diff options
40 files changed, 389 insertions, 71 deletions
diff --git a/build/build.xml b/build/build.xml index 006f9225e9..1f6535875c 100644 --- a/build/build.xml +++ b/build/build.xml @@ -4,7 +4,7 @@ <!-- a few settings for the build --> <property name="newversion" value="3.2.9-dev" /> <property name="prevversion" value="3.2.7" /> - <property name="olderversions" value="3.1.0, 3.1.1, 3.1.2, 3.1.3, 3.1.4, 3.1.5, 3.1.6, 3.1.7, 3.1.7-pl1, 3.1.8, 3.1.9, 3.1.10, 3.1.11, 3.1.12, 3.2.0-a1, 3.2.0-a2, 3.2.0-b1, 3.2.0-b2, 3.2.0-RC1, 3.2.0-RC2, 3.2.0, 3.2.1, 3.2.2, 3.2.3, 3.2.4, 3.2.5, 3.2.6" /> + <property name="olderversions" value="3.1.0, 3.1.1, 3.1.2, 3.1.3, 3.1.4, 3.1.5, 3.1.6, 3.1.7, 3.1.7-pl1, 3.1.8, 3.1.9, 3.1.10, 3.1.11, 3.1.12, 3.2.0-a1, 3.2.0-a2, 3.2.0-b1, 3.2.0-b2, 3.2.0-RC1, 3.2.0-RC2, 3.2.0, 3.2.1, 3.2.2, 3.2.3, 3.2.4, 3.2.5, 3.2.6, 3.2.8-RC1" /> <!-- no configuration should be needed beyond this point --> <property name="oldversions" value="${olderversions}, ${prevversion}" /> diff --git a/build/generate_package_json.php b/build/generate_package_json.php new file mode 100644 index 0000000000..152f38958a --- /dev/null +++ b/build/generate_package_json.php @@ -0,0 +1,127 @@ +#!/usr/bin/env php +<?php +/** + * + * This file is part of the phpBB Forum Software package. + * + * @copyright (c) phpBB Limited <https://www.phpbb.com> + * @license GNU General Public License, version 2 (GPL-2.0) + * + * For full copyright and license information, please see + * the docs/CREDITS.txt file. + * + */ + +if (version_compare(PHP_VERSION, '7.0-dev', '<')) +{ + die('generate_package_json.php requires at least PHP 7.0.'); +} + +define('IN_PHPBB', true); +include_once('../phpBB/includes/functions.php'); + +$json_data = new \stdClass(); +$json_data->metadata = new stdClass(); + +$json_data->metadata->current_version_date = ''; +$json_data->metadata->current_version = ''; +$json_data->metadata->download_path = ''; +$json_data->metadata->show_update_package = true; +$json_data->metadata->historic = false; + +$json_data->package = []; + +// Open build.xml +$build_xml = simplexml_load_file('build.xml'); +$current_version = (string) $build_xml->xpath('/project/property[@name=\'newversion\']/@value')[0]->value; +$previous_version = (string) $build_xml->xpath('/project/property[@name=\'prevversion\']/@value')[0]->value; +$older_verions = explode(', ', (string) $build_xml->xpath('/project/property[@name=\'olderversions\']/@value')[0]->value); + +// Clean and sort version info +$older_verions[] = $previous_version; +$older_verions = array_filter($older_verions, function($version) { + preg_match(get_preg_expression('semantic_version'), $version, $matches); + return empty($matches['prerelease']) || strpos($matches['prerelease'], 'pl') !== false; +}); +usort($older_verions, function($version_a, $version_b) +{ + return phpbb_version_compare($version_b, $version_a); +}); + +// Set metadata +$json_data->metadata->current_version = $current_version; +$json_data->metadata->current_version_date = date('Y-m-d'); +$json_data->metadata->download_path = 'https://download.phpbb.com/pub/release/' . preg_replace('#([0-9]+\.[0-9]+)(\..+)#', '$1', $current_version) . '/' . $current_version . '/'; + +// Add package, patch files, and changed files +phpbb_add_package_file( + $json_data->package, + 'phpBB ' . $current_version, + 'phpBB-' . $current_version, + 'full', + '' +); +phpbb_add_package_file( + $json_data->package, + 'phpBB ' . $current_version . ' Patch Files', + 'phpBB-' . $current_version . '-patch', + 'update', + 'patch' +); +phpbb_add_package_file( + $json_data->package, + 'phpBB ' . $current_version . ' Changed Files', + 'phpBB-' . $current_version . '-files', + 'update', + 'files' +); + +// Loop through packages and assign to packages array +foreach ($older_verions as $version) +{ + phpbb_add_package_file( + $json_data->package, + 'phpBB ' . $version . ' to ' . $current_version . ' Update Package', + 'phpBB-' . $version . '_to_' . $current_version, + 'update', + 'update', + $version + ); +} + +echo(json_encode($json_data, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES) . "\n"); + +function phpbb_add_package_file(array &$package_list, $name, $file_name, $type, $subtype, $from = '') +{ + if (!file_exists(__DIR__ . '/new_version/release_files/' . $file_name . '.zip')) + { + trigger_error('File does not exist: ' . __DIR__ . '/new_version/release_files/' . $file_name . '.zip'); + return; + } + + $package_file = new stdClass(); + $package_file->name = $name; + $package_file->filename = $file_name; + $package_file->type = $type; + if (!empty($subtype)) + { + $package_file->subtype = $subtype; + } + if (!empty($from)) + { + $package_file->from = $from; + } + $package_file->files = []; + + foreach (['zip', 'tar.bz2'] as $extension) + { + $file_path = 'new_version/release_files/' . $file_name . '.' . $extension; + $filedata = new stdClass(); + $filedata->filesize = filesize($file_path); + $filedata->checksum = trim(preg_replace('/(^\w+)(.+)/', '$1', file_get_contents($file_path . '.sha256'))); + $filedata->filetype = $extension; + $package_file->files[] = $filedata; + } + + $package_list[] = $package_file; +} diff --git a/phpBB/adm/style/acp_database.html b/phpBB/adm/style/acp_database.html index ed0f4dd453..cc0b57b411 100644 --- a/phpBB/adm/style/acp_database.html +++ b/phpBB/adm/style/acp_database.html @@ -68,12 +68,6 @@ <!-- END methods --></dd> </dl> <dl> - <dt><label for="where">{L_ACTION}{L_COLON}</label></dt> - <dd> - <label><input id="where" type="radio" class="radio" name="where" value="store" checked="checked" /> {L_STORE_LOCAL}</label> - </dd> - </dl> - <dl> <dt><label for="table">{L_TABLE_SELECT}{L_COLON}</label></dt> <dd><select id="table" name="table[]" size="10" multiple="multiple"> <!