From b7b0b0ccc3fbf92324948e8c5e616a3e06343600 Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Tue, 14 May 2013 13:43:53 +0200 Subject: [PATCH 01/14] [ticket/11538] Make sure group color can't exceed maximum of 6 characters In order to prevent future issues with this, a basic set of functional tests for the UCP groups manage page have been added. PHPBB3-11538 --- phpBB/includes/ucp/ucp_groups.php | 10 +++++ tests/functional/ucp_groups_test.php | 61 ++++++++++++++++++++++++++++ 2 files changed, 71 insertions(+) create mode 100644 tests/functional/ucp_groups_test.php diff --git a/phpBB/includes/ucp/ucp_groups.php b/phpBB/includes/ucp/ucp_groups.php index d62dbb1866..c1db19774a 100644 --- a/phpBB/includes/ucp/ucp_groups.php +++ b/phpBB/includes/ucp/ucp_groups.php @@ -597,6 +597,16 @@ class ucp_groups if (!sizeof($error)) { + // Make sure maximum length of 6 of group color is not exceeded + if (strpos($submit_ary['colour'], '#') === 0) + { + $submit_ary['colour'] = substr($submit_ary['colour'], 1, 6); + } + else + { + $submit_ary['colour'] = substr($submit_ary['colour'], 0, 6); + } + // Only set the rank, colour, etc. if it's changed or if we're adding a new // group. This prevents existing group members being updated if no changes // were made. diff --git a/tests/functional/ucp_groups_test.php b/tests/functional/ucp_groups_test.php new file mode 100644 index 0000000000..010727cb55 --- /dev/null +++ b/tests/functional/ucp_groups_test.php @@ -0,0 +1,61 @@ +login(); + $this->add_lang(array('ucp', 'acp/groups')); + + $crawler = $this->request('GET', 'ucp.php?i=groups&mode=manage&action=edit&g=5&sid=' . $this->sid); + $this->assert_response_success(); + $form = $crawler->selectButton($this->lang('SUBMIT'))->form(); + $form['group_colour']->setValue('#AA0000'); + $crawler = $this->client->submit($form); + $this->assertContains($this->lang('GROUP_UPDATED'), $crawler->text()); + + $crawler = $this->request('GET', 'ucp.php?i=groups&mode=manage&action=edit&g=5&sid=' . $this->sid); + $this->assert_response_success(); + $form = $crawler->selectButton($this->lang('SUBMIT'))->form(); + $values = $form->getValues(); + $this->assertContains('AA0000', $values['group_colour']); + $form['group_colour']->setValue('AA0000'); + $crawler = $this->client->submit($form); + $this->assertContains($this->lang('GROUP_UPDATED'), $crawler->text()); + + $crawler = $this->request('GET', 'ucp.php?i=groups&mode=manage&action=edit&g=5&sid=' . $this->sid); + $this->assert_response_success(); + $form = $crawler->selectButton($this->lang('SUBMIT'))->form(); + $values = $form->getValues(); + $this->assertContains('AA0000', $values['group_colour']); + $form['group_colour']->setValue('AA0000v'); + $crawler = $this->client->submit($form); + $this->assertContains($this->lang('GROUP_UPDATED'), $crawler->text()); + + $crawler = $this->request('GET', 'ucp.php?i=groups&mode=manage&action=edit&g=5&sid=' . $this->sid); + $this->assert_response_success(); + $form = $crawler->selectButton($this->lang('SUBMIT'))->form(); + $values = $form->getValues(); + $this->assertContains('AA0000', $values['group_colour']); + $form['group_colour']->setValue('vAA0000'); + $crawler = $this->client->submit($form); + $this->assertContains($this->lang('GROUP_UPDATED'), $crawler->text()); + + $crawler = $this->request('GET', 'ucp.php?i=groups&mode=manage&action=edit&g=5&sid=' . $this->sid); + $this->assert_response_success(); + $form = $crawler->selectButton($this->lang('SUBMIT'))->form(); + $values = $form->getValues(); + $this->assertContains('vAA000', $values['group_colour']); + } +} From a547ba3f9d569410107574a151af9a2f301bb68e Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Tue, 14 May 2013 19:44:55 +0200 Subject: [PATCH 02/14] [ticket/11538] Use regex for testing color value and improve tests We are now using a regex with preg_match() in order to properly check if the entered color value is in hex color format or not. A proper error message is triggered if an incorrect color value is entered and the prepended '#' is removed if necessary. PHPBB3-11538 --- phpBB/includes/ucp/ucp_groups.php | 14 ++++--- phpBB/language/en/common.php | 1 + tests/functional/ucp_groups_test.php | 57 ++++++++++------------------ 3 files changed, 30 insertions(+), 42 deletions(-) diff --git a/phpBB/includes/ucp/ucp_groups.php b/phpBB/includes/ucp/ucp_groups.php index c1db19774a..3f06e74159 100644 --- a/phpBB/includes/ucp/ucp_groups.php +++ b/phpBB/includes/ucp/ucp_groups.php @@ -595,18 +595,22 @@ class ucp_groups $error[] = $user->lang['FORM_INVALID']; } - if (!sizeof($error)) + if (!empty($submit_ary['colour'])) { - // Make sure maximum length of 6 of group color is not exceeded - if (strpos($submit_ary['colour'], '#') === 0) + preg_match('/^(#?)+(?:[0-9a-fA-F]{6}|[0-9a-fA-F]{3})\b/', $submit_ary['colour'], $group_colour); + + if (sizeof($group_colour)) { - $submit_ary['colour'] = substr($submit_ary['colour'], 1, 6); + $submit_ary['colour'] = (strpos($group_colour[0], '#') !