diff options
34 files changed, 485 insertions, 121 deletions
diff --git a/.gitignore b/.gitignore index ab6b4aa7ee..2b2d8d0ac6 100644 --- a/.gitignore +++ b/.gitignore @@ -1,9 +1,8 @@ *~ /phpunit.xml -/phpBB/cache/twig/* -/phpBB/cache/*.html -/phpBB/cache/*.php -/phpBB/cache/*.lock +/phpBB/cache/* +!/phpBB/cache/.htaccess +!/phpBB/cache/index.html /phpBB/composer.phar /phpBB/config*.php /phpBB/ext/* diff --git a/build/build.xml b/build/build.xml index c97d200fbb..dd7bb3d014 100644 --- a/build/build.xml +++ b/build/build.xml @@ -2,9 +2,9 @@ <project name="phpBB" description="The phpBB forum software" default="all" basedir="../"> <!-- a few settings for the build --> - <property name="newversion" value="3.1.2-RC1-dev" /> - <property name="prevversion" value="3.1.1" /> - <property name="olderversions" value="3.0.12, 3.1.0-a1, 3.1.0-a2, 3.1.0-a3, 3.1.0-b1, 3.1.0-b2, 3.1.0-b3, 3.1.0-b4, 3.1.0-RC1, 3.1.0-RC2, 3.1.0-RC3, 3.1.0-RC4, 3.1.0-RC5, 3.1.0-RC6, 3.1.0" /> + <property name="newversion" value="3.1.3-RC1-dev" /> + <property name="prevversion" value="3.1.2" /> + <property name="olderversions" value="3.0.12, 3.1.0-a1, 3.1.0-a2, 3.1.0-a3, 3.1.0-b1, 3.1.0-b2, 3.1.0-b3, 3.1.0-b4, 3.1.0-RC1, 3.1.0-RC2, 3.1.0-RC3, 3.1.0-RC4, 3.1.0-RC5, 3.1.0-RC6, 3.1.0, 3.1.1, 3.1.2-RC1" /> <!-- no configuration should be needed beyond this point --> <property name="oldversions" value="${olderversions}, ${prevversion}" /> diff --git a/build/code_sniffer/phpbb/Sniffs/Commenting/FileCommentSniff.php b/build/code_sniffer/phpbb/Sniffs/Commenting/FileCommentSniff.php index fa7d3b40c1..8337cf02ee 100644 --- a/build/code_sniffer/phpbb/Sniffs/Commenting/FileCommentSniff.php +++ b/build/code_sniffer/phpbb/Sniffs/Commenting/FileCommentSniff.php @@ -84,12 +84,12 @@ class phpbb_Sniffs_Commenting_FileCommentSniff implements PHP_CodeSniffer_Sniff $line = $tokens[$i]['content']; // Check that each line starts with a '*' - if (substr($line, 0, 1) !== '*') + if (substr($line, 0, 1) !== '*' && substr($line, 0, 2) !== ' *') { - $message = 'The file doc comment should not be idented.'; + $message = 'The file doc comment should not be indented.'; $phpcsFile->addWarning($message, $i); } - else if (preg_match('/^\*\s+@([\w]+)\s+(.*)$/', $line, $match) !== 0) + else if (preg_match('/^[ ]?\*\s+@([\w]+)\s+(.*)$/', $line, $match) !== 0) { if (!isset($tags[$match[1]])) { diff --git a/phpBB/config/routing.yml b/phpBB/config/routing.yml index d8e890d063..94146e1ec2 100644 --- a/phpBB/config/routing.yml +++ b/phpBB/config/routing.yml @@ -1,7 +1,7 @@ # Structure: # # foo_controller: -# pattern: /foo +# path: /foo # defaults: { _controller: foo_sevice:method } # # The above will be accessed via app.php?controller=foo and it will diff --git a/phpBB/docs/CHANGELOG.html b/phpBB/docs/CHANGELOG.html index 4d96aa4981..5cf98e20fc 100644 --- a/phpBB/docs/CHANGELOG.html +++ b/phpBB/docs/CHANGELOG.html @@ -46,6 +46,7 @@ <ol> <li><a href="#changelog">Changelog</a> <ol style="list-style-type: lower-roman;"> + <li><a href="#v311">Changes since 3.1.1</a></li> <li><a href="#v310">Changes since 3.1.0</a></li> <li><a href="#v310RC6">Changes since 3.1.0-RC6</a></li> <li><a href="#v310RC5">Changes since 3.1.0-RC5</a></li> @@ -101,7 +102,88 @@ <div class="content"> - <a name="v310"></a><h3>1.i. Changes since 3.1.0</h3> + <a name="v311"></a><h3>1.i. Changes since 3.1.1</h3> + + <h4>Security</h4> + <ul> + <li>[SECURITY-171] - Version helper does not properly escape version info</li> + <li>[SECURITY-169] - AJAX request with unexpected referrer causes infinite loop</li> + </ul> + + <h4>Bug</h4> + <ul> + <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10442">PHPBB3-10442</a>] - XHTML is invalid when a forum link without redirect counter is present</li> + <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10744">PHPBB3-10744</a>] - Prevent user from installing styles with reserved directory names</li> + <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11863">PHPBB3-11863</a>] - User registration settings show incorrectly as disabled when board-wide emails are disabled</li> + <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12703">PHPBB3-12703</a>] - Notification System sends exact same SQL query multiple times</li> + <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13083">PHPBB3-13083</a>] - Language correction in NO_ENTRIES in acp_logs</li> + <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13100">PHPBB3-13100</a>] - Don't display "delete reason" dialog for shadow-topics</li> + <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13193">PHPBB3-13193</a>] - Post counts in Private Messages should link to the user's posts</li> + <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13197">PHPBB3-13197</a>] - Group Avatar not deleted from users</li> + <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13204">PHPBB3-13204</a>] - Login flood control error supresses incorrect credential error</li> + <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13209">PHPBB3-13209</a>] - Boolean (Yes/No) custom profile field doesn't show given name</li> + <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13216">PHPBB3-13216</a>] - Datetime tests fail randomly</li> + <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13228">PHPBB3-13228</a>] - "Code: Select all" font-size too big in Private Messages</li> + <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13239">PHPBB3-13239</a>] - Can´t upload Attachments on iOS</li> + <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13241">PHPBB3-13241</a>] - Topics are being duplicated in multipage forums</li> + <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13242">PHPBB3-13242</a>] - Validation error in Contact a Board Administrator</li> + <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13243">PHPBB3-13243</a>] - Debug error when clicking Re-check all versions on ACP manage extensions page</li> + <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13251">PHPBB3-13251</a>] - Database password containing special characters no longer accepted after upgrade to 3.1.0</li> + <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13253">PHPBB3-13253</a>] - MCP queue link in active topics search is