8.1.21

_tests/codechecker/xhtml.php

@@ -60,7 +60,7 @@ function error_capture($errno,$errmsg)
 
 if (!$WITHIN_PHP)
 {
-	error_reporting(E_ALL);
+	error_reporting(E_ALL & ~(defined('E_DEPRECATED')?E_DEPRECATED:0));
 
 	$extra=array();
 	foreach ($_SERVER['argv'] as $index=>$argv)

adminzone/pages/modules/admin_newsletter.php

@@ -124,7 +124,7 @@ function count_level($id,$level,$lang)
 	{
 		$map=array();
 		$map[strval($id)]=$level;
-		$results=newsletter_who_send_to($map,$lang,0,0);
+		$results=newsletter_who_send_to($map,$lang,0,0,false,'',true);
 		return $results[6][strval($id)];
 	}
 
@@ -532,7 +532,7 @@ function view_subscribers()
 					{
 						$map=array();
 						$map['g'.strval($group_id)]=1;
-						$_c=newsletter_who_send_to($map,$lang,0,0);
+						$_c=newsletter_who_send_to($map,$lang,0,0,false,'',true);
 						$c6=$_c[6]['g'.strval($group_id)];
 						if ($c6!=0)
 							$newsletters->attach(form_input_list_entry('g'.strval($group_id),false,do_lang_tempcode('THIS_WITH',do_lang_tempcode('GROUP'),make_string_tempcode(escape_html($group)))));
@@ -579,12 +579,12 @@ function view_subscribers()
 			if (is_null($level)) // implies all OCF members
 			{
 				$map[$id]=1; // $id will be -1
-				$_c=newsletter_who_send_to($map,$lang,0,0,true);
+				$_c=newsletter_who_send_to($map,$lang,0,0,true,'',true);
 				if (isset($_c[6][$id])) $max_rows=$_c[6][$id];
 			} else // implies normal newsletter / usergroup
 			{
 				$map[$id]=$level; // We're requesting that we probe subscribers of $id on $level
-				$_c=newsletter_who_send_to($map,$lang,0,0,true);
+				$_c=newsletter_who_send_to($map,$lang,0,0,true,'',true);
 				if (isset($_c[6][$id])) $max_rows=$_c[6][$id];
 			}
 
@@ -598,11 +598,11 @@ function view_subscribers()
 				if (is_null($level)) // implies all OCF members
 				{
 					$map[$id]=1; // $id will be -1
-					$_c=newsletter_who_send_to($map,$lang,$start+$start2,$max,true);
+					$_c=newsletter_who_send_to($map,$lang,$start+$start2,$max,true,'',true);
 				} else // implies normal newsletter / usergroup
 				{
 					$map[$id]=$level; // We're requesting that we probe subscribers of $id on $level
-					$_c=newsletter_who_send_to($map,$lang,$start+$start2,$max,true);
+					$_c=newsletter_who_send_to($map,$lang,$start+$start2,$max,true,'',true);
 				}
 				$rows=$_c[7];
 
@@ -1196,7 +1196,7 @@ function send_gui($_existing='')
 				{
 					$map=array();
 					$map['g'.strval($group_id)]=1;
-					$_c=newsletter_who_send_to($map,$lang,0,0);
+					$_c=newsletter_who_send_to($map,$lang,0,0,false,'',true);
 					$c6=$_c[6]['g'.strval($group_id)];
 					if ($c6!=0)
 						$fields->attach(form_input_tick(do_lang_tempcode('THIS_WITH',do_lang_tempcode('GROUP'),make_string_tempcode(escape_html($group))),do_lang_tempcode('NUM_READERS',integer_format($c6)),'g'.strval($group_id),post_param_integer('g'.strval($group_id),0)==1));

adminzone/pages/modules/admin_phpinfo.php

@@ -69,7 +69,8 @@ function run()
 		$GLOBALS['HELPER_PANEL_TEXT']=comcode_lang_string('DOC_PHP_INFO');
 
 		ob_start();
-		phpinfo();
+		if (php_function_allowed('phpinfo'))
+			phpinfo();
 		require_code('xhtml');
 		$out=xhtmlise_html(ob_get_contents());
 		ob_end_clean();

