From cdf4f5ef85f05c0f94eae1a9edb1c28d4ac3515f Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Sun, 14 Jul 2019 16:44:59 +0200 Subject: [PATCH 01/81] [ticket/security/246] Check form key no matter if submit is set SECURITY-246 --- phpBB/includes/acp/acp_bbcodes.php | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/phpBB/includes/acp/acp_bbcodes.php b/phpBB/includes/acp/acp_bbcodes.php index 1f7374a07f..56079061ce 100644 --- a/phpBB/includes/acp/acp_bbcodes.php +++ b/phpBB/includes/acp/acp_bbcodes.php @@ -33,7 +33,6 @@ class acp_bbcodes // Set up general vars $action = $request->variable('action', ''); $bbcode_id = $request->variable('bbcode', 0); - $submit = $request->is_set_post('submit'); $this->tpl_name = 'acp_bbcodes'; $this->page_title = 'ACP_BBCODES'; @@ -41,11 +40,6 @@ class acp_bbcodes add_form_key($form_key); - if ($submit && !check_form_key($form_key)) - { - trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING); - } - // Set up mode-specific vars switch ($action) { @@ -179,6 +173,12 @@ class acp_bbcodes extract($phpbb_dispatcher->trigger_event('core.acp_bbcodes_modify_create', compact($vars))); $warn_text = preg_match('%<[^>]*\{text[\d]*\}[^>]*>%i', $bbcode_tpl); + + if (!$warn_text && !check_form_key($form_key)) + { + trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING); + } + if (!$warn_text || confirm_box(true)) { $data = $this->build_regexp($bbcode_match, $bbcode_tpl); From b5a997ce183fa655af4c03b5f92a58a1a3e7c2f1 Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Tue, 16 Jul 2019 20:44:12 +0200 Subject: [PATCH 02/81] [ticket/security/243] Limit size values to supported values SECURITY-243 --- phpBB/language/en/posting.php | 1 + phpBB/phpbb/textformatter/s9e/parser.php | 11 +++++++++++ 2 files changed, 12 insertions(+) diff --git a/phpBB/language/en/posting.php b/phpBB/language/en/posting.php index 11ea6483e1..8f43ee7656 100644 --- a/phpBB/language/en/posting.php +++ b/phpBB/language/en/posting.php @@ -139,6 +139,7 @@ $lang = array_merge($lang, array( 'IMAGES_ARE_OFF' => '[img] is OFF', 'IMAGES_ARE_ON' => '[img] is ON', 'INVALID_FILENAME' => '%s is an invalid filename.', + 'INVALID_FONT_SIZE' => 'The font size you supplied is invalid: %s', 'LOAD' => 'Load', 'LOAD_DRAFT' => 'Load draft', diff --git a/phpBB/phpbb/textformatter/s9e/parser.php b/phpBB/phpbb/textformatter/s9e/parser.php index 3698dca224..e30bc2b0d9 100644 --- a/phpBB/phpbb/textformatter/s9e/parser.php +++ b/phpBB/phpbb/textformatter/s9e/parser.php @@ -228,6 +228,10 @@ class parser implements \phpbb\textformatter\parser_interface { $errors[] = array($msg); } + else if ($msg === 'INVALID_FONT_SIZE') + { + $errors[] = [$msg, $context['invalid_size']]; + } } // Deduplicate error messages. array_unique() only works on strings so we have to serialize @@ -335,6 +339,13 @@ class parser implements \phpbb\textformatter\parser_interface */ static public function filter_font_size($size, $max_size, Logger $logger) { + if (!is_int($size)) + { + $logger->err('INVALID_FONT_SIZE', ['invalid_size' => htmlspecialchars($size)]); + + return false; + } + if ($max_size && $size > $max_size) { $logger->err('MAX_FONT_SIZE_EXCEEDED', array('max_size' => $max_size)); From c934d3fcfdaaa1e8c2161577690fef9dcb41b1e1 Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Wed, 17 Jul 2019 22:02:32 +0200 Subject: [PATCH 03/81] [ticket/security/243] Limit size BBCode to 4 numeric characters SECURITY-243 --- phpBB/phpbb/textformatter/s9e/factory.php | 2 +- phpBB/phpbb/textformatter/s9e/parser.php | 2 +- phpBB/styles/prosilver/template/bbcode.html | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/phpBB/phpbb/textformatter/s9e/factory.php b/phpBB/phpbb/textformatter/s9e/factory.php index 6191b9a315..d339e3311d 100644 --- a/phpBB/phpbb/textformatter/s9e/factory.php +++ b/phpBB/phpbb/textformatter/s9e/factory.php @@ -110,7 +110,7 @@ class factory implements \phpbb\textformatter\cache_interface 'i' => '', 'u' => '', 'img' => '{L_IMAGE}', - 'size' => '', + 'size' => 'font-size: %; line-height: normal', 'color' => '', 'email' => ' diff --git a/phpBB/phpbb/textformatter/s9e/parser.php b/phpBB/phpbb/textformatter/s9e/parser.php index e30bc2b0d9..1bc56a8cb4 100644 --- a/phpBB/phpbb/textformatter/s9e/parser.php +++ b/phpBB/phpbb/textformatter/s9e/parser.php @@ -339,7 +339,7 @@ class parser implements \phpbb\textformatter\parser_interface */ static public function filter_font_size($size, $max_size, Logger $logger) { - if (!is_int($size)) + if (!is_numeric($size)) { $logger->err('INVALID_FONT_SIZE', ['invalid_size' => htmlspecialchars($size)]); diff --git a/phpBB/styles/prosilver/template/bbcode.html b/phpBB/styles/prosilver/template/bbcode.html index 940c0ace29..f4ec94dbfe 100644 --- a/phpBB/styles/prosilver/template/bbcode.html +++ b/phpBB/styles/prosilver/template/bbcode.html @@ -64,7 +64,7 @@ {TEXT} -{TEXT} +font-size: %; line-height: normal {L_IMAGE} From f75577e5f858e43e202010f6889bd55096f75ea3 Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Thu, 18 Jul 2019 22:32:19 +0200 Subject: [PATCH 04/81] [ticket/security/243] Use bbcode.html like formatting SECURITY-243 --- phpBB/phpbb/textformatter/s9e/factory.php | 2 +- tests/text_formatter/s9e/default_formatting_test.php | 2 +- tests/text_processing/tickets_data/PHPBB3-13921.html | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/phpBB/phpbb/textformatter/s9e/factory.php b/phpBB/phpbb/textformatter/s9e/factory.php index d339e3311d..dca1c78d40 100644 --- a/phpBB/phpbb/textformatter/s9e/factory.php +++ b/phpBB/phpbb/textformatter/s9e/factory.php @@ -110,7 +110,7 @@ class factory implements \phpbb\textformatter\cache_interface 'i' => '', 'u' => '', 'img' => '{L_IMAGE}', - 'size' => 'font-size: %; line-height: normal', + 'size' => 'font-size: %; line-height: normal', 'color' => '', 'email' => ' diff --git a/tests/text_formatter/s9e/default_formatting_test.php b/tests/text_formatter/s9e/default_formatting_test.php index a35c9138a5..1aa4f0bc3a 100644 --- a/tests/text_formatter/s9e/default_formatting_test.php +++ b/tests/text_formatter/s9e/default_formatting_test.php @@ -70,7 +70,7 @@ class phpbb_textformatter_s9e_default_formatting_test extends phpbb_test_case ), array( '[size=75]smaller[/size]', - 'smaller' + 'smaller' ), array( '[quote]quoted[/quote]', diff --git a/tests/text_processing/tickets_data/PHPBB3-13921.html b/tests/text_processing/tickets_data/PHPBB3-13921.html index 690668ef28..6a9dc7f504 100644 --- a/tests/text_processing/tickets_data/PHPBB3-13921.html +++ b/tests/text_processing/tickets_data/PHPBB3-13921.html @@ -1 +1 @@ -
xxx
\ No newline at end of file +
xxx
\ No newline at end of file From 4d640555ef1ba851f9e041c594d0dda7253e8450 Mon Sep 17 00:00:00 2001 From: rxu Date: Tue, 2 Jan 2018 13:51:39 +0700 Subject: [PATCH 05/81] [ticket/15467] Fix JS for permissions setting PHPBB3-15467 --- phpBB/adm/style/permission_mask.html | 2 ++ phpBB/adm/style/permissions.js | 10 ++++++++++ 2 files changed, 12 insertions(+) diff --git a/phpBB/adm/style/permission_mask.html b/phpBB/adm/style/permission_mask.html index c556664b8c..23294d60df 100644 --- a/phpBB/adm/style/permission_mask.html +++ b/phpBB/adm/style/permission_mask.html @@ -9,6 +9,8 @@ var role_options = new Array(); + var no_role_assigned = "{LA_NO_ROLE_ASSIGNED}"; + {S_ROLE_JS_ARRAY} diff --git a/phpBB/adm/style/permissions.js b/phpBB/adm/style/permissions.js index 9178adab50..4ae566ace7 100644 --- a/phpBB/adm/style/permissions.js +++ b/phpBB/adm/style/permissions.js @@ -279,6 +279,16 @@ function reset_role(id) { } t.options[0].selected = true; + + (function($)// Avoid conflicts with other libraries + { + var parent = $(t).parent(); + parent.find("span[title=Roles]")[0].innerText = no_role_assigned; + + // Find proper role value + var roleInput = parent.find('input[name^=role][data-name]'); + roleInput.val(0); + })(jQuery); // Avoid conflicts with other libraries } /** From 6b04fda0f323e7cfddab427c4f8696ac440d361c Mon Sep 17 00:00:00 2001 From: Nekstati <52348253+Nekstati@users.noreply.github.com> Date: Sun, 28 Jul 2019 18:39:04 +0700 Subject: [PATCH 06/81] [ticket/15467] Fix JS for permissions setting PHPBB3-15467 --- phpBB/adm/style/permissions.js | 12 +++--------- 1 file changed, 3 insertions(+), 9 deletions(-) diff --git a/phpBB/adm/style/permissions.js b/phpBB/adm/style/permissions.js index 4ae566ace7..af8e21ad51 100644 --- a/phpBB/adm/style/permissions.js +++ b/phpBB/adm/style/permissions.js @@ -280,15 +280,9 @@ function reset_role(id) { t.options[0].selected = true; - (function($)// Avoid conflicts with other libraries - { - var parent = $(t).parent(); - parent.find("span[title=Roles]")[0].innerText = no_role_assigned; - - // Find proper role value - var roleInput = parent.find('input[name^=role][data-name]'); - roleInput.val(0); - })(jQuery); // Avoid conflicts with other libraries + var parent = t.parentNode; + parent.querySelector('span.dropdown-trigger').innerText = no_role_assigned; + parent.querySelector('input[data-name^=role]').value = '0'; } /** From 4555817a8b6dc3910fff0c26422a82aa769c8904 Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Sun, 11 Aug 2019 21:31:59 +0200 Subject: [PATCH 07/81] [ticket/security/247] Disable loading of local files on client side SECURITY-247 --- phpBB/phpbb/db/driver/mysqli.php | 3 +++ 1 file changed, 3 insertions(+) diff --git a/phpBB/phpbb/db/driver/mysqli.php b/phpBB/phpbb/db/driver/mysqli.php index d43e201526..b429ad97aa 100644 --- a/phpBB/phpbb/db/driver/mysqli.php +++ b/phpBB/phpbb/db/driver/mysqli.php @@ -68,6 +68,9 @@ class mysqli extends \phpbb\db\driver\mysql_base if ($this->db_connect_id && $this->dbname != '') { + // Disable loading local files on client side + @mysqli_options($this->db_connect_id, MYSQLI_OPT_LOCAL_INFILE, false); + @mysqli_query($this->db_connect_id, "SET NAMES 'utf8'"); // enforce strict mode on databases that support it From 29a77ea10d31fc2edf1a71ee0dfa247696531d66 Mon Sep 17 00:00:00 2001 From: Christian Schnegelberger Date: Mon, 19 Aug 2019 20:40:03 +0200 Subject: [PATCH 08/81] [ticket/16136] Reword sentence for account already linked PHPBB3-16136 --- phpBB/language/en/common.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/phpBB/language/en/common.php b/phpBB/language/en/common.php index 8df8fc630b..332204b899 100644 --- a/phpBB/language/en/common.php +++ b/phpBB/language/en/common.php @@ -91,7 +91,7 @@ $lang = array_merge($lang, array( 'ATTACHED_IMAGE_NOT_IMAGE' => 'The image file you tried to attach is invalid.', 'AUTHOR' => 'Author', 'AUTH_NO_PROFILE_CREATED' => 'The creation of a user profile was unsuccessful.', - 'AUTH_PROVIDER_OAUTH_ERROR_ALREADY_LINKED' => 'The account is already linked with other user.', + 'AUTH_PROVIDER_OAUTH_ERROR_ALREADY_LINKED' => 'The account is already linked to another user.', 'AUTH_PROVIDER_OAUTH_ERROR_INVALID_ENTRY' => 'Invalid database entry.', 'AUTH_PROVIDER_OAUTH_ERROR_INVALID_SERVICE_TYPE' => 'Invalid service type provided to OAuth service handler.', 'AUTH_PROVIDER_OAUTH_ERROR_SERVICE_NOT_CREATED' => 'OAuth service not created', From 54c684051bb603415e2fedb274ad12adac7e1bd4 Mon Sep 17 00:00:00 2001 From: kinerity Date: Tue, 20 Aug 2019 20:01:27 -0400 Subject: [PATCH 09/81] [ticket/16134] Exclude group leaders on group member purge PHPBB3-16134 --- phpBB/includes/acp/acp_prune.php | 1 + 1 file changed, 1 insertion(+) diff --git a/phpBB/includes/acp/acp_prune.php b/phpBB/includes/acp/acp_prune.php index 3eee4f7922..c5f7789de8 100644 --- a/phpBB/includes/acp/acp_prune.php +++ b/phpBB/includes/acp/acp_prune.php @@ -537,6 +537,7 @@ class acp_prune AND ug.user_id <> ' . ANONYMOUS . ' AND u.user_type <> ' . USER_FOUNDER . ' AND ug.user_pending = 0 + AND ug.group_leader = 0 AND u.user_id = ug.user_id ' . (!empty($user_ids) ? ' AND ' . $db->sql_in_set('ug.user_id', $user_ids) : ''); $result = $db->sql_query($sql); From b0465a6202107a456095e74af5941765414bc71e Mon Sep 17 00:00:00 2001 From: Christian Schnegelberger Date: Thu, 22 Aug 2019 18:37:23 +0200 Subject: [PATCH 10/81] [ticket/16136] Implement extended explaination PHPBB3-16136 --- phpBB/language/en/common.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/phpBB/language/en/common.php b/phpBB/language/en/common.php index 332204b899..68fe6523a2 100644 --- a/phpBB/language/en/common.php +++ b/phpBB/language/en/common.php @@ -91,7 +91,7 @@ $lang = array_merge($lang, array( 'ATTACHED_IMAGE_NOT_IMAGE' => 'The image file you tried to attach is invalid.', 'AUTHOR' => 'Author', 'AUTH_NO_PROFILE_CREATED' => 'The creation of a user profile was unsuccessful.', - 'AUTH_PROVIDER_OAUTH_ERROR_ALREADY_LINKED' => 'The account is already linked to another user.', + 'AUTH_PROVIDER_OAUTH_ERROR_ALREADY_LINKED' => 'This external service is already associated with another board account.', 'AUTH_PROVIDER_OAUTH_ERROR_INVALID_ENTRY' => 'Invalid database entry.', 'AUTH_PROVIDER_OAUTH_ERROR_INVALID_SERVICE_TYPE' => 'Invalid service type provided to OAuth service handler.', 'AUTH_PROVIDER_OAUTH_ERROR_SERVICE_NOT_CREATED' => 'OAuth service not created', From 56477a8f7c1421ecc01f15258f0739ce8438db32 Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Sun, 30 Jun 2019 22:40:34 +0200 Subject: [PATCH 11/81] [ticket/security/244] Add form token check to plupload SECURTIY-244 --- phpBB/assets/javascript/plupload.js | 17 +++++++++++ phpBB/includes/message_parser.php | 29 +++++++++++++++++++ phpBB/includes/ucp/ucp_pm_compose.php | 7 +++-- phpBB/styles/prosilver/template/plupload.html | 1 + 4 files changed, 52 insertions(+), 2 deletions(-) diff --git a/phpBB/assets/javascript/plupload.js b/phpBB/assets/javascript/plupload.js index fab1ca6d7c..5e8db8b035 100644 --- a/phpBB/assets/javascript/plupload.js +++ b/phpBB/assets/javascript/plupload.js @@ -90,6 +90,12 @@ phpbb.plupload.getSerializedData = function() { obj['attachment_data[' + i + '][' + key + ']'] = datum[key]; } } + + // Insert form data + var $pluploadForm = $(phpbb.plupload.config.form_hook).first(); + obj.creation_time = $pluploadForm.find('input[type=hidden][name="creation_time"]').val(); + obj.form_token = $pluploadForm.find('input[type=hidden][name="form_token"]').val(); + return obj; }; @@ -264,6 +270,17 @@ phpbb.plupload.deleteFile = function(row, attachId) { return; } + + // Handle errors while deleting file + if (typeof response.error !== 'undefined') { + phpbb.alert(phpbb.plupload.lang.ERROR, response.error.message); + + // We will have to assume that the deletion failed. So leave the file status as uploaded. + row.find('.file-status').toggleClass('file-uploaded'); + + return; + } + phpbb.plupload.update(response, 'removal', index); // Check if the user can upload files now if he had reached the max files limit. phpbb.plupload.handleMaxFilesReached(); diff --git a/phpBB/includes/message_parser.php b/phpBB/includes/message_parser.php index 0b79cca864..e1c28223dc 100644 --- a/phpBB/includes/message_parser.php +++ b/phpBB/includes/message_parser.php @@ -1524,6 +1524,35 @@ class parse_message extends bbcode_firstpass } } + /** + * Check attachment form token depending on submit type + * + * @param \phpbb\language\language $language Language + * @param \phpbb\request\request_interface $request Request + * @param string $form_name Form name for checking form key + * + * @return bool True if form token is not needed or valid, false if needed and invalid + */ + function check_attachment_form_token(\phpbb\language\language $language, \phpbb\request\request_interface $request, $form_name) + { + $add_file = $request->is_set_post('add_file'); + $delete_file = $request->is_set_post('delete_file'); + + if (($add_file || $delete_file) && !check_form_key($form_name)) + { + $this->warn_msg[] = $language->lang('FORM_INVALID'); + + if ($request->is_ajax() && $this->plupload) + { + $this->plupload->emit_error(-400, 'FORM_INVALID'); + } + + return false; + } + + return true; + } + /** * Parse Attachments */ diff --git a/phpBB/includes/ucp/ucp_pm_compose.php b/phpBB/includes/ucp/ucp_pm_compose.php index cb45112b01..06baa279a5 100644 --- a/phpBB/includes/ucp/ucp_pm_compose.php +++ b/phpBB/includes/ucp/ucp_pm_compose.php @@ -26,7 +26,7 @@ if (!defined('IN_PHPBB')) function compose_pm($id, $mode, $action, $user_folders = array()) { global $template, $db, $auth, $user, $cache; - global $phpbb_root_path, $phpEx, $config; + global $phpbb_root_path, $phpEx, $config, $language; global $request, $phpbb_dispatcher, $phpbb_container; // Damn php and globals - i know, this is horrible @@ -799,7 +799,10 @@ function compose_pm($id, $mode, $action, $user_folders = array()) extract($phpbb_dispatcher->trigger_event('core.ucp_pm_compose_modify_parse_before', compact($vars))); // Parse Attachments - before checksum is calculated - $message_parser->parse_attachments('fileupload', $action, 0, $submit, $preview, $refresh, true); + if ($message_parser->check_attachment_form_token($language, $request, 'ucp_pm_compose')) + { + $message_parser->parse_attachments('fileupload', $action, 0, $submit, $preview, $refresh, true); + } if (count($message_parser->warn_msg) && !($remove_u || $remove_g || $add_to || $add_bcc)) { diff --git a/phpBB/styles/prosilver/template/plupload.html b/phpBB/styles/prosilver/template/plupload.html index 1eb84372e8..593070321d 100644 --- a/phpBB/styles/prosilver/template/plupload.html +++ b/phpBB/styles/prosilver/template/plupload.html @@ -57,6 +57,7 @@ phpbb.plupload = { lang: { ERROR: '{LA_ERROR}', TOO_MANY_ATTACHMENTS: '{LA_TOO_MANY_ATTACHMENTS}', + FORM_INVALID: '{LA_FORM_INVALID}', }, order: '{ATTACH_ORDER}', maxFiles: {MAX_ATTACHMENTS}, From 6c8d0063368a1815a270d97dc0defdee0f6bf027 Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Mon, 1 Jul 2019 20:56:17 +0200 Subject: [PATCH 12/81] [ticket/security/244] Add parse_attachment form token check to posting.php SECURITY-244 --- phpBB/posting.php | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/phpBB/posting.php b/phpBB/posting.php index 5089448483..595d0f0c06 100644 --- a/phpBB/posting.php +++ b/phpBB/posting.php @@ -974,7 +974,10 @@ if ($submit || $preview || $refresh) } // Parse Attachments - before checksum is calculated - $message_parser->parse_attachments('fileupload', $mode, $forum_id, $submit, $preview, $refresh); + if ($message_parser->check_attachment_form_token($language, $request, 'posting')) + { + $message_parser->parse_attachments('fileupload', $mode, $forum_id, $submit, $preview, $refresh); + } /** * This event allows you to modify message text before parsing From 59f489c01f63d76ae879b2e25b8fad1b5a82a3dc Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Sun, 21 Jul 2019 16:03:19 +0200 Subject: [PATCH 13/81] [ticket/security/244] Add missing form parameters to tests SECURITY-244 --- tests/functional/fileupload_form_test.php | 9 +++- tests/functional/plupload_test.php | 14 +++-- .../phpbb_functional_test_case.php | 51 ++++++++++++++----- 3 files changed, 55 insertions(+), 19 deletions(-) diff --git a/tests/functional/fileupload_form_test.php b/tests/functional/fileupload_form_test.php index b0780172ff..ff9450be0d 100644 --- a/tests/functional/fileupload_form_test.php +++ b/tests/functional/fileupload_form_test.php @@ -46,6 +46,13 @@ class phpbb_functional_fileupload_form_test extends phpbb_functional_test_case private function upload_file($filename, $mimetype) { + $crawler = self::$client->request( + 'GET', + 'posting.php?mode=reply&f=2&t=1&sid=' . $this->sid + ); + + $file_form_data = array_merge(['add_file' => $this->lang('ADD_FILE')], $this->get_hidden_fields($crawler, 'posting.php?mode=reply&f=2&t=1&sid=' . $this->sid)); + $file = array( 'tmp_name' => $this->path . $filename, 'name' => $filename, @@ -57,7 +64,7 @@ class phpbb_functional_fileupload_form_test extends phpbb_functional_test_case $crawler = self::$client->request( 'POST', 'posting.php?mode=reply&f=2&t=1&sid=' . $this->sid, - array('add_file' => $this->lang('ADD_FILE')), + $file_form_data, array('fileupload' => $file) ); diff --git a/tests/functional/plupload_test.php b/tests/functional/plupload_test.php index 9d284a7e57..4ab1c8e9e5 100644 --- a/tests/functional/plupload_test.php +++ b/tests/functional/plupload_test.php @@ -76,6 +76,10 @@ class phpbb_functional_plupload_test extends phpbb_functional_test_case $chunk_size = ceil(filesize($this->path . 