Merge pull request #985 from MissAllSunday/fixes

Fixes

README.md

@@ -21,7 +21,7 @@ by signing off your contributions, you acknowledge that you can and do license y
 * fork the repository. If you are not used to Github, please check out [fork a repository](http://help.github.com/fork-a-repo).
 * branch your repository, to commit the desired changes.
 * sign-off your commits, to acknowledge your submission under the license of the project.
- * an easy way to do so, is to define an alias for the git commit command, which includes -s switch (reference: [How to create Git aliases](http://githacks.com/post/1168909216/how-to-create-git-aliases))
+ * an easy way to do so, is to define an alias for the git commit command, which includes -s switch (reference: [How to create Git aliases](https://git.wiki.kernel.org/index.php/Aliases))
 * send a pull request to us.
 
 ######How to submit a pull request:

Sources/Admin.php

@@ -942,7 +942,7 @@ function AdminEndSession()
 		if (strpos($key, '-admin') !== false)
 			unset($_SESSION['token'][$key]);
 
-	redirectexit('action=admin');
+	redirectexit();
 }
 
 ?>

Sources/ManageAttachments.php

@@ -1355,7 +1355,7 @@ function RepairAttachments()
 					if (!empty($modSettings['currentAttachmentUploadDir']))
 					{
 						// Get the attachment name with out the folder.
-						$attachment_name = !empty($row['file_hash']) ? $row['id_attach'] . '_' . $row['file_hash'] : getLegacyAttachmentFilename($row['filename'], $row['id_attach'], null, true);
+						$attachment_name = $row['id_attach'] . '_' . $row['file_hash'] .'.dat';
 
 						if (!is_array($modSettings['attachmentUploadDir']))
 							$modSettings['attachmentUploadDir'] = unserialize($modSettings['attachmentUploadDir']);

Sources/ModerationCenter.php

@@ -2205,7 +2205,7 @@ function ModEndSession()
 		if (strpos($key, '-mod') !== false)
 			unset($_SESSION['token'][$key]);
 
-	redirectexit('action=moderate');
+	redirectexit();
 }
 
 ?>

Sources/Subs.php

@@ -3123,8 +3123,12 @@ function template_header()
 		if (in_array($layer, array('body', 'main')) && allowedTo('admin_forum') && !$user_info['is_guest'] && !$checked_securityFiles)
 		{
 			$checked_securityFiles = true;
-			// @todo add a hook here
+
 			$securityFiles = array('install.php', 'webinstall.php', 'upgrade.php', 'convert.php', 'repair_paths.php', 'repair_settings.php', 'Settings.php~', 'Settings_bak.php~');
+
+			// Add your own files.
+			call_integration_hook('integrate_security_files', array(&$securityFiles));
+
 			foreach ($securityFiles as $i => $securityFile)
 			{
 				if (!file_exists($boarddir . '/' . $securityFile))
@@ -3394,9 +3398,9 @@ function getAttachmentFilename($filename, $attachment_id, $dir = null, $new = fa
 		$smcFunc['db_free_result']($request);
 	}
 
-	// In case of files from the old system, do a legacy call.
+	// Still no hash? mmm...
 	if (empty($file_hash))
-		return getLegacyAttachmentFilename($filename, $attachment_id, $dir, $new);
+		$file_hash = sha1(md5($filename . time()) . mt_rand());
 
 	// Are we using multiple directories?
 	if (!empty($modSettings['currentAttachmentUploadDir']))
@@ -3408,60 +3412,7 @@ function getAttachmentFilename($filename, $attachment_id, $dir = null, $new = fa
 	else
 		$path = $modSettings['attachmentUploadDir'];
 
