[ticket/16211] Prevent skipping COPPA via URL parameter

PHPBB3-16211

phpBB/includes/ucp/ucp_register.php

@@ -40,6 +40,7 @@ class ucp_register
 		}
 
 		$coppa			= $request->is_set('coppa') ? (int) $request->variable('coppa', false) : false;
+		$token			= $request->variable('hash', '');
 		$agreed			= $request->variable('agreed', false);
 		$submit			= $request->is_set_post('submit');
 		$change_lang	= $request->variable('change_lang', '');
@@ -50,6 +51,11 @@ class ucp_register
 			$agreed = false;
 		}
 
+		if ($coppa !== false && !check_link_hash($token, 'coppa') && !check_form_key('ucp_register'))
+		{
+			$coppa = false;
+		}
+
 		/**
 		* Add UCP register data before they are assigned to the template or submitted
 		*
@@ -164,13 +170,15 @@ class ucp_register
 					->format($user->lang['DATE_FORMAT'], true);
 				unset($now);
 
+				$coppa_link_hash = '&hash=' . generate_link_hash('coppa');
+
 				$template_vars = array(
 					'S_LANG_OPTIONS'	=> (count($lang_row) > 1) ? language_select($user_lang) : '',
 					'L_COPPA_NO'		=> sprintf($user->lang['UCP_COPPA_BEFORE'], $coppa_birthday),
 					'L_COPPA_YES'		=> sprintf($user->lang['UCP_COPPA_ON_AFTER'], $coppa_birthday),
 
-					'U_COPPA_NO'		=> append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=register&coppa=0'),
+					'U_COPPA_NO'		=> append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=register&coppa=0' . $coppa_link_hash),
-					'U_COPPA_YES'		=> append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=register&coppa=1'),
+					'U_COPPA_YES'		=> append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=register&coppa=1' . $coppa_link_hash),
 
 					'S_SHOW_COPPA'		=> true,
 					'S_HIDDEN_FIELDS'	=> build_hidden_fields($s_hidden_fields),

tests/functional/registration_test.php

@@ -36,6 +36,10 @@ class phpbb_functional_registration_test extends phpbb_functional_test_case
 	{
 		$this->add_lang('ucp');
 
+		// Check that we can't skip
+		self::request('GET', 'ucp.php?mode=register&agreed=1');
+		$this->assertContainsLang('AGREE', $this->get_content());
+
 		$crawler = self::request('GET', 'ucp.php?mode=register');
 		$this->assertContainsLang('REGISTRATION', $crawler->filter('div.content h2')->text());
 
@@ -64,4 +68,55 @@ class phpbb_functional_registration_test extends phpbb_functional_test_case
 		$this->assert_checkbox_is_checked($crawler, 'notification.type.post_notification.method.email');
 		$this->assert_checkbox_is_checked($crawler, 'notification.type.topic_notification.method.email');
 	}
+
+	/**
+	 * @depends test_disable_captcha_on_registration
+	 */
+	public function test_register_coppa_account()
+	{
+		$this->login();
+		$this->admin_login();
+
+		$crawler = self::request('GET', "adm/index.php?i=acp_board&mode=registration&sid={$this->sid}");
+		$form = $crawler->selectButton('Submit')->form();
+		$form['config[coppa_enable]']->setValue('1');
+		$crawler = self::submit($form);
+
+		$this->assertContainsLang('CONFIG_UPDATED', $crawler->filter('#main .successbox')->text());
+		$this->logout();
+
+		$this->add_lang('ucp');
+
+		// Check that we can't skip
+		$crawler = self::request('GET', 'ucp.php?mode=register&coppa=1');
+		$this->assertContainsLang('COPPA_BIRTHDAY', $crawler->html());
+
+		$agreement_url = $crawler->filter('#agreement')->filter('a')->links()[0]->getUri();
+		preg_match('/(&hash=\w+)/', $agreement_url, $matches);
+		$crawler = self::request('GET', 'ucp.php?mode=register&coppa=1' . $matches[1]);
+
+		$this->assertContainsLang('REGISTRATION', $crawler->filter('div.content h2')->text());
+
+		$form = $crawler->selectButton('I agree to these terms')->form();
+		$crawler = self::submit($form);
+
+		$form = $crawler->selectButton('Submit')->form(array(
+			'username'			=> 'user-coppa-test',
+			'email'				=> 'user-coppa-test@phpbb.com',
+			'new_password'		=> 'user-coppa-testuser-coppa-test',
+			'password_confirm'	=> 'user-coppa-testuser-coppa-test',
+		));
+		$form['tz']->select('Europe/Berlin');
+		$crawler = self::submit($form);
+
+		$this->assertContainsLang('ACCOUNT_COPPA', $crawler->filter('#message')->text());
+
+		$this->login();
+		$this->admin_login();
+
+		$crawler = self::request('GET', "adm/index.php?i=acp_board&mode=registration&sid={$this->sid}");
+		$form = $crawler->selectButton('Submit')->form();
+		$form['config[coppa_enable]']->setValue('0');
+		$crawler = self::submit($form);
+	}
 }