@@ -429,7 +429,7 @@ |
||
429 | 429 | */ |
430 | 430 | function matchIPtoCIDR($ip_address, $cidr_address) |
431 | 431 | { |
432 | - list ($cidr_network, $cidr_subnetmask) = preg_split('/', $cidr_address); |
|
432 | + list ($cidr_network, $cidr_subnetmask) = preg_split('/', $cidr_address); |
|
433 | 433 | |
434 | 434 | //v6? |
435 | 435 | if ((strpos($cidr_network, ':') !== false)) |
@@ -454,7 +454,7 @@ |
||
454 | 454 | break; |
455 | 455 | } |
456 | 456 | $binMask = str_pad($binMask, 32, '0'); |
457 | - $binMask = pack("H*" , $binMask); |
|
457 | + $binMask = pack("H*", $binMask); |
|
458 | 458 | |
459 | 459 | return ($ip_address & $binMask) == $cidr_network; |
460 | 460 | } |
@@ -14,8 +14,9 @@ discard block |
||
14 | 14 | * @version 2.1 Beta 4 |
15 | 15 | */ |
16 | 16 | |
17 | -if (!defined('SMF')) |
|
17 | +if (!defined('SMF')) { |
|
18 | 18 | die('No direct access...'); |
19 | +} |
|
19 | 20 | |
20 | 21 | /** |
21 | 22 | * Clean the request variables - add html entities to GET and slashes if magic_quotes_gpc is Off. |
@@ -44,22 +45,26 @@ discard block |
||
44 | 45 | unset($GLOBALS['HTTP_POST_FILES'], $GLOBALS['HTTP_POST_FILES']); |
45 | 46 | |
46 | 47 | // These keys shouldn't be set...ever. |
47 | - if (isset($_REQUEST['GLOBALS']) || isset($_COOKIE['GLOBALS'])) |
|
48 | - die('Invalid request variable.'); |
|
48 | + if (isset($_REQUEST['GLOBALS']) || isset($_COOKIE['GLOBALS'])) { |
|
49 | + die('Invalid request variable.'); |
|
50 | + } |
|
49 | 51 | |
50 | 52 | // Same goes for numeric keys. |
51 | - foreach (array_merge(array_keys($_POST), array_keys($_GET), array_keys($_FILES)) as $key) |
|
52 | - if (is_numeric($key)) |
|
53 | + foreach (array_merge(array_keys($_POST), array_keys($_GET), array_keys($_FILES)) as $key) { |
|
54 | + if (is_numeric($key)) |
|
53 | 55 | die('Numeric request keys are invalid.'); |
56 | + } |
|
54 | 57 | |
55 | 58 | // Numeric keys in cookies are less of a problem. Just unset those. |
56 | - foreach ($_COOKIE as $key => $value) |
|
57 | - if (is_numeric($key)) |
|
59 | + foreach ($_COOKIE as $key => $value) { |
|
60 | + if (is_numeric($key)) |
|
58 | 61 | unset($_COOKIE[$key]); |
62 | + } |
|
59 | 63 | |
60 | 64 | // Get the correct query string. It may be in an environment variable... |
61 | - if (!isset($_SERVER['QUERY_STRING'])) |
|
62 | - $_SERVER['QUERY_STRING'] = getenv('QUERY_STRING'); |
|
65 | + if (!isset($_SERVER['QUERY_STRING'])) { |
|
66 | + $_SERVER['QUERY_STRING'] = getenv('QUERY_STRING'); |
|
67 | + } |
|
63 | 68 | |
64 | 69 | // It seems that sticking a URL after the query string is mighty common, well, it's evil - don't. |
65 | 70 | if (strpos($_SERVER['QUERY_STRING'], 'http') === 0) |
@@ -83,13 +88,14 @@ discard block |
||
83 | 88 | parse_str(preg_replace('/&(\w+)(?=&|$)/', '&$1=', strtr($_SERVER['QUERY_STRING'], array(';?' => '&', ';' => '&', '%00' => '', "\0" => ''))), $_GET); |
84 | 89 | |
85 | 90 | // Magic quotes still applies with parse_str - so clean it up. |
86 | - if (function_exists('get_magic_quotes_gpc') && @get_magic_quotes_gpc() != 0 && empty($modSettings['integrate_magic_quotes'])) |
|
87 | - $_GET = $removeMagicQuoteFunction($_GET); |
|
88 | - } |
|
89 | - elseif (strpos(ini_get('arg_separator.input'), ';') !== false) |
|
91 | + if (function_exists('get_magic_quotes_gpc') && @get_magic_quotes_gpc() != 0 && empty($modSettings['integrate_magic_quotes'])) { |
|
92 | + $_GET = $removeMagicQuoteFunction($_GET); |
|
93 | + } |
|
94 | + } elseif (strpos(ini_get('arg_separator.input'), ';') !== false) |
|
90 | 95 | { |
91 | - if (function_exists('get_magic_quotes_gpc') && @get_magic_quotes_gpc() != 0 && empty($modSettings['integrate_magic_quotes'])) |
|
92 | - $_GET = $removeMagicQuoteFunction($_GET); |
|
