From 70c289fef0f80f12418df326678000119e228d95 Mon Sep 17 00:00:00 2001 From: 3D-I <480857+3D-I@users.noreply.github.com> Date: Tue, 21 Jul 2020 01:59:19 +0200 Subject: [PATCH 1/8] [ticket/16550] Fix undefined variable url in PMs [3.2.x] PHPBB3-16550 --- phpBB/includes/functions_privmsgs.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/phpBB/includes/functions_privmsgs.php b/phpBB/includes/functions_privmsgs.php index bd42f93a39..0aceeb90e1 100644 --- a/phpBB/includes/functions_privmsgs.php +++ b/phpBB/includes/functions_privmsgs.php @@ -2046,6 +2046,8 @@ function message_history($msg_id, $user_id, $message_row, $folder, $in_post_mode while ($row = $db->sql_fetchrow($result)); $db->sql_freeresult($result); + $url = append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=pm'); + /** * Modify message rows before displaying the history in private messages * @@ -2080,7 +2082,6 @@ function message_history($msg_id, $user_id, $message_row, $folder, $in_post_mode $title = censor_text($title); - $url = append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=pm'); $next_history_pm = $previous_history_pm = $prev_id = 0; // Re-order rowset to be able to get the next/prev message rows... From d0197a94fb4e61855bd11053398a4250aa2dfbcb Mon Sep 17 00:00:00 2001 From: rxu Date: Sat, 27 Jun 2020 20:26:12 +0700 Subject: [PATCH 2/8] [ticket/16539] Fix general SQL error for smilies mode on posting PHPBB3-16539 --- phpBB/includes/functions_posting.php | 2 +- tests/functional/smilies_test.php | 47 ++++++++++++++++++++++++++++ 2 files changed, 48 insertions(+), 1 deletion(-) create mode 100644 tests/functional/smilies_test.php diff --git a/phpBB/includes/functions_posting.php b/phpBB/includes/functions_posting.php index 39fc52c29c..4f70a9932d 100644 --- a/phpBB/includes/functions_posting.php +++ b/phpBB/includes/functions_posting.php @@ -118,7 +118,7 @@ function generate_smilies($mode, $forum_id) SMILIES_TABLE => 's', ], 'GROUP_BY' => 's.smiley_url, s.smiley_width, s.smiley_height', - 'ORDER_BY' => 's.min_smiley_order', + 'ORDER_BY' => 'min_smiley_order', ]; } else diff --git a/tests/functional/smilies_test.php b/tests/functional/smilies_test.php new file mode 100644 index 0000000000..f17171bd1f --- /dev/null +++ b/tests/functional/smilies_test.php @@ -0,0 +1,47 @@ + +* @license GNU General Public License, version 2 (GPL-2.0) +* +* For full copyright and license information, please see +* the docs/CREDITS.txt file. +* +*/ + +/** +* @group functional +*/ +class phpbb_functional_smilies_test extends phpbb_functional_test_case +{ + public function test_smilies_mode() + { + $this->login(); + + // Get smilies data + $db = $this->get_db(); + $sql_ary = [ + 'SELECT' => 's.smiley_url, MIN(s.emotion) AS emotion, MIN(s.code) AS code, s.smiley_width, s.smiley_height, MIN(s.smiley_order) AS min_smiley_order', + 'FROM' => [ + SMILIES_TABLE => 's', + ], + 'GROUP_BY' => 's.smiley_url, s.smiley_width, s.smiley_height', + 'ORDER_BY' => 'min_smiley_order', + ]; + $sql = $db->sql_build_query('SELECT', $sql_ary); + $result = $db->sql_query($sql); + $smilies = $db->sql_fetchrowset($result); + $db->sql_freeresult($result); + + // Visit smilies page + $crawler = self::request('GET', 'posting.php?mode=smilies'); + foreach ($smilies as $index => $smiley) + { + $this->assertContains($smiley['smiley_url'], + $crawler->filter('div[class="inner"] > a > img')->eq($index)->attr('src') + ); + } + } +} From acd824d4324c4bee00e8aa1c2cb4c0c7123ed900 Mon Sep 17 00:00:00 2001 From: rxu Date: Wed, 10 Jun 2020 17:41:59 +0700 Subject: [PATCH 3/8] [ticket/16524] Filter out-of-bounds UTF8 characters for profile fields PHPBB3-16524 --- .../container/services_profilefield.yml | 3 +++ phpBB/phpbb/profilefields/manager.php | 11 ++++++++++ .../phpbb/profilefields/type/type_string.php | 21 ++++++++++++++++++- phpBB/phpbb/profilefields/type/type_text.php | 21 ++++++++++++++++++- tests/profilefields/type_string_test.php | 2 ++ tests/profilefields/type_url_test.php | 2 ++ 6 files changed, 58 insertions(+), 2 deletions(-) diff --git a/phpBB/config/default/container/services_profilefield.yml b/phpBB/config/default/container/services_profilefield.yml index ebbd3fbf8e..c0ef5ec7e4 100644 --- a/phpBB/config/default/container/services_profilefield.yml +++ b/phpBB/config/default/container/services_profilefield.yml @@ -82,6 +82,7 @@ services: profilefields.type.string: class: phpbb\profilefields\type\type_string arguments: + - '@auth' - '@request' - '@template' - '@user' @@ -91,6 +92,7 @@ services: profilefields.type.text: class: phpbb\profilefields\type\type_text