Home Explore Help
Register Sign In
Omnimaga
/
SMF2.1
mirror of git@github.com:Omnimaga/SMF2.1.git
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

! Merging in everything patched in 2.0.6 that wasn't already fixed either directly or indirectly in 2.1 already.

Signed-off-by: Peter Spicer <sleeping@myperch.org>
Peter Spicer 11 years ago
parent
3732137bc8
commit
adce8eb20f
7 changed files with 64 additions and 24 deletions
Split View Show Diff Stats
  1. 5 0
      Sources/LogInOut.php
  2. 27 10
      Sources/Profile-Modify.php
  3. 0 1
      Sources/Profile.php
  4. 24 8
      Sources/Register.php
  5. 4 0
      Sources/Security.php
  6. 3 3
      Sources/Subs-Members.php
  7. 1 2
      Sources/Subs.php

+ 5 - 0
Sources/LogInOut.php
View File 

@@ -615,6 +615,11 @@ function Logout($internal = false, $redirect = true)
 
 	// Empty the cookie! (set it in the past, and for id_member = 0)
 
 	setLoginCookie(-3600, 0);
 
 
+	// And some other housekeeping while we're at it.
 
+	session_destroy();
 
+	if (!empty($user_info['id']))
 
+		updateMemberData($user_info['id'], array('password_salt' => substr(md5(mt_rand()), 0, 4)));
 
+
 
 	// Off to the merry board index we go!
 
 	if ($redirect)
 
 	{

+ 27 - 10
Sources/Profile-Modify.php
View File 

@@ -362,7 +362,7 @@ function loadProfileFields($force_reload = false)
 
 						resetPassword($context[\'id_member\'], $value);
 
 					elseif ($value !== null)
 
 					{
 
-						validateUsername($context[\'id_member\'], $value);
 
+						validateUsername($context[\'id_member\'], trim(preg_replace(\'~[\t\n\r \x0B\0\' . ($context[\'utf8\'] ? ($context[\'server\'][\'complex_preg_chars\'] ? \'\x{A0}\x{AD}\x{2000}-\x{200F}\x{201F}\x{202F}\x{3000}\x{FEFF}\' : "\xC2\xA0\xC2\xAD\xE2\x80\x80-\xE2\x80\x8F\xE2\x80\x9F\xE2\x80\xAF\xE2\x80\x9F\xE3\x80\x80\xEF\xBB\xBF") : \'\x00-\x08\x0B\x0C\x0E-\x19\xA0\') . \']+~\' . ($context[\'utf8\'] ? \'u\' : \'\'), \' \', $value)));
 
 						updateMemberData($context[\'id_member\'], array(\'member_name\' => $value));
 
 					}
 
 				}
 
@@ -486,7 +486,7 @@ function loadProfileFields($force_reload = false)
 
 			'input_validate' => create_function('&$value', '
 
 				global $context, $smcFunc, $sourcedir, $cur_profile;
 
 
-				$value = trim(preg_replace(\'~[\s]~\' . ($context[\'utf8\'] ? \'u\' : \'\'), \' \', $value));
 
+				$value = trim(preg_replace(\'~[\t\n\r \x0B\0\' . ($context[\'utf8\'] ? ($context[\'server\'][\'complex_preg_chars\'] ? \'\x{A0}\x{AD}\x{2000}-\x{200F}\x{201F}\x{202F}\x{3000}\x{FEFF}\' : "\xC2\xA0\xC2\xAD\xE2\x80\x80-\xE2\x80\x8F\xE2\x80\x9F\xE2\x80\xAF\xE2\x80\x9F\xE3\x80\x80\xEF\xBB\xBF") : \'\x00-\x08\x0B\x0C\x0E-\x19\xA0\') . \']+~\' . ($context[\'utf8\'] ? \'u\' : \'\'), \' \', $value));
 
 
 				if (trim($value) == \'\')
 
 					return \'no_name\';
 
@@ -2677,13 +2677,14 @@ function profileSaveAvatarData(&$value)
 
 		$url = parse_url($_POST['userpicpersonal']);
 
 		$contents = fetch_web_data('http://' . $url['host'] . (empty($url['port']) ? '' : ':' . $url['port']) . str_replace(' ', '%20', trim($url['path'])));
 
 
-		if ($contents != false && $tmpAvatar = fopen($uploadDir . '/avatar_tmp_' . $memID, 'wb'))
 
+		$new_filename = $uploadDir . '/' . getAttachmentFilename('avatar_tmp_' . $memID, false, null, true);
 
+		if ($contents != false && $tmpAvatar = fopen($new_filename, 'wb'))
 
 		{
 
 			fwrite($tmpAvatar, $contents);
 
 			fclose($tmpAvatar);
 