96 | + if (function_exists('get_magic_quotes_gpc') && @get_magic_quotes_gpc() != 0 && empty($modSettings['integrate_magic_quotes'])) { |
|
97 | + $_GET = $removeMagicQuoteFunction($_GET); |
|
98 | + } |
|
93 | 99 | |
94 | 100 | // Search engines will send action=profile%3Bu=1, which confuses PHP. |
95 | 101 | foreach ($_GET as $k => $v) |
@@ -102,8 +108,9 @@ discard block |
||
102 | 108 | for ($i = 1, $n = count($temp); $i < $n; $i++) |
103 | 109 | { |
104 | 110 | @list ($key, $val) = @explode('=', $temp[$i], 2); |
105 | - if (!isset($_GET[$key])) |
|
106 | - $_GET[$key] = $val; |
|
111 | + if (!isset($_GET[$key])) { |
|
112 | + $_GET[$key] = $val; |
|
113 | + } |
|
107 | 114 | } |
108 | 115 | } |
109 | 116 | |
@@ -120,18 +127,20 @@ discard block |
||
120 | 127 | if (!empty($_SERVER['REQUEST_URI'])) |
121 | 128 | { |
122 | 129 | // Remove the .html, assuming there is one. |
123 | - if (substr($_SERVER['REQUEST_URI'], strrpos($_SERVER['REQUEST_URI'], '.'), 4) == '.htm') |
|
124 | - $request = substr($_SERVER['REQUEST_URI'], 0, strrpos($_SERVER['REQUEST_URI'], '.')); |
|
125 | - else |
|
126 | - $request = $_SERVER['REQUEST_URI']; |
|
130 | + if (substr($_SERVER['REQUEST_URI'], strrpos($_SERVER['REQUEST_URI'], '.'), 4) == '.htm') { |
|
131 | + $request = substr($_SERVER['REQUEST_URI'], 0, strrpos($_SERVER['REQUEST_URI'], '.')); |
|
132 | + } else { |
|
133 | + $request = $_SERVER['REQUEST_URI']; |
|
134 | + } |
|
127 | 135 | |
128 | 136 | // @todo smflib. |
129 | 137 | // Replace 'index.php/a,b,c/d/e,f' with 'a=b,c&d=&e=f' and parse it into $_GET. |
130 | 138 | if (strpos($request, basename($scripturl) . '/') !== false) |
131 | 139 | { |
132 | 140 | parse_str(substr(preg_replace('/&(\w+)(?=&|$)/', '&$1=', strtr(preg_replace('~/([^,/]+),~', '/$1=', substr($request, strpos($request, basename($scripturl)) + strlen(basename($scripturl)))), '/', '&')), 1), $temp); |
133 | - if (function_exists('get_magic_quotes_gpc') && @get_magic_quotes_gpc() != 0 && empty($modSettings['integrate_magic_quotes'])) |
|
134 | - $temp = $removeMagicQuoteFunction($temp); |
|
141 | + if (function_exists('get_magic_quotes_gpc') && @get_magic_quotes_gpc() != 0 && empty($modSettings['integrate_magic_quotes'])) { |
|
142 | + $temp = $removeMagicQuoteFunction($temp); |
|
143 | + } |
|
135 | 144 | $_GET += $temp; |
136 | 145 | } |
137 | 146 | } |
@@ -142,9 +151,10 @@ discard block |
||
142 | 151 | $_ENV = $removeMagicQuoteFunction($_ENV); |
143 | 152 | $_POST = $removeMagicQuoteFunction($_POST); |
144 | 153 | $_COOKIE = $removeMagicQuoteFunction($_COOKIE); |
145 | - foreach ($_FILES as $k => $dummy) |
|
146 | - if (isset($_FILES[$k]['name'])) |
|
154 | + foreach ($_FILES as $k => $dummy) { |
|
155 | + if (isset($_FILES[$k]['name'])) |
|
147 | 156 | $_FILES[$k]['name'] = $removeMagicQuoteFunction($_FILES[$k]['name']); |
157 | + } |
|
148 | 158 | } |
149 | 159 | |
150 | 160 | // Add entities to GET. This is kinda like the slashes on everything else. |
@@ -160,11 +170,13 @@ discard block |
||
160 | 170 | $_REQUEST['board'] = (string) $_REQUEST['board']; |
161 | 171 | |
162 | 172 | // If there's a slash in it, we've got a start value! (old, compatible links.) |
163 | - if (strpos($_REQUEST['board'], '/') !== false) |
|
164 | - list ($_REQUEST['board'], $_REQUEST['start']) = explode('/', $_REQUEST['board']); |
|
173 | + if (strpos($_REQUEST['board'], '/') !== false) { |
|
174 | + list ($_REQUEST['board'], $_REQUEST['start']) = explode('/', $_REQUEST['board']); |
|
175 | + } |
|
165 | 176 | // Same idea, but dots. This is the currently used format - ?board=1.0... |
166 | - elseif (strpos($_REQUEST['board'], '.') !== false) |
|
167 | - list ($_REQUEST['board'], $_REQUEST['start']) = explode('.', $_REQUEST['board']); |
