other fixes

git-svn-id: file:///svn/phpbb/trunk@7726 89ea8834-ac86-4346-8a33-228a782c2dd0
2025-06-28 06:08:52 +00:00 · 2007-06-08 08:28:55 +00:00 · 2007-06-08 08:28:55 +00:00 · eaa6669010
commit eaa6669010
parent 011b47c01d
6 changed files with 213 additions and 11 deletions
--- a/phpBB/docs/CHANGELOG.html
+++ b/phpBB/docs/CHANGELOG.html
@ -228,22 +228,24 @@ p a {
 		<li>[Fix] Outbox messages are no always neither new nor unread post-conversion (Bug #11461)</li>
 		<li>[Feature] Replaced outdated jabber class with the one from the flyspray project</li>
 		<li>[Feature] The converter no longer relies on the smiley ID to decide if it should be displayed on the posting page</li>
-		<li> Limit maximum number of allowed characters in messages to 60.000 by default. Admins should increase their PHP time limits if they want to raise this tremedously.</li>
-		<li> Some changes to the conversion documentation</li>
+		<li>[Change] Limit maximum number of allowed characters in messages to 60.000 by default. Admins should increase their PHP time limits if they want to raise this tremedously.</li>
+		<li>[Change] Some changes to the conversion documentation</li>
 		<li>[Fix] Only use permissions from existing forums during the conversion (Bug #11417)</li>
 		<li>[Fix] Do not permit the decimal as a valid prefix character (Bug #11967)</li>
 		<li>[Fix] Account for the fact that the IM fields might hold non-IM information</li>
 		<li>[Fix] Make the queue function on post details</li>
 		<li>[Fix] Check if there are active styles left before deleting a style</li>
 		<li>[Fix] Correctly update styles after the deletion of an imageset.</li>
+		<li>[Fix] Replaced jabber validation to use the method used by the new jabber class (Bug #9822)</li>
 		<li>[Sec] Adding confirm boxes to UCP group actions (ToonArmy)</li>
-		<li>[Feature] Added the option to disable the flash bbcode globally (DelvarWorld).</li>
-		<li>[Sec] Changed the embedding of Flash (NeoThermic, DelvarWorld).</li>
+		<li>[Feature] Added the option to disable the flash bbcode globally (DelvarWorld)</li>
+		<li>[Sec] Changed the embedding of Flash (NeoThermic, DelvarWorld)</li>
 		<li>[Fix] Use the signature setting for PMs (Bug #12001)</li>
 		<li>[Fix] Made the DBMS selection use language variables (Bug #11969)</li>
 		<li>[Fix] Make sure that a folder is used when viewing messages to oneself (Bug #12105)</li>
 		<li>[Fix] Account for the fact that a board might have no visible Admins (Bug #12185)</li>
 		<li>[Fix] Change group ranks even if empty (Bug #12231)</li>
+		<li>[Fix] Correctly move pm's into folders if more than one is received (Bug #12135)</li>

 	</ul>

--- a/phpBB/includes/acp/acp_users.php
+++ b/phpBB/includes/acp/acp_users.php
@ -970,7 +970,7 @@ class acp_users
 					'aim'			=> request_var('aim', $user_row['user_aim']),
 					'msn'			=> request_var('msn', $user_row['user_msnm']),
 					'yim'			=> request_var('yim', $user_row['user_yim']),
-					'jabber'		=> request_var('jabber', $user_row['user_jabber']),
+					'jabber'		=> utf8_normalize_nfc(request_var('jabber', $user_row['user_jabber'], true)),
 					'website'		=> request_var('website', $user_row['user_website']),
 					'location'		=> utf8_normalize_nfc(request_var('location', $user_row['user_from'], true)),
 					'occupation'	=> utf8_normalize_nfc(request_var('occupation', $user_row['user_occ'], true)),
@ -999,7 +999,7 @@ class acp_users
 						'msn'			=> array('string', true, 5, 255),
 						'jabber'		=> array(
 							array('string', true, 5, 255),
-							array('match', true, '#^[^@:\'"<>&\x00-\x1F\x7F\t\r\n]+@(.*?\.)*?[a-z0-9\-_]+?\.[a-z]{2,4}(/.*)?$#iu')),
+							array('jabber')),
 						'yim'			=> array('string', true, 5, 255),
 						'website'		=> array(
 							array('string', true, 12, 255),
--- a/phpBB/includes/functions_user.php
+++ b/phpBB/includes/functions_user.php
@ -1556,7 +1556,207 @@ function validate_email($email, $allowed_email = false)
 	return false;
 }

+/**
+* Validate jabber address
+* Taken from the jabber class within flyspray (see author notes)
+*
+* @author flyspray.org
+*/
+function validate_jabber($jid)
+{
+	if (!$jid)
+	{
+		return false;
+	}

+	$seperator_pos = strpos($jid, '@');
+
+	if ($seperator_pos === false)
+	{
+		return 'WRONG_DATA';
+	}
+
+	$username = substr($jid, 0, $seperator_pos);
+	$realm = substr($jid, $seperator_pos + 1);
+
+	if (strlen($username) == 0 || strlen($realm) < 3)
+	{
+		return 'WRONG_DATA';
+	}
+
+	$arr = explode('.', $realm);
+
+	if (sizeof($arr) == 0)
+	{
+		return 'WRONG_DATA';
+	}
+
+	foreach ($arr as $part)
+	{
+		if (substr($part, 0, 1) == '-' || substr($part, -1, 1) == '-')
+		{
+			return 'WRONG_DATA';
+		}
+
+		if (!preg_match("@^[a-zA-Z0-9-.]+$@", $part))
+		{
+			return 'WRONG_DATA';
+		}
+	}
+
+	$boundary = array(array(0, 127), array(192, 223), array(224, 239), array(240, 247), array(248, 251), array(252, 253));
+
+	// Prohibited Characters RFC3454 + RFC3920
+	$prohibited = array(
+		// Table C.1.1
+		array(0x0020, 0x0020),		// SPACE
+		// Table C.1.2
+		array(0x00A0, 0x00A0),		// NO-BREAK SPACE
+		array(0x1680, 0x1680),		// OGHAM SPACE MARK
+		array(0x2000, 0x2001),		// EN QUAD
+		array(0x2001, 0x2001),		// EM QUAD
+		array(0x2002, 0x2002),		// EN SPACE
+		array(0x2003, 0x2003),		// EM SPACE
+		array(0x2004, 0x2004),		// THREE-PER-EM SPACE
+		array(0x2005, 0x2005),		// FOUR-PER-EM SPACE
+		array(0x2006, 0x2006),		// SIX-PER-EM SPACE
+		array(0x2007, 0x2007),		// FIGURE SPACE
+		array(0x2008, 0x2008),		// PUNCTUATION SPACE
+		array(0x2009, 0x2009),		// THIN SPACE
+		array(0x200A, 0x200A),		// HAIR SPACE
+		array(0x200B, 0x200B),		// ZERO WIDTH SPACE
+		array(0x202F, 0x202F),		// NARROW NO-BREAK SPACE
+		array(0x205F, 0x205F),		// MEDIUM MATHEMATICAL SPACE
+		array(0x3000, 0x3000),		// IDEOGRAPHIC SPACE
+		// Table C.2.1
+		array(0x0000, 0x001F),		// [CONTROL CHARACTERS]
+		array(0x007F, 0x007F),		// DELETE
+		// Table C.2.2
+		array(0x0080, 0x009F),		// [CONTROL CHARACTERS]
+		array(0x06DD, 0x06DD),		// ARABIC END OF AYAH
+		array(0x070F, 0x070F),		// SYRIAC ABBREVIATION MARK
+		array(0x180E, 0x180E),		// MONGOLIAN VOWEL SEPARATOR
+		array(0x200C, 0x200C), 		// ZERO WIDTH NON-JOINER
+		array(0x200D, 0x200D),		// ZERO WIDTH JOINER
+		array(0x2028, 0x2028),		// LINE SEPARATOR
+		array(0x2029, 0x2029),		// PARAGRAPH SEPARATOR
+		array(0x2060, 0x2060),		// WORD JOINER
+		array(0x2061, 0x2061),		// FUNCTION APPLICATION
+		array(0x2062, 0x2062),		// INVISIBLE TIMES
+		array(0x2063, 0x2063),		// INVISIBLE SEPARATOR
+		array(0x206A, 0x206F),		// [CONTROL CHARACTERS]
+		array(0xFEFF, 0xFEFF),		// ZERO WIDTH NO-BREAK SPACE
+		array(0xFFF9, 0xFFFC),		// [CONTROL CHARACTERS]
+		array(0x1D173, 0x1D17A),	// [MUSICAL CONTROL CHARACTERS]
+		// Table C.3
+		array(0xE000, 0xF8FF),		// [PRIVATE USE, PLANE 0]
+		array(0xF0000, 0xFFFFD),	// [PRIVATE USE, PLANE 15]
+		array(0x100000, 0x10FFFD),	// [PRIVATE USE, PLANE 16]
+		// Table C.4
+		array(0xFDD0, 0xFDEF),		// [NONCHARACTER CODE POINTS]
+		array(0xFFFE, 0xFFFF),		// [NONCHARACTER CODE POINTS]
+		array(0x1FFFE, 0x1FFFF),	// [NONCHARACTER CODE POINTS]
+		array(0x2FFFE, 0x2FFFF),	// [NONCHARACTER CODE POINTS]
