diff options
Diffstat (limited to 'phpBB/phpbb')
| -rw-r--r-- | phpBB/phpbb/auth/provider/ldap.php | 2 | ||||
| -rw-r--r-- | phpBB/phpbb/auth/provider/oauth/service/service_interface.php | 2 | ||||
| -rw-r--r-- | phpBB/phpbb/avatar/driver/remote.php | 20 | ||||
| -rw-r--r-- | phpBB/phpbb/console/command/cron/run.php | 4 | ||||
| -rw-r--r-- | phpBB/phpbb/console/command/update/check.php | 1 | ||||
| -rw-r--r-- | phpBB/phpbb/db/migration/data/v32x/v329rc1.php | 36 | ||||
| -rw-r--r-- | phpBB/phpbb/db/migration/data/v330/remove_email_hash.php | 5 | ||||
| -rw-r--r-- | phpBB/phpbb/install/module_base.php | 2 | ||||
| -rw-r--r-- | phpBB/phpbb/language/language_file_loader.php | 1 | ||||
| -rw-r--r-- | phpBB/phpbb/passwords/driver/argon2i.php | 21 | ||||
| -rw-r--r-- | phpBB/phpbb/plupload/plupload.php | 2 | ||||
| -rw-r--r-- | phpBB/phpbb/request/request.php | 2 | ||||
| -rw-r--r-- | phpBB/phpbb/request/request_interface.php | 2 | ||||
| -rw-r--r-- | phpBB/phpbb/search/fulltext_mysql.php | 2 | ||||
| -rw-r--r-- | phpBB/phpbb/search/fulltext_native.php | 6 | ||||
| -rw-r--r-- | phpBB/phpbb/search/fulltext_sphinx.php | 4 |
16 files changed, 98 insertions, 14 deletions
diff --git a/phpBB/phpbb/auth/provider/ldap.php b/phpBB/phpbb/auth/provider/ldap.php index 6a78136e5f..43699f7d6e 100644 --- a/phpBB/phpbb/auth/provider/ldap.php +++ b/phpBB/phpbb/auth/provider/ldap.php @@ -40,8 +40,8 @@ class ldap extends base /** * LDAP Authentication Constructor * - * @param driver_interface $db DBAL driver interface * @param config $config Config object + * @param driver_interface $db DBAL driver interface * @param language $language Language object * @param user $user User object */ diff --git a/phpBB/phpbb/auth/provider/oauth/service/service_interface.php b/phpBB/phpbb/auth/provider/oauth/service/service_interface.php index ea9ef43788..239e661989 100644 --- a/phpBB/phpbb/auth/provider/oauth/service/service_interface.php +++ b/phpBB/phpbb/auth/provider/oauth/service/service_interface.php @@ -73,8 +73,6 @@ interface service_interface /** * Returns the external library service provider once it has been set - * - * @param \OAuth\Common\Service\ServiceInterface|null */ public function get_external_service_provider(); diff --git a/phpBB/phpbb/avatar/driver/remote.php b/phpBB/phpbb/avatar/driver/remote.php index efc4f5ec0f..b16549ffb7 100644 --- a/phpBB/phpbb/avatar/driver/remote.php +++ b/phpBB/phpbb/avatar/driver/remote.php @@ -49,6 +49,8 @@ class remote extends \phpbb\avatar\driver\driver */ public function process_form($request, $template, $user, $row, &$error) { + global $phpbb_dispatcher; + $url = $request->variable('avatar_remote_url', ''); $width = $request->variable('avatar_remote_width', 0); $height = $request->variable('avatar_remote_height', 0); @@ -84,6 +86,24 @@ class remote extends \phpbb\avatar\driver\driver return false; } + /** + * Event to make custom validation of avatar upload + * + * @event core.ucp_profile_avatar_upload_validation + * @var string url Image url + * @var string width Image width + * @var string height Image height + * @var array error Error message array + * @since 3.2.9-RC1 + */ + $vars = array('url', 'width', 'height', 'error'); + extract($phpbb_dispatcher->trigger_event('core.ucp_profile_avatar_upload_validation', compact($vars))); + + if (!empty($error)) + { + return false; + } + // Check if this url looks alright // Do not allow specifying the port (see RFC 3986) or IP addresses if (!preg_match('#^(http|https|ftp)://(?:(.