'valid.jpg') / self::CHUNKS); $handle = fopen($this->path . 'valid.jpg', 'rb'); + $crawler = self::$client->request('POST', $url . '&sid=' . $this->sid); + + $file_form_data = $this->get_hidden_fields($crawler, $url); + for ($i = 0; $i < self::CHUNKS; $i++) { $chunk = fread($handle, $chunk_size); @@ -94,13 +98,13 @@ class phpbb_functional_plupload_test extends phpbb_functional_test_case $crawler = self::$client->request( 'POST', $url . '&sid=' . $this->sid, - array( + array_merge(array( 'chunk' => $i, 'chunks' => self::CHUNKS, 'name' => md5('valid') . '.jpg', 'real_filename' => 'valid.jpg', 'add_file' => $this->lang('ADD_FILE'), - ), + ), $file_form_data), array('fileupload' => $file), array('X-PHPBB-USING-PLUPLOAD' => '1') ); @@ -134,17 +138,19 @@ class phpbb_functional_plupload_test extends phpbb_functional_test_case 'error' => UPLOAD_ERR_OK, ); + $file_form_data = $this->get_hidden_fields(null, $url); + self::$client->setServerParameter('HTTP_X_PHPBB_USING_PLUPLOAD', '1'); self::$client->request( 'POST', $url . '&sid=' . $this->sid, - array( + array_merge(array( 'chunk' => '0', 'chunks' => '1', 'name' => md5('valid') . '.jpg', 'real_filename' => 'valid.jpg', 'add_file' => $this->lang('ADD_FILE'), - ), + ), $file_form_data), array('fileupload' => $file) ); diff --git a/tests/test_framework/phpbb_functional_test_case.php b/tests/test_framework/phpbb_functional_test_case.php index 4d294fd523..2659cf6e73 100644 --- a/tests/test_framework/phpbb_functional_test_case.php +++ b/tests/test_framework/phpbb_functional_test_case.php @@ -1166,24 +1166,14 @@ class phpbb_functional_test_case extends phpbb_test_case 'error' => UPLOAD_ERR_OK, ); - $crawler = self::$client->request('POST', $posting_url, array('add_file' => $this->lang('ADD_FILE')), array('fileupload' => $file)); + $file_form_data = array_merge(['add_file' => $this->lang('ADD_FILE')], $this->get_hidden_fields($crawler, $posting_url)); + + $crawler = self::$client->request('POST', $posting_url, $file_form_data, array('fileupload' => $file)); } unset($form_data['upload_files']); } - $hidden_fields = array( - $crawler->filter('[type="hidden"]')->each(function ($node, $i) { - return array('name' => $node->attr('name'), 'value' => $node->attr('value')); - }), - ); - - foreach ($hidden_fields as $fields) - { - foreach($fields as $field) - { - $form_data[$field['name']] = $field['value']; - } - } + $form_data = array_merge($form_data, $this->get_hidden_fields($crawler, $posting_url)); // I use a request because the form submission method does not allow you to send data that is not // contained in one of the actual form fields that the browser sees (i.e. it ignores "hidden" inputs) @@ -1314,4 +1304,37 @@ class phpbb_functional_test_case extends phpbb_test_case return self::request('GET', substr($link, strpos($link, 'mcp.'))); } + + /** + * Get hidden fields for URL + * + * @param Symfony\Component\DomCrawler\Crawler|null $crawler Crawler instance or null + * @param string $url Request URL + * + * @return array Hidden form fields array + */ + protected function get_hidden_fields($crawler, $url) + { + if (!$crawler) + { + $crawler = self::$client->request('GET', $url); + } + $hidden_fields = [ + $crawler->filter('[type="hidden"]')->each(function ($node, $i) { + return ['name' => $node->attr('name'), 'value' => $node->attr('value')]; + }), + ]; + + $file_form_data = []; + + foreach ($hidden_fields as $fields) + { + foreach($fields as $field) + { + $file_form_data[$field['name']] = $field['value']; + } + } + + return $file_form_data; + } } From 8bc056ebe6d5876c6de2a2ca84bf234678c3e702 Mon Sep 17 00:00:00 2001 From: mrgoldy Date: Sun, 25 Aug 2019 21:24:22 +0200 Subject: [PATCH 14/81] [ticket/16076] addFileFilter to check max file size per mime type PHPBB3-16076 --- phpBB/assets/javascript/plupload.js | 38 +++++++++++++++++++ phpBB/phpbb/plupload/plupload.php | 36 +++++++++--------- phpBB/styles/prosilver/template/plupload.html | 9 ++++- 3 files changed, 63 insertions(+), 20 deletions(-) diff --git a/phpBB/assets/javascript/plupload.js b/phpBB/assets/javascript/plupload.js index fab1ca6d7c..ab6d0d7e88 100644 --- a/phpBB/assets/javascript/plupload.js +++ b/phpBB/assets/javascript/plupload.js @@ -446,6 +446,44 @@ phpbb.plupload.fileError = function(file, error) { phpbb.plupload.uploader = new plupload.Uploader(phpbb.plupload.config); phpbb.plupload.initialize(); +/** + * Add a file filter to check for max file sizes per mime type. + */ +plupload.addFileFilter('mime_types_max_file_size', function(types, file, cb) { + if (file.size !== 'undefined') { + $(types).each(function(i, type) { + let extensions = [], + exts_array = type.extensions.split(','); + + $(exts_array).each(function(i, extension) { + /^\s*\*\s*$/.test(extension) ? extensions.push("\\.*") : extensions.push("\\." + extension.replace(new RegExp("[" + "/^$.*+?|()[]{}\\".replace(/./g, "\\$&") + "]", "g"), "\\$&")); + }); + + let regex = new RegExp("(" + extensions.join("|") + ")$", "i"); + + if (regex.test(file.name)) { + if (type.max_file_size !== 'undefined' && type.max_file_size) { + if (file.size > type.max_file_size) { + phpbb.plupload.uploader.trigger('Error', { + code: plupload.FILE_SIZE_ERROR, + message: plupload.translate('File size error.'), + file: file + }); + + cb(false); + } else { + cb(true); + } + } else { + cb(true); + } + + return false; + } + }); + } +}); + var $fileList = $('#file-list'); /** diff --git a/phpBB/phpbb/plupload/plupload.php b/phpBB/phpbb/plupload/plupload.php index eb698fb35d..9ad12b1082 100644 --- a/phpBB/phpbb/plupload/plupload.php +++ b/phpBB/phpbb/plupload/plupload.php @@ -216,38 +216,36 @@ class plupload } /** - * Looks at the list of allowed extensions and generates a string - * appropriate for use in configuring plupload with - * - * @param \phpbb\cache\service $cache - * @param string $forum_id The ID of the forum - * - * @return string - */ + * Looks at the list of allowed extensions and generates a string + * appropriate for use in configuring plupload with + * + * @param \phpbb\cache\service $cache Cache service object + * @param string $forum_id The forum identifier + * + * @return string + */ public function generate_filter_string(\phpbb\cache\service $cache, $forum_id) { + $groups = []; + $filters = []; + $attach_extensions = $cache->obtain_attach_extensions($forum_id); unset($attach_extensions['_allowed_']); - $groups = array(); // Re-arrange the extension array to $groups[$group_name][] foreach ($attach_extensions as $extension => $extension_info) { - if (!isset($groups[$extension_info['group_name']])) - { - $groups[$extension_info['group_name']] = array(); - } - - $groups[$extension_info['group_name']][] = $extension; + $groups[$extension_info['group_name']]['extensions'][] = $extension; + $groups[$extension_info['group_name']]['max_file_size'] = (int) $extension_info['max_filesize']; } - $filters = array(); - foreach ($groups as $group => $extensions) + foreach ($groups as $group => $group_info) { $filters[] = sprintf( - "{title: '%s', extensions: '%s'}", + "{title: '%s', extensions: '%s', max_file_size: %s}", addslashes(ucfirst(strtolower($group))), - addslashes(implode(',', $extensions)) + addslashes(implode(',', $group_info['extensions'])), + $group_info['max_file_size'] ); } diff --git a/phpBB/styles/prosilver/template/plupload.html b/phpBB/styles/prosilver/template/plupload.html index 1eb84372e8..a2ab19a51f 100644 --- a/phpBB/styles/prosilver/template/plupload.html +++ b/phpBB/styles/prosilver/template/plupload.html @@ -45,7 +45,14 @@ phpbb.plupload = { max_file_size: '{FILESIZE}b', chunk_size: '{CHUNK_SIZE}b', unique_names: true, - filters: [{FILTERS}], + filters: { + mime_types: [ + {FILTERS} + ], + mime_types_max_file_size: [ + {FILTERS} + ], + }, {S_RESIZE} headers: {'X-PHPBB-USING-PLUPLOAD': '1', 'X-Requested-With': 'XMLHttpRequest'}, file_data_name: 'fileupload', From 694a90c18e52edb3860406a1381283cbb6fb6bcb Mon Sep 17 00:00:00 2001 From: 3D-I <480857+3D-I@users.noreply.github.com> Date: Sun, 25 Aug 2019 23:16:51 +0200 Subject: [PATCH 15/81] [ticket/16139] Add core.viewtopic_modify_quick_reply_template_vars PHPBB3-16139 --- phpBB/viewtopic.php | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/phpBB/viewtopic.php b/phpBB/viewtopic.php index 0c2be8c52e..f0b0021626 100644 --- a/phpBB/viewtopic.php +++ b/phpBB/viewtopic.php @@ -2359,12 +2359,25 @@ if ($s_can_vote || $s_quick_reply) ($s_notify) ? $qr_hidden_fields['notify'] = 1 : true; ($topic_data['topic_status'] == ITEM_LOCKED) ? $qr_hidden_fields['lock_topic'] = 1 : true; - $template->assign_vars(array( + $tpl_ary = [ 'S_QUICK_REPLY' => true, 'U_QR_ACTION' => append_sid("{$phpbb_root_path}posting.$phpEx", "mode=reply&f=$forum_id&t=$topic_id"), 'QR_HIDDEN_FIELDS' => build_hidden_fields($qr_hidden_fields), 'SUBJECT' => 'Re: ' . censor_text($topic_data['topic_title']), - )); + ]; + + /** + * Event after the quick-reply has been setup + * + * @event core.viewtopic_modify_quick_reply_template_vars + * @var array tpl_ary Array with template data + * @var array topic_data Array with topic data + * @since 3.2.9-RC1 + */ + $vars = ['tpl_ary', 'topic_data']; + extract($phpbb_dispatcher->trigger_event('core.viewtopic_modify_quick_reply_template_vars', compact($vars))); + + $template->assign_vars($tpl_ary); } } // now I have the urge to wash my hands :( From 4cdfb3f4eddb1c3ccaa304b1c8d3fade7e18f75e Mon Sep 17 00:00:00 2001 From: EA117 Date: Mon, 26 Aug 2019 21:07:01 -0500 Subject: [PATCH 16/81] [ticket/16141] plupload chunk_size incorrect when 'unlimited' is involved. Change get_chunk_size() calculation to correctly calculate limits without letting a zero "unlimited" value always win. Also ensure get_chunk_size() can only return zero if all of the limits were in fact set to unlimited. PHPBB3-16141 --- phpBB/phpbb/plupload/plupload.php | 52 ++++++++++++++++++++++++++----- 1 file changed, 44 insertions(+), 8 deletions(-) diff --git a/phpBB/phpbb/plupload/plupload.php b/phpBB/phpbb/plupload/plupload.php index eb698fb35d..ac4811e4ef 100644 --- a/phpBB/phpbb/plupload/plupload.php +++ b/phpBB/phpbb/plupload/plupload.php @@ -283,15 +283,51 @@ class plupload */ public function get_chunk_size() { - $max = min( - $this->php_ini->getBytes('upload_max_filesize'), - $this->php_ini->getBytes('post_max_size'), - max(1, $this->php_ini->getBytes('memory_limit')), - $this->config['max_filesize'] - ); + $max = 0; + + $limit = $this->php_ini->getBytes('memory_limit'); + + // unlimited is -1 for memory_limit. 0 would be an invalid configuration. + + if ($limit > 0) + { + $max = $limit; + } + + // For all remaining limits, 0 means "unlimited". + + // For each limit, if there is a non-unlimited value to + // apply, apply the limit if it's less than whatever non- + // unlimited max value is currently set. Also, apply the + // limit if the current max value is otherwise unlimited. + + $limit = $this->php_ini->getBytes('upload_max_filesize'); + + if ($limit > 0) + { + $max = min($limit, max($max, $limit)); + } + + $limit = $this->php_ini->getBytes('post_max_size'); + + if ($limit > 0) + { + $max = min($limit, max($max, $limit)); + } + + $limit = $this->config['max_filesize']; + + if ($limit > 0) + { + $max = min($limit, max($max, $limit)); + } + + // Only if every limit was 0/unlimited will we still + // have a zero value in $max at this point. + + // Use half of the maximum possible to leave plenty of + // room for other POST data and be well under limits. - // Use half of the maximum possible to leave plenty of room for other - // POST data. return floor($max / 2); } From 73537bcc7d8b10fe77e91068d494c1181b11d6c7 Mon Sep 17 00:00:00 2001 From: EA117 Date: Wed, 28 Aug 2019 20:22:33 -0500 Subject: [PATCH 17/81] [ticket/16141] plupload chunk_size incorrect when 'unlimited' is involved. Change get_chunk_size() calculation to correctly calculate limits without letting a zero "unlimited" value always win. Also ensure get_chunk_size() can only return zero if all of the limits were in fact set to unlimited. PHPBB3-16141 --- phpBB/phpbb/plupload/plupload.php | 51 ++++++++++++------------------- 1 file changed, 20 insertions(+), 31 deletions(-) diff --git a/phpBB/phpbb/plupload/plupload.php b/phpBB/phpbb/plupload/plupload.php index ac4811e4ef..601b3fb440 100644 --- a/phpBB/phpbb/plupload/plupload.php +++ b/phpBB/phpbb/plupload/plupload.php @@ -276,8 +276,14 @@ class plupload } /** - * Checks various php.ini values and the maximum file size to determine - * the maximum size chunks a file can be split up into for upload + * Checks various php.ini values to determine the maximum chunk + * size a file should be split into for upload. + * + * The intention is to calculate a value which reflects whatever + * the most restrictive limit is set to. And to then set the chunk + * size to half that value, to ensure any required transfer overhead + * and POST data remains well within the limit. Or, if all of the + * limits are set to unlimited, the chunk size will also be unlimited. * * @return int */ @@ -285,48 +291,31 @@ class plupload { $max = 0; - $limit = $this->php_ini->getBytes('memory_limit'); + // unlimited is -1 for memory_limit. 0 should be an invalid configuration. + $limit_memory = $this->php_ini->getBytes('memory_limit'); - // unlimited is -1 for memory_limit. 0 would be an invalid configuration. - - if ($limit > 0) + if ($limit_memory > 0) { - $max = $limit; + $max = $limit_memory; } // For all remaining limits, 0 means "unlimited". - // For each limit, if there is a non-unlimited value to - // apply, apply the limit if it's less than whatever non- - // unlimited max value is currently set. Also, apply the - // limit if the current max value is otherwise unlimited. + $limit_upload = $this->php_ini->getBytes('upload_max_filesize'); - $limit = $this->php_ini->getBytes('upload_max_filesize'); - - if ($limit > 0) + if ($limit_upload > 0) { - $max = min($limit, max($max, $limit)); + $max = min($limit_upload, $max ? $max : $limit_upload); } - $limit = $this->php_ini->getBytes('post_max_size'); + $limit_post = $this->php_ini->getBytes('post_max_size'); - if ($limit > 0) + if ($limit_post > 0) { - $max = min($limit, max($max, $limit)); + $max = min($limit_post, $max ? $max : $limit_post); } - - $limit = $this->config['max_filesize']; - - if ($limit > 0) - { - $max = min($limit, max($max, $limit)); - } - - // Only if every limit was 0/unlimited will we still - // have a zero value in $max at this point. - - // Use half of the maximum possible to leave plenty of - // room for other POST data and be well under limits. + + // $config['max_filesize'] is not a limiter to chunk size. return floor($max / 2); } From 29d43670430f3edad2366ddbca15d1b34315ce1d Mon Sep 17 00:00:00 2001 From: EA117 Date: Wed, 28 Aug 2019 23:34:52 -0500 Subject: [PATCH 18/81] [ticket/16141] plupload chunk_size when 'unlimited' is involved. Change get_chunk_size() calculation to correctly calculate limits without letting a zero "unlimited" value always win. Also ensure get_chunk_size() can only return zero if all of the limits were in fact set to unlimited. PHPBB3-16141 --- phpBB/phpbb/plupload/plupload.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/phpBB/phpbb/plupload/plupload.php b/phpBB/phpbb/plupload/plupload.php index 601b3fb440..f9403938ed 100644 --- a/phpBB/phpbb/plupload/plupload.php +++ b/phpBB/phpbb/plupload/plupload.php @@ -305,14 +305,14 @@ class plupload if ($limit_upload > 0) { - $max = min($limit_upload, $max ? $max : $limit_upload); + $max = min($limit_upload, ($max ? $max : $limit_upload)); } $limit_post = $this->php_ini->getBytes('post_max_size'); if ($limit_post > 0) { - $max = min($limit_post, $max ? $max : $limit_post); + $max = min($limit_post, ($max ? $max : $limit_post)); } // $config['max_filesize'] is not a limiter to chunk size. From bf359d153dd0ff6cc9505cdd7bf8a7754b6a6073 Mon Sep 17 00:00:00 2001 From: EA117 Date: Thu, 29 Aug 2019 00:17:14 -0500 Subject: [PATCH 19/81] [ticket/16141] plupload chunk_size when 'unlimited' is involved. Change get_chunk_size() calculation to correctly calculate limits without letting a zero "unlimited" value always win. Also ensure get_chunk_size() can only return zero if all of the limits were in fact set to unlimited. PHPBB3-16141 --- phpBB/phpbb/plupload/plupload.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/phpBB/phpbb/plupload/plupload.php b/phpBB/phpbb/plupload/plupload.php index f9403938ed..91b635b617 100644 --- a/phpBB/phpbb/plupload/plupload.php +++ b/phpBB/phpbb/plupload/plupload.php @@ -314,7 +314,7 @@ class plupload { $max = min($limit_post, ($max ? $max : $limit_post)); } - + // $config['max_filesize'] is not a limiter to chunk size. return floor($max / 2); From 2e7d58c63b4b27036f76b6e5637ac3e1d7852a05 Mon Sep 17 00:00:00 2001 From: oxcom Date: Fri, 30 Aug 2019 09:07:20 +0200 Subject: [PATCH 20/81] [ticket/16143] Add new events before and after move topics PHPBB3-16143 --- phpBB/includes/functions_admin.php | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) diff --git a/phpBB/includes/functions_admin.php b/phpBB/includes/functions_admin.php index c19d48b0be..cc82fdbda3 100644 --- a/phpBB/includes/functions_admin.php +++ b/phpBB/includes/functions_admin.php @@ -543,6 +543,20 @@ function move_topics($topic_ids, $forum_id, $auto_sync = true) $topic_ids = array($topic_ids); } + /** + * Perform additional actions before topics move + * + * @event core.move_topics_before + * @var array topic_ids Array of the moved topic ids + * @var string forum_id The forum id from where the topics are moved + * @since 3.2.9-RC1 + */ + $vars = array( + 'topic_ids', + 'forum_id', + ); + extract($phpbb_dispatcher->trigger_event('core.move_topics_before', compact($vars))); + $sql = 'DELETE FROM ' . TOPICS_TABLE . ' WHERE ' . $db->sql_in_set('topic_moved_id', $topic_ids) . ' AND forum_id = ' . $forum_id; @@ -593,6 +607,22 @@ function move_topics($topic_ids, $forum_id, $auto_sync = true) } unset($table_ary); + /** + * Perform additional actions after topics move + * + * @event core.move_topics_after + * @var array topic_ids Array of the moved topic ids + * @var string forum_id The forum id from where the topics were moved + * @var array forum_ids Array of the forums where the topics were moved (includes also forum_id) + * @since 3.2.9-RC1 + */ + $vars = array( + 'topic_ids', + 'forum_id', + 'forum_ids', + ); + extract($phpbb_dispatcher->trigger_event('core.move_topics_after', compact($vars))); + if ($auto_sync) { sync('forum', 'forum_id', $forum_ids, true, true); From 5bd3b7ec378579dc84d2d838ba43d3a77f519159 Mon Sep 17 00:00:00 2001 From: EA117 Date: Fri, 30 Aug 2019 07:01:04 -0500 Subject: [PATCH 21/81] [ticket/16141] plupload chunk_size when 'unlimited' is involved. Change get_chunk_size() calculation to correctly calculate limits without letting a zero "unlimited" value always win. Also ensure get_chunk_size() can only return zero if all of the limits were in fact set to unlimited. PHPBB3-16141 --- phpBB/phpbb/plupload/plupload.php | 56 +++++++++++++------------------ 1 file changed, 23 insertions(+), 33 deletions(-) diff --git a/phpBB/phpbb/plupload/plupload.php b/phpBB/phpbb/plupload/plupload.php index 91b635b617..70070b9835 100644 --- a/phpBB/phpbb/plupload/plupload.php +++ b/phpBB/phpbb/plupload/plupload.php @@ -276,47 +276,37 @@ class plupload } /** - * Checks various php.ini values to determine the maximum chunk - * size a file should be split into for upload. - * - * The intention is to calculate a value which reflects whatever - * the most restrictive limit is set to. And to then set the chunk - * size to half that value, to ensure any required transfer overhead - * and POST data remains well within the limit. Or, if all of the - * limits are set to unlimited, the chunk size will also be unlimited. - * - * @return int - */ + * Checks various php.ini values to determine the maximum chunk + * size a file should be split into for upload. + * + * The intention is to calculate a value which reflects whatever + * the most restrictive limit is set to. And to then set the chunk + * size to half that value, to ensure any required transfer overhead + * and POST data remains well within the limit. Or, if all of the + * limits are set to unlimited, the chunk size will also be unlimited. + * + * @return int + * + * @access public + */ public function get_chunk_size() { $max = 0; - // unlimited is -1 for memory_limit. 