Merge pull request #7 from emanuele45/master

few other fixes and hostname

Sources/Admin.php

@@ -89,6 +89,7 @@ function AdminMain()
 				'adminlogoff' => array(
 					'label' => $txt['admin_logoff'],
 					'function' => 'AdminEndSession',
+					'enabled' => empty($modSettings['securityDisable']),
 //					'icon' => 'administration.gif',
 				),
 
@@ -950,7 +951,7 @@ function AdminLogs()
 	$log_functions = array(
 		'errorlog' => array('ManageErrors.php', 'ViewErrorLog'),
 		'adminlog' => array('Modlog.php', 'ViewModlog'),
-		'modlog' => array('Modlog.php', 'ViewModlog'),
+		'modlog' => array('Modlog.php', 'ViewModlog', 'disabled' => !in_array('ml', $context['admin_features'])),
 		'banlog' => array('ManageBans.php', 'BanLog'),
 		'spiderlog' => array('ManageSearchEngines.php', 'SpiderLogs'),
 		'tasklog' => array('ManageScheduledTasks.php', 'TaskLog'),
@@ -959,7 +960,7 @@ function AdminLogs()
 
 	call_integration_hook('integrate_manage_logs', array(&$log_functions));
 
-	$sub_action = isset($_REQUEST['sa']) && isset($log_functions[$_REQUEST['sa']]) ? $_REQUEST['sa'] : 'errorlog';
+	$sub_action = isset($_REQUEST['sa']) && isset($log_functions[$_REQUEST['sa']]) && empty($log_functions[$_REQUEST['sa']]['disabled']) ? $_REQUEST['sa'] : 'errorlog';
 	// If it's not got a sa set it must have come here for first time, pretend error log should be reversed.
 	if (!isset($_REQUEST['sa']))
 		$_REQUEST['desc'] = true;

Sources/ManageAttachments.php

@@ -236,6 +236,9 @@ function ManageAvatarSettings($return_config = false)
 	// Attempt to figure out if the admin is trying to break things.
 	$context['settings_save_onclick'] = 'return document.getElementById(\'custom_avatar_enabled\').value == 1 && (document.getElementById(\'custom_avatar_dir\').value == \'\' || document.getElementById(\'custom_avatar_url\').value == \'\') ? confirm(\'' . $txt['custom_avatar_check_empty'] . '\') : true;';
 
+	// We need this for the in-line permissions
+	createToken('admin-mp');
+
 	// Prepare the context.
 	$context['post_url'] = $scripturl . '?action=admin;area=manageattachments;save;sa=avatars';
 	prepareDBSettingContext($config_vars);

Sources/ManageBoards.php

@@ -826,6 +826,9 @@ function EditBoardSettings($return_config = false)
 		redirectexit('action=admin;area=manageboards;sa=settings');
 	}
 
+	// We need this for the in-line permissions
+	createToken('admin-mp');
+
 	// Prepare the settings...
 	prepareDBSettingContext($config_vars);
 }

Sources/ManageCalendar.php

@@ -366,6 +366,9 @@ function ModifyCalendarSettings($return_config = false)
 		redirectexit('action=admin;area=managecalendar;sa=settings');
 	}
 
+	// We need this for the in-line permissions
+	createToken('admin-mp');
+
 	// Prepare the settings...
 	prepareDBSettingContext($config_vars);
 }

Sources/ManageMembergroups.php

@@ -1152,6 +1152,9 @@ function ModifyMembergroupsettings()
 	$context['post_url'] = $scripturl . '?action=admin;area=membergroups;save;sa=settings';
 	$context['settings_title'] = $txt['membergroups_settings'];
 
+	// We need this for the in-line permissions
+	createToken('admin-mp');
+
 	prepareDBSettingContext($config_vars);
 }
 

Sources/ManageNews.php

@@ -821,6 +821,9 @@ function ModifyNewsSettings($return_config = false)
 		redirectexit('action=admin;area=news;sa=settings');
 	}
 
+	// We need this for the in-line permissions
+	createToken('admin-mp');
+
 	prepareDBSettingContext($config_vars);
 }
 