cms/pages/modules/cms_banners.php

@@ -393,7 +393,7 @@ function add_actualisation()
 		{
 			$banner_type_row=array('t_image_width'=>468,'t_image_height'=>60);
 		}
-		$stats_url=build_url(array('page'=>'_SELF','type'=>'view','source'=>$name),'_SELF');
+		$stats_url=build_url(array('page'=>'banners','type'=>'view','source'=>$name),'_SELF');
 		$banner_code=do_template('BANNER_SHOW_CODE',array('_GUID'=>'745d555fcca3a1320123ad3a5a04418b','TYPE'=>$b_type,'NAME'=>$name,'WIDTH'=>strval($banner_type_row['t_image_width']),'HEIGHT'=>strval($banner_type_row['t_image_height'])));
 		$tpl=do_template('BANNER_ADDED_SCREEN',array('_GUID'=>'897bab3e444f0d3c909e7a95b84d4396','DO_NEXT'=>'','TEXT'=>'','TITLE'=>'','BANNER_CODE'=>$banner_code,'STATS_URL'=>$stats_url));
 

data/areaedit/plugins/SpellChecker/spell-check-logic.php

@@ -42,7 +42,7 @@ function do_lang($x)
  */
 function spellchecklogic($type=NULL,$text=NULL,$words_skip=NULL,$ret=false)
 {
-	error_reporting(E_ALL);
+	error_reporting(E_ALL & ~(defined('E_DEPRECATED')?E_DEPRECATED:0));
 
 	if (!function_exists('get_file_base'))
 	{

data_custom/addon_files.txt

@@ -2237,7 +2237,6 @@ group_points
  - sources_custom/points.php
  - sources_custom/hooks/systems/do_next_menus/group_points.php
  - adminzone/pages/minimodules_custom/group_points.php
- - themes/default/templates_custom/POINTS_PROFILE.tpl
  - sources_custom/hooks/systems/symbols/POINTS_FROM_USERGROUPS.php
  - sources_custom/hooks/systems/cron/group_points.php
  - pages/comcode_custom/EN/group_points.txt

data_custom/modules/chat/ejabberd_auth.php

@@ -65,7 +65,7 @@ function JabberAuth()
 		@openlog("pipe-auth", LOG_NDELAY, LOG_SYSLOG);
 
 		if($this->debug) {
-			@error_reporting(E_ALL);
+			@error_reporting(E_ALL & ~(defined('E_DEPRECATED')?E_DEPRECATED:0));
 			@ini_set("log_errors", "1");
 			@ini_set("error_log", $this->debugfile);
 		}

install.php

@@ -43,7 +43,7 @@
 $RELATIVE_PATH='';
 @chdir($FILE_BASE);
 
-error_reporting(E_ALL);
+error_reporting(E_ALL & ~(defined('E_DEPRECATED')?E_DEPRECATED:0));
 