-- BEGIN tables --> diff --git a/phpBB/adm/style/permission_mask.html b/phpBB/adm/style/permission_mask.html index c556664b8c..23294d60df 100644 --- a/phpBB/adm/style/permission_mask.html +++ b/phpBB/adm/style/permission_mask.html @@ -9,6 +9,8 @@ var role_options = new Array(); + var no_role_assigned = "{LA_NO_ROLE_ASSIGNED}"; + <!-- IF S_ROLE_JS_ARRAY --> {S_ROLE_JS_ARRAY} <!-- ENDIF --> diff --git a/phpBB/adm/style/permissions.js b/phpBB/adm/style/permissions.js index 9178adab50..af8e21ad51 100644 --- a/phpBB/adm/style/permissions.js +++ b/phpBB/adm/style/permissions.js @@ -279,6 +279,10 @@ function reset_role(id) { } t.options[0].selected = true; + + var parent = t.parentNode; + parent.querySelector('span.dropdown-trigger').innerText = no_role_assigned; + parent.querySelector('input[data-name^=role]').value = '0'; } /** diff --git a/phpBB/assets/javascript/plupload.js b/phpBB/assets/javascript/plupload.js index f82da1acb1..8c52aae819 100644 --- a/phpBB/assets/javascript/plupload.js +++ b/phpBB/assets/javascript/plupload.js @@ -90,6 +90,12 @@ phpbb.plupload.getSerializedData = function() { obj['attachment_data[' + i + '][' + key + ']'] = datum[key]; } } + + // Insert form data + var $pluploadForm = $(phpbb.plupload.config.form_hook).first(); + obj.creation_time = $pluploadForm.find('input[type=hidden][name="creation_time"]').val(); + obj.form_token = $pluploadForm.find('input[type=hidden][name="form_token"]').val(); + return obj; }; @@ -264,6 +270,17 @@ phpbb.plupload.deleteFile = function(row, attachId) { return; } + + // Handle errors while deleting file + if (typeof response.error !== 'undefined') { + phpbb.alert(phpbb.plupload.lang.ERROR, response.error.message); + + // We will have to assume that the deletion failed. So leave the file status as uploaded. + row.find('.file-status').toggleClass('file-uploaded'); + + return; + } + phpbb.plupload.update(response, 'removal', index); // Check if the user can upload files now if he had reached the max files limit. phpbb.plupload.handleMaxFilesReached(); diff --git a/phpBB/docs/CHANGELOG.html b/phpBB/docs/CHANGELOG.html index dc68e62f49..06cdb37b56 100644 --- a/phpBB/docs/CHANGELOG.html +++ b/phpBB/docs/CHANGELOG.html @@ -50,6 +50,7 @@ <ol> <li><a href="#changelog">Changelog</a> <ul> + <li><a href="#v328rc1">Changes since 3.2.8-RC1</a></li> <li><a href="#v327">Changes since 3.2.7</a></li> <li><a href="#v326">Changes since 3.2.6</a></li> <li><a href="#v326rc1">Changes since 3.2.6-RC1</a></li> @@ -139,6 +140,28 @@ <div class="inner"> <div class="content"> + <a name="v328rc1"></a><h3>Changes since 3.2.8-RC1</h3> + <h4>Bug</h4> + <ul> + <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-15467">PHPBB3-15467</a>] - Permission settings do not take affect when set using All YES/NO/NEVER</li> + <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16123">PHPBB3-16123</a>] - PHP error (Array to string conversion) on new user registration if email address is banned and " Reason shown to the banned" is empty</li> + <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16136">PHPBB3-16136</a>] - Missing word in 'AUTH_PROVIDER_OAUTH_ERROR_ALREADY_LINKED' </li> + </ul> + <h4>Improvement</h4> + <ul> + <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16134">PHPBB3-16134</a>] - Exclude group leaders on group member purge</li> + </ul> + <h4>Security Issue</h4> + <ul> + <li>[SECURITY-243] - CSS injection via BBCode tag</li> + <li>[SECURITY-244] - Missing form token check when handling attachments</li> + <li>[SECURITY-246] - Missing form token check when managing BBCodes</li> + </ul> + <h4>Hardening</h4> + <ul> + <li>[SECURITY-247] - Disable MySQLi local infile to prevent local file inclusion</li> + </ul> + <a name="v327"></a><h3>Changes since 3.2.7</h3> <h4>Bug</h4> <ul> @@ -193,7 +216,6 @@ <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16078">PHPBB3-16078</a>] - Use chrome webdriver for UI tests</li> <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16089">PHPBB3-16089</a>] - Add core.confirm_box_ajax_before</li> <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16097">PHPBB3-16097</a>] - Add core.viewtopic_gen_sort_selects_before</li> - <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16101">PHPBB3-16101</a>] - Add Referrer-Policy header</li> <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16102">PHPBB3-16102</a>] - Add core.posting_modify_post_subject</li> <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16103">PHPBB3-16103</a>] - Add core.pm_modify_message_subject</li> <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16106">PHPBB3-16106</a>] - Add core.mcp_main_before</li> @@ -212,6 +234,10 @@ <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16112">PHPBB3-16112</a>] - Update composer dependencies to latest</li> <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16119">PHPBB3-16119</a>] - The text input for poll question has a too high maxlength attribute</li> </ul> + <h4>Hardening</h4> + <ul> + <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16101">PHPBB3-16101</a>] - Add Referrer-Policy header</li> + </ul> <a name="v326"></a><h3>Changes since 3.2.6</h3> <h4>Bug</h4> diff --git a/phpBB/docs/CREDITS.txt b/phpBB/docs/CREDITS.txt index 90e9a31127..596f4545fa 100644 --- a/phpBB/docs/CREDITS.txt +++ b/phpBB/docs/CREDITS.txt @@ -1,7 +1,7 @@ /** * -* phpBB © Copyright phpBB Limited 2003-2016 -* http://www.phpbb.com +* phpBB © Copyright phpBB Limited 2003-2019 +* https://www.phpbb.com * * phpBB is free software. You can redistribute it