From 6a4ee4e2389a415d7a4b3a8d28c25456cd7f4c10 Mon Sep 17 00:00:00 2001 From: Roman Kelesidis Date: Thu, 9 Mar 2023 16:24:32 +0700 Subject: [PATCH 01/10] Revert "Fixed broken file_write() function" This reverts commit 4a65e1af02dff907973d537c728013d202e71f80. --- common.php | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/common.php b/common.php index 811d175de..04531e9df 100644 --- a/common.php +++ b/common.php @@ -253,19 +253,19 @@ function file_write($str, $file, $max_size = LOG_MAX_SIZE, $lock = true, $replac rename($file, $new_name); } } - - if (bb_mkdir(dirname($file))) { - if ($fp = fopen($file, 'ab+')) { - if ($lock) { - flock($fp, LOCK_EX); - } - if ($replace_content) { - ftruncate($fp, 0); - fseek($fp, 0, SEEK_SET); - } - $bytes_written = fwrite($fp, $str); - fclose($fp); + if (file_exists($file) && $dir_created = bb_mkdir(dirname($file))) { + $fp = fopen($file, 'ab+'); + } + if (isset($fp)) { + if ($lock) { + flock($fp, LOCK_EX); } + if ($replace_content) { + ftruncate($fp, 0); + fseek($fp, 0, SEEK_SET); + } + $bytes_written = fwrite($fp, $str); + fclose($fp); } return $bytes_written; From 2bc28aa29fa493d60d23d68c5e752e60be909b32 Mon Sep 17 00:00:00 2001 From: Roman Kelesidis Date: Thu, 9 Mar 2023 16:30:55 +0700 Subject: [PATCH 02/10] Fixed checking exists a file to create a cache https: //github.com/torrentpier/torrentpier/pull/481 Co-Authored-By: Vasily Komrakov <425040+diolektor@users.noreply.github.com> --- common.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/common.php b/common.php index 04531e9df..8c4b6d479 100644 --- a/common.php +++ b/common.php @@ -253,7 +253,7 @@ function file_write($str, $file, $max_size = LOG_MAX_SIZE, $lock = true, $replac rename($file, $new_name); } } - if (file_exists($file) && $dir_created = bb_mkdir(dirname($file))) { + if (!file_exists($file) && $dir_created = bb_mkdir(dirname($file))) { $fp = fopen($file, 'ab+'); } if (isset($fp)) { From 49508c1d3c4cc09498a4ebdae11ec382039f2c55 Mon Sep 17 00:00:00 2001 From: Roman Kelesidis Date: Thu, 9 Mar 2023 18:00:08 +0700 Subject: [PATCH 03/10] Fixed broken "user_viewonline" in admin panel --- admin/index.php | 42 +++++++++++++++--------------------------- 1 file changed, 15 insertions(+), 27 deletions(-) diff --git a/admin/index.php b/admin/index.php index 2772d0e60..f0a09dce4 100644 --- a/admin/index.php +++ b/admin/index.php @@ -130,6 +130,7 @@ if (isset($_GET['pane']) && $_GET['pane'] == 'left') { } $onlinerow_reg = DB()->sql_fetchrowset($result); + // Get guests online information. $sql = 'SELECT session_logged_in, session_time, session_ip, session_start FROM ' . BB_SESSIONS . ' WHERE session_logged_in = 0 @@ -140,37 +141,26 @@ if (isset($_GET['pane']) && $_GET['pane'] == 'left') { } $onlinerow_guest = DB()->sql_fetchrowset($result); + // Reg users $reg_userid_ary = array(); - if (count($onlinerow_reg)) { - $registered_users = $hidden_users = 0; - for ($i = 0, $iMax = count($onlinerow_reg); $i < $iMax; $i++) { if (!in_array($onlinerow_reg[$i]['user_id'], $reg_userid_ary)) { - $reg_userid_ary[] = $onlinerow_reg[$i]['user_id']; + if ($onlinerow_reg[$i]['user_id'] == $userdata['user_id'] || !bf($onlinerow_reg[$i]['user_opt'], 'user_opt', 'user_viewonline')) { + $reg_userid_ary[] = $onlinerow_reg[$i]['user_id']; + $username = $onlinerow_reg[$i]['username']; + $row_class = 'row1'; + $reg_ip = decode_ip($onlinerow_reg[$i]['session_ip']); - $username = $onlinerow_reg[$i]['username']; - - if (bf($onlinerow_reg[$i]['user_opt'], 'user_opt', 'user_viewonline')) { - $hidden_users++; - $hidden = true; - } else { - $registered_users++; - $hidden = false; + $template->assign_block_vars('reg_user_row', array( + 'ROW_CLASS' => $row_class, + 'USER' => profile_url($onlinerow_reg[$i]), + 'STARTED' => bb_date($onlinerow_reg[$i]['session_start'], 'H:i', false), + 'LASTUPDATE' => bb_date($onlinerow_reg[$i]['user_session_time'], 'H:i', false), + 'IP_ADDRESS' => $reg_ip, + 'U_WHOIS_IP' => $bb_cfg['whois_info'] . $reg_ip, + )); } - - $row_class = 'row1'; - - $reg_ip = decode_ip($onlinerow_reg[$i]['session_ip']); - - $template->assign_block_vars('reg_user_row', array( - 'ROW_CLASS' => $row_class, - 'USER' => profile_url($onlinerow_reg[$i]), - 'STARTED' => bb_date($onlinerow_reg[$i]['session_start'], 'H:i', false), - 'LASTUPDATE' => bb_date($onlinerow_reg[$i]['user_session_time'], 'H:i', false), - 'IP_ADDRESS' => $reg_ip, - 'U_WHOIS_IP' => $bb_cfg['whois_info'] . $reg_ip, - )); } } } @@ -182,9 +172,7 @@ if (isset($_GET['pane']) && $_GET['pane'] == 'left') { for ($i = 0, $iMax = count($onlinerow_guest); $i < $iMax; $i++) { $guest_userip_ary[] = $onlinerow_guest[$i]['session_ip']; $guest_users++; - $row_class = 'row2'; - $guest_ip = decode_ip($onlinerow_guest[$i]['session_ip']); $template->assign_block_vars('guest_user_row', array( From 612093fb2aa9dbae46272eef8497f5b8a1574972 Mon Sep 17 00:00:00 2001 From: Roman Kelesidis Date: Thu, 9 Mar 2023 22:26:31 +0700 Subject: [PATCH 04/10] Minor adjustments #580 --- admin/index.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/admin/index.php b/admin/index.php index f0a09dce4..9a55cd9a5 100644 --- a/admin/index.php +++ b/admin/index.php @@ -142,13 +142,13 @@ if (isset($_GET['pane']) && $_GET['pane'] == 'left') { $onlinerow_guest = DB()->sql_fetchrowset($result); // Reg users - $reg_userid_ary = array(); if (count($onlinerow_reg)) { + $reg_userid_ary = array(); + for ($i = 0, $iMax = count($onlinerow_reg); $i < $iMax; $i++) { if (!in_array($onlinerow_reg[$i]['user_id'], $reg_userid_ary)) { if ($onlinerow_reg[$i]['user_id'] == $userdata['user_id'] || !bf($onlinerow_reg[$i]['user_opt'], 'user_opt', 'user_viewonline')) { $reg_userid_ary[] = $onlinerow_reg[$i]['user_id']; - $username = $onlinerow_reg[$i]['username']; $row_class = 'row1'; $reg_ip = decode_ip($onlinerow_reg[$i]['session_ip']); From 1b443d6f6a724c3ae596d11a1f792c07a0aa8bca Mon Sep 17 00:00:00 2001 From: Roman Kelesidis Date: Thu, 9 Mar 2023 22:39:07 +0700 Subject: [PATCH 05/10] Make sitemap sending configurable --- library/ajax/sitemap.php | 18 +++++++++--------- library/config.php | 5 +++++ library/includes/cron/jobs/sitemap.php | 5 +++-- 3 files changed, 17 insertions(+), 11 deletions(-) diff --git a/library/ajax/sitemap.php b/library/ajax/sitemap.php index 5478c490f..82be6174d 100644 --- a/library/ajax/sitemap.php +++ b/library/ajax/sitemap.php @@ -34,17 +34,17 @@ switch ($mode) { $map_link = make_url('sitemap/sitemap.xml'); - if ($map->sendSitemap('http://google.com/webmasters/sitemaps/ping?sitemap=', $map_link)) { - $html .= '