== false) ? str_replace('#', '', $group_colour[0]) : $group_colour[0]; } else { - $submit_ary['colour'] = substr($submit_ary['colour'], 0, 6); + $error[] = $user->lang['COLOUR_INVALID']; } + } + if (!sizeof($error)) + { // Only set the rank, colour, etc. if it's changed or if we're adding a new // group. This prevents existing group members being updated if no changes // were made. diff --git a/phpBB/language/en/common.php b/phpBB/language/en/common.php index baf398b146..129deb551c 100644 --- a/phpBB/language/en/common.php +++ b/phpBB/language/en/common.php @@ -120,6 +120,7 @@ $lang = array_merge($lang, array( 'CLICK_VIEW_PRIVMSG' => '%sGo to your inbox%s', 'COLLAPSE_VIEW' => 'Collapse view', 'CLOSE_WINDOW' => 'Close window', + 'COLOUR_INVALID' => 'The colour value you entered is invalid.', 'COLOUR_SWATCH' => 'Colour swatch', 'COMMA_SEPARATOR' => ', ', // Used in pagination of ACP & prosilver, use localised comma if appropriate, eg: Ideographic or Arabic 'CONFIRM' => 'Confirm', diff --git a/tests/functional/ucp_groups_test.php b/tests/functional/ucp_groups_test.php index 010727cb55..f570c6af8d 100644 --- a/tests/functional/ucp_groups_test.php +++ b/tests/functional/ucp_groups_test.php @@ -12,50 +12,33 @@ */ class phpbb_functional_ucp_groups_test extends phpbb_functional_test_case { - public function test_groups_manage() + public function groups_manage_test_data() + { + return array( + array('#AA0000', 'GROUP_UPDATED'), + array('AA0000', 'GROUP_UPDATED'), + array('AA0000v', 'COLOUR_INVALID'), + array('vAA0000', 'COLOUR_INVALID'), + array('AAG000', 'COLOUR_INVALID'), + array('#a00', 'GROUP_UPDATED'), + array('ag0', 'COLOUR_INVALID'), + array('#ag0', 'COLOUR_INVALID'), + ); + } + + /** + * @dataProvider groups_manage_test_data + */ + public function test_groups_manage($input, $expected) { - $values = array(); $this->login(); $this->add_lang(array('ucp', 'acp/groups')); $crawler = $this->request('GET', 'ucp.php?i=groups&mode=manage&action=edit&g=5&sid=' . $this->sid); $this->assert_response_success(); $form = $crawler->selectButton($this->lang('SUBMIT'))->form(); - $form['group_colour']->setValue('#AA0000'); + $form['group_colour']->setValue($input); $crawler = $this->client->submit($form); - $this->assertContains($this->lang('GROUP_UPDATED'), $crawler->text()); - - $crawler = $this->request('GET', 'ucp.php?i=groups&mode=manage&action=edit&g=5&sid=' . $this->sid); - $this->assert_response_success(); - $form = $crawler->selectButton($this->lang('SUBMIT'))->form(); - $values = $form->getValues(); - $this->assertContains('AA0000', $values['group_colour']); - $form['group_colour']->setValue('AA0000'); - $crawler = $this->client->submit($form); - $this->assertContains($this->lang('GROUP_UPDATED'), $crawler->text()); - - $crawler = $this->request('GET', 'ucp.php?i=groups&mode=manage&action=edit&g=5&sid=' . $this->sid); - $this->assert_response_success(); - $form = $crawler->selectButton($this->lang('SUBMIT'))->form(); - $values = $form->getValues(); - $this->assertContains('AA0000', $values['group_colour']); - $form['group_colour']->setValue('AA0000v'); - $crawler = $this->client->submit($form); - $this->assertContains($this->lang('GROUP_UPDATED'), $crawler->text()); - - $crawler = $this->request('GET', 'ucp.php?i=groups&mode=manage&action=edit&g=5&sid=' . $this->sid); - $this->assert_response_success(); - $form = $crawler->selectButton($this->lang('SUBMIT'))->form(); - $values = $form->getValues(); - $this->assertContains('AA0000', $values['group_colour']); - $form['group_colour']->setValue('vAA0000'); - $crawler = $this->client->submit($form); - $this->assertContains($this->lang('GROUP_UPDATED'), $crawler->text()); - - $crawler = $this->request('GET', 'ucp.php?i=groups&mode=manage&action=edit&g=5&sid=' . $this->sid); - $this->assert_response_success(); - $form = $crawler->selectButton($this->lang('SUBMIT'))->form(); - $values = $form->getValues(); - $this->assertContains('vAA000', $values['group_colour']); + $this->assertContains($this->lang($expected), $crawler->text()); } } From 1fae7720e43c8ff853225e16d0de54395d9ab051 Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Tue, 14 May 2013 21:27:25 +0200 Subject: [PATCH 03/14] [ticket/11538] Fix incorrect regex and test for duplicate # in color string PHPBB3-11538 --- phpBB/includes/ucp/ucp_groups.php | 2 +- tests/functional/ucp_groups_test.php | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/phpBB/includes/ucp/ucp_groups.php b/phpBB/includes/ucp/ucp_groups.php index 3f06e74159..8ff76eac42 100644 --- a/phpBB/includes/ucp/ucp_groups.php +++ b/phpBB/includes/ucp/ucp_groups.php @@ -597,7 +597,7 @@ class ucp_groups if (!empty($submit_ary['colour'])) { - preg_match('/^(#?)+(?:[0-9a-fA-F]{6}|[0-9a-fA-F]{3})\b/', $submit_ary['colour'], $group_colour); + preg_match('/^#?