and/or modify it * under the terms of the GNU General Public License, version 2 (GPL-2.0) @@ -27,7 +27,6 @@ phpBB Developers: bantu (Andreas Fischer) Derky (Derk Ruitenbeek) Elsensee (Oliver Schramm) Hanakin (Michael Miday) - MichaelC (Michael Cullum) Nicofuma (Tristan Darricau) rubencm (Rubén Calvo) @@ -63,6 +62,7 @@ phpBB Developers: A_Jelly_Doughnut (Josh Woody) [01/2010 - 11/2010] igorw (Igor Wiedler) [08/2010 - 02/2013] imkingdavid (David King) [11/2012 - 06/2014] kellanved (Henry Sudhof) [04/2007 - 03/2011] + MichaelC (Michael Cullum) [11/2017 - 09/2019] nickvergessen (Joas Schilling)[04/2010 - 12/2015] Oleg (Oleg Pudeyev) [01/2011 - 05/2013] prototech (Cesar Gallegos) [01/2014 - 12/2016] diff --git a/phpBB/includes/acp/acp_bbcodes.php b/phpBB/includes/acp/acp_bbcodes.php index 1f7374a07f..56079061ce 100644 --- a/phpBB/includes/acp/acp_bbcodes.php +++ b/phpBB/includes/acp/acp_bbcodes.php @@ -33,7 +33,6 @@ class acp_bbcodes // Set up general vars $action = $request->variable('action', ''); $bbcode_id = $request->variable('bbcode', 0); - $submit = $request->is_set_post('submit'); $this->tpl_name = 'acp_bbcodes'; $this->page_title = 'ACP_BBCODES'; @@ -41,11 +40,6 @@ class acp_bbcodes add_form_key($form_key); - if ($submit && !check_form_key($form_key)) - { - trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING); - } - // Set up mode-specific vars switch ($action) { @@ -179,6 +173,12 @@ class acp_bbcodes extract($phpbb_dispatcher->trigger_event('core.acp_bbcodes_modify_create', compact($vars))); $warn_text = preg_match('%<[^>]*\{text[\d]*\}[^>]*>%i', $bbcode_tpl); + + if (!$warn_text && !check_form_key($form_key)) + { + trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING); + } + if (!$warn_text || confirm_box(true)) { $data = $this->build_regexp($bbcode_match, $bbcode_tpl); diff --git a/phpBB/includes/acp/acp_database.php b/phpBB/includes/acp/acp_database.php index c33c2e4d6f..677fce7217 100644 --- a/phpBB/includes/acp/acp_database.php +++ b/phpBB/includes/acp/acp_database.php @@ -58,7 +58,6 @@ class acp_database $type = $request->variable('type', ''); $table = array_intersect($this->db_tools->sql_list_tables(), $request->variable('table', array(''))); $format = $request->variable('method', ''); - $where = $request->variable('where', ''); if (!count($table)) { @@ -70,12 +69,9 @@ class acp_database trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING); } - $store = $structure = $schema_data = false; - - if ($where == 'store') - { - $store = true; - } + $store = true; + $structure = false; + $schema_data = false; if ($type == 'full' || $type == 'structure') { diff --git a/phpBB/includes/acp/acp_prune.php b/phpBB/includes/acp/acp_prune.php index 3eee4f7922..c5f7789de8 100644 --- a/phpBB/includes/acp/acp_prune.php +++ b/phpBB/includes/acp/acp_prune.php @@ -537,6 +537,7 @@ class acp_prune AND ug.user_id <> ' . ANONYMOUS . ' AND u.user_type <> ' . USER_FOUNDER . ' AND ug.user_pending = 0 + AND ug.group_leader = 0 AND u.user_id = ug.user_id ' . (!empty($user_ids) ? ' AND ' . $db->sql_in_set('ug.user_id', $user_ids) : ''); $result = $db->sql_query($sql); diff --git a/phpBB/includes/functions_display.php b/phpBB/includes/functions_display.php index 792467019f..f8c882e771 100644 --- a/phpBB/includes/functions_display.php +++ b/phpBB/includes/functions_display.php @@ -547,11 +547,12 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod $last_post_subject = $last_post_subject_truncated = ''; } $last_post_time = $user->format_date($row['forum_last_post_time']); + $last_post_time_rfc3339 = gmdate(DATE_RFC3339, $row['forum_last_post_time']); $last_post_url = append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'f=' . $row['forum_id_last_post'] . '&p=' . $row['forum_last_post_id']) . '#p' . $row['forum_last_post_id']; } else { - $last_post_subject = $last_post_time = $last_post_url = $last_post_subject_truncated = ''; + $last_post_subject = $last_post_time = $last_post_time_rfc3339 = $last_post_url = $last_post_subject_truncated = ''; } // Output moderator listing ... if applicable @@ -622,6 +623,7 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod 'LAST_POST_SUBJECT' => $last_post_subject, 'LAST_POST_SUBJECT_TRUNCATED' => $last_post_subject_truncated, 'LAST_POST_TIME' => $last_post_time, + 'LAST_POST_TIME_RFC3339'=> $last_post_time_rfc3339, 'LAST_POSTER' => get_username_string('username', $row['forum_last_poster_id'], $row['forum_last_poster_name'], $row['forum_last_poster_colour']), 'LAST_POSTER_COLOUR' => get_username_string('colour', $row['forum_last_poster_id'], $row['forum_last_poster_name'], $row['forum_last_poster_colour']), 'LAST_POSTER_FULL' => get_username_string('full', $row['forum_last_poster_id'], $row['forum_last_poster_name'], $row['forum_last_poster_colour']), diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php index 3bf4aa16b7..e0b6a9d0c6 100644 --- a/phpBB/includes/functions_user.php +++ b/phpBB/includes/functions_user.php @@ -1945,9 +1945,10 @@ function validate_user_email($email, $allowed_email = false) return $validate_email; } - if (($ban = $user->check_ban(false, false, $email, true)) !== false) + $ban = $user->check_ban(false, false, $email, true); + if (!empty($ban)) { - return ($ban === true) ? 'EMAIL_BANNED' : (!empty($ban['ban_give_reason']) ? $ban['ban_give_reason'] : $ban); + return !empty($ban['ban_give_reason']) ? $ban['ban_give_reason'] : 'EMAIL_BANNED'; } if (!