| Zeile 343 | Zeile 343 |
|---|
{
if(isset($mybb->user['uid']) && $mybb->user['uid'] != 0 && array_key_exists("timezone", $mybb->user))
{
|
{
if(isset($mybb->user['uid']) && $mybb->user['uid'] != 0 && array_key_exists("timezone", $mybb->user))
{
|
$offset = $mybb->user['timezone'];
| $offset = (float)$mybb->user['timezone'];
|
$dstcorrection = $mybb->user['dst'];
}
elseif(defined("IN_ADMINCP"))
{
|
$dstcorrection = $mybb->user['dst'];
}
elseif(defined("IN_ADMINCP"))
{
|
$offset = $mybbadmin['timezone'];
| $offset = (float)$mybbadmin['timezone'];
|
$dstcorrection = $mybbadmin['dst'];
}
else
{
|
$dstcorrection = $mybbadmin['dst'];
}
else
{
|
$offset = $mybb->settings['timezoneoffset'];
| $offset = (float)$mybb->settings['timezoneoffset'];
|
$dstcorrection = $mybb->settings['dstcorrection'];
}
| $dstcorrection = $mybb->settings['dstcorrection'];
}
|
| Zeile 6777 | Zeile 6777 |
|---|
function fetch_remote_file($url, $post_data=array(), $max_redirects=20)
{
global $mybb, $config;
|
function fetch_remote_file($url, $post_data=array(), $max_redirects=20)
{
global $mybb, $config;
|
| |
if(!my_validate_url($url, true))
{
return false;
}
|
$url_components = @parse_url($url);
|
$url_components = @parse_url($url);
|
| |
if(!isset($url_components['scheme']))
{
$url_components['scheme'] = 'https';
}
if(!isset($url_components['port']))
{
$url_components['port'] = $url_components['scheme'] == 'https' ? 443 : 80;
}
|
if(
!$url_components ||
empty($url_components['host']) ||
(!empty($url_components['scheme']) && !in_array($url_components['scheme'], array('http', 'https'))) ||
|
if(
!$url_components ||
empty($url_components['host']) ||
(!empty($url_components['scheme']) && !in_array($url_components['scheme'], array('http', 'https'))) ||
|
(!empty($url_components['port']) && !in_array($url_components['port'], array(80, 8080, 443))) ||
| (!in_array($url_components['port'], array(80, 8080, 443))) ||
|
(!empty($config['disallowed_remote_hosts']) && in_array($url_components['host'], $config['disallowed_remote_hosts']))
)
{
return false;
}
|
(!empty($config['disallowed_remote_hosts']) && in_array($url_components['host'], $config['disallowed_remote_hosts']))
)
{
return false;
}
|
| |
$addresses = get_ip_by_hostname($url_components['host']);
$destination_address = $addresses[0];
|
if(!empty($config['disallowed_remote_addresses']))
|
if(!empty($config['disallowed_remote_addresses']))
|
{
$addresses = gethostbynamel($url_components['host']);
if($addresses)
{
foreach($config['disallowed_remote_addresses'] as $disallowed_address)
{
$ip_range = fetch_ip_range($disallowed_address);
foreach($addresses as $address)
{
$packed_address = my_inet_pton($address);
if(is_array($ip_range))
{
if(strcmp($ip_range[0], $packed_address) <= 0 && strcmp($ip_range[1], $packed_address) >= 0)
{
return false;
}
}
elseif($address == $disallowed_address)
{
return false;
}
| {
foreach($config['disallowed_remote_addresses'] as $disallowed_address)
{
$ip_range = fetch_ip_range($disallowed_address);
$packed_address = my_inet_pton($destination_address);
if(is_array($ip_range))
{