(?:[0-9a-fA-F]{6}|[0-9a-fA-F]{3})\b/', $submit_ary['colour'], $group_colour); if (sizeof($group_colour)) { diff --git a/tests/functional/ucp_groups_test.php b/tests/functional/ucp_groups_test.php index f570c6af8d..d5ac6f697e 100644 --- a/tests/functional/ucp_groups_test.php +++ b/tests/functional/ucp_groups_test.php @@ -23,6 +23,7 @@ class phpbb_functional_ucp_groups_test extends phpbb_functional_test_case array('#a00', 'GROUP_UPDATED'), array('ag0', 'COLOUR_INVALID'), array('#ag0', 'COLOUR_INVALID'), + array('##bcc', 'COLOUR_INVALID'), ); } From deefe5c0e48534cea1327cf685255d109d9d7e2c Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Tue, 14 May 2013 22:39:33 +0200 Subject: [PATCH 04/14] [ticket/11538] Simplify colour value check and remove support for '#' The input length for the hex color is now limited to 6 characters and the support for colors starting with a '#' has been dropped. The allowed input length of 7 in prosilver seems to have been a relict from old ages of phpBB3. In order to have proper support for correct checking of the colour value, the new code was also ported to the ACP groups manage page. The tests have been modified to reflect the changes to the behavior of the color check. Tests for the ACP will follow. PHPBB3-11538 --- phpBB/includes/acp/acp_groups.php | 7 +++++++ phpBB/includes/ucp/ucp_groups.php | 15 ++++----------- phpBB/language/en/common.php | 2 +- .../prosilver/template/ucp_groups_manage.html | 2 +- tests/functional/ucp_groups_test.php | 15 +++++++-------- 5 files changed, 20 insertions(+), 21 deletions(-) diff --git a/phpBB/includes/acp/acp_groups.php b/phpBB/includes/acp/acp_groups.php index beb7aefee5..3b0d53d52c 100644 --- a/phpBB/includes/acp/acp_groups.php +++ b/phpBB/includes/acp/acp_groups.php @@ -422,6 +422,13 @@ class acp_groups $error = array_merge($error, array_map(array(&$user, 'lang'), $max_recipients_error)); } + // Validate submitted colour value + if ($colour_error = validate_data($submit_ary, array('colour' => array('match', true, '/^([0-9a-fA-F]{6}|[0-9a-fA-F]{3})\b/')))) + { + // Replace "error" string with its real, localised form + $error = array_merge($error, array_map(array(&$user, 'lang'), $colour_error)); + } + if (!sizeof($error)) { // Only set the rank, colour, etc. if it's changed or if we're adding a new diff --git a/phpBB/includes/ucp/ucp_groups.php b/phpBB/includes/ucp/ucp_groups.php index 8ff76eac42..bf6af8b6f1 100644 --- a/phpBB/includes/ucp/ucp_groups.php +++ b/phpBB/includes/ucp/ucp_groups.php @@ -595,18 +595,11 @@ class ucp_groups $error[] = $user->lang['FORM_INVALID']; } - if (!empty($submit_ary['colour'])) + // Validate submitted colour value + if ($colour_error = validate_data($submit_ary, array('colour' => array('match', true, '/^([0-9a-fA-F]{6}|[0-9a-fA-F]{3})\b/')))) { - preg_match('/^#?(?:[0-9a-fA-F]{6}|[0-9a-fA-F]{3})\b/', $submit_ary['colour'], $group_colour); - - if (sizeof($group_colour)) - { - $submit_ary['colour'] = (strpos($group_colour[0], '#') !== false) ? str_replace('#', '', $group_colour[0]) : $group_colour[0]; - } - else - { - $error[] = $user->lang['COLOUR_INVALID']; - } + // Replace "error" string with its real, localised form + $error = array_merge($error, array_map(array(&$user, 'lang'), $colour_error)); } if (!sizeof($error)) diff --git a/phpBB/language/en/common.php b/phpBB/language/en/common.php index 129deb551c..c986e8213d 100644 --- a/phpBB/language/en/common.php +++ b/phpBB/language/en/common.php @@ -120,7 +120,6 @@ $lang = array_merge($lang, array( 'CLICK_VIEW_PRIVMSG' => '%sGo to your inbox%s', 'COLLAPSE_VIEW' => 'Collapse view', 'CLOSE_WINDOW' => 'Close window', - 'COLOUR_INVALID' => 'The colour value you entered is invalid.', 'COLOUR_SWATCH' => 'Colour swatch', 'COMMA_SEPARATOR' => ', ', // Used in pagination of ACP & prosilver, use localised comma if appropriate, eg: Ideographic or Arabic 'CONFIRM' => 'Confirm', @@ -723,6 +722,7 @@ $lang = array_merge($lang, array( 'WHO_IS_ONLINE' => 'Who is online', 'WRONG_PASSWORD' => 'You entered an incorrect password.', + 'WRONG_DATA_COLOUR' => 'The colour value you entered is invalid.', 'WRONG_DATA_ICQ' => 'The number you entered is not a valid ICQ number.', 'WRONG_DATA_JABBER' => 'The name you entered is not a valid Jabber account name.', 'WRONG_DATA_LANG' => 'The language you specified is not valid.', diff --git a/phpBB/styles/prosilver/template/ucp_groups_manage.html b/phpBB/styles/prosilver/template/ucp_groups_manage.html index 87b548c23b..d15cca8ee8 100644 --- a/phpBB/styles/prosilver/template/ucp_groups_manage.html +++ b/phpBB/styles/prosilver/template/ucp_groups_manage.html @@ -55,7 +55,7 @@

{L_GROUP_COLOR_EXPLAIN}
-
    [ {L_COLOUR_SWATCH} ]
+
    [ {L_COLOUR_SWATCH} ]
