diff options
| -rw-r--r-- | phpBB/adm/style/acp_database.html | 2 | ||||
| -rw-r--r-- | phpBB/adm/style/acp_users_prefs.html | 2 | ||||
| -rw-r--r-- | phpBB/config/default/container/services_content.yml | 1 | ||||
| -rw-r--r-- | phpBB/includes/acp/acp_database.php | 206 | ||||
| -rw-r--r-- | phpBB/includes/functions_user.php | 32 | ||||
| -rw-r--r-- | phpBB/includes/ucp/ucp_pm_viewfolder.php | 2 | ||||
| -rw-r--r-- | phpBB/index.php | 11 | ||||
| -rw-r--r-- | phpBB/language/en/acp/database.php | 13 | ||||
| -rw-r--r-- | phpBB/language/en/ucp.php | 2 | ||||
| -rw-r--r-- | phpBB/memberlist.php | 144 | ||||
| -rw-r--r-- | phpBB/phpbb/auth/provider/oauth/oauth.php | 21 | ||||
| -rw-r--r-- | phpBB/phpbb/message/admin_form.php | 30 | ||||
| -rw-r--r-- | phpBB/styles/prosilver/template/login_body_oauth.html | 10 | ||||
| -rw-r--r-- | phpBB/styles/prosilver/template/ucp_auth_link_oauth.html | 2 | ||||
| -rw-r--r-- | phpBB/styles/prosilver/theme/cp.css | 3 | ||||
| -rw-r--r-- | tests/dbal/migrator_tool_permission_test.php | 4 | ||||
| -rw-r--r-- | tests/functions/validate_username_test.php | 11 | ||||
| -rw-r--r-- | tests/test_framework/phpbb_ui_test_case.php | 7 |
18 files changed, 322 insertions, 181 deletions
diff --git a/phpBB/adm/style/acp_database.html b/phpBB/adm/style/acp_database.html index 39f06319f9..ed0f4dd453 100644 --- a/phpBB/adm/style/acp_database.html +++ b/phpBB/adm/style/acp_database.html @@ -20,7 +20,6 @@ <p class="submit-buttons"> <input class="button1" type="submit" id="submit" name="submit" value="{L_START_RESTORE}" /> <input class="button2" type="submit" id="delete" name="delete" value="{L_DELETE_BACKUP}" /> - <input class="button2" type="submit" id="download" name="download" value="{L_DOWNLOAD_BACKUP}" /> </p> {S_FORM_TOKEN} </fieldset> @@ -72,7 +71,6 @@ <dt><label for="where">{L_ACTION}{L_COLON}</label></dt> <dd> <label><input id="where" type="radio" class="radio" name="where" value="store" checked="checked" /> {L_STORE_LOCAL}</label> - <label><input type="radio" class="radio" name="where" value="download" /> {L_DOWNLOAD}</label> </dd> </dl> <dl> diff --git a/phpBB/adm/style/acp_users_prefs.html b/phpBB/adm/style/acp_users_prefs.html index 61904adc23..484c5b3976 100644 --- a/phpBB/adm/style/acp_users_prefs.html +++ b/phpBB/adm/style/acp_users_prefs.html @@ -33,7 +33,7 @@ <dt><label for="notifymethod">{L_NOTIFY_METHOD}{L_COLON}</label><br /><span>{L_NOTIFY_METHOD_EXPLAIN}</span></dt> <dd><label><input type="radio" class="radio" name="notifymethod" value="0"<!-- IF NOTIFY_EMAIL --> id="notifymethod" checked="checked"<!-- ENDIF --> /> {L_NOTIFY_METHOD_EMAIL}</label> <label><input type="radio" class="radio" name="notifymethod" value="1"<!-- IF NOTIFY_IM --> id="notifymethod" checked="checked"<!-- ENDIF --><!-- IF S_JABBER_DISABLED --> disabled="disabled"<!-- ENDIF --> /> {L_NOTIFY_METHOD_IM}</label> - <label><input type="radio" class="radio" name="notifymethod" value="2"<!-- IF NOTIFY_BOTH --> id="notifymethod" checked="checked"<!-- ENDIF --> /> {L_NOTIFY_METHOD_BOTH}</label></dd> + <label><input type="radio" class="radio" name="notifymethod" value="2"<!-- IF NOTIFY_BOTH --> id="notifymethod" checked="checked"<!-- ENDIF --><!-- IF S_JABBER_DISABLED --> disabled="disabled"<!-- ENDIF --> /> {L_NOTIFY_METHOD_BOTH}</label></dd> </dl> <dl> <dt><label for="notifypm">{L_NOTIFY_ON_PM}{L_COLON}</label></dt> diff --git a/phpBB/config/default/container/services_content.yml b/phpBB/config/default/container/services_content.yml index 602fd25f4e..6717c20337 100644 --- a/phpBB/config/default/container/services_content.yml +++ b/phpBB/config/default/container/services_content.yml @@ -35,6 +35,7 @@ services: - '@config_text' - '@dbal.conn' - '@user' + - '@dispatcher' - '%core.root_path%' - '%core.php_ext%' diff --git a/phpBB/includes/acp/acp_database.php b/phpBB/includes/acp/acp_database.php index 19c4f6e4f1..05f2b98524 100644 --- a/phpBB/includes/acp/acp_database.php +++ b/phpBB/includes/acp/acp_database.php @@ -23,6 +23,7 @@ class acp_database { var $db_tools; var $u_action; + public $page_title; function main($id, $mode) { @@ -69,18 +70,13 @@ class acp_database trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING); } - $store = $download = $structure = $schema_data = false; + $store = $structure = $schema_data = false; - if ($where == 'store_and_download' || $where == 'store') + if ($where == 'store') { $store = true; } - if ($where == 'store_and_download' || $where == 'download') - { - $download = true; - } - if ($type == 'full' || $type == 'structure') { $structure = true; @@ -98,8 +94,9 @@ class acp_database $filename = 'backup_' . $time . '_' . unique_id(); + /** @var phpbb\db\extractor\extractor_interface $extractor Database extractor */ $extractor = $phpbb_container->get('dbal.extractor'); - $extractor->init_extractor($format, $filename, $time, $download, $store); + $extractor->init_extractor($format, $filename, $time, false, $store); $extractor->write_start($table_prefix); @@ -145,11 +142,6 @@ class acp_database $phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_DB_BACKUP'); - if ($download == true) - { - exit; - } - trigger_error($user->lang['BACKUP_SUCCESS'] . adm_back_link($this->u_action)); break; @@ -201,16 +193,10 @@ class acp_database case 'submit': $delete = $request->variable('delete', ''); $file = $request->variable('file', ''); - $download = $request->variable('download', ''); - if (!preg_match('#^backup_\d{10,}_(?:[a-z\d]{16}|[a-z\d]{32})\.(sql(?:\.(?:gz|bz2))?)$#i', $file, $matches)) - { - trigger_error($user->lang['BACKUP_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING); - } + $backup_info = $this->get_backup_file($phpbb_root_path . 'store/', $file); - $file_name = $phpbb_root_path . 'store/' . $matches[0]; - - if (!file_exists($file_name) || !is_readable($file_name)) + if (empty($backup_info) || !is_readable($backup_info['file_name'])) { trigger_error($user->lang['BACKUP_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING); } @@ -219,7 +205,7 @@ class acp_database { if (confirm_box(true)) { - unlink($file_name); + unlink($backup_info['file_name']); $phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_DB_DELETE'); trigger_error($user->lang['BACKUP_DELETE'] . adm_back_link($this->u_action)); } @@ -228,50 +214,12 @@ class acp_database confirm_box(false, $user->lang['DELETE_SELECTED_BACKUP'], build_hidden_fields(array('delete' => $delete, 'file' => $file))); } } - else if ($download || confirm_box(true)) + else if (confirm_box(true)) { - if ($download) - { - $name = $matches[0]; - - switch ($matches[1]) - { - case 'sql': - $mimetype = 'text/x-sql'; - break; - case 'sql.bz2': - $mimetype = 'application/x-bzip2'; - break; - case 'sql.gz': - $mimetype = 'application/x-gzip'; - break; - } - - header('Cache-Control: private, no-cache'); - header("Content-Type: $mimetype; name=\"$name\""); - header("Content-disposition: attachment; filename=$name"); - - @set_time_limit(0); - - $fp = @fopen($file_name, 'rb'); - - if ($fp !== false) - { - while (!feof($fp)) - { - echo fread($fp, 8192); - } - fclose($fp); - } - - flush(); - exit; - } - - switch ($matches[1]) + switch ($backup_info['extensions']) { case 'sql': - $fp = fopen($file_name, 'rb'); + $fp = fopen($backup_info['file_name'], 'rb'); $read = 'fread'; $seek = 'fseek'; $eof = 'feof'; @@ -280,7 +228,7 @@ class acp_database break; case 'sql.bz2': - $fp = bzopen($file_name, 'r'); + $fp = bzopen($backup_info['file_name'], 'r'); $read = 'bzread'; $seek = ''; $eof = 'feof'; @@ -289,13 +237,17 @@ class acp_database break; case 'sql.gz': - $fp = gzopen($file_name, 'rb'); + $fp = gzopen($backup_info['file_name'], 'rb'); $read = 'gzread'; $seek = 'gzseek'; $eof = 'gzeof'; $close = 'gzclose'; $fgetd = 'fgetd'; break; + + default: + trigger_error($user->lang['BACKUP_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING); + return; } switch ($db->get_sql_layer()) @@ -375,43 +327,13 @@ class acp_database trigger_error($user->lang['RESTORE_SUCCESS'] . adm_back_link($this->u_action)); break; } - else if (!$download) + else { confirm_box(false, $user->lang['RESTORE_SELECTED_BACKUP'], build_hidden_fields(array('file' => $file))); } default: - $methods = array('sql'); - $available_methods = array('sql.gz' => 'zlib', 'sql.bz2' => 'bz2'); - - foreach ($available_methods as $type => $module) - { - if (!@extension_loaded($module)) - { - continue; - } - $methods[] = $type; - } - - $dir = $phpbb_root_path . 'store/'; - $dh = @opendir($dir); - - $backup_files = array(); - - if ($dh) - { - while (($file = readdir($dh)) !== false) - { - if (preg_match('#^backup_(\d{10,})_(?:[a-z\d]{16}|[a-z\d]{32})\.(sql(?:\.(?:gz|bz2))?)$#i', $file, $matches)) - { - if (in_array($matches[2], $methods)) - { - $backup_files[(int) $matches[1]] = $file; - } - } - } - closedir($dh); - } + $backup_files = $this->get_file_list($phpbb_root_path . 