diff options
| author | Joas Schilling <nickvergessen@gmx.de> | 2016-01-09 18:42:07 +0100 |
|---|---|---|
| committer | Joas Schilling <nickvergessen@gmx.de> | 2016-01-09 18:42:07 +0100 |
| commit | fd5e66cbf11ac3e49007369ece339bc937517d93 (patch) | |
| tree | b625c33c00c30ce65d72c79f9b3fc68f5c8f038a /phpBB | |
| parent | d64680983a5fa06a737a1ae7e164cb7f67a5a53c (diff) | |
| parent | 85e98a9d702cf179dc09a6ad077fac23bb28ae38 (diff) | |
| download | forums-fd5e66cbf11ac3e49007369ece339bc937517d93.tar forums-fd5e66cbf11ac3e49007369ece339bc937517d93.tar.gz forums-fd5e66cbf11ac3e49007369ece339bc937517d93.tar.bz2 forums-fd5e66cbf11ac3e49007369ece339bc937517d93.tar.xz forums-fd5e66cbf11ac3e49007369ece339bc937517d93.zip | |
Merge branch 'prep-release-3.1.7' into 3.1.x
Conflicts:
build/build.xml
phpBB/includes/constants.php
phpBB/install/schemas/schema_data.sql
Diffstat (limited to 'phpBB')
| -rw-r--r-- | phpBB/docs/CHANGELOG.html | 12 | ||||
| -rw-r--r-- | phpBB/includes/acp/acp_bbcodes.php | 6 | ||||
| -rw-r--r-- | phpBB/includes/acp/acp_extensions.php | 2 | ||||
| -rw-r--r-- | phpBB/phpbb/db/migration/data/v31x/v317pl1.php | 31 |
4 files changed, 49 insertions, 2 deletions
diff --git a/phpBB/docs/CHANGELOG.html b/phpBB/docs/CHANGELOG.html index a59ea31509..97998e7d00 100644 --- a/phpBB/docs/CHANGELOG.html +++ b/phpBB/docs/CHANGELOG.html @@ -49,6 +49,7 @@ <ol> <li><a href="#changelog">Changelog</a> <ul> + <li><a href="#v317">Changes since 3.1.7</a></li> <li><a href="#v316">Changes since 3.1.6</a></li> <li><a href="#v315">Changes since 3.1.5</a></li> <li><a href="#v314">Changes since 3.1.4</a></li> @@ -114,6 +115,17 @@ <div class="content"> + <a name="v317"></a><h3>Changes since 3.1.7</h3> + + <h4>Security Issue</h4> + <ul> + <li>[SECURITY-188] - Check form key in acp_bbcodes</li> + </ul> + <h4>Bug</h4> + <ul> + <li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-14343">PHPBB3-14343</a>] - Undefined variable $phpbb_dispatcher when (un-)locking a topic or post</li> + </ul> + <a name="v316"></a><h3>Changes since 3.1.6</h3> <h4>Bug</h4> diff --git a/phpBB/includes/acp/acp_bbcodes.php b/phpBB/includes/acp/acp_bbcodes.php index e245eea069..35ac33882e 100644 --- a/phpBB/includes/acp/acp_bbcodes.php +++ b/phpBB/includes/acp/acp_bbcodes.php @@ -33,6 +33,7 @@ class acp_bbcodes // Set up general vars $action = request_var('action', ''); $bbcode_id = request_var('bbcode', 0); + $submit = $request->is_set_post('submit'); $this->tpl_name = 'acp_bbcodes'; $this->page_title = 'ACP_BBCODES'; @@ -40,6 +41,11 @@ class acp_bbcodes add_form_key($form_key); + if ($submit && !check_form_key($form_key)) + { + trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING); + } + // Set up mode-specific vars switch ($action) { diff --git a/phpBB/includes/acp/acp_extensions.php b/phpBB/includes/acp/acp_extensions.php index a3849d8ba1..23a004fdc1 100644 --- a/phpBB/includes/acp/acp_extensions.php +++ b/phpBB/includes/acp/acp_extensions.php @@ -121,8 +121,6 @@ class acp_extensions 'U_ACTION' => $this->u_action, )); - add_form_key('version_check_settings'); - $this->tpl_name = 'acp_ext_list'; break; diff --git a/phpBB/phpbb/db/migration/data/v31x/v317pl1.php b/phpBB/phpbb/db/migration/data/v31x/v317pl1.php new file mode 100644 index 0000000000..2e1b0e9b9d --- /dev/null +++ b/phpBB/phpbb/db/migration/data/v31x/v317pl1.php @@ -0,0 +1,31 @@ +<?php +/** +* +* This file is part of the phpBB Forum Software package. +* +* @copyright (c) phpBB Limited <https://www.phpbb.com> +* @license GNU General Public License, version 2 (GPL-2.0) +* +* For full copyright and license information, please see +* the docs/CREDITS.txt file. +* +*/ + +namespace phpbb\db\migration\data\v31x; + +class v317pl1 extends \phpbb\db\migration\migration +{ + static public function depends_on() + { + return array( + '\phpbb\db\migration\data\v31x\v317', + ); + } + + public function update_data() + { + return array( + array('config.update', array('version', '3.1.7-pl1')), + ); + } +} |