From 3f3c8d74e8501e59e4e6ace3fa87ef3d29b78117 Mon Sep 17 00:00:00 2001 From: Nils Adermann Date: Sat, 1 Nov 2014 18:47:56 +0100 Subject: [PATCH 01/17] [prep-release-3.1.1] Update version number to 3.1.1 --- build/build.xml | 6 +++--- phpBB/includes/constants.php | 2 +- phpBB/install/convertors/convert_phpbb20.php | 2 +- phpBB/install/schemas/schema_data.sql | 2 +- phpBB/styles/prosilver/style.cfg | 4 ++-- phpBB/styles/subsilver2/style.cfg | 4 ++-- 6 files changed, 10 insertions(+), 10 deletions(-) diff --git a/build/build.xml b/build/build.xml index 69ea508a14..e153d4ff21 100644 --- a/build/build.xml +++ b/build/build.xml @@ -2,9 +2,9 @@ - - - + + + diff --git a/phpBB/includes/constants.php b/phpBB/includes/constants.php index 76c3834c91..3b7ab13d2d 100644 --- a/phpBB/includes/constants.php +++ b/phpBB/includes/constants.php @@ -28,7 +28,7 @@ if (!defined('IN_PHPBB')) */ // phpBB Version -define('PHPBB_VERSION', '3.1.0'); +define('PHPBB_VERSION', '3.1.1'); // QA-related // define('PHPBB_QA', 1); diff --git a/phpBB/install/convertors/convert_phpbb20.php b/phpBB/install/convertors/convert_phpbb20.php index 8f6af30426..effd72aeff 100644 --- a/phpBB/install/convertors/convert_phpbb20.php +++ b/phpBB/install/convertors/convert_phpbb20.php @@ -38,7 +38,7 @@ $dbms = $phpbb_config_php_file->convert_30_dbms_to_31($dbms); $convertor_data = array( 'forum_name' => 'phpBB 2.0.x', 'version' => '1.0.3', - 'phpbb_version' => '3.1.0', + 'phpbb_version' => '3.1.1', 'author' => 'phpBB Limited', 'dbms' => $dbms, 'dbhost' => $dbhost, diff --git a/phpBB/install/schemas/schema_data.sql b/phpBB/install/schemas/schema_data.sql index bc4a9f7fe1..48a2f23805 100644 --- a/phpBB/install/schemas/schema_data.sql +++ b/phpBB/install/schemas/schema_data.sql @@ -273,7 +273,7 @@ INSERT INTO phpbb_config (config_name, config_value) VALUES ('tpl_allow_php', '0 INSERT INTO phpbb_config (config_name, config_value) VALUES ('upload_icons_path', 'images/upload_icons'); INSERT INTO phpbb_config (config_name, config_value) VALUES ('upload_path', 'files'); INSERT INTO phpbb_config (config_name, config_value) VALUES ('use_system_cron', '0'); -INSERT INTO phpbb_config (config_name, config_value) VALUES ('version', '3.1.0'); +INSERT INTO phpbb_config (config_name, config_value) VALUES ('version', '3.1.1'); INSERT INTO phpbb_config (config_name, config_value) VALUES ('warnings_expire_days', '90'); INSERT INTO phpbb_config (config_name, config_value) VALUES ('warnings_gc', '14400'); diff --git a/phpBB/styles/prosilver/style.cfg b/phpBB/styles/prosilver/style.cfg index de7b38c90b..9684df73ba 100644 --- a/phpBB/styles/prosilver/style.cfg +++ b/phpBB/styles/prosilver/style.cfg @@ -21,8 +21,8 @@ # General Information about this style name = prosilver copyright = © phpBB Limited, 2007 -style_version = 3.1.0 -phpbb_version = 3.1.0 +style_version = 3.1.1 +phpbb_version = 3.1.1 # Defining a different template bitfield # template_bitfield = lNg= diff --git a/phpBB/styles/subsilver2/style.cfg b/phpBB/styles/subsilver2/style.cfg index 685e876cc7..3b33c07002 100644 --- a/phpBB/styles/subsilver2/style.cfg +++ b/phpBB/styles/subsilver2/style.cfg @@ -21,8 +21,8 @@ # General Information about this style name = subsilver2 copyright = © 2005 phpBB Limited -style_version = 3.1.0 -phpbb_version = 3.1.0 +style_version = 3.1.1 +phpbb_version = 3.1.1 # Defining a different template bitfield # template_bitfield = lNg= From c3aca59cfb58ffc40f8e85f57513c75530abbd18 Mon Sep 17 00:00:00 2001 From: Patrick Webster Date: Sat, 1 Nov 2014 11:49:50 -0500 Subject: [PATCH 02/17] [ticket/13268] Properly append ternary result in get_existing_indexes() PHPBB3-13268 --- phpBB/phpbb/db/tools.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/phpBB/phpbb/db/tools.php b/phpBB/phpbb/db/tools.php index 0781d7425e..c8d25f23a2 100644 --- a/phpBB/phpbb/db/tools.php +++ b/phpBB/phpbb/db/tools.php @@ -2643,7 +2643,7 @@ class tools AND cols.id = ix.id WHERE ix.id = object_id('{$table_name}') AND cols.name = '{$column_name}' - AND INDEXPROPERTY(ix.id, ix.name, 'IsUnique') = " . ($unique) ? '1' : '0'; + AND INDEXPROPERTY(ix.id, ix.name, 'IsUnique') = " . ($unique ? '1' : '0'); } else { @@ -2657,7 +2657,7 @@ class tools AND cols.object_id = ix.object_id WHERE ix.object_id = object_id('{$table_name}') AND cols.name = '{$column_name}' - AND ix.is_unique = " . ($unique) ? '1' : '0'; + AND ix.is_unique = " . ($unique ? '1' : '0'); } break; From 8bdbadabb23c0288ddb9af60c9883b6021d2c239 Mon Sep 17 00:00:00 2001 From: Patrick Webster Date: Sat, 1 Nov 2014 10:53:57 -0500 Subject: [PATCH 03/17] [ticket/13267] Update Automatic Update instructions to include vendor directory PHPBB3-13267 --- phpBB/docs/INSTALL.html | 2 +- phpBB/language/en/install.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/phpBB/docs/INSTALL.html b/phpBB/docs/INSTALL.html index 4bde6c01ea..92d4affb0e 100644 --- a/phpBB/docs/INSTALL.html +++ b/phpBB/docs/INSTALL.html @@ -303,7 +303,7 @@
  • Go to the downloads page and download the latest update package listed there, matching your current version.
    • -
  • Upload the uncompressed archive contents to your phpBB installation - only the install folder is required. Upload the whole install folder, retaining the file structure.
    • +
  • Upload the uncompressed archive contents to your phpBB installation - only the install/ and vendor/ folders are required. Upload these folders in their entirety, retaining the file structure.
  • After the install folder is present, phpBB will go offline automatically.
  • Point your browser to the install directory, for example http://www.example.com/phpBB3/install/
  • Choose the "Update" Tab and follow the instructions
    • diff --git a/phpBB/language/en/install.php b/phpBB/language/en/install.php index a2b27f0a60..107de9c64f 100644 --- a/phpBB/language/en/install.php +++ b/phpBB/language/en/install.php @@ -547,7 +547,7 @@ $lang = array_merge($lang, array(
    • Go to the phpBB.com downloads page and download the "Automatic Update Package" archive.

    • Unpack the archive.

      • -
    • Upload the complete uncompressed install folder to your phpBB root directory (where your config.php file is).

      • +
    • Upload the complete uncompressed "install" and "vendor" folders to your phpBB root directory (where your config.php file is).

    Once uploaded your board will be offline for normal users due to the install directory you uploaded now present.

    From a269929f0ec40c3df9637ea4c3397fd6d0d8b01f Mon Sep 17 00:00:00 2001 From: Matt Friedman Date: Fri, 31 Oct 2014 13:08:36 -0700 Subject: [PATCH 04/17] [ticket/13262] Mention htaccess file when updating from 3.0 to 3.1 PHPBB3-13262 --- phpBB/docs/INSTALL.html | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/phpBB/docs/INSTALL.html b/phpBB/docs/INSTALL.html index 4bde6c01ea..9bd530918b 100644 --- a/phpBB/docs/INSTALL.html +++ b/phpBB/docs/INSTALL.html @@ -347,7 +347,7 @@

  • The store/ directory
-
  • Upload the contents of the 3.1.x Full Package into your forum's directory.
    • +
  • Upload the contents of the 3.1.x Full Package into your forum's directory. Make sure the root level .htaccess file is included in the upload.
  • Browse to install/database_update.php
  • Delete the install/ directory
    • @@ -462,7 +462,7 @@

    8. Anti-Spam Measures

    - +
    From 6b057e026cfb9603c6260d619e0a37e3679aa0d5 Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Thu, 30 Oct 2014 13:58:09 +0100 Subject: [PATCH 05/17] [ticket/13248] Use auth provider collection for getting provider PHPBB3-13248 --- phpBB/phpbb/auth/auth.php | 6 +++--- tests/functional/auth_test.php | 24 ++++++++++++++++++++++++ 2 files changed, 27 insertions(+), 3 deletions(-) diff --git a/phpBB/phpbb/auth/auth.php b/phpBB/phpbb/auth/auth.php index 38755ccf99..b59f0e60ec 100644 --- a/phpBB/phpbb/auth/auth.php +++ b/phpBB/phpbb/auth/auth.php @@ -927,11 +927,11 @@ class auth */ function login($username, $password, $autologin = false, $viewonline = 1, $admin = 0) { - global $config, $db, $user, $phpbb_root_path, $phpEx, $phpbb_container; + global $db, $user, $phpbb_root_path, $phpEx, $phpbb_container; - $method = trim(basename($config['auth_method'])); + $provider_collection = $phpbb_container->get('auth.provider_collection'); - $provider = $phpbb_container->get('auth.provider.' . $method); + $provider = $provider_collection->get_provider(); if ($provider) { $login = $provider->login($username, $password); diff --git a/tests/functional/auth_test.php b/tests/functional/auth_test.php index b4b4279bf1..1794afd009 100644 --- a/tests/functional/auth_test.php +++ b/tests/functional/auth_test.php @@ -33,6 +33,30 @@ class phpbb_functional_auth_test extends phpbb_functional_test_case $this->assertContains('anothertestuser', $crawler->filter('#username_logged_in')->text()); } + /** + * @dependsOn test_login_other + */ + public function test_login_ucp_other_auth_provider() + { + global $cache, $config; + $cache = new phpbb_mock_null_cache; + $db = $this->get_db(); + $sql = 'UPDATE ' . CONFIG_TABLE . " SET config_value = 'foobar' WHERE config_name = 'auth_method'"; + $db->sql_query($sql); + $crawler = self::request('GET', 'ucp.php?mode=login'); + $form = $crawler->selectButton('Login')->form(); + $form->setValues(array( + 'username' => 'anothertestuser', + 'password' => str_repeat('anothertestuser', 2), + )); + $config['auth_method'] = 'foobar'; + $crawler = self::submit($form); + $this->assertContains('anothertestuser', $crawler->filter('#username_logged_in')->text()); + $sql = 'UPDATE ' . CONFIG_TABLE . " SET config_value = 'db' WHERE config_name = 'auth_method'"; + $db->sql_query($sql); + $config['auth_method'] = 'db'; + } + /** * @depends test_login */ From c3f5dc75bed689956b7d4ed1e5b7e0d2c80257c9 Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Thu, 30 Oct 2014 14:24:33 +0100 Subject: [PATCH 06/17] [ticket/13248] Allow specifying different auth provider in provider collection PHPBB3-13248 --- phpBB/phpbb/auth/provider_collection.php | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/phpBB/phpbb/auth/provider_collection.php b/phpBB/phpbb/auth/provider_collection.php index a74a2135dc..bf724419b7 100644 --- a/phpBB/phpbb/auth/provider_collection.php +++ b/phpBB/phpbb/auth/provider_collection.php @@ -38,6 +38,7 @@ class provider_collection extends \phpbb\di\service_collection /** * Get an auth provider. * + * @param string $provider_name The name of the auth provider * @return object Default auth provider selected in config if it * does exist. Otherwise the standard db auth * provider. @@ -46,11 +47,12 @@ class provider_collection extends \phpbb\di\service_collection * auth provider exist. The db auth provider * should always exist in a phpBB installation. */ - public function get_provider() + public function get_provider($provider_name = '') { - if ($this->offsetExists('auth.provider.' . basename(trim($this->config['auth_method'])))) + $provider_name = ($provider_name !== '') ?: basename(trim($this->config['auth_method'])); + if ($this->offsetExists('auth.provider.' . $provider_name)) { - return $this->offsetGet('auth.provider.' . basename(trim($this->config['auth_method']))); + return $this->offsetGet('auth.provider.' . $provider_name); } // Revert to db auth provider if selected method does not exist else if ($this->offsetExists('auth.provider.db')) From a9249bce5ec73b4a4a11d2db13938db6fc4dcaec Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Thu, 30 Oct 2014 14:25:00 +0100 Subject: [PATCH 07/17] [ticket/13248] Always use provider collection for getting provider PHPBB3-13248 --- phpBB/includes/ucp/ucp_auth_link.php | 5 +++-- phpBB/includes/ucp/ucp_login_link.php | 6 +++--- phpBB/includes/ucp/ucp_register.php | 4 ++-- 3 files changed, 8 insertions(+), 7 deletions(-) diff --git a/phpBB/includes/ucp/ucp_auth_link.php b/phpBB/includes/ucp/ucp_auth_link.php index a595ce46c3..748f0fdec2 100644 --- a/phpBB/includes/ucp/ucp_auth_link.php +++ b/phpBB/includes/ucp/ucp_auth_link.php @@ -34,11 +34,12 @@ class ucp_auth_link */ public function main($id, $mode) { - global $config, $request, $template, $phpbb_container, $user; + global $request, $template, $phpbb_container, $user; $error = array(); - $auth_provider = $phpbb_container->get('auth.provider.' . $config['auth_method']); + $provider_collection = $phpbb_container->get('auth.provider_collection'); + $auth_provider = $provider_collection->get_provider(); // confirm that the auth provider supports this page $provider_data = $auth_provider->get_auth_link_data(); diff --git a/phpBB/includes/ucp/ucp_login_link.php b/phpBB/includes/ucp/ucp_login_link.php index 5ca5df00f7..27d59c56b7 100644 --- a/phpBB/includes/ucp/ucp_login_link.php +++ b/phpBB/includes/ucp/ucp_login_link.php @@ -39,7 +39,7 @@ class ucp_login_link */ function main($id, $mode) { - global $config, $phpbb_container, $request, $template, $user; + global $phpbb_container, $request, $template, $user; global $phpbb_root_path, $phpEx; // Initialize necessary variables @@ -57,8 +57,8 @@ class ucp_login_link } // Use the auth_provider requested even if different from configured - $auth_provider = 'auth.provider.' . $request->variable('auth_provider', $config['auth_method']); - $auth_provider = $phpbb_container->get($auth_provider); + $provider_collection = $phpbb_container->get('auth.provider_collection'); + $auth_provider = $provider_collection->get_provider($request->variable('auth_provider', '')); // Set the link_method to login_link $data['link_method'] = 'login_link'; diff --git a/phpBB/includes/ucp/ucp_register.php b/phpBB/includes/ucp/ucp_register.php index 9a15967bae..88078c10af 100644 --- a/phpBB/includes/ucp/ucp_register.php +++ b/phpBB/includes/ucp/ucp_register.php @@ -87,8 +87,8 @@ class ucp_register if (!empty($login_link_data)) { // Confirm that we have all necessary data - $auth_provider = 'auth.provider.' . $request->variable('auth_provider', $config['auth_method']); - $auth_provider = $phpbb_container->get($auth_provider); + $provider_collection = $phpbb_container->get('auth.provider_collection'); + $auth_provider = $provider_collection->get_provider($request->variable('auth_provider', '')); $result = $auth_provider->login_link_has_necessary_data($login_link_data); if ($result !== null) From d9c868d0f5f9c2c097e3fded0ac6882c2f2ff988 Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Thu, 30 Oct 2014 16:54:43 +0100 Subject: [PATCH 08/17] [ticket/13248] Correctly pass provider name PHPBB3-13248 --- phpBB/phpbb/auth/provider_collection.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/phpBB/phpbb/auth/provider_collection.php b/phpBB/phpbb/auth/provider_collection.php index bf724419b7..8e7e9e2cc1 100644 --- a/phpBB/phpbb/auth/provider_collection.php +++ b/phpBB/phpbb/auth/provider_collection.php @@ -49,7 +49,7 @@ class provider_collection extends \phpbb\di\service_collection */ public function get_provider($provider_name = '') { - $provider_name = ($provider_name !== '') ?: basename(trim($this->config['auth_method'])); + $provider_name = ($provider_name !== '') ? $provider_name : basename(trim($this->config['auth_method'])); if ($this->offsetExists('auth.provider.' . $provider_name)) { return $this->offsetGet('auth.provider.' . $provider_name); From 8aec6b58e087fa86c71baaccbeb07fe7a495aee5 Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Thu, 30 Oct 2014 20:52:14 +0100 Subject: [PATCH 09/17] [ticket/13248] Use functional framework login method in tests PHPBB3-13248 --- tests/functional/auth_test.php | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/tests/functional/auth_test.php b/tests/functional/auth_test.php index 1794afd009..76e1709afb 100644 --- a/tests/functional/auth_test.php +++ b/tests/functional/auth_test.php @@ -43,14 +43,9 @@ class phpbb_functional_auth_test extends phpbb_functional_test_case $db = $this->get_db(); $sql = 'UPDATE ' . CONFIG_TABLE . " SET config_value = 'foobar' WHERE config_name = 'auth_method'"; $db->sql_query($sql); - $crawler = self::request('GET', 'ucp.php?mode=login'); - $form = $crawler->selectButton('Login')->form(); - $form->setValues(array( - 'username' => 'anothertestuser', - 'password' => str_repeat('anothertestuser', 2), - )); $config['auth_method'] = 'foobar'; - $crawler = self::submit($form); + $this->login('anothertestuser'); + $crawler = self::request('GET', 'index.php'); $this->assertContains('anothertestuser', $crawler->filter('#username_logged_in')->text()); $sql = 'UPDATE ' . CONFIG_TABLE . " SET config_value = 'db' WHERE config_name = 'auth_method'"; $db->sql_query($sql); From 28ef238a5ccd41833de364ab14ff21a254a9beaf Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Sat, 1 Nov 2014 16:26:40 +0100 Subject: [PATCH 10/17] [ticket/security-164] Sanitize all global variables in symfony_request class SECURITY-164 --- phpBB/phpbb/symfony_request.php | 3 +++ 1 file changed, 3 insertions(+) diff --git a/phpBB/phpbb/symfony_request.php b/phpBB/phpbb/symfony_request.php index bf9ddec493..ad949a35f2 100644 --- a/phpBB/phpbb/symfony_request.php +++ b/phpBB/phpbb/symfony_request.php @@ -38,6 +38,9 @@ class symfony_request extends Request array_walk_recursive($get_parameters, $sanitizer); array_walk_recursive($post_parameters, $sanitizer); + array_walk_recursive($server_parameters, $sanitizer); + array_walk_recursive($files_parameters, $sanitizer); + array_walk_recursive($cookie_parameters, $sanitizer); parent::__construct($get_parameters, $post_parameters, array(), $cookie_parameters, $files_parameters, $server_parameters); } From f534503a66fc81e7bbe589b883167d2343871134 Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Sat, 1 Nov 2014 22:02:47 +0100 Subject: [PATCH 11/17] [ticket/security-164] Correctly format page_name SECURITY-164 --- phpBB/phpbb/session.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/phpBB/phpbb/session.php b/phpBB/phpbb/session.php index 477e91efd6..14b4c63207 100644 --- a/phpBB/phpbb/session.php +++ b/phpBB/phpbb/session.php @@ -87,7 +87,7 @@ class session $symfony_request_path = $phpbb_filesystem->clean_path($symfony_request->getPathInfo()); if ($symfony_request_path !== '/') { - $page_name .= $symfony_request_path; + $page_name .= str_replace('%2F', '/', urlencode($symfony_request_path)); } // current directory within the phpBB root (for example: adm) From be8b5a41c81853cd8f7ba9ee97b68aa512617366 Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Sat, 1 Nov 2014 20:09:08 +0100 Subject: [PATCH 12/17] [ticket/13263] Use prosilver as default style if user's style doesn't exist If prosilver is not installed for whatever reason, it will be installed by the newly added migration. PHPBB3-13263 --- .../db/migration/data/v31x/style_update.php | 175 ++++++++++++++++++ 1 file changed, 175 insertions(+) create mode 100644 phpBB/phpbb/db/migration/data/v31x/style_update.php diff --git a/phpBB/phpbb/db/migration/data/v31x/style_update.php b/phpBB/phpbb/db/migration/data/v31x/style_update.php new file mode 100644 index 0000000000..b0ac80245e --- /dev/null +++ b/phpBB/phpbb/db/migration/data/v31x/style_update.php @@ -0,0 +1,175 @@ + +* @license GNU General Public License, version 2 (GPL-2.0) +* +* For full copyright and license information, please see +* the docs/CREDITS.txt file. +* +*/ + +namespace phpbb\db\migration\data\v31x; + +class style_update extends \phpbb\db\migration\migration +{ + static public function depends_on() + { + return array('\phpbb\db\migration\data\v310\gold'); + } + + public function update_data() + { + return array( + array('custom', array(array($this, 'update_installed_styles'))), + ); + } + + public function update_installed_styles() + { + // First check if prosilver is properly installed + $sql = 'SELECT style_id, style_active + FROM ' . $this->table_prefix . "styles + WHERE style_name = 'prosilver'"; + $result = $this->db->sql_query($sql); + $row = $this->db->sql_fetchrow($result); + $this->db->sql_freeresult($result); + + // Make sure prosilver is installed + if (empty($row) || !isset($row['style_id'])) + { + // Try to parse config file + $cfg = parse_cfg_file($this->phpbb_root_path . 'styles/prosilver/style.cfg'); + + // Stop running this if prosilver doesn't exist + if (empty($cfg)) + { + return; + } + + // Check data + if (!isset($cfg['template_bitfield'])) + { + $cfg['template_bitfield'] = $this->default_bitfield(); + } + + $style = array( + 'style_name' => 'prosilver', + 'style_copyright' => '© phpBB Limited', + 'style_active' => 1, + 'style_path' => 'prosilver', + 'bbcode_bitfield' => $cfg['template_bitfield'], + 'style_parent_id' => 0, + 'style_parent_tree' => '', + ); + + // Add to database + $this->db->sql_transaction('begin'); + + $sql = 'INSERT INTO ' . $this->table_prefix . 'styles + ' . $this->db->sql_build_array('INSERT', $style); + $this->db->sql_query($sql); + + $row = array('style_id' => $this->db->sql_nextid()); + + $this->db->sql_transaction('commit'); + } + // Make sure prosilver is activated + else if (!isset($row['style_active']) || !$row['style_active']) + { + $sql = 'UPDATE ' . STYLES_TABLE . ' SET style_active = 1 WHERE style_id = ' . $row['style_id']; + $this->db->sql_query($sql); + } + + // Get all currently available styles + $styles = $this->find_style_dirs(); + + // Get IDs of the available styles + $style_ids = array(); + $sql = 'SELECT DISTINCT(style_id) AS style_id + FROM ' . $this->table_prefix . 'styles + WHERE ' . $this->db->sql_in_set('style_name', $styles); + $result = $this->db->sql_query($sql); + while ($styles_row = $this->db->sql_fetchrow()) + { + $style_ids[] = $styles_row['style_id']; + } + $this->db->sql_freeresult($result); + + $sql = 'UPDATE ' . $this->table_prefix . "users + SET user_style = {$row['style_id']} + WHERE " . $this->db->sql_in_set('user_style', $style_ids, true); + $this->db->sql_query($sql); + } + + /** + * Generates default bitfield + * Copied from acp_styles + * + * This bitfield decides which bbcodes are defined in a template. + * + * @return string Bitfield + */ + protected function default_bitfield() + { + static $value; + if (isset($value)) + { + return $value; + } + + if (!class_exists('bitfield')) + { + include($this->phpbb_root_path . 'includes/functions_content.' . $this->php_ext); + } + + // Hardcoded template bitfield to add for new templates + $bitfield = new \bitfield(); + $bitfield->set(0); + $bitfield->set(1); + $bitfield->set(2); + $bitfield->set(3); + $bitfield->set(4); + $bitfield->set(8); + $bitfield->set(9); + $bitfield->set(11); + $bitfield->set(12); + $value = $bitfield->get_base64(); + return $value; + } + + /** + * Find all directories that have styles + * Copied from acp_styles + * + * @return array Directory names + */ + protected function find_style_dirs() + { + $styles = array(); + $styles_path = $this->phpbb_root_path . 'styles/'; + + $dp = @opendir($styles_path); + if ($dp) + { + while (($file = readdir($dp)) !== false) + { + $dir = $styles_path . $file; + if ($file[0] == '.' || !is_dir($dir)) + { + continue; + } + + if (file_exists("{$dir}/style.cfg")) + { + $styles[] = $file; + } + } + closedir($dp); + } + + return $styles; + } +} From d1f85f0de3dd958050df39ea79d2e7cd14147b07 Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Sat, 1 Nov 2014 23:22:44 +0100 Subject: [PATCH 13/17] [ticket/13263] Only install/set prosilver if no style available Users that have a nonexistent style selectd will revert back to the default style. PHPBB3-13263 --- .../db/migration/data/v31x/style_update.php | 52 +++++++++---------- 1 file changed, 24 insertions(+), 28 deletions(-) diff --git a/phpBB/phpbb/db/migration/data/v31x/style_update.php b/phpBB/phpbb/db/migration/data/v31x/style_update.php index b0ac80245e..9f01514ff6 100644 --- a/phpBB/phpbb/db/migration/data/v31x/style_update.php +++ b/phpBB/phpbb/db/migration/data/v31x/style_update.php @@ -29,16 +29,25 @@ class style_update extends \phpbb\db\migration\migration public function update_installed_styles() { - // First check if prosilver is properly installed - $sql = 'SELECT style_id, style_active - FROM ' . $this->table_prefix . "styles - WHERE style_name = 'prosilver'"; + // Get all currently available styles + $styles = $this->find_style_dirs(); + $style_paths = $style_ids = array(); + + $sql = 'SELECT style_path, style_id + FROM ' . $this->table_prefix . 'styles'; $result = $this->db->sql_query($sql); - $row = $this->db->sql_fetchrow($result); + while ($styles_row = $this->db->sql_fetchrow()) + { + if (in_array($styles_row['style_path'], $styles)) + { + $style_paths[] = $styles_row['style_path']; + $style_ids[] = $styles_row['style_id']; + } + } $this->db->sql_freeresult($result); - // Make sure prosilver is installed - if (empty($row) || !isset($row['style_id'])) + // Install prosilver if no style is available and prosilver can be installed + if (empty($style_paths) && in_array('prosilver', $styles)) { // Try to parse config file $cfg = parse_cfg_file($this->phpbb_root_path . 'styles/prosilver/style.cfg'); @@ -46,7 +55,7 @@ class style_update extends \phpbb\db\migration\migration // Stop running this if prosilver doesn't exist if (empty($cfg)) { - return; + throw new \RuntimeException('No styles available and could not fall back to prosilver.'); } // Check data @@ -75,31 +84,18 @@ class style_update extends \phpbb\db\migration\migration $row = array('style_id' => $this->db->sql_nextid()); $this->db->sql_transaction('commit'); + + // Set prosilver to default style + $this->config->set('default_style', $row['style_id']); } - // Make sure prosilver is activated - else if (!isset($row['style_active']) || !$row['style_active']) + else if (empty($styles) && empty($available_styles)) { - $sql = 'UPDATE ' . STYLES_TABLE . ' SET style_active = 1 WHERE style_id = ' . $row['style_id']; - $this->db->sql_query($sql); + throw new \RuntimeException('No valid styles available'); } - // Get all currently available styles - $styles = $this->find_style_dirs(); - - // Get IDs of the available styles - $style_ids = array(); - $sql = 'SELECT DISTINCT(style_id) AS style_id - FROM ' . $this->table_prefix . 'styles - WHERE ' . $this->db->sql_in_set('style_name', $styles); - $result = $this->db->sql_query($sql); - while ($styles_row = $this->db->sql_fetchrow()) - { - $style_ids[] = $styles_row['style_id']; - } - $this->db->sql_freeresult($result); - + // Reset users to default style if their user_style is nonexistent $sql = 'UPDATE ' . $this->table_prefix . "users - SET user_style = {$row['style_id']} + SET user_style = {$this->config['default_style']} WHERE " . $this->db->sql_in_set('user_style', $style_ids, true); $this->db->sql_query($sql); } From 74615364598115a584d01503a5dfcc234d8a42b0 Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Sat, 1 Nov 2014 23:40:21 +0100 Subject: [PATCH 14/17] [ticket/13263] Make sure default style exists and clean up code PHPBB3-13263 --- .../db/migration/data/v31x/style_update.php | 59 ++++--------------- 1 file changed, 12 insertions(+), 47 deletions(-) diff --git a/phpBB/phpbb/db/migration/data/v31x/style_update.php b/phpBB/phpbb/db/migration/data/v31x/style_update.php index 9f01514ff6..bb030bbe6d 100644 --- a/phpBB/phpbb/db/migration/data/v31x/style_update.php +++ b/phpBB/phpbb/db/migration/data/v31x/style_update.php @@ -52,24 +52,18 @@ class style_update extends \phpbb\db\migration\migration // Try to parse config file $cfg = parse_cfg_file($this->phpbb_root_path . 'styles/prosilver/style.cfg'); - // Stop running this if prosilver doesn't exist + // Stop running this if prosilver cfg file can't be read if (empty($cfg)) { throw new \RuntimeException('No styles available and could not fall back to prosilver.'); } - // Check data - if (!isset($cfg['template_bitfield'])) - { - $cfg['template_bitfield'] = $this->default_bitfield(); - } - $style = array( 'style_name' => 'prosilver', 'style_copyright' => '© phpBB Limited', 'style_active' => 1, 'style_path' => 'prosilver', - 'bbcode_bitfield' => $cfg['template_bitfield'], + 'bbcode_bitfield' => 'kNg=', 'style_parent_id' => 0, 'style_parent_tree' => '', ); @@ -81,61 +75,32 @@ class style_update extends \phpbb\db\migration\migration ' . $this->db->sql_build_array('INSERT', $style); $this->db->sql_query($sql); - $row = array('style_id' => $this->db->sql_nextid()); + $style_id = $this->db->sql_nextid(); + $style_ids[] = $style_id; $this->db->sql_transaction('commit'); // Set prosilver to default style - $this->config->set('default_style', $row['style_id']); + $this->config->set('default_style', $style_id); } else if (empty($styles) && empty($available_styles)) { throw new \RuntimeException('No valid styles available'); } + // Make sure default style is available + if (!in_array($this->config['default_style'], $style_ids)) + { + $this->config->set('default_style', array_pop($style_ids)); + } + // Reset users to default style if their user_style is nonexistent $sql = 'UPDATE ' . $this->table_prefix . "users SET user_style = {$this->config['default_style']} - WHERE " . $this->db->sql_in_set('user_style', $style_ids, true); + WHERE " . $this->db->sql_in_set('user_style', $style_ids, true, true); $this->db->sql_query($sql); } - /** - * Generates default bitfield - * Copied from acp_styles - * - * This bitfield decides which bbcodes are defined in a template. - * - * @return string Bitfield - */ - protected function default_bitfield() - { - static $value; - if (isset($value)) - { - return $value; - } - - if (!class_exists('bitfield')) - { - include($this->phpbb_root_path . 'includes/functions_content.' . $this->php_ext); - } - - // Hardcoded template bitfield to add for new templates - $bitfield = new \bitfield(); - $bitfield->set(0); - $bitfield->set(1); - $bitfield->set(2); - $bitfield->set(3); - $bitfield->set(4); - $bitfield->set(8); - $bitfield->set(9); - $bitfield->set(11); - $bitfield->set(12); - $value = $bitfield->get_base64(); - return $value; - } - /** * Find all directories that have styles * Copied from acp_styles From 4ae9e8cf6e5d4abbcadafa72fa3784d85e847768 Mon Sep 17 00:00:00 2001 From: Nils Adermann Date: Sun, 2 Nov 2014 00:08:21 +0100 Subject: [PATCH 15/17] [prep-release-3.1.1] Add 3.1.1 migration file --- phpBB/phpbb/db/migration/data/v31x/v311.php | 32 +++++++++++++++++++++ 1 file changed, 32 insertions(+) create mode 100644 phpBB/phpbb/db/migration/data/v31x/v311.php diff --git a/phpBB/phpbb/db/migration/data/v31x/v311.php b/phpBB/phpbb/db/migration/data/v31x/v311.php new file mode 100644 index 0000000000..00844dd4c0 --- /dev/null +++ b/phpBB/phpbb/db/migration/data/v31x/v311.php @@ -0,0 +1,32 @@ + +* @license GNU General Public License, version 2 (GPL-2.0) +* +* For full copyright and license information, please see +* the docs/CREDITS.txt file. +* +*/ + +namespace phpbb\db\migration\data\v31x; + +class v311 extends \phpbb\db\migration\migration +{ + static public function depends_on() + { + return array( + '\phpbb\db\migration\data\v310\gold', + '\phpbb\db\migration\data\v31x\style_update', + ); + } + + public function update_data() + { + return array( + array('config.update', array('version', '3.1.1')), + ); + } +} From aede89d408608708e1cd8797af07a20a50944c35 Mon Sep 17 00:00:00 2001 From: Nils Adermann Date: Sun, 2 Nov 2014 00:20:44 +0100 Subject: [PATCH 16/17] [prep-release-3.1.1] Add 3.1.1 CHANGELOG --- phpBB/docs/CHANGELOG.html | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/phpBB/docs/CHANGELOG.html b/phpBB/docs/CHANGELOG.html index 212da25ade..4d96aa4981 100644 --- a/phpBB/docs/CHANGELOG.html +++ b/phpBB/docs/CHANGELOG.html @@ -46,6 +46,7 @@
    1. Changelog
        +
      1. Changes since 3.1.0
      2. Changes since 3.1.0-RC6
      3. Changes since 3.1.0-RC5
      4. Changes since 3.1.0-RC4
        5. @@ -100,6 +101,24 @@
        +

        1.i. Changes since 3.1.0

        + +

        Security

        +
          +
        • [SECURITY-164] - Cross Site Scripting via PATH_INFO in page_name variable
          • +
        +

        Bug

        +
          +
        • [PHPBB3-13248] - Login functions need to use provider collection for retrieving provider
          • +
        • [PHPBB3-13267] - Automatic Update instructions indicate that only the install folder is necessary
          • +
        • [PHPBB3-13268] - MSSQL's get_existing_indexes() function improperly appends ternary result
          • +
        • [PHPBB3-13271] - Anonymous users can CC themselves on emails sent to admin via contact form
          • +
        +

        Task

        +
          +
        • [PHPBB3-13262] - Add note to docs about htaccess file when upgrading 3.0 to 3.1
          • +
        +

        1.i. Changes since 3.1.0-RC6

        Bug

        From 27be69e3b3092def847d497c19bad7d4ad0a33d8 Mon Sep 17 00:00:00 2001 From: Nils Adermann Date: Sat, 1 Nov 2014 18:10:25 +0100 Subject: [PATCH 17/17] [ticket/13271] Disable CC sender feature for anonymous users PHPBB3-13271 --- phpBB/phpbb/message/form.php | 2 +- phpBB/styles/prosilver/template/memberlist_email.html | 2 ++ phpBB/styles/subsilver2/template/memberlist_email.html | 2 ++ 3 files changed, 5 insertions(+), 1 deletion(-) diff --git a/phpBB/phpbb/message/form.php b/phpBB/phpbb/message/form.php index 076b41dc07..21d4de0b4d 100644 --- a/phpBB/phpbb/message/form.php +++ b/phpBB/phpbb/message/form.php @@ -146,7 +146,7 @@ abstract class form WHERE user_id = ' . $this->user->data['user_id']; $this->db->sql_query($sql); - if ($this->cc_sender) + if ($this->cc_sender && $this->user->data['is_registered']) { $this->message->cc_sender(); } diff --git a/phpBB/styles/prosilver/template/memberlist_email.html b/phpBB/styles/prosilver/template/memberlist_email.html index 865f0b883c..e848844093 100644 --- a/phpBB/styles/prosilver/template/memberlist_email.html +++ b/phpBB/styles/prosilver/template/memberlist_email.html @@ -77,10 +77,12 @@ {L_EMAIL_BODY_EXPLAIN}
        +
         
        +
        diff --git a/phpBB/styles/subsilver2/template/memberlist_email.html b/phpBB/styles/subsilver2/template/memberlist_email.html index 13ff4baace..b52513c241 100644 --- a/phpBB/styles/subsilver2/template/memberlist_email.html +++ b/phpBB/styles/subsilver2/template/memberlist_email.html @@ -66,6 +66,7 @@ {L_MESSAGE_BODY}
        {L_EMAIL_BODY_EXPLAIN} + {L_OPTIONS} @@ -77,6 +78,7 @@ +