diff options
| -rw-r--r-- | .travis.yml | 1 | ||||
| -rw-r--r-- | build/build.xml | 4 | ||||
| -rw-r--r-- | phpBB/docs/CHANGELOG.html | 8 | ||||
| -rw-r--r-- | phpBB/includes/acp/acp_database.php | 1 | ||||
| -rw-r--r-- | phpBB/includes/mcp/mcp_reports.php | 1 | ||||
| -rw-r--r-- | phpBB/language/en/migrator.php | 7 | ||||
| -rw-r--r-- | phpBB/phpbb/db/migration/data/v30x/release_3_0_14.php | 37 | ||||
| -rw-r--r-- | phpBB/phpbb/db/migration/data/v31x/v314.php | 32 | ||||
| -rw-r--r-- | tests/lint_test.php | 49 | ||||
| -rwxr-xr-x | travis/check-image-icc-profiles.sh | 2 | ||||
| -rw-r--r-- | travis/phpunit-mysqli-travis.xml | 3 | ||||
| -rwxr-xr-x | travis/setup-webserver.sh | 10 |
12 files changed, 119 insertions, 36 deletions
diff --git a/.travis.yml b/.travis.yml index e68ba5f501..2542898324 100644 --- a/.travis.yml +++ b/.travis.yml @@ -46,6 +46,7 @@ script: - travis/check-sami-parse-errors.sh $DB $TRAVIS_PHP_VERSION - travis/check-image-icc-profiles.sh $DB $TRAVIS_PHP_VERSION - travis/check-executable-files.sh $DB $TRAVIS_PHP_VERSION ./ + - sh -c "if [ '$SLOWTESTS' != '1' -a '$DB' = 'mysqli' ]; then phpBB/vendor/bin/phpunit tests/lint_test.php; fi" - sh -c "if [ '$SLOWTESTS' != '1' ]; then phpBB/vendor/bin/phpunit --configuration travis/phpunit-$DB-travis.xml; fi" - sh -c "if [ '$SLOWTESTS' = '1' ]; then phpBB/vendor/bin/phpunit --configuration travis/phpunit-$DB-travis.xml --group slow; fi" - sh -c "if [ '$TRAVIS_PHP_VERSION' = '5.3.3' -a '$DB' = 'mysqli' -a '$TRAVIS_PULL_REQUEST' != 'false' ]; then git-tools/commit-msg-hook-range.sh origin/$TRAVIS_BRANCH..FETCH_HEAD; fi" diff --git a/build/build.xml b/build/build.xml index 823f57206d..6c91827146 100644 --- a/build/build.xml +++ b/build/build.xml @@ -3,8 +3,8 @@ <project name="phpBB" description="The phpBB forum software" default="all" basedir="../"> <!-- a few settings for the build --> <property name="newversion" value="3.1.5-dev" /> - <property name="prevversion" value="3.1.3" /> - <property name="olderversions" value="3.0.12, 3.0.13, 3.0.13-PL1, 3.0.14-RC1, 3.1.0, 3.1.1, 3.1.2" /> + <property name="prevversion" value="3.1.4" /> + <property name="olderversions" value="3.0.12, 3.0.13, 3.0.13-PL1, 3.0.14, 3.1.0, 3.1.1, 3.1.2, 3.1.3" /> <!-- no configuration should be needed beyond this point --> <property name="oldversions" value="${olderversions}, ${prevversion}" /> diff --git a/phpBB/docs/CHANGELOG.html b/phpBB/docs/CHANGELOG.html index 0e6a963f98..88df39a6d5 100644 --- a/phpBB/docs/CHANGELOG.html +++ b/phpBB/docs/CHANGELOG.html @@ -113,6 +113,10 @@ <a name="v313"></a><h3>Changes since 3.1.3</h3> + <h4>Security</h4> + <ul> + <li>[SECURITY-180] - An insufficient check allowed users of the Google Chrome browser to be redirected to external domains (e.g. on login)</li> + </ul> <h4>Bug</h4> <ul> <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-8050">PHPBB3-8050</a>] - Avatar & Long PM recipients list break out of template</li> @@ -2331,6 +2335,10 @@ <a name="v3013-PL1"></a><h3>Changes since 3.0.13-PL1</h3> +<h4>Security</h4> +<ul> +<li>[SECURITY-180] - An insufficient check allowed users of the Google Chrome browser to be redirected to external domains (e.g. on login)</li> +</ul> <h4>Bug</h4> <ul> <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13348">PHPBB3-13348</a>] - sql_freeresult() should be called in feed base class</li> diff --git a/phpBB/includes/acp/acp_database.php b/phpBB/includes/acp/acp_database.php index 0c52f82459..c5aebf011d 100644 --- a/phpBB/includes/acp/acp_database.php +++ b/phpBB/includes/acp/acp_database.php @@ -1173,6 +1173,7 @@ class postgres_extractor extends base_extractor $this->flush($sql_data . ";\n"); } } + $db->sql_freeresult($result); $sql_data = '-- Table: ' . $table_name . "\n"; $sql_data .