 8 Dec 2005 14:41:48 -0000 1.19 *************** *** 84,87 **** --- 84,95 ---- // + // Update config cache + // + if ($mx_config_cache->modified) + { + $mx_config_cache->unload(); + } + + // // Close our DB connection. // Index: mx_functions_core.php =================================================================== RCS file: /cvsroot/mxbb/core/includes/mx_functions_core.php,v retrieving revision 1.15 retrieving revision 1.16 diff -C2 -d -r1.15 -r1.16 *** mx_functions_core.php 23 Oct 2005 18:48:20 -0000 1.15 --- mx_functions_core.php 8 Dec 2005 14:41:48 -0000 1.16 *************** *** 23,27 **** die( "Hacking attempt" ); } ! /********************************************************************************\ | Class: mx_cache --- 23,201 ---- die( "Hacking attempt" ); } ! ! /********************************************************************************\ ! | Class: mx_config_cache ! | The mx_config_cache handles the mx_config data ! | ! \********************************************************************************/ ! class mx_config_cache ! { ! var $vars = ''; ! var $vars_ts = array(); ! var $modified = false; ! ! function mx_config_cache() ! { ! global $phpbb_root_path, $mx_root_path, $is_block, $phpEx; ! $this->cache_dir = $mx_root_path . 'cache/'; ! } ! ! function load() ! { ! global $phpEx; ! @include( $this->cache_dir . 'mx_config.' . $phpEx ); ! } ! ! function unload() ! { ! $this->save(); ! unset( $this->vars ); ! unset( $this->vars_ts ); ! } ! ! function save() ! { ! if ( !$this->modified ) ! { ! return; ! } ! ! global $phpEx; ! $file = '<?php $this->vars=' . $this->format_array( $this->vars ) . ";\n\$this->vars_ts=" . $this->format_array( $this->vars_ts ) . ' ?>'; ! ! if ( $fp = @fopen( $this->cache_dir . 'mx_config.' . $phpEx, 'wb' ) ) ! { ! @flock( $fp, LOCK_EX ); ! fwrite( $fp, $file ); ! @flock( $fp, LOCK_UN ); ! fclose( $fp ); ! } ! } ! ! function tidy( $expire_time = 0 ) ! { ! global $phpEx; ! ! $dir = opendir( $this->cache_dir ); ! while ( $entry = readdir( $dir ) ) ! { ! if ( $entry{0} == '.' || substr( $entry, 0, 4 ) != 'sql_' ) ! { ! continue; ! } ! ! if ( time() - $expire_time >= filemtime( $this->cache_dir . $entry ) ) ! { ! unlink( $this->cache_dir . $entry ); ! } ! } ! ! if ( file_exists( $this->cache_dir . 'mx_config.' . $phpEx ) ) ! { ! foreach ( $this->vars_ts as $varname => $timestamp ) ! { ! if ( time() - $expire_time >= $timestamp ) ! { ! $this->destroy( $varname ); ! } ! } ! } ! else ! { ! $this->vars = $this->vars_ts = array(); ! $this->modified = true; ! } ! } ! ! function get( $varname, $expire_time = 0 ) ! { ! return ( $this->exists( $varname, $expire_time ) ) ? $this->vars[$varname] : null; ! } ! ! function put( $varname, $var ) ! { ! $this->vars[$varname] = $var; ! $this->vars_ts[$varname] = time(); ! $this->modified = true; ! } ! ! function destroy( $varname ) ! { ! if ( isset( $this->vars[$varname] ) ) ! { ! $this->modified = true; ! unset( $this->vars[$varname] ); ! unset( $this->vars_ts[$varname] ); ! } ! } ! ! function exists( $varname, $expire_time = 0 ) ! { ! if ( !is_array( $this->vars ) ) ! { ! $this->load(); ! } ! ! if ( $expire_time > 0 && isset( $this->vars_ts[$varname] ) ) ! { ! if ( $this->vars_ts[$varname] <= time() - $expire_time ) ! { ! $this->destroy( $varname ); ! return false; ! } ! } ! ! return isset( $this->vars[$varname] ); ! } ! ! function format_array( $array ) ! { ! $lines = array(); ! foreach ( $array as $k => $v ) ! { ! if ( is_array( $v ) ) ! { ! $lines[] = "'$k'=>" . $this->format_array( $v ); ! }elseif ( is_int( $v ) ) ! { ! $lines[] = "'$k'=>$v"; ! }elseif ( is_bool( $v ) ) ! { ! $lines[] = "'$k'=>" . ( ( $v ) ? 