missing</li> + <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13265">PHPBB3-13265</a>] - "Edit profile" link on view-own-profile page should only show if user has permission to edit</li> + <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13270">PHPBB3-13270</a>] - Upgrading from 3.0.12 to 3.1.1 does not display moderator soft delete permissions</li> + <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13277">PHPBB3-13277</a>] - Move Up & Down does not take work in Internet Explorer</li> + <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13280">PHPBB3-13280</a>] - $user->page['page'] - is invalid resulting in confirm_box() not working correctly</li> + <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13284">PHPBB3-13284</a>] - Message body not included in email topic message </li> + <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13298">PHPBB3-13298</a>] - Use mysql_free_result to free result sets which were requested using mysql_query()</li> + <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13300">PHPBB3-13300</a>] - Jabber field still shown in profile when feature is disabled</li> + <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13301">PHPBB3-13301</a>] - Apache Authentication is probably broken</li> + <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13303">PHPBB3-13303</a>] - Migrator caught in loop calculating dependencies</li> + <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13315">PHPBB3-13315</a>] - Upgrade from 3.0.12 to 3.1.1 resets CAPTCHA selection</li> + <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13316">PHPBB3-13316</a>] - reCAPTCHA does not work on secured connection</li> + <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13318">PHPBB3-13318</a>] - login_username doesn't have multibyte parameter set to true</li> + <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13323">PHPBB3-13323</a>] - posting.php can pass invalid auth option to acl_get()</li> + <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13332">PHPBB3-13332</a>] - Insufficient information passed to password drivers for converted boards</li> + <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13337">PHPBB3-13337</a>] - Mark subforums read triggers error if subforums contain no topics</li> + <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13338">PHPBB3-13338</a>] - Some tests fail when run on their own</li> + <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13342">PHPBB3-13342</a>] - 310/captcha_plugins migration changes recaptcha to nogd</li> + <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13349">PHPBB3-13349</a>] - Incorrect entities used for breadcrumb separator in CSS</li> + <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13354">PHPBB3-13354</a>] - Unknown column 'topic_logs' in 'where clause' when deleting topic log in MCP</li> + <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13376">PHPBB3-13376</a>] - deregister_globals() does not work correctly when $_COOKIE['GLOBALS'] is specified</li> + </ul> + + <h4>Improvement</h4> + <ul> + <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12681">PHPBB3-12681</a>] - Cache the compiled routes and dump the url_generator</li> + <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12885">PHPBB3-12885</a>] - Wrong index page title when using Board Index text</li> + <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13023">PHPBB3-13023</a>] - [event] - Add Event posting_editor_buttons_custom_tags_before</li> + <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13133">PHPBB3-13133</a>] - Allow @vendor_extname in INCLUDECSS</li> + <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13182">PHPBB3-13182</a>] - [event] - Add posting.php core event to allow modifying the message before parsing</li> + <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13220">PHPBB3-13220</a>] - [event] - Add template events to memberlist_search.html</li> + <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13290">PHPBB3-13290</a>] - [event] - Add template event index_body_forumlist_body_after</li> + <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13294">PHPBB3-13294</a>] - [event] - Add message_parser.php core event for additional message handling before parsing</li> + <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13297">PHPBB3-13297</a>] - Add unicode modifier to url/email regular expression patterns</li> + <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13309">PHPBB3-13309</a>] - [event] - Add ACP template event acp_email_options_after</li> + <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13310">PHPBB3-13310</a>] - [event] - Add core event core.acp_email_modify_sql</li> + <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13326">PHPBB3-13326</a>] - Add viewtopic_url variable to a viewtopic event</li> + <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13328">PHPBB3-13328</a>] - [event] - Add event core.mcp_view_forum_modify_sql</li> + <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13347">PHPBB3-13347</a>] - [event] - Add new template events to acp_forums.html</li> + </ul> + + <h4>New Feature</h4> + <ul> + <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12962">PHPBB3-12962</a>] - Use phantomjs and webdriver for UI testing</li> + </ul> + + <h4>Task</h4> + <ul> + <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13324">PHPBB3-13324</a>] - Composer no longer downloads sami/sami and fabpot/goutte</li> + <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13325">PHPBB3-13325</a>] - Make installing dependencies for tests more user friendly or optional</li> + <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13331">PHPBB3-13331</a>] - Sami run as part of phing MUST NOT switch branches</li> + </ul> + + + <a name="v310"></a><h3>1.ii. Changes since 3.1.0</h3> <h4>Security</h4> <ul> @@ -119,7 +201,7 @@ <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13262">PHPBB3-13262</a>] - Add note to docs about htaccess file when upgrading 3.0 to 3.1</li> </ul> - <a name="v310RC6"></a><h3>1.i. Changes since 3.1.0-RC6</h3> + <a name="v310RC6"></a><h3>1.iii. Changes since 3.1.0-RC6</h3> <h4>Bug</h4> <ul> @@ -147,7 +229,7 @@ <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13215">PHPBB3-13215</a>] - Update Symfony Components to 2.3.21</li> </ul> - <a name="v310RC5"></a><h3>1.ii. Changes since 3.1.0-RC5</h3> + <a name="v310RC5"></a><h3>1.iv. Changes since 3.1.0-RC5</h3> <h4>Bug</h4> <ul> @@ -188,7 +270,7 @@ </ul> - <a name="v310RC4"></a><h3>1.iii. Changes since 3.1.0-RC4</h3> + <a name="v310RC4"></a><h3>1.v. Changes since 3.1.0-RC4</h3> <h4>Bug</h4> <ul> @@ -255,7 +337,7 @@ <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13123">PHPBB3-13123</a>] - Add events to allow post blocking and post pre/past processing</li> </ul> - <a name="v310RC3"></a><h3>1.iv. Changes since 3.1.0-RC3</h3> + <a name="v310RC3"></a><h3>1.vi. Changes since 3.1.0-RC3</h3> <h4>Bug</h4> <ul> @@ -345,7 +427,7 @@ </ul> - <a name="v310RC2"></a><h3>1.v. Changes since 3.1.0-RC2</h3> + <a name="v310RC2"></a><h3>1.vii. Changes since 3.1.0-RC2</h3> <h4>Bug</h4> <ul> @@ -469,7 +551,7 @@ <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12948">PHPBB3-12948</a>] - Remove Travis CI "broken opcache on PHP 5.5.7 and 5.5.8" workaround.</li> </ul> - <a name="v310RC1"></a><h3>1.vi. Changes since 3.1.0-RC1</h3> + <a name="v310RC1"></a><h3>1.viii. Changes since 3.1.0-RC1</h3> <h4>Bug</h4> <ul> @@ -540,7 +622,7 @@ <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12829">PHPBB3-12829</a>] - Remove check for pgsql 8.3/8.2</li> </ul> - <a name="v310b4"></a><h3>1.vii. Changes since 3.1.0-b4</h3> + <a name="v310b4"></a><h3>1.ix. Changes since 3.1.0-b4</h3> <h4>Bug</h4> <ul> @@ -660,7 +742,7 @@ </ul> - <a name="v310b3"></a><h3>1.viii. Changes since 3.1.0-b3</h3> + <a name="v310b3"></a><h3>1.x. Changes since 3.1.0-b3</h3> <h4>Bug</h4> <ul> @@ -767,7 +849,7 @@ </ul> - <a name="v310b2"></a><h3>1.ix. Changes since 3.1.0-b2</h3> + <a name="v310b2"></a><h3>1.xi. Changes since 3.1.0-b2</h3> <h4>Bug</h4> <ul> @@ -932,7 +1014,7 @@ </ul> - <a name="v310b1"></a><h3>1.x. Changes since 3.1.0-b1</h3> + <a name="v310b1"></a><h3>1.xii. Changes since 3.1.0-b1</h3> <h4>Bug</h4> <ul> @@ -1000,7 +1082,7 @@ <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12302">PHPBB3-12302</a>] - Upgrade composer.phar to 1.0.0-alpha8</li> </ul> - <a name="v310a3"></a><h3>1.xi. Changes since 3.1.0-a3</h3> + <a name="v310a3"></a><h3>1.xiii. Changes since 3.1.0-a3</h3> <h4>Bug</h4> <ul> @@ -1147,7 +1229,7 @@ </ul> - <a name="v310a2"></a><h3>1.xii. Changes since 3.1.0-a2</h3> + <a name="v310a2"></a><h3>1.xiv. Changes since 3.1.0-a2</h3> <h4>Bug</h4> <ul> @@ -1255,7 +1337,7 @@ <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12147">PHPBB3-12147</a>] - Remove Travis CI notification configuration</li> </ul> - <a name="v310a1"></a><h3>1.xiii. Changes since 3.1.0-a1</h3> + <a name="v310a1"></a><h3>1.xv. Changes since 3.1.0-a1</h3> <h4>Bug</h4> <ul> @@ -1331,7 +1413,7 @@ <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11998">PHPBB3-11998</a>] - Add console / command line client environment </li> </ul> - <a name="v30x"></a><h3>1.xiv. Changes since 3.0.x</h3> + <a name="v30x"></a><h3>1.xvi. Changes since 3.0.x</h3> <h4>Bug</h4> <ul> @@ -2012,7 +2094,7 @@ <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11913">PHPBB3-11913</a>] - Apply reorganisation of download.phpbb.com to build_announcement.php</li> </ul> - <a name="v3011"></a><h3>1.xv. Changes since 3.0.11</h3> + <a name="v3011"></a><h3>1.xvii. Changes since 3.0.11</h3> <h4>Bug</h4> <ul> @@ -2167,7 +2249,7 @@ <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11753">PHPBB3-11753</a>] - Upgrade mysql_upgrader.php schema data.</li> </ul> - <a name="v3010"></a><h3>1.xvi. Changes since 3.0.10</h3> + <a name="v3010"></a><h3>1.xviii. Changes since 3.0.10</h3> <h4>Bug</h4> <ul> @@ -2292,7 +2374,7 @@ <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10909">PHPBB3-10909</a>] - Update Travis Test Configuration: Travis no longer supports PHP 5.3.2</li> </ul> - <a name="v309"></a><h3>1.xvii. Changes since 3.0.9</h3> + <a name="v309"></a><h3>1.xix. Changes since 3.0.9</h3> <h4>Bug</h4> <ul> @@ -2428,7 +2510,7 @@ <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10480">PHPBB3-10480</a>] - Automate changelog building</li> </ul> - <a name="v308"></a><h3>1.xviii. Changes since 3.0.8</h3> + <a name="v308"></a><h3>1.xx. Changes since 3.0.8</h3> <h4> Bug </h4> @@ -2796,7 +2878,7 @@ </ul> - <a name="v307-PL1"></a><h3>1.xix. Changes since 3.0.7-PL1</h3> + <a name="v307-PL1"></a><h3>1.xxi. Changes since 3.0.7-PL1</h3> <h4> Security </h4> <ul> @@ -3254,13 +3336,13 @@ </ul> - <a name="v307"></a><h3>1.xx. Changes since 3.0.7</h3> + <a name="v307"></a><h3>1.xxii. Changes since 3.0.7</h3> <ul> <li>[Sec] Do not expose forum content of forums with ACL entries but no actual permission in ATOM Feeds. (Bug #58595)</li> </ul> - <a name="v306"></a><h3>1.xxi. Changes since 3.0.6</h3> + <a name="v306"></a><h3>1.xxiii. Changes since 3.0.6</h3> <ul> <li>[Fix] Allow ban reason and length to be selected and copied in ACP and subsilver2 MCP. (Bug #51095)</li> @@ -3364,7 +3446,7 @@ </ul> - <a name="v305"></a><h3>1.xxii. Changes since 3.0.5</h3> + <a name="v305"></a><h3>1.xxiv. Changes since 3.0.5</h3> <ul> <li>[Fix] Allow whitespaces in avatar gallery names. (Bug #44955)</li> @@ -3586,7 +3668,7 @@ <li>[Feature] Send anonymous statistical information to phpBB on installation and update (optional).