if(strcmp($ip_range[0], $packed_address) <= 0 && strcmp($ip_range[1], $packed_address) >= 0)
{
return false;
|
}
}
|
}
}
|
}
| elseif($destination_address == $disallowed_address)
{
return false;
}
}
|
}
$post_body = '';
| }
$post_body = '';
|
| Zeile 6830 | Zeile 6841 |
|---|
}
if(function_exists("curl_init"))
|
}
if(function_exists("curl_init"))
|
{
$can_followlocation = @ini_get('open_basedir') === '' && !$mybb->safemode;
$request_header = $max_redirects != 0 && !$can_followlocation;
| {
$fetch_header = $max_redirects > 0;
|
$ch = curl_init();
|
$ch = curl_init();
|
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_HEADER, $request_header);
curl_setopt($ch, CURLOPT_TIMEOUT, 10);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
if($max_redirects != 0 && $can_followlocation)
{
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($ch, CURLOPT_MAXREDIRS, $max_redirects);
}
|
$curlopt = array(
CURLOPT_URL => $url,
CURLOPT_HEADER => $fetch_header,
CURLOPT_TIMEOUT => 10,
CURLOPT_RETURNTRANSFER => 1,
CURLOPT_FOLLOWLOCATION => 0,
);
if($ca_bundle_path = get_ca_bundle_path())
{
$curlopt[CURLOPT_SSL_VERIFYPEER] = 1;
$curlopt[CURLOPT_CAINFO] = $ca_bundle_path;
}
else
{
$curlopt[CURLOPT_SSL_VERIFYPEER] = 0;
}
$curl_version_info = curl_version();
$curl_version = $curl_version_info['version'];
if(version_compare(PHP_VERSION, '7.0.7', '>=') && version_compare($curl_version, '7.49', '>='))
{
// CURLOPT_CONNECT_TO
$curlopt[10243] = array(
$url_components['host'].':'.$url_components['port'].':'.$destination_address
);
}
elseif(version_compare(PHP_VERSION, '5.5', '>=') && version_compare($curl_version, '7.21.3', '>='))
{
// CURLOPT_RESOLVE
$curlopt[10203] = array(
$url_components['host'].':'.$url_components['port'].':'.$destination_address
);
}
|
if(!empty($post_body))
{
|
if(!empty($post_body))
{
|
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $post_body);
| $curlopt[CURLOPT_POST] = 1;
$curlopt[CURLOPT_POSTFIELDS] = $post_body;
|
}
|
}
|
| |
curl_setopt_array($ch, $curlopt);
|
$response = curl_exec($ch);
|
$response = curl_exec($ch);
|
if($request_header)
| if($fetch_header)
|
{
$header_size = curl_getinfo($ch, CURLINFO_HEADER_SIZE);
$header = substr($response, 0, $header_size);
| {
$header_size = curl_getinfo($ch, CURLINFO_HEADER_SIZE);
$header = substr($response, 0, $header_size);
|
| Zeile 6886 | Zeile 6922 |
|---|
}
else if(function_exists("fsockopen"))
{
|
}
else if(function_exists("fsockopen"))
{
|
if(!isset($url_components['port']))
{
$url_components['port'] = 80;
}
| |
if(!isset($url_components['path']))
{
$url_components['path'] = "/";
| if(!isset($url_components['path']))
{
$url_components['path'] = "/";
|
| Zeile 6910 | Zeile 6942 |
|---|
}
}
|
}
}
|
$fp = @fsockopen($scheme.$url_components['host'], $url_components['port'], $error_no, $error, 10);
@stream_set_timeout($fp, 10);
if(!$fp)
| if(function_exists('stream_context_create'))
|
{
|
{
|
return false;
| if($url_components['scheme'] == 'https' && $ca_bundle_path = get_ca_bundle_path())
{
$context = stream_context_create(array(
'ssl' => array(
'verify_peer' => true,
