Vergleich admin/inc/functions.php - 1.6.2 - 1.6.13

Keine Änderungen Hinzugefügt Modifiziert Entfernt
Zeile 6	Zeile 6
* Website: http://mybb.com * License: http://mybb.com/about/license *	* Website: http://mybb.com * License: http://mybb.com/about/license *
* $Id: functions.php 5016 2010-06-12 00:24:02Z RyanGordon $	* $Id: functions.php 5829 2012-05-22 10:48:03Z Tomm $
/ /*	/ /*
Zeile 153	Zeile 153
if($from > 2) { $first = fetch_page_url($url, 1);	if($from > 2) { $first = fetch_page_url($url, 1);
$pagination .= "<a href=\"{$first}\" title=\"Page 1\" class=\"pagination_first\">1</a> ... ";	$pagination .= "<a href=\"{$first}\" title=\"{$lang->page} 1\" class=\"pagination_first\">1</a> ... ";
} for($i = $from; $i <= $to; ++$i)	} for($i = $from; $i <= $to; ++$i)
Zeile 298	Zeile 298
else { $ppolls = 0;	else { $ppolls = 0;
} if($canpostattachments[$usergroup['gid']] == 1) { $pattachments = 1; } else { $pattachments = 0;
} if(!$preplies && !$pthreads) { $ppost = 0;	} if(!$preplies && !$pthreads) { $ppost = 0;
}	}
else { $ppost = 1;	else { $ppost = 1;
}	}
$insertquery = array( "fid" => intval($fid),	$insertquery = array( "fid" => intval($fid),
Zeile 324	Zeile 315
"canview" => intval($pview), "canpostthreads" => intval($pthreads), "canpostreplys" => intval($preplies),	"canview" => intval($pview), "canpostthreads" => intval($pthreads), "canpostreplys" => intval($preplies),
"canpostattachments" => intval($pattachments),
"canpostpolls" => intval($ppolls), );	"canpostpolls" => intval($ppolls), );
Zeile 342	Zeile 332
} } $cache->update_forumpermissions();	} } $cache->update_forumpermissions();
} /**	} /**
* Checks if a particular user has the necessary permissions to access a particular page. * * @param array Array containing module and action to check for	* Checks if a particular user has the necessary permissions to access a particular page. * * @param array Array containing module and action to check for
*/ function check_admin_permissions($action) {	*/ function check_admin_permissions($action, $error = true) {
global $mybb, $page, $lang, $modules_dir; if(is_super_admin($mybb->user['uid']))	global $mybb, $page, $lang, $modules_dir; if(is_super_admin($mybb->user['uid']))
Zeile 365	Zeile 355
$permissions = $func(); if($permissions['permissions'][$action['action']] && $mybb->admin['permissions'][$action['module']][$action['action']] != 1) {	$permissions = $func(); if($permissions['permissions'][$action['action']] && $mybb->admin['permissions'][$action['module']][$action['action']] != 1) {
$page->output_header($lang->access_denied); $page->add_breadcrumb_item($lang->access_denied, "index.php?module=home-index"); $page->output_error("<b>{$lang->access_denied}</b><ul><li style=\"list-style-type: none;\">{$lang->access_denied_desc}</li></ul>"); $page->output_footer(); exit;	if($error) { $page->output_header($lang->access_denied); $page->add_breadcrumb_item($lang->access_denied, "index.php?module=home-index"); $page->output_error("<b>{$lang->access_denied}</b><ul><li style=\"list-style-type: none;\">{$lang->access_denied_desc}</li></ul>"); $page->output_footer(); exit; } else { return false; }
} }	} }
Zeile 390	Zeile 387
// Set UID and GID if none $uid = $get_uid; $gid = $get_gid;	// Set UID and GID if none $uid = $get_uid; $gid = $get_gid;

$gid_array = array(); if($uid === "")	$gid_array = array(); if($uid === "")
{	{
$uid = $mybb->user['uid']; } if(!$gid)	$uid = $mybb->user['uid']; } if(!$gid)
{	{
// Prepare user's groups since the group isn't specified $gid_array[] = (-1) * intval($mybb->user['usergroup']);	// Prepare user's groups since the group isn't specified $gid_array[] = (-1) * intval($mybb->user['usergroup']);
Zeile 418	Zeile 415
} } else	} } else
{	{
// Group is specified // Make sure gid is negative $gid_array[] = (-1) * abs($gid);	// Group is specified // Make sure gid is negative $gid_array[] = (-1) * abs($gid);
Zeile 428	Zeile 425
if($get_gid && !$get_uid) { // A group only	if($get_gid && !$get_uid) { // A group only
$options = array( "order_by" => "uid",	$options = array( "order_by" => "uid",
"order_dir" => "ASC", "limit" => "1" );	"order_dir" => "ASC", "limit" => "1" );
Zeile 440	Zeile 437
else { // A user and/or group	else { // A user and/or group

$options = array( "order_by" => "uid", "order_dir" => "DESC" );	$options = array( "order_by" => "uid", "order_dir" => "DESC" );

// Prepare user's groups into SQL format $group_sql = ''; foreach($gid_array as $gid)	// Prepare user's groups into SQL format $group_sql = ''; foreach($gid_array as $gid)
Zeile 468	Zeile 465
elseif($perm['uid'] < 0) { $perms_group[] = $perm['permissions'];	elseif($perm['uid'] < 0) { $perms_group[] = $perm['permissions'];
} else {	} else {
$perms_def = $perm['permissions']; } }	$perms_def = $perm['permissions']; } }
Zeile 500	Zeile 497
if(isset($final_group_perms)) { return $final_group_perms;	if(isset($final_group_perms)) { return $final_group_perms;
}	}
else { return $perms_def;	else { return $perms_def;
Zeile 510	Zeile 507
/** * Fetch the iconv/mb encoding for a particular MySQL encoding	/** * Fetch the iconv/mb encoding for a particular MySQL encoding
*	*
* @param string The MySQL encoding * @return string The iconv/mb encoding */	* @param string The MySQL encoding * @return string The iconv/mb encoding */
Zeile 631	Zeile 628
} }	} }
	return false; } /** * Checks whether there are any 'security' issues in templates via complex syntax * * @param string The template to be scanned * @return boolean A true/false depending on if an issue was detected / function check_template($template) { // Check to see if our database password is in the template if(preg_match("#database'?\\s\]\\s\[\\s'?password#", $template)) { return true; } // System calls via backtick if(preg_match('#\$\s\{#', $template)) { return true; } // Any other malicious acts? // Courtesy of ZiNgA BuRgA if(preg_match("~\\{\\$.+?\\}~s", preg_replace('~\\{\\$+[a-zA-Z_][a-zA-Z_0-9]((?:-\\>\|\\:\\:)\\$[a-zA-Z_][a-zA-Z_0-9]\|\\[\s\\$([\'"]?)[a-zA-Z_ 0-9 ]+\\2\\]\s)\\}~', '', $template))) { return true; }
return false; }	return false; }