diff --git a/tests/functional/ucp_groups_test.php b/tests/functional/ucp_groups_test.php index d5ac6f697e..7a315c2018 100644 --- a/tests/functional/ucp_groups_test.php +++ b/tests/functional/ucp_groups_test.php @@ -15,15 +15,14 @@ class phpbb_functional_ucp_groups_test extends phpbb_functional_test_case public function groups_manage_test_data() { return array( - array('#AA0000', 'GROUP_UPDATED'), + array('#AA0000', 'WRONG_DATA_COLOUR'), array('AA0000', 'GROUP_UPDATED'), - array('AA0000v', 'COLOUR_INVALID'), - array('vAA0000', 'COLOUR_INVALID'), - array('AAG000', 'COLOUR_INVALID'), - array('#a00', 'GROUP_UPDATED'), - array('ag0', 'COLOUR_INVALID'), - array('#ag0', 'COLOUR_INVALID'), - array('##bcc', 'COLOUR_INVALID'), + array('AA0000v', 'WRONG_DATA_COLOUR'), + array('vAA0000', 'WRONG_DATA_COLOUR'), + array('AAG000','WRONG_DATA_COLOUR'), + array('a00', 'GROUP_UPDATED'), + array('ag0', 'WRONG_DATA_COLOUR'), + array('#aa0', 'WRONG_DATA_COLOUR'), ); } From cbe4a3c3b6a2b21aeff179ee8452fb705d05369b Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Tue, 14 May 2013 22:50:17 +0200 Subject: [PATCH 05/14] [ticket/11538] Add tests for acp group manage page This will currently test if the colour check properly works. PHPBB3-11538 --- tests/functional/acp_groups_test.php | 45 ++++++++++++++++++++++++++++ 1 file changed, 45 insertions(+) create mode 100644 tests/functional/acp_groups_test.php diff --git a/tests/functional/acp_groups_test.php b/tests/functional/acp_groups_test.php new file mode 100644 index 0000000000..152f05c7a7 --- /dev/null +++ b/tests/functional/acp_groups_test.php @@ -0,0 +1,45 @@ +login(); + $this->admin_login(); + $this->add_lang(array('ucp', 'acp/groups')); + + $crawler = $this->request('GET', 'adm/index.php?i=groups&mode=manage&action=edit&g=5&sid=' . $this->sid); + $this->assert_response_success(); + $form = $crawler->selectButton($this->lang('SUBMIT'))->form(); + $form['group_colour']->setValue($input); + $crawler = $this->client->submit($form); + $this->assertContains($this->lang($expected), $crawler->text()); + } +} From 204cdb21640aead9f7560034bb8e686c17707476 Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Wed, 15 May 2013 12:30:05 +0200 Subject: [PATCH 06/14] [ticket/11538] Make sure regex doesn't allow multiple color values This will now make sure that 'AAFF00' will be matched but strings like 'AAFF00 AABB00' will not. PHPBB3-11538 --- phpBB/includes/acp/acp_groups.php | 2 +- phpBB/includes/ucp/ucp_groups.php | 2 +- tests/functional/acp_groups_test.php | 3 +++ tests/functional/ucp_groups_test.php | 3 +++ 4 files changed, 8 insertions(+), 2 deletions(-) diff --git a/phpBB/includes/acp/acp_groups.php b/phpBB/includes/acp/acp_groups.php index 3b0d53d52c..ffbce33667 100644 --- a/phpBB/includes/acp/acp_groups.php +++ b/phpBB/includes/acp/acp_groups.php @@ -423,7 +423,7 @@ class acp_groups } // Validate submitted colour value - if ($colour_error = validate_data($submit_ary, array('colour' => array('match', true, '/^([0-9a-fA-F]{6}|[0-9a-fA-F]{3})\b/')))) + if ($colour_error = validate_data($submit_ary, array('colour' => array('match', true, '/^([0-9a-fA-F]{6}|[0-9a-fA-F]{3})$/')))) { // Replace "error" string with its real, localised form $error = array_merge($error, array_map(array(&$user, 'lang'), $colour_error)); diff --git a/phpBB/includes/ucp/ucp_groups.php b/phpBB/includes/ucp/ucp_groups.php index bf6af8b6f1..58c8d1ae4a 100644 --- a/phpBB/includes/ucp/ucp_groups.php +++ b/phpBB/includes/ucp/ucp_groups.php @@ -596,7 +596,7 @@ class ucp_groups } // Validate submitted colour value - if ($colour_error = validate_data($submit_ary, array('colour' => array('match', true, '/^([0-9a-fA-F]{6}|[0-9a-fA-F]{3})\b/')))) + if ($colour_error = validate_data($submit_ary, array('colour' => array('match', true, '/^([0-9a-fA-F]{6}|[0-9a-fA-F]{3})$/')))) { // Replace "error" string with its real, localised form $error = array_merge($error, array_map(array(&$user, 'lang'), $colour_error)); diff --git a/tests/functional/acp_groups_test.php b/tests/functional/acp_groups_test.php index 152f05c7a7..9a85e9ec67 100644 --- a/tests/functional/acp_groups_test.php +++ b/tests/functional/acp_groups_test.php @@ -23,6 +23,9 @@ class phpbb_functional_acp_groups_test extends phpbb_functional_test_case array('a00', 'GROUP_UPDATED'), array('ag0', 'WRONG_DATA_COLOUR'), array('#aa0', 'WRONG_DATA_COLOUR'), + array('AA0000 ', 'GROUP_UPDATED'), + array('AA0000 abf', 'WRONG_DATA_COLOUR'), + array('AA0000 AA0000', 'WRONG_DATA_COLOUR'), ); } diff --git a/tests/functional/ucp_groups_test.php b/tests/functional/ucp_groups_test.php index 7a315c2018..ae568e8182 100644 --- a/tests/functional/ucp_groups_test.php +++ b/tests/functional/ucp_groups_test.php @@ -23,6 +23,9 @@ class phpbb_functional_ucp_groups_test extends phpbb_functional_test_case array('a00', 'GROUP_UPDATED'), array('ag0', 'WRONG_DATA_COLOUR'), array('#aa0', 'WRONG_DATA_COLOUR'), + array('AA0000 ', 'GROUP_UPDATED'), + array('AA0000 abf', 'WRONG_DATA_COLOUR'), + array('AA0000 AA0000', 'WRONG_DATA_COLOUR'), ); } From 