0 should be an invalid configuration. - $limit_memory = $this->php_ini->getBytes('memory_limit'); + $limits = [ + $this->php_ini->getBytes('memory_limit'), + $this->php_ini->getBytes('upload_max_filesize'), + $this->php_ini->getBytes('post_max_size'), + ]; - if ($limit_memory > 0) + foreach ($limits as $limit_type) { - $max = $limit_memory; + if ($limit_type > 0) + { + $max = ($max !== 0) ? min($limit_type, $max) : $limit_type; + } } - // For all remaining limits, 0 means "unlimited". - - $limit_upload = $this->php_ini->getBytes('upload_max_filesize'); - - if ($limit_upload > 0) - { - $max = min($limit_upload, ($max ? $max : $limit_upload)); - } - - $limit_post = $this->php_ini->getBytes('post_max_size'); - - if ($limit_post > 0) - { - $max = min($limit_post, ($max ? $max : $limit_post)); - } - - // $config['max_filesize'] is not a limiter to chunk size. - return floor($max / 2); } From cc8d6a5a014c994fec8d8bdd61cd1fbc5506de6e Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Sat, 31 Aug 2019 18:13:24 +0200 Subject: [PATCH 22/81] [ticket/security/243] Fail silently on unsupported values for font size SECURITY-243 --- phpBB/language/en/posting.php | 1 - phpBB/phpbb/textformatter/s9e/parser.php | 13 +------------ 2 files changed, 1 insertion(+), 13 deletions(-) diff --git a/phpBB/language/en/posting.php b/phpBB/language/en/posting.php index 570cf63f17..426475e77a 100644 --- a/phpBB/language/en/posting.php +++ b/phpBB/language/en/posting.php @@ -140,7 +140,6 @@ $lang = array_merge($lang, array( 'IMAGES_ARE_OFF' => '[img] is OFF', 'IMAGES_ARE_ON' => '[img] is ON', 'INVALID_FILENAME' => '%s is an invalid filename.', - 'INVALID_FONT_SIZE' => 'The font size you supplied is invalid: %s', 'LOAD' => 'Load', 'LOAD_DRAFT' => 'Load draft', diff --git a/phpBB/phpbb/textformatter/s9e/parser.php b/phpBB/phpbb/textformatter/s9e/parser.php index 1bc56a8cb4..a36fc63141 100644 --- a/phpBB/phpbb/textformatter/s9e/parser.php +++ b/phpBB/phpbb/textformatter/s9e/parser.php @@ -228,10 +228,6 @@ class parser implements \phpbb\textformatter\parser_interface { $errors[] = array($msg); } - else if ($msg === 'INVALID_FONT_SIZE') - { - $errors[] = [$msg, $context['invalid_size']]; - } } // Deduplicate error messages. array_unique() only works on strings so we have to serialize @@ -339,13 +335,6 @@ class parser implements \phpbb\textformatter\parser_interface */ static public function filter_font_size($size, $max_size, Logger $logger) { - if (!is_numeric($size)) - { - $logger->err('INVALID_FONT_SIZE', ['invalid_size' => htmlspecialchars($size)]); - - return false; - } - if ($max_size && $size > $max_size) { $logger->err('MAX_FONT_SIZE_EXCEEDED', array('max_size' => $max_size)); @@ -353,7 +342,7 @@ class parser implements \phpbb\textformatter\parser_interface return false; } - if ($size < 1) + if ($size < 1 || !is_numeric($size)) { return false; } From 3e23adf030329fac3746251c54c85d3061ec69d1 Mon Sep 17 00:00:00 2001 From: 3D-I <480857+3D-I@users.noreply.github.com> Date: Sun, 1 Sep 2019 09:19:33 +0200 Subject: [PATCH 23/81] [ticket/16144] Provide extra fallback to board's default style for $user PHPBB3-16144 --- phpBB/language/en/common.php | 2 +- phpBB/phpbb/user.php | 41 +++++++++++++++++++++++++++++++++++- 2 files changed, 41 insertions(+), 2 deletions(-) diff --git a/phpBB/language/en/common.php b/phpBB/language/en/common.php index 8df8fc630b..4ea3f015a9 100644 --- a/phpBB/language/en/common.php +++ b/phpBB/language/en/common.php @@ -519,7 +519,7 @@ $lang = array_merge($lang, array( 'NO_POSTS_TIME_FRAME' => 'No posts exist inside this topic for the selected time frame.', 'NO_FEED_ENABLED' => 'Feeds are not available on this board.', 'NO_FEED' => 'The requested feed is not available.', - 'NO_STYLE_DATA' => 'Could not get style data', + 'NO_STYLE_DATA' => 'Could not get style data for user_style %s and set for user_id %s', 'NO_STYLE_CFG' => 'Could not get the style configuration file for: %s', 'NO_SUBJECT' => 'No subject specified', // Used for posts having no subject defined but displayed within management pages. 'NO_SUCH_SEARCH_MODULE' => 'The specified search backend doesn’t exist.', diff --git a/phpBB/phpbb/user.php b/phpBB/phpbb/user.php index 7363290e11..8e2b278650 100644 --- a/phpBB/phpbb/user.php +++ b/phpBB/phpbb/user.php @@ -281,9 +281,48 @@ class user extends \phpbb\session $db->sql_freeresult($result); } + /** + * Something went very bad this time. + * Fallback to board's default style upon its strict verification. + */ if (!$this->style) { - trigger_error('NO_STYLE_DATA', E_USER_ERROR); + /** Verify default style exists in the database */ + $sql = 'SELECT style_id + FROM ' . STYLES_TABLE . ' + WHERE style_id = ' . (int) $config['default_style']; + $result = $db->sql_query($sql); + $style_id = (int) $db->sql_fetchfield('style_id'); + $db->sql_freeresult($result); + + $style_id = $style_id ?: false; + + if ($style_id > 0) + { + $db->sql_transaction('begin'); + + /** Update $user row */ + $sql = 'SELECT * + FROM ' . STYLES_TABLE . ' + WHERE style_id = ' . (int) $config['default_style']; + $result = $db->sql_query($sql); + $this->style = $db->sql_fetchrow($result); + $db->sql_freeresult($result); + + /** Update user style preference */ + $sql = 'UPDATE ' . USERS_TABLE . ' + SET user_style = ' . (int) $style_id . ' + WHERE user_id = ' . (int) $this->data['user_id']; + $db->sql_query($sql); + + $db->sql_transaction('commit'); + } + } + + /** This should never happens */ + if (!$this->style) + { + trigger_error($this->language->lang('NO_STYLE_DATA', $this->data['user_style'], $this->data['user_id']), E_USER_ERROR); } // Now parse the cfg file and cache it From a1e8282e672e0cddd2239c1ece30cf6eb96a09eb Mon Sep 17 00:00:00 2001 From: oxcom Date: Mon, 2 Sep 2019 14:31:07 +0200 Subject: [PATCH 24/81] [ticket/16146] New core event: after move forum PHPBB3-16146 --- phpBB/includes/acp/acp_forums.php | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/phpBB/includes/acp/acp_forums.php b/phpBB/includes/acp/acp_forums.php index cb0593b14a..03c178f968 100644 --- a/phpBB/includes/acp/acp_forums.php +++ b/phpBB/includes/acp/acp_forums.php @@ -1576,6 +1576,19 @@ class acp_forums $db->sql_query($sql); } + /** + * Event when content has been moved from one forum to another + * + * @event core.acp_manage_forums_move_content + * @var int from_id If of the current parent forum + * @var int to_id If of the new parent forum + * @var bool sync Shall we sync the "to"-forum's data + * + * @since 3.2.9-RC1 + */ + $vars = array('from_id', 'to_id', 'sync'); + extract($phpbb_dispatcher->trigger_event('core.acp_manage_forums_move_content_after', compact($vars))); + if ($sync) { // Delete ghost topics that link back to the same forum then resync counters From f84cc449b91486de753c9476dbbbfcb1ed312f7c Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Mon, 2 Sep 2019 21:18:12 +0200 Subject: [PATCH 25/81] [ticket/security/243] Remove invalid markup from bbcode.html SECURITY-243 --- phpBB/styles/prosilver/template/bbcode.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/phpBB/styles/prosilver/template/bbcode.html b/phpBB/styles/prosilver/template/bbcode.html index f4ec94dbfe..940c0ace29 100644 --- a/phpBB/styles/prosilver/template/bbcode.html +++ b/phpBB/styles/prosilver/template/bbcode.html @@ -64,7 +64,7 @@ {TEXT} -font-size: %; line-height: normal +{TEXT} {L_IMAGE} From 776a7302a4daf88ce760e89c6f9617482c0ae5e5 Mon Sep 17 00:00:00 2001 From: oxcom Date: Tue, 3 Sep 2019 08:15:00 +0200 Subject: [PATCH 26/81] [ticket/16146] fix event name in comment PHPBB3-16146 --- phpBB/includes/acp/acp_forums.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/phpBB/includes/acp/acp_forums.php b/phpBB/includes/acp/acp_forums.php index 03c178f968..25545e9265 100644 --- a/phpBB/includes/acp/acp_forums.php +++ b/phpBB/includes/acp/acp_forums.php @@ -1579,7 +1579,7 @@ class acp_forums /** * Event when content has been moved from one forum to another * - * @event core.acp_manage_forums_move_content + * @event core.acp_manage_forums_move_content_after * @var int from_id If of the current parent forum * @var int to_id If of the new parent forum * @var bool sync Shall we sync the "to"-forum's data From 2224a76c24319b7f9456ecc42f16e22d38178ee0 Mon Sep 17 00:00:00 2001 From: Alfredo Ramos Date: Tue, 3 Sep 2019 17:21:51 -0500 Subject: [PATCH 27/81] [ticket/15643] Fix open_basedir warnings Suppress warnings when trying to call is_link(), is_dir() and is_file() on the web server root directory when open_basedir is set. PHPBB3-15643 --- phpBB/phpbb/filesystem/filesystem.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/phpBB/phpbb/filesystem/filesystem.php b/phpBB/phpbb/filesystem/filesystem.php index bfafdf5ddd..c5be284d8c 100644 --- a/phpBB/phpbb/filesystem/filesystem.php +++ b/phpBB/phpbb/filesystem/filesystem.php @@ -835,7 +835,7 @@ class filesystem implements filesystem_interface $current_path = $resolved_path . '/' . $path_part; // Resolve symlinks - if (is_link($current_path)) + if (@is_link($current_path)) { if (!function_exists('readlink')) { @@ -872,12 +872,12 @@ class filesystem implements filesystem_interface $resolved_path = false; } - else if (is_dir($current_path . '/')) + else if (@is_dir($current_path . '/')) { $resolved[] = $path_part; $resolved_path = $current_path; } - else if (is_file($current_path)) + else if (@is_file($current_path)) { $resolved[] = $path_part; $resolved_path = $current_path; From 6f6b8d046bfbfde096175c2defa233002d7a9d4a Mon Sep 17 00:00:00 2001 From: JoshyPHP Date: Wed, 4 Sep 2019 14:01:59 +0200 Subject: [PATCH 28/81] [ticket/16147] Updated tokens legend in BBCodes ACP PHPBB3-16147 --- phpBB/language/en/acp/posting.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/phpBB/language/en/acp/posting.php b/phpBB/language/en/acp/posting.php index 119ad2d7e9..1e1c5554e1 100644 --- a/phpBB/language/en/acp/posting.php +++ b/phpBB/language/en/acp/posting.php @@ -78,13 +78,13 @@ $lang = array_merge($lang, array( 'TOO_MANY_BBCODES' => 'You cannot create any more BBCodes. Please remove one or more BBCodes then try again.', 'tokens' => array( - 'TEXT' => 'Any text, including foreign characters, numbers, etc… You should not use this token in HTML tags. Instead try to use IDENTIFIER, INTTEXT or SIMPLETEXT.', + 'TEXT' => 'Any text, including foreign characters, numbers, etc…', 'SIMPLETEXT' => 'Characters from the latin alphabet (A-Z), numbers, spaces, commas, dots, minus, plus, hyphen and underscore', 'INTTEXT' => 'Unicode letter characters, numbers, spaces, commas, dots, minus, plus, hyphen, underscore and whitespaces.', 'IDENTIFIER' => 'Characters from the latin alphabet (A-Z), numbers, hyphen and underscore', 'NUMBER' => 'Any series of digits', 'EMAIL' => 'A valid email address', - 'URL' => 'A valid URL using any protocol (http, ftp, etc… cannot be used for javascript exploits). If none is given, “http://” is prefixed to the string.', + 'URL' => 'A valid URL using any allowed protocol (http, ftp, etc… cannot be used for javascript exploits). If none is given, “http://” is prefixed to the string.', 'LOCAL_URL' => 'A local URL. The URL must be relative to the topic page and cannot contain a server name or protocol, as links are prefixed with “%s”', 'RELATIVE_URL' => 'A relative URL. You can use this to match parts of a URL, but be careful: a full URL is a valid relative URL. When you want to use relative URLs of your board, use the LOCAL_URL token.', 'COLOR' => 'A HTML colour, can be either in the numeric form #FF1234 or a CSS colour keyword such as fuchsia or InactiveBorder', From 2a32d74d2067e046ee0167490a57fe904186c6f4 Mon Sep 17 00:00:00 2001 From: mrgoldy Date: Wed, 4 Sep 2019 15:29:50 +0200 Subject: [PATCH 29/81] [ticket/15422] Remove redundant BBCode helpline PHPBB3-15422 --- phpBB/adm/style/acp_posting_buttons.html | 23 +------------------ phpBB/assets/javascript/editor.js | 13 +++-------- phpBB/includes/functions_display.php | 1 - .../prosilver/template/posting_buttons.html | 23 +------------------ 4 files changed, 5 insertions(+), 55 deletions(-) diff --git a/phpBB/adm/style/acp_posting_buttons.html b/phpBB/adm/style/acp_posting_buttons.html index c3c42f8e82..36fc285537 100644 --- a/phpBB/adm/style/acp_posting_buttons.html +++ b/phpBB/adm/style/acp_posting_buttons.html @@ -5,27 +5,6 @@ var bbcode = new Array(); var bbtags = new Array('[b]','[/b]','[i]','[/i]','[u]','[/u]','[quote]','[/quote]','[code]','[/code]','[list]','[/list]','[list=]','[/list]','[img]','[/img]','[url]','[/url]','[flash=]', '[/flash]','[size=]','[/size]', {custom_tags.BBCODE_NAME}); - // Helpline messages - var help_line = { - b: '{LA_BBCODE_B_HELP}', - i: '{LA_BBCODE_I_HELP}', - u: '{LA_BBCODE_U_HELP}', - q: '{LA_BBCODE_Q_HELP}', - c: '{LA_BBCODE_C_HELP}', - l: '{LA_BBCODE_L_HELP}', - o: '{LA_BBCODE_O_HELP}', - p: '{LA_BBCODE_P_HELP}', - w: '{LA_BBCODE_W_HELP}', - a: '{LA_BBCODE_A_HELP}', - s: '{LA_BBCODE_S_HELP}', - f: '{LA_BBCODE_F_HELP}', - y: '{LA_BBCODE_Y_HELP}', - d: '{LA_BBCODE_D_HELP}' - - ,cb_{custom_tags.BBCODE_ID}{L_COLON} '{custom_tags.A_BBCODE_HELPLINE}' - - } - // ]]> @@ -65,7 +44,7 @@ - + diff --git a/phpBB/assets/javascript/editor.js b/phpBB/assets/javascript/editor.js index 23244f5a40..24cbc09f58 100644 --- a/phpBB/assets/javascript/editor.js +++ b/phpBB/assets/javascript/editor.js @@ -17,17 +17,10 @@ var is_ie = ((clientPC.indexOf('msie') !== -1) && (clientPC.indexOf('opera') === var is_win = ((clientPC.indexOf('win') !== -1) || (clientPC.indexOf('16bit') !== -1)); var baseHeight; -/** -* Shows the help messages in the helpline window -*/ -function helpline(help) { - document.forms[form_name].helpbox.value = help_line[help]; -} - /** * Fix a bug involving the TextRange object. From * http://www.frostjedi.com/terra/scripts/demo/caretBug.html -*/ +*/ function initInsertions() { var doc; @@ -104,8 +97,8 @@ function bbfontstyle(bbopen, bbclose) { } // IE else if (document.selection) { - var range = textarea.createTextRange(); - range.move("character", new_pos); + var range = textarea.createTextRange(); + range.move("character", new_pos); range.select(); storeCaret(textarea); } diff --git a/phpBB/includes/functions_display.php b/phpBB/includes/functions_display.php index 792467019f..5d137b22eb 100644 --- a/phpBB/includes/functions_display.php +++ b/phpBB/includes/functions_display.php @@ -1117,7 +1117,6 @@ function display_custom_bbcodes() 'BBCODE_TAG' => $row['bbcode_tag'], 'BBCODE_TAG_CLEAN' => str_replace('=', '-', $row['bbcode_tag']), 'BBCODE_HELPLINE' => $row['bbcode_helpline'], - 'A_BBCODE_HELPLINE' => str_replace(array('&', '"', "'", '<', '>'), array('&', '"', "\'", '<', '>'), $row['bbcode_helpline']), ); /** diff --git a/phpBB/styles/prosilver/template/posting_buttons.html b/phpBB/styles/prosilver/template/posting_buttons.html index 122afdf978..cb305eee4b 100644 --- a/phpBB/styles/prosilver/template/posting_buttons.html +++ b/phpBB/styles/prosilver/template/posting_buttons.html @@ -10,27 +10,6 @@ var bbtags = new Array('[b]','[/b]','[i]','[/i]','[u]','[/u]','[quote]','[/quote]','[code]','[/code]','[list]','[/list]','[list=]','[/list]','[img]','[/img]','[url]','[/url]','[flash=]', '[/flash]','[size=]','[/size]', {custom_tags.BBCODE_NAME}); var imageTag = false; - // Helpline messages - var help_line = { - b: '{LA_BBCODE_B_HELP}', - i: '{LA_BBCODE_I_HELP}', - u: '{LA_BBCODE_U_HELP}', - q: '{LA_BBCODE_Q_HELP}', - c: '{LA_BBCODE_C_HELP}', - l: '{LA_BBCODE_L_HELP}', - o: '{LA_BBCODE_O_HELP}', - p: '{LA_BBCODE_P_HELP}', - w: '{LA_BBCODE_W_HELP}', - a: '{LA_BBCODE_A_HELP}', - s: '{LA_BBCODE_S_HELP}', - f: '{LA_BBCODE_F_HELP}', - y: '{LA_BBCODE_Y_HELP}', - d: '{LA_BBCODE_D_HELP}' - - ,cb_{custom_tags.BBCODE_ID}: '{custom_tags.A_BBCODE_HELPLINE}' - - } - function change_palette() { phpbb.toggleDisplay('colour_palette'); @@ -117,7 +96,7 @@ - From ecf4da2df0e8070e2c1a3c992e11c8df608b63e3 Mon Sep 17 00:00:00 2001 From: mrgoldy Date: Wed, 4 Sep 2019 15:49:12 +0200 Subject: [PATCH 30/81] [ticket/14815] Enable contact links in memberlist PHPBB3-14815 --- phpBB/memberlist.php | 2 +- phpBB/styles/prosilver/template/memberlist_body.html | 8 +++++++- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/phpBB/memberlist.php b/phpBB/memberlist.php index ce7159c150..1343bd7c60 100644 --- a/phpBB/memberlist.php +++ b/phpBB/memberlist.php @@ -1675,7 +1675,7 @@ switch ($mode) } // do we need to display contact fields as such - $use_contact_fields = false; + $use_contact_fields = true; /** * Modify list of users before member row is created diff --git a/phpBB/styles/prosilver/template/memberlist_body.html b/phpBB/styles/prosilver/template/memberlist_body.html index 5f03ad99cc..745f9a58a8 100644 --- a/phpBB/styles/prosilver/template/memberlist_body.html +++ b/phpBB/styles/prosilver/template/memberlist_body.html @@ -120,7 +120,13 @@ {memberrow.RANK_IMG}{memberrow.RANK_TITLE} {memberrow.USERNAME_FULL} ({L_INACTIVE})
{L_SELECT} ] {memberrow.POSTS}{memberrow.POSTS} -
{memberrow.custom_fields.PROFILE_FIELD_VALUE}
  + + {%- for field in memberrow.custom_fields -%} + + {%- else -%} +   + {%- endfor -%} + {memberrow.JOINED} {memberrow.LAST_ACTIVE}  {% EVENT memberlist_body_memberrow_after %} From 32accc18e7f15b501fd09aa9fdd040f3591b8045 Mon Sep 17 00:00:00 2001 From: rxu Date: Thu, 5 Sep 2019 19:42:40 +0700 Subject: [PATCH 31/81] [ticket/16148] Add template events to acp_groups.html PHPBB3-16148 --- phpBB/adm/style/acp_groups.html | 2 ++ phpBB/docs/events.md | 12 ++++++++++++ 2 files changed, 14 insertions(+) diff --git a/phpBB/adm/style/acp_groups.html b/phpBB/adm/style/acp_groups.html index d0096370d9..723a190899 100644 --- a/phpBB/adm/style/acp_groups.html +++ b/phpBB/adm/style/acp_groups.html @@ -36,10 +36,12 @@