'TRUE' : 'FALSE' ); ! } ! else ! { ! $lines[] = "'$k'=>'" . str_replace( "'", "\'", str_replace( '\\', '\\\\', $v ) ) . "'"; ! } ! } ! return 'array(' . implode( ',', $lines ) . ')'; ! } ! ! function db_get() ! { ! global $db; ! ! $sql = "SELECT * ! FROM " . PORTAL_TABLE . " ! WHERE portal_id = '1'"; ! ! if ( !( $result = $db->sql_query( $sql ) ) ) ! { ! mx_message_die( GENERAL_ERROR, 'Couldnt query portal configuration', '', __LINE__, __FILE__, $sql ); ! } ! ! $row = $db->sql_fetchrow( $result ); ! ! foreach ( $row as $config_name => $config_value ) ! { ! $portal_config[$config_name] = trim( $config_value ); ! } ! ! $db->sql_freeresult( $result ); ! ! return ( $portal_config ); ! } ! } ! /********************************************************************************\ | Class: mx_cache *************** *** 1933,1937 **** // ! function read_block_config( $block_id, $cache = true ) { global $mx_cache, $mx_block; --- 2107,2111 ---- // ! function read_block_config( $block_id, $force_query = false ) { global $mx_cache, $mx_block; *************** *** 1939,1943 **** if ( empty( $mx_block->block_config[$block_id] ) ) { ! $block_config_temp = $mx_cache->read( $block_id, MX_CACHE_BLOCK_TYPE, $cache ); $block_config_temp[$block_id] = array_merge($block_config_temp[$block_id]['block_info'], $block_config_temp[$block_id]['block_parameters']); return $block_config_temp; --- 2113,2117 ---- if ( empty( $mx_block->block_config[$block_id] ) ) { ! $block_config_temp = $mx_cache->read( $block_id, MX_CACHE_BLOCK_TYPE, $force_query ); $block_config_temp[$block_id] = array_merge($block_config_temp[$block_id]['block_info'], $block_config_temp[$block_id]['block_parameters']); return $block_config_temp; Index: mx_functions_phpbb.php =================================================================== RCS file: /cvsroot/mxbb/core/includes/mx_functions_phpbb.php,v retrieving revision 1.15 retrieving revision 1.16 diff -C2 -d -r1.15 -r1.16 *** mx_functions_phpbb.php 13 Oct 2005 17:25:51 -0000 1.15 --- mx_functions_phpbb.php 8 Dec 2005 14:41:48 -0000 1.16 *************** *** 598,601 **** --- 598,602 ---- mx_message_die(GENERAL_ERROR, 'Tried to redirect to potentially insecure url.'); } + // Redirect via an HTML form for PITA webservers if ( @preg_match('/Microsoft|WebSTAR|Xitami/', getenv('SERVER_SOFTWARE')) ) Index: mx_functions_admincp.php =================================================================== RCS file: /cvsroot/mxbb/core/includes/mx_functions_admincp.php,v retrieving revision 1.12 retrieving revision 1.13 diff -C2 -d -r1.12 -r1.13 *** mx_functions_admincp.php 23 Oct 2005 18:48:20 -0000 1.12 --- mx_functions_admincp.php 8 Dec 2005 14:41:48 -0000 1.13 *************** *** 150,154 **** $row = $db->sql_fetchrow($result); ! $module_id_new = $row[next_id]; // --- 150,154 ---- $row = $db->sql_fetchrow($result); ! $module_id_new = $row['next_id']; // Index: page_header.php =================================================================== RCS file: /cvsroot/mxbb/core/includes/page_header.php,v retrieving revision 1.26 retrieving revision 1.27 diff -C2 -d -r1.26 -r1.27 *** page_header.php 25 Nov 2005 02:52:16 -0000 1.26 --- page_header.php 8 Dec 2005 14:41:48 -0000 1.27 *************** *** 103,281 **** // - // Get basic (usernames + totals) online - // situation - // - // This code is moved to the mx_online coreblock - // - /* - $logged_visible_online = 0; - $logged_hidden_online = 0; - $guests_online = 0; - $online_userlist = ''; - $l_online_users = ''; - - if (defined('SHOW_ONLINE')) - { - - $user_forum_sql = ( !empty($forum_id) ) ? "AND s.session_page = " . intval($forum_id) : ''; - $sql = "SELECT u.username, u.user_id, u.user_allow_viewonline, u.user_level, s.session_logged_in, s.session_ip - FROM ".USERS_TABLE." u, ".SESSIONS_TABLE." s - WHERE u.user_id = s.session_user_id - AND s.session_time >= ".