Discuz! X3.4 Thai UTF-8 R20220131, Rev.72

- การออกอัปเดตแพทช์นี้ ขออุทิศให้แก่คุณก้อย @Suthida (ทีมงานเก่าแก่ของดิสคัสไทย) ผู้ที่ล่วงลับไปอย่างไม่มีวันหวนกลับ
- เพิ่ม ปุ่ม "อัปเดตแคช CSS" ต่อท้ายอัปเดตไฟล์แคชใน AdminCP
- เพิ่ม ระบบเปลียนคีย์เว็บไซต์ (authkey) ที่อยู่ในไฟล์ config ของระบบ กรณีคีย์ดังกล่าวหลุดภายนอกซึ่งอาจจะส่งผลให้เว็บไซต์โดนโจมตีได้
- ปรับปรุง ฟังก์ชันที่เกี่ยวข้องกับ QQ ที่ไม่ได้ใช้งานโดยการลบออก
- ปรับปรุง โฟลเดอร์ utility โดยการลบออก เพื่อลดความเสี่ยงด้านความปลอดภัย
- ปรับปรุง ไม่ให้มีการใช้คำสั่งล็อกในหน้าแก้ไขข้อมูลสมาชิก กรณีผู้ใช้งานมีตำแหน่งเป็นผู้ดูแลระบบ
- แก้ไขปัญหา ปุ่ม BBCode หาย เมื่อกระทู้นั้นมีการแทรกโค้ด HTML  (Special thanks to @jjq)
- แก้ไขปัญหา เมื่ออยู่โหมด touch สามารถดูรูปภาพในกระทู้ได้ฟรีแม้ว่ารูปภาพนั้นจะมีการกำหนดราคาเครดิตไว้แล้ว
- แก้ไขปัญหา กรณีอัปเกรดปลั๊กอินแบบออฟไลน์ (ไม่ได้อัปเกรดผ่าน addon ของ Dismall) ทำให้ไม่สามารถอัปเกรดได้สมบูรณ์ในบางกรณี
- แก้ไขปัญหา เข้าสู่ระบบไม่ได้ในบางกรณีที่ผู้ใช้งานใช้สัญลักษณ์ละเอียดอ่อนเป็นรหัสผ่าน
- ปรับปรุงและเพิ่มประสิทธิภาพการทำงานของระบบทั่วไป

upload/api/db/dbbak.php

@@ -515,6 +515,10 @@ function halt($message = '', $sql = '') {
 		$get['volume'] = 0;
 	}
 
+	if(!preg_match('/^backup_(\d+)_\w+$/', $get['sqlpath']) || !preg_match('/^\d+_\w+\-(\d+).sql$/', $get['dumpfile'])) {
+		api_msg('bak_file_lose', $get['dumpfile']);
+	}
+
 	$get['volume']++;
 	$next_dumpfile = preg_replace('/^(\d+)\_(\w+)\-(\d+)\.sql$/', '\\1_\\2-'.$get['volume'].'.sql', $get['dumpfile']);
 	if(!is_file(BACKUP_DIR.$get['sqlpath'].'/'.$get['dumpfile'])) {
@@ -558,7 +562,7 @@ function halt($message = '', $sql = '') {
 	$directory = dir(BACKUP_DIR);
 	while($entry = $directory->read()) {
 		$filename = BACKUP_DIR.$entry;
-		if(is_dir($filename) && preg_match('/backup_(\d+)_\w+$/', $filename, $match)) {
+		if(is_dir($filename) && preg_match('/^backup_(\d+)_\w+$/', $entry, $match)) {
 			$str .= "\t<dir>\n";
 			$str .= "\t\t<dirname>$filename</dirname>\n";
 			$str .= "\t\t<dirdate>$match[1]</dirdate>\n";

upload/api/uc.php

@@ -111,7 +111,10 @@ function renameuser($get, $post) {
 			return API_RETURN_FORBIDDEN;
 		}
 