' . $lang['SITEMAP_NOTIFY_SEARCH'] . ' Google: ' . $lang['SITEMAP_SENT'] . ''; - } else { - $html .= '
' . $lang['SITEMAP_NOTIFY_SEARCH'] . ' Google: ' . $lang['SITEMAP_ERROR'] . ' URL: http://google.com/webmasters/sitemaps/ping?sitemap=' . $map_link . ''; + foreach ($bb_cfg['sitemap_sending'] as $source_name => $source_link) { + if ($map->sendSitemap($source_link, $map_link)) { + $html .= '
' . $lang['SITEMAP_NOTIFY_SEARCH'] . ' ' . $source_name . ' : ' . $lang['SITEMAP_SENT'] . ''; + } else { + $html .= '
' . $lang['SITEMAP_NOTIFY_SEARCH'] . ' ' . $source_name . ' : ' . $lang['SITEMAP_ERROR'] . ' URL: ' . $source_link . $map_link . ''; + } } + break; - if ($map->sendSitemap('http://www.bing.com/ping?sitemap=', $map_link)) { - $html .= '
' . $lang['SITEMAP_NOTIFY_SEARCH'] . ' Bing: ' . $lang['SITEMAP_SENT'] . ''; - } else { - $html .= '
' . $lang['SITEMAP_NOTIFY_SEARCH'] . ' Bing: ' . $lang['SITEMAP_ERROR'] . ' URL: http://www.bing.com/ping?sitemap=' . $map_link . ''; - } + default: + $this->ajax_die("Invalid mode: $mode"); } $this->response['html'] = $html; diff --git a/library/config.php b/library/config.php index 4415c8033..1143c6ac3 100644 --- a/library/config.php +++ b/library/config.php @@ -517,6 +517,11 @@ $bb_cfg['user_agreement_url'] = 'info.php?show=user_agreement'; $bb_cfg['copyright_holders_url'] = 'info.php?show=copyright_holders'; $bb_cfg['advert_url'] = 'info.php?show=advert'; +$bb_cfg['sitemap_sending'] = [ +# 'Source name' => 'http://ping_url' + 'Google' => 'http://google.com/webmasters/sitemaps/ping?sitemap=', +]; + // Extensions $bb_cfg['file_id_ext'] = [ 1 => 'gif', diff --git a/library/includes/cron/jobs/sitemap.php b/library/includes/cron/jobs/sitemap.php index b5faf8913..2f952dadf 100644 --- a/library/includes/cron/jobs/sitemap.php +++ b/library/includes/cron/jobs/sitemap.php @@ -17,6 +17,7 @@ $map->createSitemap(); if (file_exists(SITEMAP_DIR . '/sitemap.xml')) { $map_link = make_url('sitemap/sitemap.xml'); - $map->sendSitemap('http://google.com/webmasters/sitemaps/ping?sitemap=', $map_link); - $map->sendSitemap('http://www.bing.com/ping?sitemap=', $map_link); + foreach ($bb_cfg['sitemap_sending'] as $source_name => $source_link) { + $map->sendSitemap($source_link, $map_link); + } } From adfb27ecdf58fde868fd73c0d64eadaf8bbea45f Mon Sep 17 00:00:00 2001 From: Roman Kelesidis Date: Thu, 9 Mar 2023 22:49:28 +0700 Subject: [PATCH 06/10] Fixed get_avatar method --- group.php | 6 +++--- library/includes/functions.php | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/group.php b/group.php index e53b3157d..77ead8312 100644 --- a/group.php +++ b/group.php @@ -26,7 +26,7 @@ function generate_user_info(&$row, $date_format, $group_mod, &$from, &$posts, &$ $user_time = (!empty($row['user_time'])) ? bb_date($row['user_time']) : $lang['NONE']; $posts = $row['user_posts'] ?: 0; $pm = $bb_cfg['text_buttons'] ? '' . $lang['SEND_PM_TXTB'] . '' : '' . $lang['SEND_PRIVATE_MESSAGE'] . ''; - $avatar = get_avatar($row['user_id'], $row['avatar_ext_id'], !bf($row['user_opt'], 'user_opt', 'dis_avatar'), '', 50, 50); + $avatar = get_avatar($row['user_id'], $row['avatar_ext_id'], !bf($row['user_opt'], 'user_opt', 'dis_avatar'), 50, 50); if (bf($row['user_opt'], 'user_opt', 'user_viewemail') || $group_mod) { $email_uri = ($bb_cfg['board_email_form']) ? ("profile.php?mode=email&" . POST_USERS_URL . "=" . $row['user_id']) : 'mailto:' . $row['user_email']; @@ -391,7 +391,7 @@ if (!