phpBB Digests Bug Log

phpBB 3 Version

The bug log for phpBB3 Digests is contained in my support forum. I recommend subscribing to it as a newsfeed (RSS 2.0, RSS 1.0, Atom).

Thanks to John Cox for reporting a solution to this persistent but annoying bug. If you see unexpected exclamation points in your feed, it is a result of improper encoding of the email.

In /includes/digest_emailer.php, line 201 replace the line:

 $this->extra_headers = (($this->reply_to != '') ? "Reply-to: $this->reply_to\n" : '') . (($this->from != '') ? "From: $this->from\n" : "From: " . $board_config['board_email'] . "\n") . "Return-Path: " . $board_config['board_email'] . "\nMessage-ID: <" . md5(uniqid(time())) . "@" . $board_config['server_name'] . ">\nContent-transfer-encoding: 8bit\nDate: " . date('r', time()) . "\nX-Priority: 3\nX-MSMail-Priority: Normal\nX-Mailer: PHP\nX-MimeOLE: Produced By phpBB2\n" . $this->extra_headers . (($cc != '') ? "Cc: $cc\n" : '') . (($bcc != '') ? "Bcc: $bcc\n" : '');
           

with:

 $this->extra_headers = (($this->reply_to != '') ? "Reply-to: $this->reply_to\n" : '') . (($this->from != '') ? "From: $this->from\n" : "From: " . $board_config['board_email'] . "\n") . "Return-Path: " . $board_config['board_email'] . "\nMessage-ID: <" . md5(uniqid(time())) . "@" . $board_config['server_name'] . ">\nContent-transfer-encoding: base64\nDate: " . date('r', time()) . "\nX-Priority: 3\nX-MSMail-Priority: Normal\nX-Mailer: PHP\nX-MimeOLE: Produced By phpBB2\n" . $this->extra_headers . (($cc != '') ? "Cc: $cc\n" : '') . (($bcc != '') ? "Bcc: $bcc\n" : '');
 $this->msg = rtrim(chunk_split(base64_encode($this->msg)));
         

In the Administrator Control Panel, Digest Configuration, the version information will appear incorrect near the bottom of the page. This is because I have moved the domain which hosts the current version number to phpbbservices.com. To fix change lines 63 and 67 and replace phpbb.potomactavern.org with phpbbservices.com. This bug effects versions 1.0.17 and up.

In addition it appears my redirect for versioning information (what you would see in the Administrator Control Panel) won't work. To fix this change admin/admin_digests_config.php, Line 63 to:

     if ($fsock = @fsockopen('phpbbservices.com', 80, $errno, $errstr, 10))
              

Line 501 in digests.php should read:

               $userdata['user_id'] . ', ' . intval(substr($key,6)) . ')';

The htmlspecialchars() function, which is in the line, adds no additional protection from SQL injection because the intval() function handles it first. In addition the order was incorrect. substr() should have been applied to $key first, then the intval() should be applied. It worked correctly for me, but should not have.

Note: on 11/2/2007 the archive was repacked with all corrections to date.

If all your forums are restricted so that no registered user can see any forums unless you they have been granted group or special permissions to the forum, then users who subscribe to a digest who have no forum permissions (and others who would receive digests at this hour) will not receive a digest since some bad SQL will be generated like this and cause the cron to fail:

SELECT c.cat_id, f.forum_name, t.topic_title, u.username AS Posted_by, p.post_username, u.user_sig, u.user_allowhtml, p.post_time, u.user_allowsmile, u.user_sig_bbcode_uid, pt.post_text, pt.bbcode_uid, p.post_id, t.topic_id, f.forum_id, p.enable_sig, p.enable_html, p.enable_smilies FROM phpbb_posts p, phpbb_topics t, phpbb_forums f, phpbb_users u, phpbb_categories c, phpbb_posts_text pt WHERE p.topic_id = t.topic_id AND t.forum_id = f.forum_id AND p.poster_id = u.user_id AND f.cat_id = c.cat_id AND p.post_id = pt.post_id AND post_time > 1191288386 AND f.forum_id IN () ORDER BY c.cat_order, f.forum_order, t.topic_title, post_time

Fix. Replace line 269 of mail_digests.php from:

 	$forum_list = implode(',',$queried_forums);

	if (count($queried_forums) > 0)
	{
		$forum_list = ' AND f.forum_id IN (' . implode(',',$queried_forums) . ')';
	}
	else
	{
		$forum_list = '';
	}
   

		post_time > ' . $code . ' AND f.forum_id IN (' . $forum_list . ')

		post_time > ' . $code . ' ' . $forum_list . ' 

Line 566 of mail_digests should be:

 message_die(GENERAL_ERROR, 'Unable to execute retrieve message summary for user', '', __LINE__, __FILE__, $sql2);
              

Apparently depending on how PHP is compiled it may be possible in the Administrator Control Panel to trigger an error. The error will be similar to:

Warning: Missing argument 3 for save_digest_settings() in /www/htdocs/w0071143/includes/digest_functions.php on line 41

If you notice this problem, it can be fixed as shown below. This bug effects versions 1.0.17 and 1.0.18. Change line 41 in /includes/digest_functions.php to:

function save_digest_settings ($this_user_id, $action, $type='DAY', $format='TEXT', $excerpt='YES', $mine='YES', $new='TRUE', $only_if_msgs='NO', $pms='YES', $send_hour=0, $text_length=0)

Line 501 in digests.php should be as follows to avoid a potential SQL injection vulnerability:

               $userdata['user_id'] . ', ' . htmlspecialchars(substr(intval($key),6)) . ')';

Line 99 in digest_tables.php should be:

      ) TYPE=MyISAM COMMENT='Digest Settings Table'";

Lacking the closing ' this phpbb_mod_digest_settings will probably not be successfully created.

The same problem exists in digest_upgrade_db.php if you are upgrading. Line 115 should be:

   ) TYPE=MyISAM COMMENT='Digest Settings Table'";

Thanks to the phpBB Mod team for discovering these critical bugs.

The archive has been repacked to correct these errors, so if you are downloading after 9/4/2007 they have been fixed.

#
#-----[ OPEN ]------------------------------------------
#
admin/admin_users.php

#
#-----[ FIND ]------------------------------------------
#
         else
         {
            message_die(GENERAL_ERROR, 'Admin_user_fail', '', __LINE__, __FILE__, $sql);
         }
         
#
#-----[ AFTER, ADD ]------------------------------------------
#
         
         // Begin Digest Mod
         if ($user_status)
         {
            // Subscribe to a digest, if board is so enabled
            autosubscribe_digest($user_id);
         }
         else
         {
            // If the user is becoming inactive, remove their digest subscription
            save_digest_settings ($user_id, 'DEL');
         }
         // End Digest Mod

         $sql = 'SELECT count(*) AS digest_count FROM ' . USERS_TABLE . ' LEFT JOIN ' . DIGEST_SUBSCRIPTIONS_TABLE . ' ON ' . USERS_TABLE . '.user_id = ' . DIGEST_SUBSCRIPTIONS_TABLE . '.user_id WHERE ' . DIGEST_SUBSCRIPTIONS_TABLE . '.user_id IS NULL AND ' .  USERS_TABLE . '.user_id <> ' . ANONYMOUS . ' AND ' . USERS_TABLE . '.user_active = 1';

         $sql = 'SELECT count(*) AS digest_count FROM ' . USERS_TABLE . ' WHERE user_id NOT IN (SELECT user_id FROM ' . DIGEST_SUBSCRIPTIONS_TABLE . ') AND user_id <> ' . ANONYMOUS . ' AND user_active = 1';

         $sql = 'SELECT ' . USERS_TABLE . '.user_id, username, user_level FROM ' . USERS_TABLE . ' LEFT JOIN ' . DIGEST_SUBSCRIPTIONS_TABLE . ' ON ' . USERS_TABLE . '.user_id = ' . DIGEST_SUBSCRIPTIONS_TABLE . '.user_id WHERE ' . DIGEST_SUBSCRIPTIONS_TABLE . '.user_id IS NULL AND ' .  USERS_TABLE . '.user_id <> ' . ANONYMOUS . ' AND ' . USERS_TABLE . '.user_active = 1 ORDER by username ' .  $sql_limit;

         $sql = 'SELECT user_id, username, user_level FROM ' . USERS_TABLE . ' WHERE user_id NOT IN (SELECT user_id FROM ' . DIGEST_SUBSCRIPTIONS_TABLE . ') AND user_id <> ' . ANONYMOUS . ' AND user_active = 1 ORDER by username ' .  $sql_limit;

function autosubscribe_digest($user_id)
{

   // This function subscribes one user using the default digest settings, if the feature is enabled.

   global $db;

   $defaults = get_digest_defaults();
   $settings = get_digest_settings();
   if ($settings['autosubscribe_users'] == 'YES')
   {
   
      // Add only if user does not alraedy have a subscription
      $sql = 'SELECT count(*) AS this_user_count FROM ' . DIGEST_SUBSCRIPTIONS_TABLE . ' WHERE user_id = ' . $user_id;
      if ( !($result = $db->sql_query($sql)))
      {
         message_die(GENERAL_ERROR, 'Could not perform a count function from ' . DIGEST_SUBSCRIPTIONS_TABLE . ' table', '', __LINE__, __FILE__, $sql);
      }
      
      $row = $db->sql_fetchrow($result);
      if ($row['this_user_count'] == 0)
      {
         save_digest_settings ($user_id, 'INS', $defaults['digest_type'], $defaults['format'], $defaults['show_text'], $defaults['show_mine'], $defaults['new_only'], $defaults['send_on_no_messages'], $defaults['show_pms'], ($defaults['send_hour'] == -1) ? rand(0,23) : $defaults['send_hour'], $defaults['text_length']);
      }
      
   }

}

Line 849 of mail_digests.php is:

         $emailer->use_template('mail_digests_text',$userdata['user_lang']);

But should be:

         $emailer->use_template('mail_digests_text',$row['user_lang']);

As a result of this bug users will get a digest in the board default language, not their own language. This should not be a problem in 99% of installations because most installations show content in only one language.