+		array(0x3FFFE, 0x3FFFF),	// [NONCHARACTER CODE POINTS]
+		array(0x4FFFE, 0x4FFFF),	// [NONCHARACTER CODE POINTS]
+		array(0x5FFFE, 0x5FFFF),	// [NONCHARACTER CODE POINTS]
+		array(0x6FFFE, 0x6FFFF),	// [NONCHARACTER CODE POINTS]
+		array(0x7FFFE, 0x7FFFF),	// [NONCHARACTER CODE POINTS]
+		array(0x8FFFE, 0x8FFFF),	// [NONCHARACTER CODE POINTS]
+		array(0x9FFFE, 0x9FFFF),	// [NONCHARACTER CODE POINTS]
+		array(0xAFFFE, 0xAFFFF),	// [NONCHARACTER CODE POINTS]
+		array(0xBFFFE, 0xBFFFF),	// [NONCHARACTER CODE POINTS]
+		array(0xCFFFE, 0xCFFFF),	// [NONCHARACTER CODE POINTS]
+		array(0xDFFFE, 0xDFFFF),	// [NONCHARACTER CODE POINTS]
+		array(0xEFFFE, 0xEFFFF),	// [NONCHARACTER CODE POINTS]
+		array(0xFFFFE, 0xFFFFF),	// [NONCHARACTER CODE POINTS]
+		array(0x10FFFE, 0x10FFFF),	// [NONCHARACTER CODE POINTS]
+		// Table C.5
+		array(0xD800, 0xDFFF),		// [SURROGATE CODES]
+		// Table C.6
+		array(0xFFF9, 0xFFF9),		// INTERLINEAR ANNOTATION ANCHOR
+		array(0xFFFA, 0xFFFA),		// INTERLINEAR ANNOTATION SEPARATOR
+		array(0xFFFB, 0xFFFB),		// INTERLINEAR ANNOTATION TERMINATOR
+		array(0xFFFC, 0xFFFC),		// OBJECT REPLACEMENT CHARACTER
+		array(0xFFFD, 0xFFFD),		// REPLACEMENT CHARACTER
+		// Table C.7
+		array(0x2FF0, 0x2FFB),		// [IDEOGRAPHIC DESCRIPTION CHARACTERS]
+		// Table C.8
+		array(0x0340, 0x0340),		// COMBINING GRAVE TONE MARK
+		array(0x0341, 0x0341),		// COMBINING ACUTE TONE MARK
+		array(0x200E, 0x200E),		// LEFT-TO-RIGHT MARK
+		array(0x200F, 0x200F),		// RIGHT-TO-LEFT MARK
+		array(0x202A, 0x202A),		// LEFT-TO-RIGHT EMBEDDING
+		array(0x202B, 0x202B),		// RIGHT-TO-LEFT EMBEDDING
+		array(0x202C, 0x202C),		// POP DIRECTIONAL FORMATTING
+		array(0x202D, 0x202D),		// LEFT-TO-RIGHT OVERRIDE
+		array(0x202E, 0x202E),		// RIGHT-TO-LEFT OVERRIDE
+		array(0x206A, 0x206A),		// INHIBIT SYMMETRIC SWAPPING
+		array(0x206B, 0x206B),		// ACTIVATE SYMMETRIC SWAPPING
+		array(0x206C, 0x206C),		// INHIBIT ARABIC FORM SHAPING
+		array(0x206D, 0x206D),		// ACTIVATE ARABIC FORM SHAPING
+		array(0x206E, 0x206E),		// NATIONAL DIGIT SHAPES
+		array(0x206F, 0x206F),		// NOMINAL DIGIT SHAPES
+		// Table C.9
+		array(0xE0001, 0xE0001),	// LANGUAGE TAG
+		array(0xE0020, 0xE007F),	// [TAGGING CHARACTERS]
+		// RFC3920
+		array(0x22, 0x22),			// "
+		array(0x26, 0x26),			// &
+		array(0x27, 0x27),			// '
+		array(0x2F, 0x2F),			// /
+		array(0x3A, 0x3A),			// :
+		array(0x3C, 0x3C),			// <
+		array(0x3E, 0x3E),			// >
+		array(0x40, 0x40)			// @
+	);
+
+	$pos = 0;
+	$result = true;
+
+	while ($pos < strlen($username))
+	{
+		$len = $uni = 0;
+		for ($i = 0; $i <= 5; $i++)
+		{
+			if (ord($username[$pos]) >= $boundary[$i][0] && ord($username[$pos]) <= $boundary[$i][1])
+			{
+				$len = $i + 1;
+				$uni = (ord($username[$pos]) - $boundary[$i][0]) * pow(2, $i * 6);
+
+				for ($k = 1; $k < $len; $k++)
+				{
+					$uni += (ord($username[$pos + $k]) - 128) * pow(2, ($i - $k) * 6);
+				}
+
+				break;
+			}
+		}
+
+		if ($len == 0)
+		{
+			return 'WRONG_DATA';
+		}
+
+		foreach ($prohibited as $pval)
+		{
+			if ($uni >= $pval[0] && $uni <= $pval[1])
+			{
+				$result = false;
+				break 2;
+			}
+		}
+
+		$pos = $pos + $len;
+	}
+
+	if (!$result)
+	{
+		return 'WRONG_DATA';
+	}
+
+	return false;
+}

 /**
 * Remove avatar
--- a/phpBB/includes/ucp/ucp_profile.php
+++ b/phpBB/includes/ucp/ucp_profile.php
@ -261,7 +261,7 @@ class ucp_profile
 					'aim'			=> request_var('aim', $user->data['user_aim']),
 					'msn'			=> request_var('msn', $user->data['user_msnm']),
 					'yim'			=> request_var('yim', $user->data['user_yim']),
-					'jabber'		=> request_var('jabber', $user->data['user_jabber']),
+					'jabber'		=> utf8_normalize_nfc(request_var('jabber', $user->data['user_jabber'], true)),
 					'website'		=> request_var('website', $user->data['user_website']),
 					'location'		=> utf8_normalize_nfc(request_var('location', $user->data['user_from'], true)),
 					'occupation'	=> utf8_normalize_nfc(request_var('occupation', $user->data['user_occ'], true)),
@ -290,7 +290,7 @@ class ucp_profile
 						'msn'			=> array('string', true, 5, 255),
 						'jabber'		=> array(
 							array('string', true, 5, 255),
-							array('match', true, '#^[^@:\'"<>&\x00-\x1F\x7F\t\r\n]+@(.*?\.)*?[a-z0-9\-_]+?\.[a-z]{2,4}(/.*)?$#iu')),
+							array('jabber')),
 						'yim'			=> array('string', true, 5, 255),
 						'website'		=> array(
 							array('string', true, 12, 255),
--- a/phpBB/language/en/acp/board.php
+++ b/phpBB/language/en/acp/board.php
@ -184,10 +184,10 @@ $lang = array_merge($lang, array(

 	'ACC_ACTIVATION'			=> 'Account activation',
 	'ACC_ACTIVATION_EXPLAIN'	=> 'This determines whether users have immediate access to the board or if confirmation is required. You can also completely disable new registrations.',
-	'ACC_ADMIN'					=> 'Admin',
+	'ACC_ADMIN'					=> 'By Admin',
 	'ACC_DISABLE'				=> 'Disable',
 	'ACC_NONE'					=> 'None',
-	'ACC_USER'					=> 'User',
+	'ACC_USER'					=> 'By User',
 //	'ACC_USER_ADMIN'			=> 'User + Admin',
 	'ALLOW_EMAIL_REUSE'			=> 'Allow e-mail address re-use',
 	'ALLOW_EMAIL_REUSE_EXPLAIN'	=> 'Different users can register with the same e-mail address.',
--- a/phpBB/language/en/acp/common.php
+++ b/phpBB/language/en/acp/common.php
@ -647,7 +647,7 @@ $lang = array_merge($lang, array(
 	'LOG_USER_DEL_AVATAR_USER'	=> '<strong>User avatar removed</strong>',
 	'LOG_USER_DEL_SIG_USER'		=> '<strong>User signature removed</strong>',
 	'LOG_USER_FEEDBACK'			=> '<strong>Added user feedback</strong><br />» %s',
-	'LOG_USER_GENERAL'			=> '<strong>Entry added:</strong><br />%s',
+	'LOG_USER_GENERAL'			=> '<strong>Entry added:</strong><br />» %s',
 	'LOG_USER_INACTIVE_USER'	=> '<strong>User account de-activated</strong>',
 	'LOG_USER_LOCK'				=> '<strong>User locked own topic</strong><br />» %s',
 	'LOG_USER_MOVE_POSTS_USER'	=> '<strong>Moved all posts to forum</strong>» %s',