 
 			$downloadedExternalAvatar = true;
 
-			$_FILES['attachment']['tmp_name'] = $uploadDir . '/avatar_tmp_' . $memID;
 
+			$_FILES['attachment']['tmp_name'] = $new_filename;
 
 		}
 
 	}
 
 
@@ -2767,29 +2768,36 @@ function profileSaveAvatarData(&$value)
 
 				if (!is_writable($uploadDir))
 
 					fatal_lang_error('attachments_no_write', 'critical');
 
 
-				if (!move_uploaded_file($_FILES['attachment']['tmp_name'], $uploadDir . '/avatar_tmp_' . $memID))
 
+				$new_filename = $uploadDir . '/' . getAttachmentFilename('avatar_tmp_' . $memID, false, null, true);
 
+				if (!move_uploaded_file($_FILES['attachment']['tmp_name'], $new_filename))
 
 					fatal_lang_error('attach_timeout', 'critical');
 
 
-				$_FILES['attachment']['tmp_name'] = $uploadDir . '/avatar_tmp_' . $memID;
 
+				$_FILES['attachment']['tmp_name'] = $new_filename;
 
 			}
 
 
 			$sizes = @getimagesize($_FILES['attachment']['tmp_name']);
 
 
 			// No size, then it's probably not a valid pic.
 
 			if ($sizes === false)
 
+			{
 
+				@unlink($_FILES['attachment']['tmp_name']);
 
 				return 'bad_avatar';
 
+			}
 
 			// Check whether the image is too large.
 
 			elseif ((!empty($modSettings['avatar_max_width_upload']) && $sizes[0] > $modSettings['avatar_max_width_upload']) || (!empty($modSettings['avatar_max_height_upload']) && $sizes[1] > $modSettings['avatar_max_height_upload']))
 
 			{
 
 				if (!empty($modSettings['avatar_resize_upload']))
 
 				{
 
 					// Attempt to chmod it.
 
-					@chmod($uploadDir . '/avatar_tmp_' . $memID, 0644);
 
+					@chmod($_FILES['attachment']['tmp_name'], 0644);
 
 
 					// @todo remove this require when appropriate
 
 					require_once($sourcedir . '/Subs-Graphics.php');
 
-					if (!downloadAvatar($uploadDir . '/avatar_tmp_' . $memID, $memID, $modSettings['avatar_max_width_upload'], $modSettings['avatar_max_height_upload']))
 
+					if (!downloadAvatar($_FILES['attachment']['tmp_name'], $memID, $modSettings['avatar_max_width_upload'], $modSettings['avatar_max_height_upload']))
 
+					{
 
+						@unlink($_FILES['attachment']['tmp_name']);
 
 						return 'bad_avatar';
 
+					}
 
 
 					// Reset attachment avatar data.
 
 					$cur_profile['id_attach'] = $modSettings['new_avatar_data']['id'];
 
@@ -2797,7 +2805,10 @@ function profileSaveAvatarData(&$value)
 
 					$cur_profile['attachment_type'] = $modSettings['new_avatar_data']['type'];
 
 				}
 
 				else
 
+				{
 
+					@unlink($_FILES['attachment']['tmp_name']);
 
 					return 'bad_avatar';
 
+				}
 
 			}
 
 			elseif (is_array($sizes))
 
 			{
 
@@ -2807,12 +2818,18 @@ function profileSaveAvatarData(&$value)
 
 				{
 
 					// It's bad. Try to re-encode the contents?
 
 					if (empty($modSettings['avatar_reencode']) || (!reencodeImage($_FILES['attachment']['tmp_name'], $sizes[2])))
 
+					{
 
+						@unlink($_FILES['attachment']['tmp_name']);
 
 						return 'bad_avatar';
 
+					}
 
 					// We were successful. However, at what price?
 
 					$sizes = @getimagesize($_FILES['attachment']['tmp_name']);
 
 					// Hard to believe this would happen, but can you bet?
 
 					if ($sizes === false)
 
+					{
 
+						@unlink($_FILES['attachment']['tmp_name']);
 
 						return 'bad_avatar';
 
+					}
 
 				}
 
 
 				$extensions = array(
 
@@ -2862,8 +2879,8 @@ function profileSaveAvatarData(&$value)
 
 			$profile_vars['avatar'] = '';
 
 
 			// Delete any temporary file.
 