Correct if you wish. This bug was introduced in 1.0.17. The 1.0.17 archive is repacked with this correction.

Discovered by Sylvain Bourdon.

This is only a problem if a user receives a private message in the digest and they turn off the option to show the text of the private message. In this case the header will show "Message Excerpt" when it should say "Subject".

Change line 396 in mail_digests.php from:

                     '</th><th>' . $lang['digest_message_excerpt'] . "</th>\n";

to:

                     '</th><th>' . $lang['digest_subject'] . "</th>\n";

The 1.0.17 archive is repacked with this correction.

Discovered by Sylvain Bourdon.

This bug is considered minor

I repacked this version a number of times to address bugs that resulted from not having enough testers. In an earlier version I had a mail digests path in the Digest Admin Configuration screen. I removed it when I realized it couldn't work. Unfortunately, I forgot to fix the Javascript. Otherwise, with the bug you press Submit the form submittal logic won't work to do things like check to see if the Site URL field has a / at the end of it.

To fix, edit /templates/subSilver/admin/digest_config_body.tpl as follows.

Change line 9 from:

   function validate_fields (site_url_field, custom_ss_field, date_format, html_encoding, text_encoding, users_per_page, send_key, summary_date, mail_digests_path)


to:

   function validate_fields (site_url_field, custom_ss_field, date_format, html_encoding, text_encoding, users_per_page, send_key, summary_date)

Then change line 141 from:

      <form name="digest_settings_form" action="{S_POST_ACTION}" method="post" onsubmit="return validate_fields (site_url, custom_ss_path, date_format, html_encoding, text_encoding, users_per_page, send_key, summary_date, mail_digests_path);">


to:

      <form name="digest_settings_form" action="{S_POST_ACTION}" method="post" onsubmit="return validate_fields (site_url, custom_ss_path, date_format, html_encoding, text_encoding, users_per_page, send_key, summary_date);">

A user on phpBB.com reports this bug:

"I believe I have found another bug in the "Fancy HTML". If there has been a limit put on the length of any post to be in the email (i.e. 150chars) then the following code is executed (I think )

This correctly removes all the characters above the define limit.

However if the post has a quotation in it then this code also strips out the HTML </td></tr></table> used to close the quotation table.

This then causes an amusing effect if lots of the posts have quotations."

Note, this is the fix that will show up in a subsequent version. The added code is in bold:

if ($bbcode_uid != '')
{
    $post_text = ($board_config['allow_bbcode']) ? bbencode_second_pass($post_text, $bbcode_uid) : preg_replace("/\:$bbcode_uid/si", '', $post_text);
    if (strlen($row2['post_text']) <= $post_text)
    {
        if (strstr($post_text,'<table width="90%" cellspacing="1" cellpadding="3" border="0" align="center">') != FALSE)
        {
            $post_text = $post_text . '</td></tr></table>';
        }
    }
}

Here's another tiny bug by Sylvain Bourdoun. Previously the ancillary text in the email digest was in the default board language. If your board though supports multiple languages, this fix will ensure the user gets the digest in the language in their phpBB profile.

Change this SQL around line 92 to the following:

$sql = "SELECT s.user_id, u.username, u.user_email, u.user_lastvisit, u.user_level, u.user_timezone, u.user_sig_bbcode_uid,
digest_type, format, show_text, show_mine, new_only, send_on_no_messages, send_hour, text_length, u.user_lang
FROM " . DIGEST_SUBSCRIPTIONS_TABLE . ' s, ' . USERS_TABLE . " u
WHERE s.user_id = u.user_id AND ((digest_type = 'DAY' AND send_hour = " . $current_hour .
')' . $weekly_digest_text . ') ORDER BY user_lang';

After this text around line 152:

while ($row = $db->sql_fetchrow($result))
{

Add:

// This logic ensures that the ancillary text in the digest matches the user's language preference
if($current_lang != $row['user_lang'])
{
    $current_lang = $row['user_lang'];
    include($phpbb_root_path . 'language/lang_' . $current_lang . '/lang_digests.' . $phpEx);
}

Around line 579, this line should be changed to:

        $emailer->use_template('mail_digests_html', $current_lang);

This bug would only manifest itself in the unlikely event you have the same topic names in two subsequent categories.

In the SQL statement around line 338 change c.cat_title to c.cat_id.

Add this after Line 355: