Update to phpBB 3.0.15-dev

premod/root/adm/index.php

@@ -524,6 +524,9 @@ function validate_config_vars($config_vars, &$cfg_array, &$error)
 
 				$cfg_array[$config_name] = trim($destination);
 
+			// Absolute file path
+			case 'absolute_path':
+			case 'absolute_path_writable':
 			// Path being relative (still prefixed by phpbb_root_path), but with the ability to escape the root dir...
 			case 'path':
 			case 'wpath':
@@ -533,6 +536,7 @@ function validate_config_vars($config_vars, &$cfg_array, &$error)
 					break;
 				}
 
+
 				$cfg_array[$config_name] = trim($cfg_array[$config_name]);
 
 				// Make sure no NUL byte is present...

premod/root/docs/AUTHORS

@@ -23,10 +23,12 @@ involved in phpBB.
 phpBB Lead Developer:  naderman (Nils Adermann)
 
 phpBB Developers:      bantu (Andreas Fischer)
-                       EXreaction (Nathan Guse)
                        dhruv.goel92 (Dhruv Goel)
-                       imkingdavid (David King)
+                       Elsensee (Oliver Schramm)
+                       marc1706 (Marc Alexander)
                        nickvergessen (Joas Schilling)
+                       Nicofuma (Tristan Darricau)
+                       prototech (Cesar Gallegos)
 
 Contributions by:      leviatan21 (Gabriel Vazquez)
                        Raimon (Raimon Meuldijk)
@@ -50,9 +52,11 @@ phpBB Developers:      A_Jelly_Doughnut (Josh Woody) [01/2010 - 11/2010]
                        ckwalsh (Cullen Walsh)        [01/2010 - 07/2011]
                        DavidMJ (David M.)            [12/2005 - 08/2009]
                        dhn (Dominik Dröscher)        [05/2007 - 01/2011]
+                       EXreaction (Nathan Guse)      [07/2012 - 05/2014]
                        GrahamJE (Graham Eames)       [09/2005 - 11/2006]
-                       kellanved (Henry Sudhof)      [04/2007 - 03/2011]
                        igorw (Igor Wiedler)          [08/2010 - 02/2013]
+                       imkingdavid (David King)      [11/2012 - 06/2014]
+                       kellanved (Henry Sudhof)      [04/2007 - 03/2011]
                        Oleg (Oleg Pudeyev)           [01/2011 - 05/2013]
                        rxu (Ruslan Uzdenov)          [04/2010 - 12/2012]
                        TerraFrost (Jim Wigginton)    [04/2009 - 01/2011]

premod/root/docs/INSTALL.html

@@ -139,6 +139,7 @@ <h1>Install</h1>
 		<li>A SQL database system, <strong>one of</strong>:
 		<ul>
 			<li>MySQL 3.23 or above (MySQLi supported)</li>
+			<li>MariaDB 5.1 or above</li>
 			<li>PostgreSQL 7.3+</li>
 			<li>SQLite 2.8.2+ (SQLite 3 is not supported)</li>
 			<li>Firebird 2.1+</li>
@@ -275,7 +276,7 @@ <h4>Advanced settings</h4>
 
 	<p>This package is meant for those wanting to only replace the files that were changed between a previous version and the latest version.</p>
 
-	<p>This package contains a number of archives, each contains the files changed from a given release to the latest version. You should select the appropriate archive for your current version, e.g. if you currently have <strong>3.0.11</strong> you should select the appropriate <code>phpBB-3.0.12-files.zip/tar.bz2</code> file.</p>
+	<p>This package contains a number of archives, each contains the files changed from a given release to the latest version. You should select the appropriate archive for your current version, e.g. if you currently have <strong>3.0.13</strong> you should select the appropriate <code>phpBB-3.0.14-files.zip/tar.bz2</code> file.</p>
 
 	<p>The directory structure has been preserved, enabling you (if you wish) to simply upload the uncompressed contents of the archive to the appropriate location on your server, i.e. simply overwrite the existing files with the new versions. Do not forget that if you have installed any modifications (MODs) these files will overwrite the originals, possibly destroying them in the process. You will need to re-add MODs to any affected file before uploading.</p>
 
@@ -287,7 +288,7 @@ <h4>Advanced settings</h4>
 
 	<p>The patch file is one solution for those with many Modifications (MODs) or other changes and do not want to re-add them back to all the changed files. To use this you will need command line access to a standard UNIX type <strong>patch</strong> application. If you do not have access to such an application, but still want to use this update approach, we strongly recommend the <a href="#update_auto">Automatic update package</a> explained below. It is also the recommended update method.</p>
 