$config['allow_emailreuse']) diff --git a/phpBB/includes/message_parser.php b/phpBB/includes/message_parser.php index 0b79cca864..e1c28223dc 100644 --- a/phpBB/includes/message_parser.php +++ b/phpBB/includes/message_parser.php @@ -1525,6 +1525,35 @@ class parse_message extends bbcode_firstpass } /** + * Check attachment form token depending on submit type + * + * @param \phpbb\language\language $language Language + * @param \phpbb\request\request_interface $request Request + * @param string $form_name Form name for checking form key + * + * @return bool True if form token is not needed or valid, false if needed and invalid + */ + function check_attachment_form_token(\phpbb\language\language $language, \phpbb\request\request_interface $request, $form_name) + { + $add_file = $request->is_set_post('add_file'); + $delete_file = $request->is_set_post('delete_file'); + + if (($add_file || $delete_file) && !check_form_key($form_name)) + { + $this->warn_msg[] = $language->lang('FORM_INVALID'); + + if ($request->is_ajax() && $this->plupload) + { + $this->plupload->emit_error(-400, 'FORM_INVALID'); + } + + return false; + } + + return true; + } + + /** * Parse Attachments */ function parse_attachments($form_name, $mode, $forum_id, $submit, $preview, $refresh, $is_message = false) diff --git a/phpBB/includes/ucp/ucp_pm_compose.php b/phpBB/includes/ucp/ucp_pm_compose.php index cb45112b01..06baa279a5 100644 --- a/phpBB/includes/ucp/ucp_pm_compose.php +++ b/phpBB/includes/ucp/ucp_pm_compose.php @@ -26,7 +26,7 @@ if (!defined('IN_PHPBB')) function compose_pm($id, $mode, $action, $user_folders = array()) { global $template, $db, $auth, $user, $cache; - global $phpbb_root_path, $phpEx, $config; + global $phpbb_root_path, $phpEx, $config, $language; global $request, $phpbb_dispatcher, $phpbb_container; // Damn php and globals - i know, this is horrible @@ -799,7 +799,10 @@ function compose_pm($id, $mode, $action, $user_folders = array()) extract($phpbb_dispatcher->trigger_event('core.ucp_pm_compose_modify_parse_before', compact($vars))); // Parse Attachments - before checksum is calculated - $message_parser->parse_attachments('fileupload', $action, 0, $submit, $preview, $refresh, true); + if ($message_parser->check_attachment_form_token($language, $request, 'ucp_pm_compose')) + { + $message_parser->parse_attachments('fileupload', $action, 0, $submit, $preview, $refresh, true); + } if (count($message_parser->warn_msg) && !($remove_u || $remove_g || $add_to || $add_bcc)) { diff --git a/phpBB/install/phpbbcli.php b/phpBB/install/phpbbcli.php index 7659b13f56..ddf17fa5f6 100755 --- a/phpBB/install/phpbbcli.php +++ b/phpBB/install/phpbbcli.php @@ -23,7 +23,7 @@ if (php_sapi_name() !== 'cli') define('IN_PHPBB', true); define('IN_INSTALL', true); define('PHPBB_ENVIRONMENT', 'production'); -define('PHPBB_VERSION', '3.2.8-RC1'); +define('PHPBB_VERSION', '3.2.8'); $phpbb_root_path = __DIR__ . '/../'; $phpEx = substr(strrchr(__FILE__, '.'), 1); diff --git a/phpBB/language/en/common.php b/phpBB/language/en/common.php index 8df8fc630b..68fe6523a2 100644 --- a/phpBB/language/en/common.php +++ b/phpBB/language/en/common.php @@ -91,7 +91,7 @@ $lang = array_merge($lang, array( 'ATTACHED_IMAGE_NOT_IMAGE' => 'The image file you tried to attach is invalid.', 'AUTHOR' => 'Author', 'AUTH_NO_PROFILE_CREATED' => 'The creation of a user profile was unsuccessful.', - 'AUTH_PROVIDER_OAUTH_ERROR_ALREADY_LINKED' => 'The account is already linked with other user.', + 'AUTH_PROVIDER_OAUTH_ERROR_ALREADY_LINKED' => 'This external service is already associated with another board account.', 'AUTH_PROVIDER_OAUTH_ERROR_INVALID_ENTRY' => 'Invalid database entry.', 'AUTH_PROVIDER_OAUTH_ERROR_INVALID_SERVICE_TYPE' => 'Invalid service type provided to OAuth service handler.', 'AUTH_PROVIDER_OAUTH_ERROR_SERVICE_NOT_CREATED' => 'OAuth service not created', diff --git a/phpBB/phpbb/db/driver/mysqli.php b/phpBB/phpbb/db/driver/mysqli.php index d43e201526..b429ad97aa 100644 --- a/phpBB/phpbb/db/driver/mysqli.php +++ b/phpBB/phpbb/db/driver/mysqli.php @@ -68,6 +68,9 @@ class mysqli extends \phpbb\db\driver\mysql_base if ($this->db_connect_id && $this->dbname != '') { + // Disable loading local files on client side + @mysqli_options($this->db_connect_id, MYSQLI_OPT_LOCAL_INFILE, false); + @mysqli_query($this->db_connect_id, "SET NAMES 'utf8'"); // enforce strict mode on databases that support it diff --git a/phpBB/phpbb/db/migration/data/v32x/v328.php b/phpBB/phpbb/db/migration/data/v32x/v328.php new file mode 100644 index 0000000000..28ff2c7033 --- /dev/null +++ b/phpBB/phpbb/db/migration/data/v32x/v328.php @@ -0,0 +1,36 @@ +<?php +/** +* +* This file is part of the phpBB Forum Software package. +* +* @copyright (c) phpBB Limited <https://www.phpbb.com> +* @license GNU General Public License, version 2 (GPL-2.0) +* +* For full copyright and license information, please see +* the docs/CREDITS.txt file. +* +*/ + +namespace phpbb\db\migration\data\v32x; + +class v328 extends \phpbb\db\migration\migration +{ + public function effectively_installed() + { + return phpbb_version_compare($this->config['version'], '3.2.8', '>='); + } + + static public function depends_on() + { + return array( + '\phpbb\db\migration\data\v32x\v328rc1', + ); + } + + public function update_data() + { + return array( + array('config.update', array('version', '3.2.8')), + ); + } +} diff --git a/phpBB/phpbb/filesystem/filesystem.php b/phpBB/phpbb/filesystem/filesystem.php index bfafdf5ddd..c5be284d8c 100644 --- a/phpBB/phpbb/filesystem/filesystem.php +++ b/phpBB/phpbb/filesystem/filesystem.php @@ -835,7 +835,7 @@ class filesystem implements filesystem_interface $current_path = $resolved_path . '/' . $path_part; // Resolve symlinks - if (is_link($current_path)) + if (@is_link($current_path)) { if (!function_exists('readlink')) { @@ -872,12 +872,12 @@ class filesystem