diff --git a/build/build.xml b/build/build.xml index 1f6535875c..bde233ef5c 100644 --- a/build/build.xml +++ b/build/build.xml @@ -2,9 +2,9 @@ - - - + + + diff --git a/build/sami-all.conf.php b/build/sami-all.conf.php index 4bf812eb02..91f12f296e 100644 --- a/build/sami-all.conf.php +++ b/build/sami-all.conf.php @@ -26,6 +26,7 @@ $config['versions'] = Sami\Version\GitVersionCollection::create(__DIR__ . '/../' ->add('3.0.x') ->add('3.1.x') ->add('3.2.x') + ->add('3.3.x') ->add('master') ; diff --git a/phpBB/composer.lock b/phpBB/composer.lock index 6eb63d1782..735de476c1 100644 --- a/phpBB/composer.lock +++ b/phpBB/composer.lock @@ -2483,33 +2483,33 @@ }, { "name": "phpspec/prophecy", - "version": "1.9.0", + "version": "1.10.1", "source": { "type": "git", "url": "https://github.com/phpspec/prophecy.git", - "reference": "f6811d96d97bdf400077a0cc100ae56aa32b9203" + "reference": "cbe1df668b3fe136bcc909126a0f529a78d4cbbc" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/phpspec/prophecy/zipball/f6811d96d97bdf400077a0cc100ae56aa32b9203", - "reference": "f6811d96d97bdf400077a0cc100ae56aa32b9203", + "url": "https://api.github.com/repos/phpspec/prophecy/zipball/cbe1df668b3fe136bcc909126a0f529a78d4cbbc", + "reference": "cbe1df668b3fe136bcc909126a0f529a78d4cbbc", "shasum": "" }, "require": { "doctrine/instantiator": "^1.0.2", "php": "^5.3|^7.0", "phpdocumentor/reflection-docblock": "^2.0|^3.0.2|^4.0|^5.0", - "sebastian/comparator": "^1.1|^2.0|^3.0", + "sebastian/comparator": "^1.2.3|^2.0|^3.0", "sebastian/recursion-context": "^1.0|^2.0|^3.0" }, "require-dev": { - "phpspec/phpspec": "^2.5|^3.2", + "phpspec/phpspec": "^2.5 || ^3.2", "phpunit/phpunit": "^4.8.35 || ^5.7 || ^6.5 || ^7.1" }, "type": "library", "extra": { "branch-alias": { - "dev-master": "1.8.x-dev" + "dev-master": "1.10.x-dev" } }, "autoload": { @@ -2542,7 +2542,7 @@ "spy", "stub" ], - "time": "2019-10-03T11:07:50+00:00" + "time": "2019-12-22T21:05:45+00:00" }, { "name": "phpunit/dbunit", diff --git a/phpBB/develop/add_permissions.php b/phpBB/develop/add_permissions.php index d7308a1acc..ee5e116d91 100644 --- a/phpBB/develop/add_permissions.php +++ b/phpBB/develop/add_permissions.php @@ -156,6 +156,7 @@ $u_permissions = array( 'u_download' => array(0, 1), 'u_attach' => array(0, 1), 'u_sig' => array(0, 1), + 'u_emoji' => array(0, 1), 'u_pm_attach' => array(0, 1), 'u_pm_bbcode' => array(0, 1), 'u_pm_smilies' => array(0, 1), diff --git a/phpBB/docs/CHANGELOG.html b/phpBB/docs/CHANGELOG.html index 06cdb37b56..33faa961a1 100644 --- a/phpBB/docs/CHANGELOG.html +++ b/phpBB/docs/CHANGELOG.html @@ -50,6 +50,7 @@
  1. Changelog
      +
    • Changes since 3.2.8
    • Changes since 3.2.8-RC1
    • Changes since 3.2.7
    • Changes since 3.2.6
      • @@ -140,6 +141,61 @@
      +

