Context Navigation

← Previous Changeset
Next Changeset →

Changeset 1853 in ExiteCMS

Timestamp:

10/16/08 11:37:18 (3 years ago)

Author:

hverton

Message:

fixed session issue in the albums module
blog previous now breaks after a complete paragraph
fixed PHP notice in feeds.php when using PHP5
fixed MySQL error in viewforum.php/viewposts.php when using MySQL v5.x
fixed PHP warning in calls.httpdownload.php when using PHP5
added locale direction (ltr/rtl) to hoteditor
fixed issue with ocassional empty [URL] tags in hoteditor
fixed wrong returncode from sendemail() in sendmail_include.php
fixed issues in session management when behind loadbalanced proxies or ISP links (changing public IP address)
fixed typo in the album gallery edit template
fixed mismatched quotes in pm post causing hoteditor message retrieval to fail
fixed versioning issue in the menu, user info and welcome panel module installers
fixed PHP notice in setuser.php

Location:

trunk

Files:

: 16 edited

albums.php (modified) (1 diff)
blogs.php (modified) (1 diff)
feeds.php (modified) (1 diff)
forum/viewforum.php (modified) (1 diff)
forum/viewposts.php (modified) (2 diffs)
includes/class.httpdownload.php (modified) (1 diff)
includes/jscripts/hoteditor-4.2/editor.js (modified) (3 diffs)
includes/sendmail_include.php (modified) (1 diff)
includes/session_functions.php (modified) (2 diffs)
includes/templates/main.albums.galleryedit.tpl (modified) (1 diff)
includes/templates/main.blogs.tpl (modified) (2 diffs)
includes/templates/main.pm.post.tpl (modified) (1 diff)
modules/main_menu_panel/module_installer.php (modified) (1 diff)
modules/user_info_panel/module_installer.php (modified) (1 diff)
modules/welcome_message_panel/module_installer.php (modified) (1 diff)
setuser.php (modified) (2 diffs)

Legend:

: Unmodified
: Added
: Removed

trunk/albums.php

r1810	r1853
703	703	$variables['album']['photo_count'] = dbfunction("COUNT(*)", "album_photos", "album_id = ".$album_id);
704	704	// SWFUpload needs this, Flash doesn't maintain the session
705		$variables['session_id'] = ~~$_COOKIE['site_visited']~~;
	705	$variables['session_id'] = _session_ua();
706	706	$variables['session_name'] = $_COOKIE[$settings['session_name']];
707	707	// to check security when uploading

trunk/blogs.php

-                      r1425
+                      r1853
                     ORDER BY blog_datestamp DESC LIMIT ".$settings['blogs_indexsize']);
+        }
+        error_reporting(E_ALL);
         while ($data = dbarray($result)) {
             // store the blog entry(s)
             $data['blog_text'] = stripslashes($data['blog_text']);
+            $idx = 0;
+            while ($next = strpos($data['blog_text'], "<br /><br />", $idx)) {
+                if ($next > 500) break;
+                $idx = $next + 1;
+            }
+            if ($next) $idx = $next;
+            if ($idx) {
+                $data['blog_intro'] = substr($data['blog_text'],0, $idx);
+                $data['read_more'] = true;
+            } else {
+                $data['blog_intro'] = $data['blog_text'];
+                $data['read_more'] = false;
+            }
             // count comments for this blog entry
             $data['comments'] = $data['blog_comments'] ? dbcount("(comment_id)", "comments", "comment_type='B' AND comment_item_id='".$data['blog_id']."'") : 0;

trunk/feeds.php

-                      r1476
+                      r1853
             $item['description'] = "<![CDATA[ <b>".$data['user_name']." ".$locale['401']."</b> ".(strlen($data['post_message']) > 500 ? (substr($data['post_message'],0,496)." ...") : $data['post_message'])." ]]>";
             // locale must be english for this to work!
             $loc = setlocale("LC_TIME", "en_US");
+            $loc = setlocale(LC_TIME, "en_US");
             $item['pubDate'] = strftime("%a, %d %b %G %T %z", $data['post_datestamp']);
             setlocale("LC_TIME", $loc);
+            setlocale(LC_TIME, $loc);
             $item['guid'] = $item['link'];  // make the guid equal to the link, we don't have a need for permalinks
             $feed[] = $item;

trunk/forum/viewforum.php

r1715	r1853
153	153	"SELECT t.*, MAX(p.post_id) AS last_post, COUNT(p.post_id) AS thread_replies, tu1.user_name AS user_author, tu1.user_ip AS user_ip,
154	154	tu2.user_name AS user_lastuser, tu1.user_cc_code AS user_cc_code FROM ".$db_prefix."threads t
155		INNER JOIN ".$db_prefix."posts p ~~USING ( thread_id )~~
	155	INNER JOIN ".$db_prefix."posts p ON t.thread_id = p.thread_id
156	156	LEFT JOIN ".$db_prefix."users tu1 ON t.thread_author = tu1.user_id
157	157	LEFT JOIN ".$db_prefix."users tu2 ON t.thread_lastuser = tu2.user_id

