+ <li><a href="#v310">Changes since 3.1.0</a></li>

+ <a name="v310"></a><h3>1.i. Changes since 3.1.0</h3>

+

+ <h4>Security</h4>

+ <ul>

+ <li>[SECURITY-164] - Cross Site Scripting via PATH_INFO in page_name variable</li>

+ </ul>

+ <h4>Bug</h4>

+ <ul>

+ <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13248">PHPBB3-13248</a>] - Login functions need to use provider collection for retrieving provider</li>

+ <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13267">PHPBB3-13267</a>] - Automatic Update instructions indicate that only the install folder is necessary</li>

+ <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13268">PHPBB3-13268</a>] - MSSQL's get_existing_indexes() function improperly appends ternary result</li>

+ <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13271">PHPBB3-13271</a>] - Anonymous users can CC themselves on emails sent to admin via contact form</li>

+ </ul>

+ <h4>Task</h4>

+ <ul>

+ <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13262">PHPBB3-13262</a>] - Add note to docs about htaccess file when upgrading 3.0 to 3.1</li>

+ </ul>

+

+ <li>Upload the uncompressed archive contents to your phpBB installation - only the <code>install/</code> and <code>vendor/</code> folders are required. Upload these folders in their entirety, retaining the file structure.</li>

+ <li>Upload the contents of the 3.1.x Full Package into your forum's directory. Make sure the root level .htaccess file is included in the upload.</li>

+

+ global $request, $template, $phpbb_container, $user;

+ $provider_collection = $phpbb_container->get('auth.provider_collection');

+ $auth_provider = $provider_collection->get_provider();

+ global $phpbb_container, $request, $template, $user;

+ $provider_collection = $phpbb_container->get('auth.provider_collection');

+ $auth_provider = $provider_collection->get_provider($request->variable('auth_provider', ''));

+ $provider_collection = $phpbb_container->get('auth.provider_collection');

+ $auth_provider = $provider_collection->get_provider($request->variable('auth_provider', ''));

+ <li>Upload the complete uncompressed "install" and "vendor" folders to your phpBB root directory (where your config.php file is).<br /><br /></li>

+ global $db, $user, $phpbb_root_path, $phpEx, $phpbb_container;

+ $provider_collection = $phpbb_container->get('auth.provider_collection');

+ $provider = $provider_collection->get_provider();

+ * @param string $provider_name The name of the auth provider

+ public function get_provider($provider_name = '')

+ $provider_name = ($provider_name !== '') ? $provider_name : basename(trim($this->config['auth_method']));

+ if ($this->offsetExists('auth.provider.' . $provider_name))

+ return $this->offsetGet('auth.provider.' . $provider_name);

+<?php

+/**

+*

+* This file is part of the phpBB Forum Software package.

+*

+* @copyright (c) phpBB Limited <https://www.phpbb.com>

+* @license GNU General Public License, version 2 (GPL-2.0)

+*

+* For full copyright and license information, please see

+* the docs/CREDITS.txt file.

+*

+*/

+

+namespace phpbb\db\migration\data\v31x;

+

+class style_update extends \phpbb\db\migration\migration

+{

+ static public function depends_on()

+ {

+ return array('\phpbb\db\migration\data\v310\gold');

+ }

+

+ public function update_data()

+ {

+ return array(

+ array('custom', array(array($this, 'update_installed_styles'))),

+ );

+ }

+

+ public function update_installed_styles()

+ {

+ // Get all currently available styles

+ $styles = $this->find_style_dirs();

+ $style_paths = $style_ids = array();

+

+ $sql = 'SELECT style_path, style_id

+ FROM ' . $this->table_prefix . 'styles';

+ $result = $this->db->sql_query($sql);

+ while ($styles_row = $this->db->sql_fetchrow())

+ {

+ if (in_array($styles_row['style_path'], $styles))

+ {

+ $style_paths[] = $styles_row['style_path'];

+ $style_ids[] = $styles_row['style_id'];

+ }

+ }

+ $this->db->sql_freeresult($result);

+

+ // Install prosilver if no style is available and prosilver can be installed

+ if (empty($style_paths) && in_array('prosilver', $styles))