arguments: + - '@auth' - '@request' - '@template' - '@user' @@ -100,6 +102,7 @@ services: profilefields.type.url: class: phpbb\profilefields\type\type_url arguments: + - '@auth' - '@request' - '@template' - '@user' diff --git a/phpBB/phpbb/profilefields/manager.php b/phpBB/phpbb/profilefields/manager.php index 5daa61076c..5784a1212a 100644 --- a/phpBB/phpbb/profilefields/manager.php +++ b/phpBB/phpbb/profilefields/manager.php @@ -254,6 +254,17 @@ class manager /** @var \phpbb\profilefields\type\type_interface $profile_field */ $profile_field = $this->type_collection[$row['field_type']]; $cp_data['pf_' . $row['field_ident']] = $profile_field->get_profile_field($row); + + /** + * Replace Emojis and other 4bit UTF-8 chars not allowed by MySQL with UCR/NCR + * using their Numeric Character Reference's Hexadecimal notation. + * Check the permissions for using Emojis first. + */ + if ($this->auth->acl_get('u_emoji')) + { + $cp_data['pf_' . $row['field_ident']] = utf8_encode_ucr($cp_data['pf_' . $row['field_ident']]); + } + $check_value = $cp_data['pf_' . $row['field_ident']]; if (($cp_result = $profile_field->validate_profile_field($check_value, $row)) !== false) diff --git a/phpBB/phpbb/profilefields/type/type_string.php b/phpBB/phpbb/profilefields/type/type_string.php index 8710c8c603..289d78228a 100644 --- a/phpBB/phpbb/profilefields/type/type_string.php +++ b/phpBB/phpbb/profilefields/type/type_string.php @@ -15,6 +15,12 @@ namespace phpbb\profilefields\type; class type_string extends type_string_common { + /** + * Auth object + * @var \phpbb\auth\auth + */ + protected $auth; + /** * Request object * @var \phpbb\request\request @@ -36,12 +42,14 @@ class type_string extends type_string_common /** * Construct * + * @param \phpbb\auth\auth $auth Auth object * @param \phpbb\request\request $request Request object * @param \phpbb\template\template $template Template object * @param \phpbb\user $user User object */ - public function __construct(\phpbb\request\request $request, \phpbb\template\template $template, \phpbb\user $user) + public function __construct(\phpbb\auth\auth $auth, \phpbb\request\request $request, \phpbb\template\template $template, \phpbb\user $user) { + $this->auth = $auth; $this->request = $request; $this->template = $template; $this->user = $user; @@ -99,6 +107,17 @@ class type_string extends type_string_common */ public function validate_profile_field(&$field_value, $field_data) { + /** + * Check for out-of-bounds characters that are currently + * not supported by utf8_bin in MySQL if Emoji is not allowed + */ + if (!$this->auth->acl_get('u_emoji')) + { + if (preg_match_all('/[\x{10000}-\x{10FFFF}]/u', $field_value)) + { + return $this->user->lang('FIELD_INVALID_CHARS_INVALID', $this->get_field_name($field_data['lang_name'])); + } + } return $this->validate_string_profile_field('string', $field_value, $field_data); } diff --git a/phpBB/phpbb/profilefields/type/type_text.php b/phpBB/phpbb/profilefields/type/type_text.php index 79ee82351a..a2e2167ac5 100644 --- a/phpBB/phpbb/profilefields/type/type_text.php +++ b/phpBB/phpbb/profilefields/type/type_text.php @@ -15,6 +15,12 @@ namespace phpbb\profilefields\type; class type_text extends type_string_common { + /** + * Auth object + * @var \phpbb\auth\auth + */ + protected $auth; + /** * Request object * @var \phpbb\request\request @@ -36,12 +42,14 @@ class type_text extends type_string_common /** * Construct * + * @param \phpbb\auth\auth $auth Auth object * @param \phpbb\request\request $request Request object * @param \phpbb\template\template $template Template object * @param \phpbb\user $user User object */ - public function __construct(\phpbb\request\request $request, \phpbb\template\template $template, \phpbb\user $user) + public function __construct(\phpbb\auth\auth $auth, \phpbb\request\request $request, \phpbb\template\template $template, \phpbb\user $user) { + $this->auth = $auth; $this->request = $request; $this->template = $template; $this->user = $user; @@ -99,6 +107,17 @@ class type_text extends type_string_common */ public function validate_profile_field(&$field_value, $field_data) { + /** + * Check for out-of-bounds characters that are currently + * not supported by utf8_bin in MySQL if Emoji is not allowed + */ + if (!