-			if (file_exists($uploadDir . '/avatar_tmp_' . $memID))
 
-				@unlink($uploadDir . '/avatar_tmp_' . $memID);
 
+			if (file_exists($_FILES['attachment']['tmp_name']))
 
+				@unlink($_FILES['attachment']['tmp_name']);
 
 		}
 
 		// Selected the upload avatar option and had one already uploaded before or didn't upload one.
 
 		else

+ 0 - 1
Sources/Profile.php
View File 

@@ -340,7 +340,6 @@ function ModifyProfile($post_errors = array())
 
 					'function' => 'activateAccount',
 
 					'sc' => 'get',
 
 					'token' => 'profile-aa%u',
 
-					'select' => 'summary',
 
 					'permission' => array(
 
 						'own' => array(),
 
 						'any' => array('moderate_forum'),

+ 24 - 8
Sources/Register.php
View File 

@@ -298,22 +298,18 @@ function Register2($verifiedOpenID = false)
 
 
 	// Collect all extra registration fields someone might have filled in.
 
 	$possible_strings = array(
 
-		'website_url', 'website_title',
 
-		'aim', 'yim', 'skype',
 
-		'location', 'birthdate',
 
+		'birthdate',
 
 		'time_format',
 
 		'buddy_list',
 
 		'pm_ignore_list',
 
 		'smiley_set',
 
-		'signature', 'personal_text', 'avatar',
 
+		'personal_text', 'avatar',
 
 		'lngfile',
 
 		'secret_question', 'secret_answer',
 
 	);
 
 	$possible_ints = array(
 
 		'pm_email_notify',
 
 		'notify_types',
 
-		'icq',
 
-		'gender',
 
 		'id_theme',
 
 	);
 
 	$possible_floats = array(
 
@@ -324,6 +320,26 @@ function Register2($verifiedOpenID = false)
 
 		'hide_email', 'show_online',
 
 	);
 
 
+	// We may want to add certain things to these if selected in the admin panel.
 
+	if (!empty($modSettings['registration_fields']))
 
+	{
 
+		$reg_fields = explode(',', $modSettings['registration_fields']);
 
+
 
+		// Easy string fields first.
 
+		foreach (array('skype', 'aim', 'yim', 'location') as $field)
 
+			if (in_array($field, $reg_fields))
 
+				$possible_strings[] = $field;
 
+
 
+		// Then the easy numeric fields.
 
+		foreach (array('icq', 'gender') as $field)
 
+			if (in_array($field, $reg_fields))
 
+				$possible_ints[] = $field;
 
+
 
+		// Website is a little different
 
+		if (in_array('website', $reg_fields))
 
+			$possible_strings += array('website_url', 'website_title');
 
+	}
 
+
 
 	if (isset($_POST['secret_answer']) && $_POST['secret_answer'] != '')
 
 		$_POST['secret_answer'] = md5($_POST['secret_answer']);
 
 
@@ -333,7 +349,7 @@ function Register2($verifiedOpenID = false)
 
 	// Validation... even if we're not a mall.
 
 	if (isset($_POST['real_name']) && (!empty($modSettings['allow_editDisplayName']) || allowedTo('moderate_forum')))
 
 	{
 
-		$_POST['real_name'] = trim(preg_replace('~[\s]~' . ($context['utf8'] ? 'u' : ''), ' ', $_POST['real_name']));
 
+		$_POST['real_name'] = trim(preg_replace('~[\t\n\r \x0B\0' . ($context['utf8'] ? ($context['server']['complex_preg_chars'] ? '\x{A0}\x{AD}\x{2000}-\x{200F}\x{201F}\x{202F}\x{3000}\x{FEFF}' : "\xC2\xA0\xC2\xAD\xE2\x80\x80-\xE2\x80\x8F\xE2\x80\x9F\xE2\x80\xAF\xE2\x80\x9F\xE3\x80\x80\xEF\xBB\xBF") : '\x00-\x08\x0B\x0C\x0E-\x19\xA0') . ']+~' . ($context['utf8'] ? 'u' : ''), ' ', $_POST['real_name']));
 
 		if (trim($_POST['real_name']) != '' && !isReservedName($_POST['real_name']) && $smcFunc['strlen']($_POST['real_name']) < 60)
 
 			$possible_strings[] = 'real_name';
 
 	}
 
@@ -858,7 +874,7 @@ function RegisterCheckUsername()
 
 	$context['valid_username'] = true;
 
 
 	// Clean it up like mother would.
 