trunk/forum/viewposts.php

-                      r1715
+                      r1853
     "SELECT tp.*, tf.* FROM ".$db_prefix."posts tp
     INNER JOIN ".$db_prefix."threads th USING(thread_id)
     INNER JOIN ".$db_prefix."forums tf USING(forum_id)
+    INNER JOIN ".$db_prefix."forums tf ON tp.forum_id = tf.forum_id
     WHERE ".($thread_limit==0?"":" th.thread_lastpost > ".$thread_limit." AND ").groupaccess('forum_access').($forum_id ? " AND tp.forum_id = '$forum_id'" : "")
 );
 …
     "SELECT tp.*, tf.* FROM ".$db_prefix."posts tp
     INNER JOIN ".$db_prefix."threads th USING(thread_id)
     INNER JOIN ".$db_prefix."forums tf USING(forum_id)
+    INNER JOIN ".$db_prefix."forums tf ON tp.forum_id = tf.forum_id
     WHERE ".($thread_limit==0?"":" th.thread_lastpost > ".$thread_limit." AND ").groupaccess('forum_access').($forum_id ? " AND tp.forum_id = '$forum_id'" : "")."
     ORDER BY post_datestamp DESC

trunk/includes/class.httpdownload.php

-                      r863
+                      r1853
   **/
   function _header($var) {
+    if ($this->handler['header']) return @call_user_func($this->handler['header'],$var);
+    else return header($var);
+    if ($this->handler['header']) $ret = @call_user_func($this->handler['header'],$var);
+    else $ret = header($var);
+    return $ret;
+  }
   function &_fopen($file,$mode) {
+    if ($this->handler['fopen']) return @call_user_func($this->handler['fopen'],$file,$mode);
+    else return fopen($file,$mode);
+    if ($this->handler['fopen']) $ret = @call_user_func($this->handler['fopen'],$file,$mode);
+    else $ret = fopen($file,$mode);
+    return $ret;
+  }
   function _fclose($res) {
+    if ($this->handler['fclose']) return @call_user_func($this->handler['fclose'],$res);
+    else return fclose($res);
+    if ($this->handler['fclose']) $ret = @call_user_func($this->handler['fclose'],$res);
+    else $ret = fclose($res);
+    return $ret;
+  }
   function _fseek($res,$len) {
+    if ($this->handler['fseek']) return @call_user_func($this->handler['fseek'],$res,$len);
+    else return fseek($res,$len);
+    if ($this->handler['fseek']) $ret = @call_user_func($this->handler['fseek'],$res,$len);
+    else $ret = fseek($res,$len);
+    return $ret;
+  }
   function &_fread($file,$size) {
+    if ($this->handler['fread']) return @call_user_func($this->handler['fread'],$file,$size);
+    else return fread($file,$size);
+    if ($this->handler['fread']) $ret = @call_user_func($this->handler['fread'],$file,$size);
+    else $ret = fread($file,$size);
+    return $ret;
+  }
   function _auth() {
     if (!isset($_SERVER['PHP_AUTH_USER'])) return false;
+    if ($this->handler['auth']) return @call_user_func($this->handler['auth'],$_SERVER['PHP_AUTH_USER'],$_SERVER['PHP_AUTH_PW']);
+    else return true; //you must use a handler
+    if ($this->handler['auth']) $ret = @call_user_func($this->handler['auth'],$_SERVER['PHP_AUTH_USER'],$_SERVER['PHP_AUTH_PW']);
+    else $ret = true; //you must use a handler
+    return $ret;
+  }

