[ticket/13935] Allow more admin-configurable schemes in post links

PHPBB3-13935

phpBB/config/default/container/services_text_formatter.yml

@@ -32,6 +32,7 @@ services:
             - @text_formatter.data_access
             - @cache.driver
             - @dispatcher
+            - @config
             - %text_formatter.cache.dir%
             - %text_formatter.cache.parser.key%
             - %text_formatter.cache.renderer.key%

phpBB/includes/acp/acp_board.php

@@ -197,6 +197,7 @@ class acp_board
 						'allow_post_flash'		=> array('lang' => 'ALLOW_POST_FLASH',		'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
 						'allow_smilies'			=> array('lang' => 'ALLOW_SMILIES',			'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => false),
 						'allow_post_links'		=> array('lang' => 'ALLOW_POST_LINKS',		'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
+						'allowed_schemes_links'	=> array('lang' => 'ALLOWED_SCHEMES_LINKS',	'validate' => 'string',	'type' => 'text:0:255', 'explain' => true),
 						'allow_nocensors'		=> array('lang' => 'ALLOW_NO_CENSORS',		'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
 						'allow_bookmarks'		=> array('lang' => 'ALLOW_BOOKMARKS',		'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
 						'enable_post_confirm'	=> array('lang' => 'VISUAL_CONFIRM_POST',	'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
@@ -550,6 +551,12 @@ class acp_board
 			}
 		}
 
+		// Invalidate the text_formatter cache when posting options are changed
+		if ($mode == 'post' && $submit)
+		{
+			$phpbb_container->get('text_formatter.cache')->invalidate();
+		}
+
 		// Store news and exclude ids
 		if ($mode == 'feed' && $submit)
 		{

phpBB/install/schemas/schema_data.sql

@@ -41,6 +41,7 @@ INSERT INTO phpbb_config (config_name, config_value) VALUES ('allow_sig_pm', '1'
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('allow_sig_smilies', '1');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('allow_smilies', '1');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('allow_topic_notify', '1');
+INSERT INTO phpbb_config (config_name, config_value) VALUES ('allowed_schemes_links', 'http,https,ftp');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('assets_version', '1');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('attachment_quota', '52428800');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('auth_bbcode_pm', '1');

phpBB/language/en/acp/board.php

@@ -161,6 +161,8 @@ $lang = array_merge($lang, array(
 	'ACP_POST_SETTINGS_EXPLAIN'			=> 'Here you can set all default settings for posting.',
 	'ALLOW_POST_LINKS'					=> 'Allow links in posts/private messages',
 	'ALLOW_POST_LINKS_EXPLAIN'			=> 'If disallowed the <code>[URL]</code> BBCode tag and automatic/magic URLs are disabled.',
+	'ALLOWED_SCHEMES_LINKS'				=> 'Allowed schemes in links',
+	'ALLOWED_SCHEMES_LINKS_EXPLAIN'		=> 'Users can only post schemeless URLs or one of the comma-separated list of allowed schemes.',
 	'ALLOW_POST_FLASH'					=> 'Allow use of <code>[FLASH]</code> BBCode tag in posts',
 	'ALLOW_POST_FLASH_EXPLAIN'			=> 'If disallowed the <code>[FLASH]</code> BBCode tag is disabled in posts. Otherwise the permission system controls which users can use the <code>[FLASH]</code> BBCode tag.',
 

phpBB/phpbb/db/migration/data/v320/allowed_schemes_links.php

@@ -0,0 +1,24 @@
+<?php
+/**
+*
+* This file is part of the phpBB Forum Software package.
+*
+* @copyright (c) phpBB Limited <https://www.phpbb.com>
+* @license GNU General Public License, version 2 (GPL-2.0)
+*
+* For full copyright and license information, please see
+* the docs/CREDITS.txt file.
+*
+*/
+
+namespace phpbb\db\migration\data\v320;
+
+class allowed_schemes_links extends \phpbb\db\migration\migration
+{
+	public function update_data()
+	{
+		return array(
+			array('config.add', array('allowed_schemes_links', 'http,https,ftp')),
+		);
+	}
+}

phpBB/phpbb/textformatter/s9e/factory.php

@@ -42,6 +42,11 @@ class factory implements \phpbb\textformatter\cache_interface
 	*/
 	protected $cache_key_renderer;
 
+	/**
+	* @var \phpbb\config\config
+	*/
+	protected $config;
+
 	/**
 	* @var array Custom tokens used in bbcode.html and their corresponding token from the definition
 	*/
@@ -127,16 +132,18 @@ class factory implements \phpbb\textformatter\cache_interface
 	* @param \phpbb\textformatter\data_access $data_access
 	* @param \phpbb\cache\driver\driver_interface $cache
 	* @param \phpbb\event\dispatcher_interface $dispatcher
+	* @param \phpbb\config\config $config
 	* @param string $cache_dir          Path to the cache dir
 	* @param string $cache_key_parser   Cache key used for the parser
 	* @param string $cache_key_renderer Cache key used for the renderer
 	*/
-	public function __construct(\phpbb\textformatter\data_access $data_access, \phpbb\cache\driver\driver_interface $cache, \phpbb\event\dispatcher_interface $dispatcher, $cache_dir, $cache_key_parser, $cache_key_renderer)
+	public function __construct(\phpbb\textformatter\data_access $data_access, \phpbb\cache\driver\driver_interface $cache, \phpbb\event\dispatcher_interface $dispatcher, \phpbb\config\config $config, $cache_dir, $cache_key_parser, $cache_key_renderer)
 	{
 		$this->cache = $cache;
 		$this->cache_dir = $cache_dir;
 		$this->cache_key_parser = $cache_key_parser;
 		$this->cache_key_renderer = $cache_key_renderer;
+		$this->config = $config;
 		$this->data_access = $data_access;
 		$this->dispatcher = $dispatcher;
 	}
@@ -190,6 +197,16 @@ class factory implements \phpbb\textformatter\cache_interface
 		$vars = array('configurator');
 		extract($this->dispatcher->trigger_event('core.text_formatter_s9e_configure_before', compact($vars)));
 