$this->auth->acl_get('u_emoji')) + { + if (preg_match_all('/[\x{10000}-\x{10FFFF}]/u', $field_value)) + { + return $this->user->lang('FIELD_INVALID_CHARS_INVALID', $this->get_field_name($field_data['lang_name'])); + } + } return $this->validate_string_profile_field('text', $field_value, $field_data); } diff --git a/tests/profilefields/type_string_test.php b/tests/profilefields/type_string_test.php index 54bb406838..d7ad16895d 100644 --- a/tests/profilefields/type_string_test.php +++ b/tests/profilefields/type_string_test.php @@ -26,6 +26,7 @@ class phpbb_profilefield_type_string_test extends phpbb_test_case { global $config, $request, $user, $cache, $phpbb_root_path, $phpEx; + $auth = new \phpbb\auth\auth(); $user = $this->getMock('\phpbb\user', array(), array( new \phpbb\language\language(new \phpbb\language\language_file_loader($phpbb_root_path, $phpEx)), '\phpbb\datetime' @@ -40,6 +41,7 @@ class phpbb_profilefield_type_string_test extends phpbb_test_case $template = $this->getMock('\phpbb\template\template'); $this->cp = new \phpbb\profilefields\type\type_string( + $auth, $request, $template, $user diff --git a/tests/profilefields/type_url_test.php b/tests/profilefields/type_url_test.php index 3bb5d52899..f592d1099d 100644 --- a/tests/profilefields/type_url_test.php +++ b/tests/profilefields/type_url_test.php @@ -30,6 +30,7 @@ class phpbb_profilefield_type_url_test extends phpbb_test_case { global $config, $request, $user, $cache, $phpbb_root_path, $phpEx; + $auth = new \phpbb\auth\auth(); $config = new \phpbb\config\config([]); $cache = new phpbb_mock_cache; $user = $this->getMock('\phpbb\user', array(), array( @@ -44,6 +45,7 @@ class phpbb_profilefield_type_url_test extends phpbb_test_case $template = $this->getMock('\phpbb\template\template'); $this->cp = new \phpbb\profilefields\type\type_url( + $auth, $request, $template, $user From ab3d8ade7235968eb2e56dd47cc9b2af49948e36 Mon Sep 17 00:00:00 2001 From: rxu Date: Wed, 10 Jun 2020 18:37:13 +0700 Subject: [PATCH 4/8] [ticket/16524] Add test PHPBB3-16524 --- tests/functional/ucp_profile_test.php | 85 +++++++++++++++++++++++++++ 1 file changed, 85 insertions(+) diff --git a/tests/functional/ucp_profile_test.php b/tests/functional/ucp_profile_test.php index e7abba9255..c9f335a052 100644 --- a/tests/functional/ucp_profile_test.php +++ b/tests/functional/ucp_profile_test.php @@ -46,4 +46,89 @@ class phpbb_functional_ucp_profile_test extends phpbb_functional_test_case $this->assertEquals('phpbb_twitter', $form->get('pf_phpbb_twitter')->getValue()); $this->assertEquals('phpbb.youtube', $form->get('pf_phpbb_youtube')->getValue()); } + + public function test_submitting_emoji_allowed() + { + $this->add_lang('ucp'); + $this->login(); + + $crawler = self::request('GET', 'ucp.php?i=ucp_profile&mode=profile_info'); + $this->assertContainsLang('UCP_PROFILE_PROFILE_INFO', $crawler->filter('#cp-main h2')->text()); + + $form = $crawler->selectButton('Submit')->form([ + 'pf_phpbb_location' => '๐Ÿ˜', // grinning face with smiling eyes Emoji + ]); + $crawler = self::submit($form); + $this->assertContainsLang('PROFILE_UPDATED', $crawler->filter('#message')->text()); + + $crawler = self::request('GET', 'ucp.php?i=ucp_profile&mode=profile_info'); + $form = $crawler->selectButton('Submit')->form(); + $this->assertEquals('๐Ÿ˜', $form->get('pf_phpbb_location')->getValue()); + } + + public function test_submitting_emoji_disallowed() + { + $this->add_lang(['ucp', 'acp/permissions']); + $this->login(); + $this->admin_login(); + + // Group global permissions + $crawler = self::request('GET', 'adm/index.php?i=acp_permissions&icat=16&mode=setting_group_global&sid=' . $this->sid); + $this->assertContainsLang('ACP_GROUPS_PERMISSIONS_EXPLAIN', $this->get_content()); + + // Select Registered users group + $form = $crawler->selectButton($this->lang('SUBMIT'))->form(['group_id' => [2]]); + $crawler = self::submit($form); + $this->assertContainsLang('ACL_SET', $crawler->filter('h1')->eq(1)->text()); + + // Globals for \phpbb\auth\auth + global $db, $cache; + $db = $this->get_db(); + $cache = new phpbb_mock_null_cache; + + $auth = new \phpbb\auth\auth; + // Hardcoded user_id + $user_data = $auth->obtain_user_data(2); + $auth->acl($user_data); + $this->assertEquals(1, $auth->acl_get('u_emoji')); + + // Set u_emoji to never + $form = $crawler->selectButton($this->lang('APPLY_PERMISSIONS'))->form(['setting[2][0][u_emoji]' => '0']); + $crawler = self::submit($form); + $this->assertContainsLang('AUTH_UPDATED', $crawler->text()); + + // check acl again + $auth = new \phpbb\auth\auth; + $user_data = $auth->obtain_user_data(2); + $auth->acl($user_data); + $this->assertEquals(0, $auth->acl_get('u_emoji')); + + $crawler = self::request('GET', 'ucp.php?i=ucp_profile&mode=profile_info'); + $this->assertContainsLang('UCP_PROFILE_PROFILE_INFO', $crawler->filter('#cp-main h2')->text()); + + $form = $crawler->selectButton('Submit')->form([ + 'pf_phpbb_location' => '๐Ÿ˜', // grinning face with smiling eyes Emoji + ]); + + $crawler = self::submit($form); + $this->assertContains('The field โ€œLocationโ€ has invalid characters.', $crawler->filter('p[class="error"]')->text()); + + // Set u_emoji back to Yes + $crawler = self::request('GET', 'adm/index.php?i=acp_permissions&icat=16&mode=setting_group_global&sid=' . $this->sid); + $this->assertContainsLang('ACP_GROUPS_PERMISSIONS_EXPLAIN', $this->get_content()); + // Select Registered users group + $form = $crawler->selectButton($this->lang('SUBMIT'))->form(['group_id' => [2]]); + $crawler = self::submit($form); + $this->assertContainsLang('ACL_SET', $crawler->filter('h1')->eq(1)->text()); + // Set u_emoji to never + $form = $crawler->selectButton($this->lang('APPLY_PERMISSIONS'))->form(["setting[2][0][u_emoji]" => '1']); + $crawler = self::submit($form); + $this->assertContainsLang('AUTH_UPDATED', $crawler->text()); + + // check acl again + $auth = new \phpbb\auth\auth; + $user_data = $auth->obtain_user_data(2); + $auth->acl($user_data); + $this->assertEquals(1, $auth->acl_get('u_emoji')); + } } From 0ba0a9cbd310bfbf00fc5571c47119b725dd952c Mon Sep 17 00:00:00 2001 From: rxu Date: Wed, 10 Jun 2020 22:08:29 +0700 Subject: [PATCH 5/8] [ticket/16524] Adjust u_emoji permission language entry PHPBB3-16524 --- phpBB/language/en/acp/permissions_phpbb.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/phpBB/language/en/acp/permissions_phpbb.php b/phpBB/language/en/acp/permissions_phpbb.php index ab8939932b..395a2d7c7f 100644 --- a/phpBB/language/en/acp/permissions_phpbb.php +++ b/phpBB/language/en/acp/permissions_phpbb.php @@ -79,7 +79,7 @@ $lang = array_merge($lang, array( 'ACL_U_SAVEDRAFTS' => 'Can save drafts', 'ACL_U_CHGCENSORS' => 'Can disable word censors', 'ACL_U_SIG' => 'Can use signature', - 'ACL_U_EMOJI' => 'Can use emoji and rich text characters in topic title', + 'ACL_U_EMOJI' => 'Can use emoji and rich text characters in topic title
This setting also affects profile fields.', 'ACL_U_SENDPM' => 'Can send private messages', 'ACL_U_MASSPM' => 'Can send private messages to multiple users', From b1c6b3bc9424ffb876b35b9f89d5789daa2efa7f Mon Sep 17 00:00:00 2001 From: rxu Date: Wed, 10 Jun 2020 23:23:59 +0700 Subject: [PATCH 6/8] [ticket/16524] Minor code adjustments PHPBB3-16524 --- phpBB/language/en/acp/permissions_phpbb.php | 2 +- phpBB/phpbb/profilefields/type/type_string.php | 2 +- phpBB/phpbb/profilefields/type/type_text.php | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/phpBB/language/en/acp/permissions_phpbb.php b/phpBB/language/en/acp/permissions_phpbb.php index 395a2d7c7f..27c4c7e9ef 100644 --- a/phpBB/language/en/acp/permissions_phpbb.php +++ b/phpBB/language/en/acp/permissions_phpbb.php @@ -79,7 +79,7 @@ $lang = array_merge($lang, array( 'ACL_U_SAVEDRAFTS' => 'Can save drafts', 'ACL_U_CHGCENSORS' => 'Can disable word censors', 'ACL_U_SIG' => 'Can use signature', - 'ACL_U_EMOJI' => 'Can use emoji and rich text characters in topic title
This setting also affects profile fields.', + 'ACL_U_EMOJI' => 'Can use emoji and rich text characters in topic title
This setting also affects profile fields.', 'ACL_U_SENDPM' => 'Can send private messages', 'ACL_U_MASSPM' => 'Can send private messages to multiple users', diff --git a/phpBB/phpbb/profilefields/type/type_string.php b/phpBB/phpbb/profilefields/type/type_string.php index 289d78228a..382f66c12a 100644 --- a/phpBB/phpbb/profilefields/type/type_string.php +++ b/phpBB/phpbb/profilefields/type/type_string.php @@ -109,7 +109,7 @@ class type_string extends type_string_common { /** * Check for out-of-bounds characters that are currently - * not supported by utf8_bin in MySQL if Emoji is not allowed + * not supported by utf8_bin in MySQL if Emoji are not allowed */ if (!$this->auth->acl_get('u_emoji')) { diff --git a/phpBB/phpbb/profilefields/type/type_text.php b/phpBB/phpbb/profilefields/type/type_text.php index a2e2167ac5..3b58d6b3e5 100644 --- a/phpBB/phpbb/profilefields/type/type_text.php +++ b/phpBB/phpbb/profilefields/type/type_text.php @@ -109,7 +109,7 @@ class type_text extends type_string_common { /** * Check for out-of-bounds characters that are currently - * not supported by utf8_bin in MySQL if Emoji is not allowed + * not supported by utf8_bin in MySQL if Emoji are not allowed */ if (!$this->auth->acl_get('u_emoji')) { From befab4f3c10bc7899d4bd039777b0365a0782434 Mon Sep 17 00:00:00 2001 From: rxu Date: Fri, 19 Jun 2020 17:22:34 +0700 Subject: [PATCH 7/8] [ticket/16524] Remove u_emoji permission checks PHPBB3-16524 --- .../container/services_profilefield.yml | 3 - phpBB/language/en/acp/permissions_phpbb.php | 2 +- phpBB/phpbb/profilefields/manager.php | 10 +-- .../phpbb/profilefields/type/type_string.php | 21 +----- phpBB/phpbb/profilefields/type/type_text.php | 21 +----- tests/functional/ucp_profile_test.php | 68 +------------------ tests/profilefields/type_string_test.php | 2 - tests/profilefields/type_url_test.php | 2 - 8 files changed, 7 insertions(+), 122 deletions(-) diff --git a/phpBB/config/default/container/services_profilefield.yml b/phpBB/config/default/container/services_profilefield.yml index c0ef5ec7e4..ebbd3fbf8e 100644 --- a/phpBB/config/default/container/services_profilefield.yml +++ b/phpBB/config/default/container/services_profilefield.yml @@ -82,7 +82,6 @@ services: profilefields.type.string: class: phpbb\profilefields\type\type_string arguments: - - '@auth' - '@request' - '@template' - '@user' @@ -92,7 +91,6 @@ services: profilefields.type.text: class: phpbb\profilefields\type\type_text arguments: - - '@auth' - '@request' - '@template' - '@user' @@ -102,7 +100,6 @@ services: profilefields.type.url: class: phpbb\profilefields\type\type_url arguments: - - '@auth' - '@request' - '@template' - '@user' diff --git a/phpBB/language/en/acp/permissions_phpbb.php b/phpBB/language/en/acp/permissions_phpbb.php index 27c4c7e9ef..ab8939932b 100644 --- a/phpBB/language/en/acp/permissions_phpbb.php +++ b/phpBB/language/en/acp/permissions_phpbb.php @@ -79,7 +79,7 @@ $lang = array_merge($lang, array( 'ACL_U_SAVEDRAFTS' => 'Can save drafts', 'ACL_U_CHGCENSORS' => 'Can disable word censors', 'ACL_U_SIG' => 'Can use signature', - 'ACL_U_EMOJI' => 'Can use emoji and rich text characters in topic title
This setting also affects profile fields.', + 'ACL_U_EMOJI' => 'Can use emoji and rich text characters in topic title', 'ACL_U_SENDPM' => 'Can send private messages', 'ACL_U_MASSPM' => 'Can send private messages to multiple users', diff --git a/phpBB/phpbb/profilefields/manager.php b/phpBB/phpbb/profilefields/manager.php index 5784a1212a..8af2fe12ad 100644 --- a/phpBB/phpbb/profilefields/manager.php +++ b/phpBB/phpbb/profilefields/manager.php @@ -256,14 +256,10 @@ class manager $cp_data['pf_' . $row['field_ident']] = $profile_field->get_profile_field($row); /** - * Replace Emojis and other 4bit UTF-8 chars not allowed by MySQL with UCR/NCR - * using their Numeric Character Reference's Hexadecimal notation. - * Check the permissions for using Emojis first. + * Replace Emoji and other 4bit UTF-8 chars not allowed by MySQL + * with their Numeric Character Reference's Hexadecimal notation. */ - if ($this->auth->acl_get('u_emoji')) - { - $cp_data['pf_' . $row['field_ident']] = utf8_encode_ucr($cp_data['pf_' . $row['field_ident']]); - } + $cp_data['pf_' . $row['field_ident']] = utf8_encode_ucr($cp_data['pf_' . $row['field_ident']]); $check_value = $cp_data['pf_' . $row['field_ident']]; diff --git a/phpBB/phpbb/profilefields/type/type_string.php b/phpBB/phpbb/profilefields/type/type_string.php index 382f66c12a..8710c8c603 100644 --- a/phpBB/phpbb/profilefields/type/type_string.php +++ b/phpBB/phpbb/profilefields/type/type_string.php @@ -15,12 +15,6 @@ namespace phpbb\profilefields\type; class type_string extends type_string_common { - /** - * Auth object - * @var \phpbb\auth\auth - */ - protected $auth; - /** * Request object * @var \phpbb\request\request @@ -42,14 +36,12 @@ class type_string extends type_string_common /** * Construct * - * @param \phpbb\auth\auth $auth Auth object * @param \phpbb\request\request $request Request object * @param \phpbb\template\template $template Template object * @param \phpbb\user $user User object */ - public function __construct(\phpbb\auth\auth $auth, \phpbb\request\request $request, \phpbb\template\template $template, \phpbb\user $user) + public function __construct(\phpbb\request\request $request, \phpbb\template\template $template, \phpbb\user $user) { - $this->auth = $auth; $this->request = $request; $this->template = $template; $this->user = $user; @@ -107,17 +99,6 @@ class type_string extends type_string_common */ public function validate_profile_field(&$field_value, $field_data) { - /** - * Check for out-of-bounds characters that are currently - * not supported by utf8_bin in MySQL if Emoji are not allowed - */ - if (!