aboutsummaryrefslogtreecommitdiffstats
path: root/phpBB/phpbb
diff options
context:
space:
mode:
Diffstat (limited to 'phpBB/phpbb')
-rw-r--r--phpBB/phpbb/db/migration/data/v30x/.htaccess33
-rw-r--r--phpBB/phpbb/db/migration/data/v310/.htaccess33
-rw-r--r--phpBB/phpbb/db/migration/data/v31x/.htaccess33
-rw-r--r--phpBB/phpbb/db/migration/data/v31x/v3111rc1.php43
-rw-r--r--phpBB/phpbb/db/migration/data/v320/.htaccess33
-rw-r--r--phpBB/phpbb/db/migration/data/v32x/v321rc1.php39
-rw-r--r--phpBB/phpbb/version_helper.php109
7 files changed, 323 insertions, 0 deletions
diff --git a/phpBB/phpbb/db/migration/data/v30x/.htaccess b/phpBB/phpbb/db/migration/data/v30x/.htaccess
new file mode 100644
index 0000000000..44242b5418
--- /dev/null
+++ b/phpBB/phpbb/db/migration/data/v30x/.htaccess
@@ -0,0 +1,33 @@
+# With Apache 2.4 the "Order, Deny" syntax has been deprecated and moved from
+# module mod_authz_host to a new module called mod_access_compat (which may be
+# disabled) and a new "Require" syntax has been introduced to mod_authz_host.
+# We could just conditionally provide both versions, but unfortunately Apache
+# does not explicitly tell us its version if the module mod_version is not
+# available. In this case, we check for the availability of module
+# mod_authz_core (which should be on 2.4 or higher only) as a best guess.
+<IfModule mod_version.c>
+ <IfVersion < 2.4>
+ <Files "*">
+ Order Allow,Deny
+ Deny from All
+ </Files>
+ </IfVersion>
+ <IfVersion >= 2.4>
+ <Files "*">
+ Require all denied
+ </Files>
+ </IfVersion>
+</IfModule>
+<IfModule !mod_version.c>
+ <IfModule !mod_authz_core.c>
+ <Files "*">
+ Order Allow,Deny
+ Deny from All
+ </Files>
+ </IfModule>
+ <IfModule mod_authz_core.c>
+ <Files "*">
+ Require all denied
+ </Files>
+ </IfModule>
+</IfModule>
diff --git a/phpBB/phpbb/db/migration/data/v310/.htaccess b/phpBB/phpbb/db/migration/data/v310/.htaccess
new file mode 100644
index 0000000000..44242b5418
--- /dev/null
+++ b/phpBB/phpbb/db/migration/data/v310/.htaccess
@@ -0,0 +1,33 @@
+# With Apache 2.4 the "Order, Deny" syntax has been deprecated and moved from
+# module mod_authz_host to a new module called mod_access_compat (which may be
+# disabled) and a new "Require" syntax has been introduced to mod_authz_host.
+# We could just conditionally provide both versions, but unfortunately Apache
+# does not explicitly tell us its version if the module mod_version is not
+# available. In this case, we check for the availability of module
+# mod_authz_core (which should be on 2.4 or higher only) as a best guess.
+<IfModule mod_version.c>
+ <IfVersion < 2.4>
+ <Files "*">
+ Order Allow,Deny
+ Deny from All
+ </Files>
+ </IfVersion>
+ <IfVersion >= 2.4>
+ <Files "*">
+ Require all denied
+ </Files>
+ </IfVersion>
+</IfModule>
+<IfModule !mod_version.c>
+ <IfModule !mod_authz_core.c>
+ <Files "*">
+ Order Allow,Deny
+ Deny from All
+ </Files>
+ </IfModule>
+ <IfModule mod_authz_core.c>
+ <Files "*">
+ Require all denied
+ </Files>
+ </IfModule>
+</IfModule>
diff --git a/phpBB/phpbb/db/migration/data/v31x/.htaccess b/phpBB/phpbb/db/migration/data/v31x/.htaccess
new file mode 100644
index 0000000000..44242b5418
--- /dev/null
+++ b/phpBB/phpbb/db/migration/data/v31x/.htaccess
@@ -0,0 +1,33 @@
+# With Apache 2.4 the "Order, Deny" syntax has been deprecated and moved from
+# module mod_authz_host to a new module called mod_access_compat (which may be
+# disabled) and a new "Require" syntax has been introduced to mod_authz_host.
+# We could just conditionally provide both versions, but unfortunately Apache
+# does not explicitly tell us its version if the module mod_version is not
+# available. In this case, we check for the availability of module
+# mod_authz_core (which should be on 2.4 or higher only) as a best guess.
