diff --git a/build/build.xml b/build/build.xml index 0cbb13f4aa..2956a127af 100644 --- a/build/build.xml +++ b/build/build.xml @@ -2,7 +2,7 @@ - + diff --git a/phpBB/docs/CHANGELOG.html b/phpBB/docs/CHANGELOG.html index 62e954f2d8..923f6ebbc0 100644 --- a/phpBB/docs/CHANGELOG.html +++ b/phpBB/docs/CHANGELOG.html @@ -50,6 +50,7 @@
  1. Changelog
      +
    • Changes since 3.2.10
    • Changes since 3.2.10-RC2
    • Changes since 3.2.10-RC1
    • Changes since 3.2.9
      • @@ -145,6 +146,16 @@
      +

      Changes since 3.2.10

      +

      Security Issue

      +
        +
      • [SECURITY-264] - Invalid conversion of HTML entities when stripping BBCode
        • +
      +

      Hardening

      +
        +
      • [SECURITY-265] - Reduce verbosity of jabber output in ACP
        • +
      +

      Changes since 3.2.10-RC2

      Bug

        diff --git a/phpBB/includes/constants.php b/phpBB/includes/constants.php index fcbcb562b5..fdd5d02603 100644 --- a/phpBB/includes/constants.php +++ b/phpBB/includes/constants.php @@ -28,7 +28,7 @@ if (!defined('IN_PHPBB')) */ // phpBB Version -@define('PHPBB_VERSION', '3.2.11-dev'); +@define('PHPBB_VERSION', '3.2.11'); // QA-related // define('PHPBB_QA', 1); diff --git a/phpBB/includes/functions_jabber.php b/phpBB/includes/functions_jabber.php index cf0865e608..43df61c396 100644 --- a/phpBB/includes/functions_jabber.php +++ b/phpBB/includes/functions_jabber.php @@ -207,7 +207,7 @@ class jabber */ function login() { - if (!count($this->features)) + if (empty($this->features)) { $this->add_to_log('Error: No feature information from server available.'); return false; @@ -227,7 +227,6 @@ class jabber if ($this->connected()) { $xml = trim($xml); - $this->add_to_log('SEND: '. $xml); return fwrite($this->connection, $xml); } else @@ -338,7 +337,6 @@ class jabber if ($data != '') { - $this->add_to_log('RECV: '. $data); return $this->xmlize($data); } else @@ -419,7 +417,7 @@ class jabber { // or even multiple elements of the same type? // array('message' => array(0 => ..., 1 => ...)) - if (count(reset($xml)) > 1) + if (is_array(reset($xml)) && count(reset($xml)) > 1) { foreach (reset($xml) as $value) { @@ -445,7 +443,7 @@ class jabber } $second_time = isset($this->session['id']); - $this->session['id'] = $xml['stream:stream'][0]['@']['id']; + $this->session['id'] = isset($xml['stream:stream'][0]['@']['id']) ? $xml['stream:stream'][0]['@']['id'] : ''; if ($second_time) { @@ -701,7 +699,7 @@ class jabber default: // hm...don't know this response - $this->add_to_log('Notice: Unknown server response (' . key($xml) . ')'); + $this->add_to_log('Notice: Unknown server response'); return false; break; } diff --git a/phpBB/install/convertors/convert_phpbb20.php b/phpBB/install/convertors/convert_phpbb20.php index d59692642b..9dd0f3f804 100644 --- a/phpBB/install/convertors/convert_phpbb20.php +++ b/phpBB/install/convertors/convert_phpbb20.php @@ -38,7 +38,7 @@ $dbms = $phpbb_config_php_file->convert_30_dbms_to_31($dbms); $convertor_data = array( 'forum_name' => 'phpBB 2.0.x', 'version' => '1.0.3', - 'phpbb_version' => '3.2.10', + 'phpbb_version' => '3.2.11', 'author' => 'phpBB Limited', 'dbms' => $dbms, 'dbhost' => $dbhost, diff --git a/phpBB/install/phpbbcli.php b/phpBB/install/phpbbcli.php index de1f20411a..ebe436dc54 100755 --- a/phpBB/install/phpbbcli.php +++ b/phpBB/install/phpbbcli.php @@ -23,7 +23,7 @@ if (php_sapi_name() !== 'cli') define('IN_PHPBB', true); define('IN_INSTALL', true); define('PHPBB_ENVIRONMENT', 'production'); -define('PHPBB_VERSION', '3.2.10'); +define('PHPBB_VERSION', '3.2.11'); $phpbb_root_path = __DIR__ . '/../'; $phpEx = substr(strrchr(__FILE__, '.'), 1); diff --git a/phpBB/install/schemas/schema_data.sql b/phpBB/install/schemas/schema_data.sql index b7c5424e3e..3058596ab5 100644 --- a/phpBB/install/schemas/schema_data.sql +++ b/phpBB/install/schemas/schema_data.sql @@ -306,7 +306,7 @@ INSERT INTO phpbb_config (config_name, config_value) VALUES ('update_hashes_lock INSERT INTO phpbb_config (config_name, config_value) VALUES ('upload_icons_path', 'images/upload_icons'); INSERT INTO phpbb_config (config_name, config_value) VALUES ('upload_path', 'files'); INSERT INTO phpbb_config (config_name, config_value) VALUES ('use_system_cron', '0'); -INSERT INTO phpbb_config (config_name, config_value) VALUES ('version', '3.2.11-dev'); +INSERT INTO phpbb_config (config_name, config_value) VALUES ('version', '3.2.11'); INSERT INTO phpbb_config (config_name, config_value) VALUES ('warnings_expire_days', '90'); INSERT INTO phpbb_config (config_name, config_value) VALUES ('warnings_gc', '14400'); diff --git a/phpBB/phpbb/db/migration/data/v32x/v3211.php b/phpBB/phpbb/db/migration/data/v32x/v3211.php new file mode 100644 index 0000000000..0fad02ab28 --- /dev/null +++ b/phpBB/phpbb/db/migration/data/v32x/v3211.php @@ -0,0 +1,36 @@ + +* @license GNU General Public License, version 2 (GPL-2.0) +* +* For full copyright and license information, please see +* the docs/CREDITS.txt file. +* +*/ + +namespace phpbb\db\migration\data\v32x; + +class v3211 extends \phpbb\db\migration\migration +{ + public function effectively_installed() + { + return phpbb_version_compare($this->config['version'], '3.2.11', '>='); + } + + static public function depends_on() + { + return array( + '\phpbb\db\migration\data\v32x\v3210', + ); + } + + public function update_data() + { + return array( + array('config.update', array('version', '3.2.11')), + ); + } +} diff --git a/phpBB/phpbb/textformatter/s9e/utils.php b/phpBB/phpbb/textformatter/s9e/utils.php index a9a6d4b892..d81424e913 100644 --- a/phpBB/phpbb/textformatter/s9e/utils.php +++ b/phpBB/phpbb/textformatter/s9e/utils.php @@ -31,7 +31,7 @@ class utils implements \phpbb\textformatter\utils_interface // Insert a space before and then remove formatting $xml = preg_replace('#<[es]>#', ' $0', $xml); - return \s9e\TextFormatter\Utils::removeFormatting($xml); + return utf8_htmlspecialchars(\s9e\TextFormatter\Utils::removeFormatting($xml)); } /** diff --git a/phpBB/styles/prosilver/style.cfg b/phpBB/styles/prosilver/style.cfg index cc5fc7aefc..4b922645b2 100644 --- a/phpBB/styles/prosilver/style.cfg +++ b/phpBB/styles/prosilver/style.cfg @@ -21,8 +21,8 @@ # General Information about this style name = prosilver copyright = © phpBB Limited, 2007 -style_version = 3.2.10 -phpbb_version = 3.2.10 +style_version = 3.2.11 +phpbb_version = 3.2.11 # Defining a different template bitfield # template_bitfield = //g= diff --git a/tests/text_processing/strip_bbcode_test.php b/tests/text_processing/strip_bbcode_test.php index 9acedc2872..6eae1aa0dd 100644 --- a/tests/text_processing/strip_bbcode_test.php +++ b/tests/text_processing/strip_bbcode_test.php @@ -13,27 +13,26 @@ class phpbb_text_processing_strip_bbcode_test extends phpbb_test_case { - public function test_legacy() + + public function data_strip_bbcode() { - $original = '[b:20m4ill1]bold[/b:20m4ill1]'; - $expected = ' bold '; - - $actual = $original; - strip_bbcode($actual); - - $this->assertSame($expected, $actual, '20m4ill1'); + return [ + ['[b:20m4ill1]bold[/b:20m4ill1]', ' bold '], + ['[b]bold[/b]', ' bold '], + ['[b:20m4ill1]bo & ld[/b:20m4ill1]', ' bo & ld '], + ['[b]bo & ld[/b]', ' bo & ld '] + ]; } - public function test_s9e() + /** + * @dataProvider data_strip_bbcode + */ + public function test_strip_bbcode($input, $expected) { $phpbb_container = $this->get_test_case_helpers()->set_s9e_services(); - $original = '[b]bold[/b]'; - $expected = ' bold '; + strip_bbcode($input); - $actual = $original; - strip_bbcode($actual); - - $this->assertSame($expected, $actual); + $this->assertSame($expected, $input); } }