'store/'); if (!empty($backup_files)) { @@ -420,8 +342,8 @@ class acp_database foreach ($backup_files as $name => $file) { $template->assign_block_vars('files', array( - 'FILE' => $file, - 'NAME' => $user->format_date($name, 'd-m-Y H:i:s', true), + 'FILE' => sha1($file), + 'NAME' => $user->format_date($name, 'd-m-Y H:i', true), 'SUPPORTED' => true, )); } @@ -435,6 +357,92 @@ class acp_database break; } } + + /** + * Get backup file from file hash + * + * @param string $directory Relative path to directory + * @param string $file_hash Hash of selected file + * + * @return array Backup file data or empty array if unable to find file + */ + protected function get_backup_file($directory, $file_hash) + { + $backup_data = []; + + $file_list = $this->get_file_list($directory); + $supported_extensions = $this->get_supported_extensions(); + + foreach ($file_list as $file) + { + preg_match('#^backup_(\d{10,})_(?:[a-z\d]{16}|[a-z\d]{32})\.(sql(?:\.(?:gz|bz2))?)$#i', $file, $matches); + if (sha1($file) === $file_hash && in_array($matches[2], $supported_extensions)) + { + $backup_data = [ + 'file_name' => $directory . $file, + 'extension' => $matches[2], + ]; + break; + } + } + + return $backup_data; + } + + /** + * Get backup file list for directory + * + * @param string $directory Relative path to backup directory + * + * @return array List of backup files in specified directory + */ + protected function get_file_list($directory) + { + $supported_extensions = $this->get_supported_extensions(); + + $dh = @opendir($directory); + + $backup_files = []; + + if ($dh) + { + while (($file = readdir($dh)) !== false) + { + if (preg_match('#^backup_(\d{10,})_(?:[a-z\d]{16}|[a-z\d]{32})\.(sql(?:\.(?:gz|bz2))?)$#i', $file, $matches)) + { + if (in_array($matches[2], $supported_extensions)) + { + $backup_files[(int) $matches[1]] = $file; + } + } + } + closedir($dh); + } + + return $backup_files; + } + + /** + * Get supported extensions for backup + * + * @return array List of supported extensions + */ + protected function get_supported_extensions() + { + $extensions = ['sql']; + $available_methods = ['sql.gz' => 'zlib', 'sql.bz2' => 'bz2']; + + foreach ($available_methods as $type => $module) + { + if (!@extension_loaded($module)) + { + continue; + } + $extensions[] = $type; + } + + return $extensions; + } } // get how much space we allow for a chunk of data, very similar to phpMyAdmin's way of doing things ;-) (hey, we only do this for MySQL anyway :P) diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php index 5f2dea3b94..d86470adf9 100644 --- a/phpBB/includes/functions_user.php +++ b/phpBB/includes/functions_user.php @@ -1718,16 +1718,20 @@ function phpbb_validate_timezone($timezone) return (in_array($timezone, phpbb_get_timezone_identifiers($timezone))) ? false : 'TIMEZONE_INVALID'; } -/** -* Check to see if the username has been taken, or if it is disallowed. -* Also checks if it includes the " character, which we don't allow in usernames. -* Used for registering, changing names, and posting anonymously with a username -* -* @param string $username The username to check -* @param string $allowed_username An allowed username, default being $user->data['username'] -* -* @return mixed Either false if validation succeeded or a string which will be used as the error message (with the variable name appended) -*/ +/*** + * Validate Username + * + * Check to see if the username has been taken, or if it is disallowed. + * Also checks if it includes the " character or the 4-bytes Unicode ones + * (aka emojis) which we don't allow in usernames. + * Used for registering, changing names, and posting anonymously with a username + * + * @param string $username The username to check + * @param string $allowed_username An allowed username, default being $user->data['username'] + * + * @return mixed Either false if validation succeeded or a string which will be + * used as the error message (with the variable name appended) + */ function validate_username($username, $allowed_username = false) { global $config, $db, $user, $cache; @@ -1740,6 +1744,14 @@ function validate_username($username, $allowed_username = false) return false; } + // The very first check is for + // out-of-bounds characters that are currently + // not supported by utf8_bin in MySQL + if (preg_match('/[\x{10000}-\x{10FFFF}]/u', $username)) + { + return 'INVALID_EMOJIS'; + } + // ... fast checks first. if (strpos($username, '"') !== false || strpos($username, '"') !