-	return $path . '/' . $attachment_id . '_' . $file_hash;
-}
-
-/**
- * Older attachments may still use this function.
- *
- * @param $filename
- * @param $attachment_id
- * @param $dir
- * @param $new
- */
-function getLegacyAttachmentFilename($filename, $attachment_id, $dir = null, $new = false)
-{
-	global $modSettings, $db_character_set;
-
-	$clean_name = $filename;
-	// Remove international characters (windows-1252)
-	// These lines should never be needed again. Still, behave.
-	if (empty($db_character_set) || $db_character_set != 'utf8')
-	{
-		$clean_name = strtr($filename,
-			"\x8a\x8e\x9a\x9e\x9f\xc0\xc1\xc2\xc3\xc4\xc5\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd1\xd2\xd3\xd4\xd5\xd6\xd8\xd9\xda\xdb\xdc\xdd\xe0\xe1\xe2\xe3\xe4\xe5\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf1\xf2\xf3\xf4\xf5\xf6\xf8\xf9\xfa\xfb\xfc\xfd\xff",
-			'SZszYAAAAAACEEEEIIIINOOOOOOUUUUYaaaaaaceeeeiiiinoooooouuuuyy');
-		$clean_name = strtr($clean_name, array("\xde" => 'TH', "\xfe" =>
-			'th', "\xd0" => 'DH', "\xf0" => 'dh', "\xdf" => 'ss', "\x8c" => 'OE',
-			"\x9c" => 'oe', "\xc6" => 'AE', "\xe6" => 'ae', "\xb5" => 'u'));
-	}
-	// Sorry, no spaces, dots, or anything else but letters allowed.
-	$clean_name = preg_replace(array('/\s/', '/[^\w_\.\-]/'), array('_', ''), $clean_name);
-
-	$enc_name = $attachment_id . '_' . strtr($clean_name, '.', '_') . md5($clean_name);
-	$clean_name = preg_replace('~\.[\.]+~', '.', $clean_name);
-
-	if ($attachment_id == false || ($new && empty($modSettings['attachmentEncryptFilenames'])))
-		return $clean_name;
-	elseif ($new)
-		return $enc_name;
-
-	// Are we using multiple directories?
-	if (!empty($modSettings['currentAttachmentUploadDir']))
-	{
-		if (!is_array($modSettings['attachmentUploadDir']))
-			$modSettings['attachmentUploadDir'] = unserialize($modSettings['attachmentUploadDir']);
-		$path = $modSettings['attachmentUploadDir'][$dir];
-	}
-	else
-		$path = $modSettings['attachmentUploadDir'];
-
-	if (file_exists($path . '/' . $enc_name))
-		$filename = $path . '/' . $enc_name;
-	else
-		$filename = $path . '/' . $clean_name;
-
-	return $filename;
+	return $path . '/' . $attachment_id . '_' . $file_hash .'.dat';
 }
 
 /**

other/upgrade_2-1_mysql.sql

@@ -38,7 +38,7 @@ if (!isset($modSettings['allow_no_censored']))
 		WHERE variable='allow_no_censored'
 		AND id_theme = 1 OR id_theme = '$modSettings[theme_default]'
 	");
-	
+
 	// Is it set for either "default" or the one they've set as default?
 	while ($row = $smcFunc['db_fetch_assoc']($request))
 	{
@@ -48,7 +48,7 @@ if (!isset($modSettings['allow_no_censored']))
 				INSERT INTO {$db_prefix}settings
 				VALUES ('allow_no_censored', 1)
 			");
-			
+
 			// Don't do this twice...
 			break;
 		}
@@ -85,11 +85,12 @@ $is_done = false;
 while (!$is_done)
 {
 	nextSubStep($substep);
+	$fileHash = '';
 
 	$request = upgrade_query("
 		SELECT id_attach, id_folder, filename, file_hash
 		FROM {$db_prefix}attachments
-		WHERE file_hash = ''
+		WHERE attachment_type != 1
 		LIMIT $_GET[a], 100");
 
 	// Finished?
@@ -99,22 +100,54 @@ while (!$is_done)
 	while ($row = $smcFunc['db_fetch_assoc']($request))
 	{
 		// The current folder.
-		$current_folder = !empty($modSettings['currentAttachmentUploadDir']) ? $modSettings['attachmentUploadDir'][$row['id_folder']] : $modSettings['attachmentUploadDir'];
+		$currentFolder = !empty($modSettings['currentAttachmentUploadDir']) ? $modSettings['attachmentUploadDir'][$row['id_folder']] : $modSettings['attachmentUploadDir'];
+
+		// Old School?
+		if (empty($row['file_hash']))
+		{
+			// Remove international characters (windows-1252)
+			// These lines should never be needed again. Still, behave.
+			if (empty($db_character_set) || $db_character_set != 'utf8')
+			{
+				$row['filename'] = strtr($row['filename'],
+					"\x8a\x8e\x9a\x9e\x9f\xc0\xc1\xc2\xc3\xc4\xc5\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd1\xd2\xd3\xd4\xd5\xd6\xd8\xd9\xda\xdb\xdc\xdd\xe0\xe1\xe2\xe3\xe4\xe5\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf1\xf2\xf3\xf4\xf5\xf6\xf8\xf9\xfa\xfb\xfc\xfd\xff",
+					'SZszYAAAAAACEEEEIIIINOOOOOOUUUUYaaaaaaceeeeiiiinoooooouuuuyy');
+				$row['filename'] = strtr($row['filename'], array("\xde" => 'TH', "\xfe" =>
+					'th', "\xd0" => 'DH', "\xf0" => 'dh', "\xdf" => 'ss', "\x8c" => 'OE',
+					"\x9c" => 'oe', "\xc6" => 'AE', "\xe6" => 'ae', "\xb5" => 'u'));
+			}
+			// Sorry, no spaces, dots, or anything else but letters allowed.
+			$row['filename'] = preg_replace(array('/\s/', '/[^\w_\.\-]/'), array('_', ''), $row['filename']);
+
+			// Create a nice hash.
+			$fileHash = sha1(md5($row['filename'] . time()) . mt_rand());
+
+			// The old file, we need to know if the filename was encrypted or not.
+			if (file_exists($currentFolder . '/' . $row['id_attach']. '_' . strtr($row['filename'], '.', '_') . md5($row['filename'])))
+				$oldFile = $currentFolder . '/' . $row['id_attach']. '_' . strtr($row['filename'], '.', '_') . md5($row['filename']);
 
