makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-24 12:18:51 +00:00
Code Issues Projects Releases Packages Wiki Activity

Merge branch 'develop-ascraeus' into develop

Browse source 
* develop-ascraeus:
  [ticket/8323] Cache auth request
  [ticket/8323] Combine into a single query
  [ticket/8323] Comments on phpbb_get_banned_user_ids input for test
  [ticket/8323] More readability in test case
  [ticket/8323] Comments
  [ticket/8323] dataProvider for the test; better test data
  [ticket/8323] Comments
  [ticket/8323] Unit test for phpbb_get_banned_user_ids
  [ticket/8323] Comments for inactive reasons in constants.php
  [ticket/8323] Only disable administrative deactivated accounts from receiving PMs
  [ticket/8323] Allow temporarily banned users to receive PMs, but not a notification
  [ticket/8323] Correct PM notification settings (only notify those who can receive them)
  [ticket/8323] Cleanup viewtopic code (not sure how this mess happened)
  [ticket/8323] Allow sending PMs to temporarily banned users
  [ticket/8323] Do not allow sending PMs to Inactive users
  [ticket/8323] Hide the Send PM link if users cannot receive the PM
  [ticket/8323] Correcting the comment
  [ticket/8323] Do not allow sending of Private Messages to users who are banned
  [ticket/8323] Remove code used for testing
  [ticket/8323] Do not allow sending of Private Messages to users who do not have permission to read private messages
This commit is contained in:
Nils Adermann 2014-05-02 16:13:24 +02:00
commit 3020b044e3
8 changed files with 248 additions and 27 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
phpBB/includes/constants.php
View file

@ -46,10 +46,10 @@ define('USER_INACTIVE', 1);
define('USER_IGNORE', 2);
define('USER_FOUNDER', 3);
define('INACTIVE_REGISTER', 1);
define('INACTIVE_PROFILE', 2);
define('INACTIVE_MANUAL', 3);
define('INACTIVE_REMIND', 4);
define('INACTIVE_REGISTER', 1); // Newly registered account
define('INACTIVE_PROFILE', 2); // Profile details changed
define('INACTIVE_MANUAL', 3); // Account deactivated by administrator
define('INACTIVE_REMIND', 4); // Forced user account reactivation
// ACL
define('ACL_NEVER', 0);

26
phpBB/includes/functions_user.php
View file

@ -3455,9 +3455,12 @@ function remove_newly_registered($user_id, $user_data = false)
*
* @param array $user_ids Array of users' ids to check for banning,
* leave empty to get complete list of banned ids
* @param bool|int $ban_end Bool True to get users currently banned
* Bool False to only get permanently banned users
* Int Unix timestamp to get users banned until that time
* @return array Array of banned users' ids if any, empty array otherwise
*/
function phpbb_get_banned_user_ids($user_ids = array())
function phpbb_get_banned_user_ids($user_ids = array(), $ban_end = true)
{
global $db;
@ -3469,9 +3472,26 @@ function phpbb_get_banned_user_ids($user_ids = array())
$sql = 'SELECT ban_userid
FROM ' . BANLIST_TABLE . "
WHERE $sql_user_ids
AND ban_exclude <> 1
AND (ban_end > " . time() . '
AND ban_exclude <> 1";
if ($ban_end === true)
{
// Banned currently
$sql .= " AND (ban_end > " . time() . '
OR ban_end = 0)';
}
else if ($ban_end === false)
{
// Permanently banned
$sql .= " AND ban_end = 0";
}
else
{
// Banned until a specified time
$sql .= " AND (ban_end > " . (int) $ban_end . '
OR ban_end = 0)';
}
$result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result))
{