-
+		$len = strlen($get['newusername']);
+		if($len > 22 || $len < 3 || preg_match("/\s+|^c:\\con\\con|[%,\*\"\s\<\>\&\(\)']/is", $get['newusername'])) {
+			return API_RETURN_FAILED;
+		}
 
 		$tables = array(
 			'common_block' => array('id' => 'uid', 'name' => 'username'),
@@ -292,9 +295,10 @@ function updateapps($get, $post) {
 
 		if($UC_API && is_writeable(DISCUZ_ROOT.'./config/config_ucenter.php')) {
 			if(preg_match('/^https?:\/\//is', $UC_API)) {
+				require DISCUZ_ROOT.'./config/config_ucenter.php';
 				$configfile = trim(file_get_contents(DISCUZ_ROOT.'./config/config_ucenter.php'));
 				$configfile = substr($configfile, -2) == '?>' ? substr($configfile, 0, -2) : $configfile;
-				$configfile = preg_replace("/define\('UC_API',\s*'.*?'\);/i", "define('UC_API', '".addslashes($UC_API)."');", $configfile);
+				$configfile = str_replace("define('UC_API', '".addslashes(UC_API)."')", "define('UC_API', '".addslashes($UC_API)."')", $configfile);
 				if($fp = @fopen(DISCUZ_ROOT.'./config/config_ucenter.php', 'w')) {
 					@fwrite($fp, trim($configfile));
 					@fclose($fp);

upload/config/config_global_default.php

@@ -176,6 +176,7 @@
 $_config['admincp']['checkip']			= 1;		// 后台管理操作是否验证管理员的 IP, 1=是[安全], 0=否。仅在管理员无法登陆后台时设置 0。
 $_config['admincp']['runquery']			= 0;		// 是否允许后台运行 SQL 语句 1=是 0=否[安全]
 $_config['admincp']['dbimport']			= 1;		// 是否允许后台恢复论坛数据  1=是 0=否[安全]
+$_config['admincp']['mustlogin']		= 1;		// 是否必须前台登录后才允许后台登录  1=是[安全] 0=否
 
 /**
  * 系统远程调用功能模块

upload/install/include/install_function.php

@@ -134,7 +134,7 @@ function env_check(&$env_items) {
 		if($key == 'php') {
 			$env_items[$key]['current'] = PHP_VERSION;
 		} elseif($key == 'attachmentupload') {
-			$env_items[$key]['current'] = @ini_get('file_uploads') ? ini_get('upload_max_filesize') : 'unknow';
+			$env_items[$key]['current'] = @ini_get('file_uploads') ? (min(min(ini_get('upload_max_filesize'), ini_get('post_max_size')), ini_get('memory_limit'))) : 'unknow';
 		} elseif($key == 'gdversion') {
 			$tmp = function_exists('gd_info') ? gd_info() : array();
 			$env_items[$key]['current'] = empty($tmp['GD Version']) ? 'noext' : $tmp['GD Version'];
@@ -647,7 +647,7 @@ function showmessage(message) {
 <div class="container">
 	<div class="header">
 		<h1>$title</h1>
-		<span>Discuz!$version $install_lang $release Rev.$th_revision</span>
+		<span>Discuz!$version $install_lang $release Rev.$th_revision</span><!-- jaideejung007 -->
 EOT;
 
 	$step > 0 && show_step($step);
@@ -799,17 +799,6 @@ function authcode($string, $operation = 'DECODE', $key = '', $expiry = 0) {
 
 }
 
-function generate_key() {
-	$random = random(32);
-	$info = md5($_SERVER['SERVER_SOFTWARE'].$_SERVER['SERVER_NAME'].$_SERVER['SERVER_ADDR'].$_SERVER['SERVER_PORT'].$_SERVER['HTTP_USER_AGENT'].time());
-	$return = array();
-	for($i=0; $i<64; $i++) {
-		$p = intval($i/2);
-		$return[$i] = $i % 2 ? $random[$p] : $info[$p];
-	}
-	return implode('', $return);
-}
-
 function show_install() {
 	if(VIEW_OFF) return;
 ?>
@@ -1335,14 +1324,14 @@ function save_uc_config($config, $file) {
 	return $success;
 }
 