|
177 | + elseif (strpos($_REQUEST['board'], '.') !== false) { |
|
178 | + list ($_REQUEST['board'], $_REQUEST['start']) = explode('.', $_REQUEST['board']); |
|
179 | + } |
|
168 | 180 | // Now make absolutely sure it's a number. |
169 | 181 | $board = (int) $_REQUEST['board']; |
170 | 182 | $_REQUEST['start'] = isset($_REQUEST['start']) ? (int) $_REQUEST['start'] : 0; |
@@ -173,12 +185,14 @@ discard block |
||
173 | 185 | $_GET['board'] = $board; |
174 | 186 | } |
175 | 187 | // Well, $board is going to be a number no matter what. |
176 | - else |
|
177 | - $board = 0; |
|
188 | + else { |
|
189 | + $board = 0; |
|
190 | + } |
|
178 | 191 | |
179 | 192 | // If there's a threadid, it's probably an old YaBB SE link. Flow with it. |
180 | - if (isset($_REQUEST['threadid']) && !isset($_REQUEST['topic'])) |
|
181 | - $_REQUEST['topic'] = $_REQUEST['threadid']; |
|
193 | + if (isset($_REQUEST['threadid']) && !isset($_REQUEST['topic'])) { |
|
194 | + $_REQUEST['topic'] = $_REQUEST['threadid']; |
|
195 | + } |
|
182 | 196 | |
183 | 197 | // We've got topic! |
184 | 198 | if (isset($_REQUEST['topic'])) |
@@ -187,11 +201,13 @@ discard block |
||
187 | 201 | $_REQUEST['topic'] = (string) $_REQUEST['topic']; |
188 | 202 | |
189 | 203 | // Slash means old, beta style, formatting. That's okay though, the link should still work. |
190 | - if (strpos($_REQUEST['topic'], '/') !== false) |
|
191 | - list ($_REQUEST['topic'], $_REQUEST['start']) = explode('/', $_REQUEST['topic']); |
|
204 | + if (strpos($_REQUEST['topic'], '/') !== false) { |
|
205 | + list ($_REQUEST['topic'], $_REQUEST['start']) = explode('/', $_REQUEST['topic']); |
|
206 | + } |
|
192 | 207 | // Dots are useful and fun ;). This is ?topic=1.15. |
193 | - elseif (strpos($_REQUEST['topic'], '.') !== false) |
|
194 | - list ($_REQUEST['topic'], $_REQUEST['start']) = explode('.', $_REQUEST['topic']); |
|
208 | + elseif (strpos($_REQUEST['topic'], '.') !== false) { |
|
209 | + list ($_REQUEST['topic'], $_REQUEST['start']) = explode('.', $_REQUEST['topic']); |
|
210 | + } |
|
195 | 211 | |
196 | 212 | // Topic should always be an integer |
197 | 213 | $topic = $_GET['topic'] = $_REQUEST['topic'] = (int) $_REQUEST['topic']; |
@@ -225,21 +241,25 @@ discard block |
||
225 | 241 | $_REQUEST['start'] = $timestamp === 0 ? 0 : 'from' . $timestamp; |
226 | 242 | } |
227 | 243 | // ... or something invalid, in which case we reset it to 0. |
228 | - else |
|
229 | - $_REQUEST['start'] = 0; |
|
244 | + else { |
|
245 | + $_REQUEST['start'] = 0; |
|
246 | + } |
|
247 | + } else { |
|
248 | + $topic = 0; |
|
230 | 249 | } |
231 | - else |
|
232 | - $topic = 0; |
|
233 | 250 | |
234 | 251 | // There should be a $_REQUEST['start'], some at least. If you need to default to other than 0, use $_GET['start']. |
235 | - if (empty($_REQUEST['start']) || $_REQUEST['start'] < 0 || (int) $_REQUEST['start'] > 2147473647) |
|
236 | - $_REQUEST['start'] = 0; |
|
252 | + if (empty($_REQUEST['start']) || $_REQUEST['start'] < 0 || (int) $_REQUEST['start'] > 2147473647) { |
|
253 | + $_REQUEST['start'] = 0; |
|
254 | + } |
|
237 | 255 | |
238 | 256 | // The action needs to be a string and not an array or anything else |
239 | - if (isset($_REQUEST['action'])) |
|
240 | - $_REQUEST['action'] = (string) $_REQUEST['action']; |
|
241 | - if (isset($_GET['action'])) |
|
242 | - $_GET['action'] = (string) $_GET['action']; |
|
257 | + if (isset($_REQUEST['action'])) { |
|
258 | + $_REQUEST['action'] = (string) $_REQUEST['action']; |
|
259 | + } |
|
260 | + if (isset($_GET['action'])) { |
|
261 | + $_GET['action'] = (string) $_GET['action']; |
|
262 | + } |
|
243 | 263 | |
244 | 264 | // Some mail providers like to encode semicolons in activation URLs... |