'verify_peer_name' => true,
'peer_name' => $url_components['host'],
'cafile' => $ca_bundle_path,
),
));
}
else
{
$context = stream_context_create(array(
'ssl' => array(
'verify_peer' => false,
'verify_peer_name' => false,
),
));
}
$fp = @stream_socket_client($scheme.$destination_address.':'.(int)$url_components['port'], $error_no, $error, 10, STREAM_CLIENT_CONNECT, $context);
}
else
{
$fp = @fsockopen($scheme.$url_components['host'], (int)$url_components['port'], $error_no, $error, 10);
}
@stream_set_timeout($fp, 10);
if(!$fp)
{
return false;
|
}
$headers = array();
if(!empty($post_body))
| }
$headers = array();
if(!empty($post_body))
|
| Zeile 6962 | Zeile 7023 |
|---|
$status_line = current(explode("\n\n", $header, 1));
$body = $data[1];
|
$status_line = current(explode("\n\n", $header, 1));
$body = $data[1];
|
if($max_redirects != 0 && (strstr($status_line, ' 301 ') || strstr($status_line, ' 302 ')))
| if($max_redirects > 0 && (strstr($status_line, ' 301 ') || strstr($status_line, ' 302 ')))
|
{
preg_match('/Location:(.*?)(?:\n|$)/', $header, $matches);
| {
preg_match('/Location:(.*?)(?:\n|$)/', $header, $matches);
|
| Zeile 6977 | Zeile 7038 |
|---|
}
return $data;
|
}
return $data;
|
}
else if(empty($post_data))
{
return @implode("", @file($url));
| |
}
else
|
}
else
|
{
| {
|
return false;
}
|
return false;
}
|
| | }
/**
* Resolves a hostname into a set of IP addresses.
*
* @param string $hostname The hostname to be resolved
* @return array|bool The resulting IP addresses. False on failure
*/
function get_ip_by_hostname($hostname)
{
$addresses = @gethostbynamel($hostname);
if(!$addresses)
{
$result_set = @dns_get_record($hostname, DNS_A | DNS_AAAA);
if($result_set)
{
$addresses = array_column($result_set, 'ip');
}
else
{
return false;
}
}
return $addresses;
}
/**
* Returns the location of the CA bundle defined in the PHP configuration.
*
* @return string|bool The location of the CA bundle, false if not set
*/
function get_ca_bundle_path()
{
if($path = ini_get('openssl.cafile'))
{
return $path;
}
if($path = ini_get('curl.cainfo'))
{
return $path;
}
return false;
|
}
/**
| }
/**
|
| Zeile 7226 | Zeile 7329 |
|---|
* @return int The UNIX timestamp when the ban will be lifted
*/
function ban_date2timestamp($date, $stamp=0)
|
* @return int The UNIX timestamp when the ban will be lifted
*/
function ban_date2timestamp($date, $stamp=0)
|
{
| {
|
if($stamp == 0)
{
$stamp = TIME_NOW;
| if($stamp == 0)
{
$stamp = TIME_NOW;
|
| Zeile 7640 | Zeile 7743 |
|---|
global $mybb, $checksums, $bad_verify_files;
// We don't need to check these types of files
|
global $mybb, $checksums, $bad_verify_files;
// We don't need to check these types of files
|
$ignore = array(".", "..", ".svn", "config.php", "settings.php", "Thumb.db", "config.default.php", "lock", "htaccess.txt", "logo.gif", "logo.png");
| $ignore = array(".", "..", ".svn", "config.php", "settings.php", "Thumb.db", "config.default.php", "lock", "htaccess.txt", "htaccess-nginx.txt", "logo.gif", "logo.png");
|
$ignore_ext = array("attach");
if(substr($path, -1, 1) == "/")
{