-	<p>A number of patch files are provided to allow you to update from previous stable releases. Select the correct patch, e.g. if your current version is <strong>3.0.11</strong>, you need the <code>phpBB-3.0.12-patch.zip/tar.bz2</code> file. Place the correct patch in the parent directory containing the phpBB core files (i.e. index.php, viewforum.php, etc.). With this done you should run the following command: <code>patch -cl -d [PHPBB DIRECTORY] -p1 &lt; [PATCH NAME]</code> (where PHPBB DIRECTORY is the directory name your phpBB Installation resides in, for example phpBB, and where PATCH NAME is the relevant filename of the selected patch file). This should complete quickly, hopefully without any HUNK FAILED comments.</p>
+	<p>A number of patch files are provided to allow you to update from previous stable releases. Select the correct patch, e.g. if your current version is <strong>3.0.13</strong>, you need the <code>phpBB-3.0.14-patch.zip/tar.bz2</code> file. Place the correct patch in the parent directory containing the phpBB core files (i.e. index.php, viewforum.php, etc.). With this done you should run the following command: <code>patch -cl -d [PHPBB DIRECTORY] -p1 &lt; [PATCH NAME]</code> (where PHPBB DIRECTORY is the directory name your phpBB Installation resides in, for example phpBB, and where PATCH NAME is the relevant filename of the selected patch file). This should complete quickly, hopefully without any HUNK FAILED comments.</p>
 
 	<p>If you do get failures, you should look at using the <a href="#update_files">Changed Files</a> package to replace the files which failed to patch. Please note that you will need to manually re-add any MODs to these particular files. Alternatively, if you know how, you can examine the .rej files to determine what failed where and make manual adjustments to the relevant source.</p>
 
@@ -297,7 +298,7 @@ <h4>Advanced settings</h4>
 
 	<p>This update method is the recommended method for updating. This package detects changed files automatically and merges in changes if needed.</p>
 
-	<p>The automatic update package will update the board from a given version to the latest version. A number of automatic update files are available, and you should choose the one that corresponds to the version of the board that you are currently running. For example, if your current version is <strong>3.0.11</strong>, you need the <code>phpBB-3.0.11_to_3.0.12.zip/tar.bz2</code> file.</p>
+	<p>The automatic update package will update the board from a given version to the latest version. A number of automatic update files are available, and you should choose the one that corresponds to the version of the board that you are currently running. For example, if your current version is <strong>3.0.13</strong>, you need the <code>phpBB-3.0.13_to_3.0.14.zip/tar.bz2</code> file.</p>
 
 	<p>To perform the update, either follow the instructions from the <strong>Administration Control Panel-&gt;System</strong> Tab - this should point out that you are running an outdated version and will guide you through the update - or follow the instructions listed below.</p>
 

premod/root/docs/README.html

@@ -329,7 +329,7 @@ <h1>Readme</h1>
 
 	<p>Please remember that running any application on a development (unstable, e.g. a beta release) version of PHP can lead to strange/unexpected results which may appear to be bugs in the application. Therefore, we recommend you upgrade to the newest stable version of PHP before running phpBB3. If you are running a development version of PHP please check any bugs you find on a system running a stable release before submitting.</p>
 
-	<p>This board has been developed and tested under Linux and Windows (amongst others) running Apache using MySQL 3.23, 4.x, 5.x, MSSQL Server 2000, PostgreSQL 7.x, Oracle 8, SQLite 2 and Firebird. Versions of PHP used range from 4.3.3 to 5.4.x without problem. </p>
+	<p>This board has been developed and tested under Linux and Windows (amongst others) running Apache using MySQL 3.23, 4.x, 5.x, MariaDB 5.x, MSSQL Server 2000, PostgreSQL 7.x, Oracle 8, SQLite 2 and Firebird. Versions of PHP used range from 4.3.3 to 5.4.x without problem. </p>
 
 <a name="phpsec"></a><h3>7.i. Notice on PHP security issues</h3>
 

premod/root/docs/coding-guidelines.html

@@ -728,7 +728,7 @@ <h4>sql_build_array():</h4>
 $sql_ary = array(
 	'somedata'		=&gt; $my_string,
 	'otherdata'		=&gt; $an_int,
-	'moredata'		=&gt; $another_int
+	'moredata'		=&gt; $another_int,
 );
 