-		// The old location of the file.
-		$old_location = getLegacyAttachmentFilename($row['filename'], $row['id_attach'], $row['id_folder']);
+			else if (file_exists($currentFolder . '/' . $row['filename']));
+				$oldFile = $currentFolder . '/' . $row['filename'];
 
-		// The new file name.
-		$file_hash = getAttachmentFilename($row['filename'], $row['id_attach'], $row['id_folder'], true);
+			// Build the new file.
+			$newFile = $currentFolder . '/' . $row['id_attach'] . '_' . $fileHash .'.dat';
+		}
+
+		// Just rename the file.
+		else
+		{
+			$oldFile = $currentFolder . '/' . $row['id_attach'] . '_' . $row['file_hash'];
+			$newFile = $currentFolder . '/' . $row['id_attach'] . '_' . $row['file_hash'] .'.dat';
+		}
 
 		// And we try to move it.
-		rename($old_location, $current_folder . '/' . $row['id_attach'] . '_' . $file_hash);
+		rename($oldFile, $newFile);
 
-		// Only update thif if it was successful.
-		if (file_exists($current_folder . '/' . $row['id_attach'] . '_' . $file_hash) && !file_exists($old_location))
+		// Only update this if it was successful and the file was using the old system.
+		if (empty($row['file_hash']) && !empty($fileHash) && file_exists($newFile) && !file_exists($oldFile))
 			upgrade_query("
 				UPDATE {$db_prefix}attachments
-				SET file_hash = '$file_hash'
+				SET file_hash = '$fileHash'
 				WHERE id_attach = $row[id_attach]");
 	}
 	$smcFunc['db_free_result']($request);
@@ -610,7 +643,7 @@ $request = upgrade_query("
 	SELECT id_group, add_deny
 	FROM {$db_prefix}permissions
 	WHERE permission = 'profile_identity_own'");
-	
+
 	while ($row = $smcFunc['db_fetch_assoc']($request))
 	{
 		$inserts[] = "($row[id_group], 'profile_password_own', $row[add_deny])";
@@ -638,7 +671,7 @@ $request = upgrade_query("
 	SELECT id_group, add_deny
 	FROM {$db_prefix}permissions
 	WHERE permission = 'profile_extra_own'");
-	
+
 	while ($row = $smcFunc['db_fetch_assoc']($request))
 	{
 		$inserts[] = "($row[id_group], 'profile_blurb_own', $row[add_deny])";
@@ -724,7 +757,7 @@ ADD COLUMN in_inbox tinyint(3) NOT NULL default '1';
 		if (!empty($inserts))
 		{
 			$smcFunc['db_insert']('', '{db_prefix}pm_labels', array('id_member' => 'int', 'name' => 'string-30'), $inserts, array());
-			
+
 			// Clear this out for our next query below
 			$inserts = array();
 		}
@@ -774,7 +807,7 @@ ADD COLUMN in_inbox tinyint(3) NOT NULL default '1';
 		while ($row = $smcFunc['db_fetch_assoc']($get_pm_labels))
 		{
 			$labels = explode(',', $row['labels']);
-			
+
 			foreach ($labels as $a_label)
 			{
 				if ($a_label == '-1')
@@ -827,7 +860,7 @@ ADD COLUMN in_inbox tinyint(3) NOT NULL default '1';
 				array(
 					'actions' => $actions,
 					'id_rule' => $row['id_rule'],
-				)	
+				)
 			);
 		}
 

other/upgrade_2-1_postgresql.sql

@@ -87,11 +87,12 @@ $is_done = false;
 while (!$is_done)
 {
 	nextSubStep($substep);
+	$fileHash = '';
 