= "DROP TABLE $table_name;\n"; diff --git a/phpBB/includes/mcp/mcp_reports.php b/phpBB/includes/mcp/mcp_reports.php index 804d48ea97..ccb54092b4 100644 --- a/phpBB/includes/mcp/mcp_reports.php +++ b/phpBB/includes/mcp/mcp_reports.php @@ -489,6 +489,7 @@ function close_report($report_id_list, $mode, $action, $pm = false) { $post_id_list[] = $row[$id_column]; } + $db->sql_freeresult($result); $post_id_list = array_unique($post_id_list); if ($pm) diff --git a/phpBB/language/en/migrator.php b/phpBB/language/en/migrator.php index f5a56816c2..244a5faadf 100644 --- a/phpBB/language/en/migrator.php +++ b/phpBB/language/en/migrator.php @@ -52,6 +52,13 @@ $lang = array_merge($lang, array( 'MIGRATION_SCHEMA_DONE' => 'Installed Schema: %1$s; Time: %2$.2f seconds', 'MIGRATION_SCHEMA_RUNNING' => 'Installing Schema: %s.', + 'MIGRATION_INVALID_DATA_MISSING_CONDITION' => 'A migration is invalid. An if statement helper is missing a condition.', + 'MIGRATION_INVALID_DATA_MISSING_STEP' => 'A migration is invalid. An if statement helper is missing a valid call to a migration step.', + 'MIGRATION_INVALID_DATA_CUSTOM_NOT_CALLABLE' => 'A migration is invalid. A custom callable function could not be called.', + 'MIGRATION_INVALID_DATA_UNKNOWN_TYPE' => 'A migration is invalid. An unknown migration tool type was encountered.', + 'MIGRATION_INVALID_DATA_UNDEFINED_TOOL' => 'A migration is invalid. An undefined migration tool was encountered.', + 'MIGRATION_INVALID_DATA_UNDEFINED_METHOD' => 'A migration is invalid. An undefined migration tool method was encountered.', + 'MODULE_ERROR' => 'An error occurred while creating a module: %s', 'MODULE_INFO_FILE_NOT_EXIST' => 'A required module info file is missing: %2$s', 'MODULE_NOT_EXIST' => 'A required module does not exist: %s', diff --git a/phpBB/phpbb/db/migration/data/v30x/release_3_0_14.php b/phpBB/phpbb/db/migration/data/v30x/release_3_0_14.php new file mode 100644 index 0000000000..51475f5a05 --- /dev/null +++ b/phpBB/phpbb/db/migration/data/v30x/release_3_0_14.php @@ -0,0 +1,37 @@ +<?php +/** +* +* This file is part of the phpBB Forum Software package. +* +* @copyright (c) phpBB Limited <https://www.phpbb.com> +* @license GNU General Public License, version 2 (GPL-2.0) +* +* For full copyright and license information, please see +* the docs/CREDITS.txt file. +* +*/ + +namespace phpbb\db\migration\data\v30x; + +class release_3_0_14 extends \phpbb\db\migration\migration +{ + public function effectively_installed() + { + return phpbb_version_compare($this->config['version'], '3.0.14', '>=') && phpbb_version_compare($this->config['version'], '3.1.0-dev', '<'); + } + + static public function depends_on() + { + return array('\phpbb\db\migration\data\v30x\release_3_0_14_rc1'); + } + + public function update_data() + { + return array( + array('if', array( + phpbb_version_compare($this->config['version'], '3.0.14', '<'), + array('config.update', array('version', '3.0.14')), + )), + ); + } +} diff --git a/phpBB/phpbb/db/migration/data/v31x/v314.php b/phpBB/phpbb/db/migration/data/v31x/v314.php new file mode 100644 index 0000000000..b7793ca569 --- /dev/null +++ b/phpBB/phpbb/db/migration/data/v31x/v314.php @@ -0,0 +1,32 @@ +<?php +/** +* +* This file is part of the phpBB Forum Software package. +* +* @copyright (c) phpBB Limited <https://www.phpbb.com> +* @license GNU General Public License, version 2 (GPL-2.0) +* +* For full copyright and license information, please see +* the docs/CREDITS.txt file. +* +*/ + +namespace phpbb\db\migration\data\v31x; + +class v314 extends \phpbb\db\migration\migration +{ + static public function depends_on() + { + return array( + '\phpbb\db\migration\data\v30x\release_3_0_14', + '\phpbb\db\migration\data\v31x\v314rc2', + ); + } + + public function update_data() + { + return array( + array('config.update', array('version', '3.1.4')), + ); + } +} diff --git a/tests/lint_test.php b/tests/lint_test.php index 9fb1c7624c..fb43196bae 100644 --- a/tests/lint_test.php +++ b/tests/lint_test.php @@ -38,31 +38,34 @@ class phpbb_lint_test extends phpbb_test_case self::markTestSkipped(sprintf('Could not run PHP_BINARY %s. Output: %s', self::$php_binary, $output)); } } - - self::$exclude = array( - dirname(__FILE__) . '/../.git', - dirname(__FILE__) . '/../build/new_version', - dirname(__FILE__) . '/../build/old_versions', - dirname(__FILE__) . '/../phpBB/cache', - // PHP Fatal error: Cannot declare class Container because the