 $db-&gt;sql_query('INSERT INTO ' . SOME_TABLE . ' ' . $db-&gt;sql_build_array('INSERT', $sql_ary));
@@ -740,7 +740,7 @@ <h4>sql_build_array():</h4>
 $sql_ary = array(
 	'somedata'		=&gt; $my_string,
 	'otherdata'		=&gt; $an_int,
-	'moredata'		=&gt; $another_int
+	'moredata'		=&gt; $another_int,
 );
 
 $sql = 'UPDATE ' . SOME_TABLE . '
@@ -833,20 +833,20 @@ <h4>sql_build_query():</h4>
 
 	'FROM'		=&gt; array(
 		FORUMS_WATCH_TABLE	=&gt; 'fw',
-		FORUMS_TABLE		=&gt; 'f'
+		FORUMS_TABLE		=&gt; 'f',
 	),
 
 	'LEFT_JOIN'	=&gt; array(
 		array(
 			'FROM'	=&gt; array(FORUMS_TRACK_TABLE =&gt; 'ft'),
-			'ON'	=&gt; 'ft.user_id = ' . $user-&gt;data['user_id'] . ' AND ft.forum_id = f.forum_id'
-		)
+			'ON'	=&gt; 'ft.user_id = ' . $user-&gt;data['user_id'] . ' AND ft.forum_id = f.forum_id',
+		),
 	),
 
 	'WHERE'		=&gt; 'fw.user_id = ' . $user-&gt;data['user_id'] . '
 		AND f.forum_id = fw.forum_id',
 
-	'ORDER_BY'	=&gt; 'left_id'
+	'ORDER_BY'	=&gt; 'left_id',
 );
 
 $sql = $db-&gt;sql_build_query('SELECT', $sql_array);
@@ -860,22 +860,22 @@ <h4>sql_build_query():</h4>
 
 	'FROM'		=&gt; array(
 		FORUMS_WATCH_TABLE	=&gt; 'fw',
-		FORUMS_TABLE		=&gt; 'f'
+		FORUMS_TABLE		=&gt; 'f',
 	),
 
 	'WHERE'		=&gt; 'fw.user_id = ' . $user-&gt;data['user_id'] . '
 		AND f.forum_id = fw.forum_id',
 
-	'ORDER_BY'	=&gt; 'left_id'
+	'ORDER_BY'	=&gt; 'left_id',
 );
 
 if ($config['load_db_lastread'])
 {
 	$sql_array['LEFT_JOIN'] = array(
 		array(
 			'FROM'	=&gt; array(FORUMS_TRACK_TABLE =&gt; 'ft'),
-			'ON'	=&gt; 'ft.user_id = ' . $user-&gt;data['user_id'] . ' AND ft.forum_id = f.forum_id'
-		)
+			'ON'	=&gt; 'ft.user_id = ' . $user-&gt;data['user_id'] . ' AND ft.forum_id = f.forum_id',
+		),
 	);
 
 	$sql_array['SELECT'] .= ', ft.mark_time ';

premod/root/download/file.php

@@ -533,16 +533,18 @@ function send_file_to_browser($attachment, $upload_dir, $category)
 		}
 	}
 
-	if ($size)
-	{
-		header("Content-Length: $size");
-	}
 
 	// Close the db connection before sending the file
 	$db->sql_close();
 
 	if (!set_modified_headers($attachment['filetime'], $user->browser))
 	{
+		// Send Content-Length only if set_modified_headers() does not send
+		// status 304 - Not Modified
+		if ($size)
+		{
+			header("Content-Length: $size");
+		}
 		// Try to deliver in chunks
 		@set_time_limit(0);
 

premod/root/feed.php

@@ -463,7 +463,10 @@ class phpbb_feed_base
 	* Separator for the statistics row (Posted by, post date, replies, etc.)
 	*/
 	var $separator_stats = "\xE2\x80\x94"; // —
-
+
+	/** @var mixed Query result handle */
+	var $result;
+
 	/**
 	* Constructor
 	*/
@@ -617,10 +620,9 @@ function get_passworded_forums()
 
 	function get_item()
 	{
-		global $db, $cache;
-		static $result;
+		global $db;
 
-		if (!isset($result))
+		if (!isset($this->result))
 		{
 			if (!$this->get_sql())
 			{
@@ -629,10 +631,10 @@ function get_item()
 
