Merge branch '3.3.x'

2025-06-08 04:18:52 +00:00 · 2020-11-04 22:05:43 +01:00 · 2020-11-04 22:05:43 +01:00 · a4a31a36ce
commit a4a31a36ce
parent 72080f970f 2f14cc832c
6 changed files with 67 additions and 23 deletions
--- a/build/build.xml
+++ b/build/build.xml
@ -4,7 +4,7 @@
 	<!-- a few settings for the build -->
 	<property name="newversion" value="4.0.0-a1-dev" />
 	<property name="prevversion" value="3.3.1" />
-	<property name="olderversions" value="3.1.0, 3.1.1, 3.1.2, 3.1.3, 3.1.4, 3.1.5, 3.1.6, 3.1.7, 3.1.7-pl1, 3.1.8, 3.1.9, 3.1.10, 3.1.11, 3.1.12, 3.2.0, 3.2.1, 3.2.2, 3.2.3, 3.2.4, 3.2.5, 3.2.6, 3.2.7, 3.2.8, 3.2.9, 3.2.10, 3.3.0, 3.3.2-RC1" />
+	<property name="olderversions" value="3.1.0, 3.1.1, 3.1.2, 3.1.3, 3.1.4, 3.1.5, 3.1.6, 3.1.7, 3.1.7-pl1, 3.1.8, 3.1.9, 3.1.10, 3.1.11, 3.1.12, 3.2.0, 3.2.1, 3.2.2, 3.2.3, 3.2.4, 3.2.5, 3.2.6, 3.2.7, 3.2.8, 3.2.9, 3.2.10, 3.2.11, 3.3.0, 3.3.2-RC1" />
 	<!-- no configuration should be needed beyond this point -->
 	<property name="oldversions" value="${olderversions}, ${prevversion}" />
--- a/phpBB/docs/CHANGELOG.html
+++ b/phpBB/docs/CHANGELOG.html
@ -57,6 +57,7 @@
 		<li><a href="#v330b2">Changes since 3.3.0-b2</a></li>
 		<li><a href="#v330b1">Changes since 3.3.0-b1</a></li>
 		<li><a href="#v32x">Changes since 3.2.x</a></li>
 		<li><a href="#v3210">Changes since 3.2.10</a></li>
 		<li><a href="#v3210rc2">Changes since 3.2.10-RC2</a></li>
 		<li><a href="#v3210rc1">Changes since 3.2.10-RC1</a></li>
 		<li><a href="#v329">Changes since 3.2.9</a></li>
@ -581,6 +582,16 @@
 				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16185">PHPBB3-16185</a>] - Use Xenial build environment on travis-ci</li>
 			</ul>
 			<a name="v3210"></a><h3>Changes since 3.2.10</h3>
 			<h4>Security Issue</h4>
 			<ul>
 				<li>[SECURITY-264] - Invalid conversion of HTML entities when stripping BBCode</li>
 			</ul>
 			<h4>Hardening</h4>
 			<ul>
 				<li>[SECURITY-265] - Reduce verbosity of jabber output in ACP</li>
 			</ul>
 			<a name="v3210rc2"></a><h3>Changes since 3.2.10-RC2</h3>
 			<h4>Bug</h4>
 			<ul>
--- a/phpBB/includes/functions_jabber.php
+++ b/phpBB/includes/functions_jabber.php
@ -207,7 +207,7 @@ class jabber
 	*/
 	function login()
 	{
-		if (!count($this->features))
+		if (empty($this->features))
 		{
 			$this->add_to_log('Error: No feature information from server available.');
 			return false;
@ -227,7 +227,6 @@ class jabber
 		if ($this->connected())
 		{
 			$xml = trim($xml);
 			$this->add_to_log('SEND: '. $xml);
 			return fwrite($this->connection, $xml);
 		}
 		else
@ -338,7 +337,6 @@ class jabber
 		if ($data != '')
 		{
 			$this->add_to_log('RECV: '. $data);
 			return $this->xmlize($data);
 		}
 		else
@ -419,7 +417,7 @@ class jabber
 		{
 			// or even multiple elements of the same type?
 			// array('message' => array(0 => ..., 1 => ...))
-			if (count(reset($xml)) > 1)
+			if (is_array(reset($xml)) && count(reset($xml)) > 1)
 			{
 				foreach (reset($xml) as $value)
 				{
@ -445,7 +443,7 @@ class jabber
 				}
 				$second_time = isset($this->session['id']);
-				$this->session['id'] = $xml['stream:stream'][0]['@']['id'];
+				$this->session['id'] = isset($xml['stream:stream'][0]['@']['id']) ? $xml['stream:stream'][0]['@']['id'] : '';
 				if ($second_time)
 				{
@ -701,7 +699,7 @@ class jabber
 			default:
 				// hm...don't know this response
-				$this->add_to_log('Notice: Unknown server response (' . key($xml) . ')');
+				$this->add_to_log('Notice: Unknown server response');
 				return false;
 			break;
 		}
--- a/phpBB/phpbb/db/migration/data/v32x/v3211.php
+++ b/phpBB/phpbb/db/migration/data/v32x/v3211.php
@ -0,0 +1,36 @@
 <?php
 /**
 *
 * This file is part of the phpBB Forum Software package.
 *
 * @copyright (c) phpBB Limited <https://www.phpbb.com>
 * @license GNU General Public License, version 2 (GPL-2.0)
 *
 * For full copyright and license information, please see
 * the docs/CREDITS.txt file.
 *
 */
 namespace phpbb\db\migration\data\v32x;
 class v3211 extends \phpbb\db\migration\migration
 {
 	public function effectively_installed()
 	{
 		return phpbb_version_compare($this->config['version'], '3.2.11', '>=');
 	}
 	static public function depends_on()
 	{
 		return array(
 			'\phpbb\db\migration\data\v32x\v3210',
 		);
 	}
 	public function update_data()
 	{
 		return array(
 			array('config.update', array('version', '3.2.11')),
 		);
 	}
 }
--- a/phpBB/phpbb/textformatter/s9e/utils.php
+++ b/phpBB/phpbb/textformatter/s9e/utils.php
@ -31,7 +31,7 @@ class utils implements \phpbb\textformatter\utils_interface
 		// Insert a space before <s> and <e> then remove formatting
 		$xml = preg_replace('#<[es]>#', ' $0', $xml);
-		return \s9e\TextFormatter\Utils::removeFormatting($xml);
+		return utf8_htmlspecialchars(\s9e\TextFormatter\Utils::removeFormatting($xml));
 	}
 	/**
--- a/tests/text_processing/strip_bbcode_test.php
+++ b/tests/text_processing/strip_bbcode_test.php
@ -13,27 +13,26 @@
 class phpbb_text_processing_strip_bbcode_test extends phpbb_test_case
 {
-	public function test_legacy()
+
 	public function data_strip_bbcode()
 	{
-		$original = '[b:20m4ill1]bold[/b:20m4ill1]';
+		return [
-		$expected = ' bold ';
+			['[b:20m4ill1]bold[/b:20m4ill1]', ' bold '],
-
+			['<r><B><s>[b]</s>bold<e>[/b]</e></B></r>', ' bold '],
-		$actual = $original;
+			['[b:20m4ill1]bo &amp; ld[/b:20m4ill1]', ' bo &amp; ld '],
-		strip_bbcode($actual);
+			['<r><B><s>[b]</s>bo &amp; ld<e>[/b]</e></B></r>', ' bo &amp; ld ']
-
+		];
 		$this->assertSame($expected, $actual, '20m4ill1');
 	}
-	public function test_s9e()
+	/**
 	 * @dataProvider data_strip_bbcode
 	 */
 	public function test_strip_bbcode($input, $expected)
 	{
 		$phpbb_container = $this->get_test_case_helpers()->set_s9e_services();
-		$original = '<r><B><s>[b]</s>bold<e>[/b]</e></B></r>';
+		strip_bbcode($input);
 		$expected = ' bold ';
-		$actual = $original;
+		$this->assertSame($expected, $input);
 		strip_bbcode($actual);
 		$this->assertSame($expected, $actual);
 	}
 }