*?\.)*?[a-z0-9\-]+?\.[a-z]{2,4}|(?:\d{1,3}\.){3,5}\d{1,3}):?([0-9]*?).*?\.('. implode('|', $this->allowed_extensions) . ')$#i', $url) || diff --git a/phpBB/phpbb/console/command/cron/run.php b/phpBB/phpbb/console/command/cron/run.php index df8bcf44f9..511c6bc01b 100644 --- a/phpBB/phpbb/console/command/cron/run.php +++ b/phpBB/phpbb/console/command/cron/run.php @@ -145,9 +145,11 @@ class run extends \phpbb\console\command\command * and returns with status 2. * * @see execute - * @param string $task_name The name of the task that should be run. + * * @param InputInterface $input The input stream used to get the argument and verbose option. * @param OutputInterface $output The output stream, used for printing verbose-mode and error information. + * @param string $task_name The name of the task that should be run. + * * @return int 0 if all is well, 2 if no task matches $task_name. */ protected function run_one(InputInterface $input, OutputInterface $output, $task_name) diff --git a/phpBB/phpbb/console/command/update/check.php b/phpBB/phpbb/console/command/update/check.php index 85c6cf7379..4cd7d2155c 100644 --- a/phpBB/phpbb/console/command/update/check.php +++ b/phpBB/phpbb/console/command/update/check.php @@ -223,6 +223,7 @@ class check extends \phpbb\console\command\command * Check if all the available extensions are up to date * * @param SymfonyStyle $io IO handler, for formatted and unified IO + * @param string $stability Stability specifier string * @param bool $recheck Disallow the use of the cache * @return int */ diff --git a/phpBB/phpbb/db/migration/data/v32x/v329rc1.php b/phpBB/phpbb/db/migration/data/v32x/v329rc1.php new file mode 100644 index 0000000000..271bf62859 --- /dev/null +++ b/phpBB/phpbb/db/migration/data/v32x/v329rc1.php @@ -0,0 +1,36 @@ +<?php +/** +* +* This file is part of the phpBB Forum Software package. +* +* @copyright (c) phpBB Limited <https://www.phpbb.com> +* @license GNU General Public License, version 2 (GPL-2.0) +* +* For full copyright and license information, please see +* the docs/CREDITS.txt file. +* +*/ + +namespace phpbb\db\migration\data\v32x; + +class v329rc1 extends \phpbb\db\migration\migration +{ + public function effectively_installed() + { + return phpbb_version_compare($this->config['version'], '3.2.9-RC1', '>='); + } + + static public function depends_on() + { + return array( + '\phpbb\db\migration\data\v32x\v328', + ); + } + + public function update_data() + { + return array( + array('config.update', array('version', '3.2.9-RC1')), + ); + } +} diff --git a/phpBB/phpbb/db/migration/data/v330/remove_email_hash.php b/phpBB/phpbb/db/migration/data/v330/remove_email_hash.php index dc43678625..8ac8f4ed72 100644 --- a/phpBB/phpbb/db/migration/data/v330/remove_email_hash.php +++ b/phpBB/phpbb/db/migration/data/v330/remove_email_hash.php @@ -15,6 +15,11 @@ namespace phpbb\db\migration\data\v330; class remove_email_hash extends \phpbb\db\migration\migration { + static public function depends_on() + { + return ['\phpbb\db\migration\data\v30x\release_3_0_0']; + } + public function update_schema() { return [ diff --git a/phpBB/phpbb/install/module_base.php b/phpBB/phpbb/install/module_base.php index 