diff --git a/.github/dependabot.yml b/.github/dependabot.yml
new file mode 100644
index 000000000..28f94a001
--- /dev/null
+++ b/.github/dependabot.yml
@@ -0,0 +1,16 @@
+# To get started with Dependabot version updates, you'll need to specify which
+# package ecosystems to update and where the package manifests are located.
+# Please see the documentation for all configuration options:
+# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
+
+version: 2
+
+updates:
+ - package-ecosystem: "composer"
+ directory: "/"
+ versioning-strategy: increase-if-necessary
+ commit-message:
+ prefix: "Composer"
+ include: "scope"
+ schedule:
+ interval: "daily"
diff --git a/.github/workflows/phpmd.yml b/.github/workflows/phpmd.yml
new file mode 100644
index 000000000..3e06d7538
--- /dev/null
+++ b/.github/workflows/phpmd.yml
@@ -0,0 +1,57 @@
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+# PHPMD is a spin-off project of PHP Depend and
+# aims to be a PHP equivalent of the well known Java tool PMD.
+# What PHPMD does is: It takes a given PHP source code base
+# and look for several potential problems within that source.
+# These problems can be things like:
+# Possible bugs
+# Suboptimal code
+# Overcomplicated expressions
+# Unused parameters, methods, properties
+# More details at https://phpmd.org/
+
+name: PHPMD
+
+on:
+ push:
+ branches: [ "master" ]
+ pull_request:
+ # The branches below must be a subset of the branches above
+ branches: [ "master" ]
+ schedule:
+ - cron: '40 0 * * 3'
+
+permissions:
+ contents: read
+
+jobs:
+ PHPMD:
+ name: Run PHPMD scanning
+ runs-on: ubuntu-latest
+ permissions:
+ contents: read # for checkout to fetch code
+ security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
+ actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
+
+ steps:
+ - name: Checkout code
+ uses: actions/checkout@v3
+
+ - name: Setup PHP
+ uses: shivammathur/setup-php@aa1fe473f9c687b6fb896056d771232c0bc41161
+ with:
+ coverage: none
+ tools: phpmd
+
+ - name: Run PHPMD
+ run: phpmd . sarif codesize --reportfile phpmd-results.sarif
+ continue-on-error: true
+
+ - name: Upload analysis results to GitHub
+ uses: github/codeql-action/upload-sarif@v2
+ with:
+ sarif_file: phpmd-results.sarif
+ wait-for-processing: true
diff --git a/admin/index.php b/admin/index.php
index 2772d0e60..9a55cd9a5 100644
--- a/admin/index.php
+++ b/admin/index.php
@@ -130,6 +130,7 @@ if (isset($_GET['pane']) && $_GET['pane'] == 'left') {
}
$onlinerow_reg = DB()->sql_fetchrowset($result);
+ // Get guests online information.
$sql = 'SELECT session_logged_in, session_time, session_ip, session_start
FROM ' . BB_SESSIONS . '
WHERE session_logged_in = 0
@@ -140,37 +141,26 @@ if (isset($_GET['pane']) && $_GET['pane'] == 'left') {
}
$onlinerow_guest = DB()->sql_fetchrowset($result);
- $reg_userid_ary = array();
-
+ // Reg users
if (count($onlinerow_reg)) {
- $registered_users = $hidden_users = 0;
+ $reg_userid_ary = array();
for ($i = 0, $iMax = count($onlinerow_reg); $i < $iMax; $i++) {
if (!in_array($onlinerow_reg[$i]['user_id'], $reg_userid_ary)) {
- $reg_userid_ary[] = $onlinerow_reg[$i]['user_id'];
+ if ($onlinerow_reg[$i]['user_id'] == $userdata['user_id'] || !bf($onlinerow_reg[$i]['user_opt'], 'user_opt', 'user_viewonline')) {
+ $reg_userid_ary[] = $onlinerow_reg[$i]['user_id'];
+ $row_class = 'row1';
+ $reg_ip = decode_ip($onlinerow_reg[$i]['session_ip']);
- $username = $onlinerow_reg[$i]['username'];
-
- if (bf($onlinerow_reg[$i]['user_opt'], 'user_opt', 'user_viewonline')) {
- $hidden_users++;
- $hidden = true;
- } else {
- $registered_users++;
- $hidden = false;
+ $template->assign_block_vars('reg_user_row', array(
+ 'ROW_CLASS' => $row_class,
+ 'USER' => profile_url($onlinerow_reg[$i]),
+ 'STARTED' => bb_date($onlinerow_reg[$i]['session_start'], 'H:i', false),
+ 'LASTUPDATE' => bb_date($onlinerow_reg[$i]['user_session_time'], 'H:i', false),
+ 'IP_ADDRESS' => $reg_ip,
+ 'U_WHOIS_IP' => $bb_cfg['whois_info'] . $reg_ip,
+ ));
}
-
- $row_class = 'row1';
-
- $reg_ip = decode_ip($onlinerow_reg[$i]['session_ip']);
-
- $template->assign_block_vars('reg_user_row', array(
- 'ROW_CLASS' => $row_class,
- 'USER' => profile_url($onlinerow_reg[$i]),
- 'STARTED' => bb_date($onlinerow_reg[$i]['session_start'], 'H:i', false),
- 'LASTUPDATE' => bb_date($onlinerow_reg[$i]['user_session_time'], 'H:i', false),
- 'IP_ADDRESS' => $reg_ip,
- 'U_WHOIS_IP' => $bb_cfg['whois_info'] . $reg_ip,
- ));
}
}
}
@@ -182,9 +172,7 @@ if (isset($_GET['pane']) && $_GET['pane'] == 'left') {
for ($i = 0, $iMax = count($onlinerow_guest); $i < $iMax; $i++) {
$guest_userip_ary[] = $onlinerow_guest[$i]['session_ip'];
$guest_users++;
-
$row_class = 'row2';
-
$guest_ip = decode_ip($onlinerow_guest[$i]['session_ip']);
$template->assign_block_vars('guest_user_row', array(
diff --git a/common.php b/common.php
index 811d175de..8c4b6d479 100644
--- a/common.php
+++ b/common.php
@@ -253,19 +253,19 @@ function file_write($str, $file, $max_size = LOG_MAX_SIZE, $lock = true, $replac
rename($file, $new_name);
}
}
-
- if (bb_mkdir(dirname($file))) {
- if ($fp = fopen($file, 'ab+')) {
- if ($lock) {
- flock($fp, LOCK_EX);
- }
- if ($replace_content) {
- ftruncate($fp, 0);
- fseek($fp, 0, SEEK_SET);
- }
- $bytes_written = fwrite($fp, $str);
- fclose($fp);
+ if (!file_exists($file) && $dir_created = bb_mkdir(dirname($file))) {
+ $fp = fopen($file, 'ab+');
+ }
+ if (isset($fp)) {
+ if ($lock) {
+ flock($fp, LOCK_EX);
}
+ if ($replace_content) {
+ ftruncate($fp, 0);
+ fseek($fp, 0, SEEK_SET);
+ }
+ $bytes_written = fwrite($fp, $str);
+ fclose($fp);
}
return $bytes_written;
diff --git a/composer.json b/composer.json
index 0d431b220..f20bac1f0 100644
--- a/composer.json
+++ b/composer.json
@@ -44,7 +44,7 @@
"php": "^7.1.3",
"bugsnag/bugsnag": "v3.29.0",
"egulias/email-validator": "2.*",
- "filp/whoops": "2.14.6",
+ "filp/whoops": "2.15.1",
"gigablah/sphinxphp": "2.0.8",
"google/recaptcha": "1.2.4",
"guzzlehttp/guzzle": "6.*",
diff --git a/composer.lock b/composer.lock
index 627755cdc..a7ec7e232 100644
--- a/composer.lock
+++ b/composer.lock
@@ -4,7 +4,7 @@
"Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
"This file is @generated automatically"
],
- "content-hash": "fe19943e4649e385d7d39dad9572fdcc",
+ "content-hash": "530818326ea7baa3a459b76781f0157a",
"packages": [
{
"name": "bugsnag/bugsnag",
@@ -291,16 +291,16 @@
},
{
"name": "filp/whoops",
- "version": "2.14.6",
+ "version": "2.15.1",
"source": {
"type": "git",
"url": "https://github.com/filp/whoops.git",
- "reference": "f7948baaa0330277c729714910336383286305da"
+ "reference": "e864ac957acd66e1565f25efda61e37791a5db0b"
},
"dist": {
"type": "zip",
- "url": "https://api.github.com/repos/filp/whoops/zipball/f7948baaa0330277c729714910336383286305da",
- "reference": "f7948baaa0330277c729714910336383286305da",
+ "url": "https://api.github.com/repos/filp/whoops/zipball/e864ac957acd66e1565f25efda61e37791a5db0b",
+ "reference": "e864ac957acd66e1565f25efda61e37791a5db0b",
"shasum": ""
},
"require": {
@@ -350,7 +350,7 @@
],
"support": {
"issues": "https://github.com/filp/whoops/issues",
- "source": "https://github.com/filp/whoops/tree/2.14.6"
+ "source": "https://github.com/filp/whoops/tree/2.15.1"
},
"funding": [
{
@@ -358,7 +358,7 @@
"type": "github"
}
],
- "time": "2022-11-02T16:23:29+00:00"
+ "time": "2023-03-06T18:09:13+00:00"
},
{
"name": "gigablah/sphinxphp",
diff --git a/group.php b/group.php
index e53b3157d..77ead8312 100644
--- a/group.php
+++ b/group.php
@@ -26,7 +26,7 @@ function generate_user_info(&$row, $date_format, $group_mod, &$from, &$posts, &$
$user_time = (!empty($row['user_time'])) ? bb_date($row['user_time']) : $lang['NONE'];
$posts = $row['user_posts'] ?: 0;
$pm = $bb_cfg['text_buttons'] ? '' . $lang['SEND_PM_TXTB'] . '' : '![' . $lang['SEND_PRIVATE_MESSAGE'] . '](' . $images['icon_pm'] . ' "' . $lang['SEND_PRIVATE_MESSAGE'] . '")
';
- $avatar = get_avatar($row['user_id'], $row['avatar_ext_id'], !bf($row['user_opt'], 'user_opt', 'dis_avatar'), '', 50, 50);
+ $avatar = get_avatar($row['user_id'], $row['avatar_ext_id'], !bf($row['user_opt'], 'user_opt', 'dis_avatar'), 50, 50);
if (bf($row['user_opt'], 'user_opt', 'user_viewemail') || $group_mod) {
$email_uri = ($bb_cfg['board_email_form']) ? ("profile.php?mode=email&" . POST_USERS_URL . "=" . $row['user_id']) : 'mailto:' . $row['user_email'];
@@ -391,7 +391,7 @@ if (!$group_id) {
'GROUP_NAME' => htmlCHR($group_info['group_name']),
'GROUP_DESCRIPTION' => bbcode2html($group_info['group_description']),
'GROUP_SIGNATURE' => bbcode2html($group_info['group_signature']),
- 'GROUP_AVATAR' => get_avatar(GROUP_AVATAR_MASK . $group_id, $group_info['avatar_ext_id'], true),
+ 'GROUP_AVATAR' => get_avatar(GROUP_AVATAR_MASK . $group_id, $group_info['avatar_ext_id']),
'GROUP_DETAILS' => $group_details,
'GROUP_TIME' => (!empty($group_info['group_time'])) ? sprintf('%s (%s)', bb_date($group_info['group_time']), delta_time($group_info['group_time'])) : $lang['NONE'],
'MOD_USER' => profile_url($group_moderator),
@@ -471,7 +471,7 @@ if (!$group_id) {
'ROW_NUMBER' => $i + ($start + 1),
'ROW_CLASS' => $row_class,
'RELEASER' => profile_url(array('user_id' => $release['poster_id'], 'username' => $release['username'], 'user_rank' => $release['user_rank'])),
- 'AVATAR_IMG' => get_avatar($release['poster_id'], $release['avatar_ext_id'], !bf($release['user_opt'], 'user_opt', 'dis_avatar'), '', 50, 50),
+ 'AVATAR_IMG' => get_avatar($release['poster_id'], $release['avatar_ext_id'], !bf($release['user_opt'], 'user_opt', 'dis_avatar'), 50, 50),
'RELEASE_NAME' => sprintf('%s', TOPIC_URL . $release['topic_id'], htmlCHR($release['topic_title'])),
'RELEASE_TIME' => bb_date($release['topic_time']),
'RELEASE_FORUM' => sprintf('%s', FORUM_URL . $release['forum_id'], htmlCHR($release['forum_name'])),
diff --git a/library/ajax/sitemap.php b/library/ajax/sitemap.php
index 5478c490f..82be6174d 100644
--- a/library/ajax/sitemap.php
+++ b/library/ajax/sitemap.php
@@ -34,17 +34,17 @@ switch ($mode) {
$map_link = make_url('sitemap/sitemap.xml');
- if ($map->sendSitemap('http://google.com/webmasters/sitemaps/ping?sitemap=', $map_link)) {
- $html .= '
' . $lang['SITEMAP_NOTIFY_SEARCH'] . ' Google: ' . $lang['SITEMAP_SENT'] . '';
- } else {
- $html .= '
' . $lang['SITEMAP_NOTIFY_SEARCH'] . ' Google: ' . $lang['SITEMAP_ERROR'] . ' URL: http://google.com/webmasters/sitemaps/ping?sitemap=' . $map_link . '';
+ foreach ($bb_cfg['sitemap_sending'] as $source_name => $source_link) {
+ if ($map->sendSitemap($source_link, $map_link)) {
+ $html .= '
' . $lang['SITEMAP_NOTIFY_SEARCH'] . ' ' . $source_name . ' : ' . $lang['SITEMAP_SENT'] . '';
+ } else {
+ $html .= '
' . $lang['SITEMAP_NOTIFY_SEARCH'] . ' ' . $source_name . ' : ' . $lang['SITEMAP_ERROR'] . ' URL: ' . $source_link . $map_link . '';
+ }
}
+ break;
- if ($map->sendSitemap('http://www.bing.com/ping?sitemap=', $map_link)) {
- $html .= '