245 | 265 | if (!empty($_REQUEST['action']) && substr($_SERVER['QUERY_STRING'], 0, 18) == 'action=activate%3b') |
@@ -265,29 +285,33 @@ discard block |
||
265 | 285 | $_SERVER['BAN_CHECK_IP'] = $_SERVER['REMOTE_ADDR']; |
266 | 286 | |
267 | 287 | // If we haven't specified how to handle Reverse Proxy IP headers, lets do what we always used to do. |
268 | - if (!isset($modSettings['proxy_ip_header'])) |
|
269 | - $modSettings['proxy_ip_header'] = 'autodetect'; |
|
288 | + if (!isset($modSettings['proxy_ip_header'])) { |
|
289 | + $modSettings['proxy_ip_header'] = 'autodetect'; |
|
290 | + } |
|
270 | 291 | |
271 | 292 | // Which headers are we going to check for Reverse Proxy IP headers? |
272 | - if ($modSettings['proxy_ip_header'] == 'disabled') |
|
273 | - $reverseIPheaders = array(); |
|
274 | - elseif ($modSettings['proxy_ip_header'] == 'autodetect') |
|
275 | - $reverseIPheaders = array('HTTP_X_FORWARDED_FOR', 'HTTP_CLIENT_IP'); |
|
276 | - else |
|
277 | - $reverseIPheaders = array($modSettings['proxy_ip_header']); |
|
293 | + if ($modSettings['proxy_ip_header'] == 'disabled') { |
|
294 | + $reverseIPheaders = array(); |
|
295 | + } elseif ($modSettings['proxy_ip_header'] == 'autodetect') { |
|
296 | + $reverseIPheaders = array('HTTP_X_FORWARDED_FOR', 'HTTP_CLIENT_IP'); |
|
297 | + } else { |
|
298 | + $reverseIPheaders = array($modSettings['proxy_ip_header']); |
|
299 | + } |
|
278 | 300 | |
279 | 301 | // Find the user's IP address. (but don't let it give you 'unknown'!) |
280 | 302 | foreach ($reverseIPheaders as $proxyIPheader) |
281 | 303 | { |
282 | 304 | // Ignore if this is not set. |
283 | - if (!isset($_SERVER[$proxyIPheader])) |
|
284 | - continue; |
|
305 | + if (!isset($_SERVER[$proxyIPheader])) { |
|
306 | + continue; |
|
307 | + } |
|
285 | 308 | |
286 | 309 | if (!empty($modSettings['proxy_ip_servers'])) |
287 | 310 | { |
288 | - foreach (explode(',', $modSettings['proxy_ip_servers']) as $proxy) |
|
289 | - if ($proxy == $_SERVER['REMOTE_ADDR'] || matchIPtoCIDR($_SERVER['REMOTE_ADDR'], $proxy)) |
|
311 | + foreach (explode(',', $modSettings['proxy_ip_servers']) as $proxy) { |
|
312 | + if ($proxy == $_SERVER['REMOTE_ADDR'] || matchIPtoCIDR($_SERVER['REMOTE_ADDR'], $proxy)) |
|
290 | 313 | continue; |
314 | + } |
|
291 | 315 | } |
292 | 316 | |
293 | 317 | // If there are commas, get the last one.. probably. |
@@ -307,8 +331,9 @@ discard block |
||
307 | 331 | |
308 | 332 | // Just incase we have a legacy IPv4 address. |
309 | 333 | // @ TODO: Convert to IPv6. |
310 | - if (preg_match('~^((([1]?\d)?\d|2[0-4]\d|25[0-5])\.){3}(([1]?\d)?\d|2[0-4]\d|25[0-5])$~', $_SERVER[$proxyIPheader]) === 0) |
|
311 | - continue; |
|
334 | + if (preg_match('~^((([1]?\d)?\d|2[0-4]\d|25[0-5])\.){3}(([1]?\d)?\d|2[0-4]\d|25[0-5])$~', $_SERVER[$proxyIPheader]) === 0) { |
|
335 | + continue; |
|
336 | + } |
|
312 | 337 | } |
313 | 338 | |
314 | 339 | continue; |
@@ -320,36 +345,40 @@ discard block |
||
320 | 345 | } |
321 | 346 | } |
322 | 347 | // Otherwise just use the only one. |
323 | - elseif (preg_match('~^((0|10|172\.(1[6-9]|2[0-9]|3[01])|192\.168|255|127)\.|unknown|::1|fe80::|fc00::)~', $_SERVER[$proxyIPheader]) == 0 || preg_match('~^((0|10|172\.(1[6-9]|2[0-9]|3[01])|192\.168|255|127)\.|unknown|::1|fe80::|fc00::)~', $_SERVER['REMOTE_ADDR']) != 0) |
|
324 | - $_SERVER['BAN_CHECK_IP'] = $_SERVER[$proxyIPheader]; |
|
325 | - elseif (!isValidIPv6($_SERVER[$proxyIPheader]) || preg_match('~::ffff:\d+\.\d+\.\d+\.\d+~', $_SERVER[$proxyIPheader]) !== 0) |
|
348 | + elseif (preg_match('~^((0|10|172\.(1[6-9]|2[0-9]|3[01])|192\.168|255|127)\.|unknown|::1|fe80::|fc00::)~', $_SERVER[$proxyIPheader]) == 0 || preg_match('~^((0|10|172\.(1[6-9]|2[0-9]|3[01])|192\.168|255|127)\.|unknown|::1|fe80::|fc00::)~', $_SERVER['REMOTE_ADDR']) != 0) { |