Sources/ManagePermissions.php

@@ -39,14 +39,14 @@ function ModifyPermissions()
 		'modify2' => array('ModifyMembergroup2', 'manage_permissions'),
 		'quick' => array('SetQuickGroups', 'manage_permissions'),
 		'quickboard' => array('SetQuickBoards', 'manage_permissions'),
-		'postmod' => array('ModifyPostModeration', 'manage_permissions'),
+		'postmod' => array('ModifyPostModeration', 'manage_permissions', 'disabled' => !in_array('pm', $context['admin_features'])),
 		'profiles' => array('EditPermissionProfiles', 'manage_permissions'),
 		'settings' => array('GeneralPermissionSettings', 'admin_forum'),
 	);
 
 	call_integration_hook('integrate_manage_permissions', array(&$subActions));
 
-	$_REQUEST['sa'] = isset($_REQUEST['sa']) && isset($subActions[$_REQUEST['sa']]) ? $_REQUEST['sa'] : (allowedTo('manage_permissions') ? 'index' : 'settings');
+	$_REQUEST['sa'] = isset($_REQUEST['sa']) && isset($subActions[$_REQUEST['sa']]) && empty($subActions[$_REQUEST['sa']]['disabled']) ? $_REQUEST['sa'] : (allowedTo('manage_permissions') ? 'index' : 'settings');
 	isAllowedTo($subActions[$_REQUEST['sa']][1]);
 
 	// Create the tabs for the template.
@@ -1062,6 +1062,9 @@ function GeneralPermissionSettings($return_config = false)
 		redirectexit('action=admin;area=permissions;sa=settings');
 	}
 
+	// We need this for the in-line permissions
+	createToken('admin-mp');
+
 	prepareDBSettingContext($config_vars);
 }
 

Sources/ManageSearch.php

@@ -136,6 +136,9 @@ function EditSearchSettings($return_config = false)
 	$context['post_url'] = $scripturl . '?action=admin;area=managesearch;save;sa=settings';
 	$context['settings_title'] = $txt['search_settings_title'];
 
+	// We need this for the in-line permissions
+	createToken('admin-mp');
+
 	prepareDBSettingContext($config_vars);
 }
 

Sources/ManageServer.php

@@ -259,7 +259,7 @@ function ModifyDatabaseSettings($return_config = false)
  */
 function ModifyCookieSettings($return_config = false)
 {
-	global $context, $scripturl, $txt, $sourcedir, $modSettings, $cookiename, $user_settings;
+	global $context, $scripturl, $txt, $sourcedir, $modSettings, $cookiename, $user_settings, $boardurl;
 
 	// Define the variables we want to edit.
 	$config_vars = array(
@@ -268,6 +268,7 @@ function ModifyCookieSettings($return_config = false)
 		array('cookieTime', $txt['cookieTime'], 'db', 'int'),
 		array('localCookies', $txt['localCookies'], 'db', 'check', false, 'localCookies'),
 		array('globalCookies', $txt['globalCookies'], 'db', 'check', false, 'globalCookies'),
+		array('globalCookiesDomain', $txt['globalCookiesDomain'], 'db', 'text', false, 'globalCookiesDomain'),
 		array('secureCookies', $txt['secureCookies'], 'db', 'check', false, 'secureCookies',  'disabled' => !isset($_SERVER['HTTPS']) || !(strtolower($_SERVER['HTTPS']) == 'on' || strtolower($_SERVER['HTTPS']) == '1')),
 		array('httponlyCookies', $txt['httponlyCookies'], 'db', 'check', false, 'httponlyCookies'),
 		'',
@@ -290,6 +291,9 @@ function ModifyCookieSettings($return_config = false)
 	{
 		call_integration_hook('integrate_save_cookie_settings');
 
+		if (!empty($_POST['globalCookiesDomain']) && strpos($boardurl, $_POST['globalCookiesDomain']) === false)
+			fatal_lang_error('invalid_cookie_domain', false);
+
 		saveSettings($config_vars);
 
 		// If the cookie name was changed, reset the cookie.
@@ -521,6 +525,7 @@ function prepareServerSettingsContext(&$config_vars)
 		}
 	}
 
+	// Two tokens because save these settings require both saveSettings and saveDBSettings
 	createToken('admin-ssc');
 	createToken('admin-dbsc');
 }

Sources/ManageSettings.php

@@ -63,6 +63,14 @@ function ModifyFeatureSettings()
 
 	call_integration_hook('integrate_modify_features', array(&$subActions));
 
