From 395716112475b312edc0bae14e5ea51ccce1c72a Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Fri, 23 Oct 2020 20:38:51 +0200 Subject: [PATCH 1/7] [ticket/security-264] Ensure HTML entity state after removing formatting SECURITY-264 --- phpBB/phpbb/textformatter/s9e/utils.php | 2 +- tests/text_processing/strip_bbcode_test.php | 29 ++++++++++----------- 2 files changed, 15 insertions(+), 16 deletions(-) diff --git a/phpBB/phpbb/textformatter/s9e/utils.php b/phpBB/phpbb/textformatter/s9e/utils.php index a9a6d4b892..d81424e913 100644 --- a/phpBB/phpbb/textformatter/s9e/utils.php +++ b/phpBB/phpbb/textformatter/s9e/utils.php @@ -31,7 +31,7 @@ class utils implements \phpbb\textformatter\utils_interface // Insert a space before and then remove formatting $xml = preg_replace('#<[es]>#', ' $0', $xml); - return \s9e\TextFormatter\Utils::removeFormatting($xml); + return utf8_htmlspecialchars(\s9e\TextFormatter\Utils::removeFormatting($xml)); } /** diff --git a/tests/text_processing/strip_bbcode_test.php b/tests/text_processing/strip_bbcode_test.php index 9acedc2872..6eae1aa0dd 100644 --- a/tests/text_processing/strip_bbcode_test.php +++ b/tests/text_processing/strip_bbcode_test.php @@ -13,27 +13,26 @@ class phpbb_text_processing_strip_bbcode_test extends phpbb_test_case { - public function test_legacy() + + public function data_strip_bbcode() { - $original = '[b:20m4ill1]bold[/b:20m4ill1]'; - $expected = ' bold '; - - $actual = $original; - strip_bbcode($actual); - - $this->assertSame($expected, $actual, '20m4ill1'); + return [ + ['[b:20m4ill1]bold[/b:20m4ill1]', ' bold '], + ['[b]bold[/b]', ' bold '], + ['[b:20m4ill1]bo & ld[/b:20m4ill1]', ' bo & ld '], + ['[b]bo & ld[/b]', ' bo & ld '] + ]; } - public function test_s9e() + /** + * @dataProvider data_strip_bbcode + */ + public function test_strip_bbcode($input, $expected) { $phpbb_container = $this->get_test_case_helpers()->set_s9e_services(); - $original = '[b]bold[/b]'; - $expected = ' bold '; + strip_bbcode($input); - $actual = $original; - strip_bbcode($actual); - - $this->assertSame($expected, $actual); + $this->assertSame($expected, $input); } } From adcbe0a2b14bda13decc85cdff6ccde2f3fb4425 Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Tue, 27 Oct 2020 22:25:52 +0100 Subject: [PATCH 2/7] [prep-release-3.2.11] Update versions for 3.2.11 --- build/build.xml | 2 +- phpBB/includes/constants.php | 2 +- phpBB/install/convertors/convert_phpbb20.php | 2 +- phpBB/install/phpbbcli.php | 2 +- phpBB/install/schemas/schema_data.sql | 2 +- phpBB/styles/prosilver/style.cfg | 4 ++-- 6 files changed, 7 insertions(+), 7 deletions(-) diff --git a/build/build.xml b/build/build.xml index 0cbb13f4aa..2956a127af 100644 --- a/build/build.xml +++ b/build/build.xml @@ -2,7 +2,7 @@ - + diff --git a/phpBB/includes/constants.php b/phpBB/includes/constants.php index fcbcb562b5..fdd5d02603 100644 --- a/phpBB/includes/constants.php +++ b/phpBB/includes/constants.php @@ -28,7 +28,7 @@ if (!defined('IN_PHPBB')) */ // phpBB Version -@define('PHPBB_VERSION', '3.2.11-dev'); +@define('PHPBB_VERSION', '3.2.11'); // QA-related // define('PHPBB_QA', 1); diff --git a/phpBB/install/convertors/convert_phpbb20.php b/phpBB/install/convertors/convert_phpbb20.php index d59692642b..9dd0f3f804 100644 --- a/phpBB/install/convertors/convert_phpbb20.php +++ b/phpBB/install/convertors/convert_phpbb20.php @@ -38,7 +38,7 @@ $dbms = $phpbb_config_php_file->convert_30_dbms_to_31($dbms); $convertor_data = array( 'forum_name' => 'phpBB 2.0.x', 'version' => '1.0.3', - 'phpbb_version' => '3.2.10', + 'phpbb_version' => '3.2.11', 'author' => 'phpBB Limited', 'dbms' => $dbms, 'dbhost' => $dbhost, diff --git a/phpBB/install/phpbbcli.php b/phpBB/install/phpbbcli.php index de1f20411a..ebe436dc54 100755 --- a/phpBB/install/phpbbcli.php +++ b/phpBB/install/phpbbcli.php @@ -23,7 +23,7 @@ if (php_sapi_name() !== 'cli') define('IN_PHPBB', true); define('IN_INSTALL', true); define('PHPBB_ENVIRONMENT', 'production'); -define('PHPBB_VERSION', '3.2.10'); +define('PHPBB_VERSION', '3.2.11'); $phpbb_root_path = __DIR__ . '/../'; $phpEx = substr(strrchr(__FILE__, '.'), 1); diff --git a/phpBB/install/schemas/schema_data.sql b/phpBB/install/schemas/schema_data.sql index b7c5424e3e..3058596ab5 100644 --- a/phpBB/install/schemas/schema_data.sql +++ b/phpBB/install/schemas/schema_data.sql @@ -306,7 +306,7 @@ INSERT INTO phpbb_config (config_name, config_value) VALUES ('update_hashes_lock INSERT INTO phpbb_config (config_name, config_value) VALUES ('upload_icons_path', 'images/upload_icons'); INSERT INTO phpbb_config (config_name, config_value) VALUES ('upload_path', 'files'); INSERT INTO phpbb_config (config_name, config_value) VALUES ('use_system_cron', '0'); -INSERT INTO phpbb_config (config_name, config_value) VALUES ('version', '3.2.11-dev'); +INSERT INTO phpbb_config (config_name, config_value) VALUES ('version', '3.2.11'); INSERT INTO phpbb_config (config_name, config_value) VALUES ('warnings_expire_days', '90'); INSERT INTO phpbb_config (config_name, config_value) VALUES ('warnings_gc', '14400'); diff --git a/phpBB/styles/prosilver/style.cfg b/phpBB/styles/prosilver/style.cfg index cc5fc7aefc..4b922645b2 100644 --- a/phpBB/styles/prosilver/style.cfg +++ b/phpBB/styles/prosilver/style.cfg @@ -21,8 +21,8 @@ # General Information about this style name = prosilver copyright = © phpBB Limited, 2007 -style_version = 3.2.10 -phpbb_version = 3.2.10 +style_version = 3.2.11 +phpbb_version = 3.2.11 # Defining a different template bitfield # template_bitfield = //g= From d5ca3dc1321cee4ba9018d1b783ce6b7973c8341 Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Tue, 27 Oct 2020 22:27:11 +0100 Subject: [PATCH 3/7] [prep-release-3.2.11] Add migration for 3.2.11 --- phpBB/phpbb/db/migration/data/v32x/v3211.php | 36 ++++++++++++++++++++ 1 file changed, 36 insertions(+) create mode 100644 phpBB/phpbb/db/migration/data/v32x/v3211.php diff --git a/phpBB/phpbb/db/migration/data/v32x/v3211.php b/phpBB/phpbb/db/migration/data/v32x/v3211.php new file mode 100644 index 0000000000..0fad02ab28 --- /dev/null +++ b/phpBB/phpbb/db/migration/data/v32x/v3211.php @@ -0,0 +1,36 @@ + +* @license GNU General Public License, version 2 (GPL-2.0) +* +* For full copyright and license information, please see +* the docs/CREDITS.txt file. +* +*/ + +namespace phpbb\db\migration\data\v32x; + +class v3211 extends \phpbb\db\migration\migration +{ + public function effectively_installed() + { + return phpbb_version_compare($this->config['version'], '3.2.11', '>='); + } + + static public function depends_on() + { + return array( + '\phpbb\db\migration\data\v32x\v3210', + ); + } + + public function update_data() + { + return array( + array('config.update', array('version', '3.2.11')), + ); + } +} From 0a6421939b74c528c6bbeab74fdb7f64c29e1290 Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Tue, 27 Oct 2020 22:29:59 +0100 Subject: [PATCH 4/7] [prep-release-3.2.11] Update changelog for 3.2.11 --- phpBB/docs/CHANGELOG.html | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/phpBB/docs/CHANGELOG.html b/phpBB/docs/CHANGELOG.html index 62e954f2d8..3e46eea9d6 100644 --- a/phpBB/docs/CHANGELOG.html +++ b/phpBB/docs/CHANGELOG.html @@ -50,6 +50,7 @@
  1. Changelog
      +
    • Changes since 3.2.10
    • Changes since 3.2.10-RC2
    • Changes since 3.2.10-RC1
    • Changes since 3.2.9
      • @@ -145,6 +146,12 @@
      +

      Changes since 3.2.10

      +

      Security Issue

      +
        +
      • [SECURITY-264] - Invalid conversion of HTML entities when stripping BBCode
        • +
      +

      Changes since 3.2.10-RC2

      Bug

        From 084675c4f3c4dde8429c409c2c28a871dc0fa3f2 Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Sun, 1 Nov 2020 10:48:32 +0100 Subject: [PATCH 5/7] [ticket/security-265] Reduce verbosity of jabber error return SECURITY-265 --- phpBB/includes/functions_jabber.php | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/phpBB/includes/functions_jabber.php b/phpBB/includes/functions_jabber.php index cf0865e608..3c0602fa3b 100644 --- a/phpBB/includes/functions_jabber.php +++ b/phpBB/includes/functions_jabber.php @@ -227,7 +227,6 @@ class jabber if ($this->connected()) { $xml = trim($xml); - $this->add_to_log('SEND: '. $xml); return fwrite($this->connection, $xml); } else @@ -338,7 +337,6 @@ class jabber if ($data != '') { - $this->add_to_log('RECV: '. $data); return $this->xmlize($data); } else @@ -701,7 +699,7 @@ class jabber default: // hm...don't know this response - $this->add_to_log('Notice: Unknown server response (' . key($xml) . ')'); + $this->add_to_log('Notice: Unknown server response'); return false; break; } From d82715372b27a3c26e3cf1eeab9f44e6881fd7fe Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Sun, 1 Nov 2020 10:49:18 +0100 Subject: [PATCH 6/7] [ticket/security-265] Add better checks for empty or not set data SECURITY-265 --- phpBB/includes/functions_jabber.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/phpBB/includes/functions_jabber.php b/phpBB/includes/functions_jabber.php index 3c0602fa3b..43df61c396 100644 --- a/phpBB/includes/functions_jabber.php +++ b/phpBB/includes/functions_jabber.php @@ -207,7 +207,7 @@ class jabber */ function login() { - if (!count($this->features)) + if (empty($this->features)) { $this->add_to_log('Error: No feature information from server available.'); return false; @@ -417,7 +417,7 @@ class jabber { // or even multiple elements of the same type? // array('message' => array(0 => ..., 1 => ...)) - if (count(reset($xml)) > 1) + if (is_array(reset($xml)) && count(reset($xml)) > 1) { foreach (reset($xml) as $value) { @@ -443,7 +443,7 @@ class jabber } $second_time = isset($this->session['id']); - $this->session['id'] = $xml['stream:stream'][0]['@']['id']; + $this->session['id'] = isset($xml['stream:stream'][0]['@']['id']) ? $xml['stream:stream'][0]['@']['id'] : ''; if ($second_time) { From 22c3b7edd6ebbad3007aecc4466a496d2701ecb1 Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Wed, 4 Nov 2020 20:00:56 +0100 Subject: [PATCH 7/7] [prep-release-3.2.11] Update changelog for 3.2.11 --- phpBB/docs/CHANGELOG.html | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/phpBB/docs/CHANGELOG.html b/phpBB/docs/CHANGELOG.html index 3e46eea9d6..923f6ebbc0 100644 --- a/phpBB/docs/CHANGELOG.html +++ b/phpBB/docs/CHANGELOG.html @@ -149,7 +149,11 @@

        Changes since 3.2.10

        Security Issue

          -
        • [SECURITY-264] - Invalid conversion of HTML entities when stripping BBCode
          • +
        • [SECURITY-264] - Invalid conversion of HTML entities when stripping BBCode
          • +
        +

        Hardening

        +
          +
        • [SECURITY-265] - Reduce verbosity of jabber output in ACP

        Changes since 3.2.10-RC2