$path = substr($path, 0, -1);
|
$ignore_ext = array("attach");
if(substr($path, -1, 1) == "/")
{
$path = substr($path, 0, -1);
|
}
| }
|
if(!is_array($bad_verify_files))
{
$bad_verify_files = array();
| if(!is_array($bad_verify_files))
{
$bad_verify_files = array();
|
| Zeile 7662 | Zeile 7765 |
|---|
while(($file = @readdir($dh)) !== false)
{
if(in_array($file, $ignore) || in_array(get_extension($file), $ignore_ext))
|
while(($file = @readdir($dh)) !== false)
{
if(in_array($file, $ignore) || in_array(get_extension($file), $ignore_ext))
|
{
continue;
}
| {
continue;
}
|
// Recurse through the directory tree
if(is_dir($path."/".$file))
{
verify_files($path."/".$file, ($count+1));
|
// Recurse through the directory tree
if(is_dir($path."/".$file))
{
verify_files($path."/".$file, ($count+1));
|
continue;
}
| continue;
}
|
// We only need the last part of the path (from the MyBB directory to the file. i.e. inc/functions.php)
$file_path = ".".str_replace(substr(MYBB_ROOT, 0, -1), "", $path)."/".$file;
|
// We only need the last part of the path (from the MyBB directory to the file. i.e. inc/functions.php)
$file_path = ".".str_replace(substr(MYBB_ROOT, 0, -1), "", $path)."/".$file;
|
|
|
// Does this file even exist in our official list? Perhaps it's a plugin
if(array_key_exists($file_path, $checksums))
{
| // Does this file even exist in our official list? Perhaps it's a plugin
if(array_key_exists($file_path, $checksums))
{
|
| Zeile 7697 | Zeile 7800 |
|---|
}
}
unset($checksums[$file_path]);
|
}
}
unset($checksums[$file_path]);
|
}
| }
|
@closedir($dh);
|
@closedir($dh);
|
}
}
if($count == 0)
| }
}
if($count == 0)
|
{
if(!empty($checksums))
{
| {
if(!empty($checksums))
{
|
| Zeile 7721 | Zeile 7824 |
|---|
if($count == 0)
{
return $bad_verify_files;
|
if($count == 0)
{
return $bad_verify_files;
|
}
}
| }
}
|
/**
* Returns a signed value equal to an integer
*
| /**
* Returns a signed value equal to an integer
*
|
| Zeile 7766 | Zeile 7869 |
|---|
{
$output = @fread($handle, $bytes);
@fclose($handle);
|
{
$output = @fread($handle, $bytes);
@fclose($handle);
|
}
}
else
{
return $output;
}
if(strlen($output) < $bytes)
{
| }
}
else
{
return $output;
}
if(strlen($output) < $bytes)
{
|
if(function_exists('mcrypt_create_iv'))
{
if (DIRECTORY_SEPARATOR == '/')
|
if(function_exists('mcrypt_create_iv'))
{
if (DIRECTORY_SEPARATOR == '/')
|
{
| {
|
$source = MCRYPT_DEV_URANDOM;
}
else
| $source = MCRYPT_DEV_URANDOM;
}
else
|
| Zeile 7800 | Zeile 7903 |
|---|
{
// PHP <5.3.4 had a bug which makes that function unusable on Windows
if ((DIRECTORY_SEPARATOR == '/') || version_compare(PHP_VERSION, '5.3.4', '>='))
|
{
// PHP <5.3.4 had a bug which makes that function unusable on Windows
if ((DIRECTORY_SEPARATOR == '/') || version_compare(PHP_VERSION, '5.3.4', '>='))
|
{
| {
|
$output = openssl_random_pseudo_bytes($bytes, $crypto_strong);
if ($crypto_strong == false)
{
| $output = openssl_random_pseudo_bytes($bytes, $crypto_strong);
if ($crypto_strong == false)
{
|
| Zeile 7852 | Zeile 7955 |
|---|
$output = pack('H*', $output);
return $output;
|