 			// Query database
 			$sql = $db->sql_build_query('SELECT', $this->sql);
-			$result = $db->sql_query_limit($sql, $this->num_items);
+			$this->result = $db->sql_query_limit($sql, $this->num_items);
 		}
 
-		return $db->sql_fetchrow($result);
+		return $db->sql_fetchrow($this->result);
 	}
 
 	function user_viewprofile($row)

premod/root/includes/acp/acp_attachments.php

@@ -127,7 +127,7 @@ function main($id, $mode)
 						'img_create_thumbnail'		=> array('lang' => 'CREATE_THUMBNAIL',		'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
 						'img_max_thumb_width'		=> array('lang' => 'MAX_THUMB_WIDTH',		'validate' => 'int',	'type' => 'text:7:15', 'explain' => true, 'append' => ' ' . $user->lang['PIXEL']),
 						'img_min_thumb_filesize'	=> array('lang' => 'MIN_THUMB_FILESIZE',	'validate' => 'int',	'type' => 'text:7:15', 'explain' => true, 'append' => ' ' . $user->lang['BYTES']),
-						'img_imagick'				=> array('lang' => 'IMAGICK_PATH',			'validate' => 'string',	'type' => 'text:20:200', 'explain' => true, 'append' => '&nbsp;&nbsp;<span>[ <a href="' . $this->u_action . '&amp;action=imgmagick">' . $user->lang['SEARCH_IMAGICK'] . '</a> ]</span>'),
+						'img_imagick'				=> array('lang' => 'IMAGICK_PATH',			'validate' => 'absolute_path',	'type' => 'text:20:200', 'explain' => true, 'append' => '&nbsp;&nbsp;<span>[ <a href="' . $this->u_action . '&amp;action=imgmagick">' . $user->lang['SEARCH_IMAGICK'] . '</a> ]</span>'),
 						'img_max'					=> array('lang' => 'MAX_IMAGE_SIZE',		'validate' => 'int',	'type' => 'dimension:3:4', 'explain' => true, 'append' => ' ' . $user->lang['PIXEL']),
 						'img_link'					=> array('lang' => 'IMAGE_LINK_SIZE',		'validate' => 'int',	'type' => 'dimension:3:4', 'explain' => true, 'append' => ' ' . $user->lang['PIXEL']),
 					)

premod/root/includes/constants.php

@@ -25,7 +25,7 @@
 */
 
 // phpBB Version
-define('PHPBB_VERSION', '3.0.12');
+define('PHPBB_VERSION', '3.0.15-dev');
 
 // QA-related
 // define('PHPBB_SEO_QA', 1);

premod/root/includes/functions.php

@@ -2553,7 +2553,7 @@ function redirect($url, $return = false, $disable_cd_check = false)
 		// Attention: only able to redirect within the same domain if $disable_cd_check is false (yourdomain.com -> www.yourdomain.com will not work)
 		if (!$disable_cd_check && $url_parts['host'] !== $user->host)
 		{
-			$url = generate_board_url();
+			trigger_error('Tried to redirect to potentially insecure url.', E_USER_ERROR);
 		}
 	}
 	else if ($url[0] == '/')
@@ -2639,6 +2639,12 @@ function redirect($url, $return = false, $disable_cd_check = false)
 			}
 		}
 	}
+
+	// Make sure we don't redirect to external URLs
+	if (!$disable_cd_check && strpos($url, generate_board_url(true) . '/') !== 0)
+	{
+		trigger_error('Tried to redirect to potentially insecure url.', E_USER_ERROR);
+	}
 
 	// Make sure no linebreaks are there... to prevent http response splitting for PHP < 4.4.2
 	if (strpos(urldecode($url), "\n") !== false || strpos(urldecode($url), "\r") !== false || strpos($url, ';') !== false)
@@ -2843,7 +2849,7 @@ function send_status_line($code, $message)
 	}
 	else
 	{
-		if (!empty($_SERVER['SERVER_PROTOCOL']))
+		if (!empty($_SERVER['SERVER_PROTOCOL']) && is_string($_SERVER['SERVER_PROTOCOL']) && preg_match('#^HTTP/[0-9]\.[0-9]$#', $_SERVER['SERVER_PROTOCOL']))
 		{
 			$version = $_SERVER['SERVER_PROTOCOL'];
 		}

premod/root/includes/session.php

@@ -120,6 +120,8 @@ function extract_current_page($root_path)
 
