From 294c5172565a6a69b8a0e24cad7906540ff30137 Mon Sep 17 00:00:00 2001
From: Marc Alexander <admin@m-a-styles.de>
Date: Sun, 14 Jul 2024 20:42:03 +0200
Subject: [PATCH 1/2] [ticket/17370] Add controller for deleting cookies

PHPBB-17370
---
 .../config/default/container/services_ucp.yml |  11 ++
 phpBB/config/default/routing/ucp.yml          |   4 +
 phpBB/includes/functions.php                  |   2 +-
 phpBB/phpbb/ucp/controller/delete_cookies.php | 134 ++++++++++++++++++
 4 files changed, 150 insertions(+), 1 deletion(-)
 create mode 100644 phpBB/phpbb/ucp/controller/delete_cookies.php

diff --git a/phpBB/config/default/container/services_ucp.yml b/phpBB/config/default/container/services_ucp.yml
index 861fa4ac75..f6ca5fa5e7 100644
--- a/phpBB/config/default/container/services_ucp.yml
+++ b/phpBB/config/default/container/services_ucp.yml
@@ -1,4 +1,15 @@
 services:
+    phpbb.ucp.controller.delete_cookies:
+        class: phpbb\ucp\controller\delete_cookies
+        arguments:
+            - '@config'
+            - '@dispatcher'
+            - '@language'
+            - '@request'
+            - '@user'
+            - '%core.root_path%'
+            - '%core.php_ext%'
+
     phpbb.ucp.controller.reset_password:
         class: phpbb\ucp\controller\reset_password
         arguments:
diff --git a/phpBB/config/default/routing/ucp.yml b/phpBB/config/default/routing/ucp.yml
index 06bd7c3a58..51bdcb9497 100644
--- a/phpBB/config/default/routing/ucp.yml
+++ b/phpBB/config/default/routing/ucp.yml
@@ -1,3 +1,7 @@
+phpbb_ucp_delete_cookies_controller:
+    path: /delete_cookies
+    defaults: { _controller: phpbb.ucp.controller.delete_cookies:handle }
+
 phpbb_ucp_reset_password_controller:
     path: /reset_password
     defaults: { _controller: phpbb.ucp.controller.reset_password:reset }
diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php
index 3a034bc7ab..389b31bb8c 100644
--- a/phpBB/includes/functions.php
+++ b/phpBB/includes/functions.php
@@ -4061,7 +4061,7 @@ function page_header($page_title = '', $display_online_list = false, $item_id =
 		'U_SEARCH_UNANSWERED'	=> append_sid("{$phpbb_root_path}search.$phpEx", 'search_id=unanswered'),
 		'U_SEARCH_UNREAD'		=> append_sid("{$phpbb_root_path}search.$phpEx", 'search_id=unreadposts'),
 		'U_SEARCH_ACTIVE_TOPICS'=> append_sid("{$phpbb_root_path}search.$phpEx", 'search_id=active_topics'),
-		'U_DELETE_COOKIES'		=> append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=delete_cookies'),
+		'U_DELETE_COOKIES'		=> $controller_helper->route('phpbb_ucp_delete_cookies_controller'),
 		'U_CONTACT_US'			=> ($config['contact_admin_form_enable'] && $config['email_enable']) ? append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=contactadmin') : '',
 		'U_TEAM'				=> (!$auth->acl_get('u_viewprofile')) ? '' : append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=team'),
 		'U_TERMS_USE'			=> append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=terms'),
diff --git a/phpBB/phpbb/ucp/controller/delete_cookies.php b/phpBB/phpbb/ucp/controller/delete_cookies.php
new file mode 100644
index 0000000000..869227abea
--- /dev/null
+++ b/phpBB/phpbb/ucp/controller/delete_cookies.php
@@ -0,0 +1,134 @@
+<?php
+/**
+ *
+ * This file is part of the phpBB Forum Software package.
+ *
+ * @copyright (c) phpBB Limited <https://www.phpbb.com>
+ * @license GNU General Public License, version 2 (GPL-2.0)
+ *
+ * For full copyright and license information, please see
+ * the docs/CREDITS.txt file.
+ *
+ */
+
+namespace phpbb\ucp\controller;
+
+use phpbb\config\config;
+use phpbb\event\dispatcher_interface;
+use phpbb\language\language;
+use phpbb\request\request_interface;
+use phpbb\user;
+
+class delete_cookies
+{
+	/** @var config */
+	private $config;
+
+	/** @var dispatcher_interface */
+	private $dispatcher;
+
+	/** @var language */
+	private $language;
+
+	/** @var request_interface */
+	private $request;
+
+	/** @var user */
+	private $user;
+
+	/** @var string phpBB root path */
+	private $phpbb_root_path;
+
+	/** @var string PHP extension */
+	private $php_ext;
+
+	/**
+	 * Constructor for delete_cookies controller
+	 *
+	 * @param config $config
+	 * @param dispatcher_interface $dispatcher
+	 * @param language $language
+	 * @param request_interface $request
+	 * @param user $user
+	 */
+	public function __construct(config $config, dispatcher_interface $dispatcher, language $language, request_interface $request, user $user, string $phpbb_root_path, string $php_ext)
+	{
+		$this->config = $config;
+		$this->dispatcher = $dispatcher;
+		$this->language = $language;
+		$this->request = $request;
+		$this->user = $user;
+		$this->phpbb_root_path = $phpbb_root_path;
+		$this->php_ext = $php_ext;
+	}
+
+	/**
+	 * Handle delete cookies requests
+	 *
+	 * @return void
+	 */
+	public function handle()
+	{
+		$this->language->add_lang(['ucp']);
+
+		// Delete Cookies with dynamic names (do NOT delete poll cookies)
+		if (confirm_box(true))
+		{
+			$set_time = time() - 31536000;
+
+			foreach ($this->request->variable_names(request_interface::COOKIE) as $cookie_name)
+			{
+				// Only delete board cookies
+				if (strpos($cookie_name, $this->config['cookie_name'] . '_') !== 0)
+				{
+					continue;
+				}
+
+				$cookie_name = str_replace($this->config['cookie_name'] . '_', '', $cookie_name);
+
+				/**
+				 * Event to save custom cookies from deletion
+				 *
+				 * @event core.ucp_delete_cookies
+				 * @var	string	cookie_name		Cookie name to checking
+				 * @var	bool	retain_cookie	Do we retain our cookie or not, true if retain
+				 * @since 3.1.3-RC1
+				 * @changed 3.3.13-RC1 Moved to new delete_cookies controller
+				 */
+				$retain_cookie = false;
+				$vars = ['cookie_name', 'retain_cookie'];
+				extract($this->dispatcher->trigger_event('core.ucp_delete_cookies', compact($vars)));
+				if ($retain_cookie)
+				{
+					continue;
+				}
+
+				// Polls are stored as {cookie_name}_poll_{topic_id}, cookie_name_ got removed, therefore checking for poll_
+				if (strpos($cookie_name, 'poll_') !== 0)
+				{
+					$this->user->set_cookie($cookie_name, '', $set_time);
+				}
+			}
+
+			$this->user->set_cookie('track', '', $set_time);
+			$this->user->set_cookie('u', '', $set_time);
+			$this->user->set_cookie('k', '', $set_time);
+			$this->user->set_cookie('sid', '', $set_time);
+
+			// We destroy the session here, the user will be logged out nevertheless
+			$this->user->session_kill();
+			$this->user->session_begin();
+
+			meta_refresh(3, append_sid("{$this->phpbb_root_path}index.$this->php_ext"));
+
+			$message = $this->language->lang('COOKIES_DELETED') . '<br><br>' . $this->language->lang('RETURN_INDEX', '<a href="' . append_sid("{$this->phpbb_root_path}index.$this->php_ext") . '">', '</a>');
+			trigger_error($message);
+		}
+		else
+		{
+			confirm_box(false, 'DELETE_COOKIES', '');
+		}
+
+		redirect(append_sid("{$this->phpbb_root_path}index.$this->php_ext"));
+	}
+}

