diff --git a/build/build.xml b/build/build.xml index 5b2a4ed3e5..ea137f50bc 100644 --- a/build/build.xml +++ b/build/build.xml @@ -3,8 +3,8 @@ - - + + diff --git a/phpBB/docs/CHANGELOG.html b/phpBB/docs/CHANGELOG.html index 557fca202f..e23a1bebb1 100644 --- a/phpBB/docs/CHANGELOG.html +++ b/phpBB/docs/CHANGELOG.html @@ -53,6 +53,7 @@
  • Changes since 3.3.0-b2
  • Changes since 3.3.0-b1
  • Changes since 3.2.x
    • +
  • Changes since 3.2.9-RC1
  • Changes since 3.2.8
  • Changes since 3.2.8-RC1
  • Changes since 3.2.7
    • @@ -306,6 +307,30 @@
  • [PHPBB3-16185] - Use Xenial build environment on travis-ci
    • +

    Changes since 3.2.9-RC1

    +

    Bug

    +
      +
    • [PHPBB3-15592] - "Place inline" button appears when BBcode is disabled (Post settings)
      • +
    • [PHPBB3-16269] - Sphinx backend indexes HTML markup as keywords
      • +
    • [PHPBB3-16282] - Default jQuery CDN URL is outdated on new installs
      • +
    +

    Improvement

    +
      +
    • [PHPBB3-16271] - Add support for 3.3.x API documentation
      • +
    • [PHPBB3-16279] - Add permission for Emojii in topic title
      • +
    +

    Security

    +
      +
    • [SECURITY-249] - Group avatar overwrite on invalid submit
      • +
    • [SECURITY-250] - Group leader can be tricked into approving user
      • +
    +

    Hardening

    +
      +
    • [SECURITY-251] - Unwanted move of PMs to folders
      • +
    • [SECURITY-252] - PMs of unsuspecting users can be marked as important
      • +
    • [SECURITY-253] - PM export without proper validation
      • +
    +