$group_id) { 'GROUP_NAME' => htmlCHR($group_info['group_name']), 'GROUP_DESCRIPTION' => bbcode2html($group_info['group_description']), 'GROUP_SIGNATURE' => bbcode2html($group_info['group_signature']), - 'GROUP_AVATAR' => get_avatar(GROUP_AVATAR_MASK . $group_id, $group_info['avatar_ext_id'], true), + 'GROUP_AVATAR' => get_avatar(GROUP_AVATAR_MASK . $group_id, $group_info['avatar_ext_id']), 'GROUP_DETAILS' => $group_details, 'GROUP_TIME' => (!empty($group_info['group_time'])) ? sprintf('%s (%s)', bb_date($group_info['group_time']), delta_time($group_info['group_time'])) : $lang['NONE'], 'MOD_USER' => profile_url($group_moderator), @@ -471,7 +471,7 @@ if (!$group_id) { 'ROW_NUMBER' => $i + ($start + 1), 'ROW_CLASS' => $row_class, 'RELEASER' => profile_url(array('user_id' => $release['poster_id'], 'username' => $release['username'], 'user_rank' => $release['user_rank'])), - 'AVATAR_IMG' => get_avatar($release['poster_id'], $release['avatar_ext_id'], !bf($release['user_opt'], 'user_opt', 'dis_avatar'), '', 50, 50), + 'AVATAR_IMG' => get_avatar($release['poster_id'], $release['avatar_ext_id'], !bf($release['user_opt'], 'user_opt', 'dis_avatar'), 50, 50), 'RELEASE_NAME' => sprintf('%s', TOPIC_URL . $release['topic_id'], htmlCHR($release['topic_title'])), 'RELEASE_TIME' => bb_date($release['topic_time']), 'RELEASE_FORUM' => sprintf('%s', FORUM_URL . $release['forum_id'], htmlCHR($release['forum_name'])), diff --git a/library/includes/functions.php b/library/includes/functions.php index 7da441d5b..dcf6b0bcf 100644 --- a/library/includes/functions.php +++ b/library/includes/functions.php @@ -1933,12 +1933,12 @@ function profile_url($data) return $profile; } -function get_avatar($user_id, $ext_id, $allow_avatar = true, $size = true, $height = '', $width = '') +function get_avatar($user_id, $ext_id, $allow_avatar = true, $height = 100, $width = 100) { global $bb_cfg; - $height = !$height ? 'height="' . $height . '"' : ''; - $width = !$width ? 'width="' . $width . '"' : ''; + $height = $height ? 'height="' . $height . '"' : ''; + $width = $width ? 'width="' . $width . '"' : ''; $user_avatar = '' . $user_id . ''; From 6f2a545f6069a9f4df32c8723bfb75b0c22686bf Mon Sep 17 00:00:00 2001 From: Roman Kelesidis Date: Thu, 9 Mar 2023 22:53:42 +0700 Subject: [PATCH 07/10] Added show avatar in memberlist --- memberlist.php | 3 ++- styles/templates/default/memberlist.tpl | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/memberlist.php b/memberlist.php index 655c61834..5edb8e727 100644 --- a/memberlist.php +++ b/memberlist.php @@ -145,7 +145,7 @@ $template->assign_vars(array( )); // per-letter selection end -$sql = "SELECT username, user_id, user_rank, user_opt, user_posts, user_regdate, user_from, user_website, user_email FROM " . BB_USERS . " WHERE user_id NOT IN(" . EXCLUDED_USERS . ")"; +$sql = "SELECT username, user_id, user_rank, user_opt, user_posts, user_regdate, user_from, user_website, user_email, avatar_ext_id FROM " . BB_USERS . " WHERE user_id NOT IN(" . EXCLUDED_USERS . ")"; if ($username) { $username = str_replace("\*", '%', clean_username($username)); $letter_sql = "username LIKE '" . DB()->escape($username) . "'"; @@ -179,6 +179,7 @@ if ($result = DB()->fetch_rowset($sql)) { 'ROW_NUMBER' => $i + ($start + 1), 'ROW_CLASS' => $row_class, 'USER' => profile_url($row), + 'AVATAR' => get_avatar($row['user_id'], $row['avatar_ext_id'], !bf($row['user_opt'], 'user_opt', 'dis_avatar'), 50, 50), 'FROM' => $from, 'JOINED_RAW' => $row['user_regdate'], 'JOINED' => $joined, diff --git a/styles/templates/default/memberlist.tpl b/styles/templates/default/memberlist.tpl index ab3c68331..eddaaa62f 100644 --- a/styles/templates/default/memberlist.tpl +++ b/styles/templates/default/memberlist.tpl @@ -39,7 +39,7 @@ {memberrow.ROW_NUMBER} - {memberrow.USER} +
{memberrow.AVATAR}
{memberrow.USER} {memberrow.PM} {memberrow.EMAIL} {memberrow.FROM} From c4c25dfd080fb240d851b9ed58cc88aaf5c33dd9 Mon Sep 17 00:00:00 2001 From: Yury Pikhtarev Date: Thu, 9 Mar 2023 21:22:02 +0300 Subject: [PATCH 08/10] Create .github/dependabot.yml Add Dependabot automatic composer packages updates --- .github/dependabot.yml | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) create mode 100644 .github/dependabot.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 000000000..28f94a001 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,16 @@ +# To get started with Dependabot version updates, you'll need to specify which +# package ecosystems to update and where the package manifests are located. +# Please see the documentation for all configuration options: +# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates + +version: 2 + +updates: + - package-ecosystem: "composer" + directory: "/" + versioning-strategy: increase-if-necessary + commit-message: + prefix: "Composer" + include: "scope" + schedule: + interval: "daily" From 37111bda508b51143f6ae9e6436b21b7249f551d Mon Sep 17 00:00:00 2001 From: Yury Pikhtarev Date: Thu, 9 Mar 2023 21:32:06 +0300 Subject: [PATCH 09/10] Create .github/workflows/phpmd.yml Add PHP equivalent of the well known Java tool PMD. --- .github/workflows/phpmd.yml | 57 +++++++++++++++++++++++++++++++++++++ 1 file changed, 57 insertions(+) create mode 100644 .github/workflows/phpmd.yml diff --git a/.github/workflows/phpmd.yml b/.github/workflows/phpmd.yml new file mode 100644 index 000000000..3e06d7538 --- /dev/null +++ b/.github/workflows/phpmd.yml @@ -0,0 +1,57 @@ +# This workflow uses actions that are not certified by GitHub. +# They are provided by a third-party and are governed by +# separate terms of service, privacy policy, and support +# documentation. +# PHPMD is a spin-off project of PHP Depend and +# aims to be a PHP equivalent of the well known Java tool PMD. +# What PHPMD does is: It takes a given PHP source code base +# and look for several potential problems within that source. +# These problems can be things like: +# Possible bugs +# Suboptimal code +# Overcomplicated expressions +# Unused parameters, methods, properties +# More details at https://phpmd.org/ + +name: PHPMD + +on: + push: + branches: [ "master" ] + pull_request: + # The branches below must be a subset of the branches above + branches: [ "master" ] + schedule: + - cron: '40 