$output = pack('H*', $output);
return $output;
|
}
else
{
return $output;
}
}
| }
else
{
return $output;
}
}
|
/**
* Returns a securely generated seed integer
|
/**
* Returns a securely generated seed integer
|
| Zeile 7883 | Zeile 7986 |
|---|
{
$elements = unpack('N2', $output);
$output = abs($elements[1] << 32 | $elements[2]);
|
{
$elements = unpack('N2', $output);
$output = abs($elements[1] << 32 | $elements[2]);
|
}
| }
|
} while($output > PHP_INT_MAX);
return $output;
| } while($output > PHP_INT_MAX);
return $output;
|
| Zeile 7936 | Zeile 8039 |
|---|
function trim_blank_chrs($string, $charlist="")
{
$hex_chrs = array(
|
function trim_blank_chrs($string, $charlist="")
{
$hex_chrs = array(
|
0x09 => 1, // \x{0009}
| 0x09 => 1, // \x{0009}
|
0x0A => 1, // \x{000A}
0x0B => 1, // \x{000B}
0x0D => 1, // \x{000D}
| 0x0A => 1, // \x{000A}
0x0B => 1, // \x{000B}
0x0D => 1, // \x{000D}
|
| Zeile 8066 | Zeile 8169 |
|---|
return match_sequence($string, $level, $i, $n);
}
return $n;
|
return match_sequence($string, $level, $i, $n);
}
return $n;
|
}
| }
|
return 0;
}
| return 0;
}
|
| Zeile 8081 | Zeile 8184 |
|---|
static $gd_version;
if($gd_version)
|
static $gd_version;
if($gd_version)
|
{
| {
|
return $gd_version;
}
if(!extension_loaded('gd'))
| return $gd_version;
}
if(!extension_loaded('gd'))
|
| Zeile 8093 | Zeile 8196 |
|---|
{
$gd_info = gd_info();
preg_match('/\d/', $gd_info['GD Version'], $gd);
|
{
$gd_info = gd_info();
preg_match('/\d/', $gd_info['GD Version'], $gd);
|
$gd_version = $gd[0];
}
| $gd_version = $gd[0];
}
|
else
{
ob_start();
| else
{
ob_start();
|
| Zeile 8144 | Zeile 8247 |
|---|
elseif($c > 239)
{
$bytes = 4;
|
elseif($c > 239)
{
$bytes = 4;
|
}
elseif($c > 223)
{
| }
elseif($c > 223)
{
|
$bytes = 3;
}
elseif($c > 191)
|
$bytes = 3;
}
elseif($c > 191)
|
{
| {
|
$bytes = 2;
}
if(($i + $bytes) > $len)
{
if($return)
|
$bytes = 2;
}
if(($i + $bytes) > $len)
{
if($return)
|
{
| {
|
$string .= '?';
break;
|
$string .= '?';
break;
|
}
| }
|
else
{
return false;
| else
{
return false;
|
| Zeile 8172 | Zeile 8275 |
|---|
$i++;
$b = ord($input[$i]);
if($b < 128 || $b > 191)
|
$i++;
$b = ord($input[$i]);
if($b < 128 || $b > 191)
|
{
| {
|
if($return)
{
$valid = false;
$string .= '?';
break;
|
if($return)
{
$valid = false;
$string .= '?';
break;
|
}
| }
|
else
{
return false;
| else
{
return false;
|
| Zeile 8194 | Zeile 8297 |
|---|
{
$string .= $multibytes;
}
|
{
$string .= $multibytes;
}
|
}
| }
|
else
{
$string .= $input[$i];
|
else
{
$string .= $input[$i];
|
}
}
| }
}
|
$input = $string;
}
if($return)
|
$input = $string;
}
if($return)
|
{
| {
|
if($allow_mb4)
{
return $input;
}
|
if($allow_mb4)
{
return $input;
}
|
else
{
return preg_replace("#[^\\x00-\\x7F][\\x80-\\xBF]{3,}#", '?', $input);
}
}
| else
{
return preg_replace("#[^\\x00-\\x7F][\\x80-\\xBF]{3,}#", '?', $input);
}
}
|
else
{
if($allow_mb4)
|
else
{
if($allow_mb4)
|
{
| {
|
return true;
}
else
| return true;
}
else
|
| Zeile 8225 | Zeile 8328 |
|---|
}
}
}
|
}
}
}
|
|
|
/**
* Send a Private Message to a user.
*
| /**
* Send a Private Message to a user.