</li> </ul> - <a name="v304"></a><h3>1.xxiii. Changes since 3.0.4</h3> + <a name="v304"></a><h3>1.xxv. Changes since 3.0.4</h3> <ul> <li>[Fix] Delete user entry from ban list table upon user deletion (Bug #40015 - Patch by TerraFrost)</li> @@ -3675,7 +3757,7 @@ <li>[Sec] Only use forum id supplied for posting if global announcement detected. (Reported by nickvergessen)</li> </ul> - <a name="v303"></a><h3>1.xxiv. Changes since 3.0.3</h3> + <a name="v303"></a><h3>1.xxvi. Changes since 3.0.3</h3> <ul> <li>[Fix] Allow mixed-case template directories to be inherited (Bug #36725)</li> @@ -3707,7 +3789,7 @@ <li>[Sec] Ask for forum password if post within passworded forum quoted in private message. (Reported by nickvergessen)</li> </ul> - <a name="v302"></a><h3>1.xxv. Changes since 3.0.2</h3> + <a name="v302"></a><h3>1.xxvii. Changes since 3.0.2</h3> <ul> <li>[Fix] Correctly set topic starter if first post in topic removed (Bug #30575 - Patch by blueray2048)</li> @@ -3806,7 +3888,7 @@ <li>[Sec Precaution] Stricter validation of the HTTP_HOST header (Thanks to Techie-Micheal et al for pointing out possible issues in derived code)</li> </ul> - <a name="v301"></a><h3>1.xxvi. Changes since 3.0.1</h3> + <a name="v301"></a><h3>1.xxviii. Changes since 3.0.1</h3> <ul> <li>[Fix] Ability to set permissions on non-mysql dbms (Bug #24955)</li> @@ -3854,7 +3936,7 @@ <li>[Sec] Only allow urls gone through redirect() being used within login_box(). (thanks nookieman)</li> </ul> - <a name="v300"></a><h3>1.xxvii. Changes since 3.0.0</h3> + <a name="v300"></a><h3>1.xxix. Changes since 3.0.0</h3> <ul> <li>[Change] Validate birthdays (Bug #15004)</li> @@ -3925,7 +4007,7 @@ <li>[Fix] Find and display colliding usernames correctly when converting from one database to another (Bug #23925)</li> </ul> - <a name="v30rc8"></a><h3>1.xxviii. Changes since 3.0.RC8</h3> + <a name="v30rc8"></a><h3>1.xxx. Changes since 3.0.RC8</h3> <ul> <li>[Fix] Cleaned usernames contain only single spaces, so "a_name" and "a__name" are treated as the same name (Bug #15634)</li> @@ -3934,7 +4016,7 @@ <li>[Fix] Call garbage_collection() within database updater to correctly close connections (affects Oracle for example)</li> </ul> - <a name="v30rc7"></a><h3>1.xxix. Changes since 3.0.RC7</h3> + <a name="v30rc7"></a><h3>1.xxxi. Changes since 3.0.RC7</h3> <ul> <li>[Fix] Fixed MSSQL related bug in the update system</li> @@ -3969,7 +4051,7 @@ <li>[Fix] No duplication of active topics (Bug #15474)</li> </ul> - <a name="v30rc6"></a><h3>1.xxx. Changes since 3.0.RC6</h3> + <a name="v30rc6"></a><h3>1.xxxii. Changes since 3.0.RC6</h3> <ul> <li>[Fix] Submitting language changes using acp_language (Bug #14736)</li> @@ -3979,7 +4061,7 @@ <li>[Fix] Able to request new password (Bug #14743)</li> </ul> - <a name="v30rc5"></a><h3>1.xxxi. Changes since 3.0.RC5</h3> + <a name="v30rc5"></a><h3>1.xxxiii. Changes since 3.0.RC5</h3> <ul> <li>[Feature] Removing constant PHPBB_EMBEDDED in favor of using an exit_handler(); the constant was meant to achive this more or less.</li> @@ -4042,7 +4124,7 @@ <li>[Sec] New password hashing mechanism for storing passwords (#i42)</li> </ul> - <a name="v30rc4"></a><h3>1.xxxii. Changes since 3.0.RC4</h3> + <a name="v30rc4"></a><h3>1.xxxiv. Changes since 3.0.RC4</h3> <ul> <li>[Fix] MySQL, PostgreSQL and SQLite related database fixes (Bug #13862)</li> @@ -4093,7 +4175,7 @@ <li>[Fix] odbc_autocommit causing existing result sets to be dropped (Bug #14182)</li> </ul> - <a name="v30rc3"></a><h3>1.xxxiii. Changes since 3.0.RC3</h3> + <a name="v30rc3"></a><h3>1.xxxv. Changes since 3.0.RC3</h3> <ul> <li>[Fix] Fixing some subsilver2 and prosilver style issues</li> @@ -4202,7 +4284,7 @@ </ul> - <a name="v30rc2"></a><h3>1.xxxiv. Changes since 3.0.RC2</h3> + <a name="v30rc2"></a><h3>1.xxxvi. Changes since 3.0.RC2</h3> <ul> <li>[Fix] Re-allow searching within the memberlist</li> @@ -4248,7 +4330,7 @@ </ul> - <a name="v30rc1"></a><h3>1.xxxv. Changes since 3.0.RC1</h3> + <a name="v30rc1"></a><h3>1.xxxvii. Changes since 3.0.RC1</h3> <ul> <li>[Fix] (X)HTML issues within the templates (Bug #11255, #11255)</li> diff --git a/phpBB/includes/constants.php b/phpBB/includes/constants.php index 2d4cb727a7..0ac9208aa4 100644 --- a/phpBB/includes/constants.php +++ b/phpBB/includes/constants.php @@ -28,7 +28,7 @@ if (!defined('IN_PHPBB')) */ // phpBB Version -define('PHPBB_VERSION', '3.1.2-RC1-dev'); +define('PHPBB_VERSION', '3.1.3-RC1-dev'); // QA-related // define('PHPBB_QA', 1); diff --git a/phpBB/includes/startup.php b/phpBB/includes/startup.php index 50fcd11bee..2885c80541 100644 --- a/phpBB/includes/startup.php +++ b/phpBB/includes/startup.php @@ -69,31 +69,13 @@ function deregister_globals() { if (isset($not_unset[$varname])) { - // Hacking attempt. No point in continuing unless it's a COOKIE (so a cookie called GLOBALS doesn't lock users out completely) - if ($varname !== 'GLOBALS' || isset($_GET['GLOBALS']) || isset($_POST['GLOBALS']) || isset($_SERVER['GLOBALS']) || isset($_SESSION['GLOBALS']) || isset($_ENV['GLOBALS']) || isset($_FILES['GLOBALS'])) + // Hacking attempt. No point in continuing. + if (isset($_COOKIE[$varname])) { - exit; - } - else - { - $cookie = &$_COOKIE; - while (isset($cookie['GLOBALS'])) - { - if (!is_array($cookie['GLOBALS'])) - { - break; - } - - foreach ($cookie['GLOBALS'] as $registered_var => $value) - { - if (!isset($not_unset[$registered_var])) - { - unset($GLOBALS[$registered_var]); - } - } - $cookie = &$cookie['GLOBALS']; - } + echo "Clear your cookies. "; } + echo "Malicious variable name detected. Contact the administrator and ask them to disable register_globals."; + exit; } unset($GLOBALS[$varname]); diff --git a/phpBB/install/convertors/convert_phpbb20.php b/phpBB/install/convertors/convert_phpbb20.php index effd72aeff..da53d2c143 100644 --- a/phpBB/install/convertors/convert_phpbb20.php +++ b/phpBB/install/convertors/convert_phpbb20.php @@ -38,7 +38,7 @@ $dbms = $phpbb_config_php_file->convert_30_dbms_to_31($dbms); $convertor_data = array( 'forum_name' => 'phpBB 2.0.x', 'version' => '1.0.3', - 'phpbb_version' => '3.1.1', + 'phpbb_version' => '3.1.2', 'author' => '<a href="https://www.phpbb.com/">phpBB Limited</a>', 'dbms' => $dbms, 'dbhost' => $dbhost, diff --git a/phpBB/install/schemas/schema_data.sql b/phpBB/install/schemas/schema_data.sql index 8fd163a81f..ea51e5df76 100644 --- a/phpBB/install/schemas/schema_data.sql +++ b/phpBB/install/schemas/schema_data.sql @@ -273,7 +273,7 @@ INSERT INTO phpbb_config (config_name, config_value) VALUES ('tpl_allow_php', '0 INSERT INTO phpbb_config (config_name, config_value) VALUES ('upload_icons_path', 'images/upload_icons'); INSERT INTO phpbb_config (config_name, config_value) VALUES ('upload_path', 'files'); INSERT INTO phpbb_config (config_name, config_value) VALUES ('use_system_cron', '0'); -INSERT INTO phpbb_config (config_name, config_value) VALUES ('version', '3.1.2-RC1-dev'); +INSERT INTO phpbb_config (config_name, config_value) VALUES ('version', '3.1.3-RC1-dev'); INSERT INTO phpbb_config (config_name, config_value) VALUES ('warnings_expire_days', '90'); INSERT