makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-10 13:28:55 +00:00
Code Issues Projects Releases Packages Wiki Activity

Merge branch '3.2.x' into 3.3.x

Browse source
This commit is contained in:
Marc Alexander 2019-09-20 22:23:06 +02:00
commit a7c02304a5
No known key found for this signature in database
GPG key ID: 50E0D2423696F995
25 changed files with 235 additions and 43 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
build/build.xml
View file

@ -4,7 +4,7 @@
<!-- a few settings for the build --> <!-- a few settings for the build -->
<property name="newversion" value="3.3.0-b1-dev" /> <property name="newversion" value="3.3.0-b1-dev" />
<property name="prevversion" value="3.2.7" /> <property name="prevversion" value="3.2.7" />
<property name="olderversions" value="3.1.0, 3.1.1, 3.1.2, 3.1.3, 3.1.4, 3.1.5, 3.1.6, 3.1.7, 3.1.7-pl1, 3.1.8, 3.1.9, 3.1.10, 3.1.11, 3.1.12, 3.2.0-a1, 3.2.0-a2, 3.2.0-b1, 3.2.0-b2, 3.2.0-RC1, 3.2.0-RC2, 3.2.0, 3.2.1, 3.2.2, 3.2.3, 3.2.4, 3.2.5, 3.2.6" /> <property name="olderversions" value="3.1.0, 3.1.1, 3.1.2, 3.1.3, 3.1.4, 3.1.5, 3.1.6, 3.1.7, 3.1.7-pl1, 3.1.8, 3.1.9, 3.1.10, 3.1.11, 3.1.12, 3.2.0-a1, 3.2.0-a2, 3.2.0-b1, 3.2.0-b2, 3.2.0-RC1, 3.2.0-RC2, 3.2.0, 3.2.1, 3.2.2, 3.2.3, 3.2.4, 3.2.5, 3.2.6, 3.2.8-RC1" />
<!-- no configuration should be needed beyond this point --> <!-- no configuration should be needed beyond this point -->
<property name="oldversions" value="${olderversions}, ${prevversion}" /> <property name="oldversions" value="${olderversions}, ${prevversion}" />

2
phpBB/adm/style/permission_mask.html
View file

@ -9,6 +9,8 @@
var role_options = new Array(); var role_options = new Array();
var no_role_assigned = "{LA_NO_ROLE_ASSIGNED}";
<!-- IF S_ROLE_JS_ARRAY --> <!-- IF S_ROLE_JS_ARRAY -->
{S_ROLE_JS_ARRAY} {S_ROLE_JS_ARRAY}
<!-- ENDIF --> <!-- ENDIF -->

4
phpBB/adm/style/permissions.js
View file

@ -279,6 +279,10 @@ function reset_role(id) {
} }
t.options[0].selected = true; t.options[0].selected = true;
var parent = t.parentNode;
parent.querySelector('span.dropdown-trigger').innerText = no_role_assigned;
parent.querySelector('input[data-name^=role]').value = '0';
} }
/** /**

17
phpBB/assets/javascript/plupload.js
View file

@ -90,6 +90,12 @@ phpbb.plupload.getSerializedData = function() {
obj['attachment_data[' + i + '][' + key + ']'] = datum[key]; obj['attachment_data[' + i + '][' + key + ']'] = datum[key];
} }
} }
// Insert form data
var $pluploadForm = $(phpbb.plupload.config.form_hook).first();
obj.creation_time = $pluploadForm.find('input[type=hidden][name="creation_time"]').val();
obj.form_token = $pluploadForm.find('input[type=hidden][name="form_token"]').val();
return obj; return obj;
}; };
@ -264,6 +270,17 @@ phpbb.plupload.deleteFile = function(row, attachId) {
return; return;
} }
// Handle errors while deleting file
if (typeof response.error !== 'undefined') {
phpbb.alert(phpbb.plupload.lang.ERROR, response.error.message);
// We will have to assume that the deletion failed. So leave the file status as uploaded.
row.find('.file-status').toggleClass('file-uploaded');
return;
}
phpbb.plupload.update(response, 'removal', index); phpbb.plupload.update(response, 'removal', index);
// Check if the user can upload files now if he had reached the max files limit. // Check if the user can upload files now if he had reached the max files limit.
phpbb.plupload.handleMaxFilesReached(); phpbb.plupload.handleMaxFilesReached();

28
phpBB/docs/CHANGELOG.html
View file

@ -50,6 +50,7 @@
<ol> <ol>
<li><a href="#changelog">Changelog</a> <li><a href="#changelog">Changelog</a>
<ul> <ul>
<li><a href="#v328rc1">Changes since 3.2.8-RC1</a></li>
<li><a href="#v327">Changes since 3.2.7</a></li> <li><a href="#v327">Changes since 3.2.7</a></li>
<li><a href="#v326">Changes since 3.2.6</a></li> <li><a href="#v326">Changes since 3.2.6</a></li>
<li><a href="#v326rc1">Changes since 3.2.6-RC1</a></li> <li><a href="#v326rc1">Changes since 3.2.6-RC1</a></li>
@ -139,6 +140,28 @@
<div class="inner"> <div class="inner">
<div class="content"> <div class="content">
<a name="v328rc1"></a><h3>Changes since 3.2.8-RC1</h3>
<h4>Bug</h4>
<ul>
<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-15467">PHPBB3-15467</a>] - Permission settings do not take affect when set using All YES/NO/NEVER</li>
<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16123">PHPBB3-16123</a>] - PHP error (Array to string conversion) on new user registration if email address is banned and &quot; Reason shown to the banned&quot; is empty</li>
<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16136">PHPBB3-16136</a>] - Missing word in 'AUTH_PROVIDER_OAUTH_ERROR_ALREADY_LINKED' </li>
</ul>
<h4>Improvement</h4>
<ul>
<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16134">PHPBB3-16134</a>] - Exclude group leaders on group member purge</li>
</ul>
<h4>Security Issue</h4>
<ul>
<li>[SECURITY-243] - CSS injection via BBCode tag</li>
<li>[SECURITY-244] - Missing form token check when handling attachments</li>
<li>[SECURITY-246] - Missing form token check when managing BBCodes</li>
</ul>
<h4>Hardening</h4>
<ul>
<li>[SECURITY-247] - Disable MySQLi local infile to prevent local file inclusion</li>
</ul>
<a name="v327"></a><h3>Changes since 3.2.7</h3> <a name="v327"></a><h3>Changes since 3.2.7</h3>
<h4>Bug</h4> <h4>Bug</h4>
<ul> <ul>
@ -193,7 +216,6 @@
<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16078">PHPBB3-16078</a>] - Use chrome webdriver for UI tests</li> <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16078">PHPBB3-16078</a>] - Use chrome webdriver for UI tests</li>
<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16089">PHPBB3-16089</a>] - Add core.confirm_box_ajax_before</li> <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16089">PHPBB3-16089</a>] - Add core.confirm_box_ajax_before</li>
<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16097">PHPBB3-16097</a>] - Add core.viewtopic_gen_sort_selects_before</li> <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16097">PHPBB3-16097</a>] - Add core.viewtopic_gen_sort_selects_before</li>
<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16101">PHPBB3-16101</a>] - Add Referrer-Policy header</li>
<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16102">PHPBB3-16102</a>] - Add core.posting_modify_post_subject</li> <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16102">PHPBB3-16102</a>] - Add core.posting_modify_post_subject</li>
<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16103">PHPBB3-16103</a>] - Add core.pm_modify_message_subject</li> <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16103">PHPBB3-16103</a>] - Add core.pm_modify_message_subject</li>
<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16106">PHPBB3-16106</a>] - Add core.mcp_main_before</li> <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16106">PHPBB3-16106</a>] - Add core.mcp_main_before</li>
@ -212,6 +234,10 @@
<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16112">PHPBB3-16112</a>] - Update composer dependencies to latest</li> <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16112">PHPBB3-16112</a>] - Update composer dependencies to latest</li>
<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16119">PHPBB3-16119</a>] - The text input for poll question has a too high maxlength attribute</li> <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16119">PHPBB3-16119</a>] - The text input for poll question has a too high maxlength attribute</li>
</ul> </ul>
<h4>Hardening</h4>
<ul>
<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16101">PHPBB3-16101</a>] - Add Referrer-Policy header</li>
</ul>
<a name="v326"></a><h3>Changes since 3.2.6</h3> <a name="v326"></a><h3>Changes since 3.2.6</h3>
<h4>Bug</h4> <h4>Bug</h4>

6
phpBB/docs/CREDITS.txt
View file

@ -1,7 +1,7 @@
/** /**
* *
* phpBB © Copyright phpBB Limited 2003-2016 * phpBB © Copyright phpBB Limited 2003-2019
* http://www.phpbb.com * https://www.phpbb.com
* *
* phpBB is free software. You can redistribute it and/or modify it * phpBB is free software. You can redistribute it and/or modify it
* under the terms of the GNU General Public License, version 2 (GPL-2.0) * under the terms of the GNU General Public License, version 2 (GPL-2.0)
@ -27,7 +27,6 @@ phpBB Developers: bantu (Andreas Fischer)
Derky (Derk Ruitenbeek) Derky (Derk Ruitenbeek)
Elsensee (Oliver Schramm) Elsensee (Oliver Schramm)
Hanakin (Michael Miday) Hanakin (Michael Miday)
MichaelC (Michael Cullum)
Nicofuma (Tristan Darricau) Nicofuma (Tristan Darricau)
rubencm (Rubén Calvo) rubencm (Rubén Calvo)
@ -63,6 +62,7 @@ phpBB Developers: A_Jelly_Doughnut (Josh Woody) [01/2010 - 11/2010]
igorw (Igor Wiedler) [08/2010 - 02/2013] igorw (Igor Wiedler) [08/2010 - 02/2013]
imkingdavid (David King) [11/2012 - 06/2014] imkingdavid (David King) [11/2012 - 06/2014]
kellanved (Henry Sudhof) [04/2007 - 03/2011] kellanved (Henry Sudhof) [04/2007 - 03/2011]
MichaelC (Michael Cullum) [11/2017 - 09/2019]
nickvergessen (Joas Schilling)[04/2010 - 12/2015] nickvergessen (Joas Schilling)[04/2010 - 12/2015]
Oleg (Oleg Pudeyev) [01/2011 - 05/2013] Oleg (Oleg Pudeyev) [01/2011 - 05/2013]
prototech (Cesar Gallegos) [01/2014 - 12/2016] prototech (Cesar Gallegos) [01/2014 - 12/2016]

12
phpBB/includes/acp/acp_bbcodes.php
View file

@ -33,7 +33,6 @@ class acp_bbcodes
// Set up general vars // Set up general vars
$action = $request->variable('action', ''); $action = $request->variable('action', '');
$bbcode_id = $request->variable('bbcode', 0); $bbcode_id = $request->variable('bbcode', 0);
$submit = $request->is_set_post('submit');
$this->tpl_name = 'acp_bbcodes'; $this->tpl_name = 'acp_bbcodes';
$this->page_title = 'ACP_BBCODES'; $this->page_title = 'ACP_BBCODES';
@ -41,11 +40,6 @@ class acp_bbcodes
add_form_key($form_key); add_form_key($form_key);
if ($submit && !check_form_key($form_key))
{
trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING);
}
// Set up mode-specific vars // Set up mode-specific vars
switch ($action) switch ($action)
{ {
@ -179,6 +173,12 @@ class acp_bbcodes
extract($phpbb_dispatcher->trigger_event('core.acp_bbcodes_modify_create', compact($vars))); extract($phpbb_dispatcher->trigger_event('core.acp_bbcodes_modify_create', compact($vars)));
$warn_text = preg_match('%<[^>]*\{text[\d]*\}[^>]*>%i', $bbcode_tpl); $warn_text = preg_match('%<[^>]*\{text[\d]*\}[^>]*>%i', $bbcode_tpl);
if (!$warn_text && !check_form_key($form_key))
{
trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING);
}
if (!$warn_text || confirm_box(true)) if (!$warn_text || confirm_box(true))
{ {
$data = $this->build_regexp($bbcode_match, $bbcode_tpl); $data = $this->build_regexp($bbcode_match, $bbcode_tpl);

1
phpBB/includes/acp/acp_prune.php
View file

@ -537,6 +537,7 @@ class acp_prune
AND ug.user_id <> ' . ANONYMOUS . ' AND ug.user_id <> ' . ANONYMOUS . '
AND u.user_type <> ' . USER_FOUNDER . ' AND u.user_type <> ' . USER_FOUNDER . '
AND ug.user_pending = 0 AND ug.user_pending = 0
AND ug.group_leader = 0
AND u.user_id = ug.user_id AND u.user_id = ug.user_id
' . (!empty($user_ids) ? ' AND ' . $db->sql_in_set('ug.user_id', $user_ids) : ''); ' . (!empty($user_ids) ? ' AND ' . $db->sql_in_set('ug.user_id', $user_ids) : '');
$result = $db->sql_query($sql); $result = $db->sql_query($sql);

5
phpBB/includes/functions_user.php
View file

@ -1945,9 +1945,10 @@ function validate_user_email($email, $allowed_email = false)
return $validate_email; return $validate_email;
} }
if (($ban = $user->check_ban(false, false, $email, true)) !== false) $ban = $user->check_ban(false, false, $email, true);
if (!empty($ban))
{ {
return ($ban === true) ? 'EMAIL_BANNED' : (!empty($ban['ban_give_reason']) ? $ban['ban_give_reason'] : $ban); return !empty($ban['ban_give_reason']) ? $ban['ban_give_reason'] : 'EMAIL_BANNED';
} }
if (!$config['allow_emailreuse']) if (!$config['allow_emailreuse'])

29
phpBB/includes/message_parser.php
View file

@ -1524,6 +1524,35 @@ class parse_message extends bbcode_firstpass
} }
} }
/**
* Check attachment form token depending on submit type
*
* @param \phpbb\language\language $language Language
* @param \phpbb\request\request_interface $request Request
* @param string $form_name Form name for checking form key
*
* @return bool True if form token is not needed or valid, false if needed and invalid
*/
function check_attachment_form_token(\phpbb\language\language $language, \phpbb\request\request_interface $request, $form_name)
{
$add_file = $request->is_set_post('add_file');
$delete_file = $request->is_set_post('delete_file');
if (($add_file || $delete_file) && !check_form_key($form_name))
{
$this->warn_msg[] = $language->lang('FORM_INVALID');
if ($request->is_ajax() && $this->plupload)
{
$this->plupload->emit_error(-400, 'FORM_INVALID');
}
return false;
}
return true;
}
/** /**
* Parse Attachments * Parse Attachments
*/ */

7
phpBB/includes/ucp/ucp_pm_compose.php
View file

@ -26,7 +26,7 @@ if (!defined('IN_PHPBB'))
function compose_pm($id, $mode, $action, $user_folders = array()) function compose_pm($id, $mode, $action, $user_folders = array())
{ {
global $template, $db, $auth, $user, $cache; global $template, $db, $auth, $user, $cache;
global $phpbb_root_path, $phpEx, $config; global $phpbb_root_path, $phpEx, $config, $language;
global $request, $phpbb_dispatcher, $phpbb_container; global $request, $phpbb_dispatcher, $phpbb_container;
// Damn php and globals - i know, this is horrible // Damn php and globals - i know, this is horrible
@ -799,7 +799,10 @@ function compose_pm($id, $mode, $action, $user_folders = array())
extract($phpbb_dispatcher->trigger_event('core.ucp_pm_compose_modify_parse_before', compact($vars))); extract($phpbb_dispatcher->trigger_event('core.ucp_pm_compose_modify_parse_before', compact($vars)));
// Parse Attachments - before checksum is calculated // Parse Attachments - before checksum is calculated
$message_parser->parse_attachments('fileupload', $action, 0, $submit, $preview, $refresh, true); if ($message_parser->check_attachment_form_token($language, $request, 'ucp_pm_compose'))
{
$message_parser->parse_attachments('fileupload', $action, 0, $submit, $preview, $refresh, true);
}
if (count($message_parser->warn_msg) && !($remove_u || $remove_g || $add_to || $add_bcc)) if (count($message_parser->warn_msg) && !($remove_u || $remove_g || $add_to || $add_bcc))
{ {

2
phpBB/language/en/common.php
View file

@ -91,7 +91,7 @@ $lang = array_merge($lang, array(
'ATTACHED_IMAGE_NOT_IMAGE' => 'The image file you tried to attach is invalid.', 'ATTACHED_IMAGE_NOT_IMAGE' => 'The image file you tried to attach is invalid.',
'AUTHOR' => 'Author', 'AUTHOR' => 'Author',
'AUTH_NO_PROFILE_CREATED' => 'The creation of a user profile was unsuccessful.', 'AUTH_NO_PROFILE_CREATED' => 'The creation of a user profile was unsuccessful.',
'AUTH_PROVIDER_OAUTH_ERROR_ALREADY_LINKED' => 'The account is already linked with other user.', 'AUTH_PROVIDER_OAUTH_ERROR_ALREADY_LINKED' => 'This external service is already associated with another board account.',
'AUTH_PROVIDER_OAUTH_ERROR_INVALID_ENTRY' => 'Invalid database entry.', 'AUTH_PROVIDER_OAUTH_ERROR_INVALID_ENTRY' => 'Invalid database entry.',
'AUTH_PROVIDER_OAUTH_ERROR_INVALID_SERVICE_TYPE' => 'Invalid service type provided to OAuth service handler.', 'AUTH_PROVIDER_OAUTH_ERROR_INVALID_SERVICE_TYPE' => 'Invalid service type provided to OAuth service handler.',
'AUTH_PROVIDER_OAUTH_ERROR_SERVICE_NOT_CREATED' => 'OAuth service not created', 'AUTH_PROVIDER_OAUTH_ERROR_SERVICE_NOT_CREATED' => 'OAuth service not created',

3
phpBB/phpbb/db/driver/mysqli.php
View file

@ -68,6 +68,9 @@ class mysqli extends \phpbb\db\driver\mysql_base
if ($this->db_connect_id && $this->dbname != '') if ($this->db_connect_id && $this->dbname != '')
{ {
// Disable loading local files on client side
@mysqli_options($this->db_connect_id, MYSQLI_OPT_LOCAL_INFILE, false);
@mysqli_query($this->db_connect_id, "SET NAMES 'utf8'"); @mysqli_query($this->db_connect_id, "SET NAMES 'utf8'");
// enforce strict mode on databases that support it // enforce strict mode on databases that support it

36
phpBB/phpbb/db/migration/data/v32x/v328.php Normal file
View file

@ -0,0 +1,36 @@
<?php
/**
*
* This file is part of the phpBB Forum Software package.
*
* @copyright (c) phpBB Limited <https://www.phpbb.com>
* @license GNU General Public License, version 2 (GPL-2.0)
*
* For full copyright and license information, please see
* the docs/CREDITS.txt file.
*
*/
namespace phpbb\db\migration\data\v32x;
class v328 extends \phpbb\db\migration\migration
{
public function effectively_installed()
{
return phpbb_version_compare($this->config['version'], '3.2.8', '>=');
}
static public function depends_on()
{
return array(
'\phpbb\db\migration\data\v32x\v328rc1',
);
}
public function update_data()
{
return array(
array('config.update', array('version', '3.2.8')),
);
}
}

2
phpBB/phpbb/textformatter/s9e/factory.php
View file

@ -110,7 +110,7 @@ class factory implements \phpbb\textformatter\cache_interface
'i' => '<span style="font-style: italic"><xsl:apply-templates/></span>', 'i' => '<span style="font-style: italic"><xsl:apply-templates/></span>',
'u' => '<span style="text-decoration: underline"><xsl:apply-templates/></span>', 'u' => '<span style="text-decoration: underline"><xsl:apply-templates/></span>',
'img' => '<img src="{IMAGEURL}" class="postimage" alt="{L_IMAGE}"/>', 'img' => '<img src="{IMAGEURL}" class="postimage" alt="{L_IMAGE}"/>',
'size' => '<span style="font-size: {FONTSIZE}%; line-height: normal"><xsl:apply-templates/></span>', 'size' => '<span><xsl:attribute name="style"><xsl:text>font-size: </xsl:text><xsl:value-of select="substring(@size, 1, 4)"/><xsl:text>%; line-height: normal</xsl:text></xsl:attribute><xsl:apply-templates/></span>',
'color' => '<span style="color: {COLOR}"><xsl:apply-templates/></span>', 'color' => '<span style="color: {COLOR}"><xsl:apply-templates/></span>',
'email' => '<a> 'email' => '<a>
<xsl:attribute name="href"> <xsl:attribute name="href">

2
phpBB/phpbb/textformatter/s9e/parser.php
View file

@ -342,7 +342,7 @@ class parser implements \phpbb\textformatter\parser_interface
return false; return false;
} }
if ($size < 1) if ($size < 1 || !is_numeric($size))
{ {
return false; return false;
} }

5
phpBB/posting.php
View file

@ -974,7 +974,10 @@ if ($submit || $preview || $refresh)
} }
// Parse Attachments - before checksum is calculated // Parse Attachments - before checksum is calculated
$message_parser->parse_attachments('fileupload', $mode, $forum_id, $submit, $preview, $refresh); if ($message_parser->check_attachment_form_token($language, $request, 'posting'))
{
$message_parser->parse_attachments('fileupload', $mode, $forum_id, $submit, $preview, $refresh);
}
/** /**
* This event allows you to modify message text before parsing * This event allows you to modify message text before parsing

1
phpBB/styles/prosilver/template/plupload.html
View file

@ -57,6 +57,7 @@ phpbb.plupload = {
lang: { lang: {
ERROR: '{LA_ERROR}', ERROR: '{LA_ERROR}',
TOO_MANY_ATTACHMENTS: '{LA_TOO_MANY_ATTACHMENTS}', TOO_MANY_ATTACHMENTS: '{LA_TOO_MANY_ATTACHMENTS}',
FORM_INVALID: '{LA_FORM_INVALID}',
}, },
order: '{ATTACH_ORDER}', order: '{ATTACH_ORDER}',
maxFiles: {MAX_ATTACHMENTS}, maxFiles: {MAX_ATTACHMENTS},

9
tests/functional/fileupload_form_test.php
View file

@ -46,6 +46,13 @@ class phpbb_functional_fileupload_form_test extends phpbb_functional_test_case
private function upload_file($filename, $mimetype) private function upload_file($filename, $mimetype)
{ {
$crawler = self::$client->request(
'GET',
'posting.php?mode=reply&f=2&t=1&sid=' . $this->sid
);
$file_form_data = array_merge(['add_file' => $this->lang('ADD_FILE')], $this->get_hidden_fields($crawler, 'posting.php?mode=reply&f=2&t=1&sid=' . $this->sid));
$file = array( $file = array(
'tmp_name' => $this->path . $filename, 'tmp_name' => $this->path . $filename,
'name' => $filename, 'name' => $filename,
@ -57,7 +64,7 @@ class phpbb_functional_fileupload_form_test extends phpbb_functional_test_case
$crawler = self::$client->request( $crawler = self::$client->request(
'POST', 'POST',
'posting.php?mode=reply&f=2&t=1&sid=' . $this->sid, 'posting.php?mode=reply&f=2&t=1&sid=' . $this->sid,
array('add_file' => $this->lang('ADD_FILE')), $file_form_data,
array('fileupload' => $file) array('fileupload' => $file)
); );

14
tests/functional/plupload_test.php
View file

@ -76,6 +76,10 @@ class phpbb_functional_plupload_test extends phpbb_functional_test_case
$chunk_size = ceil(filesize($this->path . 'valid.jpg') / self::CHUNKS); $chunk_size = ceil(filesize($this->path . 'valid.jpg') / self::CHUNKS);
$handle = fopen($this->path . 'valid.jpg', 'rb'); $handle = fopen($this->path . 'valid.jpg', 'rb');
$crawler = self::$client->request('POST', $url . '&sid=' . $this->sid);
$file_form_data = $this->get_hidden_fields($crawler, $url);
for ($i = 0; $i < self::CHUNKS; $i++) for ($i = 0; $i < self::CHUNKS; $i++)
{ {
$chunk = fread($handle, $chunk_size); $chunk = fread($handle, $chunk_size);
@ -94,13 +98,13 @@ class phpbb_functional_plupload_test extends phpbb_functional_test_case
$crawler = self::$client->request( $crawler = self::$client->request(
'POST', 'POST',
$url . '&sid=' . $this->sid, $url . '&sid=' . $this->sid,
array( array_merge(array(
'chunk' => $i, 'chunk' => $i,
'chunks' => self::CHUNKS, 'chunks' => self::CHUNKS,
'name' => md5('valid') . '.jpg', 'name' => md5('valid') . '.jpg',
'real_filename' => 'valid.jpg', 'real_filename' => 'valid.jpg',
'add_file' => $this->lang('ADD_FILE'), 'add_file' => $this->lang('ADD_FILE'),
), ), $file_form_data),
array('fileupload' => $file), array('fileupload' => $file),
array('X-PHPBB-USING-PLUPLOAD' => '1') array('X-PHPBB-USING-PLUPLOAD' => '1')
); );
@ -134,17 +138,19 @@ class phpbb_functional_plupload_test extends phpbb_functional_test_case
'error' => UPLOAD_ERR_OK, 'error' => UPLOAD_ERR_OK,
); );
$file_form_data = $this->get_hidden_fields(null, $url);
self::$client->setServerParameter('HTTP_X_PHPBB_USING_PLUPLOAD', '1'); self::$client->setServerParameter('HTTP_X_PHPBB_USING_PLUPLOAD', '1');
self::$client->request( self::$client->request(
'POST', 'POST',
$url . '&sid=' . $this->sid, $url . '&sid=' . $this->sid,
array( array_merge(array(
'chunk' => '0', 'chunk' => '0',
'chunks' => '1', 'chunks' => '1',
'name' => md5('valid') . '.jpg', 'name' => md5('valid') . '.jpg',
'real_filename' => 'valid.jpg', 'real_filename' => 'valid.jpg',
'add_file' => $this->lang('ADD_FILE'), 'add_file' => $this->lang('ADD_FILE'),
), ), $file_form_data),
array('fileupload' => $file) array('fileupload' => $file)
); );

24
tests/functions/fixtures/validate_email.xml
View file

@ -1,5 +1,29 @@
<?xml version="1.0" encoding="UTF-8" ?> <?xml version="1.0" encoding="UTF-8" ?>
<dataset> <dataset>
<table name="phpbb_banlist">
<column>ban_id</column>
<column>ban_userid</column>
<column>ban_exclude</column>
<column>ban_end</column>
<column>ban_email</column>
<column>ban_give_reason</column>
<row>
<value>1</value>
<value>0</value>
<value>0</value>
<value>0</value>
<value>banned@example.com</value>
<value></value>
</row>
<row>
<value>2</value>
<value>0</value>
<value>0</value>
<value>0</value>
<value>banned2@example.com</value>
<value>just because</value>
</row>
</table>
<table name="phpbb_users"> <table name="phpbb_users">
<column>user_id</column> <column>user_id</column>
<column>username</column> <column>username</column>

12
tests/functions/validate_user_email_test.php
View file

@ -28,10 +28,16 @@ class phpbb_functions_validate_user_email_test extends phpbb_database_test_case
protected function setUp(): void protected function setUp(): void
{ {
global $cache, $phpbb_dispatcher, $phpbb_root_path, $phpEx;
parent::setUp(); parent::setUp();
$cache = new \phpbb\cache\driver\file();
$cache->purge();
$this->db = $this->new_dbal(); $this->db = $this->new_dbal();
$this->user = new phpbb_mock_user; $phpbb_dispatcher = new phpbb_mock_event_dispatcher();
$language = new phpbb\language\language(new phpbb\language\language_file_loader($phpbb_root_path, $phpEx));
$this->user = new phpbb\user($language, '\phpbb\datetime');
$this->helper = new phpbb_functions_validate_data_helper($this); $this->helper = new phpbb_functions_validate_data_helper($this);
} }
@ -47,7 +53,6 @@ class phpbb_functions_validate_user_email_test extends phpbb_database_test_case
$config['email_check_mx'] = $check_mx; $config['email_check_mx'] = $check_mx;
$db = $this->db; $db = $this->db;
$user = $this->user; $user = $this->user;
$user->optionset('banned_users', array('banned@example.com'));
} }
public static function validate_user_email_data() public static function validate_user_email_data()
@ -58,7 +63,8 @@ class phpbb_functions_validate_user_email_test extends phpbb_database_test_case
array('valid_complex', array(), "'%$~test@example.com"), array('valid_complex', array(), "'%$~test@example.com"),
array('invalid', array('EMAIL_INVALID'), 'fööbar@example.com'), array('invalid', array('EMAIL_INVALID'), 'fööbar@example.com'),
array('taken', array('EMAIL_TAKEN'), 'admin@example.com'), array('taken', array('EMAIL_TAKEN'), 'admin@example.com'),
array('banned', array('EMAIL_BANNED'), 'banned@example.com'), array('banned', ['just because'], 'banned2@example.com'),
array('banned', ['EMAIL_BANNED'], 'banned@example.com')
); );
} }