 if (!defined('FILE_TEXT')) define('FILE_TEXT',false);
 if (!defined('FILE_BINARY')) define('FILE_BINARY',false);
@@ -354,9 +354,12 @@ function step_1()
 	$test=ini_get('mbstring.func_overload');
 	if (($test!==false) && ($test!=='') && ($test!=='0'))
 		$warnings->attach(do_template('INSTALLER_WARNING',array('MESSAGE'=>do_lang_tempcode('WARNING_MBSTRING_FUNC_OVERLOAD'))));
-	$disk_space=@disk_free_space(get_file_base());
-	if ((is_integer($disk_space)) && ($disk_space<25*1024*1024))
-		$warnings->attach(do_template('INSTALLER_WARNING',array('MESSAGE'=>do_lang_tempcode('WARNING_DISK_SPACE'))));
+	if (php_function_allowed('disk_free_space'))
+	{
+		$disk_space=@disk_free_space(get_file_base());
+		if ((is_integer($disk_space)) && ($disk_space<25*1024*1024))
+			$warnings->attach(do_template('INSTALLER_WARNING',array('MESSAGE'=>do_lang_tempcode('WARNING_DISK_SPACE'))));
+	}
 	if ((!function_exists('zip_open')) && (!@file_exists('/usr/bin/unzip')))
 		$warnings->attach(do_template('INSTALLER_WARNING',array('MESSAGE'=>do_lang_tempcode('NO_ZIP_ON_SERVER'))));
 	if (!function_exists('imagecreatefromstring'))
@@ -374,8 +377,8 @@ function step_1()
 		array_intersect array_merge array_pop array_push array_reverse array_search array_shift
 		array_slice array_splice array_unique array_values arsort asort base64_decode base64_encode
 		call_user_func ceil chdir checkdate chmod chr chunk_split class_exists clearstatcache closedir
-		constant copy cos count crypt current date dechex decoct define defined dirname disk_free_space
-		deg2rad error_log error_reporting eval exit explode fclose feof fgets file file_exists
+		constant copy cos count crypt current date dechex decoct define defined dirname
+		deg2rad error_reporting eval exit explode fclose feof fgets file file_exists
 		file_get_contents filectime filegroup filemtime fileowner fileperms filesize floatval floor
 		get_defined_vars get_declared_classes get_defined_functions fopen fread fseek ftell
 		function_exists fwrite gd_info get_class get_html_translation_table get_magic_quotes_gpc getcwd
@@ -396,7 +399,7 @@ function_exists fwrite gd_info get_class get_html_translation_table get_magic_qu
 		is_integer is_null is_numeric is_object is_readable is_resource is_string is_uploaded_file is_writable
 		isset krsort ksort localeconv ltrim mail max md5 method_exists microtime min
 		mkdir mktime move_uploaded_file mt_getrandmax mt_rand mt_srand number_format ob_end_clean
-		ob_end_flush ob_get_contents ob_start octdec opendir ord pack parse_url pathinfo phpinfo phpversion
+		ob_end_flush ob_get_contents ob_start octdec opendir ord pack parse_url pathinfo phpversion
 		preg_match preg_grep preg_match_all
 		preg_replace preg_replace_callback preg_split print_r putenv rawurldecode
 		rawurlencode readdir realpath register_shutdown_function rename require require_once reset rmdir
@@ -427,7 +430,7 @@ function_exists fwrite gd_info get_class get_html_translation_table get_magic_qu
 		parse_ini_file parse_str is_executable
 		is_scalar is_subclass_of metaphone natcasesort natsort nl2br ob_get_length ob_gzhandler
 		ob_iconv_handler ob_implicit_flush php_sapi_name
-		php_uname printf convert_cyr_string cosh count_chars
+		printf convert_cyr_string cosh count_chars
 		disk_total_space gethostbynamel getimagesize getlastmod getmypid getmyuid
 		gettimeofday get_cfg_var get_magic_quotes_runtime get_meta_tags get_parent_class
 		get_included_files get_resource_type gzcompress gzdeflate gzencode gzfile gzinflate

lang/EN/critical_error.ini

@@ -145,7 +145,7 @@ QUERY_FAILED_TOO_BIG=Unfortunately a query is too long [{1}]
 QUERY_NULL=A query that had to return something returned nothing: {1}
 MISSING_OPTION=A configuration option which does not exist was referenced
 _MISSING_OPTION=A configuration option (<kbd>{1}</kbd>) which does not exist was referenced
-MISSING_SOURCE_FILE=A source code file is missing: <kbd>{1}</kbd> (<kbd>{2}</kbd> or an overridden equivalent to this path)
+MISSING_SOURCE_FILE=A source code file is missing/corrupt/incompatible: <kbd>{1}</kbd> (<kbd>{2}</kbd> or an overridden equivalent to this path)
 MISSING_BLOCK_FILE=A block file is missing: <kbd>{1}</kbd> (<kbd>sources/blocks/{1}.php</kbd> or an overridden equivalent to this path)
 MISSING_TEMPLATE_FILE=A template file is missing: <kbd>{1}</kbd> (<kbd>themes/default/templates/{1}.tpl</kbd> or an overridden equivalent to this path)
 MISSING_LANG_FILE=A language file for language {2} is missing: <kbd>{1}</kbd> (<kbd>lang/{2}/{1}.ini</kbd> or an overridden equivalent to this path)

pages/comcode/EN/recommend_help.txt

@@ -10,7 +10,7 @@ If you choose to upload a CSV file we will give you a choice to choose which con
 
 Our recommend tool should work with all major software and web applications that support CSV, and we have prepared instructions for retrieving CSV files from the following software:
 
-[title="2"]Windows Live Mail[/title]
+[title="3"]Windows Live Mail[/title]
 
 1) Start Windows Live Mail.
 2) Click on the "Contacts" icon at the bottom of the left column.