0 * * 3' + +permissions: + contents: read + +jobs: + PHPMD: + name: Run PHPMD scanning + runs-on: ubuntu-latest + permissions: + contents: read # for checkout to fetch code + security-events: write # for github/codeql-action/upload-sarif to upload SARIF results + actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status + + steps: + - name: Checkout code + uses: actions/checkout@v3 + + - name: Setup PHP + uses: shivammathur/setup-php@aa1fe473f9c687b6fb896056d771232c0bc41161 + with: + coverage: none + tools: phpmd + + - name: Run PHPMD + run: phpmd . sarif codesize --reportfile phpmd-results.sarif + continue-on-error: true + + - name: Upload analysis results to GitHub + uses: github/codeql-action/upload-sarif@v2 + with: + sarif_file: phpmd-results.sarif + wait-for-processing: true From 1bf85de2f3675ce8b581cd548b32ddc303efe5f6 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 9 Mar 2023 18:26:07 +0000 Subject: [PATCH 10/10] Composer(deps): Bump filp/whoops from 2.14.6 to 2.15.1 Bumps [filp/whoops](https://github.com/filp/whoops) from 2.14.6 to 2.15.1. - [Release notes](https://github.com/filp/whoops/releases) - [Changelog](https://github.com/filp/whoops/blob/master/CHANGELOG.md) - [Commits](https://github.com/filp/whoops/compare/2.14.6...2.15.1) --- updated-dependencies: - dependency-name: filp/whoops dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- composer.json | 2 +- composer.lock | 14 +++++++------- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/composer.json b/composer.json index 0d431b220..f20bac1f0 100644 --- a/composer.json +++ b/composer.json @@ -44,7 +44,7 @@ "php": "^7.1.3", "bugsnag/bugsnag": "v3.29.0", "egulias/email-validator": "2.*", - "filp/whoops": "2.14.6", + "filp/whoops": "2.15.1", "gigablah/sphinxphp": "2.0.8", "google/recaptcha": "1.2.4", "guzzlehttp/guzzle": "6.*", diff --git a/composer.lock b/composer.lock index 627755cdc..a7ec7e232 100644 --- a/composer.lock +++ b/composer.lock @@ -4,7 +4,7 @@ "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies", "This file is @generated automatically" ], - "content-hash": "fe19943e4649e385d7d39dad9572fdcc", + "content-hash": "530818326ea7baa3a459b76781f0157a", "packages": [ { "name": "bugsnag/bugsnag", @@ -291,16 +291,16 @@ }, { "name": "filp/whoops", - "version": "2.14.6", + "version": "2.15.1", "source": { "type": "git", "url": "https://github.com/filp/whoops.git", - "reference": "f7948baaa0330277c729714910336383286305da" + "reference": "e864ac957acd66e1565f25efda61e37791a5db0b" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/filp/whoops/zipball/f7948baaa0330277c729714910336383286305da", - "reference": "f7948baaa0330277c729714910336383286305da", + "url": "https://api.github.com/repos/filp/whoops/zipball/e864ac957acd66e1565f25efda61e37791a5db0b", + "reference": "e864ac957acd66e1565f25efda61e37791a5db0b", "shasum": "" }, "require": { @@ -350,7 +350,7 @@ ], "support": { "issues": "https://github.com/filp/whoops/issues", - "source": "https://github.com/filp/whoops/tree/2.14.6" + "source": "https://github.com/filp/whoops/tree/2.15.1" }, "funding": [ { @@ -358,7 +358,7 @@ "type": "github" } ], - "time": "2022-11-02T16:23:29+00:00" + "time": "2023-03-06T18:09:13+00:00" }, { "name": "gigablah/sphinxphp",