    Changes since 3.2.8

    Bug

      diff --git a/phpBB/includes/ucp/ucp_groups.php b/phpBB/includes/ucp/ucp_groups.php index d574549093..6eba3a03a9 100644 --- a/phpBB/includes/ucp/ucp_groups.php +++ b/phpBB/includes/ucp/ucp_groups.php @@ -534,7 +534,12 @@ class ucp_groups 'teampage' => $group_row['group_teampage'], ); - if ($config['allow_avatar']) + if (!check_form_key('ucp_groups')) + { + $error[] = $user->lang['FORM_INVALID']; + } + + if (!count($error) && $config['allow_avatar']) { // Handle avatar $driver_name = $phpbb_avatar_manager->clean_driver_name($request->variable('avatar_driver', '')); @@ -556,11 +561,6 @@ class ucp_groups $error = array_merge($error, $phpbb_avatar_manager->localize_errors($user, $avatar_error)); } - if (!check_form_key('ucp_groups')) - { - $error[] = $user->lang['FORM_INVALID']; - } - // Validate submitted colour value if ($colour_error = validate_data($submit_ary, array('colour' => array('hex_colour', true)))) { @@ -875,6 +875,11 @@ class ucp_groups trigger_error($user->lang['NO_GROUP'] . $return_page); } + if (!check_form_key('ucp_groups')) + { + trigger_error($user->lang('FORM_INVALID') . $return_page); + } + if (!($row = group_memberships($group_id, $user->data['user_id']))) { trigger_error($user->lang['NOT_MEMBER_OF_GROUP'] . $return_page); diff --git a/phpBB/includes/ucp/ucp_pm.php b/phpBB/includes/ucp/ucp_pm.php index 4d02620e89..00d1ce7149 100644 --- a/phpBB/includes/ucp/ucp_pm.php +++ b/phpBB/includes/ucp/ucp_pm.php @@ -193,6 +193,8 @@ class ucp_pm trigger_error('NO_AUTH_READ_HOLD_MESSAGE'); } + add_form_key('ucp_pm_view'); + // First Handle Mark actions and moving messages $submit_mark = (isset($_POST['submit_mark'])) ? true : false; $move_pm = (isset($_POST['move_pm'])) ? true : false; @@ -207,6 +209,11 @@ class ucp_pm $submit_mark = false; } + if (($move_pm || $submit_mark) && !check_form_key('ucp_pm_view')) + { + trigger_error('FORM_INVALID'); + } + // Move PM if ($move_pm) { diff --git a/phpBB/includes/ucp/ucp_pm_viewfolder.php b/phpBB/includes/ucp/ucp_pm_viewfolder.php index 09e7bf4d7c..ce40a2507d 100644 --- a/phpBB/includes/ucp/ucp_pm_viewfolder.php +++ b/phpBB/includes/ucp/ucp_pm_viewfolder.php @@ -32,6 +32,8 @@ function view_folder($id, $mode, $folder_id, $folder) $folder_info = get_pm_from($folder_id, $folder, $user->data['user_id']); + add_form_key('ucp_pm_view_folder'); + if (!$submit_export) { $user->add_lang('viewforum'); @@ -197,6 +199,11 @@ function view_folder($id, $mode, $folder_id, $folder) $enclosure = $request->variable('enclosure', ''); $delimiter = $request->variable('delimiter', ''); + if (!check_form_key('ucp_pm_view_folder')) + { + trigger_error('FORM_INVALID'); + } + if ($export_type == 'CSV' && ($delimiter === '' || $enclosure === '')) { $template->assign_var('PROMPT', true); diff --git a/phpBB/phpbb/db/migration/data/v32x/v329.php b/phpBB/phpbb/db/migration/data/v32x/v329.php new file mode 100644 index 0000000000..e88e264aef --- /dev/null +++ b/phpBB/phpbb/db/migration/data/v32x/v329.php @@ -0,0 +1,37 @@ + +* @license GNU General Public License, version 2 (GPL-2.0) +* +* For full copyright and license information, please see +* the docs/CREDITS.txt file. +* +*/ + +namespace phpbb\db\migration\data\v32x; + +class v329 extends \phpbb\db\migration\migration +{ + public function effectively_installed() + { + return phpbb_version_compare($this->config['version'], '3.2.9', '>='); + } + + static public function depends_on() + { + return array( + '\phpbb\db\migration\data\v32x\v329rc1', + '\phpbb\db\migration\data\v32x\user_emoji_permission', + ); + } + + public function update_data() + { + return array( + array('config.update', array('version', '3.2.9')), + ); + } +} diff --git a/tests/functional/ucp_groups_test.php b/tests/functional/ucp_groups_test.php index cd18a0fcae..445c124158 100644 --- a/tests/functional/ucp_groups_test.php +++ b/tests/functional/ucp_groups_test.php @@ -54,4 +54,72 @@ class phpbb_functional_ucp_groups_test extends phpbb_functional_common_groups_te $this->assertContains($this->lang('GROUP_UPDATED'), $crawler->text()); $this->assertEquals($teampage_settings, $this->get_teampage_settings()); } + + public function test_create_request_group() + { + $this->login(); + $this->admin_login(); + $this->add_lang('acp/groups'); + + $crawler = self::request('GET', 