{L_GROUP_TYPE_EXPLAIN}
+ {% EVENT acp_group_types_prepend %} + {% EVENT acp_group_types_append %}
diff --git a/phpBB/docs/events.md b/phpBB/docs/events.md index 467b03e8f3..4be1725090 100644 --- a/phpBB/docs/events.md +++ b/phpBB/docs/events.md @@ -172,6 +172,18 @@ acp_group_options_before * Since: 3.1.0-b4 * Purpose: Add additional options to group settings (before GROUP_FOUNDER_MANAGE) +acp_group_types_append +=== +* Location: adm/style/acp_groups.html +* Since: 3.2.9-RC1 +* Purpose: Add additional group type options to group settings (append the list) + +acp_group_types_prepend +=== +* Location: adm/style/acp_groups.html +* Since: 3.2.9-RC1 +* Purpose: Add additional group type options to group settings (prepend the list) + acp_groups_find_username_append === * Location: adm/style/acp_groups.html From c31216e4930645df808577dea017642f0495989f Mon Sep 17 00:00:00 2001 From: v12mike Date: Sat, 7 Sep 2019 04:16:31 -0400 Subject: [PATCH 32/81] [ticket/16150] Make post subject link an absolute url The previous version was relative to a &start= which was sometimes wrong. PHPBB3-16150 --- phpBB/styles/prosilver/template/viewtopic_body.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/phpBB/styles/prosilver/template/viewtopic_body.html b/phpBB/styles/prosilver/template/viewtopic_body.html index 8d7e26f099..63ed2ba8d6 100644 --- a/phpBB/styles/prosilver/template/viewtopic_body.html +++ b/phpBB/styles/prosilver/template/viewtopic_body.html @@ -224,7 +224,7 @@
style="display: none;"> -