implements filesystem_interface $resolved_path = false; } - else if (is_dir($current_path . '/')) + else if (@is_dir($current_path . '/')) { $resolved[] = $path_part; $resolved_path = $current_path; } - else if (is_file($current_path)) + else if (@is_file($current_path)) { $resolved[] = $path_part; $resolved_path = $current_path; diff --git a/phpBB/phpbb/message/form.php b/phpBB/phpbb/message/form.php index 63bada91ff..6573a04f8b 100644 --- a/phpBB/phpbb/message/form.php +++ b/phpBB/phpbb/message/form.php @@ -136,7 +136,7 @@ abstract class form { if (!check_form_key('memberlist_email')) { - $this->errors[] = 'FORM_INVALID'; + $this->errors[] = $this->user->lang('FORM_INVALID'); } if (!count($this->errors)) diff --git a/phpBB/phpbb/textformatter/s9e/factory.php b/phpBB/phpbb/textformatter/s9e/factory.php index 6191b9a315..dca1c78d40 100644 --- a/phpBB/phpbb/textformatter/s9e/factory.php +++ b/phpBB/phpbb/textformatter/s9e/factory.php @@ -110,7 +110,7 @@ class factory implements \phpbb\textformatter\cache_interface 'i' => '<span style="font-style: italic"><xsl:apply-templates/></span>', 'u' => '<span style="text-decoration: underline"><xsl:apply-templates/></span>', 'img' => '<img src="{IMAGEURL}" class="postimage" alt="{L_IMAGE}"/>', - 'size' => '<span style="font-size: {FONTSIZE}%; line-height: normal"><xsl:apply-templates/></span>', + 'size' => '<span><xsl:attribute name="style"><xsl:text>font-size: </xsl:text><xsl:value-of select="substring(@size, 1, 4)"/><xsl:text>%; line-height: normal</xsl:text></xsl:attribute><xsl:apply-templates/></span>', 'color' => '<span style="color: {COLOR}"><xsl:apply-templates/></span>', 'email' => '<a> <xsl:attribute name="href"> diff --git a/phpBB/phpbb/textformatter/s9e/parser.php b/phpBB/phpbb/textformatter/s9e/parser.php index 3698dca224..a36fc63141 100644 --- a/phpBB/phpbb/textformatter/s9e/parser.php +++ b/phpBB/phpbb/textformatter/s9e/parser.php @@ -342,7 +342,7 @@ class parser implements \phpbb\textformatter\parser_interface return false; } - if ($size < 1) + if ($size < 1 || !is_numeric($size)) { return false; } diff --git a/phpBB/posting.php b/phpBB/posting.php index 5089448483..595d0f0c06 100644 --- a/phpBB/posting.php +++ b/phpBB/posting.php @@ -974,7 +974,10 @@ if ($submit || $preview || $refresh) } // Parse Attachments - before checksum is calculated - $message_parser->parse_attachments('fileupload', $mode, $forum_id, $submit, $preview, $refresh); + if ($message_parser->check_attachment_form_token($language, $request, 'posting')) + { + $message_parser->parse_attachments('fileupload', $mode, $forum_id, $submit, $preview, $refresh); + } /** * This event allows you to modify message text before parsing diff --git a/phpBB/search.php b/phpBB/search.php index 97a8f320d4..64f6041371 100644 --- a/phpBB/search.php +++ b/phpBB/search.php @@ -1093,9 +1093,12 @@ if ($keywords || $author || $author_id || $search_id || $submit) 'TOPIC_AUTHOR_COLOUR' => get_username_string('colour', $row['topic_poster'], $row['topic_first_poster_name'], $row['topic_first_poster_colour']), 'TOPIC_AUTHOR_FULL' => get_username_string('full', $row['topic_poster'], $row['topic_first_poster_name'], $row['topic_first_poster_colour']), 'FIRST_POST_TIME' => $user->format_date($row['topic_time']), + 'FIRST_POST_TIME_RFC3339' => gmdate(DATE_RFC3339, $row['topic_time']), 'LAST_POST_SUBJECT' => $row['topic_last_post_subject'], 'LAST_POST_TIME' => $user->format_date($row['topic_last_post_time']), + 'LAST_POST_TIME_RFC3339' => gmdate(DATE_RFC3339, $row['topic_last_post_time']), 'LAST_VIEW_TIME' => $user->format_date($row['topic_last_view_time']), + 'LAST_VIEW_TIME_RFC3339' => gmdate(DATE_RFC3339, $row['topic_last_view_time']), 'LAST_POST_AUTHOR' => get_username_string('username', $row['topic_last_poster_id'], $row['topic_last_poster_name'], $row['topic_last_poster_colour']), 'LAST_POST_AUTHOR_COLOUR' => get_username_string('colour', $row['topic_last_poster_id'], $row['topic_last_poster_name'], $row['topic_last_poster_colour']), 'LAST_POST_AUTHOR_FULL' => get_username_string('full', $row['topic_last_poster_id'], $row['topic_last_poster_name'], $row['topic_last_poster_colour']), diff --git a/phpBB/styles/prosilver/template/forumlist_body.html b/phpBB/styles/prosilver/template/forumlist_body.html index 8250a1fd07..4932860f8c 100644 --- a/phpBB/styles/prosilver/template/forumlist_body.html +++ b/phpBB/styles/prosilver/template/forumlist_body.html @@ -101,7 +101,7 @@ <i class="icon fa-external-link-square fa-fw icon-lightgray icon-md" aria-hidden="true"></i><span class="sr-only">{L_VIEW_LATEST_POST}</span> </a> <!-- ENDIF --> - <br />{forumrow.LAST_POST_TIME} + <br /><time datetime="{forumrow.LAST_POST_TIME_RFC3339}">{forumrow.LAST_POST_TIME}</time> <!-- ELSE --> {% if forumrow.U_UNAPPROVED_TOPICS %} {{ lang('TOPIC_UNAPPROVED_FORUM', forumrow.TOPICS) }} diff --git a/phpBB/styles/prosilver/template/navbar_header.html b/phpBB/styles/prosilver/template/navbar_header.html index dc29285922..d34123adfc 100644 --- a/phpBB/styles/prosilver/template/navbar_header.html +++ b/phpBB/styles/prosilver/template/navbar_header.html @@ -160,7 +160,7 @@ </li> <!-- ENDIF --> <!-- EVENT navbar_header_user_profile_append --> - <!-- ELSE --> + <!