== false || empty($clean_username)) { diff --git a/phpBB/includes/ucp/ucp_pm_viewfolder.php b/phpBB/includes/ucp/ucp_pm_viewfolder.php index 2acc528b9f..a0b535d683 100644 --- a/phpBB/includes/ucp/ucp_pm_viewfolder.php +++ b/phpBB/includes/ucp/ucp_pm_viewfolder.php @@ -39,7 +39,7 @@ function view_folder($id, $mode, $folder_id, $folder) // Grab icons $icons = $cache->obtain_icons(); - $color_rows = array('marked', 'replied'); + $color_rows = array('message_reported', 'marked', 'replied'); $_module = new p_master(); $_module->list_modules('ucp'); diff --git a/phpBB/index.php b/phpBB/index.php index 4e37782206..13b914abd3 100644 --- a/phpBB/index.php +++ b/phpBB/index.php @@ -55,6 +55,17 @@ if (($mark_notification = $request->variable('mark_notification', 0))) $notification->mark_read(); + /** + * You can use this event to perform additional tasks or redirect user elsewhere. + * + * @event core.index_mark_notification_after + * @var int mark_notification Notification ID + * @var \phpbb\notification\type\type_interface notification Notification instance + * @since 3.2.6-RC1 + */ + $vars = array('mark_notification', 'notification'); + extract($phpbb_dispatcher->trigger_event('core.index_mark_notification_after', compact($vars))); + if ($request->is_ajax()) { $json_response = new \phpbb\json_response(); diff --git a/phpBB/language/en/acp/database.php b/phpBB/language/en/acp/database.php index ab85701eaa..302aaee570 100644 --- a/phpBB/language/en/acp/database.php +++ b/phpBB/language/en/acp/database.php @@ -38,14 +38,15 @@ if (empty($lang) || !is_array($lang)) // Database Backup/Restore $lang = array_merge($lang, array( - 'ACP_BACKUP_EXPLAIN' => 'Here you can backup all your phpBB related data. You may store the resulting archive in your <samp>store/</samp> folder or download it directly. Depending on your server configuration you may be able to compress the file in a number of formats.', + 'ACP_BACKUP_EXPLAIN' => 'Here you can backup all your phpBB related data. The resulting archive will be stored in your <samp>store/</samp> folder. Depending on your server configuration you may be able to compress the file in a number of formats.', 'ACP_RESTORE_EXPLAIN' => 'This will perform a full restore of all phpBB tables from a saved file. If your server supports it you may use a gzip or bzip2 compressed text file and it will automatically be decompressed. <strong>WARNING</strong> This will overwrite any existing data. The restore may take a long time to process please do not move from this page till it is complete. Backups are stored in the <samp>store/</samp> folder and are assumed to be generated by phpBB’s backup functionality. Restoring backups that were not created by the built in system may or may not work.', - 'BACKUP_DELETE' => 'The backup file has been deleted successfully.', - 'BACKUP_INVALID' => 'The selected file to backup is invalid.', - 'BACKUP_OPTIONS' => 'Backup options', - 'BACKUP_SUCCESS' => 'The backup file has been created successfully.', - 'BACKUP_TYPE' => 'Backup type', + 'BACKUP_DELETE' => 'The backup file has been deleted successfully.', + 'BACKUP_INVALID' => 'The selected file to backup is invalid.', + 'BACKUP_NOT_SUPPORTED' => 'The selected backup is not supported', + 'BACKUP_OPTIONS' => 'Backup options', + 'BACKUP_SUCCESS' => 'The backup file has been created successfully.', + 'BACKUP_TYPE' => 'Backup type', 'DATABASE' => 'Database utilities', 'DATA_ONLY' => 'Data only', diff --git a/phpBB/language/en/ucp.php b/phpBB/language/en/ucp.php index 5875099fb8..2622fb57b7 100644 --- a/phpBB/language/en/ucp.php +++ b/phpBB/language/en/ucp.php @@ -272,6 +272,7 @@ $lang = array_merge($lang, array( 'IMPORTANT_NEWS' => 'Important announcements', 'INVALID_USER_BIRTHDAY' => 'The entered birthday is not a valid date.', 'INVALID_CHARS_USERNAME' => 'The username contains forbidden characters.', + 'INVALID_EMOJIS_USERNAME' => 'The username contains forbidden characters (Emoji).', 'INVALID_CHARS_NEW_PASSWORD'=> 'The password does not contain the required characters.', 'ITEMS_REQUIRED' => 'The items marked with * are required profile fields and need to be filled out.', @@ -302,6 +303,7 @@ $lang = array_merge($lang, array( 'MESSAGE_EDITED' => 'Message successfully edited.', 'MESSAGE_HISTORY' => 'Message history', 'MESSAGE_REMOVED_FROM_OUTBOX' => 'This message was deleted by its author.', + 'MESSAGE_REPORTED_MESSAGE' => 'Reported message', 'MESSAGE_SENT_ON' => 'on', 'MESSAGE_STORED' => 'This message has been sent successfully.', 'MESSAGE_TO' => 'To', diff --git a/phpBB/memberlist.php b/phpBB/memberlist.php index e247b23c6e..b26d7c8f94 100644 --- a/phpBB/memberlist.php +++ b/phpBB/memberlist.php @@ -763,42 +763,58 @@ switch ($mode) $member['posts_in_queue'] = 0; } - $template->assign_vars(array( - 'L_POSTS_IN_QUEUE' => $user->lang('NUM_POSTS_IN_QUEUE', $member['posts_in_queue']), - - 'POSTS_DAY' => $user->lang('POST_DAY', $posts_per_day), - 'POSTS_PCT' => $user->lang('POST_PCT', $percentage), - - 'SIGNATURE' => $member['user_sig'], - 'POSTS_IN_QUEUE'=> $member['posts_in_queue'], - - 'PM_IMG' => $user->img('icon_contact_pm', $user->lang['SEND_PRIVATE_MESSAGE']), - 'L_SEND_EMAIL_USER' => $user->lang('SEND_EMAIL_USER', $member['username']), - 'EMAIL_IMG' => $user->img('icon_contact_email', $user->lang['EMAIL']), - 'JABBER_IMG' => $user->img('icon_contact_jabber', $user->lang['JABBER']), - 'SEARCH_IMG' => $user->img('icon_user_search', $user->lang['SEARCH']), - - 'S_PROFILE_ACTION' => append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=group'), - 'S_GROUP_OPTIONS' => $group_options, - 'S_CUSTOM_FIELDS' => (isset($profile_fields['row']) && count($profile_fields['row'])) ? true : false, - - 'U_USER_ADMIN' => ($auth->acl_get('a_user')) ? append_sid("{$phpbb_admin_path}index.