93c10bd656..4464a89716 100644 --- a/phpBB/phpbb/install/module_base.php +++ b/phpBB/phpbb/install/module_base.php @@ -131,7 +131,7 @@ abstract class module_base implements module_interface $name, )); - $this->install_config->increment_current_task_progress($this->task_step_count[$name]); + $this->install_config->increment_current_task_progress($this->task_step_count[$name] ?? false); } else { diff --git a/phpBB/phpbb/language/language_file_loader.php b/phpBB/phpbb/language/language_file_loader.php index b6816afd16..2910dd3c4a 100644 --- a/phpBB/phpbb/language/language_file_loader.php +++ b/phpBB/phpbb/language/language_file_loader.php @@ -151,6 +151,7 @@ class language_file_loader * * @param string $path Path to language directory * @param string $filename Filename to load language strings from + * @param array $locales Array containing language fallback options * * @return string Relative path to language file * diff --git a/phpBB/phpbb/passwords/driver/argon2i.php b/phpBB/phpbb/passwords/driver/argon2i.php index 49d7d6393e..bf4d6ec33a 100644 --- a/phpBB/phpbb/passwords/driver/argon2i.php +++ b/phpBB/phpbb/passwords/driver/argon2i.php @@ -37,10 +37,23 @@ class argon2i extends base_native { parent::__construct($config, $helper); - // Don't allow cost factors to be below default settings - $this->memory_cost = max($memory_cost, 1024); - $this->threads = max($threads, 2); - $this->time_cost = max($time_cost, 2); + // Workaround to prevent "Use of undefined constant" warning on some unsupported PHP installations + if (!defined('PASSWORD_ARGON2I')) + { + define('PASSWORD_ARGON2_DEFAULT_MEMORY_COST', 1024); + define('PASSWORD_ARGON2_DEFAULT_TIME_COST', 2); + define('PASSWORD_ARGON2_DEFAULT_THREADS', 1); + } + + /** + * For Sodium implementation of argon2 algorithm (since PHP 7.4), set special value of 1 for "threads" cost factor + * See https://wiki.php.net/rfc/sodium.argon.hash and PHPBB3-16266 + * Don't allow cost factors to be below default settings where possible + */ + $this->memory_cost = max($memory_cost, PASSWORD_ARGON2_DEFAULT_MEMORY_COST); + $this->time_cost = max($time_cost, PASSWORD_ARGON2_DEFAULT_TIME_COST); + $this->threads = (defined('PASSWORD_ARGON2_PROVIDER') && PASSWORD_ARGON2_PROVIDER == 'sodium') ? + PASSWORD_ARGON2_DEFAULT_THREADS : max($threads, PASSWORD_ARGON2_DEFAULT_THREADS); } /** diff --git a/phpBB/phpbb/plupload/plupload.php b/phpBB/phpbb/plupload/plupload.php index 5a5b8a1874..80d7e914db 100644 --- a/phpBB/phpbb/plupload/plupload.php +++ b/phpBB/phpbb/plupload/plupload.php @@ -325,6 +325,8 @@ class plupload * by PHP and actually exists, if not, it generates an error * * @param string $form_name The name of the file in the form data + * @param int $chunk Chunk number + * @param string $file_path File path * * @return null */ diff --git a/phpBB/phpbb/request/request.php b/phpBB/phpbb/request/request.php index 5c30f9b062..4d7bc9ea48 100644 --- a/phpBB/phpbb/request/request.php +++ b/phpBB/phpbb/request/request.php @@ -268,7 +268,7 @@ class request implements \phpbb\request\request_interface * whatever). * * @param string|array $var_name See \phpbb\request\request_interface::variable - * @param mixed $Default See \phpbb\request\request_interface::variable + * @param mixed $default See \phpbb\request\request_interface::variable * * @return mixed The server variable value. */ diff --git a/phpBB/phpbb/request/request_interface.php b/phpBB/phpbb/request/request_interface.php index 54dd8cef15..a1fbf0ae45 100644 --- a/phpBB/phpbb/request/request_interface.php +++ b/phpBB/phpbb/request/request_interface.php @@ -104,7 +104,7 @@ interface request_interface * * @return mixed The header value. */ - public function header($var_name, $default = ''); + public function header($header_name, $default = ''); /** * Checks whether a certain variable was sent via POST. diff --git a/phpBB/phpbb/search/fulltext_mysql.php b/phpBB/phpbb/search/fulltext_mysql.php index 8bdc31e128..42ac6eaba2 100644 --- a/phpBB/phpbb/search/fulltext_mysql.php +++ b/phpBB/phpbb/search/fulltext_mysql.php @@ -83,7 +83,7 @@ class fulltext_mysql extends \phpbb\search\base * @param string $phpEx PHP file extension * @param \phpbb\auth\auth $auth Auth object * @param \phpbb\config\config $config Config object - * @param \phpbb\db\driver\driver_interface Database object + * @param \phpbb\db\driver\driver_interface $db Database object * @param \phpbb\user $user User object * @param \phpbb\event\dispatcher_interface $phpbb_dispatcher Event dispatcher object */ diff --git a/phpBB/phpbb/search/fulltext_native.php b/phpBB/phpbb/search/fulltext_native.php index cb0c98baa6..23460d3381 100644 --- a/phpBB/phpbb/search/fulltext_native.php +++ b/phpBB/phpbb/search/fulltext_native.php @@ -109,6 +109,12 @@ class fulltext_native extends \phpbb\search\base * Initialises the fulltext_native search backend with min/max word length * * @param boolean|string &$error is passed by reference and should either be set to false on success or an error message on failure + * @param string $phpbb_root_path phpBB root path + * @param string $phpEx PHP file extension + * @param \phpbb\auth\auth $auth Auth object + * @param \phpbb\config\config $config Config object + * @param \phpbb\db\driver\driver_interface $db Database object + * @param \phpbb\user $user User object * @param \phpbb\event\dispatcher_interface $phpbb_dispatcher Event dispatcher object */ public function __construct(&$error, $phpbb_root_path, $phpEx, $auth, $config, $db, $user, $phpbb_dispatcher) diff --git a/phpBB/phpbb/search/fulltext_sphinx.php b/phpBB/phpbb/search/fulltext_sphinx.php index 6230f92da3..f7dcd5d937 100644 --- a/phpBB/phpbb/search/fulltext_sphinx.php +++ b/phpBB/phpbb/search/fulltext_sphinx.php @@ -644,7 +644,7 @@ class fulltext_sphinx $this->sphinx->SetFilter('deleted', array(0)); - $this->sphinx->SetLimits((int) $start, (int) $per_page, SPHINX_MAX_MATCHES); + $this->sphinx->SetLimits((int) $start, (int) $per_page, max(SPHINX_MAX_MATCHES, (int) $start + $per_page)); $result = $this->sphinx->Query($search_query_prefix . $this->sphinx->EscapeString(str_replace('"', '"', $this->search_query)), $this->indexes); // Could be connection to localhost:9312 failed (errno=111, @@ -675,7 +675,7 @@ class fulltext_sphinx { $start = floor(($result_count - 1) / $per_page) * $per_page; - $this->sphinx->SetLimits((int) $start, (int) $per_page, SPHINX_MAX_MATCHES); + $this->sphinx->SetLimits((int) $start, (int) $per_page, max(SPHINX_MAX_MATCHES, (int) $start + $per_page)); $result = $this->sphinx->Query($search_query_prefix . $this->sphinx->EscapeString(str_replace('"', '"', $this->search_query)), $this->indexes); // Could be connection to localhost:9312 failed (errno=111, |