+		// Reset the list of allowed schemes
+		foreach ($configurator->urlConfig->getAllowedSchemes() as $scheme)
+		{
+			$configurator->urlConfig->disallowScheme($scheme);
+		}
+		foreach (explode(',', $this->config['allowed_schemes_links']) as $scheme)
+		{
+			$configurator->urlConfig->allowScheme(trim($scheme));
+		}
+
 		// Convert newlines to br elements by default
 		$configurator->rootRules->enableAutoLineBreaks();
 

tests/functional/posting_test.php

@@ -205,4 +205,45 @@ class phpbb_functional_posting_test extends phpbb_functional_test_case
 			$crawler->filter('#preview .signature')->html()
 		);
 	}
+
+	public function test_allowed_schemes_links()
+	{
+		$text = 'http://example.org/ tcp://localhost:22/ServiceName';
+
+		$this->login();
+		$this->admin_login();
+
+		// Post with default settings
+		$crawler = self::request('GET', 'posting.php?mode=post&f=2');
+		$form = $crawler->selectButton('Preview')->form(array(
+			'subject' => 'Test subject',
+			'message' => $text,
+		));
+		$crawler = self::submit($form);
+		$this->assertContains(
+			'<a href="http://example.org/" class="postlink">http://example.org/</a> tcp://localhost:22/ServiceName',
+			$crawler->filter('#preview .content')->html()
+		);
+
+		// Update allowed schemes
+		$crawler = self::request('GET', 'adm/index.php?sid=' . $this->sid . '&i=acp_board&mode=post');
+		$form = $crawler->selectButton('Submit')->form();
+		$values = $form->getValues();
+		$values['config[allowed_schemes_links]'] = 'https,tcp';
+		$form->setValues($values);
+		$crawler = self::submit($form);
+		$this->assertEquals(1, $crawler->filter('.successbox')->count());
+
+		// Post with new settings
+		$crawler = self::request('GET', 'posting.php?mode=post&f=2');
+		$form = $crawler->selectButton('Preview')->form(array(
+			'subject' => 'Test subject',
+			'message' => $text,
+		));
+		$crawler = self::submit($form);
+		$this->assertContains(
+			'http://example.org/ <a href="tcp://localhost:22/ServiceName" class="postlink">tcp://localhost:22/ServiceName</a>',
+			$crawler->filter('#preview .content')->html()
+		);
+	}
 }

tests/test_framework/phpbb_test_case_helpers.php

@@ -473,8 +473,30 @@ class phpbb_test_case_helpers
 			$phpbb_dispatcher = $dispatcher;
 		}
 
+		// Set up the a minimum config
+		if ($container->has('config'))
+		{
+			$config = $container->get('config');
+		}
+		else
+		{
+			$config = new \phpbb\config\config(array());
+		}
+		$default_config = array(
+			'allow_nocensors' => false,
+			'allowed_schemes_links' => 'http,https,ftp',
+			'smilies_path' => 'images/smilies',
+		);
+		foreach ($default_config as $config_name => $config_value)
+		{
+			if (!isset($config[$config_name]))
+			{
+				$config[$config_name] = $config_value;
+			}
+		}
+
 		// Create and register the text_formatter.s9e.factory service
-		$factory = new \phpbb\textformatter\s9e\factory($dal, $cache, $dispatcher, $cache_dir, $cache_key_parser, $cache_key_renderer);
+		$factory = new \phpbb\textformatter\s9e\factory($dal, $cache, $dispatcher, $config, $cache_dir, $cache_key_parser, $cache_key_renderer);
 		$container->set('text_formatter.s9e.factory', $factory);
 
 		// Create a user if none was provided, and add the common lang strings
@@ -537,12 +559,8 @@ class phpbb_test_case_helpers
 			$dispatcher
 		);
 
-		$config = ($container->has('config'))
-		        ? $container->get('config')
-		        : new \phpbb\config\config(array('smilies_path' => 'images/smilies', 'allow_nocensors' => false));
-		$auth = ($container->has('auth')) ? $container->get('auth') : new \phpbb\auth\auth;
-
 		// Calls configured in services.yml
+		$auth = ($container->has('auth')) ? $container->get('auth') : new \phpbb\auth\auth;
 		$renderer->configure_quote_helper($quote_helper);
 		$renderer->configure_smilies_path($config, $path_helper);
 		$renderer->configure_user($user, $config, $auth);

tests/text_formatter/s9e/factory_test.php

@@ -49,6 +49,7 @@ class phpbb_textformatter_s9e_factory_test extends phpbb_database_test_case
 			$dal,
 			$this->cache,
 			$this->dispatcher,
+			new \phpbb\config\config(array('allowed_schemes_links' => 'http,https,ftp')),
 			$this->get_cache_dir(),
 			'_foo_parser',
 			'_foo_renderer'