1715619fda2aebd7ebae960e5fcbdf4b24ce4dca Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Thu, 16 May 2013 13:22:43 +0200 Subject: [PATCH 07/14] [ticket/11538] Add function phpbb_validate_colour for validating colours It will be possible to use this function via the validate_data() function interface that has already been used previously. Thus, this new function will extend the capabilities of validate_data() to checking hex color values. PHPBB3-11538 --- phpBB/includes/acp/acp_groups.php | 2 +- phpBB/includes/functions_user.php | 24 +++++++++++++++++++++++- phpBB/includes/ucp/ucp_groups.php | 2 +- 3 files changed, 25 insertions(+), 3 deletions(-) diff --git a/phpBB/includes/acp/acp_groups.php b/phpBB/includes/acp/acp_groups.php index ffbce33667..9a9a723605 100644 --- a/phpBB/includes/acp/acp_groups.php +++ b/phpBB/includes/acp/acp_groups.php @@ -423,7 +423,7 @@ class acp_groups } // Validate submitted colour value - if ($colour_error = validate_data($submit_ary, array('colour' => array('match', true, '/^([0-9a-fA-F]{6}|[0-9a-fA-F]{3})$/')))) + if ($colour_error = validate_data($submit_ary, array('colour' => array('colour')))) { // Replace "error" string with its real, localised form $error = array_merge($error, array_map(array(&$user, 'lang'), $colour_error)); diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php index 5a6a0b4a05..b7fdb7a6ad 100644 --- a/phpBB/includes/functions_user.php +++ b/phpBB/includes/functions_user.php @@ -1247,8 +1247,9 @@ function validate_data($data, $val_ary) { $function = array_shift($validate); array_unshift($validate, $data[$var]); + $function_prefix = (function_exists('phpbb_validate_' . $function)) ? 'phpbb_validate_' : 'validate'; - if ($result = call_user_func_array('validate_' . $function, $validate)) + if ($result = call_user_func_array($function_prefix . $function, $validate)) { // Since errors are checked later for their language file existence, we need to make sure custom errors are not adjusted. $error[] = (empty($user->lang[$result . '_' . strtoupper($var)])) ? $result : $result . '_' . strtoupper($var); @@ -1898,6 +1899,27 @@ function validate_jabber($jid) return false; } +/** +* Validate hex colour value +* +* @param string $colour The hex colour value +* @return bool/string Error message if colour value is incorrect, false if it fits the hex colour code +*/ +function phpbb_validate_colour($colour) +{ + if (empty($colour)) + { + return false; + } + + if (!preg_match('/^([0-9a-fA-F]{6}|[0-9a-fA-F]{3})$/', $colour)) + { + return 'WRONG_DATA'; + } + + return false; +} + /** * Verifies whether a style ID corresponds to an active style. * diff --git a/phpBB/includes/ucp/ucp_groups.php b/phpBB/includes/ucp/ucp_groups.php index 58c8d1ae4a..9d2cf2728d 100644 --- a/phpBB/includes/ucp/ucp_groups.php +++ b/phpBB/includes/ucp/ucp_groups.php @@ -596,7 +596,7 @@ class ucp_groups } // Validate submitted colour value - if ($colour_error = validate_data($submit_ary, array('colour' => array('match', true, '/^([0-9a-fA-F]{6}|[0-9a-fA-F]{3})$/')))) + if ($colour_error = validate_data($submit_ary, array('colour' => array('colour')))) { // Replace "error" string with its real, localised form $error = array_merge($error, array_map(array(&$user, 'lang'), $colour_error)); From 0a5988ec1f3d72afb17b87d6cd74f60b646bae42 Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Fri, 17 May 2013 12:32:09 +0200 Subject: [PATCH 08/14] [ticket/11538] Use abstract class for functional test cases for group colour PHPBB3-11538 --- tests/functional/acp_groups_test.php | 37 +++--------------- tests/functional/common_groups_test.php | 50 +++++++++++++++++++++++++ tests/functional/ucp_groups_test.php | 36 +++--------------- 3 files changed, 60 insertions(+), 63 deletions(-) create mode 100644 tests/functional/common_groups_test.php diff --git a/tests/functional/acp_groups_test.php b/tests/functional/acp_groups_test.php index 9a85e9ec67..8b45bea7a6 100644 --- a/tests/functional/acp_groups_test.php +++ b/tests/functional/acp_groups_test.php @@ -7,42 +7,15 @@ * */ +require_once dirname(__FILE__) . '/common_groups_test.php'; + /** * @group functional */ -class phpbb_functional_acp_groups_test extends phpbb_functional_test_case +class phpbb_functional_acp_groups_test extends phpbb_functional_common_groups_test { - public function groups_manage_test_data() + protected function get_url() { - return array( - array('#AA0000', 'WRONG_DATA_COLOUR'), - array('AA0000', 'GROUP_UPDATED'), - array('AA0000v', 'WRONG_DATA_COLOUR'), - array('vAA0000', 'WRONG_DATA_COLOUR'), - array('AAG000','WRONG_DATA_COLOUR'), - array('a00', 'GROUP_UPDATED'), - array('ag0', 'WRONG_DATA_COLOUR'), - array('#aa0', 'WRONG_DATA_COLOUR'), - array('AA0000 ', 'GROUP_UPDATED'), - array('AA0000 abf', 'WRONG_DATA_COLOUR'), - array('AA0000 AA0000', 'WRONG_DATA_COLOUR'), - ); - } - - /** - * @dataProvider groups_manage_test_data - */ - public function test_groups_manage($input, $expected) - { - $this->login(); - $this->admin_login(); - $this->add_lang(array('ucp', 'acp/groups')); - - $crawler = $this->request('GET', 'adm/index.php?i=groups&mode=manage&action=edit&g=5&sid=' . $this->sid); - $this->assert_response_success(); - $form = $crawler->selectButton($this->lang('SUBMIT'))->form(); - $form['group_colour']->setValue($input); - $crawler = $this->client->submit($form); - $this->assertContains($this->lang($expected), $crawler->text()); + return 'adm/index.php?i=groups&mode=manage&action=edit&g=5'; } } diff --git a/tests/functional/common_groups_test.php b/tests/functional/common_groups_test.php new file mode 100644 index 0000000000..3061bf7510 --- /dev/null +++ b/tests/functional/common_groups_test.php @@ -0,0 +1,50 @@ +login(); + $this->admin_login(); + $this->add_lang(array('ucp', 'acp/groups')); + + $crawler = $this->request('GET', $this->get_url() . '&sid=' . $this->sid); + $this->assert_response_success(); + $form = $crawler->selectButton($this->lang('SUBMIT'))->form(); + $form['group_colour']->setValue($input); + $crawler = $this->client->submit($form); + $this->assertContains($this->lang($expected), $crawler->text()); + } +} diff --git a/tests/functional/ucp_groups_test.php b/tests/functional/ucp_groups_test.php index ae568e8182..8401cfdb09 100644 --- a/tests/functional/ucp_groups_test.php +++ b/tests/functional/ucp_groups_test.php @@ -7,41 +7,15 @@ * */ +require_once dirname(__FILE__) . '/common_groups_test.php'; + /** * @group functional */ -class phpbb_functional_ucp_groups_test extends phpbb_functional_test_case +class phpbb_functional_ucp_groups_test extends phpbb_functional_common_groups_test { - public function groups_manage_test_data() + protected function get_url() { - return array( - array('#AA0000', 'WRONG_DATA_COLOUR'), - array('AA0000', 'GROUP_UPDATED'), - array('AA0000v', 'WRONG_DATA_COLOUR'), - array('vAA0000', 'WRONG_DATA_COLOUR'), - array('AAG000','WRONG_DATA_COLOUR'), - array('a00', 'GROUP_UPDATED'), - array('ag0', 'WRONG_DATA_COLOUR'), - array('#aa0', 'WRONG_DATA_COLOUR'), - array('AA0000 ', 'GROUP_UPDATED'), - array('AA0000 abf', 'WRONG_DATA_COLOUR'), - array('AA0000 AA0000', 'WRONG_DATA_COLOUR'), - ); - } - - /** - * @dataProvider groups_manage_test_data - */ - public function test_groups_manage($input, $expected) - { - $this->login(); - $this->add_lang(array('ucp', 'acp/groups')); - - $crawler = $this->request('GET', 'ucp.php?i=groups&mode=manage&action=edit&g=5&sid=' . $this->sid); - $this->assert_response_success(); - $form = $crawler->selectButton($this->lang('SUBMIT'))->form(); - $form['group_colour']->setValue($input); - $crawler = $this->client->submit($form); - $this->assertContains($this->lang($expected), $crawler->text()); + return 'ucp.php?i=groups&mode=manage&action=edit&g=5'; } } From b49ce5eb3a54a6c256955d3510fe409a6f4511aa Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Sun, 19 May 2013 11:29:11 +0200 Subject: [PATCH 09/14] [ticket/11538] Rename phpbb_validate_colour to phpbb_validate_hex_colour PHPBB3-11538 --- phpBB/includes/acp/acp_groups.php | 2 +- phpBB/includes/functions_user.php | 5 +++-- phpBB/includes/ucp/ucp_groups.php | 2 +- 3 files changed, 5 insertions(+), 4 deletions(-) diff --git a/phpBB/includes/acp/acp_groups.php b/phpBB/includes/acp/acp_groups.php index 9a9a723605..25df9e357e 100644 --- a/phpBB/includes/acp/acp_groups.php +++ b/phpBB/includes/acp/acp_groups.php @@ -423,7 +423,7 @@ class acp_groups } // Validate submitted colour value - if ($colour_error = validate_data($submit_ary, array('colour' => array('colour')))) + if ($colour_error = validate_data($submit_ary, array('colour' => array('hex_colour')))) { // Replace "error" string with its real, localised form $error = array_merge($error, array_map(array(&$user, 'lang'), $colour_error)); diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php index b7fdb7a6ad..f8e1fcaa45 100644 --- a/phpBB/includes/functions_user.php +++ b/phpBB/includes/functions_user.php @@ -1903,9 +1903,10 @@ function validate_jabber($jid) * Validate hex colour value * * @param string $colour The hex colour value -* @return bool/string Error message if colour value is incorrect, false if it fits the hex colour code +* @return bool|string Error message if colour value is incorrect, false if it +* fits the hex colour code */ -function phpbb_validate_colour($colour) +function phpbb_validate_hex_colour($colour) { if (empty($colour)) { diff --git a/phpBB/includes/ucp/ucp_groups.php b/phpBB/includes/ucp/ucp_groups.php index 9d2cf2728d..20a55d8c32 100644 --- a/phpBB/includes/ucp/ucp_groups.php +++ b/phpBB/includes/ucp/ucp_groups.php @@ -596,7 +596,7 @@ class ucp_groups } // Validate submitted colour value - if ($colour_error = validate_data($submit_ary, array('colour' => array('colour')))) + if ($colour_error = validate_data($submit_ary, array('colour' => array('hex_colour')))) { // Replace "error" string with its real, localised form $error = array_merge($error, array_map(array(&$user, 'lang'), $colour_error)); From 373e26ca746699f466e768406b951e6cf09ed284 Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Sun, 19 May 2013 11:38:11 +0200 Subject: [PATCH 10/14] [ticket/11538] Merge calls to validate_data() in acp_groups PHPBB3-11538 --- phpBB/includes/acp/acp_groups.php | 23 ++++++++++++----------- 1 file changed, 12 insertions(+), 11 deletions(-) diff --git a/phpBB/includes/acp/acp_groups.php b/phpBB/includes/acp/acp_groups.php index 25df9e357e..bddad78bf2 100644 --- a/phpBB/includes/acp/acp_groups.php +++ b/phpBB/includes/acp/acp_groups.php @@ -413,20 +413,21 @@ class acp_groups } } - // Validate the length of "Maximum number of allowed recipients per private message" setting. - // We use 16777215 as a maximum because it matches MySQL unsigned mediumint maximum value - // which is the lowest amongst DBMSes supported by phpBB3 - if ($max_recipients_error = validate_data($submit_ary, array('max_recipients' => array('num', false, 0, 16777215)))) - { - // Replace "error" string with its real, localised form - $error = array_merge($error, array_map(array(&$user, 'lang'), $max_recipients_error)); - } + /* + * Validate the length of "Maximum number of allowed recipients per private message" setting. + * We use 16777215 as a maximum because it matches MySQL unsigned mediumint maximum value + * which is the lowest amongst DBMSes supported by phpBB3. + * Also validate the submitted colour value. + */ + $validation_checks = array( + 'max_recipients' => array('num', false, 0, 16777215), + 'colour' => array('hex_colour'), + ); - // Validate submitted colour value - if ($colour_error = validate_data($submit_ary, array('colour' => array('hex_colour')))) + if ($validation_error = validate_data($submit_ary, $validation_checks)) { // Replace "error" string with its real, localised form - $error = array_merge($error, array_map(array(&$user, 'lang'), $colour_error)); + $error = array_merge($error, array_map(array(&$user, 'lang'), $validation_error)); } if (!sizeof($error)) From 8aea2b382dcb57f67704dec5194378d9a76c127e Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Sun, 19 May 2013 11:44:26 +0200 Subject: [PATCH 11/14] [ticket/11538] Move group ID into abstract test class and add more test cases The group ID is defined in the abstract class now and additional test cases for hex colour values have been added. PHPBB3-11538 --- tests/functional/acp_groups_test.php | 2 +- tests/functional/common_groups_test.php | 6 +++++- tests/functional/ucp_groups_test.php | 2 +- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/tests/functional/acp_groups_test.php b/tests/functional/acp_groups_test.php index 8b45bea7a6..3d8cabb086 100644 --- a/tests/functional/acp_groups_test.php +++ b/tests/functional/acp_groups_test.php @@ -16,6 +16,6 @@ class phpbb_functional_acp_groups_test extends phpbb_functional_common_groups_te { protected function get_url() { - return 'adm/index.php?i=groups&mode=manage&action=edit&g=5'; + return 'adm/index.php?i=groups&mode=manage&action=edit'; } } diff --git a/tests/functional/common_groups_test.php b/tests/functional/common_groups_test.php index 3061bf7510..985dbc9220 100644 --- a/tests/functional/common_groups_test.php +++ b/tests/functional/common_groups_test.php @@ -20,6 +20,7 @@ abstract class phpbb_functional_common_groups_test extends phpbb_functional_test array('#AA0000', 'WRONG_DATA_COLOUR'), array('AA0000', 'GROUP_UPDATED'), array('AA0000v', 'WRONG_DATA_COLOUR'), + array('AA00000', 'WRONG_DATA_COLOUR'), array('vAA0000', 'WRONG_DATA_COLOUR'), array('AAG000','WRONG_DATA_COLOUR'), array('a00', 'GROUP_UPDATED'), @@ -28,6 +29,8 @@ abstract class phpbb_functional_common_groups_test extends phpbb_functional_test array('AA0000 ', 'GROUP_UPDATED'), array('AA0000 abf', 'WRONG_DATA_COLOUR'), array('AA0000 AA0000', 'WRONG_DATA_COLOUR'), + array('000 ', 'GROUP_UPDATED'), + array('000000 ', 'GROUP_UPDATED'), ); } @@ -40,7 +43,8 @@ abstract class phpbb_functional_common_groups_test extends phpbb_functional_test $this->admin_login(); $this->add_lang(array('ucp', 'acp/groups')); - $crawler = $this->request('GET', $this->get_url() . '&sid=' . $this->sid); + // Manage Administrators group + $crawler = $this->request('GET', $this->get_url() . '&g=5&sid=' . $this->sid); $this->assert_response_success(); $form = $crawler->selectButton($this->lang('SUBMIT'))->form(); $form['group_colour']->setValue($input); diff --git a/tests/functional/ucp_groups_test.php b/tests/functional/ucp_groups_test.php index 8401cfdb09..9c6b1edc5e 100644 --- a/tests/functional/ucp_groups_test.php +++ b/tests/functional/ucp_groups_test.php @@ -16,6 +16,6 @@ class phpbb_functional_ucp_groups_test extends phpbb_functional_common_groups_te { protected function get_url() { - return 'ucp.php?i=groups&mode=manage&action=edit&g=5'; + return 'ucp.php?i=groups&mode=manage&action=edit'; } } From 7898dd945966232060bf4ff39a31b319f4962ae1 Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Sun, 19 May 2013 15:13:37 +0200 Subject: [PATCH 12/14] [ticket/11538] Limit comment in acp_groups to 80 characters per line PHPBB3-11538 --- phpBB/includes/acp/acp_groups.