      Changes since 3.2.8

      +

      Bug

      +
        +
      • [PHPBB3-14815] - The facebook page link is not displayed properly in memberlist.php
        • +
      • [PHPBB3-15643] - $phpbb_filesystem->resolve_path() may trigger open_basedir restriction
        • +
      • [PHPBB3-15902] - Out of range error with Sphinx search
        • +
      • [PHPBB3-16056] - JPEG dimensions undetectable for some kind of jpeg files
        • +
      • [PHPBB3-16076] - Limit attachment size by extension group
        • +
      • [PHPBB3-16141] - plupload chunk_size calculation incorrect when one or more settings are 'unlimited'
        • +
      • [PHPBB3-16150] - Post title link urls not reliable when shared
        • +
      • [PHPBB3-16156] - Bots see both register and logout links in the navbar
        • +
      • [PHPBB3-16157] - Incorrect FORM_INVALID error message while sending email form
        • +
      • [PHPBB3-16181] - OAuth provider id needs to be quoted
        • +
      • [PHPBB3-16184] - Mark read button only works once
        • +
      • [PHPBB3-16199] - Guest posting CAPTCHA is being generated with no guest posting auth
        • +
      • [PHPBB3-16209] - Nginx example configuration file blocks an image in the ACP
        • +
      • [PHPBB3-16210] - Terms of use should not be skippable
        • +
      • [PHPBB3-16211] - COPPA should not be skippable
        • +
      • [PHPBB3-16216] - Disable xdebug in travis builds
        • +
      • [PHPBB3-16217] - Enable opcache in travis CI builds
        • +
      • [PHPBB3-16228] - BBCode definitions with an optional attribute and a non-TEXT content are not merged correctly
        • +
      • [PHPBB3-16242] - Redirect loop when install folder doesn't exist
        • +
      • [PHPBB3-16252] - Ignore non-BBCodes when looking for unauthorized markup
        • +
      • [PHPBB3-16257] - Typo in Email Settings section
        • +
      • [PHPBB3-16258] - Sample Sphinx configuration file causes delta index to only include the most recent post
        • +
      +

      Improvement

      +
        +
      • [PHPBB3-16084] - Pointless radio button for database backup in 3.2.7
        • +
      • [PHPBB3-16139] - Add core.viewtopic_modify_quick_reply_template_vars
        • +
      • [PHPBB3-16140] - Add new event to UCP Edit Profile Page
        • +
      • [PHPBB3-16143] - Add core events for move topics
        • +
      • [PHPBB3-16144] - NO_STYLE_DATA - Provide extra fallback to board's default style for $user.
        • +
      • [PHPBB3-16146] - Add core event for after move the forum
        • +
      • [PHPBB3-16148] - Add template events to acp_groups.html
        • +
      • [PHPBB3-16151] - Enable Emojis and rich text in forum name
        • +
      • [PHPBB3-16153] - Enable Emojis and rich text in topic title
        • +
      • [PHPBB3-16159] - Wrap post times in html time tag
        • +
      • [PHPBB3-16174] - Event for disabling cookie creation
        • +
      • [PHPBB3-16182] - Add core.generate_smilies_modify_rowset
        • +
      • [PHPBB3-16183] - Add core.generate_smilies_count_sql_before
        • +
      • [PHPBB3-16203] - Enable Emojis and rich text in sent Emails
        • +
      • [PHPBB3-16247] - Quote PM has no identifier
        • +
      • [PHPBB3-16251] - Shortened link text shouldn't override custom plugins
        • +
      +

      Task

      +
        +
      • [PHPBB3-15422] - Remove the unnecessary helpline function and help_line variable
        • +
      • [PHPBB3-16147] - Updated tokens legend in BBCodes ACP
        • +
      • [PHPBB3-16160] - Add script for generating package json file
        • +
      • [PHPBB3-16172] - Add "Rank:" or "Group rank:" in the memberlist
        • +
      • [PHPBB3-16224] - Update composer dependencies
        • +
      • [PHPBB3-16246] - Prettify and update README Automated Testing section
        • +
      +