 	$request = upgrade_query("
 		SELECT id_attach, id_folder, filename, file_hash
 		FROM {$db_prefix}attachments
-		WHERE file_hash = ''
+		WHERE attachment_type != 1
 		LIMIT $_GET[a], 100");
 
 	// Finished?
@@ -101,22 +102,54 @@ while (!$is_done)
 	while ($row = $smcFunc['db_fetch_assoc']($request))
 	{
 		// The current folder.
-		$current_folder = !empty($modSettings['currentAttachmentUploadDir']) ? $modSettings['attachmentUploadDir'][$row['id_folder']] : $modSettings['attachmentUploadDir'];
+		$currentFolder = !empty($modSettings['currentAttachmentUploadDir']) ? $modSettings['attachmentUploadDir'][$row['id_folder']] : $modSettings['attachmentUploadDir'];
 
-		// The old location of the file.
-		$old_location = getLegacyAttachmentFilename($row['filename'], $row['id_attach'], $row['id_folder']);
+		// Old School?
+		if (empty($row['file_hash']))
+		{
+			// Remove international characters (windows-1252)
+			// These lines should never be needed again. Still, behave.
+			if (empty($db_character_set) || $db_character_set != 'utf8')
+			{
+				$row['filename'] = strtr($row['filename'],
+					"\x8a\x8e\x9a\x9e\x9f\xc0\xc1\xc2\xc3\xc4\xc5\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd1\xd2\xd3\xd4\xd5\xd6\xd8\xd9\xda\xdb\xdc\xdd\xe0\xe1\xe2\xe3\xe4\xe5\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf1\xf2\xf3\xf4\xf5\xf6\xf8\xf9\xfa\xfb\xfc\xfd\xff",
+					'SZszYAAAAAACEEEEIIIINOOOOOOUUUUYaaaaaaceeeeiiiinoooooouuuuyy');
+				$row['filename'] = strtr($row['filename'], array("\xde" => 'TH', "\xfe" =>
+					'th', "\xd0" => 'DH', "\xf0" => 'dh', "\xdf" => 'ss', "\x8c" => 'OE',
+					"\x9c" => 'oe', "\xc6" => 'AE', "\xe6" => 'ae', "\xb5" => 'u'));
+			}
+			// Sorry, no spaces, dots, or anything else but letters allowed.
+			$row['filename'] = preg_replace(array('/\s/', '/[^\w_\.\-]/'), array('_', ''), $row['filename']);
+
+			// Create a nice hash.
+			$fileHash = sha1(md5($row['filename'] . time()) . mt_rand());
+
+			// The old file, we need to know if the filename was encrypted or not.
+			if (file_exists($currentFolder . '/' . $row['id_attach']. '_' . strtr($row['filename'], '.', '_') . md5($row['filename'])))
+				$oldFile = $currentFolder . '/' . $row['id_attach']. '_' . strtr($row['filename'], '.', '_') . md5($row['filename']);
 
-		// The new file name.
-		$file_hash = getAttachmentFilename($row['filename'], $row['id_attach'], $row['id_folder'], true);
+			else if (file_exists($currentFolder . '/' . $row['filename']));
+				$oldFile = $currentFolder . '/' . $row['filename'];
+
+			// Build the new file.
+			$newFile = $currentFolder . '/' . $row['id_attach'] . '_' . $fileHash .'.dat';
+		}
+
+		// Just rename the file.
+		else
+		{
+			$oldFile = $currentFolder . '/' . $row['id_attach'] . '_' . $row['file_hash'];
+			$newFile = $currentFolder . '/' . $row['id_attach'] . '_' . $row['file_hash'] .'.dat';
+		}
 
 		// And we try to move it.
-		rename($old_location, $current_folder . '/' . $row['id_attach'] . '_' . $file_hash);
+		rename($oldFile, $newFile);
 
-		// Only update thif if it was successful.
-		if (file_exists($current_folder . '/' . $row['id_attach'] . '_' . $file_hash) && !file_exists($old_location))
+		// Only update this if it was successful and the file was using the old system.
+		if (empty($row['file_hash']) && !empty($fileHash) && file_exists($newFile) && !file_exists($oldFile))
 			upgrade_query("
 				UPDATE {$db_prefix}attachments
-				SET file_hash = '$file_hash'
+				SET file_hash = '$fileHash'
 				WHERE id_attach = $row[id_attach]");
 	}
 	$smcFunc['db_free_result']($request);

other/upgrade_2-1_sqlite.sql

@@ -85,11 +85,12 @@ $is_done = false;
 while (!$is_done)
 {
 	nextSubStep($substep);
+	$fileHash = '';
 