site/pages/modules/authors.php

@@ -37,6 +37,7 @@ function info()
 		$info['hacked_by']=NULL;
 		$info['hack_version']=NULL;
 		$info['version']=3;
+		$info['update_require_upgrade']=1;
 		$info['locked']=true;
 		return $info;
 	}

site/pages/modules/shopping.php

@@ -103,8 +103,8 @@ function install($upgrade_from=NULL,$upgrade_from_hack=NULL)
 			$GLOBALS['SITE_DB']->create_table('shopping_cart',array(
 				'id'=>'*AUTO',
 				'session_id'=>'INTEGER',
-				'ordered_by'=>'*USER',
-				'product_id'=>'*AUTO_LINK',
+				'ordered_by'=>'USER',
+				'product_id'=>'AUTO_LINK',
 				'product_name'=>'SHORT_TEXT',
 				'product_code'=>'SHORT_TEXT',
 				'quantity'=>'INTEGER',

sources/calendar.php

@@ -55,7 +55,7 @@ function date_from_week_of_year($year,$week)
 {
 	$basis=strval($year).'-'.str_pad(strval($week),2,'0',STR_PAD_LEFT);
 	$time=mktime(0,0,0,1,1,$year);
-	for ($i=($week==52)?300/*conditional to stop it finding week as previous year overlap week of same number*/:0;$i<366;$i++)
+	for ($i=($week==52)?300/*conditional to stop it finding week as previous year overlap week of same number*/:0;$i<365+7;$i++)
 	{
 		$new_time=$time+60*60*24*$i;
 		if (((date('w',$new_time)=='1') && (get_option('ssw')=='0')) || ((date('w',$new_time)=='0') && (get_option('ssw')=='1')))

sources/critical_errors.php

@@ -42,7 +42,7 @@ function critical_error($code,$relay=NULL,$exit=true)
 		switch ($code)
 		{
 			case 'MISSING_SOURCE':
-				$error='A source-code ('.$relay.') file is missing.';
+				$error='A source-code ('.$relay.') file is missing/corrupt/incompatible.';
 				break;
 			case 'PASSON':
 				$error=$relay;

sources/developer_tools.php

@@ -45,7 +45,7 @@ function destrictify($change_content_type=true,$mysql_too=false)
 		@header('Content-type: text/html; charset='.get_charset());
 	$GLOBALS['SCREEN_TEMPLATE_CALLED']='';
 	$GLOBALS['TITLE_CALLED']=true;
-	error_reporting(E_ALL ^ E_NOTICE);
+	error_reporting(E_ALL & ~E_NOTICE & ~(defined('E_DEPRECATED')?E_DEPRECATED:0));
 	if (function_exists('set_time_limit')) @set_time_limit(200);
 	if ((get_forum_type()=='ocf') && ($mysql_too)) $GLOBALS['SITE_DB']->query('SET sql_mode=\'\'',NULL,NULL,true);
 	@ini_set('ocproducts.type_strictness','0');
@@ -77,7 +77,7 @@ function restrictify()
 	if (isset($_MODIFIED_FILES)) $_MODIFIED_FILES=array();
 
 	// Put back strictness
-	error_reporting(E_ALL);
+	error_reporting(E_ALL & ~(defined('E_DEPRECATED')?E_DEPRECATED:0));
 	if (function_exists('set_time_limit')) @set_time_limit(25);
 	if (get_forum_type()=='ocf') $GLOBALS['SITE_DB']->query('SET sql_mode=STRICT_ALL_TABLES',NULL,NULL,true);
 	if ($GLOBALS['DEBUG_MODE'])

sources/failure.php

@@ -214,7 +214,10 @@ function _ocportal_error_handler($type,$errno,$errstr,$errfile,$errline)
 
 	// Put into error log
 	if (get_param_integer('keep_fatalistic',0)==0)
-		@error_log('PHP '.ucwords($type).':  '.$errstr.' in '.$errfile.' on line '.strval($errline).' @ '.get_self_url_easy(),0);
+	{
+		if (php_function_allowed('error_log'))
+			@error_log('PHP '.ucwords($type).':  '.$errstr.' in '.$errfile.' on line '.strval($errline).' @ '.get_self_url_easy(),0);
+	}
 
 	if (!$GLOBALS['SUPPRESS_ERROR_DEATH']) // Don't display - die as normal
 	{
@@ -715,7 +718,10 @@ function _fatal_exit($text,$return=false)
 	$title=get_page_title('ERROR_OCCURRED');
 
 	if (get_param_integer('keep_fatalistic',0)==0)
-		@error_log('ocPortal:  '.(is_object($text)?$text->evaluate():$text).' @ '.get_self_url_easy(),0);
+	{
+		if (php_function_allowed('error_log'))
+			@error_log('ocPortal:  '.(is_object($text)?$text->evaluate():$text).' @ '.get_self_url_easy(),0);
+	}
 
