From adff2fb254285e54f899f3a8604e1116cb11573c Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Fri, 12 Jul 2013 14:35:17 -0400 Subject: [PATCH 1/2] [ticket/11548] Check upload avatar URL the same way as in phpBB 3.0 The upload avatar URL was checked for its length in phpBB 3.0. Additionally, starting with the new avatar system in phpBB 3.1, the URL was checked to prevent improper URLs being submitted. This minor change is needed for proper testing of the ucp and acp groups pages. PHPBB3-11548 --- phpBB/includes/avatar/driver/upload.php | 26 +++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/phpBB/includes/avatar/driver/upload.php b/phpBB/includes/avatar/driver/upload.php index baf51f61c1..685ac4f349 100644 --- a/phpBB/includes/avatar/driver/upload.php +++ b/phpBB/includes/avatar/driver/upload.php @@ -77,6 +77,32 @@ class phpbb_avatar_driver_upload extends phpbb_avatar_driver } elseif (!empty($this->config['allow_avatar_remote_upload']) && !empty($url)) { + if (!preg_match('#^(http|https|ftp)://#i', $url)) + { + $url = 'http://' . $url; + } + + if (!function_exists('validate_data')) + { + require($this->phpbb_root_path . 'includes/functions_user.' . $this->php_ext); + } + + $validate_array = validate_data( + array( + 'url' => $url, + ), + array( + 'url' => array('string', true, 5, 255), + ) + ); + + $error = array_merge($error, $validate_array); + + if (!empty($error)) + { + return false; + } + $file = $upload->remote_upload($url); } else From 01b9f9f9b6f14d602ce57a37f0969707d1f0c41b Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Fri, 12 Jul 2013 14:38:18 -0400 Subject: [PATCH 2/2] [ticket/11548] Fix test errors in groups test on develop This will fix the errors that appeared in the functional groups test due to the changes in the new avatar system. The patch will make them work again. PHPBB3-11548 --- tests/functional/common_groups_test.php | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/tests/functional/common_groups_test.php b/tests/functional/common_groups_test.php index f6b447dc90..6c6572af62 100644 --- a/tests/functional/common_groups_test.php +++ b/tests/functional/common_groups_test.php @@ -84,19 +84,19 @@ abstract class phpbb_functional_common_groups_test extends phpbb_functional_test public function group_avatar_min_max_data() { return array( - array('uploadurl', 'foo', 'TOO_SHORT'), - array('uploadurl', 'foobar', 'AVATAR_URL_INVALID'), - array('uploadurl', str_repeat('f', 256), 'TOO_LONG'), - array('remotelink', 'foo', 'TOO_SHORT'), - array('remotelink', 'foobar', 'AVATAR_URL_INVALID'), - array('remotelink', str_repeat('f', 256), 'TOO_LONG'), + array('avatar_driver_upload', 'avatar_upload_url', 'foo', 'AVATAR_URL_INVALID'), + array('avatar_driver_upload', 'avatar_upload_url', 'foobar', 'AVATAR_URL_INVALID'), + array('avatar_driver_upload', 'avatar_upload_url', 'http://www.phpbb.com/' . str_repeat('f', 240) . '.png', 'TOO_LONG'), + array('avatar_driver_remote', 'avatar_remote_url', 'foo', 'AVATAR_URL_INVALID'), + array('avatar_driver_remote', 'avatar_remote_url', 'foobar', 'AVATAR_URL_INVALID'), + array('avatar_driver_remote', 'avatar_remote_url', 'http://www.phpbb.com/' . str_repeat('f', 240) . '.png', 'TOO_LONG'), ); } /** * @dataProvider group_avatar_min_max_data */ - public function test_group_avatar_min_max($form_name, $input, $expected) + public function test_group_avatar_min_max($avatar_type, $form_name, $input, $expected) { $this->login(); $this->admin_login(); @@ -105,6 +105,7 @@ abstract class phpbb_functional_common_groups_test extends phpbb_functional_test $crawler = self::request('GET', $this->get_url() . '&g=5&sid=' . $this->sid); $form = $crawler->selectButton($this->lang('SUBMIT'))->form(); + $form['avatar_driver']->setValue($avatar_type); $form[$form_name]->setValue($input); $crawler = self::submit($form); $this->assertContains($this->lang($expected), $crawler->text());