diff options
| author | Marc Alexander <admin@m-a-styles.de> | 2014-09-07 11:41:44 +0200 |
|---|---|---|
| committer | Marc Alexander <admin@m-a-styles.de> | 2014-09-07 11:41:44 +0200 |
| commit | a0ee6ccdf3e8c6fc136687b672b98f8275008b9c (patch) | |
| tree | 26213a4a8886ac053f28638e0472e10891bd77ad | |
| parent | 297ab5c5260c37bf4db4f220911b4dc8f4ca2674 (diff) | |
| parent | d5801333f7c3724c82057eeccf522cf32c6a253b (diff) | |
| download | forums-a0ee6ccdf3e8c6fc136687b672b98f8275008b9c.tar forums-a0ee6ccdf3e8c6fc136687b672b98f8275008b9c.tar.gz forums-a0ee6ccdf3e8c6fc136687b672b98f8275008b9c.tar.bz2 forums-a0ee6ccdf3e8c6fc136687b672b98f8275008b9c.tar.xz forums-a0ee6ccdf3e8c6fc136687b672b98f8275008b9c.zip | |
Merge pull request #2925 from nickvergessen/ticket/12983
Ticket/12983 UCP preferences, Display posts ordering by: input is not properly validated
| -rw-r--r-- | phpBB/includes/ucp/ucp_prefs.php | 24 | ||||
| -rw-r--r-- | phpBB/language/en/common.php | 4 | ||||
| -rw-r--r-- | tests/functional/ucp_preferences_test.php | 85 |
3 files changed, 107 insertions, 6 deletions
diff --git a/phpBB/includes/ucp/ucp_prefs.php b/phpBB/includes/ucp/ucp_prefs.php index b0a8e8d374..3ff8fe9ada 100644 --- a/phpBB/includes/ucp/ucp_prefs.php +++ b/phpBB/includes/ucp/ucp_prefs.php @@ -223,11 +223,11 @@ class ucp_prefs $data = array( 'topic_sk' => request_var('topic_sk', (!empty($user->data['user_topic_sortby_type'])) ? $user->data['user_topic_sortby_type'] : 't'), 'topic_sd' => request_var('topic_sd', (!empty($user->data['user_topic_sortby_dir'])) ? $user->data['user_topic_sortby_dir'] : 'd'), - 'topic_st' => request_var('topic_st', (!empty($user->data['user_topic_show_days'])) ? $user->data['user_topic_show_days'] : 0), + 'topic_st' => request_var('topic_st', (!empty($user->data['user_topic_show_days'])) ? (int) $user->data['user_topic_show_days'] : 0), 'post_sk' => request_var('post_sk', (!empty($user->data['user_post_sortby_type'])) ? $user->data['user_post_sortby_type'] : 't'), 'post_sd' => request_var('post_sd', (!empty($user->data['user_post_sortby_dir'])) ? $user->data['user_post_sortby_dir'] : 'a'), - 'post_st' => request_var('post_st', (!empty($user->data['user_post_show_days'])) ? $user->data['user_post_show_days'] : 0), + 'post_st' => request_var('post_st', (!empty($user->data['user_post_show_days'])) ? (int) $user->data['user_post_show_days'] : 0), 'images' => request_var('images', (bool) $user->optionget('viewimg')), 'flash' => request_var('flash', (bool) $user->optionget('viewflash')), @@ -254,10 +254,22 @@ class ucp_prefs if ($submit) { $error = validate_data($data, array( - 'topic_sk' => array('string', false, 1, 1), - 'topic_sd' => array('string', false, 1, 1), - 'post_sk' => array('string', false, 1, 1), - 'post_sd' => array('string', false, 1, 1), + 'topic_sk' => array( + array('string', false, 1, 1), + array('match', false, '#(a|r|s|t|v)#'), + ), + 'topic_sd' => array( + array('string', false, 1, 1), + array('match', false, '#(a|d)#'), + ), + 'post_sk' => array( + array('string', false, 1, 1), + array('match', false, '#(a|s|t)#'), + ), + 'post_sd' => array( + array('string', false, 1, 1), + array('match', false, '#(a|d)#'), + ), )); if (!check_form_key('ucp_prefs_view')) diff --git a/phpBB/language/en/common.php b/phpBB/language/en/common.php index 783faa8fad..c27086fd38 100644 --- a/phpBB/language/en/common.php +++ b/phpBB/language/en/common.php @@ -864,6 +864,10 @@ $lang = array_merge($lang, array( 'WRONG_DATA_COLOUR' => 'The colour value you entered is invalid.', 