From b5a997ce183fa655af4c03b5f92a58a1a3e7c2f1 Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Tue, 16 Jul 2019 20:44:12 +0200 Subject: [ticket/security/243] Limit size values to supported values SECURITY-243 --- phpBB/phpbb/textformatter/s9e/parser.php | 11 +++++++++++ 1 file changed, 11 insertions(+) (limited to 'phpBB/phpbb') diff --git a/phpBB/phpbb/textformatter/s9e/parser.php b/phpBB/phpbb/textformatter/s9e/parser.php index 3698dca224..e30bc2b0d9 100644 --- a/phpBB/phpbb/textformatter/s9e/parser.php +++ b/phpBB/phpbb/textformatter/s9e/parser.php @@ -228,6 +228,10 @@ class parser implements \phpbb\textformatter\parser_interface { $errors[] = array($msg); } + else if ($msg === 'INVALID_FONT_SIZE') + { + $errors[] = [$msg, $context['invalid_size']]; + } } // Deduplicate error messages. array_unique() only works on strings so we have to serialize @@ -335,6 +339,13 @@ class parser implements \phpbb\textformatter\parser_interface */ static public function filter_font_size($size, $max_size, Logger $logger) { + if (!is_int($size)) + { + $logger->err('INVALID_FONT_SIZE', ['invalid_size' => htmlspecialchars($size)]); + + return false; + } + if ($max_size && $size > $max_size) { $logger->err('MAX_FONT_SIZE_EXCEEDED', array('max_size' => $max_size)); -- cgit v1.2.1 From c934d3fcfdaaa1e8c2161577690fef9dcb41b1e1 Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Wed, 17 Jul 2019 22:02:32 +0200 Subject: [ticket/security/243] Limit size BBCode to 4 numeric characters SECURITY-243 --- phpBB/phpbb/textformatter/s9e/factory.php | 2 +- phpBB/phpbb/textformatter/s9e/parser.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'phpBB/phpbb') diff --git a/phpBB/phpbb/textformatter/s9e/factory.php b/phpBB/phpbb/textformatter/s9e/factory.php index 6191b9a315..d339e3311d 100644 --- a/phpBB/phpbb/textformatter/s9e/factory.php +++ b/phpBB/phpbb/textformatter/s9e/factory.php @@ -110,7 +110,7 @@ class factory implements \phpbb\textformatter\cache_interface 'i' => '', 'u' => '', 'img' => '{L_IMAGE}', - 'size' => '', + 'size' => 'font-size: %; line-height: normal', 'color' => '', 'email' => ' diff --git a/phpBB/phpbb/textformatter/s9e/parser.php b/phpBB/phpbb/textformatter/s9e/parser.php index e30bc2b0d9..1bc56a8cb4 100644 --- a/phpBB/phpbb/textformatter/s9e/parser.php +++ b/phpBB/phpbb/textformatter/s9e/parser.php @@ -339,7 +339,7 @@ class parser implements \phpbb\textformatter\parser_interface */ static public function filter_font_size($size, $max_size, Logger $logger) { - if (!is_int($size)) + if (!is_numeric($size)) { $logger->err('INVALID_FONT_SIZE', ['invalid_size' => htmlspecialchars($size)]); -- cgit v1.2.1 From f75577e5f858e43e202010f6889bd55096f75ea3 Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Thu, 18 Jul 2019 22:32:19 +0200 Subject: [ticket/security/243] Use bbcode.html like formatting SECURITY-243 --- phpBB/phpbb/textformatter/s9e/factory.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'phpBB/phpbb') diff --git a/phpBB/phpbb/textformatter/s9e/factory.php b/phpBB/phpbb/textformatter/s9e/factory.php index d339e3311d..dca1c78d40 100644 --- a/phpBB/phpbb/textformatter/s9e/factory.php +++ b/phpBB/phpbb/textformatter/s9e/factory.php @@ -110,7 +110,7 @@ class factory implements \phpbb\textformatter\cache_interface 'i' => '', 'u' => '', 'img' => '{L_IMAGE}', - 'size' => 'font-size: %; line-height: normal', + 'size' => 'font-size: %; line-height: normal', 'color' => '', 'email' => ' -- cgit v1.2.1 From 4555817a8b6dc3910fff0c26422a82aa769c8904 Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Sun, 