$phpEx", 'i=users&mode=overview&u=' . $user_id, true, $user->session_id) : '', - 'U_USER_BAN' => ($auth->acl_get('m_ban') && $user_id != $user->data['user_id']) ? append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=ban&mode=user&u=' . $user_id, true, $user->session_id) : '', - 'U_MCP_QUEUE' => ($auth->acl_getf_global('m_approve')) ? append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=queue', true, $user->session_id) : '', - - 'U_SWITCH_PERMISSIONS' => ($auth->acl_get('a_switchperm') && $user->data['user_id'] != $user_id) ? append_sid("{$phpbb_root_path}ucp.$phpEx", "mode=switch_perm&u={$user_id}&hash=" . generate_link_hash('switchperm')) : '', - 'U_EDIT_SELF' => ($user_id == $user->data['user_id'] && $auth->acl_get('u_chgprofileinfo')) ? append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=ucp_profile&mode=profile_info') : '', + // Define the main array of vars to assign to memberlist_view.html + $template_ary = array( + 'L_POSTS_IN_QUEUE' => $user->lang('NUM_POSTS_IN_QUEUE', $member['posts_in_queue']), + + 'POSTS_DAY' => $user->lang('POST_DAY', $posts_per_day), + 'POSTS_PCT' => $user->lang('POST_PCT', $percentage), + + 'SIGNATURE' => $member['user_sig'], + 'POSTS_IN_QUEUE' => $member['posts_in_queue'], + + 'PM_IMG' => $user->img('icon_contact_pm', $user->lang['SEND_PRIVATE_MESSAGE']), + 'L_SEND_EMAIL_USER' => $user->lang('SEND_EMAIL_USER', $member['username']), + 'EMAIL_IMG' => $user->img('icon_contact_email', $user->lang['EMAIL']), + 'JABBER_IMG' => $user->img('icon_contact_jabber', $user->lang['JABBER']), + 'SEARCH_IMG' => $user->img('icon_user_search', $user->lang['SEARCH']), + + 'S_PROFILE_ACTION' => append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=group'), + 'S_GROUP_OPTIONS' => $group_options, + 'S_CUSTOM_FIELDS' => (isset($profile_fields['row']) && count($profile_fields['row'])) ? true : false, + + 'U_USER_ADMIN' => ($auth->acl_get('a_user')) ? append_sid("{$phpbb_admin_path}index.$phpEx", 'i=users&mode=overview&u=' . $user_id, true, $user->session_id) : '', + 'U_USER_BAN' => ($auth->acl_get('m_ban') && $user_id != $user->data['user_id']) ? append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=ban&mode=user&u=' . $user_id, true, $user->session_id) : '', + 'U_MCP_QUEUE' => ($auth->acl_getf_global('m_approve')) ? append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=queue', true, $user->session_id) : '', + + 'U_SWITCH_PERMISSIONS' => ($auth->acl_get('a_switchperm') && $user->data['user_id'] != $user_id) ? append_sid("{$phpbb_root_path}ucp.$phpEx", "mode=switch_perm&u={$user_id}&hash=" . generate_link_hash('switchperm')) : '', + 'U_EDIT_SELF' => ($user_id == $user->data['user_id'] && $auth->acl_get('u_chgprofileinfo')) ? append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=ucp_profile&mode=profile_info') : '', + + 'S_USER_NOTES' => ($user_notes_enabled) ? true : false, + 'S_WARN_USER' => ($warn_user_enabled) ? true : false, + 'S_ZEBRA' => ($user->data['user_id'] != $user_id && $user->data['is_registered'] && $zebra_enabled) ? true : false, + 'U_ADD_FRIEND' => (!$friend && !$foe && $friends_enabled) ? append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=zebra&add=' . urlencode(htmlspecialchars_decode($member['username']))) : '', + 'U_ADD_FOE' => (!$friend && !$foe && $foes_enabled) ? append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=zebra&mode=foes&add=' . urlencode(htmlspecialchars_decode($member['username']))) : '', + 'U_REMOVE_FRIEND' => ($friend && $friends_enabled) ? append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=zebra&remove=1&usernames[]=' . $user_id) : '', + 'U_REMOVE_FOE' => ($foe && $foes_enabled) ? append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=zebra&remove=1&mode=foes&usernames[]=' . $user_id) : '', + + 'U_CANONICAL' => generate_board_url() . '/' . append_sid("memberlist.$phpEx", 'mode=viewprofile&u=' . $user_id, true, ''), + ); - 'S_USER_NOTES' => ($user_notes_enabled) ? true : false, - 'S_WARN_USER' => ($warn_user_enabled) ? true : false, - 'S_ZEBRA' => ($user->data['user_id'] != $user_id && $user->data['is_registered'] && $zebra_enabled) ? true : false, - 'U_ADD_FRIEND' => (!