88
phpBB/includes/ucp/ucp_pm_compose.php
View file

@ -1226,29 +1226,81 @@ function handle_message_list_actions(&$address_list, &$error, $remove_u, $remove
// Check for disallowed recipients
if (!empty($address_list['u']))
{
// We need to check their PM status (do they want to receive PM's?)
// Only check if not a moderator or admin, since they are allowed to override this user setting
if (!$auth->acl_gets('a_', 'm_') && !$auth->acl_getf_global('m_'))
// Administrator deactivated users check and we need to check their
// PM status (do they want to receive PM's?)
// Only check PM status if not a moderator or admin, since they
// are allowed to override this user setting
$sql = 'SELECT user_id, user_allow_pm
FROM ' . USERS_TABLE . '
WHERE ' . $db->sql_in_set('user_id', array_keys($address_list['u'])) . '
AND (user_type = ' . USER_INACTIVE . '
AND user_inactive_reason = ' . INACTIVE_MANUAL . ')';
$can_ignore_allow_pm = ($auth->acl_gets('a_', 'm_') || $auth->acl_getf_global('m_'));
if (!$can_ignore_allow_pm)
{
$sql = 'SELECT user_id
FROM ' . USERS_TABLE . '
WHERE ' . $db->sql_in_set('user_id', array_keys($address_list['u'])) . '
AND user_allow_pm = 0';
$result = $db->sql_query($sql);
$sql .= ' OR user_allow_pm = 0';
}
$removed = false;
while ($row = $db->sql_fetchrow($result))
{
$removed = true;
unset($address_list['u'][$row['user_id']]);
}
$db->sql_freeresult($result);
$result = $db->sql_query($sql);
// print a notice about users not being added who do not want to receive pms
if ($removed)
$removed_no_pm = $removed_no_permission = false;
while ($row = $db->sql_fetchrow($result))
{
if (!$can_ignore_allow_pm && !$row['user_allow_pm'])
{
$error[] = $user->lang['PM_USERS_REMOVED_NO_PM'];
$removed_no_pm = true;
}
else
{
$removed_no_permission = true;
}
unset($address_list['u'][$row['user_id']]);
}
$db->sql_freeresult($result);
// print a notice about users not being added who do not want to receive pms
if ($removed_no_pm)
{
$error[] = $user->lang['PM_USERS_REMOVED_NO_PM'];
}
// print a notice about users not being added who do not have permission to receive PMs
if ($removed_no_permission)
{
$error[] = $user->lang['PM_USERS_REMOVED_NO_PERMISSION'];
}
if (!sizeof(array_keys($address_list['u'])))
{
return;
}
// Check if users have permission to read PMs
$can_read = $auth->acl_get_list(array_keys($address_list['u']), 'u_readpm');
$can_read = (empty($can_read) || !isset($can_read[0]['u_readpm'])) ? array() : $can_read[0]['u_readpm'];
$cannot_read_list = array_diff(array_keys($address_list['u']), $can_read);
if (!empty($cannot_read_list))
{
foreach ($cannot_read_list as $cannot_read)
{
unset($address_list['u'][$cannot_read]);
}
$error[] = $user->lang['PM_USERS_REMOVED_NO_PERMISSION'];
}
// Check if users are banned
$banned_user_list = phpbb_get_banned_user_ids(array_keys($address_list['u']), false);
if (!empty($banned_user_list))
{
foreach ($banned_user_list as $banned_user)
{
unset($address_list['u'][$banned_user]);
}
$error[] = $user->lang['PM_USERS_REMOVED_NO_PERMISSION'];
}
}
}

1
phpBB/language/en/ucp.php
View file

@ -413,6 +413,7 @@ $lang = array_merge($lang, array(
'PM_SUBJECT' => 'Message subject',
'PM_TO' => 'Send to',
'PM_TOOLS' => 'Message tools',
'PM_USERS_REMOVED_NO_PERMISSION' => 'Some users couldnt be added as they do not have permission to read private messages.',
'PM_USERS_REMOVED_NO_PM' => 'Some users couldnt be added as they have disabled private message receipt.',
'POST_EDIT_PM' => 'Edit message',
'POST_FORWARD_PM' => 'Forward message',

25
phpBB/memberlist.php
View file

@ -1720,6 +1720,29 @@ function show_profile($data, $user_notes_enabled = false, $warn_user_enabled = f
}
}
if (!function_exists('phpbb_get_banned_user_ids'))
{
include($phpbb_root_path . 'includes/functions_user.' . $phpEx);
}
// Can this user receive a Private Message?
$can_receive_pm = (
// They must be a "normal" user
$data['user_type'] != USER_IGNORE &&
// They must not be deactivated by the administrator
($data['user_type'] != USER_INACTIVE && $data['user_inactive_reason'] == INACTIVE_MANUAL) &&
// They must be able to read PMs
sizeof($auth->acl_get_list($user_id, 'u_readpm')) &&
// They must not be permanently banned
!sizeof(phpbb_get_banned_user_ids($user_id, false)) &&
// They must allow users to contact via PM
(($auth->acl_gets('a_', 'm_') || $auth->acl_getf_global('m_')) || $data['user_allow_pm'])
);
// Dump it out to the template
$template_data = array(
'AGE' => $age,
@ -1748,7 +1771,7 @@ function show_profile($data, $user_notes_enabled = false, $warn_user_enabled = f
'U_SEARCH_USER' => ($auth->acl_get('u_search')) ? append_sid("{$phpbb_root_path}search.$phpEx", "author_id=$user_id&amp;sr=posts") : '',
'U_NOTES' => ($user_notes_enabled && $auth->acl_getf_global('m_')) ? append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=notes&amp;mode=user_notes&amp;u=' . $user_id, true, $user->session_id) : '',
'U_WARN' => ($warn_user_enabled && $auth->acl_get('m_warn')) ? append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=warn&amp;mode=warn_user&amp;u=' . $user_id, true, $user->session_id) : '',
'U_PM' => ($config['allow_privmsg'] && $auth->acl_get('u_sendpm') && ($data['user_allow_pm'] || $auth->acl_gets('a_', 'm_') || $auth->acl_getf_global('m_'))) ? append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=pm&amp;mode=compose&amp;u=' . $user_id) : '',
'U_PM' => ($config['allow_privmsg'] && $auth->acl_get('u_sendpm') && $can_receive_pm) ? append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=pm&amp;mode=compose&amp;u=' . $user_id) : '',
'U_EMAIL' => $email,
'U_JABBER' => ($data['user_jabber'] && $auth->acl_get('u_sendim')) ? append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=contact&amp;action=jabber&amp;u=' . $user_id) : '',

31
phpBB/viewtopic.php
View file

@ -16,6 +16,7 @@ $phpEx = substr(strrchr(__FILE__, '.'), 1);
include($phpbb_root_path . 'common.' . $phpEx);
include($phpbb_root_path . 'includes/functions_display.' . $phpEx);
include($phpbb_root_path . 'includes/bbcode.' . $phpEx);
include($phpbb_root_path . 'includes/functions_user.' . $phpEx);
// Start session management
$user->session_begin();
@ -1163,6 +1164,9 @@ while ($row = $db->sql_fetchrow($result))
$id_cache[] = $poster_id;
$user_cache_data = array(
'user_type' => $row['user_type'],
'user_inactive_reason' => $row['user_inactive_reason'],
'joined' => $user->format_date($row['user_regdate']),
'posts' => $row['user_posts'],
'warnings' => (isset($row['user_warnings'])) ? $row['user_warnings'] : 0,
@ -1374,6 +1378,13 @@ if ($bbcode_bitfield !== '')
$bbcode = new bbcode(base64_encode($bbcode_bitfield));
}
// Get the list of users who can receive private messages
$can_receive_pm_list = $auth->acl_get_list(array_keys($user_cache), 'u_readpm');
$can_receive_pm_list = (empty($can_receive_pm_list) || !isset($can_receive_pm_list[0]['u_readpm'])) ? array() : $can_receive_pm_list[0]['u_readpm'];
// Get the list of permanently banned users
$permanently_banned_users = phpbb_get_banned_user_ids(array_keys($user_cache), false);
$i_total = sizeof($rowset) - 1;
$prev_post_id = '';
@ -1592,6 +1603,24 @@ for ($i = 0, $end = sizeof($post_list); $i < $end; ++$i)
!$row['post_edit_locked']
)));
// Can this user receive a Private Message?
$can_receive_pm = (
// They must be a "normal" user
$user_cache[$poster_id]['user_type'] != USER_IGNORE &&
// They must not be deactivated by the administrator
($user_cache[$poster_id]['user_type'] != USER_INACTIVE && $user_cache[$poster_id]['user_inactive_reason'] == INACTIVE_MANUAL) &&
// They must be able to read PMs
in_array($poster_id, $can_receive_pm_list) &&
// They must not be permanently banned
!in_array($poster_id, $permanently_banned_users) &&
// They must allow users to contact via PM
(($auth->acl_gets('a_', 'm_') || $auth->acl_getf_global('m_')) || $data['user_allow_pm'])
);
//
$post_row = array(
'POST_AUTHOR_FULL' => ($poster_id != ANONYMOUS) ? $user_cache[$poster_id]['author_full'] : get_username_string('full', $poster_id, $row['username'], $row['user_colour'], $row['post_username']),
@ -1631,7 +1660,7 @@ for ($i = 0, $end = sizeof($post_list); $i < $end; ++$i)
'U_DELETE' => ($delete_allowed) ? append_sid("{$phpbb_root_path}posting.$phpEx", "mode=delete&amp;f=$forum_id&amp;p={$row['post_id']}") : '',
'U_SEARCH' => $user_cache[$poster_id]['search'],
'U_PM' => ($poster_id != ANONYMOUS && $config['allow_privmsg'] && $auth->acl_get('u_sendpm') && ($user_cache[$poster_id]['allow_pm'] || $auth->acl_gets('a_', 'm_') || $auth->acl_getf_global('m_'))) ? append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=pm&amp;mode=compose&amp;action=quotepost&amp;p=' . $row['post_id']) : '',
'U_PM' => ($config['allow_privmsg'] && $auth->acl_get('u_sendpm') && $can_receive_pm) ? append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=pm&amp;mode=compose&amp;action=quotepost&amp;p=' . $row['post_id']) : '',
'U_EMAIL' => $user_cache[$poster_id]['email'],
'U_JABBER' => $user_cache[$poster_id]['jabber'],