|
349 | + $_SERVER['BAN_CHECK_IP'] = $_SERVER[$proxyIPheader]; |
|
350 | + } elseif (!isValidIPv6($_SERVER[$proxyIPheader]) || preg_match('~::ffff:\d+\.\d+\.\d+\.\d+~', $_SERVER[$proxyIPheader]) !== 0) |
|
326 | 351 | { |
327 | 352 | $_SERVER[$proxyIPheader] = preg_replace('~^::ffff:(\d+\.\d+\.\d+\.\d+)~', '\1', $_SERVER[$proxyIPheader]); |
328 | 353 | |
329 | 354 | // Just incase we have a legacy IPv4 address. |
330 | 355 | // @ TODO: Convert to IPv6. |
331 | - if (preg_match('~^((([1]?\d)?\d|2[0-4]\d|25[0-5])\.){3}(([1]?\d)?\d|2[0-4]\d|25[0-5])$~', $_SERVER[$proxyIPheader]) === 0) |
|
332 | - continue; |
|
356 | + if (preg_match('~^((([1]?\d)?\d|2[0-4]\d|25[0-5])\.){3}(([1]?\d)?\d|2[0-4]\d|25[0-5])$~', $_SERVER[$proxyIPheader]) === 0) { |
|
357 | + continue; |
|
358 | + } |
|
333 | 359 | } |
334 | 360 | } |
335 | 361 | |
336 | 362 | // Make sure we know the URL of the current request. |
337 | - if (empty($_SERVER['REQUEST_URI'])) |
|
338 | - $_SERVER['REQUEST_URL'] = $scripturl . (!empty($_SERVER['QUERY_STRING']) ? '?' . $_SERVER['QUERY_STRING'] : ''); |
|
339 | - elseif (preg_match('~^([^/]+//[^/]+)~', $scripturl, $match) == 1) |
|
340 | - $_SERVER['REQUEST_URL'] = $match[1] . $_SERVER['REQUEST_URI']; |
|
341 | - else |
|
342 | - $_SERVER['REQUEST_URL'] = $_SERVER['REQUEST_URI']; |
|
363 | + if (empty($_SERVER['REQUEST_URI'])) { |
|
364 | + $_SERVER['REQUEST_URL'] = $scripturl . (!empty($_SERVER['QUERY_STRING']) ? '?' . $_SERVER['QUERY_STRING'] : ''); |
|
365 | + } elseif (preg_match('~^([^/]+//[^/]+)~', $scripturl, $match) == 1) { |
|
366 | + $_SERVER['REQUEST_URL'] = $match[1] . $_SERVER['REQUEST_URI']; |
|
367 | + } else { |
|
368 | + $_SERVER['REQUEST_URL'] = $_SERVER['REQUEST_URI']; |
|
369 | + } |
|
343 | 370 | |
344 | 371 | // And make sure HTTP_USER_AGENT is set. |
345 | 372 | $_SERVER['HTTP_USER_AGENT'] = isset($_SERVER['HTTP_USER_AGENT']) ? (isset($smcFunc['htmlspecialchars']) ? $smcFunc['htmlspecialchars']($smcFunc['db_unescape_string']($_SERVER['HTTP_USER_AGENT']), ENT_QUOTES) : htmlspecialchars($smcFunc['db_unescape_string']($_SERVER['HTTP_USER_AGENT']), ENT_QUOTES)) : ''; |
346 | 373 | |
347 | 374 | // Some final checking. |
348 | - if (!isValidIP($_SERVER['BAN_CHECK_IP'])) |
|
349 | - $_SERVER['BAN_CHECK_IP'] = ''; |
|
350 | - if ($_SERVER['REMOTE_ADDR'] == 'unknown') |
|
351 | - $_SERVER['REMOTE_ADDR'] = ''; |
|
352 | -} |
|
375 | + if (!isValidIP($_SERVER['BAN_CHECK_IP'])) { |
|
376 | + $_SERVER['BAN_CHECK_IP'] = ''; |
|
377 | + } |
|
378 | + if ($_SERVER['REMOTE_ADDR'] == 'unknown') { |
|
379 | + $_SERVER['REMOTE_ADDR'] = ''; |
|
380 | + } |
|
381 | + } |
|
353 | 382 | |
354 | 383 | /** |
355 | 384 | * Validates a IPv6 address. returns true if it is ipv6. |
@@ -360,8 +389,9 @@ discard block |
||
360 | 389 | function isValidIPv6($ip) |
361 | 390 | { |
362 | 391 | //looking for : |
363 | - if (strpos($ip, ':') === false) |
|
364 | - return false; |
|
392 | + if (strpos($ip, ':') === false) { |
|
393 | + return false; |
|
394 | + } |
|
365 | 395 | |
366 | 396 | //check valid address |
367 | 397 | return filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6); |
@@ -379,8 +409,9 @@ discard block |
||
379 | 409 | static $converted = array(); |
380 | 410 | |
381 | 411 | // Check if we have done this already. |
382 | - if (isset($converted[$addr])) |
|
383 | - return $converted[$addr]; |
|
412 | + if (isset($converted[$addr])) { |
|
413 | + return $converted[$addr]; |
|
414 | + } |
|
384 | 415 | |
385 | 416 | // Check if there are segments missing, insert if necessary. |
386 | 417 | if (strpos($addr, '::') !== false) |
@@ -390,18 +421,20 @@ discard block |
||