+<IfModule mod_version.c>
+ <IfVersion < 2.4>
+ <Files "*">
+ Order Allow,Deny
+ Deny from All
+ </Files>
+ </IfVersion>
+ <IfVersion >= 2.4>
+ <Files "*">
+ Require all denied
+ </Files>
+ </IfVersion>
+</IfModule>
+<IfModule !mod_version.c>
+ <IfModule !mod_authz_core.c>
+ <Files "*">
+ Order Allow,Deny
+ Deny from All
+ </Files>
+ </IfModule>
+ <IfModule mod_authz_core.c>
+ <Files "*">
+ Require all denied
+ </Files>
+ </IfModule>
+</IfModule>
diff --git a/phpBB/phpbb/db/migration/data/v31x/v3111rc1.php b/phpBB/phpbb/db/migration/data/v31x/v3111rc1.php
new file mode 100644
index 0000000000..259656283f
--- /dev/null
+++ b/phpBB/phpbb/db/migration/data/v31x/v3111rc1.php
@@ -0,0 +1,43 @@
+<?php
+/**
+*
+* This file is part of the phpBB Forum Software package.
+*
+* @copyright (c) phpBB Limited <https://www.phpbb.com>
+* @license GNU General Public License, version 2 (GPL-2.0)
+*
+* For full copyright and license information, please see
+* the docs/CREDITS.txt file.
+*
+*/
+
+namespace phpbb\db\migration\data\v31x;
+
+class v3111rc1 extends \phpbb\db\migration\migration
+{
+ public function effectively_installed()
+ {
+ return phpbb_version_compare($this->config['version'], '3.1.11-RC1', '>=');
+ }
+
+ static public function depends_on()
+ {
+ return array(
+ '\phpbb\db\migration\data\v31x\v3110',
+ '\phpbb\db\migration\data\v31x\add_log_time_index',
+ '\phpbb\db\migration\data\v31x\increase_size_of_emotion',
+ '\phpbb\db\migration\data\v31x\add_jabber_ssl_context_config_options',
+ '\phpbb\db\migration\data\v31x\add_smtp_ssl_context_config_options',
+ '\phpbb\db\migration\data\v31x\update_hashes',
+ '\phpbb\db\migration\data\v31x\remove_duplicate_migrations',
+ '\phpbb\db\migration\data\v31x\add_latest_topics_index',
+ );
+ }
+
+ public function update_data()
+ {
+ return array(
+ array('config.update', array('version', '3.1.11-RC1')),
+ );
+ }
+}
diff --git a/phpBB/phpbb/db/migration/data/v320/.htaccess b/phpBB/phpbb/db/migration/data/v320/.htaccess
new file mode 100644
index 0000000000..44242b5418
--- /dev/null
+++ b/phpBB/phpbb/db/migration/data/v320/.htaccess
@@ -0,0 +1,33 @@
+# With Apache 2.4 the "Order, Deny" syntax has been deprecated and moved from
+# module mod_authz_host to a new module called mod_access_compat (which may be
+# disabled) and a new "Require" syntax has been introduced to mod_authz_host.
+# We could just conditionally provide both versions, but unfortunately Apache
+# does not explicitly tell us its version if the module mod_version is not
+# available. In this case, we check for the availability of module
+# mod_authz_core (which should be on 2.4 or higher only) as a best guess.
+<IfModule mod_version.c>
+ <IfVersion < 2.4>
+ <Files "*">
+ Order Allow,Deny
+ Deny from All
+ </Files>
+ </IfVersion>
+ <IfVersion >= 2.4>
+ <Files "*">
+ Require all denied
+ </Files>
+ </IfVersion>
+</IfModule>
+<IfModule !mod_version.c>
+ <IfModule !mod_authz_core.c>
+ <Files "*">
+ Order Allow,Deny
+ Deny from All
+ </Files>
+ </IfModule>
+ <IfModule mod_authz_core.c>
+ <Files "*">
+ Require all denied
+ </Files>
+ </IfModule>
+</IfModule>
diff --git a/phpBB/phpbb/db/migration/data/v32x/v321rc1.php b/phpBB/phpbb/db/migration/data/v32x/v321rc1.php
new file mode 100644
index 0000000000..653a16f327
--- /dev/null
+++ b/phpBB/phpbb/db/migration/data/v32x/v321rc1.php
@@ -0,0 +1,39 @@
+<?php
+/**
+*
+* This file is part of the phpBB Forum Software package.
+*
+* @copyright (c) phpBB Limited <https://www.phpbb.com>
+* @license GNU General Public License, version 2 (GPL-2.0)
+*
+* For full copyright and license information, please see
+* the docs/CREDITS.txt file.