-function _generate_key() {
-	$random = random(32);
+function _generate_key($length = 32) {
+	$random = random($length);
 	$info = md5($_SERVER['SERVER_SOFTWARE'].$_SERVER['SERVER_NAME'].$_SERVER['SERVER_ADDR'].$_SERVER['SERVER_PORT'].$_SERVER['HTTP_USER_AGENT'].time());
-	$return = array();
-	for($i=0; $i<32; $i++) {
-		$return[$i] = $random[$i].$info[$i];
+	$return = '';
+	for($i=0; $i<$length; $i++) {
+		$return .= $random[$i].$info[$i];
 	}
-	return implode('', $return);
+	return $return;
 }
 
 function uc_write_config($config, $file, $password) {
@@ -1495,6 +1484,10 @@ function buildarray($array, $level = 0, $pre = '$_config') {
 	}
 
 	foreach ($array as $key => $val) {
+		if(!preg_match("/^[a-zA-Z0-9_\x7f-\xff]+$/", $key)) {
+			continue;
+		}
+
 		if($level == 0) {
 			$newline = str_pad('  CONFIG '.strtoupper($key).'  ', 70, '-', STR_PAD_BOTH);
 			$return .= "\r\n// $newline //\r\n";

upload/robots.txt

@@ -3,14 +3,11 @@
 #
 
 User-agent: *
+Allow: /data/attachment/
+Allow: /data/cache/
+Allow: /uc_server/data/avatar/
 Disallow: /api/
-Disallow: /data/addonmd5/
-Disallow: /data/download/
-Disallow: /data/ipdata/
-Disallow: /data/log/
-Disallow: /data/plugindata/
-Disallow: /data/template/
-Disallow: /data/threadcache/
+Disallow: /data/
 Disallow: /source/
 Disallow: /install/
 Disallow: /template/default/

upload/source/admincp/admincp_checktools.php

@@ -286,6 +286,50 @@
 		}
 	}
 
+} elseif($operation == 'replacekey') {
+
+	$step = max(1, intval($_GET['step']));
+	shownav('tools', 'nav_replacekey');
+	showtips('replacekey_tips');
+	showsubmenusteps('nav_replacekey', array(
+		array('nav_replacekey_confirm', $step == 1),
+		array('nav_replacekey_verify', $step == 2),
+		array('nav_replacekey_completed', $step == 3)
+	));
+	if($step == 1) {
+		cpmsg(cplang('replacekey_tips_step1'), 'action=checktools&operation=replacekey&step=2', 'form', '', FALSE);
+	} elseif($step == 2) {
+		cpmsg(cplang('replacekey_tips_step2'), "action=checktools&operation=replacekey&step=3", 'loading', '', FALSE);
+	} elseif($step == 3) {
+		if(!is_writeable('./config/config_global.php')) {
+			cpmsg('replacekey_must_write_config', '', 'error');
+		}
+
+		$oldauthkey = $_G['config']['security']['authkey'];
+		$newauthkey = generate_key(64);
+
+		$configfile = trim(file_get_contents(DISCUZ_ROOT.'./config/config_global.php'));
+		$configfile = substr($configfile, -2) == '?>' ? substr($configfile, 0, -2) : $configfile;
+		$configfile = str_replace($oldauthkey, $newauthkey, $configfile);
+
+		if(file_put_contents(DISCUZ_ROOT.'./config/config_global.php', trim($configfile), LOCK_EX) === false) {
+			cpmsg('replacekey_must_write_config', '', 'error');
+		}
+
+		$ecdata = authcode($_G['setting']['ec_contract'], 'DECODE', $oldauthkey);
+		$ecdata = authcode($ecdata, 'ENCODE', $newauthkey);
+		C::t('common_setting')->update('ec_contract', $ecdata);
+
+		$ftpdata = $_G['setting']['ftp'];
+		$ftppasswd = authcode($ftpdata['password'], 'DECODE', md5($oldauthkey));
+		$ftpdata['password'] = authcode($ftppasswd, 'ENCODE', md5($newauthkey));
+		C::t('common_setting')->update('ftp', $ftpdata);
+
+		updatecache('setting');
+
+		cpmsg('replacekey_succeed', '', 'succeed', '', FALSE);
+	}
+
 } elseif($operation == 'ftpcheck') {
 