-- ELSE IF not S_IS_BOT --> <li class="rightside" data-skip-responsive="true"> <a href="{U_LOGIN_LOGOUT}" title="{L_LOGIN_LOGOUT}" accesskey="x" role="menuitem"> <i class="icon fa-power-off fa-fw" aria-hidden="true"></i><span>{L_LOGIN_LOGOUT}</span> diff --git a/phpBB/styles/prosilver/template/plupload.html b/phpBB/styles/prosilver/template/plupload.html index a2ab19a51f..9425b7d769 100644 --- a/phpBB/styles/prosilver/template/plupload.html +++ b/phpBB/styles/prosilver/template/plupload.html @@ -64,6 +64,7 @@ phpbb.plupload = { lang: { ERROR: '{LA_ERROR}', TOO_MANY_ATTACHMENTS: '{LA_TOO_MANY_ATTACHMENTS}', + FORM_INVALID: '{LA_FORM_INVALID}', }, order: '{ATTACH_ORDER}', maxFiles: {MAX_ATTACHMENTS}, diff --git a/phpBB/styles/prosilver/template/search_results.html b/phpBB/styles/prosilver/template/search_results.html index 391afa4d7f..9ee13a4224 100644 --- a/phpBB/styles/prosilver/template/search_results.html +++ b/phpBB/styles/prosilver/template/search_results.html @@ -108,7 +108,7 @@ <!-- IF not S_IS_BOT --> <div class="responsive-show" style="display: none;"> - {L_LAST_POST} {L_POST_BY_AUTHOR} <!-- EVENT search_results_last_post_author_username_prepend -->{searchresults.LAST_POST_AUTHOR_FULL}<!-- EVENT search_results_last_post_author_username_append --> « <a href="{searchresults.U_LAST_POST}" title="{L_GOTO_LAST_POST}">{searchresults.LAST_POST_TIME}</a> + {L_LAST_POST} {L_POST_BY_AUTHOR} <!-- EVENT search_results_last_post_author_username_prepend -->{searchresults.LAST_POST_AUTHOR_FULL}<!-- EVENT search_results_last_post_author_username_append --> « <a href="{searchresults.U_LAST_POST}" title="{L_GOTO_LAST_POST}"><time datetime="{searchresults.LAST_POST_TIME_RFC3339}">{searchresults.LAST_POST_TIME}</time></a> <br />{L_POSTED} {L_IN} <a href="{searchresults.U_VIEW_FORUM}">{searchresults.FORUM_TITLE}</a> </div> <!-- IF searchresults.TOPIC_REPLIES --><span class="responsive-show left-box" style="display: none;">{L_REPLIES}{L_COLON} <strong>{searchresults.TOPIC_REPLIES}</strong></span><!-- ENDIF --> @@ -118,7 +118,7 @@ <!-- IF searchresults.S_HAS_POLL --><i class="icon fa-bar-chart fa-fw" aria-hidden="true"></i><!-- ENDIF --> <!-- IF searchresults.ATTACH_ICON_IMG --><i class="icon fa-paperclip fa-fw" aria-hidden="true"></i><!-- ENDIF --> {% EVENT topiclist_row_topic_by_author_before %} - {L_POST_BY_AUTHOR} <!-- EVENT search_results_topic_author_username_prepend -->{searchresults.TOPIC_AUTHOR_FULL}<!-- EVENT search_results_topic_author_username_append --> » {searchresults.FIRST_POST_TIME} » {L_IN} <a href="{searchresults.U_VIEW_FORUM}">{searchresults.FORUM_TITLE}</a> + {L_POST_BY_AUTHOR} <!-- EVENT search_results_topic_author_username_prepend -->{searchresults.TOPIC_AUTHOR_FULL}<!-- EVENT search_results_topic_author_username_append --> » <time datetime="{searchresults.FIRST_POST_TIME_RFC3339}">{searchresults.FIRST_POST_TIME}</time> » {L_IN} <a href="{searchresults.U_VIEW_FORUM}">{searchresults.FORUM_TITLE}</a> {% EVENT topiclist_row_topic_by_author_after %} </div> @@ -150,7 +150,7 @@ <i class="icon fa-external-link-square fa-fw icon-lightgray icon-md" aria-hidden="true"></i><span class="sr-only">{VIEW_LATEST_POST}</span> </a> <!-- ENDIF --> - <br />{searchresults.LAST_POST_TIME} + <br /><time datetime="{searchresults.LAST_POST_TIME_RFC3339}">{searchresults.LAST_POST_TIME}</time> </span> </dd> </dl> diff --git a/phpBB/styles/prosilver/template/viewforum_body.html b/phpBB/styles/prosilver/template/viewforum_body.html index 1827738019..40beb784d7 100644 --- a/phpBB/styles/prosilver/template/viewforum_body.html +++ b/phpBB/styles/prosilver/template/viewforum_body.html @@ -187,7 +187,7 @@ <!-- IF not S_IS_BOT --> <div class="responsive-show" style="display: none;"> - {L_LAST_POST} {L_POST_BY_AUTHOR} <!-- EVENT viewforum_body_last_post_author_username_prepend -->{topicrow.LAST_POST_AUTHOR_FULL}<!-- EVENT viewforum_body_last_post_author_username_append --> « <a href="{topicrow.U_LAST_POST}" title="{L_GOTO_LAST_POST}">{topicrow.LAST_POST_TIME}</a> + {L_LAST_POST} {L_POST_BY_AUTHOR} <!-- EVENT viewforum_body_last_post_author_username_prepend -->{topicrow.LAST_POST_AUTHOR_FULL}<!-- EVENT viewforum_body_last_post_author_username_append --> « <a href="{topicrow.U_LAST_POST}" title="{L_GOTO_LAST_POST}"><time datetime="{topicrow.LAST_POST_TIME_RFC3339}">{topicrow.LAST_POST_TIME}</time></a> <!-- IF topicrow.S_POST_GLOBAL and FORUM_ID != topicrow.FORUM_ID --><br />{L_POSTED} {L_IN} <a href="{topicrow.U_VIEW_FORUM}">{topicrow.FORUM_NAME}</a><!-- ENDIF --> </div> <!-- IF topicrow.REPLIES --> @@ -199,7 +199,7 @@ <!-- IF topicrow.S_HAS_POLL --><i class="icon fa-bar-chart fa-fw" aria-hidden="true"></i><!-- ENDIF --> <!-- IF topicrow.ATTACH_ICON_IMG --><i class="icon fa-paperclip fa-fw" aria-hidden="true"></i><!-- ENDIF --> {% EVENT topiclist_row_topic_by_author_before %} - {L_POST_BY_AUTHOR} <!-- EVENT viewforum_body_topic_author_username_prepend -->{topicrow.TOPIC_AUTHOR_FULL}<!-- EVENT viewforum_body_topic_author_username_append --> » {topicrow.FIRST_POST_TIME} + {L_POST_BY_AUTHOR} <!-- EVENT viewforum_body_topic_author_username_prepend -->{topicrow.TOPIC_AUTHOR_FULL}<!-- EVENT viewforum_body_topic_author_username_append --> » <time datetime="{topicrow.FIRST_POST_TIME_RFC3339}">{topicrow.FIRST_POST_TIME}</time> {% EVENT topiclist_row_topic_by_author_after %} <!-- IF topicrow.S_POST_GLOBAL and FORUM_ID != topicrow.FORUM_ID --> » {L_IN} <a href="{topicrow.U_VIEW_FORUM}">{topicrow.FORUM_NAME}</a><!-- ENDIF --> </div> @@ -232,7 +232,7 @@ <i class="icon fa-external-link-square fa-fw icon-lightgray icon-md" aria-hidden="true"></i><span class="sr-only">{VIEW_LATEST_POST}</span> </a> <!-- ENDIF --> - <br />{topicrow.LAST_POST_TIME} + <br /><time datetime="{topicrow.LAST_POST_TIME_RFC3339}">{topicrow.LAST_POST_TIME}</time> </span> </dd> </dl> diff --git a/phpBB/styles/prosilver/template/viewtopic_body.html b/phpBB/styles/prosilver/template/viewtopic_body.html index 8d7e26f099..f77b99dc29 100644 --- a/phpBB/styles/prosilver/template/viewtopic_body.html +++ b/phpBB/styles/prosilver/template/viewtopic_body.html @@ -289,7 +289,7 @@ <i class="icon fa-file fa-fw <!