trunk/includes/jscripts/hoteditor-4.2/editor.js

-                      r1802
+                      r1853
 var show_mode_editor = "1";
 var show_arrow_up_down = 1;
-var mydirection = "ltr";
 var vk_main = "";
+// Text direction can be set by the template
+if (mydirection == null) var mydirection = "ltr";
 // Path definitions
 …
     a = a.replace(/\[url\](.*?)\[\/url\]/gi, "<a href=\"$1\">$1[/url]");
     a = a.replace(/\[\/url\]/gi, "</a>");
+    a = a.replace(/<a href="(.*?)"><\/a>/gi, "<a href=\"$1\">$1</a>");
     a = a.replace(/\[img\](.*?)\[\/img\]/gi, "<img src=\"$1\">");
     var b = a.match(/\[(list|list=1|list=a)\]/gi);
 …
                     o = p[0];
                     if (k.style) {
+                        if (n[1] == o) {
+                            m = "[url]" + AnalyzeHTMLBlock(g, k);
+                        m = "[url=" + o + "]";
+                        var q = AnalyzeHTMLBlock(g, k);
+                        if (q == "") {
+                            m = m + o;
                         } else {
                             m = "[url=" + o + "]" + AnalyzeHTMLBlock(g, k);
+                            m = m + q;
+                        }
                     } else {
+                        if (n[1] == o) {
+                            m = "[url]";
+                        if (o.indexOf("mailto:") != -1) {
+                            var q = o.replace(/mailto:/i, "");
+                            if (q == n[1]) {
+                                m = "[mail]";
+                            } else {
+                                m = "[mail=" + q + "]";
+                            }
                         } else {
+                            if (o.indexOf("mailto:") != -1) {
+                                var q = o.replace(/mailto:/i, "");
+                                if (q == n[1]) {
+                                    m = "[mail]";
+                                } else {
+                                    m = "[mail=" + q + "]";
+                                }
+                            } else {
+                                m = "[url=" + o + "]";
+                            }
+                            m = "[url=" + o + "]";
+                        }
+                    }

trunk/includes/sendmail_include.php

r1799	r1853
69	69	$mail->ClearAllRecipients();
70	70	$mail->ClearReplyTos();
71		return "";
	71	return false;
72	72	}
73	73

trunk/includes/session_functions.php

-                      r1802
+                      r1853
 // to stay in the same session when uploading file(s)
 // (session hijacking is mitigated by the session_ua function)
-if (isset($_POST['SWFSESSIONID']) && !empty($_POST['SWFSESSIONID'])) {
-    $_COOKIE['site_visited'] = $_POST['SWFSESSIONID'];
+}
 if (isset($_POST[$settings['session_name']]) && !empty($_POST[$settings['session_name']])) {
     session_id($_POST[$settings['session_name']]);
 …
     $session_ua = "";
+//  $session_ua .= isset($_SERVER['HTTP_USER_AGENT']) ? $_SERVER['HTTP_USER_AGENT'] : "";
+    $session_ua .= isset($_SERVER['REMOTE_ADDR']) ? $_SERVER['REMOTE_ADDR'] : "";
+    $session_ua .= isset($_SERVER['HTTP_VIA']) ? $_SERVER['HTTP_VIA'] : "";
+    $session_ua .= isset($_SERVER['HTTP_X_FORWARDED_FOR']) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : "";
+    // when called from SWFUpload, set the session cookies from the post variable
+    // to stay in the same session when uploading file(s)
+    // (session hijacking is mitigated by the session_ua function)
+    if (isset($_POST['SWFSESSIONID']) && !empty($_POST['SWFSESSIONID']) && strlen($_POST['SWFSESSIONID'])==32) {
+        return $_POST['SWFSESSIONID'];
+    }
+    $session_ua .= isset($_SERVER['HTTP_USER_AGENT']) ? $_SERVER['HTTP_USER_AGENT'] : "";
+//  $session_ua .= isset($_SERVER['REMOTE_ADDR']) ? $_SERVER['REMOTE_ADDR'] : "";
     $session_ua .= isset($_COOKIE['site_visited']) ? $_COOKIE['site_visited'] : "";

trunk/includes/templates/main.albums.galleryedit.tpl

r1802	r1853
82	82	<option value='-1'{if $gallery.gallery_read == -1} selected='selected'{/if}>{$locale.496}</option>
83	83	{section name=id loop=$all_user_groups}
84		<option value='{$all_user_groups[id].0}'{if $user_groups[id].0 == $gallery.gallery_read} selected='selected'{/if}>{$all_user_groups[id].1}</option>
	84	<option value='{$all_user_groups[id].0}'{if $all_user_groups[id].0 == $gallery.gallery_read} selected='selected'{/if}>{$all_user_groups[id].1}</option>
85	85	{/section}
86	86	</select>

trunk/includes/templates/main.blogs.tpl

-                      r1821
+                      r1853
                         <tr>
                             <td style='width:100%;vertical-align:top;'>
+                                {if $blog_id|default:0 == 0}
+                                    {assign var="rl" value=" <a href='blogs.php?blog_id="|cat:$bloglist[id].blog_id|cat:"'>...</a>"}
+                                    {$bloglist[id].blog_text|truncate:500:$rl}<br />
+                                {if $blog_id|default:0 != 0}
+                                    {$bloglist[id].blog_text}
                                 {else}
+                                    {$bloglist[id].blog_text}<br />
+                                    {$bloglist[id].blog_intro}
+                                    {if $bloglist[id].read_more}&nbsp;<a href='blogs.php?blog_id={$bloglist[id].blog_id} alt='{$locale.422}' title='{$locale.422}''>...</a>{/if}
                                 {/if}
                             </td>
 …
                                 {$bloglist[id].user_name}{if $smarty.const.iMEMBER}</a>{/if}
                                 {$locale.421} {$bloglist[id].blog_datestamp|date_format:"longdate"}
                                 {if !$blog_id}&middot; <a href='blogs.php?blog_id={$bloglist[id].blog_id}'>{$locale.422}</a>{/if}
+                                {if $bloglist[id].read_more && $blog_id|default:0 == 0}&middot; <a href='blogs.php?blog_id={$bloglist[id].blog_id}'>{$locale.422}</a>{/if}
                                 <img src='{$smarty.const.THEME}images/bulletb.gif' alt='' />
                                 <br />