38
tests/functions/fixtures/banned_users.xml Normal file
View file

@ -0,0 +1,38 @@
<?xml version="1.0" encoding="UTF-8" ?>
<dataset>
<table name="phpbb_banlist">
<column>ban_userid</column>
<column>ban_exclude</column>
<column>ban_end</column>
<row>
<value>1</value>
<value>1</value>
<value>0</value>
</row>
<row>
<value>2</value>
<value>0</value>
<value>0</value>
</row>
<row>
<value>3</value>
<value>0</value>
<value>0</value>
</row>
<row>
<value>4</value>
<value>0</value>
<value>2</value>
</row>
<row>
<value>5</value>
<value>0</value>
<value>999999999999999999999</value>
</row>
<row>
<value>6</value>
<value>0</value>
<value>3</value>
</row>
</table>
</dataset>

58
tests/functions/phpbb_get_banned_user_ids.php Normal file
View file

@ -0,0 +1,58 @@
<?php
/**
*
* @package testing
* @copyright (c) 2012 phpBB Group
* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2
*
*/
require_once dirname(__FILE__) . '/../../phpBB/includes/functions_user.php';
class phpbb_get_banned_user_ids_test extends phpbb_database_test_case
{
public function getDataSet()
{
return $this->createXMLDataSet(dirname(__FILE__) . '/fixtures/banned_users.xml');
}
public function phpbb_get_banned_user_ids_data()
{
return array(
// Input to phpbb_get_banned_user_ids (user_id list, ban_end)
// Expected output
array(
// True to get users currently banned
array(array(1, 2, 4, 5, 6), true),
array(2 => 2, 5 => 5),
),
array(
// False to only get permanently banned users
array(array(1, 2, 4, 5, 6), false),
array(2 => 2),
),
array(
// Unix timestamp to get users banned until that time
array(array(1, 2, 4, 5, 6), 2),
array(2 => 2, 5 => 5, 6 => 6),
),
);
}
public function setUp()
{
global $db;
$db = $this->new_dbal();
return parent::setUp();
}
/**
* @dataProvider phpbb_get_banned_user_ids_data
*/
public function test_phpbb_get_banned_user_ids($input, $expected)
{
$this->assertEquals($expected, call_user_func_array('phpbb_get_banned_user_ids', $input));
}
}