-- IF postrow.S_UNREAD_POST -->icon-red<!-- ELSE -->icon-lightgray<!-- ENDIF --> icon-md" aria-hidden="true"></i><span class="sr-only">{postrow.MINI_POST}</span> </a> <!-- ENDIF --> - <span class="responsive-hide">{L_POST_BY_AUTHOR} <strong>{postrow.POST_AUTHOR_FULL}</strong> » </span>{postrow.POST_DATE} + <span class="responsive-hide">{L_POST_BY_AUTHOR} <strong>{postrow.POST_AUTHOR_FULL}</strong> » </span><time datetime="{postrow.POST_DATE_RFC3339}">{postrow.POST_DATE}</time> </p> <!-- EVENT viewtopic_body_postrow_post_details_after --> diff --git a/phpBB/viewforum.php b/phpBB/viewforum.php index 72c96e2d2d..0a5484cdf2 100644 --- a/phpBB/viewforum.php +++ b/phpBB/viewforum.php @@ -933,9 +933,12 @@ if (count($topic_list)) 'TOPIC_AUTHOR_COLOUR' => get_username_string('colour', $row['topic_poster'], $row['topic_first_poster_name'], $row['topic_first_poster_colour']), 'TOPIC_AUTHOR_FULL' => get_username_string('full', $row['topic_poster'], $row['topic_first_poster_name'], $row['topic_first_poster_colour']), 'FIRST_POST_TIME' => $user->format_date($row['topic_time']), + 'FIRST_POST_TIME_RFC3339' => gmdate(DATE_RFC3339, $row['topic_time']), 'LAST_POST_SUBJECT' => censor_text($row['topic_last_post_subject']), 'LAST_POST_TIME' => $user->format_date($row['topic_last_post_time']), + 'LAST_POST_TIME_RFC3339' => gmdate(DATE_RFC3339, $row['topic_last_post_time']), 'LAST_VIEW_TIME' => $user->format_date($row['topic_last_view_time']), + 'LAST_VIEW_TIME_RFC3339' => gmdate(DATE_RFC3339, $row['topic_last_view_time']), 'LAST_POST_AUTHOR' => get_username_string('username', $row['topic_last_poster_id'], $row['topic_last_poster_name'], $row['topic_last_poster_colour']), 'LAST_POST_AUTHOR_COLOUR' => get_username_string('colour', $row['topic_last_poster_id'], $row['topic_last_poster_name'], $row['topic_last_poster_colour']), 'LAST_POST_AUTHOR_FULL' => get_username_string('full', $row['topic_last_poster_id'], $row['topic_last_poster_name'], $row['topic_last_poster_colour']), diff --git a/phpBB/viewtopic.php b/phpBB/viewtopic.php index 0c2be8c52e..dadbe9a06c 100644 --- a/phpBB/viewtopic.php +++ b/phpBB/viewtopic.php @@ -2044,6 +2044,7 @@ for ($i = 0, $end = count($post_list); $i < $end; ++$i) 'CONTACT_USER' => $user_cache[$poster_id]['contact_user'], 'POST_DATE' => $user->format_date($row['post_time'], false, ($view == 'print') ? true : false), + 'POST_DATE_RFC3339' => gmdate(DATE_RFC3339, $row['post_time']), 'POST_SUBJECT' => $row['post_subject'], 'MESSAGE' => $message, 'SIGNATURE' => ($row['enable_sig']) ? $user_cache[$poster_id]['sig'] : '', diff --git a/tests/functional/fileupload_form_test.php b/tests/functional/fileupload_form_test.php index b0780172ff..ff9450be0d 100644 --- a/tests/functional/fileupload_form_test.php +++ b/tests/functional/fileupload_form_test.php @@ -46,6 +46,13 @@ class phpbb_functional_fileupload_form_test extends phpbb_functional_test_case private function upload_file($filename, $mimetype) { + $crawler = self::$client->request( + 'GET', + 'posting.php?mode=reply&f=2&t=1&sid=' . $this->sid + ); + + $file_form_data = array_merge(['add_file' => $this->lang('ADD_FILE')], $this->get_hidden_fields($crawler, 'posting.php?mode=reply&f=2&t=1&sid=' . $this->sid)); + $file = array( 'tmp_name' => $this->path . $filename, 'name' => $filename, @@ -57,7 +64,7 @@ class phpbb_functional_fileupload_form_test extends phpbb_functional_test_case $crawler = self::$client->request( 'POST', 'posting.php?mode=reply&f=2&t=1&sid=' . $this->sid, - array('add_file' => $this->lang('ADD_FILE')), + $file_form_data, array('fileupload' => $file) ); diff --git a/tests/functional/plupload_test.php b/tests/functional/plupload_test.php index 9d284a7e57..4ab1c8e9e5 100644 --- a/tests/functional/plupload_test.php +++ b/tests/functional/plupload_test.php @@ -76,6 +76,10 @@ class phpbb_functional_plupload_test extends phpbb_functional_test_case $chunk_size = ceil(filesize($this->path . 'valid.jpg') / self::CHUNKS); $handle = fopen($this->path . 'valid.jpg', 'rb'); + $crawler = self::$client->request('POST', $url . '&sid=' . $this->sid); + + $file_form_data = $this->get_hidden_fields($crawler, $url); + for ($i = 0; $i < self::CHUNKS; $i++) { $chunk = fread($handle, $chunk_size); @@ -94,13 +98,13 @@ class phpbb_functional_plupload_test extends phpbb_functional_test_case $crawler = self::$client->request( 'POST', $url . '&sid=' . $this->sid, - array( + array_merge(array( 'chunk' => $i, 'chunks' => self::CHUNKS, 'name' => md5('valid') . '.jpg', 'real_filename' => 'valid.jpg', 'add_file' => $this->lang('ADD_FILE'), - ), + ), $file_form_data), array('fileupload' => $file), array('X-PHPBB-USING-PLUPLOAD' => '1') ); @@ -134,17 +138,19 @@ class phpbb_functional_plupload_test extends phpbb_functional_test_case 'error' => UPLOAD_ERR_OK, ); + $file_form_data = $this->get_hidden_fields(null, $url); + self::$client->setServerParameter('HTTP_X_PHPBB_USING_PLUPLOAD', '1'); self::$client->request( 'POST', $url . '&sid=' . $this->sid, - array( + array_merge(array( 'chunk' => '0', 'chunks' => '1', 'name' => md5('valid') . '.jpg', 'real_filename' => 'valid.jpg', 'add_file' => $this->lang('ADD_FILE'), - ), + ), $file_form_data), array('fileupload' => $file) ); diff --git a/tests/functions/fixtures/validate_email.xml b/tests/functions/fixtures/validate_email.xml index eb4fd90217..fa139f6f18 100644 --- a/tests/functions/fixtures/validate_email.xml +++ b/tests/functions/fixtures/validate_email.xml @@ -1,5 +1,29 @@ <?xml version="1.0" encoding="UTF-8" ?