trunk/includes/templates/main.pm.post.tpl

-                      r1802
+                      r1853
                     <input type='submit' name='send_message' value='{$locale.430}' class='button' onclick="return ValidateForm()" />
                 {else}
                     <input type='submit' name='send_preview' value='{$locale.429}' class='button' onclick="javascript:get_hoteditor_data("message");return ValidateForm()" />
                     <input type='submit' name='send_message' value='{$locale.430}' class='button' onclick="javascript:get_hoteditor_data("message");return ValidateForm()" />
+                    <input type='submit' name='send_preview' value='{$locale.429}' class='button' onclick='javascript:get_hoteditor_data("message");return ValidateForm()' />
+                    <input type='submit' name='send_message' value='{$locale.430}' class='button' onclick='javascript:get_hoteditor_data("message");return ValidateForm()' />
                 {/if}
             </td>

trunk/modules/main_menu_panel/module_installer.php

-                      r1250
+                      r1853
 // check for a minumum version of the ExiteCMS engine
 if (str_replace(".", "", $settings['version']) < 700) {
     $mod_errors .= sprintf($locale['mod001'], '7.00');
+if (str_replace(".", "", $settings['version']) < 720) {
+    $mod_errors .= sprintf($locale['mod001'], '7.20');
+}
 // check for a maximum version of the ExiteCMS engine
 if (str_replace(".", "", $settings['version']) > 710) {
     $mod_errors .= sprintf($locale['mod002'], '7.10');
+if (str_replace(".", "", $settings['version']) > 720) {
+    $mod_errors .= sprintf($locale['mod002'], '7.20');
+}
 // check for a specific revision number range that is supported

trunk/modules/user_info_panel/module_installer.php

-                      r1250
+                      r1853
 // check for a minumum version of the ExiteCMS engine
 if (str_replace(".", "", $settings['version']) < 700) {
     $mod_errors .= sprintf($locale['mod001'], '7.00');
+if (str_replace(".", "", $settings['version']) < 720) {
+    $mod_errors .= sprintf($locale['mod001'], '7.20');
+}
 // check for a maximum version of the ExiteCMS engine
 if (str_replace(".", "", $settings['version']) > 710) {
     $mod_errors .= sprintf($locale['mod002'], '7.10');
+if (str_replace(".", "", $settings['version']) > 720) {
+    $mod_errors .= sprintf($locale['mod002'], '7.20');
+}
 // check for a specific revision number range that is supported

trunk/modules/welcome_message_panel/module_installer.php

-                      r1250
+                      r1853
 // check for a minumum version of the ExiteCMS engine
 if (str_replace(".", "", $settings['version']) < 700) {
     $mod_errors .= sprintf($locale['mod001'], '7.00');
+if (str_replace(".", "", $settings['version']) < 720) {
+    $mod_errors .= sprintf($locale['mod001'], '7.20');
+}
 // check for a maximum version of the ExiteCMS engine
 if (str_replace(".", "", $settings['version']) > 710) {
     $mod_errors .= sprintf($locale['mod002'], '7.10');
+if (str_replace(".", "", $settings['version']) > 720) {
+    $mod_errors .= sprintf($locale['mod002'], '7.20');
+}
 // check for a specific revision number range that is supported

trunk/setuser.php

r1776	r1853
19	19
20	20	// set the redirect url (set in theme_cleanup), butnot when in maintenance!
21		if (eregi("maintenance.php", $_SERVER['HTTP_REFERER'])) {
	21	if (isset($_SERVER['HTTP_REFERER']) && eregi("maintenance.php", $_SERVER['HTTP_REFERER'])) {
22	22	$variables['url'] = BASEDIR."index.php";
23	23	} elseif (isset($_SESSION['last_url'])) {
…	…
95	95	$message['line2'] = "<b>".$locale['196']."</b>";
96	96	}
	97	} else {
	98	$message['line2'] = "<b>SESSION ERROR. Please report this to the Webmaster</b>";
97	99	}
98	100	}

Note: See TracChangeset for help on using the changeset viewer.

Context Navigation

Changeset 1853 in ExiteCMS

Legend:

Download in other formats: