From 7b10f859decdb5d97ffe97e647db52f29f4661f8 Mon Sep 17 00:00:00 2001
From: Nils Adermann <naderman@naderman.de>
Date: Thu, 2 Jun 2011 08:45:48 +0200
Subject: [PATCH 1/2] [ticket/10005] Add validation of dropdown custom profile
 field values

PHPBB3-10005
---
 phpBB/includes/functions_profile_fields.php | 14 +++++-
 phpBB/language/en/ucp.php                   |  1 +
 tests/profile/custom_test.php               | 52 +++++++++++++++++++++
 tests/profile/fixtures/profile_fields.xml   | 31 ++++++++++++
 4 files changed, 97 insertions(+), 1 deletion(-)
 create mode 100644 tests/profile/custom_test.php
 create mode 100644 tests/profile/fixtures/profile_fields.xml

diff --git a/phpBB/includes/functions_profile_fields.php b/phpBB/includes/functions_profile_fields.php
index 78fe049f40..1eae2a9ad6 100644
--- a/phpBB/includes/functions_profile_fields.php
+++ b/phpBB/includes/functions_profile_fields.php
@@ -149,7 +149,18 @@ class custom_profile
 
 			case FIELD_DROPDOWN:
 				$field_value = (int) $field_value;
-			
+
+				// retrieve option lang data if necessary
+				if (!isset($this->options_lang[$field_data['field_id']]) || !isset($this->options_lang[$field_data['field_id']][$field_data['lang_id']]) || !sizeof($this->options_lang[$file_data['field_id']][$field_data['lang_id']]))
+				{
+					$this->get_option_lang($field_data['field_id'], $field_data['lang_id'], FIELD_DROPDOWN, false);
+				}
+
+				if (!isset($this->options_lang[$field_data['field_id']][$field_data['lang_id']][$field_value]))
+				{
+					return 'FIELD_INVALID_VALUE';
+				}
+
 				if ($field_value == $field_data['field_novalue'] && $field_data['field_required'])
 				{
 					return 'FIELD_REQUIRED';
@@ -302,6 +313,7 @@ class custom_profile
 				switch ($cp_result)
 				{
 					case 'FIELD_INVALID_DATE':
+					case 'FIELD_INVALID_VALUE':
 					case 'FIELD_REQUIRED':
 						$error = sprintf($user->lang[$cp_result], $row['lang_name']);
 					break;
diff --git a/phpBB/language/en/ucp.php b/phpBB/language/en/ucp.php
index 02b8a282d9..6de6e4856a 100644
--- a/phpBB/language/en/ucp.php
+++ b/phpBB/language/en/ucp.php
@@ -194,6 +194,7 @@ $lang = array_merge($lang, array(
 	'FIELD_INVALID_CHARS_ALPHA_ONLY'	=> 'The field “%s” has invalid characters, only alphanumeric characters are allowed.',
 	'FIELD_INVALID_CHARS_SPACERS_ONLY'	=> 'The field “%s” has invalid characters, only alphanumeric, space or -+_[] characters are allowed.',
 	'FIELD_INVALID_DATE'				=> 'The field “%s” has an invalid date.',
+	'FIELD_INVALID_VALUE'				=> 'The field “%s” has an invalid value.',
 