390 | 421 | $part[1] = explode(':', $part[1]); |
391 | 422 | $missing = array(); |
392 | 423 | |
393 | - for ($i = 0; $i < (8 - (count($part[0]) + count($part[1]))); $i++) |
|
394 | - array_push($missing, '0000'); |
|
424 | + for ($i = 0; $i < (8 - (count($part[0]) + count($part[1]))); $i++) { |
|
425 | + array_push($missing, '0000'); |
|
426 | + } |
|
395 | 427 | |
396 | 428 | $part = array_merge($part[0], $missing, $part[1]); |
429 | + } else { |
|
430 | + $part = explode(':', $addr); |
|
397 | 431 | } |
398 | - else |
|
399 | - $part = explode(':', $addr); |
|
400 | 432 | |
401 | 433 | // Pad each segment until it has 4 digits. |
402 | - foreach ($part as &$p) |
|
403 | - while (strlen($p) < 4) |
|
434 | + foreach ($part as &$p) { |
|
435 | + while (strlen($p) < 4) |
|
404 | 436 | $p = '0' . $p; |
437 | + } |
|
405 | 438 | |
406 | 439 | unset($p); |
407 | 440 | |
@@ -412,11 +445,12 @@ discard block |
||
412 | 445 | $converted[$addr] = $result; |
413 | 446 | |
414 | 447 | // Quick check to make sure the length is as expected. |
415 | - if (!$strict_check || strlen($result) == 39) |
|
416 | - return $result; |
|
417 | - else |
|
418 | - return false; |
|
419 | -} |
|
448 | + if (!$strict_check || strlen($result) == 39) { |
|
449 | + return $result; |
|
450 | + } else { |
|
451 | + return false; |
|
452 | + } |
|
453 | + } |
|
420 | 454 | |
421 | 455 | |
422 | 456 | /** |
@@ -434,8 +468,9 @@ discard block |
||
434 | 468 | //v6? |
435 | 469 | if ((strpos($cidr_network, ':') !== false)) |
436 | 470 | { |
437 | - if (!filter_var($ip_address, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6) || !filter_var($cidr_network, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)) |
|
438 | - return false; |
|
471 | + if (!filter_var($ip_address, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6) || !filter_var($cidr_network, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)) { |
|
472 | + return false; |
|
473 | + } |
|
439 | 474 | |
440 | 475 | $ip_address = inet_pton($ip_address); |
441 | 476 | $cidr_network = inet_pton($cidr_network); |
@@ -457,10 +492,10 @@ discard block |
||
457 | 492 | $binMask = pack("H*" , $binMask); |
458 | 493 | |
459 | 494 | return ($ip_address & $binMask) == $cidr_network; |
495 | + } else { |
|
496 | + return (ip2long($ip_address) & (~((1 << (32 - $cidr_subnetmask)) - 1))) == ip2long($cidr_network); |
|
497 | + } |
|
460 | 498 | } |
461 | - else |
|
462 | - return (ip2long($ip_address) & (~((1 << (32 - $cidr_subnetmask)) - 1))) == ip2long($cidr_network); |
|
463 | -} |
|
464 | 499 | |
465 | 500 | /** |
466 | 501 | * Adds slashes to the array/variable. |
@@ -476,15 +511,17 @@ discard block |
||
476 | 511 | { |
477 | 512 | global $smcFunc; |
478 | 513 | |
479 | - if (!is_array($var)) |
|
480 | - return $smcFunc['db_escape_string']($var); |
|
514 | + if (!is_array($var)) { |
|
515 | + return $smcFunc['db_escape_string']($var); |
|
516 | + } |
|
481 | 517 | |
482 | 518 | // Reindex the array with slashes. |
483 | 519 | $new_var = array(); |
484 | 520 | |
485 | 521 | // Add slashes to every element, even the indexes! |
486 | - foreach ($var as $k => $v) |
|
487 | - $new_var[$smcFunc['db_escape_string']($k)] = escapestring__recursive($v); |
|
522 | + foreach ($var as $k => $v) { |
|
523 | + $new_var[$smcFunc['db_escape_string']($k)] = escapestring__recursive($v); |
|
524 | + } |
|
488 | 525 | |
489 | 526 | return $new_var; |
490 | 527 | } |
@@ -504,12 +541,14 @@ discard block |
||
504 | 541 | { |
505 | 542 | global $smcFunc; |
506 | 543 | |
507 | - if (!is_array($var)) |
|
508 | - return isset($smcFunc['htmlspecialchars']) ? $smcFunc['htmlspecialchars']($var, ENT_QUOTES) : htmlspecialchars($var, ENT_QUOTES); |
|
544 | + if (!is_array($var)) { |
|