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/phpBB/includes/acp/acp_groups.php b/phpBB/includes/acp/acp_groups.php index bddad78bf2..089fe4baa1 100644 --- a/phpBB/includes/acp/acp_groups.php +++ b/phpBB/includes/acp/acp_groups.php @@ -414,10 +414,10 @@ class acp_groups } /* - * Validate the length of "Maximum number of allowed recipients per private message" setting. - * We use 16777215 as a maximum because it matches MySQL unsigned mediumint maximum value - * which is the lowest amongst DBMSes supported by phpBB3. - * Also validate the submitted colour value. + * Validate the length of "Maximum number of allowed recipients per + * private message" setting. We use 16777215 as a maximum because it matches + * MySQL unsigned mediumint maximum value which is the lowest amongst DBMSes + * supported by phpBB3. Also validate the submitted colour value. */ $validation_checks = array( 'max_recipients' => array('num', false, 0, 16777215), From e49b4543de7c18df7e9b5c70ef5064cc4de9934a Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Sun, 19 May 2013 15:17:47 +0200 Subject: [PATCH 13/14] [ticket/11538] Modify test colour values PHPBB3-11538 --- tests/functional/common_groups_test.php | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/tests/functional/common_groups_test.php b/tests/functional/common_groups_test.php index 985dbc9220..02a538d46e 100644 --- a/tests/functional/common_groups_test.php +++ b/tests/functional/common_groups_test.php @@ -29,8 +29,9 @@ abstract class phpbb_functional_common_groups_test extends phpbb_functional_test array('AA0000 ', 'GROUP_UPDATED'), array('AA0000 abf', 'WRONG_DATA_COLOUR'), array('AA0000 AA0000', 'WRONG_DATA_COLOUR'), - array('000 ', 'GROUP_UPDATED'), - array('000000 ', 'GROUP_UPDATED'), + array('', 'GROUP_UPDATED'), + array('000', 'GROUP_UPDATED'), + array('000000', 'GROUP_UPDATED'), ); } From cd1da92d8540d6b4aa0fa1ccf2bcafe68007288a Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Sun, 19 May 2013 17:45:45 +0200 Subject: [PATCH 14/14] [ticket/11538] Add optional switch as argument to hex colour validation The value of $optional will decide whether an empty string will be treated as incorrect input or if it is allowed. The optional argument will default to false and therefore treat an empty string as incorrect unless explicitly told to not do so. PHPBB3-11538 --- phpBB/includes/acp/acp_groups.php | 2 +- phpBB/includes/functions_user.php | 8 +++++--- phpBB/includes/ucp/ucp_groups.php | 2 +- 3 files changed, 7 insertions(+), 5 deletions(-) diff --git a/phpBB/includes/acp/acp_groups.php b/phpBB/includes/acp/acp_groups.php index 089fe4baa1..83c355540e 100644 --- a/phpBB/includes/acp/acp_groups.php +++ b/phpBB/includes/acp/acp_groups.php @@ -421,7 +421,7 @@ class acp_groups */ $validation_checks = array( 'max_recipients' => array('num', false, 0, 16777215), - 'colour' => array('hex_colour'), + 'colour' => array('hex_colour', true), ); if ($validation_error = validate_data($submit_ary, $validation_checks)) diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php index f8e1fcaa45..61972c3876 100644 --- a/phpBB/includes/functions_user.php +++ b/phpBB/includes/functions_user.php @@ -1903,14 +1903,16 @@ function validate_jabber($jid) * Validate hex colour value * * @param string $colour The hex colour value -* @return bool|string Error message if colour value is incorrect, false if it +* @param bool $optional Whether the colour value is optional. True if an empty +* string will be accepted as correct input, false if not. +* @return bool|string Error message if colour value is incorrect, false if it * fits the hex colour code */ -function phpbb_validate_hex_colour($colour) +function phpbb_validate_hex_colour($colour, $optional = false) { if (empty($colour)) { - return false; + return (($optional) ? false : 'WRONG_DATA'); } if (!preg_match('/^([0-9a-fA-F]{6}|[0-9a-fA-F]{3})$/', $colour)) diff --git a/phpBB/includes/ucp/ucp_groups.php b/phpBB/includes/ucp/ucp_groups.php index 20a55d8c32..9365913541 100644 --- a/phpBB/includes/ucp/ucp_groups.php +++ b/phpBB/includes/ucp/ucp_groups.php @@ -596,7 +596,7 @@ class ucp_groups } // Validate submitted colour value - if ($colour_error = validate_data($submit_ary, array('colour' => array('hex_colour')))) + if ($colour_error = validate_data($submit_ary, array('colour' => array('hex_colour', true)))) { // Replace "error" string with its real, localised form $error = array_merge($error, array_map(array(&$user, 'lang'), $colour_error));