( time() - 300 ) . " - $user_forum_sql - ORDER BY u.username ASC, s.session_ip ASC"; - if( !($result = $db->sql_query($sql)) ) - { - mx_message_die(GENERAL_ERROR, 'Could not obtain user/online information', '', __LINE__, __FILE__, $sql); - } - - $userlist_ary = array(); - $userlist_visible = array(); - - $prev_user_id = 0; - $prev_user_ip = $prev_session_ip = ''; - - while( $row = $db->sql_fetchrow($result) ) - { - // User is logged in and therefor not a guest - if ( $row['session_logged_in'] ) - { - // Skip multiple sessions for one user - if ( $row['user_id'] != $prev_user_id ) - { - $style_color = ''; - if ( $row['user_level'] == ADMIN ) - { - $row['username'] = '<b>' . $row['username'] . '</b>'; - $style_color = 'style="color:#' . $theme['fontcolor3'] . '"'; - } - else if ( $row['user_level'] == MOD ) - { - $row['username'] = '<b>' . $row['username'] . '</b>'; - $style_color = 'style="color:#' . $theme['fontcolor2'] . '"'; - } - - if ( $row['user_allow_viewonline'] ) - { - $user_online_link = '<a href="' . append_sid(PHPBB_URL . "profile.$phpEx?mode=viewprofile&" . POST_USERS_URL . "=" . $row['user_id']) . '"' . $style_color .'>' . $row['username'] . '</a>'; - $logged_visible_online++; - } - else - { - $user_online_link = '<a href="' . append_sid(PHPBB_URL . "profile.$phpEx?mode=viewprofile&" . POST_USERS_URL . "=" . $row['user_id']) . '"' . $style_color .'><i>' . $row['username'] . '</i></a>'; - $logged_hidden_online++; - } - - if ( $row['user_allow_viewonline'] || $userdata['user_level'] == ADMIN ) - { - $online_userlist .= ( $online_userlist != '' ) ? ', ' . $user_online_link : $user_online_link; - } - } - - $prev_user_id = $row['user_id']; - } - else - { - // Skip multiple sessions for one user - if ( $row['session_ip'] != $prev_session_ip ) - { - $guests_online++; - } - } - - $prev_session_ip = $row['session_ip']; - } - $db->sql_freeresult($result); - - if ( empty($online_userlist) ) - { - $online_userlist = $lang['None']; - } - $online_userlist = ( ( isset($forum_id) ) ? $lang['Browsing_forum'] : $lang['Registered_users'] ) . ' ' . $online_userlist; - - $total_online_users = $logged_visible_online + $logged_hidden_online + $guests_online; - - if ( $total_online_users > $board_config['record_online_users']) - { - $board_config['record_online_users'] = $total_online_users; - $board_config['record_online_date'] = time(); - - $sql = "UPDATE " . CONFIG_TABLE . " - SET config_value = '$total_online_users' - WHERE config_name = 'record_online_users'"; - if ( !$db->sql_query($sql) ) - { - message_die(GENERAL_ERROR, 'Could not update online user record (nr of users)', '', __LINE__, __FILE__, $sql); - } - - $sql = "UPDATE " . CONFIG_TABLE . " - SET config_value = '" . $board_config['record_online_date'] . "' - WHERE config_name = 'record_online_date'"; - if ( !