' . $lang['SITEMAP_NOTIFY_SEARCH'] . ' Bing: ' . $lang['SITEMAP_SENT'] . '';
- } else {
- $html .= '
' . $lang['SITEMAP_NOTIFY_SEARCH'] . ' Bing: ' . $lang['SITEMAP_ERROR'] . ' URL: http://www.bing.com/ping?sitemap=' . $map_link . '';
- }
+ default:
+ $this->ajax_die("Invalid mode: $mode");
}
$this->response['html'] = $html;
diff --git a/library/config.php b/library/config.php
index 4415c8033..1143c6ac3 100644
--- a/library/config.php
+++ b/library/config.php
@@ -517,6 +517,11 @@ $bb_cfg['user_agreement_url'] = 'info.php?show=user_agreement';
$bb_cfg['copyright_holders_url'] = 'info.php?show=copyright_holders';
$bb_cfg['advert_url'] = 'info.php?show=advert';
+$bb_cfg['sitemap_sending'] = [
+# 'Source name' => 'http://ping_url'
+ 'Google' => 'http://google.com/webmasters/sitemaps/ping?sitemap=',
+];
+
// Extensions
$bb_cfg['file_id_ext'] = [
1 => 'gif',
diff --git a/library/includes/cron/jobs/sitemap.php b/library/includes/cron/jobs/sitemap.php
index b5faf8913..2f952dadf 100644
--- a/library/includes/cron/jobs/sitemap.php
+++ b/library/includes/cron/jobs/sitemap.php
@@ -17,6 +17,7 @@ $map->createSitemap();
if (file_exists(SITEMAP_DIR . '/sitemap.xml')) {
$map_link = make_url('sitemap/sitemap.xml');
- $map->sendSitemap('http://google.com/webmasters/sitemaps/ping?sitemap=', $map_link);
- $map->sendSitemap('http://www.bing.com/ping?sitemap=', $map_link);
+ foreach ($bb_cfg['sitemap_sending'] as $source_name => $source_link) {
+ $map->sendSitemap($source_link, $map_link);
+ }
}
diff --git a/library/includes/functions.php b/library/includes/functions.php
index 7da441d5b..dcf6b0bcf 100644
--- a/library/includes/functions.php
+++ b/library/includes/functions.php
@@ -1933,12 +1933,12 @@ function profile_url($data)
return $profile;
}
-function get_avatar($user_id, $ext_id, $allow_avatar = true, $size = true, $height = '', $width = '')
+function get_avatar($user_id, $ext_id, $allow_avatar = true, $height = 100, $width = 100)
{
global $bb_cfg;
- $height = !$height ? 'height="' . $height . '"' : '';
- $width = !$width ? 'width="' . $width . '"' : '';
+ $height = $height ? 'height="' . $height . '"' : '';
+ $width = $width ? 'width="' . $width . '"' : '';
$user_avatar = ' . ')
';
diff --git a/memberlist.php b/memberlist.php
index 655c61834..5edb8e727 100644
--- a/memberlist.php
+++ b/memberlist.php
@@ -145,7 +145,7 @@ $template->assign_vars(array(
));
// per-letter selection end
-$sql = "SELECT username, user_id, user_rank, user_opt, user_posts, user_regdate, user_from, user_website, user_email FROM " . BB_USERS . " WHERE user_id NOT IN(" . EXCLUDED_USERS . ")";
+$sql = "SELECT username, user_id, user_rank, user_opt, user_posts, user_regdate, user_from, user_website, user_email, avatar_ext_id FROM " . BB_USERS . " WHERE user_id NOT IN(" . EXCLUDED_USERS . ")";
if ($username) {
$username = str_replace("\*", '%', clean_username($username));
$letter_sql = "username LIKE '" . DB()->escape($username) . "'";
@@ -179,6 +179,7 @@ if ($result = DB()->fetch_rowset($sql)) {
'ROW_NUMBER' => $i + ($start + 1),
'ROW_CLASS' => $row_class,
'USER' => profile_url($row),
+ 'AVATAR' => get_avatar($row['user_id'], $row['avatar_ext_id'], !bf($row['user_opt'], 'user_opt', 'dis_avatar'), 50, 50),
'FROM' => $from,
'JOINED_RAW' => $row['user_regdate'],
'JOINED' => $joined,
diff --git a/styles/templates/default/memberlist.tpl b/styles/templates/default/memberlist.tpl
index ab3c68331..eddaaa62f 100644
--- a/styles/templates/default/memberlist.tpl
+++ b/styles/templates/default/memberlist.tpl
@@ -39,7 +39,7 @@
| {memberrow.ROW_NUMBER} |
- {memberrow.USER} |
+ {memberrow.AVATAR} {memberrow.USER} |
{memberrow.PM} |
{memberrow.EMAIL} |
{memberrow.FROM} |