$friend && !$foe && $friends_enabled) ? append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=zebra&add=' . urlencode(htmlspecialchars_decode($member['username']))) : '', - 'U_ADD_FOE' => (!$friend && !$foe && $foes_enabled) ? append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=zebra&mode=foes&add=' . urlencode(htmlspecialchars_decode($member['username']))) : '', - 'U_REMOVE_FRIEND' => ($friend && $friends_enabled) ? append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=zebra&remove=1&usernames[]=' . $user_id) : '', - 'U_REMOVE_FOE' => ($foe && $foes_enabled) ? append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=zebra&remove=1&mode=foes&usernames[]=' . $user_id) : '', + /** + * Modify user's template vars before we display the profile + * + * @event core.memberlist_modify_view_profile_template_vars + * @var array template_ary Array with user's template vars + * @since 3.2.6-RC1 + */ + $vars = array( + 'template_ary', + ); + extract($phpbb_dispatcher->trigger_event('core.memberlist_modify_view_profile_template_vars', compact($vars))); - 'U_CANONICAL' => generate_board_url() . '/' . append_sid("memberlist.$phpEx", 'mode=viewprofile&u=' . $user_id, true, ''), - )); + // Assign vars to memberlist_view.html + $template->assign_vars($template_ary); if (!empty($profile_fields['row'])) { @@ -1556,19 +1572,58 @@ switch ($mode) // Do the SQL thang if ($mode == 'group') { - $sql = "SELECT u.* - $sql_select - FROM " . USERS_TABLE . " u - $sql_from - WHERE " . $db->sql_in_set('u.user_id', $user_list) . " - $sql_where_data"; + $sql_from_ary = explode(',', $sql_from); + $extra_tables = []; + foreach ($sql_from_ary as $entry) + { + $table_data = explode(' ', trim($entry)); + + if (empty($table_data[0]) || empty($table_data[1])) + { + continue; + } + + $extra_tables[$table_data[0]] = $table_data[1]; + } + + $sql_array = array( + 'SELECT' => 'u.*' . $sql_select, + 'FROM' => array_merge([USERS_TABLE => 'u'], $extra_tables), + 'WHERE' => $db->sql_in_set('u.user_id', $user_list) . $sql_where_data . '', + ); } else { - $sql = 'SELECT * - FROM ' . USERS_TABLE . ' - WHERE ' . $db->sql_in_set('user_id', $user_list); + $sql_array = array( + 'SELECT' => 'u.*', + 'FROM' => array( + USERS_TABLE => 'u' + ), + 'WHERE' => $db->sql_in_set('u.user_id', $user_list), + ); } + + /** + * Modify user data SQL before member row is created + * + * @event core.memberlist_modify_memberrow_sql + * @var string mode Memberlist mode + * @var string sql_select Additional select statement + * @var string sql_from Additional from statement + * @var array sql_array Array containing the main query + * @var array user_list Array containing list of users + * @since 3.2.6-RC1 + */ + $vars = array( + 'mode', + 'sql_select', + 'sql_from', + 'sql_array', + 'user_list', + ); + extract($phpbb_dispatcher->trigger_event('core.memberlist_modify_memberrow_sql', compact($vars))); + + $sql = $db->sql_build_query('SELECT', $sql_array); $result = $db->sql_query($sql); $id_cache = array(); @@ -1579,9 +1634,10 @@ switch ($mode) $id_cache[$row['user_id']] = $row; } + $db->sql_freeresult($result); - // Load custom profile fields + // Load custom profile fields if required if ($config['load_cpf_memberlist']) { // Grab all profile fields from users in id cache for later use - similar to the poster cache diff --git a/phpBB/phpbb/auth/provider/oauth/oauth.php b/phpBB/phpbb/auth/provider/oauth/oauth.php index 8809a0c6b4..c7ebd1fb7f 100644 --- a/phpBB/phpbb/auth/provider/oauth/oauth.php +++ b/phpBB/phpbb/auth/provider/oauth/oauth.php @@ -221,24 +221,33 @@ class oauth extends \phpbb\auth\provider\base 'provider' => $service_name_original, 'oauth_provider_id' => $unique_id ); + $sql = 'SELECT user_id FROM ' . $this->auth_provider_oauth_token_account_assoc . ' WHERE ' . $this->db->sql_build_array('SELECT', $data); $result = $this->db->sql_query($sql); $row = $this->db->sql_fetchrow($result); $this->db->sql_freeresult($result); + $redirect_data = array( + 'auth_provider' => 'oauth', + 'login_link_oauth_service' => $service_name_original, + ); + /** * Event is triggered before check if provider is already associated with an account * * @event core.oauth_login_after_check_if_provider_id_has_match - * @var array row User row - * @var array data Provider data - * @var \OAuth\Common\Service\ServiceInterface service OAuth service + * @var array row User row + * @var array data Provider data + * @var array redirect_data Data to be appended to the redirect url + * @var \OAuth\Common\Service\ServiceInterface