$db->sql_query($sql) ) - { - message_die(GENERAL_ERROR, 'Could not update online user record (date)', '', __LINE__, __FILE__, $sql); - } - } - - if ( $total_online_users == 0 ) - { - $l_t_user_s = $lang['Online_users_zero_total']; - } - else if ( $total_online_users == 1 ) - { - $l_t_user_s = $lang['Online_user_total']; - } - else - { - $l_t_user_s = $lang['Online_users_total']; - } - - if ( $logged_visible_online == 0 ) - { - $l_r_user_s = $lang['Reg_users_zero_total']; - } - else if ( $logged_visible_online == 1 ) - { - $l_r_user_s = $lang['Reg_user_total']; - } - else - { - $l_r_user_s = $lang['Reg_users_total']; - } - - if ( $logged_hidden_online == 0 ) - { - $l_h_user_s = $lang['Hidden_users_zero_total']; - } - else if ( $logged_hidden_online == 1 ) - { - $l_h_user_s = $lang['Hidden_user_total']; - } - else - { - $l_h_user_s = $lang['Hidden_users_total']; - } - - if ( $guests_online == 0 ) - { - $l_g_user_s = $lang['Guest_users_zero_total']; - } - else if ( $guests_online == 1 ) - { - $l_g_user_s = $lang['Guest_user_total']; - } - else - { - $l_g_user_s = $lang['Guest_users_total']; - } - - $l_online_users = sprintf($l_t_user_s, $total_online_users); - $l_online_users .= sprintf($l_r_user_s, $logged_visible_online); - $l_online_users .= sprintf($l_h_user_s, $logged_hidden_online); - $l_online_users .= sprintf($l_g_user_s, $guests_online); - } - */ - - // // Obtain number of new private messages // if user is logged in --- 103,106 ---- *************** *** 384,389 **** 'LAST_VISIT_DATE' => sprintf($lang['You_last_visit'], $s_last_visit), 'CURRENT_TIME' => sprintf($lang['Current_time'], create_date($board_config['default_dateformat'], time(), $board_config['board_timezone'])), ! //'TOTAL_USERS_ONLINE' => $l_online_users, ! //'LOGGED_IN_USER_LIST' => $online_userlist, 'RECORD_USERS' => sprintf($lang['Record_online_users'], $board_config['record_online_users'], create_date($board_config['default_dateformat'], $board_config['record_online_date'], $board_config['board_timezone'])), 'PRIVATE_MESSAGE_INFO' => $l_privmsgs_text, --- 209,213 ---- 'LAST_VISIT_DATE' => sprintf($lang['You_last_visit'], $s_last_visit), 'CURRENT_TIME' => sprintf($lang['Current_time'], create_date($board_config['default_dateformat'], time(), $board_config['board_timezone'])), ! 'RECORD_USERS' => sprintf($lang['Record_online_users'], $board_config['record_online_users'], create_date($board_config['default_dateformat'], $board_config['record_online_date'], $board_config['board_timezone'])), 'PRIVATE_MESSAGE_INFO' => $l_privmsgs_text, Index: mx_functions.php =================================================================== RCS file: /cvsroot/mxbb/core/includes/mx_functions.php,v retrieving revision 1.51 retrieving revision 1.52 diff -C2 -d -r1.51 -r1.52 *** mx_functions.php 22 Oct 2005 10:51:02 -0000 1.51 --- mx_functions.php 8 Dec 2005 14:41:48 -0000 1.52 *************** *** 572,640 **** function get_page_id($search_item, $use_function_file = false) { ! global $db; ! ! if( $use_function_file ) ! { ! $sql = "SELECT * FROM " . FUNCTION_TABLE . " WHERE function_file = '$search_item' LIMIT 1"; ! if( !($result = $db->sql_query($sql)) ) ! { ! mx_message_die(GENERAL_ERROR, "Could not query Activity Mod module information", '', __LINE__, __FILE__, $sql); ! } ! $row = $db->sql_fetchrow($result); ! $function_id = $row['function_id']; ! ! $sql = "SELECT * FROM " . BLOCK_TABLE . " WHERE function_id = '$function_id' LIMIT 1"; ! if( !($result = $db->sql_query($sql)) ) ! { ! mx_message_die(GENERAL_ERROR, "Could not query " . $search_item . " module information", '', __LINE__, __FILE__, $sql); ! } ! $row = $db->sql_fetchrow($result); ! $search_item = $row['block_id']; ! } // ! // First, see if we can get the page_id from ordinary blocks // ! $sql = "SELECT pag.page_id ! FROM " . COLUMN_BLOCK_TABLE . " bct, ! " . PAGE_TABLE . " pag, ! " . COLUMN_TABLE . " col ! WHERE pag.page_id = col.page_id ! AND bct.column_id = col.column_id ! AND bct.block_id = '" . $search_item . "' ! ORDER BY pag.page_id"; ! ! if( !