+	// If Advanced Profile Fields are disabled don't show the setting page
+	if (!in_array('cp', $context['admin_features']))
+		unset($subActions['profile']);
+
+	// Same for Karma
+	if (!in_array('k', $context['admin_features']))
+		unset($subActions['karma']);
+
 	loadGeneralSettingParameters($subActions, 'basic');
 
 	// Load up all the tabs...
@@ -107,6 +115,10 @@ function ModifySecuritySettings()
 
 	call_integration_hook('integrate_modify_security', array(&$subActions));
 
+	// If Warning System is disabled don't show the setting page
+	if (!in_array('w', $context['admin_features']))
+		unset($subActions['moderation']);
+
 	loadGeneralSettingParameters($subActions, 'general');
 
 	// Load up all the tabs...

Sources/ManageSmileys.php

@@ -44,6 +44,20 @@ function ManageSmileys()
 
 	call_integration_hook('integrate_manage_smileys', array(&$subActions));
 
+	// If customized smileys is disabled don't show the setting page
+	if (empty($modSettings['smiley_enable']))
+	{
+		unset($subActions['addsmiley']);
+		unset($subActions['editsmileys']);
+		unset($subActions['setorder']);
+		unset($subActions['modifysmiley']);
+	}
+	if (empty($modSettings['messageIcons_enable']))
+	{
+		unset($subActions['editicon']);
+		unset($subActions['editicons']);
+	}
+
 	// Default the sub-action to 'edit smiley settings'.
 	$_REQUEST['sa'] = isset($_REQUEST['sa']) && isset($subActions[$_REQUEST['sa']]) ? $_REQUEST['sa'] : 'editsets';
 
@@ -164,6 +178,9 @@ function EditSmileySettings($return_config = false)
 		redirectexit('action=admin;area=smileys;sa=settings');
 	}
 
+	// We need this for the in-line permissions
+	createToken('admin-mp');
+
 	prepareDBSettingContext($config_vars);
 }
 

Sources/ModerationCenter.php

@@ -148,6 +148,7 @@ function ModerationMain($dont_call = false)
 				'modlogoff' => array(
 					'label' => $txt['mc_logoff'],
 					'function' => 'ModEndSession',
+					'enabled' => empty($modSettings['securityDisable_moderate']),
 				),
 			),
 		),

Sources/QueryString.php

@@ -601,7 +601,7 @@ function ob_sessrewrite($buffer)
 
 	// Do nothing if the session is cookied, or they are a crawler - guests are caught by redirectexit().  This doesn't work below PHP 4.3.0, because it makes the output buffer bigger.
 	// @todo smflib
-	if (empty($_COOKIE) && SID != '' && isBrowser('possibly_robot'))
+	if (empty($_COOKIE) && SID != '' && !isBrowser('possibly_robot'))
 		$buffer = preg_replace('/"' . preg_quote($scripturl, '/') . '(?!\?' . preg_quote(SID, '/') . ')\\??/', '"' . $scripturl . '?' . SID . '&', $buffer);
 	// Debugging templates, are we?
 	elseif (isset($_GET['debug']))

Sources/Security.php

@@ -40,7 +40,7 @@ function validateSession($type = 'admin')
 	$refreshTime = isset($_GET['xml']) ? 4200 : 3600;
 
 	// Is the security option off?  Or are they already logged in?
-	if (!empty($modSettings['securityDisable' . $type != 'admin' ? '_' . $type : '']) || (!empty($_SESSION[$type . '_time']) && $_SESSION[$type . '_time'] + $refreshTime >= time()))
+	if (!empty($modSettings['securityDisable' . ($type != 'admin' ? '_' . $type : '')]) || (!empty($_SESSION[$type . '_time']) && $_SESSION[$type . '_time'] + $refreshTime >= time()))
 		return;
 
 	require_once($sourcedir . '/Subs-Auth.php');

Sources/Subs-Auth.php

@@ -122,7 +122,7 @@ function setLoginCookie($cookie_length, $id, $password = '')
  */
 function url_parts($local, $global)
 {
-	global $boardurl;
+	global $boardurl, $modSettings;
 
 	// Parse the URL with PHP to make life easier.
 	$parsed_url = parse_url($boardurl);
@@ -131,8 +131,11 @@ function url_parts($local, $global)
 	if (empty($parsed_url['path']) || !$local)
 		$parsed_url['path'] = '';
 