545 | + return isset($smcFunc['htmlspecialchars']) ? $smcFunc['htmlspecialchars']($var, ENT_QUOTES) : htmlspecialchars($var, ENT_QUOTES); |
|
546 | + } |
|
509 | 547 | |
510 | 548 | // Add the htmlspecialchars to every element. |
511 | - foreach ($var as $k => $v) |
|
512 | - $var[$k] = $level > 25 ? null : htmlspecialchars__recursive($v, $level + 1); |
|
549 | + foreach ($var as $k => $v) { |
|
550 | + $var[$k] = $level > 25 ? null : htmlspecialchars__recursive($v, $level + 1); |
|
551 | + } |
|
513 | 552 | |
514 | 553 | return $var; |
515 | 554 | } |
@@ -527,15 +566,17 @@ discard block |
||
527 | 566 | */ |
528 | 567 | function urldecode__recursive($var, $level = 0) |
529 | 568 | { |
530 | - if (!is_array($var)) |
|
531 | - return urldecode($var); |
|
569 | + if (!is_array($var)) { |
|
570 | + return urldecode($var); |
|
571 | + } |
|
532 | 572 | |
533 | 573 | // Reindex the array... |
534 | 574 | $new_var = array(); |
535 | 575 | |
536 | 576 | // Add the htmlspecialchars to every element. |
537 | - foreach ($var as $k => $v) |
|
538 | - $new_var[urldecode($k)] = $level > 25 ? null : urldecode__recursive($v, $level + 1); |
|
577 | + foreach ($var as $k => $v) { |
|
578 | + $new_var[urldecode($k)] = $level > 25 ? null : urldecode__recursive($v, $level + 1); |
|
579 | + } |
|
539 | 580 | |
540 | 581 | return $new_var; |
541 | 582 | } |
@@ -553,15 +594,17 @@ discard block |
||
553 | 594 | { |
554 | 595 | global $smcFunc; |
555 | 596 | |
556 | - if (!is_array($var)) |
|
557 | - return $smcFunc['db_unescape_string']($var); |
|
597 | + if (!is_array($var)) { |
|
598 | + return $smcFunc['db_unescape_string']($var); |
|
599 | + } |
|
558 | 600 | |
559 | 601 | // Reindex the array without slashes, this time. |
560 | 602 | $new_var = array(); |
561 | 603 | |
562 | 604 | // Strip the slashes from every element. |
563 | - foreach ($var as $k => $v) |
|
564 | - $new_var[$smcFunc['db_unescape_string']($k)] = unescapestring__recursive($v); |
|
605 | + foreach ($var as $k => $v) { |
|
606 | + $new_var[$smcFunc['db_unescape_string']($k)] = unescapestring__recursive($v); |
|
607 | + } |
|
565 | 608 | |
566 | 609 | return $new_var; |
567 | 610 | } |
@@ -579,15 +622,17 @@ discard block |
||
579 | 622 | */ |
580 | 623 | function stripslashes__recursive($var, $level = 0) |
581 | 624 | { |
582 | - if (!is_array($var)) |
|
583 | - return stripslashes($var); |
|
625 | + if (!is_array($var)) { |
|
626 | + return stripslashes($var); |
|
627 | + } |
|
584 | 628 | |
585 | 629 | // Reindex the array without slashes, this time. |
586 | 630 | $new_var = array(); |
587 | 631 | |
588 | 632 | // Strip the slashes from every element. |
589 | - foreach ($var as $k => $v) |
|
590 | - $new_var[stripslashes($k)] = $level > 25 ? null : stripslashes__recursive($v, $level + 1); |
|
633 | + foreach ($var as $k => $v) { |
|
634 | + $new_var[stripslashes($k)] = $level > 25 ? null : stripslashes__recursive($v, $level + 1); |
|
635 | + } |
|
591 | 636 | |
592 | 637 | return $new_var; |
593 | 638 | } |
@@ -608,12 +653,14 @@ discard block |
||
608 | 653 | global $smcFunc; |
609 | 654 | |
610 | 655 | // Remove spaces (32), tabs (9), returns (13, 10, and 11), nulls (0), and hard spaces. (160) |
611 | - if (!is_array($var)) |
|
612 | - return isset($smcFunc) ? $smcFunc['htmltrim']($var) : trim($var, ' ' . "\t\n\r\x0B" . '\0' . "\xA0"); |
|
656 | + if (!is_array($var)) { |
|
657 | + return isset($smcFunc) ? $smcFunc['htmltrim']($var) : trim($var, ' ' . "\t\n\r\x0B" . '\0' . "\xA0"); |
|
658 | + } |
|
613 | 659 | |
614 | 660 | // Go through all the elements and remove the whitespace. |
615 | - foreach ($var as $k => $v) |
|
616 | - $var[$k] = $level > 25 ? null : htmltrim__recursive($v, $level + 1); |
|