> <dataset> + <table name="phpbb_banlist"> + <column>ban_id</column> + <column>ban_userid</column> + <column>ban_exclude</column> + <column>ban_end</column> + <column>ban_email</column> + <column>ban_give_reason</column> + <row> + <value>1</value> + <value>0</value> + <value>0</value> + <value>0</value> + <value>banned@example.com</value> + <value></value> + </row> + <row> + <value>2</value> + <value>0</value> + <value>0</value> + <value>0</value> + <value>banned2@example.com</value> + <value>just because</value> + </row> + </table> <table name="phpbb_users"> <column>user_id</column> <column>username</column> diff --git a/tests/functions/validate_user_email_test.php b/tests/functions/validate_user_email_test.php index 8dcec88103..d23ffc0503 100644 --- a/tests/functions/validate_user_email_test.php +++ b/tests/functions/validate_user_email_test.php @@ -28,10 +28,16 @@ class phpbb_functions_validate_user_email_test extends phpbb_database_test_case protected function setUp() { + global $cache, $phpbb_dispatcher, $phpbb_root_path, $phpEx; + parent::setUp(); + $cache = new \phpbb\cache\driver\file(); + $cache->purge(); $this->db = $this->new_dbal(); - $this->user = new phpbb_mock_user; + $phpbb_dispatcher = new phpbb_mock_event_dispatcher(); + $language = new phpbb\language\language(new phpbb\language\language_file_loader($phpbb_root_path, $phpEx)); + $this->user = new phpbb\user($language, '\phpbb\datetime'); $this->helper = new phpbb_functions_validate_data_helper($this); } @@ -47,7 +53,6 @@ class phpbb_functions_validate_user_email_test extends phpbb_database_test_case $config['email_check_mx'] = $check_mx; $db = $this->db; $user = $this->user; - $user->optionset('banned_users', array('banned@example.com')); } public static function validate_user_email_data() @@ -58,7 +63,8 @@ class phpbb_functions_validate_user_email_test extends phpbb_database_test_case array('valid_complex', array(), "'%$~test@example.com"), array('invalid', array('EMAIL_INVALID'), 'fööbar@example.com'), array('taken', array('EMAIL_TAKEN'), 'admin@example.com'), - array('banned', array('EMAIL_BANNED'), 'banned@example.com'), + array('banned', ['just because'], 'banned2@example.com'), + array('banned', ['EMAIL_BANNED'], 'banned@example.com') ); } diff --git a/tests/test_framework/phpbb_functional_test_case.php b/tests/test_framework/phpbb_functional_test_case.php index 4d294fd523..2659cf6e73 100644 --- a/tests/test_framework/phpbb_functional_test_case.php +++ b/tests/test_framework/phpbb_functional_test_case.php @@ -1166,24 +1166,14 @@ class phpbb_functional_test_case extends phpbb_test_case 'error' => UPLOAD_ERR_OK, ); - $crawler = self::$client->request('POST', $posting_url, array('add_file' => $this->lang('ADD_FILE')), array('fileupload' => $file)); + $file_form_data = array_merge(['add_file' => $this->lang('ADD_FILE')], $this->get_hidden_fields($crawler, $posting_url)); + + $crawler = self::$client->request('POST', $posting_url, $file_form_data, array('fileupload' => $file)); } unset($form_data['upload_files']); } - $hidden_fields = array( - $crawler->filter('[type="hidden"]')->each(function ($node, $i) { - return array('name' => $node->attr('name'), 'value' => $node->attr('value')); - }), - ); - - foreach ($hidden_fields as $fields) - { - foreach($fields as $field) - { - $form_data[$field['name']] = $field['value']; - } - } + $form_data = array_merge($form_data, $this->get_hidden_fields($crawler, $posting_url)); // I use a request because the form submission method does not allow you to send data that is not // contained in one of the actual form fields that the browser sees (i.e. it ignores "hidden" inputs) @@ -1314,4 +1304,37 @@ class phpbb_functional_test_case extends phpbb_test_case return self::request('GET', substr($link, strpos($link, 'mcp.'))); } + + /** + * Get hidden fields for URL + * + * @param Symfony\Component\DomCrawler\Crawler|null $crawler Crawler instance or null + * @param string $url Request URL + * + * @return array Hidden form fields array + */ + protected function get_hidden_fields($crawler, $url) + { + if (!$crawler) + { + $crawler = self::$client->request('GET', $url); + } + $hidden_fields = [ + $crawler->filter('[type="hidden"]')->each(function ($node, $i) { + return ['name' => $node->attr('name'), 'value' => $node->attr('value')]; + }), + ]; + + $file_form_data = []; + + foreach ($hidden_fields as $fields) + { + foreach($fields as $field) + { + $file_form_data[$field['name']] = $field['value']; + } + } + + return $file_form_data; + } } diff --git a/tests/text_formatter/s9e/default_formatting_test.php b/tests/text_formatter/s9e/default_formatting_test.php index a35c9138a5..1aa4f0bc3a 100644 --- a/tests/text_formatter/s9e/default_formatting_test.php +++ b/tests/text_formatter/s9e/default_formatting_test.php @@ -70,7 +70,7 @@ class phpbb_textformatter_s9e_default_formatting_test extends phpbb_test_case ), array( '[size=75]smaller[/size]', - '<span style="font-size:75%;line-height:normal">smaller</span>' + '<span style="font-size: 75%; line-height: normal">smaller</span>' ), array( '[quote]quoted[/quote]', diff --git a/tests/text_processing/tickets_data/PHPBB3-13921.html b/tests/text_processing/tickets_data/PHPBB3-13921.html index 690668ef28..6a9dc7f504 100644 --- a/tests/text_processing/tickets_data/PHPBB3-13921.html +++ b/tests/text_processing/tickets_data/PHPBB3-13921.html @@ -1 +1 @@ -<span style="font-size:200%;line-height:normal"></span><div style="text-align:center"><span style="font-size:200%;line-height:normal">xxx</span></div>
\ No newline at end of file +<span style="font-size: 200%; line-height: normal"></span><div style="text-align:center"><span style="font-size: 200%; line-height: normal">xxx</span></div>
\ No newline at end of file |