11 Aug 2019 21:31:59 +0200 Subject: [ticket/security/247] Disable loading of local files on client side SECURITY-247 --- phpBB/phpbb/db/driver/mysqli.php | 3 +++ 1 file changed, 3 insertions(+) (limited to 'phpBB/phpbb') diff --git a/phpBB/phpbb/db/driver/mysqli.php b/phpBB/phpbb/db/driver/mysqli.php index d43e201526..b429ad97aa 100644 --- a/phpBB/phpbb/db/driver/mysqli.php +++ b/phpBB/phpbb/db/driver/mysqli.php @@ -68,6 +68,9 @@ class mysqli extends \phpbb\db\driver\mysql_base if ($this->db_connect_id && $this->dbname != '') { + // Disable loading local files on client side + @mysqli_options($this->db_connect_id, MYSQLI_OPT_LOCAL_INFILE, false); + @mysqli_query($this->db_connect_id, "SET NAMES 'utf8'"); // enforce strict mode on databases that support it -- cgit v1.2.1 From cc8d6a5a014c994fec8d8bdd61cd1fbc5506de6e Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Sat, 31 Aug 2019 18:13:24 +0200 Subject: [ticket/security/243] Fail silently on unsupported values for font size SECURITY-243 --- phpBB/phpbb/textformatter/s9e/parser.php | 13 +------------ 1 file changed, 1 insertion(+), 12 deletions(-) (limited to 'phpBB/phpbb') diff --git a/phpBB/phpbb/textformatter/s9e/parser.php b/phpBB/phpbb/textformatter/s9e/parser.php index 1bc56a8cb4..a36fc63141 100644 --- a/phpBB/phpbb/textformatter/s9e/parser.php +++ b/phpBB/phpbb/textformatter/s9e/parser.php @@ -228,10 +228,6 @@ class parser implements \phpbb\textformatter\parser_interface { $errors[] = array($msg); } - else if ($msg === 'INVALID_FONT_SIZE') - { - $errors[] = [$msg, $context['invalid_size']]; - } } // Deduplicate error messages. array_unique() only works on strings so we have to serialize @@ -339,13 +335,6 @@ class parser implements \phpbb\textformatter\parser_interface */ static public function filter_font_size($size, $max_size, Logger $logger) { - if (!is_numeric($size)) - { - $logger->err('INVALID_FONT_SIZE', ['invalid_size' => htmlspecialchars($size)]); - - return false; - } - if ($max_size && $size > $max_size) { $logger->err('MAX_FONT_SIZE_EXCEEDED', array('max_size' => $max_size)); @@ -353,7 +342,7 @@ class parser implements \phpbb\textformatter\parser_interface return false; } - if ($size < 1) + if ($size < 1 || !is_numeric($size)) { return false; } -- cgit v1.2.1 From b94464d06382a4b379d9dcd52f1bee757a4a0500 Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Sun, 8 Sep 2019 21:53:52 +0200 Subject: [prep-release-3.2.8] Add migration for 3.2.8 --- phpBB/phpbb/db/migration/data/v32x/v328.php | 36 +++++++++++++++++++++++++++++ 1 file changed, 36 insertions(+) create mode 100644 phpBB/phpbb/db/migration/data/v32x/v328.php (limited to 'phpBB/phpbb') diff --git a/phpBB/phpbb/db/migration/data/v32x/v328.php b/phpBB/phpbb/db/migration/data/v32x/v328.php new file mode 100644 index 0000000000..28ff2c7033 --- /dev/null +++ b/phpBB/phpbb/db/migration/data/v32x/v328.php @@ -0,0 +1,36 @@ + +* @license GNU General Public License, version 2 (GPL-2.0) +* +* For full copyright and license information, please see +* the docs/CREDITS.txt file. +* +*/ + +namespace phpbb\db\migration\data\v32x; + +class v328 extends \phpbb\db\migration\migration +{ + public function effectively_installed() + { + return phpbb_version_compare($this->config['version'], '3.2.8', '>='); + } + + static public function depends_on() + { + return array( + '\phpbb\db\migration\data\v32x\v328rc1', + ); + } + + public function update_data() + { + return array( + array('config.update', array('version', '3.2.8')), + ); + } +} -- cgit v1.2.1