661 | + foreach ($var as $k => $v) { |
|
662 | + $var[$k] = $level > 25 ? null : htmltrim__recursive($v, $level + 1); |
|
663 | + } |
|
617 | 664 | |
618 | 665 | return $var; |
619 | 666 | } |
@@ -678,30 +725,37 @@ discard block |
||
678 | 725 | global $scripturl, $modSettings, $context; |
679 | 726 | |
680 | 727 | // If $scripturl is set to nothing, or the SID is not defined (SSI?) just quit. |
681 | - if ($scripturl == '' || !defined('SID')) |
|
682 | - return $buffer; |
|
728 | + if ($scripturl == '' || !defined('SID')) { |
|
729 | + return $buffer; |
|
730 | + } |
|
683 | 731 | |
684 | 732 | // Do nothing if the session is cookied, or they are a crawler - guests are caught by redirectexit(). This doesn't work below PHP 4.3.0, because it makes the output buffer bigger. |
685 | 733 | // @todo smflib |
686 | - if (empty($_COOKIE) && SID != '' && !isBrowser('possibly_robot')) |
|
687 | - $buffer = preg_replace('/(?<!<link rel="canonical" href=)"' . preg_quote($scripturl, '/') . '(?!\?' . preg_quote(SID, '/') . ')\\??/', '"' . $scripturl . '?' . SID . '&', $buffer); |
|
734 | + if (empty($_COOKIE) && SID != '' && !isBrowser('possibly_robot')) { |
|
735 | + $buffer = preg_replace('/(?<!<link rel="canonical" href=)"' . preg_quote($scripturl, '/') . '(?!\?' . preg_quote(SID, '/') . ')\\??/', '"' . $scripturl . '?' . SID . '&', $buffer); |
|
736 | + } |
|
688 | 737 | // Debugging templates, are we? |
689 | - elseif (isset($_GET['debug'])) |
|
690 | - $buffer = preg_replace('/(?<!<link rel="canonical" href=)"' . preg_quote($scripturl, '/') . '\\??/', '"' . $scripturl . '?debug;', $buffer); |
|
738 | + elseif (isset($_GET['debug'])) { |
|
739 | + $buffer = preg_replace('/(?<!<link rel="canonical" href=)"' . preg_quote($scripturl, '/') . '\\??/', '"' . $scripturl . '?debug;', $buffer); |
|
740 | + } |
|
691 | 741 | |
692 | 742 | // This should work even in 4.2.x, just not CGI without cgi.fix_pathinfo. |
693 | 743 | if (!empty($modSettings['queryless_urls']) && (!$context['server']['is_cgi'] || ini_get('cgi.fix_pathinfo') == 1 || @get_cfg_var('cgi.fix_pathinfo') == 1) && ($context['server']['is_apache'] || $context['server']['is_lighttpd'] || $context['server']['is_litespeed'])) |
694 | 744 | { |
695 | 745 | // Let's do something special for session ids! |
696 | - if (defined('SID') && SID != '') |
|
697 | - $buffer = preg_replace_callback('~"' . preg_quote($scripturl, '~') . '\?(?:' . SID . '(?:;|&|&))((?:board|topic)=[^#"]+?)(#[^"]*?)?"~', function($m) |
|
746 | + if (defined('SID') && SID != '') { |
|
747 | + $buffer = preg_replace_callback('~"' . preg_quote($scripturl, '~') . '\?(?:' . SID . '(?:;|&|&))((?:board|topic)=[^#"]+?)(#[^"]*?)?"~', function($m) |
|
698 | 748 | { |
699 | - global $scripturl; return '"' . $scripturl . "/" . strtr("$m[1]", '&;=', '//,') . ".html?" . SID . (isset($m[2]) ? $m[2] : "") . '"'; |
|
749 | + global $scripturl; |
|
750 | + } |
|
751 | + return '"' . $scripturl . "/" . strtr("$m[1]", '&;=', '//,') . ".html?" . SID . (isset($m[2]) ? $m[2] : "") . '"'; |
|
700 | 752 | }, $buffer); |
701 | - else |
|
702 | - $buffer = preg_replace_callback('~"' . preg_quote($scripturl, '~') . '\?((?:board|topic)=[^#"]+?)(#[^"]*?)?"~', function($m) |
|
753 | + else { |
|
754 | + $buffer = preg_replace_callback('~"' . preg_quote($scripturl, '~') . '\?((?:board|topic)=[^#"]+?)(#[^"]*?)?"~', function($m) |
|
703 | 755 | { |
704 | - global $scripturl; return '"' . $scripturl . '/' . strtr("$m[1]", '&;=', '//,') . '.html' . (isset($m[2]) ? $m[2] : "") . '"'; |
|
756 | + global $scripturl; |
|
757 | + } |
|
758 | + return '"' . $scripturl . '/' . strtr("$m[1]", '&;=', '//,') . '.html' . (isset($m[2]) ? $m[2] : "") . '"'; |
|
705 | 759 | }, $buffer); |
706 | 760 | } |
707 | 761 |