INTO phpbb_config (config_name, config_value) VALUES ('warnings_gc', '14400'); diff --git a/phpBB/language/en/search.php b/phpBB/language/en/search.php index ec5dd99eb8..13e5bf7a97 100644 --- a/phpBB/language/en/search.php +++ b/phpBB/language/en/search.php @@ -71,6 +71,7 @@ $lang = array_merge($lang, array( 'NO_RECENT_SEARCHES' => 'No searches have been carried out recently.', 'NO_SEARCH' => 'Sorry but you are not permitted to use the search system.', 'NO_SEARCH_RESULTS' => 'No suitable matches were found.', + 'NO_SEARCH_LOAD' => 'Sorry but you cannot use search at this time. The server has high load. Please try again later.', 'NO_SEARCH_TIME' => array( 1 => 'Sorry but you cannot use search at this time. Please try again in %d second.', 2 => 'Sorry but you cannot use search at this time. Please try again in %d seconds.', diff --git a/phpBB/phpbb/db/migration/data/v310/style_update_p1.php b/phpBB/phpbb/db/migration/data/v310/style_update_p1.php index 5a3a1d5de7..e8d3a3af64 100644 --- a/phpBB/phpbb/db/migration/data/v310/style_update_p1.php +++ b/phpBB/phpbb/db/migration/data/v310/style_update_p1.php @@ -92,7 +92,7 @@ class style_update_p1 extends \phpbb\db\migration\migration else { $sql = 'SELECT s.style_id, t.template_path, t.template_id, t.bbcode_bitfield, t.template_inherits_id, t.template_inherit_path, c.theme_path, c.theme_id - FROM ' . STYLES_TABLE . ' s, ' . $this->table_prefix . 'styles_template t, ' . $this->table_prefix . "stles_theme c + FROM ' . STYLES_TABLE . ' s, ' . $this->table_prefix . 'styles_template t, ' . $this->table_prefix . "styles_theme c WHERE t.template_id = s.template_id AND c.theme_id = s.theme_id"; } diff --git a/phpBB/phpbb/db/migration/data/v31x/v312.php b/phpBB/phpbb/db/migration/data/v31x/v312.php new file mode 100644 index 0000000000..bf49935f4d --- /dev/null +++ b/phpBB/phpbb/db/migration/data/v31x/v312.php @@ -0,0 +1,31 @@ +<?php +/** +* +* This file is part of the phpBB Forum Software package. +* +* @copyright (c) phpBB Limited <https://www.phpbb.com> +* @license GNU General Public License, version 2 (GPL-2.0) +* +* For full copyright and license information, please see +* the docs/CREDITS.txt file. +* +*/ + +namespace phpbb\db\migration\data\v31x; + +class v312 extends \phpbb\db\migration\migration +{ + static public function depends_on() + { + return array( + '\phpbb\db\migration\data\v31x\v312rc1', + ); + } + + public function update_data() + { + return array( + array('config.update', array('version', '3.1.2')), + ); + } +} diff --git a/phpBB/phpbb/db/migration/data/v31x/v312rc1.php b/phpBB/phpbb/db/migration/data/v31x/v312rc1.php new file mode 100644 index 0000000000..d4b133fc01 --- /dev/null +++ b/phpBB/phpbb/db/migration/data/v31x/v312rc1.php @@ -0,0 +1,32 @@ +<?php +/** +* +* This file is part of the phpBB Forum Software package. +* +* @copyright (c) phpBB Limited <https://www.phpbb.com> +* @license GNU General Public License, version 2 (GPL-2.0) +* +* For full copyright and license information, please see +* the docs/CREDITS.txt file. +* +*/ + +namespace phpbb\db\migration\data\v31x; + +class v312rc1 extends \phpbb\db\migration\migration +{ + static public function depends_on() + { + return array( + '\phpbb\db\migration\data\v31x\v311', + '\phpbb\db\migration\data\v31x\m_softdelete_global', + ); + } + + public function update_data() + { + return array( + array('config.update', array('version', '3.1.2-RC1')), + ); + } +} diff --git a/phpBB/phpbb/extension/metadata_manager.php b/phpBB/phpbb/extension/metadata_manager.php index edca8ee1af..a64d88fe39 100644 --- a/phpBB/phpbb/extension/metadata_manager.php +++ b/phpBB/phpbb/extension/metadata_manager.php @@ -177,6 +177,7 @@ class metadata_manager throw new \phpbb\extension\exception($this->user->lang('FILE_JSON_DECODE_ERR', $this->metadata_file)); } + array_walk_recursive($metadata, array($this, 'sanitize_json')); $this->metadata = $metadata; return true; @@ -184,6 +185,17 @@ class metadata_manager } /** + * Sanitize input from JSON array using htmlspecialchars() + * + * @param mixed $value Value of array row + * @param string $key Key of array row + */ + public function sanitize_json(&$value, $key) + { + $value = htmlspecialchars($value); + } + + /** * This array handles the cleaning of the array * * @return array Contains the cleaned metadata array @@ -337,30 +349,30 @@ class metadata_manager public function output_template_data() { $this->template->assign_vars(array( - 'META_NAME' => htmlspecialchars($this->metadata['name']), - 'META_TYPE' => htmlspecialchars($this->metadata['type']), - 'META_DESCRIPTION' => (isset($this->metadata['description'])) ? htmlspecialchars($this->metadata['description']) : '', + 'META_NAME' => $this->metadata['name'], + 'META_TYPE' => $this->metadata['type'], + 'META_DESCRIPTION' => (isset($this->metadata['description'])) ? $this->metadata['description'] : '', 'META_HOMEPAGE' => (isset($this->metadata['homepage'])) ? $this->metadata['homepage'] : '', - 'META_VERSION' => (isset($this->metadata['version'])) ? htmlspecialchars($this->metadata['version']) : '', - 'META_TIME' => (isset($this->metadata['time'])) ? htmlspecialchars($this->metadata['time']) : '', - 'META_LICENSE' => htmlspecialchars($this->metadata['license']), + 'META_VERSION' => (isset($this->metadata['version'])) ? $this->metadata['version'] : '', + 'META_TIME' => (isset($this->metadata['time'])) ? $this->metadata['time'] : '', + 'META_LICENSE' => $this->metadata['license'], - 'META_REQUIRE_PHP' => (isset($this->metadata['require']['php'])) ? htmlspecialchars($this->metadata['require']['php']) : '', + 'META_REQUIRE_PHP' => (isset($this->metadata['require']['php'])) ? $this->metadata['require']['php'] : '', 'META_REQUIRE_PHP_FAIL' => !$this->validate_require_php(), - 'META_REQUIRE_PHPBB' => (isset($this->metadata['extra']['soft-require']['phpbb/phpbb'])) ? htmlspecialchars($this->metadata['extra']['soft-require']['phpbb/phpbb']) : '', + 'META_REQUIRE_PHPBB' => (isset($this->metadata['extra']['soft-require']['phpbb/phpbb'])) ? $this->metadata['extra']['soft-require']['phpbb/phpbb'] : '', 'META_REQUIRE_PHPBB_FAIL' => !