51
tests/test_framework/phpbb_functional_test_case.php
View file

@ -1232,24 +1232,14 @@ class phpbb_functional_test_case extends phpbb_test_case
'error' => UPLOAD_ERR_OK, 'error' => UPLOAD_ERR_OK,
); );
$crawler = self::$client->request('POST', $posting_url, array('add_file' => $this->lang('ADD_FILE')), array('fileupload' => $file)); $file_form_data = array_merge(['add_file' => $this->lang('ADD_FILE')], $this->get_hidden_fields($crawler, $posting_url));
$crawler = self::$client->request('POST', $posting_url, $file_form_data, array('fileupload' => $file));
} }
unset($form_data['upload_files']); unset($form_data['upload_files']);
} }
$hidden_fields = array( $form_data = array_merge($form_data, $this->get_hidden_fields($crawler, $posting_url));
$crawler->filter('[type="hidden"]')->each(function ($node, $i) {
return array('name' => $node->attr('name'), 'value' => $node->attr('value'));
}),
);
foreach ($hidden_fields as $fields)
{
foreach($fields as $field)
{
$form_data[$field['name']] = $field['value'];
}
}
// I use a request because the form submission method does not allow you to send data that is not // I use a request because the form submission method does not allow you to send data that is not
// contained in one of the actual form fields that the browser sees (i.e. it ignores "hidden" inputs) // contained in one of the actual form fields that the browser sees (i.e. it ignores "hidden" inputs)
@ -1380,4 +1370,37 @@ class phpbb_functional_test_case extends phpbb_test_case
return self::request('GET', substr($link, strpos($link, 'mcp.'))); return self::request('GET', substr($link, strpos($link, 'mcp.')));
} }
/**
* Get hidden fields for URL
*
* @param Symfony\Component\DomCrawler\Crawler|null $crawler Crawler instance or null
* @param string $url Request URL
*
* @return array Hidden form fields array
*/
protected function get_hidden_fields($crawler, $url)
{
if (!$crawler)
{
$crawler = self::$client->request('GET', $url);
}
$hidden_fields = [
$crawler->filter('[type="hidden"]')->each(function ($node, $i) {
return ['name' => $node->attr('name'), 'value' => $node->attr('value')];
}),
];
$file_form_data = [];
foreach ($hidden_fields as $fields)
{
foreach($fields as $field)
{
$file_form_data[$field['name']] = $field['value'];
}
}
return $file_form_data;
}
} }

2
tests/text_formatter/s9e/default_formatting_test.php
View file

@ -70,7 +70,7 @@ class phpbb_textformatter_s9e_default_formatting_test extends phpbb_test_case
), ),
array( array(
'[size=75]smaller[/size]', '[size=75]smaller[/size]',
'<span style="font-size:75%;line-height:normal">smaller</span>' '<span style="font-size: 75%; line-height: normal">smaller</span>'
), ),
array( array(
'[quote]quoted[/quote]', '[quote]quoted[/quote]',

2
tests/text_processing/tickets_data/PHPBB3-13921.html
View file

@ -1 +1 @@
<span style="font-size:200%;line-height:normal"></span><div style="text-align:center"><span style="font-size:200%;line-height:normal">xxx</span></div> <span style="font-size: 200%; line-height: normal"></span><div style="text-align:center"><span style="font-size: 200%; line-height: normal">xxx</span></div>