 	$alertmsg = '';
@@ -631,4 +675,13 @@ function findhook($hookid, $key) {
 	}
 	$hooks[] = '<!--{hook/'.$hookid.$key.'}-->';
 }
-?>
+
+function generate_key($length = 32) {
+	$random = random($length);
+	$info = md5($_SERVER['SERVER_SOFTWARE'].$_SERVER['SERVER_NAME'].$_SERVER['SERVER_ADDR'].$_SERVER['SERVER_PORT'].$_SERVER['HTTP_USER_AGENT'].time());
+	$return = '';
+	for($i=0; $i<$length; $i++) {
+		$return .= $random[$i].$info[$i];
+	}
+	return $return;
+}

upload/source/admincp/admincp_cloudaddons.php

@@ -70,7 +70,7 @@
 			$md5total = '';
 			$md5s = array();
 		}
-		$data = cloudaddons_open('&mod=app&ac=download&rid='.$_GET['rid'].'&packnum='.$packnum, '', 999);
+		$data = cloudaddons_open('&mod=app&ac=download&rid='.$_GET['rid'].'&packnum='.$packnum.'&downloadts='.$_GET['timestamp'], '', 999);
 		if(empty($data)){
 			cpmsg('cloudaddons_downloading', "action=cloudaddons&operation=download&addonids=$_GET[addonids]&i=$addoni&step=1&md5hash=".$_GET['md5hash'].'&timestamp='.$_GET['timestamp'].'&num='.$packnum, 'loading', array('addonid' => $_GET['key'].'.'.$_GET['type']), '<div></div>', FALSE);
 			exit;
@@ -128,7 +128,7 @@
 			$packnum++;
 			cpmsg('cloudaddons_downloading', "action=cloudaddons&operation=download&addonids=$_GET[addonids]&i=$addoni&step=1&md5hash=".$_GET['md5hash'].'&timestamp='.$_GET['timestamp'].'&num='.$packnum, 'loading', array('addonid' => $_GET['key'].'.'.$_GET['type']), '<div>'.$percent.'%</div>', FALSE);
 		} else {
-			if($md5total !== '' && md5($md5total) !== cloudaddons_md5($_GET['key'].'_'.$_GET['rid'])) {
+			if($md5total !== '' && md5($md5total) !== cloudaddons_md5($_GET['key'].'_'.$_GET['rid'].(!empty($array['MD5Key']) ? '_'.$array['MD5Key'] : ''))) {
 				dir_clear($tmpdir);
 				@unlink($md5tmp);
 				cloudaddons_faillog($_GET['rid'], 105);

upload/source/admincp/admincp_index.php

@@ -36,6 +36,25 @@
 	updatecache('setting');
 }
 
+if(!empty($_GET['closesitereleasetips'])) {
+	C::t('common_setting')->update('sitereleasetips', 0);
+	$sitereleasetips = 0;
+	require_once libfile('function/cache');
+	updatecache('setting');
+} else {
+	$sitereleasetips = C::t('common_setting')->fetch('sitereleasetips');
+}
+
+$siterelease = C::t('common_setting')->fetch('siterelease');
+$releasehash = substr(hash('sha512', $_G['config']['security']['authkey'].DISCUZ_VERSION.DISCUZ_RELEASE.$siteuniqueid), 0, 32);
+if(empty($siterelease) || strcmp($siterelease, $releasehash) !== 0) {
+	C::t('common_setting')->update('siteversion', DISCUZ_VERSION);
+	C::t('common_setting')->update('siterelease', $releasehash);
+	C::t('common_setting')->update('sitereleasetips', 1);
+	$sitereleasetips = 1;
+	require_once libfile('function/cache');
+	updatecache('setting');
+}
 
 if(submitcheck('notesubmit', 1)) {
 	if(!empty($_GET['noteid']) && is_numeric($_GET['noteid'])) {
@@ -63,7 +82,7 @@
 $dbversion = helper_dbtool::dbversion();
 
 if(@ini_get('file_uploads')) {
-	$fileupload = ini_get('upload_max_filesize');
+	$fileupload = min(min(ini_get('upload_max_filesize'), ini_get('post_max_size')), ini_get('memory_limit'));
 } else {
 	$fileupload = '<font color="red">'.$lang['no'].'</font>';
 }
@@ -259,6 +278,14 @@
 }
 showtablefooter();
 
+if($sitereleasetips) {
+	showtableheader('version_tips', 'fixpadding');
+	showtablerow('', array('', 'class="td21" style="text-align:right;"'),
+		'<em class="unknown">'.lang("admincp", "version_tips_msg", array('ADMINSCRIPT' => ADMINSCRIPT, 'version' => constant("DISCUZ_VERSION").' R'.constant("DISCUZ_RELEASE"))).'</em>'
+	);
+	showtablefooter();
+}
+
 showtableheader('home_onlines', 'nobottom fixpadding');
 echo '<tr><td>'.$onlines.'</td></tr>';
 showtablefooter();

upload/source/admincp/admincp_login.php

@@ -23,9 +23,11 @@
 }
 
 
-if($this->cpaccess == -3) {
-	echo  '<p class="logintips">'.lang('admincp_login', 'login_cp_noaccess').'</p>';
+if($this->cpaccess == -5) {
+	echo  '<p class="logintips">'.lang('admincp_login', 'login_cp_guest').'</p>';
 
+} elseif($this->cpaccess == -2) {
+	echo  '<p class="logintips">'.lang('admincp_login', 'login_cp_noaccess').'</p>';
 
 }elseif($this->cpaccess == -1) {
 	$ltime = $this->sessionlife - (TIMESTAMP - $this->adminsession['dateline']);
@@ -107,13 +109,15 @@ function html_login_form() {
 	$lang = lang('admincp_login');
 	$loginuser = $isguest ? '<input name="admin_username" tabindex="1" type="text" class="txt" autocomplete="off" />' : getglobal('member/username');
 	$sid = getglobal('sid');
+	$formhash = getglobal('formhash');
 	$_SERVER['QUERY_STRING'] = str_replace('&amp;', '&', dhtmlspecialchars($_SERVER['QUERY_STRING']));
 	$extra = ADMINSCRIPT.'?'.(getgpc('action') && getgpc('frames') ? 'frames=yes&' : '').$_SERVER['QUERY_STRING'];
 	$forcesecques = '<option value="0">'.($_G['config']['admincp']['forcesecques'] || $_G['group']['forcesecques'] ? $lang['forcesecques'] : $lang['security_question_0']).'</option>';
 	echo <<<EOT
 		<form method="post" autocomplete="off" name="login" id="loginform" action="$extra">
 		<input type="hidden" name="sid" value="$sid">
 		<input type="hidden" name="frames" value="yes">
+		<input type="hidden" name="formhash" value="$formhash">
 		<p class="logintitle">$lang[login_username]: </p>
 		<p class="loginform">$loginuser</p>
 		<p class="logintitle">$lang[login_password]:</p>

upload/source/admincp/admincp_makehtml.php

@@ -49,7 +49,6 @@
 	showsubmenu('html', $_nav, '');
 }
 if($operation == 'all') {
-	/*search={"nav_makehtml":"action=makehtml&operation=all"}*/
 	showtips('makehtml_tips_all');
 
 	showformheader('makehtml&operation=all');
@@ -137,7 +136,6 @@ function make_html_article(starttime) {
 EOT;
 	showtablefooter();
 	showformfooter();
-	/*search*/
 } elseif($operation == 'index') {
 
 	showtips('makehtml_tips_index');
@@ -203,7 +201,9 @@ function make_html_index() {
 		var selectedids = [];
 		for(var i = 0; i < category.options.length; i++) {
 			var option = category.options[i];
-			allcatids.push(option.value);
+			if(option.value > 0) {
+				allcatids.push(option.value);
+			}
 			if(option.selected) {
 				selectedids.push(option.value);
 			}
@@ -416,7 +416,6 @@ function make_html_topic(starttime) {
 } elseif ($operation == 'makehtmlsetting') {
 
 	if(!submitcheck('makehtmlsetting')) {
-		/*search={"nav_makehtml":"action=makehtml","setting_functions_makehtml":"action=makehtml&operation=makehtmlsetting"}*/
 		$setting = $_G['setting'];
 		showformheader("makehtml&operation=makehtmlsetting");
 		showtableheader('', 'nobottom', 'id="makehtml"'.($_GET['operation'] != 'makehtmlsetting' ? ' style="display: none"' : ''));
@@ -436,7 +435,6 @@ function make_html_topic(starttime) {
 		showtablefooter();
 		showsubmit('makehtmlsetting', 'submit');
 		showformfooter();
-		/*search*/
 	} else {
 		$settingnew = $_GET['settingnew'];
 		if(isset($settingnew['makehtml'])) {
@@ -494,7 +492,6 @@ function make_html_topic(starttime) {
 		cpmsg('admincp_makehtml_cleanhtml_error', 'action=makehtml&operation=makehtmlsetting', 'error');
 	} else {
 		if(!submitcheck('cleanhtml')) {
-			/*search={"nav_makehtml":"action=makehtml","makehtml_clear":"action=makehtml&operation=cleanhtml"}*/
 
 			showformheader("makehtml&operation=cleanhtml");
 			showtableheader();
@@ -503,7 +500,6 @@ function make_html_topic(starttime) {
 			showtablefooter();
 			showsubmit('cleanhtml', 'submit');
 			showformfooter();
-			/*search*/
 		} else {
 			if(isset($_GET['cleandata'])) {
 				$cleandata = $_GET['cleandata'];

upload/source/admincp/admincp_members.php

@@ -2098,6 +2098,9 @@ function getcrimerecord() {
 		$addsize = intval($_GET['addsizenew']);
 		$addfriend = intval($_GET['addfriendnew']);
 		$status = intval($_GET['statusnew']) ? -1 : 0;
+		if($status == -1 && $member['groupid'] == 1) {
+			cpmsg('members_edit_lock', '', 'error', array('grouptitle' => $member['grouptitle'], 'uid' => $member['uid']));
+		}
 		$freeze = in_array($_GET['freezenew'], array(-1, 0, 1, 2)) ? $_GET['freezenew'] : 0;
 		$emailstatusnew = intval($_GET['emailstatusnew']);
 		if(!empty($_G['setting']['connect']['allow'])) {

upload/source/admincp/admincp_menu.php

@@ -243,6 +243,7 @@
 	$isfounder ? array('menu_tools_fileperms', 'tools_fileperms') : null,
 	$isfounder ? array('menu_tools_filecheck', 'checktools_filecheck') : null,
 	$isfounder ? array('menu_tools_hookcheck', 'checktools_hookcheck') : null,
+	$isfounder ? array('menu_tools_replacekey', 'checktools_replacekey') : null,
 );
 
 if($isfounder) {

upload/source/admincp/admincp_optimizer.php

@@ -43,6 +43,9 @@
 	'optimizer_plugin',
 	'optimizer_loginpwcheck',
 	'optimizer_loginoutofdate',
+	'optimizer_dbbackup_visit',
+	'optimizer_filesafe',
+	'optimizer_remote',
 );
 
 $serversec_option = array(