$this->auth->acl_get('u_emoji')) - { - if (preg_match_all('/[\x{10000}-\x{10FFFF}]/u', $field_value)) - { - return $this->user->lang('FIELD_INVALID_CHARS_INVALID', $this->get_field_name($field_data['lang_name'])); - } - } return $this->validate_string_profile_field('string', $field_value, $field_data); } diff --git a/phpBB/phpbb/profilefields/type/type_text.php b/phpBB/phpbb/profilefields/type/type_text.php index 3b58d6b3e5..79ee82351a 100644 --- a/phpBB/phpbb/profilefields/type/type_text.php +++ b/phpBB/phpbb/profilefields/type/type_text.php @@ -15,12 +15,6 @@ namespace phpbb\profilefields\type; class type_text extends type_string_common { - /** - * Auth object - * @var \phpbb\auth\auth - */ - protected $auth; - /** * Request object * @var \phpbb\request\request @@ -42,14 +36,12 @@ class type_text extends type_string_common /** * Construct * - * @param \phpbb\auth\auth $auth Auth object * @param \phpbb\request\request $request Request object * @param \phpbb\template\template $template Template object * @param \phpbb\user $user User object */ - public function __construct(\phpbb\auth\auth $auth, \phpbb\request\request $request, \phpbb\template\template $template, \phpbb\user $user) + public function __construct(\phpbb\request\request $request, \phpbb\template\template $template, \phpbb\user $user) { - $this->auth = $auth; $this->request = $request; $this->template = $template; $this->user = $user; @@ -107,17 +99,6 @@ class type_text extends type_string_common */ public function validate_profile_field(&$field_value, $field_data) { - /** - * Check for out-of-bounds characters that are currently - * not supported by utf8_bin in MySQL if Emoji are not allowed - */ - if (!$this->auth->acl_get('u_emoji')) - { - if (preg_match_all('/[\x{10000}-\x{10FFFF}]/u', $field_value)) - { - return $this->user->lang('FIELD_INVALID_CHARS_INVALID', $this->get_field_name($field_data['lang_name'])); - } - } return $this->validate_string_profile_field('text', $field_value, $field_data); } diff --git a/tests/functional/ucp_profile_test.php b/tests/functional/ucp_profile_test.php index c9f335a052..60e455e980 100644 --- a/tests/functional/ucp_profile_test.php +++ b/tests/functional/ucp_profile_test.php @@ -47,7 +47,7 @@ class phpbb_functional_ucp_profile_test extends phpbb_functional_test_case $this->assertEquals('phpbb.youtube', $form->get('pf_phpbb_youtube')->getValue()); } - public function test_submitting_emoji_allowed() + public function test_submitting_emoji() { $this->add_lang('ucp'); $this->login(); @@ -65,70 +65,4 @@ class phpbb_functional_ucp_profile_test extends phpbb_functional_test_case $form = $crawler->selectButton('Submit')->form(); $this->assertEquals('๐Ÿ˜', $form->get('pf_phpbb_location')->getValue()); } - - public function test_submitting_emoji_disallowed() - { - $this->add_lang(['ucp', 'acp/permissions']); - $this->login(); - $this->admin_login(); - - // Group global permissions - $crawler = self::request('GET', 'adm/index.php?i=acp_permissions&icat=16&mode=setting_group_global&sid=' . $this->sid); - $this->assertContainsLang('ACP_GROUPS_PERMISSIONS_EXPLAIN', $this->get_content()); - - // Select Registered users group - $form = $crawler->selectButton($this->lang('SUBMIT'))->form(['group_id' => [2]]); - $crawler = self::submit($form); - $this->assertContainsLang('ACL_SET', $crawler->filter('h1')->eq(1)->text()); - - // Globals for \phpbb\auth\auth - global $db, $cache; - $db = $this->get_db(); - $cache = new phpbb_mock_null_cache; - - $auth = new \phpbb\auth\auth; - // Hardcoded user_id - $user_data = $auth->obtain_user_data(2); - $auth->acl($user_data); - $this->assertEquals(1, $auth->acl_get('u_emoji')); - - // Set u_emoji to never - $form = $crawler->selectButton($this->lang('APPLY_PERMISSIONS'))->form(['setting[2][0][u_emoji]' => '0']); - $crawler = self::submit($form); - $this->assertContainsLang('AUTH_UPDATED', $crawler->text()); - - // check acl again - $auth = new \phpbb\auth\auth; - $user_data = $auth->obtain_user_data(2); - $auth->acl($user_data); - $this->assertEquals(0, $auth->acl_get('u_emoji')); - - $crawler = self::request('GET', 'ucp.php?i=ucp_profile&mode=profile_info'); - $this->assertContainsLang('UCP_PROFILE_PROFILE_INFO', $crawler->filter('#cp-main h2')->text()); - - $form = $crawler->selectButton('Submit')->form([ - 'pf_phpbb_location' => '๐Ÿ˜', // grinning face with smiling eyes Emoji - ]); - - $crawler = self::submit($form); - $this->assertContains('The field โ€œLocationโ€ has invalid characters.', $crawler->filter('p[class="error"]')->text()); - - // Set u_emoji back to Yes - $crawler = self::request('GET', 'adm/index.php?i=acp_permissions&icat=16&mode=setting_group_global&sid=' . $this->sid); - $this->assertContainsLang('ACP_GROUPS_PERMISSIONS_EXPLAIN', $this->get_content()); - // Select