class="first">{postrow.POST_ICON_IMG_ALT} {postrow.POST_SUBJECT}

+

class="first">{postrow.POST_ICON_IMG_ALT} {postrow.POST_SUBJECT}

From 850ea776d9757e6cabc6a176b2071ca7471117a0 Mon Sep 17 00:00:00 2001 From: mrgoldy Date: Thu, 5 Sep 2019 15:43:33 +0200 Subject: [PATCH 33/81] [ticket/16123] Show proper banned email message PHPBB3-16123 --- phpBB/includes/functions_user.php | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php index 3bf4aa16b7..35fb54d7d3 100644 --- a/phpBB/includes/functions_user.php +++ b/phpBB/includes/functions_user.php @@ -1947,7 +1947,10 @@ function validate_user_email($email, $allowed_email = false) if (($ban = $user->check_ban(false, false, $email, true)) !== false) { - return ($ban === true) ? 'EMAIL_BANNED' : (!empty($ban['ban_give_reason']) ? $ban['ban_give_reason'] : $ban); + if ($ban !== false) + { + return !empty($ban['ban_give_reason']) ? $ban['ban_give_reason'] : 'EMAIL_BANNED'; + } } if (!$config['allow_emailreuse']) From 56e2f1a3f66602efa2977e5c2abe31e884e56bf6 Mon Sep 17 00:00:00 2001 From: mrgoldy Date: Thu, 5 Sep 2019 16:36:29 +0200 Subject: [PATCH 34/81] [ticket/16123] Check with empty() PHPBB3-16123 --- phpBB/includes/functions_user.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php index 35fb54d7d3..6e12c847c8 100644 --- a/phpBB/includes/functions_user.php +++ b/phpBB/includes/functions_user.php @@ -1947,7 +1947,7 @@ function validate_user_email($email, $allowed_email = false) if (($ban = $user->check_ban(false, false, $email, true)) !== false) { - if ($ban !== false) + if (!empty($ban)) { return !empty($ban['ban_give_reason']) ? $ban['ban_give_reason'] : 'EMAIL_BANNED'; } From cf898133a4fa0c412911a9b65a533c84524edc34 Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Sat, 7 Sep 2019 13:24:20 +0200 Subject: [PATCH 35/81] [ticket/16123] Add tests to cover different ban reasons PHPBB3-16123 --- tests/functions/fixtures/validate_email.xml | 21 ++++++++++++++++++++ tests/functions/validate_user_email_test.php | 10 +++++++--- 2 files changed, 28 insertions(+), 3 deletions(-) diff --git a/tests/functions/fixtures/validate_email.xml b/tests/functions/fixtures/validate_email.xml index eb4fd90217..5a21e51d13 100644 --- a/tests/functions/fixtures/validate_email.xml +++ b/tests/functions/fixtures/validate_email.xml @@ -1,5 +1,26 @@ + + ban_userid + ban_exclude + ban_end + ban_email + ban_give_reason + + 0 + 0 + 0 + banned@example.com + + + + 0 + 0 + 0 + banned2@example.com + just because + +
user_idusername diff --git a/tests/functions/validate_user_email_test.php b/tests/functions/validate_user_email_test.php index 8dcec88103..f64d01517c 100644 --- a/tests/functions/validate_user_email_test.php +++ b/tests/functions/validate_user_email_test.php @@ -28,10 +28,14 @@ class phpbb_functions_validate_user_email_test extends phpbb_database_test_case protected function setUp() { + global $phpbb_dispatcher, $phpbb_root_path, $phpEx; + parent::setUp(); $this->db = $this->new_dbal(); - $this->user = new phpbb_mock_user; + $phpbb_dispatcher = new phpbb_mock_event_dispatcher(); + $language = new phpbb\language\language(new phpbb\language\language_file_loader($phpbb_root_path, $phpEx)); + $this->user = new phpbb\user($language, '\phpbb\datetime'); $this->helper = new phpbb_functions_validate_data_helper($this); } @@ -47,7 +51,6 @@ class phpbb_functions_validate_user_email_test extends phpbb_database_test_case $config['email_check_mx'] = $check_mx; $db = $this->db; $user = $this->user; - $user->optionset('banned_users', array('banned@example.com')); } public static function validate_user_email_data() @@ -58,7 +61,8 @@ class phpbb_functions_validate_user_email_test extends phpbb_database_test_case array('valid_complex', array(), "'%$~test@example.com"), array('invalid', array('EMAIL_INVALID'), 'fööbar@example.com'), array('taken', array('EMAIL_TAKEN'), 'admin@example.com'), - array('banned', array('EMAIL_BANNED'), 'banned@example.com'), + array('banned', ['just because'], 'banned2@example.com'), + array('banned', ['EMAIL_BANNED'], 'banned@example.com') ); } From 6e20cd5d2286e716dc6b9a9b3e7f9e75dcde4f8b Mon Sep 17 00:00:00 2001 From: mrgoldy Date: Sat, 7 Sep 2019 16:47:47 +0200 Subject: [PATCH 36/81] [ticket/16123] Remove redundant if check PHPBB3-16123 --- phpBB/includes/functions_user.php | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php index 6e12c847c8..e0b6a9d0c6 100644 --- a/phpBB/includes/functions_user.php +++ b/phpBB/includes/functions_user.php @@ -1945,12 +1945,10 @@ function validate_user_email($email, $allowed_email = false) return $validate_email; } - if (($ban = $user->check_ban(false, false, $email, true)) !== false) + $ban = $user->check_ban(false, false, $email, true); + if (!empty($ban)) { - if (!empty($ban)) - { - return !empty($ban['ban_give_reason']) ? $ban['ban_give_reason'] : 'EMAIL_BANNED'; - } + return !empty($ban['ban_give_reason']) ? $ban['ban_give_reason'] : 'EMAIL_BANNED'; } if (!$config['allow_emailreuse']) From d186df8cb40f5375ae7143fb432cb36cafe7d0a1 Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Sat, 7 Sep 2019 21:57:38 +0200 Subject: [PATCH 37/81] [ticket/16123] Purge cache to ensure up to date ban list in tests PHPBB3-16123 --- tests/functions/validate_user_email_test.php | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/tests/functions/validate_user_email_test.php b/tests/functions/validate_user_email_test.php index f64d01517c..d23ffc0503 100644 --- a/tests/functions/validate_user_email_test.php +++ b/tests/functions/validate_user_email_test.php @@ -28,10 +28,12 @@ class phpbb_functions_validate_user_email_test extends phpbb_database_test_case protected function setUp() { - global $phpbb_dispatcher, $phpbb_root_path, $phpEx; + global $cache, $phpbb_dispatcher, $phpbb_root_path, $phpEx; parent::setUp(); + $cache = new \phpbb\cache\driver\file(); + $cache->purge(); $this->db = $this->new_dbal(); $phpbb_dispatcher = new phpbb_mock_event_dispatcher(); $language = new phpbb\language\language(new phpbb\language\language_file_loader($phpbb_root_path, $phpEx)); From 6600fc6cad5f6d43acdcc9a303be4ce91ed48f2e Mon Sep 17 00:00:00 2001 From: 3D-I <480857+3D-I@users.noreply.github.com> Date: Sun, 8 Sep 2019 03:29:27 +0200 Subject: [PATCH 38/81] [ticket/16151] Enable Emojis and rich text in forum name PHPBB3-16151 --- phpBB/includes/acp/acp_forums.php | 22 +++++++++++++++++++++- 1 file changed, 21 insertions(+), 1 deletion(-) diff --git a/phpBB/includes/acp/acp_forums.php b/phpBB/includes/acp/acp_forums.php index cb0593b14a..0bbaf96dec 100644 --- a/phpBB/includes/acp/acp_forums.php +++ b/phpBB/includes/acp/acp_forums.php @@ -986,10 +986,30 @@ class acp_forums $errors[] = $user->lang['FORUM_NAME_EMPTY']; } - // No Emojis + /** + * Replace Emojis and other 4bit UTF-8 chars not allowed by MySql to NCR. + * Using their Numeric Character Reference's Hexadecimal notation. + * Doesn't interfere with Japanese or Cyrillic etc. + * + * @see https://www.w3.org/TR/xml11/ + * @see https://www.opentag.com/xfaq_charrep.htm + */ + if (preg_match_all('/[\x{10000}-\x{10FFFF}]/u', $forum_data_ary['forum_name'], $matches)) + { + foreach ($matches as $key => $emoji) + { + $forum_data_ary['forum_name'] = str_replace($emoji, utf8_encode_ncr($emoji), $forum_data_ary['forum_name']); + } + } + + /** + * This should never happen again. + * Leaving the fallback hre just in case there will be the need of it. + */ if (preg_match_all('/[\x{10000}-\x{10FFFF}]/u', $forum_data_ary['forum_name'], $matches)) { $character_list = implode('
', $matches[0]); + $errors[] = $user->lang('FORUM_NAME_EMOJI', $character_list); } From 4abdfd1709d1c39362656de70f95d762e3f031f8 Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Sun, 8 Sep 2019 09:40:56 +0200 Subject: [PATCH 39/81] [ticket/16123] Specify ban_id in validate email fixture PHPBB3-16123 --- tests/functions/fixtures/validate_email.xml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tests/functions/fixtures/validate_email.xml b/tests/functions/fixtures/validate_email.xml index 5a21e51d13..fa139f6f18 100644 --- a/tests/functions/fixtures/validate_email.xml +++ b/tests/functions/fixtures/validate_email.xml @@ -1,12 +1,14 @@
+ ban_idban_useridban_excludeban_endban_emailban_give_reason + 1 0 0 0 @@ -14,6 +16,7 @@ + 2 0 0 0 From 88d94a7c1992e43dd8300ba41352e36d3d2c6381 Mon Sep 17 00:00:00 2001 From: v12mike Date: Sun, 8 Sep 2019 14:23:09 -0400 Subject: [PATCH 40/81] [ticket/16150] Make post subject links reliable Change links that were relative to topic page into absolute links. Update related test cases. PHPBB3-16150 --- phpBB/styles/prosilver/template/mcp_topic.html | 2 +- phpBB/styles/prosilver/template/posting_review.html | 2 +- phpBB/styles/prosilver/template/posting_topic_review.html | 2 +- tests/functional/download_test.php | 2 +- tests/functional/feed_test.php | 6 +++--- tests/functional/posting_test.php | 4 ++-- tests/functional/prune_shadow_topic_test.php | 2 +- tests/functional/visibility_softdelete_test.php | 4 ++-- 8 files changed, 12 insertions(+), 12 deletions(-) diff --git a/phpBB/styles/prosilver/template/mcp_topic.html b/phpBB/styles/prosilver/template/mcp_topic.html index 090e24041e..889cab8b83 100644 --- a/phpBB/styles/prosilver/template/mcp_topic.html +++ b/phpBB/styles/prosilver/template/mcp_topic.html @@ -118,7 +118,7 @@

- + {postrow.MINI_POST} {L_POSTED} {postrow.POST_DATE} {L_POST_BY_AUTHOR} {% EVENT mcp_topic_post_author_full_prepend %}{postrow.POST_AUTHOR_FULL}{% EVENT mcp_topic_post_author_full_append %} [ {L_POST_DETAILS} ]

diff --git a/phpBB/styles/prosilver/template/posting_review.html b/phpBB/styles/prosilver/template/posting_review.html index 033a88485e..e5d285e7bf 100644 --- a/phpBB/styles/prosilver/template/posting_review.html +++ b/phpBB/styles/prosilver/template/posting_review.html @@ -13,7 +13,7 @@
-

{post_review_row.POST_SUBJECT}

+

{post_review_row.POST_SUBJECT}

{post_review_row.MINI_POST} diff --git a/phpBB/styles/prosilver/template/posting_topic_review.html b/phpBB/styles/prosilver/template/posting_topic_review.html index 8faece3447..209dadf327 100644 --- a/phpBB/styles/prosilver/template/posting_topic_review.html +++ b/phpBB/styles/prosilver/template/posting_topic_review.html @@ -24,7 +24,7 @@