 	'FOE_MESSAGE'				=> 'Message from foe',
 	'FOES_EXPLAIN'				=> 'Foes are users which will be ignored by default. Posts by these users will not be fully visible. Personal messages from foes are still permitted. Please note that you cannot ignore moderators or administrators.',
diff --git a/tests/profile/custom_test.php b/tests/profile/custom_test.php
new file mode 100644
index 0000000000..06926d4af6
--- /dev/null
+++ b/tests/profile/custom_test.php
@@ -0,0 +1,52 @@
+<?php
+/**
+*
+* @package testing
+* @copyright (c) 2011 phpBB Group
+* @license http://opensource.org/licenses/gpl-license.php GNU Public License
+*
+*/
+
+require_once dirname(__FILE__) . '/../../phpBB/includes/functions_profile_fields.php';
+
+class phpbb_profile_custom_test extends phpbb_database_test_case
+{
+	public function getDataSet()
+	{
+		return $this->createXMLDataSet(dirname(__FILE__).'/fixtures/profile_fields.xml');
+	}
+
+	static public function dropdownFields()
+	{
+		return array(
+			//    novalue, required, value, expected
+			array(1,       1,        '0',   'FIELD_INVALID_VALUE'),
+			array(1,       1,        '1',   'FIELD_REQUIRED'),
+			array(1,       1,        '2',   false),
+			array(1,       0,        '0',   'FIELD_INVALID_VALUE'),
+			array(1,       0,        '1',   false),
+			array(1,       0,        '2',   false),
+		);
+	}
+
+	/**
+	* @dataProvider dropdownFields
+	*/
+	public function test_dropdown_validate($field_novalue, $field_required, $field_value, $expected)
+	{
+		global $db;
+		$db = $this->new_dbal();
+
+		$field_data = array(
+			'field_id'			=> 1,
+			'lang_id'			=> 1,
+			'field_novalue'		=> $field_novalue,
+			'field_required'	=> $field_required,
+		);
+
+		$cp = new custom_profile;
+		$result = $cp->validate_profile_field(FIELD_DROPDOWN, &$field_value, $field_data);
+
+		$this->assertEquals($expected, $result);
+	}
+}
diff --git a/tests/profile/fixtures/profile_fields.xml b/tests/profile/fixtures/profile_fields.xml
new file mode 100644
index 0000000000..0b2929f625
--- /dev/null
+++ b/tests/profile/fixtures/profile_fields.xml
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<dataset>
+	<table name="phpbb_profile_fields_lang">
+		<column>field_id</column>
+		<column>lang_id</column>
+		<column>option_id</column>
+		<column>field_type</column>
+		<column>lang_value</column>
+		<row>
+			<value>1</value>
+			<value>1</value>
+			<value>0</value>
+			<value>5</value>
+			<value>Default Option</value>
+		</row>
+		<row>
+			<value>1</value>
+			<value>1</value>
+			<value>1</value>
+			<value>5</value>
+			<value>First Alternative</value>
+		</row>
+		<row>
+			<value>1</value>
+			<value>1</value>
+			<value>2</value>
+			<value>5</value>
+			<value>Third Alternative</value>
+		</row>
+	</table>
+</dataset>

From a2b6605ce8d5d4c156fda44c5fc44b11aae22b02 Mon Sep 17 00:00:00 2001
From: Nils Adermann <naderman@naderman.de>
Date: Fri, 3 Jun 2011 03:12:13 +0200
Subject: [PATCH 2/2] [ticket/10005] Add description to test cases

PHPBB3-10005
---
 tests/profile/custom_test.php | 23 +++++++++++++----------
 1 file changed, 13 insertions(+), 10 deletions(-)

diff --git a/tests/profile/custom_test.php b/tests/profile/custom_test.php
index 06926d4af6..0e0a851243 100644
--- a/tests/profile/custom_test.php
+++ b/tests/profile/custom_test.php
@@ -19,20 +19,23 @@ class phpbb_profile_custom_test extends phpbb_database_test_case
 	static public function dropdownFields()
 	{
 		return array(
-			//    novalue, required, value, expected
-			array(1,       1,        '0',   'FIELD_INVALID_VALUE'),
-			array(1,       1,        '1',   'FIELD_REQUIRED'),
-			array(1,       1,        '2',   false),
-			array(1,       0,        '0',   'FIELD_INVALID_VALUE'),
-			array(1,       0,        '1',   false),
-			array(1,       0,        '2',   false),
+			// note, there is an offset of 1 between option_id (0-indexed)
+			// in the database and values (1-indexed) to avoid problems with
+			// transmitting 0 in an HTML form
+			//    required, value, expected
+			array(1,        '0',   'FIELD_INVALID_VALUE', 'Required field should throw error for out-of-range value'),
+			array(1,        '1',   'FIELD_REQUIRED',      'Required field should throw error for default value'),
+			array(1,        '2',   false,                 'Required field should accept non-default value'),
+			array(0,        '0',   'FIELD_INVALID_VALUE', 'Optional field should throw error for out-of-range value'),
+			array(0,        '1',   false,                 'Optional field should accept default value'),
+			array(0,        '2',   false,                 'Optional field should accept non-default value'),
 		);
 	}
 
 	/**
 	* @dataProvider dropdownFields
 	*/
-	public function test_dropdown_validate($field_novalue, $field_required, $field_value, $expected)
+	public function test_dropdown_validate($field_required, $field_value, $expected, $description)
 	{
 		global $db;
 		$db = $this->new_dbal();
@@ -40,13 +43,13 @@ class phpbb_profile_custom_test extends phpbb_database_test_case
 		$field_data = array(
 			'field_id'			=> 1,
 			'lang_id'			=> 1,
-			'field_novalue'		=> $field_novalue,
+			'field_novalue'		=> 1,
 			'field_required'	=> $field_required,
 		);
 
 		$cp = new custom_profile;
 		$result = $cp->validate_profile_field(FIELD_DROPDOWN, &$field_value, $field_data);
 
-		$this->assertEquals($expected, $result);
+		$this->assertEquals($expected, $result, $description);
 	}
 }