Registered users group - $form = $crawler->selectButton($this->lang('SUBMIT'))->form(['group_id' => [2]]); - $crawler = self::submit($form); - $this->assertContainsLang('ACL_SET', $crawler->filter('h1')->eq(1)->text()); - // Set u_emoji to never - $form = $crawler->selectButton($this->lang('APPLY_PERMISSIONS'))->form(["setting[2][0][u_emoji]" => '1']); - $crawler = self::submit($form); - $this->assertContainsLang('AUTH_UPDATED', $crawler->text()); - - // check acl again - $auth = new \phpbb\auth\auth; - $user_data = $auth->obtain_user_data(2); - $auth->acl($user_data); - $this->assertEquals(1, $auth->acl_get('u_emoji')); - } } diff --git a/tests/profilefields/type_string_test.php b/tests/profilefields/type_string_test.php index d7ad16895d..54bb406838 100644 --- a/tests/profilefields/type_string_test.php +++ b/tests/profilefields/type_string_test.php @@ -26,7 +26,6 @@ class phpbb_profilefield_type_string_test extends phpbb_test_case { global $config, $request, $user, $cache, $phpbb_root_path, $phpEx; - $auth = new \phpbb\auth\auth(); $user = $this->getMock('\phpbb\user', array(), array( new \phpbb\language\language(new \phpbb\language\language_file_loader($phpbb_root_path, $phpEx)), '\phpbb\datetime' @@ -41,7 +40,6 @@ class phpbb_profilefield_type_string_test extends phpbb_test_case $template = $this->getMock('\phpbb\template\template'); $this->cp = new \phpbb\profilefields\type\type_string( - $auth, $request, $template, $user diff --git a/tests/profilefields/type_url_test.php b/tests/profilefields/type_url_test.php index f592d1099d..3bb5d52899 100644 --- a/tests/profilefields/type_url_test.php +++ b/tests/profilefields/type_url_test.php @@ -30,7 +30,6 @@ class phpbb_profilefield_type_url_test extends phpbb_test_case { global $config, $request, $user, $cache, $phpbb_root_path, $phpEx; - $auth = new \phpbb\auth\auth(); $config = new \phpbb\config\config([]); $cache = new phpbb_mock_cache; $user = $this->getMock('\phpbb\user', array(), array( @@ -45,7 +44,6 @@ class phpbb_profilefield_type_url_test extends phpbb_test_case $template = $this->getMock('\phpbb\template\template'); $this->cp = new \phpbb\profilefields\type\type_url( - $auth, $request, $template, $user From bd4887f660a8509d0331ddc39273e4e53966c692 Mon Sep 17 00:00:00 2001 From: MichaIng Date: Fri, 17 Jul 2020 23:03:34 +0200 Subject: [PATCH 8/8] [ticket/16554] Align all .htaccess files to support Apache 2.4 directives While the main .htaccess as well as the ones in phpbb/db/migration/data/vXYZ/ do already support the Apache 2.4 mod_authz_core directive "Require all denied", all others still use only the deprecated "Deny from All". To not force modern system to use the mod_access_compat module, the modern directives should be supported in every case. For this, the method of phpbb/db/migration/data/vXYZ/.htaccess is copied to update and align all .htaccess files across the source code. PHPBB3-16554 Signed-off-by: MichaIng --- phpBB/cache/.htaccess | 37 ++++++++++++++++++++++++--- phpBB/config/.htaccess | 37 ++++++++++++++++++++++++--- phpBB/files/.htaccess | 37 ++++++++++++++++++++++++--- phpBB/images/avatars/upload/.htaccess | 37 ++++++++++++++++++++++++--- phpBB/includes/.htaccess | 37 ++++++++++++++++++++++++--- phpBB/store/.htaccess | 37 ++++++++++++++++++++++++--- 6 files changed, 198 insertions(+), 24 deletions(-) diff --git a/phpBB/cache/.htaccess b/phpBB/cache/.htaccess index aa5afc1640..44242b5418 100644 --- a/phpBB/cache/.htaccess +++ b/phpBB/cache/.htaccess @@ -1,4 +1,33 @@ - - Order Allow,Deny - Deny from All - \ No newline at end of file +# With Apache 2.4 the "Order, Deny" syntax has been deprecated and moved from +# module mod_authz_host to a new module called mod_access_compat (which may be +# disabled) and a new "Require" syntax has been introduced to mod_authz_host. +# We could just conditionally provide both versions, but unfortunately Apache +# does not explicitly tell us its version if the module mod_version is not +# available. In this case, we check for the availability of module +# mod_authz_core (which should be on 2.4 or higher only) as a best guess. + + + + Order Allow,Deny + Deny from All + + + = 2.4> + + Require all denied + + + + + + + Order Allow,Deny + Deny from All + + + + + Require all denied + + + diff --git a/phpBB/config/.htaccess b/phpBB/config/.htaccess index 4128d345ab..163ddd802f 100644 --- a/phpBB/config/.htaccess +++ b/phpBB/config/.htaccess @@ -1,4 +1,33 @@ - - Order Allow,Deny - Deny from All - +# With Apache 2.4 the "Order, Deny" syntax has been deprecated and moved from +# module mod_authz_host to a new module called mod_access_compat (which may be +# disabled) and a new "Require" syntax has been introduced to mod_authz_host. +# We could just conditionally provide both versions, but unfortunately Apache +# does not explicitly tell us its version if the module mod_version is not +# available. In this case, we check for the availability of module +# mod_authz_core (which should be on 2.4 or higher only) as a best guess. + + + + Order Allow,Deny + Deny from All + + + = 2.4> + + Require all denied + + + + + + + Order Allow,Deny + Deny from All + + + + + Require all denied + + + \ No newline at end of file diff --git a/phpBB/files/.htaccess b/phpBB/files/.htaccess index aa5afc1640..163ddd802f 100644 --- a/phpBB/files/.htaccess +++ b/phpBB/files/.htaccess @@ -1,4 +1,33 @@ - - Order Allow,Deny - Deny from All - \ No newline at end of file +# With Apache 2.4 the "Order, Deny" syntax has been deprecated and moved from +# module mod_authz_host to a new module called mod_access_compat (which may be +# disabled) and a new "Require" syntax has been introduced to mod_authz_host. +# We could just conditionally provide both versions, but unfortunately Apache +# does not explicitly tell us its version if the module mod_version is not +# available. In this case, we check for the availability of module +# mod_authz_core (which should be on 2.4 or higher only) as a best guess. + + + + Order Allow,Deny + Deny from All + + + = 2.4> + + Require all denied + + + + + + + Order Allow,Deny + Deny from All + + + + + Require all denied + + + \ No newline at end of file diff --git a/phpBB/images/avatars/upload/.htaccess b/phpBB/images/avatars/upload/.htaccess index aa5afc1640..163ddd802f 100644 --- a/phpBB/images/avatars/upload/.htaccess +++ b/phpBB/images/avatars/upload/.htaccess @@ -1,4 +1,33 @@ - - Order Allow,Deny - Deny from All - \ No newline at end of file +# With Apache 2.4 the "Order, Deny" syntax has been deprecated and moved from +# module mod_authz_host to a new module called mod_access_compat (which may be +# disabled) and a new "Require" syntax has been introduced to mod_authz_host. +# We could just conditionally provide both versions, but unfortunately Apache +# does not explicitly tell us its version if the module mod_version is not +# available. In this case, we check for the availability of module +# mod_authz_core (which should be on 2.4 or higher only) as a best guess. + + + + Order Allow,Deny + Deny from All + + + = 2.4> + + Require all denied + + + + + + + Order Allow,Deny + Deny from All + + + + + Require all denied + + + \ No newline at end of file diff --git a/phpBB/includes/.htaccess b/phpBB/includes/.htaccess index 4128d345ab..163ddd802f 100644 --- a/phpBB/includes/.htaccess +++ b/phpBB/includes/.htaccess @@ -1,4 +1,33 @@ - - Order Allow,Deny - Deny from All - +# With Apache 2.4 the "Order, Deny" syntax has been deprecated and moved from +# module mod_authz_host to a new module called mod_access_compat (which may be +# disabled) and a new "Require" syntax has been introduced to mod_authz_host. +# We could just conditionally provide both versions, but unfortunately Apache +# does not explicitly tell us its version if the module mod_version is not +# available. In this case, we check for the availability of module +# mod_authz_core (which should be on 2.4 or higher only) as a best guess. + + + + Order Allow,Deny + Deny from All + + + = 2.4> + + Require all denied + + + + + + + Order Allow,Deny + Deny from All + + + + + Require all denied + + + \ No newline at end of file diff --git a/phpBB/store/.htaccess b/phpBB/store/.htaccess index aa5afc1640..163ddd802f 100644 --- a/phpBB/store/.htaccess +++ b/phpBB/store/.htaccess @@ -1,4 +1,33 @@ - - Order Allow,Deny - Deny from All - \ No newline at end of file +# With Apache 2.4 the "Order, Deny" syntax has been deprecated and moved from +# module mod_authz_host to a new module called mod_access_compat (which may be +# disabled) and a new "Require" syntax has been introduced to mod_authz_host. +# We could just conditionally provide both versions, but unfortunately Apache +# does not explicitly tell us its version if the module mod_version is not +# available. In this case, we check for the availability of module +# mod_authz_core (which should be on 2.4 or higher only) as a best guess. + + + + Order Allow,Deny + Deny from All + + + = 2.4> + + Require all denied + + + + + + + Order Allow,Deny + Deny from All + + + + + Require all denied + + + \ No newline at end of file