'WRONG_DATA_JABBER' => 'The name you entered is not a valid Jabber account name.', 'WRONG_DATA_LANG' => 'The language you specified is not valid.', + 'WRONG_DATA_POST_SD' => 'The post sort direction you specified is not valid.', + 'WRONG_DATA_POST_SK' => 'The post sort option you specified is not valid.', + 'WRONG_DATA_TOPIC_SD' => 'The topic sort direction you specified is not valid.', + 'WRONG_DATA_TOPIC_SK' => 'The topic sort option you specified is not valid.', 'WROTE' => 'wrote', 'YAHOO' => 'Yahoo Messenger', diff --git a/tests/functional/ucp_preferences_test.php b/tests/functional/ucp_preferences_test.php new file mode 100644 index 0000000000..7ef325dc4b --- /dev/null +++ b/tests/functional/ucp_preferences_test.php @@ -0,0 +1,85 @@ +<?php +/** +* +* This file is part of the phpBB Forum Software package. +* +* @copyright (c) phpBB Limited <https://www.phpbb.com> +* @license GNU General Public License, version 2 (GPL-2.0) +* +* For full copyright and license information, please see +* the docs/CREDITS.txt file. +* +*/ + +/** +* @group functional +*/ +class phpbb_functional_ucp_preferences_test extends phpbb_functional_test_case +{ + public function test_submitting_preferences_view() + { + $this->add_lang('ucp'); + $this->login(); + + $crawler = self::request('GET', 'ucp.php?i=ucp_prefs&mode=view'); + $this->assertContainsLang('UCP_PREFS_VIEW', $crawler->filter('#cp-main h2')->text()); + + $form = $crawler->selectButton('Submit')->form(array( + 'topic_sk' => 'a', + 'topic_sd' => 'a', + 'topic_st' => '1', + 'post_sk' => 'a', + 'post_sd' => 'a', + 'post_st' => '1', + )); + + $crawler = self::submit($form); + $this->assertContainsLang('PREFERENCES_UPDATED', $crawler->filter('#message')->text()); + } + + public function test_submitting_invalid_preferences_view() + { + $this->add_lang('ucp'); + $this->login(); + + $crawler = self::request('GET', 'ucp.php?i=ucp_prefs&mode=view'); + $this->assertContainsLang('UCP_PREFS_VIEW', $crawler->filter('#cp-main h2')->text()); + $form = $crawler->selectButton('Submit')->form(); + + if (!method_exists($form, 'disableValidation')) + { + $this->markTestIncomplete('The crawler cannot select invalid values, until Symfony 2.4!'); + } + + $form = $form->disableValidation(); + $form['topic_sk']->select('z'); + $form['topic_sd']->select('z'); + $form['topic_st']->select('test'); + $form['post_sk']->select('z'); + $form['post_sd']->select('z'); + $form['post_st']->select('test'); + + $crawler = self::submit($form); + $this->assertContainsLang('WRONG_DATA_POST_SD', $crawler->filter('#cp-main')->text()); + $this->assertContainsLang('WRONG_DATA_POST_SK', $crawler->filter('#cp-main')->text()); + $this->assertContainsLang('WRONG_DATA_TOPIC_SD', $crawler->filter('#cp-main')->text()); + $this->assertContainsLang('WRONG_DATA_TOPIC_SK', $crawler->filter('#cp-main')->text()); + } + + public function test_read_preferences_view() + { + $this->add_lang('ucp'); + $this->login(); + + $crawler = self::request('GET', 'ucp.php?i=ucp_prefs&mode=view'); + $this->assertContainsLang('UCP_PREFS_VIEW', $crawler->filter('#cp-main h2')->text()); + $form = $crawler->selectButton('Submit')->form(); + + $this->assertEquals('a', $form->get('topic_sk')->getValue()); + $this->assertEquals('a', $form->get('topic_sd')->getValue()); + $this->assertEquals('1', $form->get('topic_st')->getValue()); + $this->assertEquals('a', $form->get('post_sk')->getValue()); + $this->assertEquals('a', $form->get('post_sd')->getValue()); + $this->assertEquals('1', $form->get('post_st')->getValue()); + } +} |