From 661140c50bad8aadeda3112cdaac97a08fcbd30a Mon Sep 17 00:00:00 2001
From: Marc Alexander <admin@m-a-styles.de>
Date: Sun, 14 Jul 2024 20:44:01 +0200
Subject: [PATCH 2/2] [ticket/17370] Redirect from UCP to delete cookies
 controller

PHPBB-17370
---
 phpBB/ucp.php | 65 ++++-----------------------------------------------
 1 file changed, 4 insertions(+), 61 deletions(-)

diff --git a/phpBB/ucp.php b/phpBB/ucp.php
index 817ea72111..998cfb57ab 100644
--- a/phpBB/ucp.php
+++ b/phpBB/ucp.php
@@ -154,68 +154,11 @@ switch ($mode)
 	break;
 
 	case 'delete_cookies':
+		/** @var \phpbb\controller\helper $controller_helper */
+		$controller_helper = $phpbb_container->get('controller.helper');
 
-		// Delete Cookies with dynamic names (do NOT delete poll cookies)
-		if (confirm_box(true))
-		{
-			$set_time = time() - 31536000;
-
-			foreach ($request->variable_names(\phpbb\request\request_interface::COOKIE) as $cookie_name)
-			{
-				$cookie_data = $request->variable($cookie_name, '', true, \phpbb\request\request_interface::COOKIE);
-
-				// Only delete board cookies, no other ones...
-				if (strpos($cookie_name, $config['cookie_name'] . '_') !== 0)
-				{
-					continue;
-				}
-
-				$cookie_name = str_replace($config['cookie_name'] . '_', '', $cookie_name);
-
-				/**
-				* Event to save custom cookies from deletion
-				*
-				* @event core.ucp_delete_cookies
-				* @var	string	cookie_name		Cookie name to checking
-				* @var	bool	retain_cookie	Do we retain our cookie or not, true if retain
-				* @since 3.1.3-RC1
-				*/
-				$retain_cookie = false;
-				$vars = array('cookie_name', 'retain_cookie');
-				extract($phpbb_dispatcher->trigger_event('core.ucp_delete_cookies', compact($vars)));
-				if ($retain_cookie)
-				{
-					continue;
-				}
-
-				// Polls are stored as {cookie_name}_poll_{topic_id}, cookie_name_ got removed, therefore checking for poll_
-				if (strpos($cookie_name, 'poll_') !== 0)
-				{
-					$user->set_cookie($cookie_name, '', $set_time);
-				}
-			}
-
-			$user->set_cookie('track', '', $set_time);
-			$user->set_cookie('u', '', $set_time);
-			$user->set_cookie('k', '', $set_time);
-			$user->set_cookie('sid', '', $set_time);
-
-			// We destroy the session here, the user will be logged out nevertheless
-			$user->session_kill();
-			$user->session_begin();
-
-			meta_refresh(3, append_sid("{$phpbb_root_path}index.$phpEx"));
-
-			$message = $user->lang['COOKIES_DELETED'] . '<br /><br />' . sprintf($user->lang['RETURN_INDEX'], '<a href="' . append_sid("{$phpbb_root_path}index.$phpEx") . '">', '</a>');
-			trigger_error($message);
-		}
-		else
-		{
-			confirm_box(false, 'DELETE_COOKIES', '');
-		}
-
-		redirect(append_sid("{$phpbb_root_path}index.$phpEx"));
-
+		// Redirect to controller
+		redirect($controller_helper->route('phpbb_ucp_delete_cookies_controller'));
 	break;
 
 	case 'switch_perm':