From c3bb5e1bec720abb69fff57b2efa33cf911ec5cc Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Fri, 28 Feb 2025 20:33:41 +0100 Subject: [PATCH 1/5] [ticket/security-283] Ensure text is properly handled for responsiveness SECURITY-283 --- phpBB/styles/prosilver/template/forum_fn.js | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/phpBB/styles/prosilver/template/forum_fn.js b/phpBB/styles/prosilver/template/forum_fn.js index 009a9de621..ed273c8da3 100644 --- a/phpBB/styles/prosilver/template/forum_fn.js +++ b/phpBB/styles/prosilver/template/forum_fn.js @@ -650,7 +650,7 @@ function parseDocument($container) { html = $children.html(); } - $block.append((first ? '' : '
') + html); + $block.append((first ? '' : '
') + html); first = false; }); @@ -670,7 +670,7 @@ function parseDocument($container) { // Find all headers, get contents $list.prev('.topiclist').find('li.header dd').not('.mark').each(function() { - headers.push($(this).text()); + headers.push($("
").text($(this).text()).html()); headersLength++; }); @@ -707,7 +707,7 @@ function parseDocument($container) { html = headers[i] + ': ' + html + ''; } - $block.append((first ? '' : '
') + html); + $block.append((first ? '' : '
') + html); first = false; }); @@ -773,7 +773,8 @@ function parseDocument($container) { } if ((text.length && text !== '-') || cell.children().length) { - cell.prepend('' + headers[column] + ''); + const $dfnElement = $("").css('display', 'none').text(headers[column]); + cell.prepend($dfnElement); } else { cell.addClass('empty'); } From 17480d7d073b344792c3a57a613db434f358646b Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Sat, 1 Mar 2025 09:22:23 +0100 Subject: [PATCH 2/5] [ticket/security-283] Unify behavior between adm and prosilver, clean up SECURITY-283 --- phpBB/adm/style/admin.js | 14 ++++----- phpBB/adm/style/ajax.js | 33 ++++++++++++++------- phpBB/styles/prosilver/template/forum_fn.js | 5 ++-- 3 files changed, 33 insertions(+), 19 deletions(-) diff --git a/phpBB/adm/style/admin.js b/phpBB/adm/style/admin.js index 23bd4a116b..10d2f398e0 100644 --- a/phpBB/adm/style/admin.js +++ b/phpBB/adm/style/admin.js @@ -5,7 +5,7 @@ /** * Parse document block */ -function parse_document(container) +function parse_document(container) { var test = document.createElement('div'), oldBrowser = (typeof test.style.borderRadius == 'undefined'); @@ -90,7 +90,7 @@ function parse_document(container) } }); } - + headersLength = headers.length; // Add header text to each cell as @@ -121,8 +121,8 @@ function parse_document(container) } if ((text.length && text !== '-') || cell.children().length) { - if (headers[column] != '') { - cell.prepend('' + headers[column] + ''); + if (headers[column].length) { + cell.prepend($("").css('display', 'none').text(headers[column])); } } else { @@ -143,7 +143,7 @@ function parse_document(container) */ container.find('table.responsive > tbody').each(function() { var items = $(this).children('tr'); - if (items.length == 0) + if (!items.length) { $(this).parent('table:first').addClass('responsive-hide'); } @@ -157,7 +157,7 @@ function parse_document(container) if ($this.html() == ' ') { $this.addClass('responsive-hide'); } - + }); /** @@ -184,7 +184,7 @@ function parse_document(container) var width = $body.width(), height = $this.height(); - if (arguments.length == 0 && (!responsive || width <= lastWidth) && height <= maxHeight) { + if (!arguments.length && (!responsive || width <= lastWidth) && height <= maxHeight) { return; } diff --git a/phpBB/adm/style/ajax.js b/phpBB/adm/style/ajax.js index d1007d0173..6d6822df4d 100644 --- a/phpBB/adm/style/ajax.js +++ b/phpBB/adm/style/ajax.js @@ -235,14 +235,20 @@ function submitPermissions() { if ($alertBoxLink) { // Remove forum_id[] from URL $alertBoxLink.attr('href', $alertBoxLink.attr('href').replace(/(&forum_id\[\]=[0-9]+)/g, '')); - var previousPageForm = '
'; - $.each(forumIds, function (key, value) { - previousPageForm += ''; + const $previousPageForm = $('').attr({ + action: $alertBoxLink.attr('href'), + method: 'post' + }); + + $.each(forumIds, function (key, value) { + $previousPageForm.append($('').attr({ + type: 'text', + name: 'forum_id[]', + value: value + })); }); - previousPageForm += '
'; $alertBoxLink.on('click', function (e) { - var $previousPageForm = $(previousPageForm); $('body').append($previousPageForm); e.preventDefault(); $previousPageForm.submit(); @@ -257,12 +263,19 @@ function submitPermissions() { setTimeout(function () { // Create forum to submit using POST. This will prevent // exceeding the maximum length of URLs - var form = '
'; - $.each(forumIds, function (key, value) { - form += ''; + const $form = $('').attr({ + action: res.REFRESH_DATA.url.replace(/(&forum_id\[\]=[0-9]+)/g, ''), + method: 'post' }); - form += '
'; - $form = $(form); + + $.each(forumIds, function (key, value) { + $form.append($('').attr({ + type: 'text', + name: 'forum_id[]', + value: value + })); + }); + $('body').append($form); // Hide the alert even if we refresh the page, in case the user diff --git a/phpBB/styles/prosilver/template/forum_fn.js b/phpBB/styles/prosilver/template/forum_fn.js index ed273c8da3..51478d8641 100644 --- a/phpBB/styles/prosilver/template/forum_fn.js +++ b/phpBB/styles/prosilver/template/forum_fn.js @@ -773,8 +773,9 @@ function parseDocument($container) { } if ((text.length && text !== '-') || cell.children().length) { - const $dfnElement = $("").css('display', 'none').text(headers[column]); - cell.prepend($dfnElement); + if (headers[column].length) { + cell.prepend($("").css('display', 'none').text(headers[column])); + } } else { cell.addClass('empty'); } From 51465670f6802c20519fd7cafb7ec76b37014b68 Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Sun, 23 Mar 2025 19:39:07 +0100 Subject: [PATCH 3/5] [prep-release-3.3.15] Update version numbers to 3.3.15 --- build/build.xml | 4 ++-- phpBB/includes/constants.php | 2 +- phpBB/install/phpbbcli.php | 2 +- phpBB/install/schemas/schema_data.sql | 2 +- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/build/build.xml b/build/build.xml index 48e58c2217..7d7d9eee64 100644 --- a/build/build.xml +++ b/build/build.xml @@ -2,9 +2,9 @@ - + - + diff --git a/phpBB/includes/constants.php b/phpBB/includes/constants.php index 5502664c82..7b2e8cca22 100644 --- a/phpBB/includes/constants.php +++ b/phpBB/includes/constants.php @@ -28,7 +28,7 @@ if (!defined('IN_PHPBB')) */ // phpBB Version -@define('PHPBB_VERSION', '3.3.15-RC1'); +@define('PHPBB_VERSION', '3.3.15'); // QA-related // define('PHPBB_QA', 1); diff --git a/phpBB/install/phpbbcli.php b/phpBB/install/phpbbcli.php index bcb42920c1..6291bbbad5 100755 --- a/phpBB/install/phpbbcli.php +++ b/phpBB/install/phpbbcli.php @@ -23,7 +23,7 @@ if (php_sapi_name() !== 'cli') define('IN_PHPBB', true); define('IN_INSTALL', true); define('PHPBB_ENVIRONMENT', 'production'); -define('PHPBB_VERSION', '3.3.15-RC1'); +define('PHPBB_VERSION', '3.3.15'); $phpbb_root_path = __DIR__ . '/../'; $phpEx = substr(strrchr(__FILE__, '.'), 1); diff --git a/phpBB/install/schemas/schema_data.sql b/phpBB/install/schemas/schema_data.sql index c848e12e8e..338af1160a 100644 --- a/phpBB/install/schemas/schema_data.sql +++ b/phpBB/install/schemas/schema_data.sql @@ -316,7 +316,7 @@ INSERT INTO phpbb_config (config_name, config_value) VALUES ('update_hashes_lock INSERT INTO phpbb_config (config_name, config_value) VALUES ('upload_icons_path', 'images/upload_icons'); INSERT INTO phpbb_config (config_name, config_value) VALUES ('upload_path', 'files'); INSERT INTO phpbb_config (config_name, config_value) VALUES ('use_system_cron', '0'); -INSERT INTO phpbb_config (config_name, config_value) VALUES ('version', '3.3.15-RC1'); +INSERT INTO phpbb_config (config_name, config_value) VALUES ('version', '3.3.15'); INSERT INTO phpbb_config (config_name, config_value) VALUES ('warnings_expire_days', '90'); INSERT INTO phpbb_config (config_name, config_value) VALUES ('warnings_gc', '14400'); From fb46aa38b83a68583a093d68bdb7a6889728cb62 Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Sun, 23 Mar 2025 19:41:47 +0100 Subject: [PATCH 4/5] [prep-release-3.3.15] Add migration for 3.3.15 --- phpBB/phpbb/db/migration/data/v33x/v3315.php | 36 ++++++++++++++++++++ 1 file changed, 36 insertions(+) create mode 100644 phpBB/phpbb/db/migration/data/v33x/v3315.php diff --git a/phpBB/phpbb/db/migration/data/v33x/v3315.php b/phpBB/phpbb/db/migration/data/v33x/v3315.php new file mode 100644 index 0000000000..23028602f6 --- /dev/null +++ b/phpBB/phpbb/db/migration/data/v33x/v3315.php @@ -0,0 +1,36 @@ + + * @license GNU General Public License, version 2 (GPL-2.0) + * + * For full copyright and license information, please see + * the docs/CREDITS.txt file. + * + */ + +namespace phpbb\db\migration\data\v33x; + +class v3315 extends \phpbb\db\migration\migration +{ + public function effectively_installed() + { + return version_compare($this->config['version'], '3.3.15', '>='); + } + + public static function depends_on() + { + return [ + '\phpbb\db\migration\data\v33x\v3315rc1', + ]; + } + + public function update_data() + { + return [ + ['config.update', ['version', '3.3.15']], + ]; + } +} From b92ca5d1f808fe9f5b04b32a492abaee2e38544a Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Sun, 23 Mar 2025 20:20:03 +0100 Subject: [PATCH 5/5] [prep-release-3.3.15] Update changelog for 3.3.15 --- phpBB/docs/CHANGELOG.html | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/phpBB/docs/CHANGELOG.html b/phpBB/docs/CHANGELOG.html index 06cd3c9316..3b4a42bed3 100644 --- a/phpBB/docs/CHANGELOG.html +++ b/phpBB/docs/CHANGELOG.html @@ -50,6 +50,7 @@
  1. Changelog