($p_result = $db->sql_query($sql)) ) ! { ! mx_message_die(GENERAL_ERROR, "Could not query column list", '', __LINE__, __FILE__, $sql); ! } ! $p_row = $db->sql_fetchrow($p_result); ! ! if( !empty($p_row['page_id']) ) { ! return $p_row['page_id']; } ! ! // ! // Find all dynamic block Page_ids, if not present as ordinary block ! // ! $sql = "SELECT pag.page_id ! FROM " . PAGE_TABLE . " pag, ! " . BLOCK_TABLE . " blk, ! " . MENU_NAV_TABLE . " nav, ! " . MENU_CAT_TABLE . " nac ! WHERE pag.page_id = nav.page_id AND nav.page_id > 0 ! AND nac.cat_id = nav.cat_id ! AND nav.block_id = blk.block_id ! AND nav.block_id = '" . $search_item . "' ! ORDER BY blk.block_id"; ! ! if( !($p_result = $db->sql_query($sql)) ) { ! mx_message_die(GENERAL_ERROR, "Could not query column list", '', __LINE__, __FILE__, $sql); } - $p_row = $db->sql_fetchrow($p_result); ! return ( !empty($p_row['page_id']) ) ? $p_row['page_id'] : ''; } --- 572,655 ---- function get_page_id($search_item, $use_function_file = false) { ! global $db, $userdata, $mx_config_cache; // ! // Try to reuse group_id results. // ! $cache_key = 'pagemap_block' . $search_item; ! ! if ( $mx_config_cache->exists( $cache_key ) ) { ! $page_id = $mx_config_cache->get( $cache_key ); ! return $page_id; } ! else { ! if( $use_function_file ) ! { ! $sql = "SELECT * FROM " . FUNCTION_TABLE . " WHERE function_file = '$search_item' LIMIT 1"; ! if( !($result = $db->sql_query($sql)) ) ! { ! mx_message_die(GENERAL_ERROR, "Could not query Activity Mod module information", '', __LINE__, __FILE__, $sql); ! } ! $row = $db->sql_fetchrow($result); ! $function_id = $row['function_id']; ! ! $sql = "SELECT * FROM " . BLOCK_TABLE . " WHERE function_id = '$function_id' LIMIT 1"; ! if( !($result = $db->sql_query($sql)) ) ! { ! mx_message_die(GENERAL_ERROR, "Could not query " . $search_item . " module information", '', __LINE__, __FILE__, $sql); ! } ! $row = $db->sql_fetchrow($result); ! $search_item = $row['block_id']; ! } ! ! // ! // First, see if we can get the page_id from ordinary blocks ! // ! $sql = "SELECT pag.page_id ! FROM " . COLUMN_BLOCK_TABLE . " bct, ! " . PAGE_TABLE . " pag, ! " . COLUMN_TABLE . " col ! WHERE pag.page_id = col.page_id ! AND bct.column_id = col.column_id ! AND bct.block_id = '" . $search_item . "' ! ORDER BY pag.page_id"; ! ! if( !($p_result = $db->sql_query($sql)) ) ! { ! mx_message_die(GENERAL_ERROR, "Could not query column list", '', __LINE__, __FILE__, $sql); ! } ! $p_row = $db->sql_fetchrow($p_result); ! ! if( empty($p_row['page_id']) ) ! { ! // ! // Find all dynamic block Page_ids, if not present as ordinary block ! // ! $sql = "SELECT pag.page_id ! FROM " . PAGE_TABLE . " pag, ! " . BLOCK_TABLE . " blk, ! " . MENU_NAV_TABLE . " nav, ! " . MENU_CAT_TABLE . " nac ! WHERE pag.page_id = nav.page_id AND nav.page_id > 0 ! AND nac.cat_id = nav.cat_id ! AND nav.block_id = blk.block_id ! AND nav.block_id = '" . $search_item . "' ! ORDER BY blk.block_id"; ! ! if( !($p_result = $db->sql_query($sql)) ) ! { ! mx_message_die(GENERAL_ERROR, "Could not query column list", '', __LINE__, __FILE__, $sql); ! } ! $p_row = $db->sql_fetchrow($p_result); ! } ! ! $page_id = ( !empty($p_row['page_id']) ) ? $p_row['page_id'] : ''; ! ! $mx_config_cache->put( $cache_key, $page_id ); } ! return $page_id; } |