'adm/index.php?i=acp_groups&mode=manage&sid=' . $this->sid); + $form = $crawler->selectButton($this->lang('SUBMIT'))->form(); + $crawler = self::submit($form, array('group_name' => 'request-group')); + + $form = $crawler->selectButton($this->lang('SUBMIT'))->form(); + $crawler = self::submit($form, array('group_name' => 'request-group')); + + $this->assertContainsLang('GROUP_CREATED', $crawler->filter('#main')->text()); + + $group_id = $this->get_group_id('request-group'); + + // Make admin group leader + $crawler = self::request('GET', 'adm/index.php?i=acp_groups&mode=manage&action=list&g=' . $group_id . '&sid=' . $this->sid); + $form = $crawler->filter('input[name=addusers]')->selectButton($this->lang('SUBMIT'))->form(); + $crawler = self::submit($form, [ + 'leader' => 1, + 'usernames' => 'admin', + ]); + + $this->assertContainsLang('GROUP_MODS_ADDED', $crawler->filter('#main')->text()); + } + + /** + * @depends test_create_request_group + */ + public function test_request_group_membership() + { + $this->create_user('request-group-user'); + $this->login('request-group-user'); + $this->add_lang('groups'); + + $group_id = $this->get_group_id('request-group'); + + $crawler = self::request('GET', 'ucp.php?i=ucp_groups&mode=membership&sid=' . $this->sid); + $form = $crawler->selectButton($this->lang('SUBMIT'))->form(); + $crawler = self::submit($form, ['selected' => $group_id, 'action' => 'join']); + $this->assertContainsLang('GROUP_JOIN_PENDING_CONFIRM', $crawler->text()); + + $form = $crawler->selectButton($this->lang('YES'))->form(); + $crawler = self::submit($form); + $this->assertContainsLang('GROUP_JOINED_PENDING', $crawler->text()); + } + + /** + * @depends test_request_group_membership + */ + public function test_approve_group_membership() + { + $this->login(); + $this->add_lang('acp/groups'); + + $group_id = $this->get_group_id('request-group'); + $crawler = self::request('GET', 'ucp.php?i=ucp_groups&mode=manage&action=list&g=' . $group_id . '&sid=' . $this->sid); + $form = $crawler->filter('input[name=update]')->selectButton($this->lang('SUBMIT'))->form(); + $crawler = self::submit($form, [ + 'mark' => [$crawler->filter('input[name="mark[]"]')->first()->attr('value')], + 'action' => 'approve', + ]); + + $this->assertContainsLang('USERS_APPROVED', $crawler->text()); + } } diff --git a/tests/test_framework/phpbb_functional_test_case.php b/tests/test_framework/phpbb_functional_test_case.php index 4c2afa4f30..a31aa648bc 100644 --- a/tests/test_framework/phpbb_functional_test_case.php +++ b/tests/test_framework/phpbb_functional_test_case.php @@ -689,6 +689,25 @@ class phpbb_functional_test_case extends phpbb_test_case return user_add($user_row); } + /** + * Get group ID + * + * @param string $group_name Group name + * @return int Group id of specified group name + */ + protected function get_group_id($group_name) + { + $db = $this->get_db(); + $sql = 'SELECT group_id + FROM ' . GROUPS_TABLE . " + WHERE group_name = '" . $db->sql_escape($group_name) . "'"; + $result = $db->sql_query($sql); + $group_id = (int) $db->sql_fetchfield('group_id'); + $db->sql_freeresult($result); + + return $group_id; + } + protected function remove_user_group($group_name, $usernames) { global $db, $cache, $auth, $config, $phpbb_dispatcher, $phpbb_log, $phpbb_container, $phpbb_root_path, $phpEx; @@ -721,12 +740,7 @@ class phpbb_functional_test_case extends phpbb_test_case require_once(__DIR__ . '/../../phpBB/includes/functions_user.php'); } - $sql = 'SELECT group_id - FROM ' . GROUPS_TABLE . " - WHERE group_name = '" . $db->sql_escape($group_name) . "'"; - $result = $db->sql_query($sql); - $group_id = (int) $db->sql_fetchfield('group_id'); - $db->sql_freeresult($result); + $group_id = $this->get_group_id($group_name); return group_user_del($group_id, false, $usernames, $group_name); } @@ -766,12 +780,7 @@ class phpbb_functional_test_case extends phpbb_test_case require_once(__DIR__ . '/../../phpBB/includes/functions_user.php'); } - $sql = 'SELECT group_id - FROM ' . GROUPS_TABLE . " - WHERE group_name = '" . $db->sql_escape($group_name) . "'"; - $result = $db->sql_query($sql); - $group_id = (int) $db->sql_fetchfield('group_id'); - $db->sql_freeresult($result); + $group_id = $this->get_group_id($group_name); return group_user_add($group_id, false, $usernames, $group_name, $default, $leader); }