service OAuth service * @since 3.2.3-RC1 + * @changed 3.2.6-RC1 Added redirect_data */ $vars = array( 'row', 'data', + 'redirect_data', 'service', ); extract($this->dispatcher->trigger_event('core.oauth_login_after_check_if_provider_id_has_match', compact($vars))); @@ -250,10 +259,7 @@ class oauth extends \phpbb\auth\provider\base 'status' => LOGIN_SUCCESS_LINK_PROFILE, 'error_msg' => 'LOGIN_OAUTH_ACCOUNT_NOT_LINKED', 'user_row' => array(), - 'redirect_data' => array( - 'auth_provider' => 'oauth', - 'login_link_oauth_service' => $service_name_original, - ), + 'redirect_data' => $redirect_data, ); } @@ -674,6 +680,7 @@ class oauth extends \phpbb\auth\provider\base 'oauth_service' => $actual_name, ), + 'SERVICE_ID' => $actual_name, 'SERVICE_NAME' => $this->user->lang['AUTH_PROVIDER_OAUTH_SERVICE_' . strtoupper($actual_name)], 'UNIQUE_ID' => (isset($oauth_user_ids[$actual_name])) ? $oauth_user_ids[$actual_name] : null, ); diff --git a/phpBB/phpbb/message/admin_form.php b/phpBB/phpbb/message/admin_form.php index 96b8d3499e..ae1c1d8614 100644 --- a/phpBB/phpbb/message/admin_form.php +++ b/phpBB/phpbb/message/admin_form.php @@ -22,6 +22,9 @@ class admin_form extends form /** @var \phpbb\config\db_text */ protected $config_text; + /** @var \phpbb\event\dispatcher_interface */ + protected $dispatcher; + /** @var string */ protected $subject; /** @var string */ @@ -37,13 +40,15 @@ class admin_form extends form * @param \phpbb\config\db_text $config_text * @param \phpbb\db\driver\driver_interface $db * @param \phpbb\user $user + * @param \phpbb\event\dispatcher_interface $dispatcher * @param string $phpbb_root_path * @param string $phpEx */ - public function __construct(\phpbb\auth\auth $auth, \phpbb\config\config $config, \phpbb\config\db_text $config_text, \phpbb\db\driver\driver_interface $db, \phpbb\user $user, $phpbb_root_path, $phpEx) + public function __construct(\phpbb\auth\auth $auth, \phpbb\config\config $config, \phpbb\config\db_text $config_text, \phpbb\db\driver\driver_interface $db, \phpbb\user $user, \phpbb\event\dispatcher_interface $dispatcher, $phpbb_root_path, $phpEx) { parent::__construct($auth, $config, $db, $user, $phpbb_root_path, $phpEx); $this->config_text = $config_text; + $this->dispatcher = $dispatcher; } /** @@ -91,6 +96,29 @@ class admin_form extends form $this->errors[] = $this->user->lang['EMPTY_MESSAGE_EMAIL']; } + $subject = $this->subject; + $body = $this->body; + $errors = $this->errors; + + /** + * You can use this event to modify subject and/or body and add new errors. + * + * @event core.message_admin_form_submit_before + * @var string subject Message subject + * @var string body Message body + * @var array errors Form errors + * @since 3.2.6-RC1 + */ + $vars = [ + 'subject', + 'body', + 'errors', + ]; + extract($this->dispatcher->trigger_event('core.message_admin_form_submit_before', compact($vars))); + $this->subject = $subject; + $this->body = $body; + $this->errors = $errors; + if ($this->user->data['is_registered']) { $this->message->set_sender_from_user($this->user); diff --git a/phpBB/styles/prosilver/template/login_body_oauth.html b/phpBB/styles/prosilver/template/login_body_oauth.html index 156485d211..1364d01ccb 100644 --- a/phpBB/styles/prosilver/template/login_body_oauth.html +++ b/phpBB/styles/prosilver/template/login_body_oauth.html @@ -1,8 +1,6 @@ +<br> <div class="content"> - <!-- BEGIN oauth --> - <dl> - <dt> </dt> - <dd><a href="{oauth.REDIRECT_URL}" class="button2">{oauth.SERVICE_NAME}</a></dd> - </dl> - <!-- END oauth --> + {% for oauth in oauth %} + <a href="{{ oauth.REDIRECT_URL }}" class="button2">{{ oauth.SERVICE_NAME }}</a> + {% endfor %} </div> diff --git a/phpBB/styles/prosilver/template/ucp_auth_link_oauth.html b/phpBB/styles/prosilver/template/ucp_auth_link_oauth.html index 18316613b0..60061a3139 100644 --- a/phpBB/styles/prosilver/template/ucp_auth_link_oauth.html +++ b/phpBB/styles/prosilver/template/ucp_auth_link_oauth.html @@ -1,5 +1,5 @@ <!