-

{topic_review_row.POST_SUBJECT}

+

{topic_review_row.POST_SUBJECT}

    diff --git a/tests/functional/download_test.php b/tests/functional/download_test.php index e2f1d065be..3d4f316d72 100644 --- a/tests/functional/download_test.php +++ b/tests/functional/download_test.php @@ -55,7 +55,7 @@ class phpbb_functional_download_test extends phpbb_functional_test_case // Test creating a reply $post2 = $this->create_post($this->data['forums']['Download #1'], $post['topic_id'], 'Re: Download Topic #1-#2', 'This is a test post posted by the testing framework.', array('upload_files' => 1)); - $crawler = self::request('GET', "viewtopic.php?t={$post2['topic_id']}&sid={$this->sid}"); + $crawler = self::request('GET', "viewtopic.php?p={$post2['post_id']}&sid={$this->sid}"); $this->assertContains('Re: Download Topic #1-#2', $crawler->filter('html')->text()); $this->data['posts']['Re: Download Topic #1-#2'] = (int) $post2['post_id']; diff --git a/tests/functional/feed_test.php b/tests/functional/feed_test.php index 3792b0a23c..725a44ae5e 100644 --- a/tests/functional/feed_test.php +++ b/tests/functional/feed_test.php @@ -337,7 +337,7 @@ class phpbb_functional_feed_test extends phpbb_functional_test_case // Test creating a reply $post2 = $this->create_post($this->data['forums']['Feeds #news'], $post['topic_id'], 'Re: Feeds #news - Topic #2', 'This is a test post posted by the testing framework.'); - $crawler = self::request('GET', "viewtopic.php?t={$post2['topic_id']}&sid={$this->sid}"); + $crawler = self::request('GET', "viewtopic.php?p={$post2['post_id']}&sid={$this->sid}"); self::assertContains('Re: Feeds #news - Topic #2', $crawler->filter('html')->text()); $this->data['posts']['Re: Feeds #news - Topic #2'] = (int) $post2['post_id']; @@ -493,7 +493,7 @@ class phpbb_functional_feed_test extends phpbb_functional_test_case // Test creating a reply $post2 = $this->create_post($this->data['forums']['Feeds #1'], $post['topic_id'], 'Re: Feeds #1 - Topic #2', 'This is a test post posted by the testing framework.'); - $crawler = self::request('GET', "viewtopic.php?t={$post2['topic_id']}&sid={$this->sid}"); + $crawler = self::request('GET', "viewtopic.php?p={$post2['post_id']}&sid={$this->sid}"); self::assertContains('Re: Feeds #1 - Topic #2', $crawler->filter('html')->text()); $this->data['posts']['Re: Feeds #1 - Topic #2'] = (int) $post2['post_id']; @@ -1222,7 +1222,7 @@ class phpbb_functional_feed_test extends phpbb_functional_test_case // Test creating a reply with 1 missing attachment $post2 = $this->create_post($this->data['forums']['Feeds #1'], $this->data['topics']['Feeds #1 - Topic #3'], 'Re: Feeds #1 - Topic #3-1', 'This is a test post posted by the testing framework. [attachment=0]Attachment #0[/attachment]'); - $crawler = self::request('GET', "viewtopic.php?t={$post2['topic_id']}&sid={$this->sid}"); + $crawler = self::request('GET', "viewtopic.php?p={$post2['post_id']}&sid={$this->sid}"); self::assertContains('Re: Feeds #1 - Topic #3-1', $crawler->filter('html')->text()); $this->data['posts']['Re: Feeds #1 - Topic #3-1'] = (int) $post2['post_id']; diff --git a/tests/functional/posting_test.php b/tests/functional/posting_test.php index 764376a945..7150f20a9d 100644 --- a/tests/functional/posting_test.php +++ b/tests/functional/posting_test.php @@ -29,7 +29,7 @@ class phpbb_functional_posting_test extends phpbb_functional_test_case // Test creating a reply with bbcode $post2 = $this->create_post(2, $post['topic_id'], 'Re: Test Topic 1', 'This is a test [b]post[/b] posted by the testing framework.'); - $crawler = self::request('GET', "viewtopic.php?t={$post2['topic_id']}&sid={$this->sid}"); + $crawler = self::request('GET', "viewtopic.php?p={$post2['post_id']}&sid={$this->sid}"); $this->assertContains('This is a test post posted by the testing framework.', $crawler->filter('html')->text()); // Test quoting a message @@ -161,7 +161,7 @@ class phpbb_functional_posting_test extends phpbb_functional_test_case { $this->set_quote_depth($quote_depth); - $post = $this->create_post(2, $topic['topic_id'], 'Re: Test Topic 1', $text); + $post = $this->create_post(2, $topic['topic_id'], "Re: Test Topic 1#$quote_depth", $text); $url = "viewtopic.php?p={$post['post_id']}&sid={$this->sid}"; $crawler = self::request('GET', $url); diff --git a/tests/functional/prune_shadow_topic_test.php b/tests/functional/prune_shadow_topic_test.php index c014119b98..2bf0280d62 100644 --- a/tests/functional/prune_shadow_topic_test.php +++ b/tests/functional/prune_shadow_topic_test.php @@ -77,7 +77,7 @@ class phpbb_functional_prune_shadow_topic_test extends phpbb_functional_test_cas // Test creating a reply $post2 = $this->create_post($this->data['forums']['Prune Shadow'], $this->post['topic_id'], 'Re: Prune Shadow #1-#2', 'This is a test post posted by the testing framework.'); - $crawler = self::request('GET', "viewtopic.php?t={$post2['topic_id']}&sid={$this->sid}"); + $crawler = self::request('GET', "viewtopic.php?p={$post2['post_id']}&sid={$this->sid}"); $this->assertContains('Re: Prune Shadow #1-#2', $crawler->filter('html')->text()); $this->data['posts']['Re: Prune Shadow #1-#2'] = (int) $post2['post_id']; diff --git a/tests/functional/visibility_softdelete_test.php b/tests/functional/visibility_softdelete_test.php index 6450c00c1e..fd994361a5 100644 --- a/tests/functional/visibility_softdelete_test.php +++ b/tests/functional/visibility_softdelete_test.php @@ -97,7 +97,7 @@ class phpbb_functional_visibility_softdelete_test extends phpbb_functional_test_ // Test creating a reply $post2 = $this->create_post($this->data['forums']['Soft Delete #1'], $post['topic_id'], 'Re: Soft Delete Topic #1-#2', 'This is a test post posted by the testing framework.'); - $crawler = self::request('GET', "viewtopic.php?t={$post2['topic_id']}&sid={$this->sid}"); + $crawler = self::request('GET', "viewtopic.php?p={$post2['post_id']}&sid={$this->sid}"); $this->assertContains('Re: Soft Delete Topic #1-#2', $crawler->filter('html')->text()); $this->data['posts']['Re: Soft Delete Topic #1-#2'] = (int) $post2['post_id']; @@ -114,7 +114,7 @@ class phpbb_functional_visibility_softdelete_test extends phpbb_functional_test_ // Test creating another reply $post3 = $this->create_post($this->data['forums']['Soft Delete #1'], $post['topic_id'], 'Re: Soft Delete Topic #1-#3', 'This is another test post posted by the testing framework.'); - $crawler = self::request('GET', "viewtopic.php?t={$post3['topic_id']}&sid={$this->sid}"); + $crawler = self::request('GET', "viewtopic.php?p={$post3['post_id']}&sid={$this->sid}"); $this->assertContains('Re: Soft Delete Topic #1-#3', $crawler->filter('html')->text()); $this->data['posts']['Re: Soft Delete Topic #1-#3'] = (int) $post3['post_id']; From 6757450a0ffa5d59632c1294ed2b2cabe3f7a29b Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Sun, 8 Sep 2019 21:42:02 +0200 Subject: [PATCH 41/81] [prep-release-3.2.8] Update CREDITS.txt --- phpBB/docs/CREDITS.txt | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/phpBB/docs/CREDITS.txt b/phpBB/docs/CREDITS.txt index 90e9a31127..596f4545fa 100644 --- a/phpBB/docs/CREDITS.txt +++ b/phpBB/docs/CREDITS.txt @@ -1,7 +1,7 @@ /** * -* phpBB © Copyright phpBB Limited 2003-2016 -* http://www.phpbb.com +* phpBB © Copyright phpBB Limited 2003-2019 +* https://www.phpbb.com * * phpBB is free software. You can redistribute it and/or modify it * under the terms of the GNU General Public License, version 2 (GPL-2.0) @@ -27,7 +27,6 @@ phpBB Developers: bantu (Andreas Fischer) Derky (Derk Ruitenbeek) Elsensee (Oliver Schramm) Hanakin (Michael Miday) - MichaelC (Michael Cullum) Nicofuma (Tristan Darricau) rubencm (Rubén Calvo) @@ -63,6 +62,7 @@ phpBB Developers: A_Jelly_Doughnut (Josh Woody) [01/2010 - 11/2010] igorw (Igor Wiedler) [08/2010 - 02/2013] imkingdavid (David King) [11/2012 - 06/2014] kellanved (Henry Sudhof) [04/2007 - 03/2011] + MichaelC (Michael Cullum) [11/2017 - 09/2019] nickvergessen (Joas Schilling)[04/2010 - 12/2015] Oleg (Oleg Pudeyev) [01/2011 - 05/2013] prototech (Cesar Gallegos) [01/2014 - 12/2016] From ae00da85ec4cbea187957d282932cd9135ca722e Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Sun, 8 Sep 2019 21:50:46 +0200 Subject: [PATCH 42/81] [prep-release-3.2.8] Update changelog for 3.2.8 --- phpBB/docs/CHANGELOG.html | 28 +++++++++++++++++++++++++++- 1 file changed, 27 insertions(+), 1 deletion(-) diff --git a/phpBB/docs/CHANGELOG.html b/phpBB/docs/CHANGELOG.html index dc68e62f49..06cdb37b56 100644 --- a/phpBB/docs/CHANGELOG.html +++ b/phpBB/docs/CHANGELOG.html @@ -50,6 +50,7 @@
    1. Changelog
        +
      • Changes since 3.2.8-RC1
      • Changes since 3.2.7
      • Changes since 3.2.6
      • Changes since 3.2.6-RC1
        • @@ -139,6 +140,28 @@
        +

        Changes since 3.2.8-RC1

        +

        Bug

        +
          +
        • [PHPBB3-15467] - Permission settings do not take affect when set using All YES/NO/NEVER
          • +
        • [PHPBB3-16123] - PHP error (Array to string conversion) on new user registration if email address is banned and " Reason shown to the banned" is empty
          • +
        • [PHPBB3-16136] - Missing word in 'AUTH_PROVIDER_OAUTH_ERROR_ALREADY_LINKED'
          • +
        +

        Improvement

        +
          +
        • [PHPBB3-16134] - Exclude group leaders on group member purge
          • +
        +

        Security Issue

        +
          +
        • [SECURITY-243] - CSS injection via BBCode tag
          • +
        • [SECURITY-244] - Missing form token check when handling attachments
          • +
        • [SECURITY-246] - Missing form token check when managing BBCodes
          • +
        +

        Hardening

        +
          +
        • [SECURITY-247] - Disable MySQLi local infile to prevent local file inclusion
          • +
        +

        Changes since 3.2.7

        Bug

        +

        Hardening

        +

        Changes since 3.2.6

        Bug

        From 08842e6ba505b162573dff8b942bd7bd832e938a Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Sun, 8 Sep 2019 21:52:42 +0200 Subject: [PATCH 43/81] [prep-release-3.2.8] Update version numbers for 3.2.8 release --- build/build.xml | 4 ++-- phpBB/includes/constants.php | 2 +- phpBB/install/phpbbcli.php | 2 +- phpBB/install/schemas/schema_data.sql | 2 +- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/build/build.xml b/build/build.xml index 264ebb7b03..a5a859b1ae 100644 --- a/build/build.xml +++ b/build/build.xml @@ -2,9 +2,9 @@ - + - + diff --git a/phpBB/includes/constants.php b/phpBB/includes/constants.php index fedd297895..99576b8ce6 100644 --- a/phpBB/includes/constants.php +++ b/phpBB/includes/constants.php @@ -28,7 +28,7 @@ if (!defined('IN_PHPBB')) */ // phpBB Version -@define('PHPBB_VERSION', '3.2.8-RC1'); +@define('PHPBB_VERSION', '3.2.8'); // QA-related // define('PHPBB_QA', 1); diff --git a/phpBB/install/phpbbcli.php b/phpBB/install/phpbbcli.php index 7659b13f56..ddf17fa5f6 100755 --- a/phpBB/install/phpbbcli.php +++ b/phpBB/install/phpbbcli.php @@ -23,7 +23,7 @@ if (php_sapi_name() !== 'cli') define('IN_PHPBB', true); define('IN_INSTALL', true); define('PHPBB_ENVIRONMENT', 'production'); -define('PHPBB_VERSION', '3.2.8-RC1'); +define('PHPBB_VERSION', '3.2.8'); $phpbb_root_path = __DIR__ . '/../'; $phpEx = substr(strrchr(__FILE__, '.'), 1); diff --git a/phpBB/install/schemas/schema_data.sql b/phpBB/install/schemas/schema_data.sql index f1783f4a0f..4ed328f4e3 100644 --- a/phpBB/install/schemas/schema_data.sql +++ b/phpBB/install/schemas/schema_data.sql @@ -279,7 +279,7 @@ INSERT INTO phpbb_config (config_name, config_value) VALUES ('tpl_allow_php', '0 INSERT INTO phpbb_config (config_name, config_value) VALUES ('upload_icons_path', 'images/upload_icons'); INSERT INTO phpbb_config (config_name, config_value) VALUES ('upload_path', 'files'); INSERT INTO phpbb_config (config_name, config_value) VALUES ('use_system_cron', '0'); -INSERT INTO phpbb_config (config_name, config_value) VALUES ('version', '3.2.8-RC1'); +INSERT INTO phpbb_config (config_name, config_value) VALUES ('version', '3.2.8'); INSERT INTO phpbb_config (config_name, config_value) VALUES ('warnings_expire_days', '90'); INSERT INTO phpbb_config (config_name, config_value) VALUES ('warnings_gc', '14400'); From b94464d06382a4b379d9dcd52f1bee757a4a0500 Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Sun, 8 Sep 2019 21:53:52 +0200 Subject: [PATCH 44/81] [prep-release-3.2.8] Add migration for 3.2.8 --- phpBB/phpbb/db/migration/data/v32x/v328.php | 36 +++++++++++++++++++++ 1 file changed, 36 insertions(+) create mode 100644 phpBB/phpbb/db/migration/data/v32x/v328.php diff --git a/phpBB/phpbb/db/migration/data/v32x/v328.php b/phpBB/phpbb/db/migration/data/v32x/v328.php new file mode 100644 index 0000000000..28ff2c7033 --- /dev/null +++ b/phpBB/phpbb/db/migration/data/v32x/v328.php @@ -0,0 +1,36 @@ + +* @license GNU General Public License, version 2 (GPL-2.0) +* +* For full copyright and license information, please see +* the docs/CREDITS.txt file. +* +*/ + +namespace phpbb\db\migration\data\v32x; + +class v328 extends \phpbb\db\migration\migration +{ + public function effectively_installed() + { + return phpbb_version_compare($this->config['version'], '3.2.8', '>='); + } + + static public function depends_on() + { + return array( + '\phpbb\db\migration\data\v32x\v328rc1', + ); + } + + public function update_data() + { + return array( + array('config.update', array('version', '3.2.8')), + ); + } +} From 177cc226832b7a96be338b0eee71cd61746d8a02 Mon Sep 17 00:00:00 2001 From: rxu Date: Fri, 13 Sep 2019 00:25:18 +0700 Subject: [PATCH 45/81] [ticket/16157] Fix FORM_INVALID error in the sending email form PHPBB3-16157 --- phpBB/phpbb/message/form.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/phpBB/phpbb/message/form.php b/phpBB/phpbb/message/form.php index 63bada91ff..6573a04f8b 100644 --- a/phpBB/phpbb/message/form.php +++ b/phpBB/phpbb/message/form.php @@ -136,7 +136,7 @@ abstract class form { if (!check_form_key('memberlist_email')) { - $this->errors[] = 'FORM_INVALID'; + $this->errors[] = $this->user->lang('FORM_INVALID'); } if (!count($this->errors)) From 2ef75308575d8da66ebb509e904f6de5f534342e Mon Sep 17 00:00:00 2001 From: rxu Date: Fri, 13 Sep 2019 00:30:58 +0700 Subject: [PATCH 46/81] [ticket/16156] Fix bots seeing register and logout links PHPBB3-16156 --- phpBB/styles/prosilver/template/navbar_header.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/phpBB/styles/prosilver/template/navbar_header.html b/phpBB/styles/prosilver/template/navbar_header.html index dc29285922..d34123adfc 100644 --- a/phpBB/styles/prosilver/template/navbar_header.html +++ b/phpBB/styles/prosilver/template/navbar_header.html @@ -160,7 +160,7 @@ - +
      • {L_LOGIN_LOGOUT} From ce93b224107a65b43253c36812b636321eb55a78 Mon Sep 17 00:00:00 2001 From: stevendegroote Date: Tue, 17 Sep 2019 23:01:59 +0200 Subject: [PATCH 47/81] [ticket/16159] Wrap post times in html time tag PHPBB3-16159 --- phpBB/includes/functions_display.php | 4 +++- phpBB/search.php | 3 +++ phpBB/styles/prosilver/template/forumlist_body.html | 2 +- phpBB/styles/prosilver/template/search_results.html | 6 +++--- phpBB/styles/prosilver/template/viewforum_body.html | 6 +++--- phpBB/styles/prosilver/template/viewtopic_body.html | 2 +- phpBB/viewforum.php | 3 +++ phpBB/viewtopic.php | 1 + 8 files changed, 18 insertions(+), 9 deletions(-) diff --git a/phpBB/includes/functions_display.php b/phpBB/includes/functions_display.php index 32bee14eef..e5d6d683fe 100644 --- a/phpBB/includes/functions_display.php +++ b/phpBB/includes/functions_display.php @@ -547,11 +547,12 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod $last_post_subject = $last_post_subject_truncated = ''; } $last_post_time = $user->format_date($row['forum_last_post_time']); + $last_post_time_rfc3339 = gmdate("Y-m-d H:i:sP", $row['forum_last_post_time']); $last_post_url = append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'f=' . $row['forum_id_last_post'] . '&p=' . $row['forum_last_post_id']) . '#p' . $row['forum_last_post_id']; } else { - $last_post_subject = $last_post_time = $last_post_url = $last_post_subject_truncated = ''; + $last_post_subject = $last_post_time = $last_post_time_rfc3339 = $last_post_url = $last_post_subject_truncated = ''; } // Output moderator listing ... if applicable @@ -622,6 +623,7 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod 'LAST_POST_SUBJECT' => $last_post_subject, 'LAST_POST_SUBJECT_TRUNCATED' => $last_post_subject_truncated, 'LAST_POST_TIME' => $last_post_time, + 'LAST_POST_TIME_RFC3339'=> $last_post_time_rfc3339, 'LAST_POSTER' => get_username_string('username', $row['forum_last_poster_id'], $row['forum_last_poster_name'], $row['forum_last_poster_colour']), 'LAST_POSTER_COLOUR' => get_username_string('colour', $row['forum_last_poster_id'], $row['forum_last_poster_name'], $row['forum_last_poster_colour']), 'LAST_POSTER_FULL' => get_username_string('full', $row['forum_last_poster_id'], $row['forum_last_poster_name'], $row['forum_last_poster_colour']), diff --git a/phpBB/search.php b/phpBB/search.php index 0d9b2bbfe8..f3988d7d04 100644 --- a/phpBB/search.php +++ b/phpBB/search.php @@ -1073,9 +1073,12 @@ if ($keywords || $author || $author_id || $search_id || $submit) 'TOPIC_AUTHOR_COLOUR' => get_username_string('colour', $row['topic_poster'], $row['topic_first_poster_name'], $row['topic_first_poster_colour']), 'TOPIC_AUTHOR_FULL' => get_username_string('full', $row['topic_poster'], $row['topic_first_poster_name'], $row['topic_first_poster_colour']), 'FIRST_POST_TIME' => $user->format_date($row['topic_time']), + 'FIRST_POST_TIME_RFC3339' => gmdate("Y-m-d H:i:sP", $row['topic_time']), 'LAST_POST_SUBJECT' => $row['topic_last_post_subject'], 'LAST_POST_TIME' => $user->format_date($row['topic_last_post_time']), + 'LAST_POST_TIME_RFC3339' => gmdate("Y-m-d H:i:sP", $row['topic_last_post_time']), 'LAST_VIEW_TIME' => $user->format_date($row['topic_last_view_time']), + 'LAST_VIEW_TIME_RFC3339' => gmdate("Y-m-d H:i:sP", $row['topic_last_view_time']), 'LAST_POST_AUTHOR' => get_username_string('username', $row['topic_last_poster_id'], $row['topic_last_poster_name'], $row['topic_last_poster_colour']), 'LAST_POST_AUTHOR_COLOUR' => get_username_string('colour', $row['topic_last_poster_id'], $row['topic_last_poster_name'], $row['topic_last_poster_colour']), 'LAST_POST_AUTHOR_FULL' => get_username_string('full', $row['topic_last_poster_id'], $row['topic_last_poster_name'], $row['topic_last_poster_colour']), diff --git a/phpBB/styles/prosilver/template/forumlist_body.html b/phpBB/styles/prosilver/template/forumlist_body.html index 621e226260..c1a1445483 100644 --- a/phpBB/styles/prosilver/template/forumlist_body.html +++ b/phpBB/styles/prosilver/template/forumlist_body.html @@ -97,7 +97,7 @@ {L_VIEW_LATEST_POST} -
        {forumrow.LAST_POST_TIME} +
        {L_NO_POSTS}
          diff --git a/phpBB/styles/prosilver/template/search_results.html b/phpBB/styles/prosilver/template/search_results.html index 6bc5c72a87..3e1be4d4cb 100644 --- a/phpBB/styles/prosilver/template/search_results.html +++ b/phpBB/styles/prosilver/template/search_results.html @@ -108,7 +108,7 @@ @@ -117,7 +117,7 @@
        - {L_POST_BY_AUTHOR} {searchresults.TOPIC_AUTHOR_FULL} » {searchresults.FIRST_POST_TIME} » {L_IN} {searchresults.FORUM_TITLE} + {L_POST_BY_AUTHOR} {searchresults.TOPIC_AUTHOR_FULL} » » {L_IN} {searchresults.FORUM_TITLE}
        @@ -148,7 +148,7 @@ {VIEW_LATEST_POST} -
        {searchresults.LAST_POST_TIME} +
        diff --git a/phpBB/styles/prosilver/template/viewforum_body.html b/phpBB/styles/prosilver/template/viewforum_body.html index 16d972056d..b7093cbac5 100644 --- a/phpBB/styles/prosilver/template/viewforum_body.html +++ b/phpBB/styles/prosilver/template/viewforum_body.html @@ -186,7 +186,7 @@ @@ -197,7 +197,7 @@
        - {L_POST_BY_AUTHOR} {topicrow.TOPIC_AUTHOR_FULL} » {topicrow.FIRST_POST_TIME} + {L_POST_BY_AUTHOR} {topicrow.TOPIC_AUTHOR_FULL} » » {L_IN} {topicrow.FORUM_NAME}
        @@ -229,7 +229,7 @@ {VIEW_LATEST_POST} -
        {topicrow.LAST_POST_TIME} +
        diff --git a/phpBB/styles/prosilver/template/viewtopic_body.html b/phpBB/styles/prosilver/template/viewtopic_body.html index 40249f24eb..0de641c985 100644 --- a/phpBB/styles/prosilver/template/viewtopic_body.html +++ b/phpBB/styles/prosilver/template/viewtopic_body.html @@ -289,7 +289,7 @@ {postrow.MINI_POST} - {L_POST_BY_AUTHOR} {postrow.POST_AUTHOR_FULL} » {postrow.POST_DATE} + {L_POST_BY_AUTHOR} {postrow.POST_AUTHOR_FULL} »