+*
+*/
+
+namespace phpbb\db\migration\data\v32x;
+
+class v321rc1 extends \phpbb\db\migration\migration
+{
+ public function effectively_installed()
+ {
+ return phpbb_version_compare($this->config['version'], '3.2.1-RC1', '>=');
+ }
+
+ static public function depends_on()
+ {
+ return array(
+ '\phpbb\db\migration\data\v320\v320',
+ '\phpbb\db\migration\data\v31x\v3111rc1',
+ '\phpbb\db\migration\data\v32x\load_user_activity_limit',
+ '\phpbb\db\migration\data\v32x\user_notifications_table_unique_index',
+ );
+ }
+
+ public function update_data()
+ {
+ return array(
+ array('config.update', array('version', '3.2.1-RC1')),
+ );
+ }
+}
diff --git a/phpBB/phpbb/version_helper.php b/phpBB/phpbb/version_helper.php
index bb15dd1a74..a73fbfbfbe 100644
--- a/phpBB/phpbb/version_helper.php
+++ b/phpBB/phpbb/version_helper.php
@@ -60,6 +60,23 @@ class version_helper
/** @var \phpbb\file_downloader */
protected $file_downloader;
+ protected $version_schema = array(
+ 'stable' => array(
+ 'current' => 'version',
+ 'download' => 'url',
+ 'announcement' => 'url',
+ 'eol' => 'url',
+ 'security' => 'bool',
+ ),
+ 'unstable' => array(
+ 'current' => 'version',
+ 'download' => 'url',
+ 'announcement' => 'url',
+ 'eol' => 'url',
+ 'security' => 'bool',
+ ),
+ );
+
/**
* Constructor
*
@@ -392,9 +409,101 @@ class version_helper
$info['stable'] = (empty($info['stable'])) ? array() : $info['stable'];
$info['unstable'] = (empty($info['unstable'])) ? $info['stable'] : $info['unstable'];
+ $info = $this->validate_versions($info);
+
$this->cache->put($cache_file, $info, 86400); // 24 hours
}
return $info;
}
+
+ /**
+ * Validate versions info input
+ *
+ * @param array $versions_info Decoded json data array. Will be modified
+ * and cleaned by this method
+ *
+ * @return array Versions info array
+ * @throws version_check_exception
+ */
+ public function validate_versions($versions_info)
+ {
+ $array_diff = array_diff_key($versions_info, array($this->version_schema));
+
+ // Remove excessive data
+ if (count($array_diff) > 0)
+ {
+ $old_versions_info = $versions_info;
+ $versions_info = array(
+ 'stable' => !empty($old_versions_info['stable']) ? $old_versions_info['stable'] : array(),
+ 'unstable' => !empty($old_versions_info['unstable']) ? $old_versions_info['unstable'] : array(),
+ );
+ unset($old_versions_info);
+ }
+
+ foreach ($versions_info as $stability_type => &$versions_data)
+ {
+ foreach ($versions_data as $branch => &$version_data)
+ {
+ if (!preg_match('/^[0-9a-z\-\.]+$/i', $branch))
+ {
+ unset($versions_data[$branch]);
+ continue;
+ }
+
+ $stability_diff = array_diff_key($version_data, $this->version_schema[$stability_type]);
+
+ if (count($stability_diff) > 0)
+ {
+ $old_version_data = $version_data;
+ $version_data = array();
+ foreach ($this->version_schema[$stability_type] as $key => $value)
+ {
+ if (isset($old_version_data[$key]))
+ {
+ $version_data[$key] = $old_version_data[$key];
+ }
+ }
+ unset($old_version_data);
+ }
+
+ foreach ($version_data as $key => &$value)
+ {
+ if (!isset($this->version_schema[$stability_type][$key]))
+ {
+ unset($version_data[$key]);
+ throw new version_check_exception('VERSIONCHECK_INVALID_ENTRY');
+ }
+
+ switch ($this->version_schema[$stability_type][$key])
+ {
+ case 'bool':
+ $value = (bool) $value;
+ break;
+
+ case 'url':
+ if (!empty($value) && !preg_match('#^' . get_preg_expression('url') . '$#iu', $value) &&
+ !preg_match('#^' . get_preg_expression('www_url') . '$#iu', $value))
+ {
+ throw new version_check_exception('VERSIONCHECK_INVALID_URL');
+ }
+ break;
+
+ case 'version':
+ if (!empty($value) && !preg_match(get_preg_expression('semantic_version'), $value))
+ {
+ throw new version_check_exception('VERSIONCHECK_INVALID_VERSION');
+ }
+ break;
+
+ default:
+ // Shouldn't be possible to trigger this
+ throw new version_check_exception('VERSIONCHECK_INVALID_ENTRY');
+ }
+ }
+ }
+ }
+
+ return $versions_info;
+ }
}
generated by cgit v1.2.1 (git 2.21.0) at 2025-09-13 13:26:24 +0000