-- BEGIN oauth --> - <form id="ucp" method="post" action="{S_UCP_ACTION}"> + <form id="ucp_oauth_{oauth.SERVICE_ID}" method="post" action="{S_UCP_ACTION}"> <h3>{oauth.SERVICE_NAME}</h3> <fieldset class="fields2"> diff --git a/phpBB/styles/prosilver/theme/cp.css b/phpBB/styles/prosilver/theme/cp.css index d54c948343..0041417022 100644 --- a/phpBB/styles/prosilver/theme/cp.css +++ b/phpBB/styles/prosilver/theme/cp.css @@ -300,11 +300,14 @@ ol.def-rules li { padding: 0 3px; } +/* DEPRECATED 3.2.6 .pmlist li.pm_message_reported_colour, .pm_message_reported_colour { border-left-color: transparent; border-right-color: transparent; } +*/ +.pmlist li.pm_message_reported_colour, .pm_message_reported_colour, .pmlist li.pm_marked_colour, .pm_marked_colour, .pmlist li.pm_replied_colour, .pm_replied_colour, .pmlist li.pm_friend_colour, .pm_friend_colour, diff --git a/tests/dbal/migrator_tool_permission_test.php b/tests/dbal/migrator_tool_permission_test.php index d84f6a68ff..ccad6a1387 100644 --- a/tests/dbal/migrator_tool_permission_test.php +++ b/tests/dbal/migrator_tool_permission_test.php @@ -163,7 +163,7 @@ class phpbb_dbal_migrator_tool_permission_test extends phpbb_database_test_case $this->assertFalse($this->tool->exists('global_test', true)); } - public function test_permission_set_data() + public function data_test_permission_set() { return array( array( @@ -188,7 +188,7 @@ class phpbb_dbal_migrator_tool_permission_test extends phpbb_database_test_case } /** - * @dataProvider test_permission_set_data + * @dataProvider data_test_permission_set */ public function test_permission_set($group_name, $auth_option, $type, $has_permission) { diff --git a/tests/functions/validate_username_test.php b/tests/functions/validate_username_test.php index d310f58036..cee5d38400 100644 --- a/tests/functions/validate_username_test.php +++ b/tests/functions/validate_username_test.php @@ -47,6 +47,7 @@ class phpbb_functions_validate_data_test extends phpbb_database_test_case 'foobar_letter_num' => array(), 'foobar_letter_num_sp' => array(), 'foobar_quot' => array('INVALID_CHARS'), + 'foobar_emoji' => array('INVALID_EMOJIS'), 'barfoo_disallow' => array('USERNAME_DISALLOWED'), 'admin_taken' => array('USERNAME_TAKEN'), 'group_taken' => array('USERNAME_TAKEN'), @@ -60,6 +61,7 @@ class phpbb_functions_validate_data_test extends phpbb_database_test_case 'foobar_letter_num' => array(), 'foobar_letter_num_sp' => array('INVALID_CHARS'), 'foobar_quot' => array('INVALID_CHARS'), + 'foobar_emoji' => array('INVALID_EMOJIS'), 'barfoo_disallow' => array('USERNAME_DISALLOWED'), 'admin_taken' => array('USERNAME_TAKEN'), 'group_taken' => array('INVALID_CHARS'), @@ -73,6 +75,7 @@ class phpbb_functions_validate_data_test extends phpbb_database_test_case 'foobar_letter_num' => array(), 'foobar_letter_num_sp' => array('INVALID_CHARS'), 'foobar_quot' => array('INVALID_CHARS'), + 'foobar_emoji' => array('INVALID_EMOJIS'), 'barfoo_disallow' => array('USERNAME_DISALLOWED'), 'admin_taken' => array('USERNAME_TAKEN'), 'group_taken' => array('USERNAME_TAKEN'), @@ -86,6 +89,7 @@ class phpbb_functions_validate_data_test extends phpbb_database_test_case 'foobar_letter_num' => array(), 'foobar_letter_num_sp' => array('INVALID_CHARS'), 'foobar_quot' => array('INVALID_CHARS'), + 'foobar_emoji' => array('INVALID_EMOJIS'), 'barfoo_disallow' => array('USERNAME_DISALLOWED'), 'admin_taken' => array('USERNAME_TAKEN'), 'group_taken' => array('INVALID_CHARS'), @@ -99,6 +103,7 @@ class phpbb_functions_validate_data_test extends phpbb_database_test_case 'foobar_letter_num' => array(), 'foobar_letter_num_sp' => array(), 'foobar_quot' => array('INVALID_CHARS'), + 'foobar_emoji' => array('INVALID_EMOJIS'), 'barfoo_disallow' => array('USERNAME_DISALLOWED'), 'admin_taken' => array('USERNAME_TAKEN'), 'group_taken' => array('USERNAME_TAKEN'), @@ -112,6 +117,7 @@ class phpbb_functions_validate_data_test extends phpbb_database_test_case 'foobar_letter_num' => array(), 'foobar_letter_num_sp' => array('INVALID_CHARS'), 'foobar_quot' => array('INVALID_CHARS'), + 'foobar_emoji' => array('INVALID_EMOJIS'), 'barfoo_disallow' => array('USERNAME_DISALLOWED'), 'admin_taken' => array('USERNAME_TAKEN'), 'group_taken' => array('USERNAME_TAKEN'), @@ -173,6 +179,11 @@ class phpbb_functions_validate_data_test extends phpbb_database_test_case '"foobar"', array('username'), ), + 'foobar_emoji' => array( + $expected['foobar_emoji'], + 'username😮', + array('username'), + ), 'barfoo_disallow' => array( $expected['barfoo_disallow'], 'barfoo', diff --git a/tests/test_framework/phpbb_ui_test_case.php b/tests/test_framework/phpbb_ui_test_case.php index 15a1cd375e..7b950a7d5d 100644 --- a/tests/test_framework/phpbb_ui_test_case.php +++ b/tests/test_framework/phpbb_ui_test_case.php @@ -80,7 +80,12 @@ class phpbb_ui_test_case extends phpbb_test_case try { $capabilities = DesiredCapabilities::firefox(); - self::$webDriver = RemoteWebDriver::create(self::$host . ':' . self::$port, $capabilities); + self::$webDriver = RemoteWebDriver::create( + self::$host . ':' . self::$port, + $capabilities, + 60 * 1000, // 60 seconds connection timeout + 60 * 1000 // 60 seconds request timeout + ); } catch (WebDriverCurlException $e) { self::markTestSkipped('PhantomJS webserver is not running.'); } |