      Changes since 3.2.8-RC1

      Bug

        diff --git a/phpBB/docs/nginx.sample.conf b/phpBB/docs/nginx.sample.conf index 848998cfeb..c5a9472a1c 100644 --- a/phpBB/docs/nginx.sample.conf +++ b/phpBB/docs/nginx.sample.conf @@ -70,7 +70,7 @@ http { } # Deny access to internal phpbb files. - location ~ /(config\.php|common\.php|cache|files|images/avatars/upload|includes|(?= ( SELECT max_doc_id FROM phpbb_sphinx WHERE counter_id=1 ) - sql_query_pre = + sql_query_post_index = } index index_phpbb_{SPHINX_ID}_main { diff --git a/phpBB/includes/constants.php b/phpBB/includes/constants.php index a2e7d92f7d..1c77366380 100644 --- a/phpBB/includes/constants.php +++ b/phpBB/includes/constants.php @@ -28,7 +28,7 @@ if (!defined('IN_PHPBB')) */ // phpBB Version -@define('PHPBB_VERSION', '3.2.9-dev'); +@define('PHPBB_VERSION', '3.2.10-dev'); // QA-related // define('PHPBB_QA', 1); diff --git a/phpBB/install/convertors/convert_phpbb20.php b/phpBB/install/convertors/convert_phpbb20.php index 654f705967..ff5ec29019 100644 --- a/phpBB/install/convertors/convert_phpbb20.php +++ b/phpBB/install/convertors/convert_phpbb20.php @@ -38,7 +38,7 @@ $dbms = $phpbb_config_php_file->convert_30_dbms_to_31($dbms); $convertor_data = array( 'forum_name' => 'phpBB 2.0.x', 'version' => '1.0.3', - 'phpbb_version' => '3.2.8', + 'phpbb_version' => '3.2.9', 'author' => 'phpBB Limited', 'dbms' => $dbms, 'dbhost' => $dbhost, diff --git a/phpBB/install/phpbbcli.php b/phpBB/install/phpbbcli.php index ddf17fa5f6..dbc8a17f8c 100755 --- a/phpBB/install/phpbbcli.php +++ b/phpBB/install/phpbbcli.php @@ -23,7 +23,7 @@ if (php_sapi_name() !== 'cli') define('IN_PHPBB', true); define('IN_INSTALL', true); define('PHPBB_ENVIRONMENT', 'production'); -define('PHPBB_VERSION', '3.2.8'); +define('PHPBB_VERSION', '3.2.9-RC1'); $phpbb_root_path = __DIR__ . '/../'; $phpEx = substr(strrchr(__FILE__, '.'), 1); diff --git a/phpBB/install/schemas/schema_data.sql b/phpBB/install/schemas/schema_data.sql index d614579f3d..86c8f00a24 100644 --- a/phpBB/install/schemas/schema_data.sql +++ b/phpBB/install/schemas/schema_data.sql @@ -185,7 +185,7 @@ INSERT INTO phpbb_config (config_name, config_value) VALUES ('load_cpf_viewprofi INSERT INTO phpbb_config (config_name, config_value) VALUES ('load_cpf_viewtopic', '1'); INSERT INTO phpbb_config (config_name, config_value) VALUES ('load_db_lastread', '1'); INSERT INTO phpbb_config (config_name, config_value) VALUES ('load_db_track', '1'); -INSERT INTO phpbb_config (config_name, config_value) VALUES ('load_jquery_url', '//ajax.googleapis.com/ajax/libs/jquery/1.11.0/jquery.min.js'); +INSERT INTO phpbb_config (config_name, config_value) VALUES ('load_jquery_url', '//ajax.googleapis.com/ajax/libs/jquery/1.12.4/jquery.min.js'); INSERT INTO phpbb_config (config_name, config_value) VALUES ('load_jumpbox', '1'); INSERT INTO phpbb_config (config_name, config_value) VALUES ('load_moderators', '1'); INSERT INTO phpbb_config (config_name, config_value) VALUES ('load_notifications', '1'); @@ -279,7 +279,7 @@ INSERT INTO phpbb_config (config_name, config_value) VALUES ('tpl_allow_php', '0 INSERT INTO phpbb_config (config_name, config_value) VALUES ('upload_icons_path', 'images/upload_icons'); INSERT INTO phpbb_config (config_name, config_value) VALUES ('upload_path', 'files'); INSERT INTO phpbb_config (config_name, config_value) VALUES ('use_system_cron', '0'); -INSERT INTO