translation update

clarified trustedproxy setting

eliminate access to global $plugin_controller

sort plugins in Config Manager

clientIP: add trustedproxy, return first untrusted IP instead of the last one

This fixes #2828, where malicious clients passed in customized HTTP header to keep its IP address off records.

This is

clientIP: add trustedproxy, return first untrusted IP instead of the last one

This fixes #2828, where malicious clients passed in customized HTTP header to keep its IP address off records.

This is inspired by Sympony's Request::setTrustedProxies, but I don't want to implement everything including IP CIDR matching (IPv4 + IPv6), so I decided to reuse the local IP checker in place powered by regexp. Now admins can customize this "local" (trusted) proxy list using $conf['trustedproxy'], and by default it will allow any local IPs.

If in the future there is a need to implement array-based CIDR matching, $conf['trustedproxies'] can be used for the new config name.

show more ...

ACL Plugin: make item formatter public again

The formatter needs to be public to be called from html_buildlist()

Do config backups with .php extension fixes #2446

translation update

translation update

translation update

translation update

Rename _acl_add to _acl_addOrUpdate

because that's what this method actually does now

Fix #1115

without this patch calling _acl_add may result in a corrupted acl.auth.php file.
This is the case when we're adding a config for a user and a scope with an
existing config.

The fix is jus

Fix #1115

without this patch calling _acl_add may result in a corrupted acl.auth.php file.
This is the case when we're adding a config for a user and a scope with an
existing config.

The fix is just to call the _acl_del method before perming the addition.

Note that this _acl_add method is currently called from two places:
- from admin_plugin_acl.handle() which was explicitely calling _acl_del before
- from remote_plugin_acl.addAcl, which can actually result in a corrupted file

show more ...

translation update

translation update

Update config.class.php

Sort plugin list for display by Configuration Manager

translation update

translation update

authpdo: fix _query return type issue per Scrutinizer inspection

Update lang.php

translation update

authpdo: fix mybb schema for MySQL 5.7+

https://dev.mysql.com/doc/refman/5.7/en/upgrading-from-previous-series.html

> In MySQL 5.7.5, these SQL mode changes were made: ... Strict SQL mode for trans

authpdo: fix mybb schema for MySQL 5.7+

https://dev.mysql.com/doc/refman/5.7/en/upgrading-from-previous-series.html

> In MySQL 5.7.5, these SQL mode changes were made: ... Strict SQL mode for transactional storage engines (`STRICT_TRANS_TABLES`) is now enabled by default.

https://dev.mysql.com/doc/refman/5.7/en/data-type-defaults.html

> For data entry into a NOT NULL column that has no explicit DEFAULT clause, if an INSERT or REPLACE statement includes no value for the column, or an UPDATE statement sets the column to NULL, MySQL handles the column according to the SQL mode in effect at the time:
>
> If strict SQL mode is enabled, an error occurs for transactional tables and the statement is rolled back. For nontransactional tables, an error occurs, but if this happens for the second or subsequent row of a multiple-row statement, the preceding rows will have been inserted.

show more ...

authpdo: add support for multi-rowset to _query

This makes sure if user defined multiple query in one SQL, they are all executed rather than only the first one.

translation update

translation update