 	$request = upgrade_query("
 		SELECT id_attach, id_folder, filename, file_hash
 		FROM {$db_prefix}attachments
-		WHERE file_hash = ''
+		WHERE attachment_type != 1
 		LIMIT $_GET[a], 100");
 
 	// Finished?
@@ -99,22 +100,54 @@ while (!$is_done)
 	while ($row = $smcFunc['db_fetch_assoc']($request))
 	{
 		// The current folder.
-		$current_folder = !empty($modSettings['currentAttachmentUploadDir']) ? $modSettings['attachmentUploadDir'][$row['id_folder']] : $modSettings['attachmentUploadDir'];
+		$currentFolder = !empty($modSettings['currentAttachmentUploadDir']) ? $modSettings['attachmentUploadDir'][$row['id_folder']] : $modSettings['attachmentUploadDir'];
 
-		// The old location of the file.
-		$old_location = getLegacyAttachmentFilename($row['filename'], $row['id_attach'], $row['id_folder']);
+		// Old School?
+		if (empty($row['file_hash']))
+		{
+			// Remove international characters (windows-1252)
+			// These lines should never be needed again. Still, behave.
+			if (empty($db_character_set) || $db_character_set != 'utf8')
+			{
+				$row['filename'] = strtr($row['filename'],
+					"\x8a\x8e\x9a\x9e\x9f\xc0\xc1\xc2\xc3\xc4\xc5\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd1\xd2\xd3\xd4\xd5\xd6\xd8\xd9\xda\xdb\xdc\xdd\xe0\xe1\xe2\xe3\xe4\xe5\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf1\xf2\xf3\xf4\xf5\xf6\xf8\xf9\xfa\xfb\xfc\xfd\xff",
+					'SZszYAAAAAACEEEEIIIINOOOOOOUUUUYaaaaaaceeeeiiiinoooooouuuuyy');
+				$row['filename'] = strtr($row['filename'], array("\xde" => 'TH', "\xfe" =>
+					'th', "\xd0" => 'DH', "\xf0" => 'dh', "\xdf" => 'ss', "\x8c" => 'OE',
+					"\x9c" => 'oe', "\xc6" => 'AE', "\xe6" => 'ae', "\xb5" => 'u'));
+			}
+			// Sorry, no spaces, dots, or anything else but letters allowed.
+			$row['filename'] = preg_replace(array('/\s/', '/[^\w_\.\-]/'), array('_', ''), $row['filename']);
+
+			// Create a nice hash.
+			$fileHash = sha1(md5($row['filename'] . time()) . mt_rand());
+
+			// The old file, we need to know if the filename was encrypted or not.
+			if (file_exists($currentFolder . '/' . $row['id_attach']. '_' . strtr($row['filename'], '.', '_') . md5($row['filename'])))
+				$oldFile = $currentFolder . '/' . $row['id_attach']. '_' . strtr($row['filename'], '.', '_') . md5($row['filename']);
 
-		// The new file name.
-		$file_hash = getAttachmentFilename($row['filename'], $row['id_attach'], $row['id_folder'], true);
+			else if (file_exists($currentFolder . '/' . $row['filename']));
+				$oldFile = $currentFolder . '/' . $row['filename'];
+
+			// Build the new file.
+			$newFile = $currentFolder . '/' . $row['id_attach'] . '_' . $fileHash .'.dat';
+		}
+
+		// Just rename the file.
+		else
+		{
+			$oldFile = $currentFolder . '/' . $row['id_attach'] . '_' . $row['file_hash'];
+			$newFile = $currentFolder . '/' . $row['id_attach'] . '_' . $row['file_hash'] .'.dat';
+		}
 
 		// And we try to move it.
-		rename($old_location, $current_folder . '/' . $row['id_attach'] . '_' . $file_hash);
+		rename($oldFile, $newFile);
 
-		// Only update thif if it was successful.
-		if (file_exists($current_folder . '/' . $row['id_attach'] . '_' . $file_hash) && !file_exists($old_location))
+		// Only update this if it was successful and the file was using the old system.
+		if (empty($row['file_hash']) && !empty($fileHash) && file_exists($newFile) && !file_exists($oldFile))
 			upgrade_query("
 				UPDATE {$db_prefix}attachments
-				SET file_hash = '$file_hash'
+				SET file_hash = '$fileHash'
 				WHERE id_attach = $row[id_attach]");
 	}
 	$smcFunc['db_free_result']($request);