        diff --git a/phpBB/viewforum.php b/phpBB/viewforum.php index 9cc75988f7..94309afc5a 100644 --- a/phpBB/viewforum.php +++ b/phpBB/viewforum.php @@ -892,9 +892,12 @@ if (sizeof($topic_list)) 'TOPIC_AUTHOR_COLOUR' => get_username_string('colour', $row['topic_poster'], $row['topic_first_poster_name'], $row['topic_first_poster_colour']), 'TOPIC_AUTHOR_FULL' => get_username_string('full', $row['topic_poster'], $row['topic_first_poster_name'], $row['topic_first_poster_colour']), 'FIRST_POST_TIME' => $user->format_date($row['topic_time']), + 'FIRST_POST_TIME_RFC3339' => gmdate("Y-m-d H:i:sP", $row['topic_time']), 'LAST_POST_SUBJECT' => censor_text($row['topic_last_post_subject']), 'LAST_POST_TIME' => $user->format_date($row['topic_last_post_time']), + 'LAST_POST_TIME_RFC3339' => gmdate("Y-m-d H:i:sP", $row['topic_last_post_time']), 'LAST_VIEW_TIME' => $user->format_date($row['topic_last_view_time']), + 'LAST_VIEW_TIME_RFC3339' => gmdate("Y-m-d H:i:sP", $row['topic_last_view_time']), 'LAST_POST_AUTHOR' => get_username_string('username', $row['topic_last_poster_id'], $row['topic_last_poster_name'], $row['topic_last_poster_colour']), 'LAST_POST_AUTHOR_COLOUR' => get_username_string('colour', $row['topic_last_poster_id'], $row['topic_last_poster_name'], $row['topic_last_poster_colour']), 'LAST_POST_AUTHOR_FULL' => get_username_string('full', $row['topic_last_poster_id'], $row['topic_last_poster_name'], $row['topic_last_poster_colour']), diff --git a/phpBB/viewtopic.php b/phpBB/viewtopic.php index c94675a741..a1dc60955c 100644 --- a/phpBB/viewtopic.php +++ b/phpBB/viewtopic.php @@ -1934,6 +1934,7 @@ for ($i = 0, $end = sizeof($post_list); $i < $end; ++$i) 'CONTACT_USER' => $user_cache[$poster_id]['contact_user'], 'POST_DATE' => $user->format_date($row['post_time'], false, ($view == 'print') ? true : false), + 'POST_DATE_RFC3339' => gmdate("Y-m-d H:i:sP", $row['post_time']), 'POST_SUBJECT' => $row['post_subject'], 'MESSAGE' => $message, 'SIGNATURE' => ($row['enable_sig']) ? $user_cache[$poster_id]['sig'] : '', From 8160a8a1efe06de06a199be5c7e8262e0c199873 Mon Sep 17 00:00:00 2001 From: stevendegroote Date: Wed, 18 Sep 2019 20:58:13 +0200 Subject: [PATCH 48/81] [ticket/16159] Use predefined DATE_RFC3339 PHPBB3-16159 --- phpBB/includes/functions_display.php | 2 +- phpBB/search.php | 6 +++--- phpBB/viewforum.php | 6 +++--- phpBB/viewtopic.php | 2 +- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/phpBB/includes/functions_display.php b/phpBB/includes/functions_display.php index d0a0c97c4e..f8c882e771 100644 --- a/phpBB/includes/functions_display.php +++ b/phpBB/includes/functions_display.php @@ -547,7 +547,7 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod $last_post_subject = $last_post_subject_truncated = ''; } $last_post_time = $user->format_date($row['forum_last_post_time']); - $last_post_time_rfc3339 = gmdate("Y-m-d H:i:sP", $row['forum_last_post_time']); + $last_post_time_rfc3339 = gmdate(DATE_RFC3339, $row['forum_last_post_time']); $last_post_url = append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'f=' . $row['forum_id_last_post'] . '&p=' . $row['forum_last_post_id']) . '#p' . $row['forum_last_post_id']; } else diff --git a/phpBB/search.php b/phpBB/search.php index 791e5cc448..64f6041371 100644 --- a/phpBB/search.php +++ b/phpBB/search.php @@ -1093,12 +1093,12 @@ if ($keywords || $author || $author_id || $search_id || $submit) 'TOPIC_AUTHOR_COLOUR' => get_username_string('colour', $row['topic_poster'], $row['topic_first_poster_name'], $row['topic_first_poster_colour']), 'TOPIC_AUTHOR_FULL' => get_username_string('full', $row['topic_poster'], $row['topic_first_poster_name'], $row['topic_first_poster_colour']), 'FIRST_POST_TIME' => $user->format_date($row['topic_time']), - 'FIRST_POST_TIME_RFC3339' => gmdate("Y-m-d H:i:sP", $row['topic_time']), + 'FIRST_POST_TIME_RFC3339' => gmdate(DATE_RFC3339, $row['topic_time']), 'LAST_POST_SUBJECT' => $row['topic_last_post_subject'], 'LAST_POST_TIME' => $user->format_date($row['topic_last_post_time']), - 'LAST_POST_TIME_RFC3339' => gmdate("Y-m-d H:i:sP", $row['topic_last_post_time']), + 'LAST_POST_TIME_RFC3339' => gmdate(DATE_RFC3339, $row['topic_last_post_time']), 'LAST_VIEW_TIME' => $user->format_date($row['topic_last_view_time']), - 'LAST_VIEW_TIME_RFC3339' => gmdate("Y-m-d H:i:sP", $row['topic_last_view_time']), + 'LAST_VIEW_TIME_RFC3339' => gmdate(DATE_RFC3339, $row['topic_last_view_time']), 'LAST_POST_AUTHOR' => get_username_string('username', $row['topic_last_poster_id'], $row['topic_last_poster_name'], $row['topic_last_poster_colour']), 'LAST_POST_AUTHOR_COLOUR' => get_username_string('colour', $row['topic_last_poster_id'], $row['topic_last_poster_name'], $row['topic_last_poster_colour']), 'LAST_POST_AUTHOR_FULL' => get_username_string('full', $row['topic_last_poster_id'], $row['topic_last_poster_name'], $row['topic_last_poster_colour']), diff --git a/phpBB/viewforum.php b/phpBB/viewforum.php index a77c08cdd0..0a5484cdf2 100644 --- a/phpBB/viewforum.php +++ b/phpBB/viewforum.php @@ -933,12 +933,12 @@ if (count($topic_list)) 'TOPIC_AUTHOR_COLOUR' => get_username_string('colour', $row['topic_poster'], $row['topic_first_poster_name'], $row['topic_first_poster_colour']), 'TOPIC_AUTHOR_FULL' => get_username_string('full', $row['topic_poster'], $row['topic_first_poster_name'], $row['topic_first_poster_colour']), 'FIRST_POST_TIME' => $user->format_date($row['topic_time']), - 'FIRST_POST_TIME_RFC3339' => gmdate("Y-m-d H:i:sP", $row['topic_time']), + 'FIRST_POST_TIME_RFC3339' => gmdate(DATE_RFC3339, $row['topic_time']), 'LAST_POST_SUBJECT' => censor_text($row['topic_last_post_subject']), 'LAST_POST_TIME' => $user->format_date($row['topic_last_post_time']), - 'LAST_POST_TIME_RFC3339' => gmdate("Y-m-d H:i:sP", $row['topic_last_post_time']), + 'LAST_POST_TIME_RFC3339' => gmdate(DATE_RFC3339, $row['topic_last_post_time']), 'LAST_VIEW_TIME' => $user->format_date($row['topic_last_view_time']), - 'LAST_VIEW_TIME_RFC3339' => gmdate("Y-m-d H:i:sP", $row['topic_last_view_time']), + 'LAST_VIEW_TIME_RFC3339' => gmdate(DATE_RFC3339, $row['topic_last_view_time']), 'LAST_POST_AUTHOR' => get_username_string('username', $row['topic_last_poster_id'], $row['topic_last_poster_name'], $row['topic_last_poster_colour']), 'LAST_POST_AUTHOR_COLOUR' => get_username_string('colour', $row['topic_last_poster_id'], $row['topic_last_poster_name'], $row['topic_last_poster_colour']), 'LAST_POST_AUTHOR_FULL' => get_username_string('full', $row['topic_last_poster_id'], $row['topic_last_poster_name'], $row['topic_last_poster_colour']), diff --git a/phpBB/viewtopic.php b/phpBB/viewtopic.php index e49959b3b5..dadbe9a06c 100644 --- a/phpBB/viewtopic.php +++ b/phpBB/viewtopic.php @@ -2044,7 +2044,7 @@ for ($i = 0, $end = count($post_list); $i < $end; ++$i) 'CONTACT_USER' => $user_cache[$poster_id]['contact_user'], 'POST_DATE' => $user->format_date($row['post_time'], false, ($view == 'print') ? true : false), - 'POST_DATE_RFC3339' => gmdate("Y-m-d H:i:sP", $row['post_time']), + 'POST_DATE_RFC3339' => gmdate(DATE_RFC3339, $row['post_time']), 'POST_SUBJECT' => $row['post_subject'], 'MESSAGE' => $message, 'SIGNATURE' => ($row['enable_sig']) ? $user_cache[$poster_id]['sig'] : '', From 28ff362ec07b2d9fcef142460a34c999ee1d452a Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Wed, 18 Sep 2019 21:47:06 +0200 Subject: [PATCH 49/81] [ticket/16160] Add script for generating package json file PHPBB3-16160 --- build/generate_package_json.php | 128 ++++++++++++++++++++++++++++++++ 1 file changed, 128 insertions(+) create mode 100644 build/generate_package_json.php diff --git a/build/generate_package_json.php b/build/generate_package_json.php new file mode 100644 index 0000000000..ed9341fa14 --- /dev/null +++ b/build/generate_package_json.php @@ -0,0 +1,128 @@ +#!/usr/bin/env php + + * @license GNU General Public License, version 2 (GPL-2.0) + * + * For full copyright and license information, please see + * the docs/CREDITS.txt file. + * + */ + +if (version_compare(PHP_VERSION, '7.0-dev', '<')) +{ + die('generate_package_json.php requires at least PHP 7.0.'); +} + +define('IN_PHPBB', true); +include_once('../phpBB/includes/functions.php'); + +$json_data = new \stdClass(); +$json_data->metadata = new class +{ + public $current_version_date; + public $current_version; + public $download_path; + public $show_update_package = true; + public $historic = false; +}; + +$json_data->package = []; + +// Open build.xml +$build_xml = simplexml_load_file('build.xml'); +$current_version = (string) $build_xml->xpath('/project/property[@name=\'newversion\']/@value')[0]->value; +$previous_version = (string) $build_xml->xpath('/project/property[@name=\'prevversion\']/@value')[0]->value; +$older_verions = explode(', ', (string) $build_xml->xpath('/project/property[@name=\'olderversions\']/@value')[0]->value); + +// Clean and sort version info +$older_verions[] = $previous_version; +$older_verions = array_filter($older_verions, function($version) { + preg_match(get_preg_expression('semantic_version'), $version, $matches); + return empty($matches['prerelease']) || strpos($matches['prerelease'], 'pl') !== false; +}); +usort($older_verions, function($version_a, $version_b) +{ + return phpbb_version_compare($version_b, $version_a); +}); + +// Set metadata +$json_data->metadata->current_version = $current_version; +$json_data->metadata->current_version_date = date('Y-m-d'); +$json_data->metadata->download_path = 'https://download.phpbb.com/pub/release/' . preg_replace('#([0-9]+\.[0-9]+)(\..+)#', '$1', $current_version) . '/' . $current_version; + +// Add package, patch files, and changed files +phpbb_add_package_file( + $json_data->package, + 'phpBB ' . $current_version, + 'phpBB-' . $current_version, + 'full', + '' +); +phpbb_add_package_file( + $json_data->package, + 'phpBB ' . $current_version . ' Patch Files', + 'phpBB-' . $current_version . '-patch', + 'update', + 'patch' +); +phpbb_add_package_file( + $json_data->package, + 'phpBB ' . $current_version . ' Changed Files', + 'phpBB-' . $current_version . '-files', + 'update', + 'files' +); + +// Loop through packages and assign to packages array +foreach ($older_verions as $version) +{ + phpbb_add_package_file( + $json_data->package, + 'phpBB ' . $version . ' to ' . $current_version . ' Update Package', + 'phpBB-' . $version . '_to_' . $current_version, + 'update', + 'update', + $version + ); +} + +echo(json_encode($json_data, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES) . "\n"); + +function phpbb_add_package_file(array &$package_list, string $name, string $file_name, string $type, string $subtype, string $from = '') +{ + if (!file_exists(__DIR__ . '/new_version/release_files/' . $file_name . '.zip')) + { + trigger_error('File does not exist: ' . __DIR__ . '/new_version/release_files/' . $file_name . '.zip'); + return; + } + + $package_file = new stdClass(); + $package_file->name = $name; + $package_file->filename = $file_name; + $package_file->type = $type; + if (!empty($subtype)) + { + $package_file->subtype = $subtype; + } + if (!empty($from)) + { + $package_file->from = $from; + } + $package_file->files = []; + + foreach (['zip', 'tar.bz2'] as $extension) + { + $file_path = 'new_version/release_files/' . $file_name . '.' . $extension; + $filedata = new stdClass(); + $filedata->filesize = filesize($file_path); + $filedata->checksum = trim(preg_replace('/(^\w+)(.+)/', '$1', file_get_contents($file_path . '.sha256'))); + $filedata->filetype = $extension; + $package_file->files[] = $filedata; + } + + $package_list[] = $package_file; +} From d1822e821a1d6a958f2e2eef02b9ab63d805e708 Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Thu, 19 Sep 2019 21:56:41 +0200 Subject: [PATCH 50/81] [ticket/16160] Make script compatible with PHP 5.x PHPBB3-16160 --- build/generate_package_json.php | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) diff --git a/build/generate_package_json.php b/build/generate_package_json.php index ed9341fa14..b880008577 100644 --- a/build/generate_package_json.php +++ b/build/generate_package_json.php @@ -21,14 +21,13 @@ define('IN_PHPBB', true); include_once('../phpBB/includes/functions.php'); $json_data = new \stdClass(); -$json_data->metadata = new class -{ - public $current_version_date; - public $current_version; - public $download_path; - public $show_update_package = true; - public $historic = false; -}; +$json_data->metadata = new stdClass(); + +$json_data->metadata->current_version_date = ''; +$json_data->metadata->current_version = ''; +$json_data->metadata->download_path = ''; +$json_data->metadata->show_update_package = true; +$json_data->metadata->historic = false; $json_data->package = []; @@ -92,7 +91,7 @@ foreach ($older_verions as $version) echo(json_encode($json_data, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES) . "\n"); -function phpbb_add_package_file(array &$package_list, string $name, string $file_name, string $type, string $subtype, string $from = '') +function phpbb_add_package_file(array &$package_list, $name, $file_name, $type, $subtype, $from = '') { if (!file_exists(__DIR__ . '/new_version/release_files/' . $file_name . '.zip')) { From 4e285db71a997d3df12edf6cc6d2acd248e68fef Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Sat, 21 Sep 2019 07:51:35 +0200 Subject: [PATCH 51/81] [ticket/16160] Add missing trailing slash PHPBB3-16160 --- build/generate_package_json.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build/generate_package_json.php b/build/generate_package_json.php index b880008577..152f38958a 100644 --- a/build/generate_package_json.php +++ b/build/generate_package_json.php @@ -51,7 +51,7 @@ usort($older_verions, function($version_a, $version_b) // Set metadata $json_data->metadata->current_version = $current_version; $json_data->metadata->current_version_date = date('Y-m-d'); -$json_data->metadata->download_path = 'https://download.phpbb.com/pub/release/' . preg_replace('#([0-9]+\.[0-9]+)(\..+)#', '$1', $current_version) . '/' . $current_version; +$json_data->metadata->download_path = 'https://download.phpbb.com/pub/release/' . preg_replace('#([0-9]+\.[0-9]+)(\..+)#', '$1', $current_version) . '/' . $current_version . '/'; // Add package, patch files, and changed files phpbb_add_package_file( From 813a55b01d5a81559d8b2d8fab45a4c6157a222a Mon Sep 17 00:00:00 2001 From: 3D-I <480857+3D-I@users.noreply.github.com> Date: Sun, 22 Sep 2019 05:58:59 +0200 Subject: [PATCH 52/81] [ticket/16161] Enable BBcodes without closing tag PHPBB3-16161 --- phpBB/includes/acp/acp_bbcodes.php | 5 ----- phpBB/language/en/acp/posting.php | 1 - 2 files changed, 6 deletions(-) diff --git a/phpBB/includes/acp/acp_bbcodes.php b/phpBB/includes/acp/acp_bbcodes.php index 56079061ce..bd8df6a63b 100644 --- a/phpBB/includes/acp/acp_bbcodes.php +++ b/phpBB/includes/acp/acp_bbcodes.php @@ -211,11 +211,6 @@ class acp_bbcodes $test = $data['bbcode_tag']; } - if (!preg_match('%\\[' . $test . '[^]]*].*?\\[/' . $test . ']%s', $bbcode_match)) - { - trigger_error($user->lang['BBCODE_OPEN_ENDED_TAG'] . adm_back_link($this->u_action), E_USER_WARNING); - } - if (strlen($data['bbcode_tag']) > 16) { trigger_error($user->lang['BBCODE_TAG_TOO_LONG'] . adm_back_link($this->u_action), E_USER_WARNING); diff --git a/phpBB/language/en/acp/posting.php b/phpBB/language/en/acp/posting.php index 119ad2d7e9..823f0e8471 100644 --- a/phpBB/language/en/acp/posting.php +++ b/phpBB/language/en/acp/posting.php @@ -56,7 +56,6 @@ $lang = array_merge($lang, array( 'BBCODE_INVALID_TAG_NAME' => 'The BBCode tag name that you selected already exists.', 'BBCODE_INVALID' => 'Your BBCode is constructed in an invalid form.', - 'BBCODE_OPEN_ENDED_TAG' => 'Your custom BBCode must contain both an opening and a closing tag.', 'BBCODE_TAG' => 'Tag', 'BBCODE_TAG_TOO_LONG' => 'The tag name you selected is too long.', 'BBCODE_TAG_DEF_TOO_LONG' => 'The tag definition that you have entered is too long, please shorten your tag definition.', From c9284e1c687c4a76d6b8503f980eecc21bc35939 Mon Sep 17 00:00:00 2001 From: mrgoldy Date: Sun, 22 Sep 2019 12:04:10 +0200 Subject: [PATCH 53/81] [ticket/16076] camelCase and callback PHPBB3-16076 --- phpBB/assets/javascript/plupload.js | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/phpBB/assets/javascript/plupload.js b/phpBB/assets/javascript/plupload.js index ab6d0d7e88..f82da1acb1 100644 --- a/phpBB/assets/javascript/plupload.js +++ b/phpBB/assets/javascript/plupload.js @@ -449,13 +449,13 @@ phpbb.plupload.initialize(); /** * Add a file filter to check for max file sizes per mime type. */ -plupload.addFileFilter('mime_types_max_file_size', function(types, file, cb) { +plupload.addFileFilter('mime_types_max_file_size', function(types, file, callback) { if (file.size !== 'undefined') { $(types).each(function(i, type) { let extensions = [], - exts_array = type.extensions.split(','); + extsArray = type.extensions.split(','); - $(exts_array).each(function(i, extension) { + $(extsArray).each(function(i, extension) { /^\s*\*\s*$/.test(extension) ? extensions.push("\\.*") : extensions.push("\\." + extension.replace(new RegExp("[" + "/^$.*+?|()[]{}\\".replace(/./g, "\\$&") + "]", "g"), "\\$&")); }); @@ -470,12 +470,12 @@ plupload.addFileFilter('mime_types_max_file_size', function(types, file, cb) { file: file }); - cb(false); + callback(false); } else { - cb(true); + callback(true); } } else { - cb(true); + callback(true); } return false; From 942bfd65065e753cc602cce4976c7076aba4e7cb Mon Sep 17 00:00:00 2001 From: 3D-I <480857+3D-I@users.noreply.github.com> Date: Sun, 22 Sep 2019 20:10:53 +0200 Subject: [PATCH 54/81] [ticket/16144] As per request PHPBB3-16144 --- phpBB/phpbb/user.php | 15 +++++---------- 1 file changed, 5 insertions(+), 10 deletions(-) diff --git a/phpBB/phpbb/user.php b/phpBB/phpbb/user.php index 8e2b278650..e6e8e7f167 100644 --- a/phpBB/phpbb/user.php +++ b/phpBB/phpbb/user.php @@ -281,13 +281,10 @@ class user extends \phpbb\session $db->sql_freeresult($result); } - /** - * Something went very bad this time. - * Fallback to board's default style upon its strict verification. - */ + // Fallback to board's default style if (!$this->style) { - /** Verify default style exists in the database */ + // Verify default style exists in the database $sql = 'SELECT style_id FROM ' . STYLES_TABLE . ' WHERE style_id = ' . (int) $config['default_style']; @@ -295,13 +292,11 @@ class user extends \phpbb\session $style_id = (int) $db->sql_fetchfield('style_id'); $db->sql_freeresult($result); - $style_id = $style_id ?: false; - if ($style_id > 0) { $db->sql_transaction('begin'); - /** Update $user row */ + // Update $user row $sql = 'SELECT * FROM ' . STYLES_TABLE . ' WHERE style_id = ' . (int) $config['default_style']; @@ -309,7 +304,7 @@ class user extends \phpbb\session $this->style = $db->sql_fetchrow($result); $db->sql_freeresult($result); - /** Update user style preference */ + // Update user style preference $sql = 'UPDATE ' . USERS_TABLE . ' SET user_style = ' . (int) $style_id . ' WHERE user_id = ' . (int) $this->data['user_id']; @@ -319,7 +314,7 @@ class user extends \phpbb\session } } - /** This should never happens */ + // This should never happens if (!$this->style) { trigger_error($this->language->lang('NO_STYLE_DATA', $this->data['user_style'], $this->data['user_id']), E_USER_ERROR); From a84e4b5ab4cdbbb241004e5c1621b42490e6ba94 Mon Sep 17 00:00:00 2001 From: 3D-I <480857+3D-I@users.noreply.github.com> Date: Mon, 23 Sep 2019 18:54:45 +0200 Subject: [PATCH 55/81] [ticket/16144] Provide extra fallback to board's default style for $user PHPBB3-16144 --- phpBB/phpbb/user.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/phpBB/phpbb/user.php b/phpBB/phpbb/user.php index e6e8e7f167..9817e40edb 100644 --- a/phpBB/phpbb/user.php +++ b/phpBB/phpbb/user.php @@ -314,7 +314,7 @@ class user extends \phpbb\session } } - // This should never happens + // This should never happen if (!$this->style) { trigger_error($this->language->lang('NO_STYLE_DATA', $this->data['user_style'], $this->data['user_id']), E_USER_ERROR); From a34334b74e3301ba07a86aa719b32884d230e06d Mon Sep 17 00:00:00 2001 From: Jakub Senko Date: Fri, 4 Oct 2019 14:19:45 +0200 Subject: [PATCH 56/81] [ticket/16172] Add group rank label to group view PHPBB3-16172 --- phpBB/styles/prosilver/template/memberlist_body.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/phpBB/styles/prosilver/template/memberlist_body.html b/phpBB/styles/prosilver/template/memberlist_body.html index 745f9a58a8..088d837ba8 100644 --- a/phpBB/styles/prosilver/template/memberlist_body.html +++ b/phpBB/styles/prosilver/template/memberlist_body.html @@ -29,7 +29,7 @@ {AVATAR_IMG} {% EVENT memberlist_body_group_rank_before %} {RANK_IMG} - {GROUP_RANK} + {{ lang('GROUP_RANK') ~ lang('COLON') }} {GROUP_RANK} {% EVENT memberlist_body_group_rank_after %}