phpbb_config (config_name, config_value) VALUES ('version', '3.2.9-dev'); +INSERT INTO phpbb_config (config_name, config_value) VALUES ('version', '3.2.10-dev'); INSERT INTO phpbb_config (config_name, config_value) VALUES ('warnings_expire_days', '90'); INSERT INTO phpbb_config (config_name, config_value) VALUES ('warnings_gc', '14400'); @@ -421,6 +421,7 @@ INSERT INTO phpbb_acl_options (auth_option, is_global) VALUES ('u_chgname', 1); INSERT INTO phpbb_acl_options (auth_option, is_global) VALUES ('u_chgpasswd', 1); INSERT INTO phpbb_acl_options (auth_option, is_global) VALUES ('u_chgprofileinfo', 1); INSERT INTO phpbb_acl_options (auth_option, is_global) VALUES ('u_download', 1); +INSERT INTO phpbb_acl_options (auth_option, is_global) VALUES ('u_emoji', 1); INSERT INTO phpbb_acl_options (auth_option, is_global) VALUES ('u_hideonline', 1); INSERT INTO phpbb_acl_options (auth_option, is_global) VALUES ('u_ignoreflood', 1); INSERT INTO phpbb_acl_options (auth_option, is_global) VALUES ('u_masspm', 1); diff --git a/phpBB/language/en/acp/board.php b/phpBB/language/en/acp/board.php index 651b76625d..e237446dde 100644 --- a/phpBB/language/en/acp/board.php +++ b/phpBB/language/en/acp/board.php @@ -590,7 +590,7 @@ $lang = array_merge($lang, array( 'SMTP_PORT' => 'SMTP server port', 'SMTP_PORT_EXPLAIN' => 'Only change this if you know your SMTP server is on a different port.', 'SMTP_SERVER' => 'SMTP server address', - 'SMTP_SERVER_EXPLAIN' => 'Do not provide a protocol (ssl:// or tsl://) unless your mail host tells you to do so.', + 'SMTP_SERVER_EXPLAIN' => 'Do not provide a protocol (ssl:// or tls://) unless your mail host tells you to do so.', 'SMTP_SETTINGS' => 'SMTP settings', 'SMTP_USERNAME' => 'SMTP username', 'SMTP_USERNAME_EXPLAIN' => 'Only enter a username if your SMTP server requires it.', diff --git a/phpBB/language/en/acp/permissions_phpbb.php b/phpBB/language/en/acp/permissions_phpbb.php index 2c7b3d3aee..ab8939932b 100644 --- a/phpBB/language/en/acp/permissions_phpbb.php +++ b/phpBB/language/en/acp/permissions_phpbb.php @@ -79,6 +79,7 @@ $lang = array_merge($lang, array( 'ACL_U_SAVEDRAFTS' => 'Can save drafts', 'ACL_U_CHGCENSORS' => 'Can disable word censors', 'ACL_U_SIG' => 'Can use signature', + 'ACL_U_EMOJI' => 'Can use emoji and rich text characters in topic title', 'ACL_U_SENDPM' => 'Can send private messages', 'ACL_U_MASSPM' => 'Can send private messages to multiple users', diff --git a/phpBB/phpbb/avatar/driver/remote.php b/phpBB/phpbb/avatar/driver/remote.php index efc4f5ec0f..b16549ffb7 100644 --- a/phpBB/phpbb/avatar/driver/remote.php +++ b/phpBB/phpbb/avatar/driver/remote.php @@ -49,6 +49,8 @@ class remote extends \phpbb\avatar\driver\driver */ public function process_form($request, $template, $user, $row, &$error) { + global $phpbb_dispatcher; + $url = $request->variable('avatar_remote_url', ''); $width = $request->variable('avatar_remote_width', 0); $height = $request->variable('avatar_remote_height', 0); @@ -84,6 +86,24 @@ class remote extends \phpbb\avatar\driver\driver return false; } + /** + * Event to make custom validation of avatar upload + * + * @event core.ucp_profile_avatar_upload_validation + * @var string url Image url + * @var string width Image width + * @var string height Image height + * @var array error Error message array + * @since 3.2.9-RC1 + */ + $vars = array('url', 'width', 'height', 'error'); + extract($phpbb_dispatcher->trigger_event('core.ucp_profile_avatar_upload_validation', compact($vars))); + + if (!empty($error)) + { + return false; + } + // Check if this url looks alright // Do not allow specifying the port (see RFC 3986) or IP addresses if (!preg_match('#^(http|https|ftp)://(?:(.