 	$error_tpl=do_template('FATAL_SCREEN',array('_GUID'=>'9fdc6d093bdb685a0eda6bb56988a8c5','TITLE'=>$title,'WEBSERVICE_RESULT'=>get_webservice_result($text),'MESSAGE'=>$text,'TRACE'=>$trace));
 	$echo=globalise($error_tpl,NULL,'',true);
@@ -792,7 +798,6 @@ function relay_error_notification($text,$ocproducts=true,$notification_type='err
 		(preg_match('#Out of memory \(allocated (1|2|3|4|5|6|7|8|9|10|11|12|13|14|15|16|17|18|19|20|21|22|23|24)\d{6}\)#',$text)==0) && 
 		(strpos($text,'is marked as crashed and last')===false) && 
 		(strpos($text,'failed to open stream: Permission denied')===false) && 
-		(strpos($text,'phpinfo() has been disabled')===false) && 
 		((strpos($text,'Maximum execution time')===false) || ((strpos($text,'/js_')===false) && (strpos($text,'/caches_filesystem.php')===false) && (strpos($text,'/files2.php')===false))) && 
 		((strpos($text,'doesn\'t exist')===false) || ((strpos($text,'import')===false))) && 
 		((strpos($text,'No such file or directory')===false) || ((strpos($text,'admin_setupwizard')===false))) && 

sources/global.php

@@ -71,6 +71,17 @@
 
 if ((strpos($_SERVER['PHP_SELF'],'/sources/')!==false) || (strpos($_SERVER['PHP_SELF'],'/sources_custom/')!==false)) exit('May not be included directly');
 
+/**
+ * Find whether a particular PHP function is blocked.
+ *
+ * @param  string		Function name.
+ * @return boolean	Whether it is.
+ */
+function php_function_allowed($function)
+{
+	return (@preg_match('#(\s|,|^)'.str_replace('#','\#',preg_quote($function)).'(\s|$|,)#',strtolower(@ini_get('disable_functions').','.ini_get('suhosin.executor.func.blacklist').','.ini_get('suhosin.executor.include.blacklist').','.ini_get('suhosin.executor.eval.blacklist')))==0);
+}
+
 /**
  * This function is a very important one when coding. It allows you to include a source code file (from root/sources/ or root/sources_custom/) through the proper channels.
  * You should remember this function, and not substitute anything else for it, as that will likely make your code unstable.
@@ -331,6 +342,10 @@ function require_code($codename,$light_exit=false)
 		{
 			exit('<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">'.chr(10).'<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="EN" lang="EN"><head><title>Critical startup error</title></head><body><h1>ocPortal startup error</h1><p>The ocPortal critical error message file, sources/critical_errors.php, could not be located. This is almost always due to an incomplete upload of the ocPortal system, so please check all files are uploaded correctly.</p><p>Once all ocPortal files are in place, ocPortal must actually be installed by running the installer. You must be seeing this message either because your system has become corrupt since installation, or because you have uploaded some but not all files from our manual installer package: the quick installer is easier, so you might consider using that instead.</p><p>ocProducts maintains full documentation for all procedures and tools, especially those for installation. These may be found on the <a href="http://ocportal.com">ocPortal website</a>. If you are unable to easily solve this problem, we may be contacted from our website and can help resolve it for you.</p><hr /><p style="font-size: 0.8em">ocPortal is a website engine created by ocProducts.</p></body></html>'); require($GLOBALS['FILE_BASE'].'/sources/global.php');
 		}
+		if ($php_errormsg!='')
+		{
+			$codename.='... "'.$php_errormsg.'"';
+		}
 		critical_error('MISSING_SOURCE',$codename);
 	}
 	fatal_exit(do_lang_tempcode('MISSING_SOURCE_FILE',escape_html($codename),escape_html($path_b)));