        From 6c71f30723ac21a7ffd00d748ce8fd712a6a4e61 Mon Sep 17 00:00:00 2001 From: Jakub Senko Date: Fri, 4 Oct 2019 14:30:46 +0200 Subject: [PATCH 57/81] [ticket/16140] Add ucp_profile_profile_info_birthday_label_after PHPBB3-16140 --- phpBB/docs/events.md | 7 +++++++ .../prosilver/template/ucp_profile_profile_info.html | 2 +- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/phpBB/docs/events.md b/phpBB/docs/events.md index 4be1725090..2a19e9a7bf 100644 --- a/phpBB/docs/events.md +++ b/phpBB/docs/events.md @@ -2646,6 +2646,13 @@ ucp_profile_profile_info_before * Since: 3.1.4-RC1 * Purpose: Add options in profile page fieldset - before jabber field. +ucp_profile_profile_info_birthday_label_after +=== +* Locations: + + styles/prosilver/template/ucp_profile_profile_info.html +* Since: 3.2.9-RC1 +* Purpose: Add more text to birthday label, such as required asterisk + ucp_profile_register_details_after === * Locations: diff --git a/phpBB/styles/prosilver/template/ucp_profile_profile_info.html b/phpBB/styles/prosilver/template/ucp_profile_profile_info.html index 69eda8c42c..10a78b6cb0 100644 --- a/phpBB/styles/prosilver/template/ucp_profile_profile_info.html +++ b/phpBB/styles/prosilver/template/ucp_profile_profile_info.html @@ -13,7 +13,7 @@
        -

        {L_BIRTHDAY_EXPLAIN}
        +

        {L_BIRTHDAY_EXPLAIN}
        From 5c73f471f589c059e5127d3268746534bfb708bf Mon Sep 17 00:00:00 2001 From: Jakub Senko Date: Fri, 4 Oct 2019 15:39:54 +0200 Subject: [PATCH 58/81] [ticket/16083] Remove type=text/javascript PHPBB3-16083 --- phpBB/adm/style/acp_attachments.html | 2 +- phpBB/adm/style/acp_ban.html | 2 +- phpBB/adm/style/acp_contact.html | 2 +- phpBB/adm/style/acp_database.html | 2 +- phpBB/adm/style/acp_forums.html | 8 ++++---- phpBB/adm/style/acp_icons.html | 2 +- phpBB/adm/style/acp_modules.html | 2 +- phpBB/adm/style/acp_permission_roles.html | 4 ++-- phpBB/adm/style/acp_posting_buttons.html | 2 +- phpBB/adm/style/acp_ranks.html | 2 +- phpBB/adm/style/acp_search.html | 2 +- phpBB/adm/style/acp_users_overview.html | 2 +- phpBB/adm/style/acp_users_prefs.html | 2 +- phpBB/adm/style/acp_users_signature.html | 2 +- phpBB/adm/style/installer_footer.html | 8 ++++---- phpBB/adm/style/overall_footer.html | 6 +++--- phpBB/adm/style/overall_header.html | 2 +- phpBB/adm/style/permission_mask.html | 4 ++-- phpBB/adm/style/progress_bar.html | 4 ++-- phpBB/adm/style/simple_footer.html | 6 +++--- phpBB/adm/style/simple_header.html | 2 +- 21 files changed, 34 insertions(+), 34 deletions(-) diff --git a/phpBB/adm/style/acp_attachments.html b/phpBB/adm/style/acp_attachments.html index 6129d6a1a5..0c716f61ec 100644 --- a/phpBB/adm/style/acp_attachments.html +++ b/phpBB/adm/style/acp_attachments.html @@ -110,7 +110,7 @@ - - + « {L_BACK} diff --git a/phpBB/adm/style/acp_posting_buttons.html b/phpBB/adm/style/acp_posting_buttons.html index 36fc285537..614d6fae40 100644 --- a/phpBB/adm/style/acp_posting_buttons.html +++ b/phpBB/adm/style/acp_posting_buttons.html @@ -1,4 +1,4 @@ - - - - + + + {$SCRIPTS} diff --git a/phpBB/adm/style/overall_footer.html b/phpBB/adm/style/overall_footer.html index 8745286d64..3ab633e04b 100644 --- a/phpBB/adm/style/overall_footer.html +++ b/phpBB/adm/style/overall_footer.html @@ -33,9 +33,9 @@
        • - - - + + + diff --git a/phpBB/adm/style/overall_header.html b/phpBB/adm/style/overall_header.html index 8279ac34dc..fa361d6016 100644 --- a/phpBB/adm/style/overall_header.html +++ b/phpBB/adm/style/overall_header.html @@ -10,7 +10,7 @@ - - +
        diff --git a/phpBB/adm/style/progress_bar.html b/phpBB/adm/style/progress_bar.html index 1822675c15..1e58257ff0 100644 --- a/phpBB/adm/style/progress_bar.html +++ b/phpBB/adm/style/progress_bar.html @@ -1,6 +1,6 @@ - - - + + + {$SCRIPTS} diff --git a/phpBB/adm/style/simple_header.html b/phpBB/adm/style/simple_header.html index 439645a211..a8a32bf768 100644 --- a/phpBB/adm/style/simple_header.html +++ b/phpBB/adm/style/simple_header.html @@ -9,7 +9,7 @@ -