$this->validate_require_phpbb(), - 'META_DISPLAY_NAME' => (isset($this->metadata['extra']['display-name'])) ? htmlspecialchars($this->metadata['extra']['display-name']) : '', + 'META_DISPLAY_NAME' => (isset($this->metadata['extra']['display-name'])) ? $this->metadata['extra']['display-name'] : '', )); foreach ($this->metadata['authors'] as $author) { $this->template->assign_block_vars('meta_authors', array( - 'AUTHOR_NAME' => htmlspecialchars($author['name']), + 'AUTHOR_NAME' => $author['name'], 'AUTHOR_EMAIL' => (isset($author['email'])) ? $author['email'] : '', 'AUTHOR_HOMEPAGE' => (isset($author['homepage'])) ? $author['homepage'] : '', - 'AUTHOR_ROLE' => (isset($author['role'])) ? htmlspecialchars($author['role']) : '', + 'AUTHOR_ROLE' => (isset($author['role'])) ? $author['role'] : '', )); } } diff --git a/phpBB/phpbb/path_helper.php b/phpBB/phpbb/path_helper.php index 4a446a5d9d..b49d8d13c2 100644 --- a/phpBB/phpbb/path_helper.php +++ b/phpBB/phpbb/path_helper.php @@ -282,10 +282,16 @@ class path_helper $referer_dir = dirname($referer_dir); } - while (strpos($absolute_board_url, $referer_dir) !== 0) + while (($dir_position = strpos($absolute_board_url, $referer_dir)) !== 0) { $fixed_root_path .= '../'; $referer_dir = dirname($referer_dir); + + // Just return phpbb_root_path if we reach the top directory + if ($referer_dir === '.') + { + return $this->phpbb_root_path; + } } $fixed_root_path .= substr($absolute_board_url, strlen($referer_dir) + 1); diff --git a/phpBB/phpbb/request/request.php b/phpBB/phpbb/request/request.php index f0f2f7e2a2..56ce3999ed 100644 --- a/phpBB/phpbb/request/request.php +++ b/phpBB/phpbb/request/request.php @@ -275,7 +275,7 @@ class request implements \phpbb\request\request_interface */ public function file($form_name) { - return $this->variable($form_name, array('name' => 'none'), false, \phpbb\request\request_interface::FILES); + return $this->variable($form_name, array('name' => 'none'), true, \phpbb\request\request_interface::FILES); } /** diff --git a/phpBB/phpbb/session.php b/phpBB/phpbb/session.php index dc90d942c3..691d0d5bef 100644 --- a/phpBB/phpbb/session.php +++ b/phpBB/phpbb/session.php @@ -1063,7 +1063,7 @@ class session $name_data = rawurlencode($config['cookie_name'] . '_' . $name) . '=' . rawurlencode($cookiedata); $expire = gmdate('D, d-M-Y H:i:s \\G\\M\\T', $cookietime); - $domain = (!$config['cookie_domain'] || $config['cookie_domain'] == 'localhost' || $config['cookie_domain'] == '127.0.0.1') ? '' : '; domain=' . $config['cookie_domain']; + $domain = (!$config['cookie_domain'] || $config['cookie_domain'] == '127.0.0.1' || strpos($config['cookie_domain'], '.') === false) ? '' : '; domain=' . $config['cookie_domain']; header('Set-Cookie: ' . $name_data . (($cookietime) ? '; expires=' . $expire : '') . '; path=' . $config['cookie_path'] . $domain . ((!$config['cookie_secure']) ? '' : '; secure') . ';' . (($httponly) ? ' HttpOnly' : ''), false); } diff --git a/phpBB/phpbb/version_helper.php b/phpBB/phpbb/version_helper.php index e34bd0ba60..dc62f06fb2 100644 --- a/phpBB/phpbb/version_helper.php +++ b/phpBB/phpbb/version_helper.php @@ -259,7 +259,7 @@ class version_helper } catch (\RuntimeException $exception) { - throw new \RuntimeException(call_user_func_array(array($this->user, 'lang'), $exception->getMessage())); + throw new \RuntimeException($this->user->lang($exception->getMessage())); } $error_string = $this->file_downloader->get_error_string(); @@ -270,6 +270,16 @@ class version_helper $info = json_decode($info, true); + // Sanitize any data we retrieve from a server + if (!empty($info)) + { + $json_sanitizer = function (&$value, $key) { + $type_cast_helper = new \phpbb\request\type_cast_helper(); + $type_cast_helper->set_var($value, $value, gettype($value), true); + }; + array_walk_recursive($info, $json_sanitizer); + } + if (empty($info['stable']) && empty($info['unstable'])) { $this->user->add_lang('acp/common'); @@ -277,15 +287,6 @@ class version_helper throw new \RuntimeException($this->user->lang('VERSIONCHECK_FAIL')); } - // Replace & with & on announcement links - foreach ($info as $stability => $branches) - { - foreach ($branches as $branch => $branch_data) - { - $info[$stability][$branch]['announcement'] = (!empty($branch_data['announcement'])) ? str_replace('&', '&', $branch_data['announcement']) : ''; - } - } - $info['stable'] = (empty($info['stable'])) ? array() : $info['stable']; $info['unstable'] = (empty($info['unstable'])) ? $info['stable'] : $info['unstable']; diff --git a/phpBB/search.php b/phpBB/search.php index e80a89b382..2598e407cc 100644 --- a/phpBB/search.php +++ b/phpBB/search.php @@ -101,7 +101,7 @@ if (!$auth->acl_get('u_search') || !$auth->acl_getf_global('f_search') || !$conf if ($user->load && $config['limit_search_load'] && ($user->load > doubleval($config['limit_search_load']))) { $template->assign_var('S_NO_SEARCH', true); - trigger_error('NO_SEARCH_TIME'); + trigger_error('NO_SEARCH_LOAD'); } // It is applicable if the configuration setting is non-zero, and the user cannot diff --git a/phpBB/styles/prosilver/style.cfg b/phpBB/styles/prosilver/style.cfg index 9684df73ba..41e0d68714 100644 --- a/phpBB/styles/prosilver/style.cfg +++ b/phpBB/styles/prosilver/style.cfg @@ -21,8 +21,8 @@ # General Information about this style name = prosilver copyright = © phpBB Limited, 2007 -style_version = 3.1.1 -phpbb_version = 3.1.1 +style_version = 3.1.2 +phpbb_version = 3.1.2 # Defining a different template bitfield # template_bitfield = lNg= diff --git a/phpBB/styles/subsilver2/style.cfg b/phpBB/styles/subsilver2/style.cfg index 3b33c07002..6014b89e66 100644 --- a/phpBB/styles/subsilver2/style.cfg +++ b/phpBB/styles/subsilver2/style.cfg @@ -21,8 +21,8 @@ # General Information about this style name = subsilver2 copyright = © 2005 phpBB Limited -style_version = 3.1.1 -phpbb_version = 3.1.1 +style_version = 3.1.2 +phpbb_version = 3.1.2 # Defining a different template bitfield # template_bitfield = lNg= diff --git a/phpBB/styles/subsilver2/template/posting_poll_body.html b/phpBB/styles/subsilver2/template/posting_poll_body.html index 67996eaf33..8d98b36c86 100644 --- a/phpBB/styles/subsilver2/template/posting_poll_body.html +++ b/phpBB/styles/subsilver2/template/posting_poll_body.html @@ -15,7 +15,7 @@ </tr> <tr> <td class="row1"><b class="genmed">{L_POLL_MAX_OPTIONS}{L_COLON}</b><br /><span class="gensmall">{L_POLL_MAX_OPTIONS_EXPLAIN}</span></td> - <td class="row2"><input class="post" type="number" min="1" max="999" name="poll_max_options" size="3" maxlength="3" value="{POLL_MAX_OPTIONS}" /></td> + <td class="row2"><input class="post" type="number" min="0" max="999" name="poll_max_options" size="3" maxlength="3" value="{POLL_MAX_OPTIONS}" /></td> </tr> <tr> <td class="row1"><b class="genmed">{L_POLL_FOR}{L_COLON}</b></td> diff --git a/tests/controller/config/routing.yml b/tests/controller/config/routing.yml index 175b11f130..1e7df02684 100644 --- a/tests/controller/config/routing.yml +++ b/tests/controller/config/routing.yml @@ -1,3 +1,3 @@ core_controller: - pattern: /core_foo + path: /core_foo defaults: { _controller: core_foo.controller:bar } diff --git a/tests/controller/ext/vendor2/foo/config/routing.yml b/tests/controller/ext/vendor2/foo/config/routing.yml index 6cc275d96d..e3e8ee5f98 100644 --- a/tests/controller/ext/vendor2/foo/config/routing.yml +++ b/tests/controller/ext/vendor2/foo/config/routing.yml @@ -1,5 +1,5 @@ controller1: - pattern: /foo + path: /foo defaults: { _controller: foo.controller:handle } include_controller2: diff --git a/tests/controller/ext/vendor2/foo/config/routing_2.yml b/tests/controller/ext/vendor2/foo/config/routing_2.yml index d987a65aea..ee05898c66 100644 --- a/tests/controller/ext/vendor2/foo/config/routing_2.yml +++ b/tests/controller/ext/vendor2/foo/config/routing_2.yml @@ -1,6 +1,6 @@ controller2: - pattern: /bar + path: /bar defaults: { _controller: foo.controller:handle } controller3: - pattern: /bar/p-{p} + path: /bar/p-{p} defaults: { _controller: foo.controller:handle } diff --git a/tests/controller/ext/vendor2/foo/subfolder/config/routing.yml b/tests/controller/ext/vendor2/foo/subfolder/config/routing.yml index b4d8d19107..20810a8f25 100644 --- a/tests/controller/ext/vendor2/foo/subfolder/config/routing.yml +++ b/tests/controller/ext/vendor2/foo/subfolder/config/routing.yml @@ -1,3 +1,3 @@ controller_noroute: - pattern: /donotfindthis + path: /donotfindthis defaults: { _controller: foo.controller:handle } diff --git a/tests/extension/metadata_manager_test.php b/tests/extension/metadata_manager_test.php index 8e27b39459..fab1d3af3a 100644 --- a/tests/extension/metadata_manager_test.php +++ b/tests/extension/metadata_manager_test.php @@ -123,6 +123,7 @@ class phpbb_extension_metadata_manager_test extends phpbb_database_test_case } $json = json_decode(file_get_contents($this->phpbb_root_path . 'ext/vendor2/foo/composer.json'), true); + array_walk_recursive($json, array($manager, 'sanitize_json')); $this->assertEquals($metadata, $json); } diff --git a/tests/functional/fixtures/ext/foo/bar/config/routing.yml b/tests/functional/fixtures/ext/foo/bar/config/routing.yml index 08bc73038f..374a58046d 100644 --- a/tests/functional/fixtures/ext/foo/bar/config/routing.yml +++ b/tests/functional/fixtures/ext/foo/bar/config/routing.yml @@ -1,35 +1,35 @@ foo_bar_controller: - pattern: /foo/bar + path: /foo/bar defaults: { _controller: foo_bar.controller:handle } foo_baz_controller: - pattern: /foo/baz + path: /foo/baz defaults: { _controller: foo_bar.controller:baz } foo_template_controller: - pattern: /foo/template + path: /foo/template defaults: { _controller: foo_bar.controller:template } foo_exception_controller: - pattern: /foo/exception + path: /foo/exception defaults: { _controller: foo_bar.controller:exception } foo_login_redirect_controller: - pattern: /foo/login_redirect + path: /foo/login_redirect defaults: { _controller: foo_bar.controller:login_redirect } foo_redirect_controller: - pattern: /foo/redirect + path: /foo/redirect defaults: { _controller: foo_bar.controller:redirect } foo_index_controller: - pattern: /index + path: /index defaults: { _controller: foo_bar.controller:redirect } foo_tests_index_controller: - pattern: /tests/index + path: /tests/index defaults: { _controller: foo_bar.controller:redirect } foo_tests_dotdot_index_controller: - pattern: /tests/../index + path: /tests/../index defaults: { _controller: foo_bar.controller:redirect } diff --git a/tests/functional/fixtures/ext/foo/foo/config/resource.yml b/tests/functional/fixtures/ext/foo/foo/config/resource.yml index ed1d018016..4f2b9cce70 100644 --- a/tests/functional/fixtures/ext/foo/foo/config/resource.yml +++ b/tests/functional/fixtures/ext/foo/foo/config/resource.yml @@ -1,3 +1,3 @@ foo_foo_controller: - pattern: /foo + path: /foo defaults: { _controller: foo_foo.controller:handle } diff --git a/tests/mock/file_downloader.php b/tests/mock/file_downloader.php new file mode 100644 index 0000000000..d8951cebf6 --- /dev/null +++ b/tests/mock/file_downloader.php @@ -0,0 +1,27 @@ +<?php +/** +* +* This file is part of the phpBB Forum Software package. +* +* @copyright (c) phpBB Limited <https://www.phpbb.com> +* @license GNU General Public License, version 2 (GPL-2.0) +* +* For full copyright and license information, please see +* the docs/CREDITS.txt file. +* +*/ + +class phpbb_mock_file_downloader extends \phpbb\file_downloader +{ + public $data; + + public function set($data) + { + $this->data = $data; + } + + public function get($host, $directory, $filename, $port = 80, $timeout = 6) + { + return $this->data; + } +} diff --git a/tests/mock/metadata_manager.php b/tests/mock/metadata_manager.php index 16900a0fc1..2443fad560 100644 --- a/tests/mock/metadata_manager.php +++ b/tests/mock/metadata_manager.php @@ -15,11 +15,13 @@ class phpbb_mock_metadata_manager extends \phpbb\extension\metadata_manager { public function set_metadata($metadata) { + array_walk_recursive($metadata, array($this, 'sanitize_json')); $this->metadata = $metadata; } public function merge_metadata($metadata) { + array_walk_recursive($metadata, array($this, 'sanitize_json')); $this->metadata = array_merge($this->metadata, $metadata); } } diff --git a/tests/pagination/config/routing.yml b/tests/pagination/config/routing.yml index dd667274cd..2ce082c9d1 100644 --- a/tests/pagination/config/routing.yml +++ b/tests/pagination/config/routing.yml @@ -1,6 +1,6 @@ core_controller: - pattern: /test + path: /test defaults: { _controller: core_foo.controller:bar, page: 1} core_page_controller: - pattern: /test/page/{page} + path: /test/page/{page} defaults: { _controller: core_foo.controller:bar} diff --git a/tests/path_helper/path_helper_test.php b/tests/path_helper/path_helper_test.php index 3832307897..bb68f8b3bc 100644 --- a/tests/path_helper/path_helper_test.php +++ b/tests/path_helper/path_helper_test.php @@ -411,6 +411,21 @@ class phpbb_path_helper_test extends phpbb_test_case 'http://www.phpbb.com/community', '../community/', ), + array( + 'http://www.phpbb.com/foobar', + 'http://www.phpbb.com', + '', + ), + array( + 'http://www.foobar.com', + 'http://www.phpbb.com', + '/www.phpbb.com/', + ), + array( + 'foobar', + 'http://www.phpbb.com/community', + '', + ) ); } diff --git a/tests/version/version_helper_remote_test.php b/tests/version/version_helper_remote_test.php new file mode 100644 index 0000000000..65ae7646b9 --- /dev/null +++ b/tests/version/version_helper_remote_test.php @@ -0,0 +1,173 @@ +<?php +/** + * + * This file is part of the phpBB Forum Software package. + * + * @copyright (c) phpBB Limited <https://www.phpbb.com> + * @license GNU General Public License, version 2 (GPL-2.0) + * + * For full copyright and license information, please see + * the docs/CREDITS.txt file. + * + */ + +class version_helper_remote_test extends \phpbb_test_case +{ + protected $file_downloader; + protected $cache; + protected $version_helper; + + public function setUp() + { + parent::setUp(); + + global $phpbb_root_path, $phpEx; + + include_once($phpbb_root_path . 'includes/functions.' . $phpEx); + + $config = new \phpbb\config\config(array( + 'version' => '3.1.0', + )); + $container = new \phpbb_mock_container_builder(); + $db = new \phpbb\db\driver\factory($container); + $this->cache = $this->getMock('\phpbb\cache\service', array('get'), array(new \phpbb\cache\driver\null(), $config, $db, '../../', 'php')); + $this->cache->expects($this->any()) + ->method('get') + ->with($this->anything()) + ->will($this->returnValue(false)); + $this->file_downloader = new phpbb_mock_file_downloader(); + + $this->version_helper = new \phpbb\version_helper( + $this->cache, + $config, + $this->file_downloader, + new \phpbb\user('\phpbb\datetime') + ); + $this->user = new \phpbb\user('\phpbb\datetime'); + $this->user->add_lang('acp/common'); + } + + public function provider_get_versions() + { + return array( + array('', false), + array('foobar', false), + array('{ + "stable": { + "1.0": { + "current": "1.0.1", + "download": "https://www.phpbb.com/customise/db/download/104136", + "announcement": "https://www.phpbb.com/customise/db/extension/boardrules/", + "eol": null, + "security": false + } + } +}', true, array ( + 'stable' => array ( + '1.0' => array ( + 'current' => '1.0.1', + 'download' => 'https://www.phpbb.com/customise/db/download/104136', + 'announcement' => 'https://www.phpbb.com/customise/db/extension/boardrules/', + 'eol' => NULL, + 'security' => false, + ), + ), + 'unstable' => array ( + '1.0' => array ( + 'current' => '1.0.1', + 'download' => 'https://www.phpbb.com/customise/db/download/104136', + 'announcement' => 'https://www.phpbb.com/customise/db/extension/boardrules/', + 'eol' => NULL, + 'security' => false, + ), + ), + )), + array('{ + "foobar": { + "1.0": { + "current": "1.0.1", + "download": "https://www.phpbb.com/customise/db/download/104136", + "announcement": "https://www.phpbb.com/customise/db/extension/boardrules/", + "eol": null, + "security": false + } + } +}', false), + array('{ + "stable": { + "1.0": { + "current": "1.0.1<script>alert(\'foo\');</script>", + "download": "https://www.phpbb.com/customise/db/download/104136<script>alert(\'foo\');</script>", + "announcement": "https://www.phpbb.com/customise/db/extension/boardrules/<script>alert(\'foo\');</script>", + "eol": "<script>alert(\'foo\');</script>", + "security": "<script>alert(\'foo\');</script>" + } + } +}', true, array ( + 'stable' => array ( + '1.0' => array ( + 'current' => '1.0.1<script>alert(\'foo\');</script>', + 'download' => 'https://www.phpbb.com/customise/db/download/104136<script>alert(\'foo\');</script>', + 'announcement' => 'https://www.phpbb.com/customise/db/extension/boardrules/<script>alert(\'foo\');</script>', + 'eol' => '<script>alert(\'foo\');</script>', + 'security' => '<script>alert(\'foo\');</script>', + ), + ), + 'unstable' => array ( + '1.0' => array ( + 'current' => '1.0.1<script>alert(\'foo\');</script>', + 'download' => 'https://www.phpbb.com/customise/db/download/104136<script>alert(\'foo\');</script>', + 'announcement' => 'https://www.phpbb.com/customise/db/extension/boardrules/<script>alert(\'foo\');</script>', + 'eol' => '<script>alert(\'foo\');</script>', + 'security' => '<script>alert(\'foo\');</script>', + ), + ), + )), + array('{ + "unstable": { + "1.0": { + "current": "1.0.1<script>alert(\'foo\');</script>", + "download": "https://www.phpbb.com/customise/db/download/104136<script>alert(\'foo\');</script>", + "announcement": "https://www.phpbb.com/customise/db/extension/boardrules/<script>alert(\'foo\');</script>", + "eol": "<script>alert(\'foo\');</script>", + "security": "<script>alert(\'foo\');</script>" + } + } +}', true, array ( + 'unstable' => array ( + '1.0' => array ( + 'current' => '1.0.1<script>alert(\'foo\');</script>', + 'download' => 'https://www.phpbb.com/customise/db/download/104136<script>alert(\'foo\');</script>', + 'announcement' => 'https://www.phpbb.com/customise/db/extension/boardrules/<script>alert(\'foo\');</script>', + 'eol' => '<script>alert(\'foo\');</script>', + 'security' => '<script>alert(\'foo\');</script>', + ), + ), + 'stable' => array(), + )), + ); + } + + /** + * @dataProvider provider_get_versions + */ + public function test_get_versions($input, $valid_data, $expected_return = '') + { + $this->file_downloader->set($input); + + if (!$valid_data) + { + try { + $return = $this->version_helper->get_versions(); + } catch (\RuntimeException $e) { + $this->assertEquals((string)$e->getMessage(), $this->user->lang('VERSIONCHECK_FAIL')); + } + } + else + { + $return = $this->version_helper->get_versions(); + } + + $this->assertEquals($expected_return, $return); + } +} |