Zeile 212 | Zeile 212 |
---|
{ if($fid == $forum['fid']) {
|
{ if($fid == $forum['fid']) {
|
if($pforumcache[$forum['pid']])
| if(!empty($pforumcache[$forum['pid']]))
|
{ $navigation = make_parent_list($forum['pid'], $navsep).$navigation; }
| { $navigation = make_parent_list($forum['pid'], $navsep).$navigation; }
|
Zeile 266 | Zeile 266 |
---|
$db->delete_query("forumpermissions", "fid='{$fid}' AND gid='{$usergroup['gid']}'");
// Only insert the new ones if we're using custom permissions
|
$db->delete_query("forumpermissions", "fid='{$fid}' AND gid='{$usergroup['gid']}'");
// Only insert the new ones if we're using custom permissions
|
if($inherit[$usergroup['gid']] != 1)
| if(empty($inherit[$usergroup['gid']]))
|
{
|
{
|
if($canview[$usergroup['gid']] == 1)
| if(!empty($canview[$usergroup['gid']]))
|
{ $pview = 1; }
| { $pview = 1; }
|
Zeile 277 | Zeile 277 |
---|
$pview = 0; }
|
$pview = 0; }
|
if($canpostthreads[$usergroup['gid']] == 1)
| if(!empty($canpostthreads[$usergroup['gid']]))
|
{ $pthreads = 1; }
| { $pthreads = 1; }
|
Zeile 286 | Zeile 286 |
---|
$pthreads = 0; }
|
$pthreads = 0; }
|
if($canpostreplies[$usergroup['gid']] == 1)
| if(!empty($canpostreplies[$usergroup['gid']]))
|
{ $preplies = 1; }
| { $preplies = 1; }
|
Zeile 295 | Zeile 295 |
---|
$preplies = 0; }
|
$preplies = 0; }
|
if($canpostpolls[$usergroup['gid']] == 1)
| if(!empty($canpostpolls[$usergroup['gid']]))
|
{ $ppolls = 1; }
| { $ppolls = 1; }
|
Zeile 329 | Zeile 329 |
---|
continue; }
|
continue; }
|
$insertquery[$db->escape_string($field)] = (int)$existing_permissions[$field];
| $insertquery[$db->escape_string($field)] = isset($existing_permissions[$field]) ? (int)$existing_permissions[$field] : 0;
|
}
$db->insert_query("forumpermissions", $insertquery);
| }
$db->insert_query("forumpermissions", $insertquery);
|
Zeile 359 | Zeile 359 |
---|
{ $func = $action['module']."_admin_permissions"; $permissions = $func();
|
{ $func = $action['module']."_admin_permissions"; $permissions = $func();
|
if($permissions['permissions'][$action['action']] && $mybb->admin['permissions'][$action['module']][$action['action']] != 1)
| if( !empty($permissions['permissions'][$action['action']]) && empty($mybb->admin['permissions'][$action['module']][$action['action']]) )
|
{ if($error) {
| { if($error) {
|
Zeile 504 | Zeile 507 |
---|
{ return $final_group_perms; }
|
{ return $final_group_perms; }
|
else
| elseif(isset($perms_def))
|
{ return $perms_def; }
|
{ return $perms_def; }
|
| return array();
|
} }
| } }
|
Zeile 516 | Zeile 521 |
---|
* * @param string $mysql_encoding The MySQL encoding * @return string The iconv/mb encoding
|
* * @param string $mysql_encoding The MySQL encoding * @return string The iconv/mb encoding
|
*/
| */
|
function fetch_iconv_encoding($mysql_encoding) { $mysql_encoding = explode("_", $mysql_encoding);
| function fetch_iconv_encoding($mysql_encoding) { $mysql_encoding = explode("_", $mysql_encoding);
|
Zeile 554 | Zeile 559 |
---|
if(!empty($page)) { unset($adminoption['permissions'][$tab][$page]);
|
if(!empty($page)) { unset($adminoption['permissions'][$tab][$page]);
|
} else
| } else
|
{ unset($adminoption['permissions'][$tab]); }
| { unset($adminoption['permissions'][$tab]); }
|
Zeile 567 | Zeile 572 |
---|
if($adminoption['uid'] == 0) { $adminoption['permissions'][$tab][$page] = 0;
|
if($adminoption['uid'] == 0) { $adminoption['permissions'][$tab][$page] = 0;
|
} else
| } else
|
{ $adminoption['permissions'][$tab][$page] = $default; }
| { $adminoption['permissions'][$tab][$page] = $default; }
|
Zeile 607 | Zeile 612 |
---|
{ $query = $db->simple_select("adminoptions", "loginattempts, loginlockoutexpiry", "uid='".(int)$uid."'", 1); $attempts = $db->fetch_array($query);
|
{ $query = $db->simple_select("adminoptions", "loginattempts, loginlockoutexpiry", "uid='".(int)$uid."'", 1); $attempts = $db->fetch_array($query);
|
| if(!$attempts) { return false; }
|
}
if($attempts['loginattempts'] <= 0)
| }
if($attempts['loginattempts'] <= 0)
|
Zeile 657 | Zeile 667 |
---|
function check_template($template) { // Check to see if our database password is in the template
|
function check_template($template) { // Check to see if our database password is in the template
|
if(preg_match('#\$config\[(([\'|"]database[\'|"])|([^\'"].*?))\]\[(([\'|"](database|hostname|password|table_prefix|username)[\'|"])|([^\'"].*?))\]#i', $template))
| if(preg_match('#\$config\[(([\'|"]database[\'|"])|([^\'"].*?))\]\[(([\'|"](database|hostname|password|table_prefix|username)[\'|"])|([^\'"].*?))\]#i', $template) !== 0)
|
{ return true; }
// System calls via backtick
|
{ return true; }
// System calls via backtick
|
if(preg_match('#\$\s*\{#', $template))
| if(preg_match('#\$\s*\{#', $template) !== 0)
|
{ return true; }
// Any other malicious acts? // Courtesy of ZiNgA BuRgA
|
{ return true; }
// Any other malicious acts? // Courtesy of ZiNgA BuRgA
|
if(preg_match("~\\{\\$.+?\\}~s", preg_replace('~\\{\\$+[a-zA-Z_][a-zA-Z_0-9]*((?:-\\>|\\:\\:)\\$*[a-zA-Z_][a-zA-Z_0-9]*|\\[\s*\\$*([\'"]?)[a-zA-Z_ 0-9 ]+\\2\\]\s*)*\\}~', '', $template)))
| $allowed = preg_replace('~\\{\\$+[a-zA-Z_][a-zA-Z_0-9]*((?:-\\>|\\:\\:)\\$*[a-zA-Z_][a-zA-Z_0-9]*|\\[\s*\\$*([\'"]?)[a-zA-Z_ 0-9 ]+\\2\\]\s*)*\\}~', '', $template); if($allowed === null || preg_match("~\\{\\$.+?\\}~s", $allowed) !== 0)
|
{ return true; }
| { return true; }
|