*
|
| Zeile 8239 | Zeile 8342 |
|---|
global $lang, $mybb, $db, $session;
if($mybb->settings['enablepms'] == 0)
|
global $lang, $mybb, $db, $session;
if($mybb->settings['enablepms'] == 0)
|
{
return false;
}
| {
return false;
}
|
if(!is_array($pm))
{
return false;
| if(!is_array($pm))
{
return false;
|
| Zeile 8251 | Zeile 8354 |
|---|
if(isset($pm['language']))
{
if($pm['language'] != $mybb->user['language'] && $lang->language_exists($pm['language']))
|
if(isset($pm['language']))
{
if($pm['language'] != $mybb->user['language'] && $lang->language_exists($pm['language']))
|
{
| {
|
// Load user language
$lang->set_language($pm['language']);
$lang->load($pm['language_file']);
|
// Load user language
$lang->set_language($pm['language']);
$lang->load($pm['language_file']);
|
|
|
$revert = true;
}
|
$revert = true;
}
|
|
|
foreach(array('subject', 'message') as $key)
{
if(is_array($pm[$key]))
| foreach(array('subject', 'message') as $key)
{
if(is_array($pm[$key]))
|
| Zeile 8277 | Zeile 8380 |
|---|
}
$pm[$key] = $lang_string;
|
}
$pm[$key] = $lang_string;
|
}
| }
|
if(isset($revert))
{
|
if(isset($revert))
{
|
| Zeile 8288 | Zeile 8391 |
|---|
}
if(!$pm['subject'] ||!$pm['message'] || !$pm['touid'] || (!$pm['receivepms'] && !$admin_override))
|
}
if(!$pm['subject'] ||!$pm['message'] || !$pm['touid'] || (!$pm['receivepms'] && !$admin_override))
|
{
| {
|
return false;
}
|
return false;
}
|
|
|
require_once MYBB_ROOT."inc/datahandlers/pm.php";
$pmhandler = new PMDataHandler();
| require_once MYBB_ROOT."inc/datahandlers/pm.php";
$pmhandler = new PMDataHandler();
|
| Zeile 8304 | Zeile 8407 |
|---|
if(is_array($toid))
{
$recipients_to = $toid;
|
if(is_array($toid))
{
$recipients_to = $toid;
|
}
| }
|
else
{
$recipients_to = array($toid);
| else
{
$recipients_to = array($toid);
|
| Zeile 8356 | Zeile 8459 |
|---|
if($pmhandler->validate_pm())
{
$pmhandler->insert_pm();
|
if($pmhandler->validate_pm())
{
$pmhandler->insert_pm();
|
return true;
| return true;
|
}
return false;
| }
return false;
|
| Zeile 8432 | Zeile 8535 |
|---|
if(substr($file_dir_path, 0, my_strlen(MYBB_ROOT)) == MYBB_ROOT)
{
$file_dir_path = str_replace(MYBB_ROOT, '', $file_dir_path);
|
if(substr($file_dir_path, 0, my_strlen(MYBB_ROOT)) == MYBB_ROOT)
{
$file_dir_path = str_replace(MYBB_ROOT, '', $file_dir_path);
|
}
$cdn_upload_path = $cdn_path . DIRECTORY_SEPARATOR . $file_dir_path;
| }
$cdn_upload_path = $cdn_path . DIRECTORY_SEPARATOR . $file_dir_path;
|
if(!($dir_exists = is_dir($cdn_upload_path)))
{
$dir_exists = @mkdir($cdn_upload_path, 0777, true);
| if(!($dir_exists = is_dir($cdn_upload_path)))
{
$dir_exists = @mkdir($cdn_upload_path, 0777, true);
|
| Zeile 8488 | Zeile 8591 |
|---|
}
return false;
|
}
return false;
|
| | }
/**
* Strip html tags from string, also removes <script> and <style> contents.
*
* @param string $string String to stripe
* @param string $allowable_tags Allowed html tags
*
* @return string Striped string
*/
function my_strip_tags($string, $allowable_tags = '')
{
$pattern = array(
'@(<)style[^(>)]*?(>).*?(<)/style(>)@siu',
'@(<)script[^(>)]*?.*?(<)/script(>)@siu',
'@<style[^>]*?>.*?</style>@siu',
'@<script[^>]*?.*?</script>@siu',
);
$string = preg_replace($pattern, '', $string);
return strip_tags($string, $allowable_tags);
|
}
| }
|