 		$script_path .= (substr($script_path, -1, 1) == '/') ? '' : '/';
 		$root_script_path .= (substr($root_script_path, -1, 1) == '/') ? '' : '/';
+
+		$forum_id = (isset($_REQUEST['f']) && $_REQUEST['f'] > 0 && $_REQUEST['f'] < 16777215) ? (int) $_REQUEST['f'] : 0;
 
 		$page_array += array(
 			'page_name'			=> $page_name,
@@ -130,7 +132,7 @@ function extract_current_page($root_path)
 			'root_script_path'	=> str_replace(' ', '%20', htmlspecialchars($root_script_path)),
 
 			'page'				=> $page,
-			'forum'				=> (isset($_REQUEST['f']) && $_REQUEST['f'] > 0) ? (int) $_REQUEST['f'] : 0,
+			'forum'				=> $forum_id,
 		);
 
 		return $page_array;

premod/root/includes/startup.php

@@ -113,6 +113,54 @@ function deregister_globals()
 	unset($input);
 }
 
+/**
+ * Check if requested page uses a trailing path
+ *
+ * @param string $phpEx PHP extension
+ *
+ * @return bool True if trailing path is used, false if not
+ */
+function phpbb_has_trailing_path($phpEx)
+{
+	// Check if path_info is being used
+	if (!empty($_SERVER['PATH_INFO']) || (!empty($_SERVER['ORIG_PATH_INFO']) && $_SERVER['SCRIPT_NAME'] != $_SERVER['ORIG_PATH_INFO']))
+	{
+		return true;
+	}
+
+	// Match any trailing path appended to a php script in the REQUEST_URI.
+	// It is assumed that only actual PHP scripts use names like foo.php. Due
+	// to this, any phpBB board inside a directory that has the php extension
+	// appended to its name will stop working, i.e. if the board is at
+	// example.com/phpBB/test.php/ or example.com/test.php/
+	if (preg_match('#^[^?]+\.' . preg_quote($phpEx, '#') . '/#', $_SERVER['REQUEST_URI']))
+	{
+		return true;
+	}
+
+	return false;
+}
+
+// Check if trailing path is used
+if (phpbb_has_trailing_path($phpEx = substr(strrchr(__FILE__, '.'), 1)))
+{
+	if (substr(strtolower(@php_sapi_name()), 0, 3) === 'cgi')
+	{
+		$prefix = 'Status:';
+	}
+	else if (!empty($_SERVER['SERVER_PROTOCOL']) && is_string($_SERVER['SERVER_PROTOCOL']) && preg_match('#^HTTP/[0-9]\.[0-9]$#', $_SERVER['SERVER_PROTOCOL']))
+	{
+		$prefix = $_SERVER['SERVER_PROTOCOL'];
+	}
+	else
+	{
+		$prefix = 'HTTP/1.0';
+	}
+	header("$prefix 404 Not Found", true, 404);
+	echo 'Trailing paths and PATH_INFO is not supported by phpBB 3.0';
+	exit;
+}
+
 // Register globals and magic quotes have been dropped in PHP 5.4
 if (version_compare(PHP_VERSION, '5.4.0-dev', '>='))
 {

premod/root/includes/ucp/ucp_pm_compose.php

@@ -57,7 +57,7 @@ function compose_pm($id, $mode, $action, $user_folders = array())
 		$address_list = array();
 	}
 
-	$submit		= (isset($_POST['post'])) ? true : false;
+
 	$preview	= (isset($_POST['preview'])) ? true : false;
 	$save		= (isset($_POST['save'])) ? true : false;
 	$load		= (isset($_POST['load'])) ? true : false;
@@ -71,7 +71,7 @@ function compose_pm($id, $mode, $action, $user_folders = array())
 
 	$refresh	= isset($_POST['add_file']) || isset($_POST['delete_file']) || $save || $load
 		|| $remove_u || $remove_g || $add_to || $add_bcc;
-
+	$submit = isset($_POST['post']) && !$refresh && !$preview;
 	$action		= ($delete && !$preview && !$refresh && $submit) ? 'delete' : $action;
 	$select_single = ($config['allow_mass_pm'] && $auth->acl_get('u_masspm')) ? false : true;
 

premod/root/includes/utf/utf_normalizer.php

@@ -15,6 +15,11 @@
 	exit;
 }
 
+/**
+ * Modifications:
+ *
+ */
+
 /**
 * Some Unicode characters encoded in UTF-8
 *