*?\.)*?[a-z0-9\-]+?\.[a-z]{2,4}|(?:\d{1,3}\.){3,5}\d{1,3}):?([0-9]*?).*?\.('. implode('|', $this->allowed_extensions) . ')$#i', $url) || diff --git a/phpBB/phpbb/db/migration/data/v32x/user_emoji_permission.php b/phpBB/phpbb/db/migration/data/v32x/user_emoji_permission.php new file mode 100644 index 0000000000..98759c78ee --- /dev/null +++ b/phpBB/phpbb/db/migration/data/v32x/user_emoji_permission.php @@ -0,0 +1,44 @@ + +* @license GNU General Public License, version 2 (GPL-2.0) +* +* For full copyright and license information, please see +* the docs/CREDITS.txt file. +* +*/ + +namespace phpbb\db\migration\data\v32x; + +class user_emoji_permission extends \phpbb\db\migration\migration +{ + public function effectively_installed() + { + $sql = 'SELECT auth_option_id + FROM ' . ACL_OPTIONS_TABLE . " + WHERE auth_option = 'u_emoji'"; + $result = $this->db->sql_query($sql); + $auth_option_id = $this->db->sql_fetchfield('auth_option_id'); + $this->db->sql_freeresult($result); + + return $auth_option_id !== false; + } + + static public function depends_on() + { + return [ + '\phpbb\db\migration\data\v32x\v329rc1', + ]; + } + + public function update_data() + { + return [ + ['permission.add', ['u_emoji']], + ['permission.permission_set', ['REGISTERED', 'u_emoji', 'group']], + ]; + } +} diff --git a/phpBB/phpbb/db/migration/data/v32x/v329rc1.php b/phpBB/phpbb/db/migration/data/v32x/v329rc1.php new file mode 100644 index 0000000000..271bf62859 --- /dev/null +++ b/phpBB/phpbb/db/migration/data/v32x/v329rc1.php @@ -0,0 +1,36 @@ + +* @license GNU General Public License, version 2 (GPL-2.0) +* +* For full copyright and license information, please see +* the docs/CREDITS.txt file. +* +*/ + +namespace phpbb\db\migration\data\v32x; + +class v329rc1 extends \phpbb\db\migration\migration +{ + public function effectively_installed() + { + return phpbb_version_compare($this->config['version'], '3.2.9-RC1', '>='); + } + + static public function depends_on() + { + return array( + '\phpbb\db\migration\data\v32x\v328', + ); + } + + public function update_data() + { + return array( + array('config.update', array('version', '3.2.9-RC1')), + ); + } +} diff --git a/phpBB/phpbb/permissions.php b/phpBB/phpbb/permissions.php index 7697884b6a..236535cc6a 100644 --- a/phpBB/phpbb/permissions.php +++ b/phpBB/phpbb/permissions.php @@ -234,6 +234,7 @@ class permissions 'u_savedrafts' => array('lang' => 'ACL_U_SAVEDRAFTS', 'cat' => 'post'), 'u_chgcensors' => array('lang' => 'ACL_U_CHGCENSORS', 'cat' => 'post'), 'u_sig' => array('lang' => 'ACL_U_SIG', 'cat' => 'post'), + 'u_emoji' => array('lang' => 'ACL_U_EMOJI', 'cat' => 'post'), 'u_sendpm' => array('lang' => 'ACL_U_SENDPM', 'cat' => 'pm'), 'u_masspm' => array('lang' => 'ACL_U_MASSPM', 'cat' => 'pm'), diff --git a/phpBB/phpbb/search/fulltext_sphinx.php b/phpBB/phpbb/search/fulltext_sphinx.php index f7277627f8..92845a59c0 100644 --- a/phpBB/phpbb/search/fulltext_sphinx.php +++ b/phpBB/phpbb/search/fulltext_sphinx.php @@ -698,7 +698,7 @@ class fulltext_sphinx $this->sphinx->SetFilter('deleted', array(0)); - $this->sphinx->SetLimits((int) $start, (int) $per_page, SPHINX_MAX_MATCHES); + $this->sphinx->SetLimits((int) $start, (int) $per_page, max(SPHINX_MAX_MATCHES, (int) $start + $per_page)); $result = $this->sphinx->Query($search_query_prefix . $this->sphinx->sphinx_clean_search_string(str_replace('"', '"', $this->search_query)), $this->indexes); // Could be connection to localhost:9312 failed (errno=111, @@ -729,7 +729,7 @@ class fulltext_sphinx { $start = floor(($result_count - 1) / $per_page) * $per_page; - $this->sphinx->SetLimits((int) $start, (int) $per_page, SPHINX_MAX_MATCHES); + $this->sphinx->SetLimits((int) $start, (int) $per_page, max(SPHINX_MAX_MATCHES, (int) $start + $per_page)); $result = $this->sphinx->Query($search_query_prefix . $this->sphinx->sphinx_clean_search_string(str_replace('"', '"', $this->search_query)), $this->indexes); // Could be connection to localhost:9312 failed (errno=111, diff --git a/phpBB/posting.php b/phpBB/posting.php index 59616a2858..57b52320a3 100644 --- a/phpBB/posting.php +++ b/phpBB/posting.php @@ -1184,21 +1184,24 @@ if ($submit || $preview || $refresh) /** * Replace Emojis and other 4bit UTF-8 chars not allowed by MySQL to UCR/NCR. * Using their Numeric Character Reference's Hexadecimal notation. + * Check the permissions for posting Emojis first. */ - $post_data['post_subject'] = utf8_encode_ucr($post_data['post_subject']); - - /** - * This should never happen again. - * Leaving the fallback here just in case there will be the need of it. - * - * Check for out-of-bounds characters that are currently - * not supported by utf8_bin in MySQL - */ - if (preg_match_all('/[\x{10000}-\x{10FFFF}]/u', $post_data['post_subject'], $matches)) + if ($auth->acl_get('u_emoji')) { - $character_list = implode('
        ', $matches[0]); + $post_data['post_subject'] = utf8_encode_ucr($post_data['post_subject']); + } + else + { + /** + * Check for out-of-bounds characters that are currently + * not supported by utf8_bin in MySQL + */ + if (preg_match_all('/[\x{10000}-\x{10FFFF}]/u', $post_data['post_subject'], $matches)) + { + $character_list = implode('
        ', $matches[0]); - $error[] = $user->lang('UNSUPPORTED_CHARACTERS_SUBJECT', $character_list); + $error[] = $user->lang('UNSUPPORTED_CHARACTERS_SUBJECT', $character_list); + } } $post_data['poll_last_vote'] = (isset($post_data['poll_last_vote'])) ? $post_data['poll_last_vote'] : 0; diff --git a/phpBB/styles/prosilver/style.cfg b/phpBB/styles/prosilver/style.cfg index 8e3ba24aaa..697bcee97d 100644 --- a/phpBB/styles/prosilver/style.cfg +++ b/phpBB/styles/prosilver/style.cfg @@ -21,8 +21,8 @@ # General Information about this style name = prosilver copyright = © phpBB Limited, 2007 -style_version = 3.2.8 -phpbb_version = 3.2.8 +style_version = 3.2.9 +phpbb_version = 3.2.9 # Defining a different template bitfield # template_bitfield = //g= diff --git a/phpBB/styles/prosilver/template/posting_attach_body.html b/phpBB/styles/prosilver/template/posting_attach_body.html index ff5bfe1b55..0363fe0f05 100644 --- a/phpBB/styles/prosilver/template/posting_attach_body.html +++ b/phpBB/styles/prosilver/template/posting_attach_body.html @@ -38,7 +38,7 @@ -   + {% if S_BBCODE_ALLOWED %} {% endif %} @@ -64,7 +64,7 @@ {attach_row.FILENAME} {% EVENT posting_attach_body_attach_row_controls_prepend %} -   + {% if S_BBCODE_ALLOWED and S_INLINE_ATTACHMENT_OPTIONS %} {% endif %} {% EVENT posting_attach_body_attach_row_controls_append %}