+	if (!empty($modSettings['globalCookiesDomain']) && strpos($boardurl, $modSettings['globalCookiesDomain']) !== false)
+		$parsed_url['host'] = $modSettings['globalCookiesDomain'];
+
 	// Globalize cookies across domains (filter out IP-addresses)?
-	if ($global && preg_match('~^\d{1,3}(\.\d{1,3}){3}$~', $parsed_url['host']) == 0 && preg_match('~(?:[^\.]+\.)?([^\.]{2,}\..+)\z~i', $parsed_url['host'], $parts) == 1)
+	elseif ($global && preg_match('~^\d{1,3}(\.\d{1,3}){3}$~', $parsed_url['host']) == 0 && preg_match('~(?:[^\.]+\.)?([^\.]{2,}\..+)\z~i', $parsed_url['host'], $parts) == 1)
 			$parsed_url['host'] = '.' . $parts[1];
 
 	// We shouldn't use a host at all if both options are off.

Themes/default/Admin.template.php

@@ -977,6 +977,10 @@ function template_show_settings()
 		echo '
 		<input type="hidden" name="', $context['admin-dbsc_token_var'], '" value="', $context['admin-dbsc_token'], '" />';
 
+	if (isset($context['admin-mp_token']))
+		echo '
+		<input type="hidden" name="', $context['admin-mp_token_var'], '" value="', $context['admin-mp_token'], '" />';
+
 	echo '
 		<input type="hidden" name="', $context['session_var'], '" value="', $context['session_id'], '" />
 		</form>

Themes/default/GenericList.template.php

@@ -105,10 +105,12 @@ function template_show_list($list_id = null)
 
 		echo '
 				</tr>
-			</thead>
-			<tbody>';
+			</thead>';
 	}
 
+		echo '
+			<tbody>';
+
 	// Show a nice message informing there are no items in this list.
 	if (empty($cur_list['rows']) && !empty($cur_list['no_items_label']))
 		echo '

Themes/default/languages/Help.english.php

@@ -361,6 +361,7 @@ $helptxt['globalCookies'] = 'Makes log in cookies available across subdomains.
 	Your site is at http://www.simplemachines.org/,<br />
 	And your forum is at http://forum.simplemachines.org/,<br />
 	Using this option will allow you to access the forum\'s cookie on your site.  Do not enable this if there are other subdomains (like hacker.simplemachines.org) not controlled by you.';
+$helptxt['globalCookiesDomain'] = 'Define the main domain to be used when log in cookies are available across subdomains';
 $helptxt['secureCookies'] = 'Enabling this option will force the cookies created for users on your forum to be marked as secure. Only enable this option if you are using HTTPS throughout your site as it will break cookie handling otherwise!';
 $helptxt['securityDisable'] = 'This <em>disables</em> the additional password check for the administration section. This is not recommended!';
 $helptxt['securityDisable_why'] = 'This is your current password. (the same one you use to login.)<br /><br />Having to type this helps ensure that you want to do whatever administration you are doing, and that it is <strong>you</strong> doing it.';

Themes/default/languages/ManageSettings.english.php

@@ -47,6 +47,8 @@ $txt['pruneSpiderHitLog'] = 'Remove search engine hit logs older than<div class=
 $txt['cookieTime'] = 'Default login cookies length (in minutes)';
 $txt['localCookies'] = 'Enable local storage of cookies<div class="smalltext">(SSI won\'t work well with this on.)</div>';
 $txt['globalCookies'] = 'Use subdomain independent cookies<div class="smalltext">(turn off local cookies first!)</div>';
+$txt['globalCookiesDomain'] = 'Main domain used for subdomain independent cookies <div class="smalltext">(enable subdomain independent cookies first!<br />The domain could be for example: "website.com" or "website.co.uk" without http:// or slashes)</div>';
+$txt['invalid_cookie_domain'] = 'The domain intruduced seems to be invalid, please check it and save again.';
 $txt['secureCookies'] = 'Force cookies to be secure<div class="smalltext">(This only applies if you are using HTTPS - don\'t use otherwise!)</div>';
 $txt['httponlyCookies'] = 'Force cookies to be made accessible only through the HTTP protocol. <div class="smalltext">(Cookies won\'t be accessible by scripting languages, such as JavaScript. This setting can help to reduce identity theft through XSS attacks.)</div>';
 $txt['securityDisable'] = 'Disable administration security';