name is already in use in /var/www/projects/phpbb3/tests/../phpBB/vendor/symfony/dependency-injection/Symfony/Component/DependencyInjection/Tests/Fixtures/php/services1-1.php on line 20 - // https://gist.github.com/e003913ffd493da63cbc - dirname(__FILE__) . '/../phpBB/vendor', - ); } - public function test_lint() + /** + * @dataProvider lint_data + */ + public function test_lint($path) { if (version_compare(PHP_VERSION, '5.3.0', '<')) { $this->markTestSkipped('phpBB uses PHP 5.3 syntax in some files, linting on PHP < 5.3 will fail'); } - $root = dirname(__FILE__) . '/..'; - $this->check($root); + $cmd = sprintf('(%s -l %s) 2>&1', self::$php_binary, escapeshellarg($path)); + $output = array(); + $status = 1; + exec($cmd, $output, $status); + $output = implode("\n", $output); + $this->assertEquals(0, $status, "PHP lint failed for $path:\n$output"); + } + + public function lint_data() + { + return $this->check(dirname(__FILE__) . '/..'); } protected function check($root) { + $files = array(); $dh = opendir($root); while (($filename = readdir($dh)) !== false) { @@ -76,19 +79,23 @@ class phpbb_lint_test extends phpbb_test_case { continue; } - if (is_dir($path) && !in_array($path, self::$exclude)) + if (is_dir($path) && !in_array($path, array( + dirname(__FILE__) . '/../.git', + dirname(__FILE__) . '/../build/new_version', + dirname(__FILE__) . '/../build/old_versions', + dirname(__FILE__) . '/../phpBB/cache', + // PHP Fatal error: Cannot declare class Container because the name is already in use in /var/www/projects/phpbb3/tests/../phpBB/vendor/symfony/dependency-injection/Symfony/Component/DependencyInjection/Tests/Fixtures/php/services1-1.php on line 20 + // https://gist.github.com/e003913ffd493da63cbc + dirname(__FILE__) . '/../phpBB/vendor', + ))) { - $this->check($path); + $files = array_merge($files, $this->check($path)); } else if (substr($filename, strlen($filename)-4) == '.php') { - $cmd = sprintf('(%s -l %s) 2>&1', self::$php_binary, escapeshellarg($path)); - $output = array(); - $status = 1; - exec($cmd, $output, $status); - $output = implode("\n", $output); - $this->assertEquals(0, $status, "PHP lint failed for $path:\n$output"); + $files[] = array($path); } } + return $files; } } diff --git a/travis/check-image-icc-profiles.sh b/travis/check-image-icc-profiles.sh index bb070ccc27..5926962d40 100755 --- a/travis/check-image-icc-profiles.sh +++ b/travis/check-image-icc-profiles.sh @@ -15,6 +15,6 @@ TRAVIS_PHP_VERSION=$2 if [ "$TRAVIS_PHP_VERSION" == "5.3.3" -a "$DB" == "mysqli" ] then - find . -type f -not -path './phpBB/vendor/*' -iregex '.*\.\(gif\|jpg\|jpeg\|png\)$' | \ + find . -type f -a -iregex '.*\.\(gif\|jpg\|jpeg\|png\)$' -a -not -wholename '*vendor/*' | \ parallel --gnu --keep-order 'phpBB/develop/strip_icc_profiles.sh {}' fi diff --git a/travis/phpunit-mysqli-travis.xml b/travis/phpunit-mysqli-travis.xml index 4c963895fc..b12ae6fe8b 100644 --- a/travis/phpunit-mysqli-travis.xml +++ b/travis/phpunit-mysqli-travis.xml @@ -18,9 +18,6 @@ <exclude>../tests/lint_test.php</exclude> <exclude>../tests/ui</exclude> </testsuite> - <testsuite name="phpBB Lint Test"> - <file>../tests/lint_test.php</file> - </testsuite> <testsuite name="phpBB Functional Tests"> <directory suffix="_test.php" phpVersion="5.3.19" phpVersionOperator=">=">../tests/functional</directory> </testsuite> diff --git a/travis/setup-webserver.sh b/travis/setup-webserver.sh index ab045431cc..911ba12f3c 100755 --- a/travis/setup-webserver.sh +++ b/travis/setup-webserver.sh @@ -11,12 +11,6 @@ set -e set -x -if [ "$TRAVIS_PHP_VERSION" = 'hhvm' ] -then - # Add PPA providing dependencies for recent HHVM on Ubuntu 12.04. - sudo add-apt-repository -y ppa:mapnik/boost -fi - sudo apt-get update sudo apt-get install -y nginx realpath @@ -30,11 +24,9 @@ APP_SOCK=$(realpath "$DIR")/php-app.sock if [ "$TRAVIS_PHP_VERSION" = 'hhvm' ] then - # Upgrade to a recent stable version of HHVM - sudo apt-get -o Dpkg::Options::="--force-confnew" install -y hhvm-nightly - HHVM_LOG=$(realpath "$DIR")/hhvm.log + sudo service hhvm stop sudo hhvm \ --mode daemon \ --user "$USER" \ |