-	$context['checked_username'] = preg_replace('~[\t\n\r\x0B\0' . ($context['utf8'] ? '\x{A0}' : '\xA0') . ']+~' . ($context['utf8'] ? 'u' : ''), ' ', $context['checked_username']);
 
+	$context['checked_username'] = preg_replace('~[\t\n\r \x0B\0' . ($context['utf8'] ? ($context['server']['complex_preg_chars'] ? '\x{A0}\x{AD}\x{2000}-\x{200F}\x{201F}\x{202F}\x{3000}\x{FEFF}' : "\xC2\xA0\xC2\xAD\xE2\x80\x80-\xE2\x80\x8F\xE2\x80\x9F\xE2\x80\xAF\xE2\x80\x9F\xE3\x80\x80\xEF\xBB\xBF") : '\x00-\x08\x0B\x0C\x0E-\x19\xA0') . ']+~' . ($context['utf8'] ? 'u' : ''), ' ', $context['checked_username']);
 
 
 	require_once($sourcedir . '/Subs-Auth.php');
 
 	$errors = validateUsername(0, $context['checked_username'], true);

+ 4 - 0
Sources/Security.php
View File 

@@ -1372,6 +1372,10 @@ function frameOptionsHeader($override = null)
 
 
 	// Finally set it.
 
 	header('X-Frame-Options: ' . $option);
 
+
 
+	// And some other useful ones.
 
+	header('X-XSS-Protection: 1; mode=block');
 
+	header('X-Content-Type-Options: nosniff');
 
 }
 
 
 ?>

+ 3 - 3
Sources/Subs-Members.php
View File 

@@ -470,11 +470,11 @@ function registerMember(&$regOptions, $return_errors = false)
 
 	}
 
 
 	// Spaces and other odd characters are evil...
 
-	$regOptions['username'] = preg_replace('~[\t\n\r\x0B\0' . ($context['utf8'] ? '\x{A0}' : '\xA0') . ']+~' . ($context['utf8'] ? 'u' : ''), ' ', $regOptions['username']);
 
+	$regOptions['username'] = trim(preg_replace('~[\t\n\r \x0B\0' . ($context['utf8'] ? ($context['server']['complex_preg_chars'] ? '\x{A0}\x{AD}\x{2000}-\x{200F}\x{201F}\x{202F}\x{3000}\x{FEFF}' : "\xC2\xA0\xC2\xAD\xE2\x80\x80-\xE2\x80\x8F\xE2\x80\x9F\xE2\x80\xAF\xE2\x80\x9F\xE3\x80\x80\xEF\xBB\xBF") : '\x00-\x08\x0B\x0C\x0E-\x19\xA0') . ']+~' . ($context['utf8'] ? 'u' : ''), ' ', $regOptions['username']));
 
 
 	// @todo Separate the sprintf?
 
 	if (empty($regOptions['email']) || preg_match('~^[0-9A-Za-z=_+\-/][0-9A-Za-z=_\'+\-/\.]*@[\w\-]+(\.[\w\-]+)*(\.[\w]{2,6})$~', $regOptions['email']) === 0 || strlen($regOptions['email']) > 255)
 
-		$reg_errors[] = array('done', sprintf($txt['valid_email_needed'], $smcFunc['htmlspecialchars']($regOptions['username'])));
 
+		$reg_errors[] = array('lang', 'profile_error_bad_email');
 
 
 	$username_validation_errors = validateUsername(0, $regOptions['username'], true, !empty($regOptions['check_reserved_name']));
 
 	if (!empty($username_validation_errors))
 
@@ -506,7 +506,7 @@ function registerMember(&$regOptions, $return_errors = false)
 
 	}
 
 
 	// Now perform hard password validation as required.
 
-	if (!empty($regOptions['check_password_strength']))
 
+	if (!empty($regOptions['check_password_strength']) && $regOptions['password'] != '')
 
 	{
 
 		$passwordError = validatePassword($regOptions['password'], $regOptions['username'], array($regOptions['email']));

+ 1 - 2
Sources/Subs.php
View File 

@@ -3417,8 +3417,7 @@ function getLegacyAttachmentFilename($filename, $attachment_id, $dir = null, $ne
 
 			'SZszYAAAAAACEEEEIIIINOOOOOOUUUUYaaaaaaceeeeiiiinoooooouuuuyy');
 
 		$clean_name = strtr($clean_name, array("\xde" => 'TH', "\xfe" =>
 
 			'th', "\xd0" => 'DH', "\xf0" => 'dh', "\xdf" => 'ss', "\x8c" => 'OE',
 
-			// @todo My IDE is showing \c6 as a bad escape sequence.
 
-			"\x9c" => 'oe', "\c6" => 'AE', "\xe6" => 'ae', "\xb5" => 'u'));
 
+			"\x9c" => 'oe', "\xc6" => 'AE', "\xe6" => 'ae', "\xb5" => 'u'));
 
 	}
 
 	// Sorry, no spaces, dots, or anything else but letters allowed.
 
 	$clean_name = preg_replace(array('/\s/', '/[^\w_\.\-]/'), array('_', ''), $clean_name);