+ {

+ // Try to parse config file

+ $cfg = parse_cfg_file($this->phpbb_root_path . 'styles/prosilver/style.cfg');

+

+ // Stop running this if prosilver cfg file can't be read

+ if (empty($cfg))

+ {

+ throw new \RuntimeException('No styles available and could not fall back to prosilver.');

+ }

+

+ $style = array(

+ 'style_name' => 'prosilver',

+ 'style_copyright' => '&copy; phpBB Limited',

+ 'style_active' => 1,

+ 'style_path' => 'prosilver',

+ 'bbcode_bitfield' => 'kNg=',

+ 'style_parent_id' => 0,

+ 'style_parent_tree' => '',

+ );

+

+ // Add to database

+ $this->db->sql_transaction('begin');

+

+ $sql = 'INSERT INTO ' . $this->table_prefix . 'styles

+ ' . $this->db->sql_build_array('INSERT', $style);

+ $this->db->sql_query($sql);

+

+ $style_id = $this->db->sql_nextid();

+ $style_ids[] = $style_id;

+

+ $this->db->sql_transaction('commit');

+

+ // Set prosilver to default style

+ $this->config->set('default_style', $style_id);

+ }

+ else if (empty($styles) && empty($available_styles))

+ {

+ throw new \RuntimeException('No valid styles available');

+ }

+

+ // Make sure default style is available

+ if (!in_array($this->config['default_style'], $style_ids))

+ {

+ $this->config->set('default_style', array_pop($style_ids));

+ }

+

+ // Reset users to default style if their user_style is nonexistent

+ $sql = 'UPDATE ' . $this->table_prefix . "users

+ SET user_style = {$this->config['default_style']}

+ WHERE " . $this->db->sql_in_set('user_style', $style_ids, true, true);

+ $this->db->sql_query($sql);

+ }

+

+ /**

+ * Find all directories that have styles

+ * Copied from acp_styles

+ *

+ * @return array Directory names

+ */

+ protected function find_style_dirs()

+ {

+ $styles = array();

+ $styles_path = $this->phpbb_root_path . 'styles/';

+

+ $dp = @opendir($styles_path);

+ if ($dp)

+ {

+ while (($file = readdir($dp)) !== false)

+ {

+ $dir = $styles_path . $file;

+ if ($file[0] == '.' || !is_dir($dir))

+ {

+ continue;

+ }

+

+ if (file_exists("{$dir}/style.cfg"))

+ {

+ $styles[] = $file;

+ }

+ }

+ closedir($dp);

+ }

+

+ return $styles;

+ }

+}

+<?php

+/**

+*

+* This file is part of the phpBB Forum Software package.

+*

+* @copyright (c) phpBB Limited <https://www.phpbb.com>

+* @license GNU General Public License, version 2 (GPL-2.0)

+*

+* For full copyright and license information, please see

+* the docs/CREDITS.txt file.

+*

+*/

+

+namespace phpbb\db\migration\data\v31x;

+

+class v311 extends \phpbb\db\migration\migration

+{

+ static public function depends_on()

+ {

+ return array(

+ '\phpbb\db\migration\data\v310\gold',

+ '\phpbb\db\migration\data\v31x\style_update',

+ );

+ }

+

+ public function update_data()

+ {

+ return array(

+ array('config.update', array('version', '3.1.1')),

+ );

+ }

+}

+ AND INDEXPROPERTY(ix.id, ix.name, 'IsUnique') = " . ($unique ? '1' : '0');

+ AND ix.is_unique = " . ($unique ? '1' : '0');

+ if ($this->cc_sender && $this->user->data['is_registered'])

+ <!-- IF S_REGISTERED_USER -->

+ <!-- ENDIF -->

+ <!-- IF S_REGISTERED_USER -->

+ <!-- ENDIF -->

+ * @dependsOn test_login_other

+ */

+ public function test_login_ucp_other_auth_provider()

+ {

+ global $cache, $config;

+ $cache = new phpbb_mock_null_cache;

+ $db = $this->get_db();

+ $sql = 'UPDATE ' . CONFIG_TABLE . " SET config_value = 'foobar' WHERE config_name = 'auth_method'";

+ $db->sql_query($sql);

+ $config['auth_method'] = 'foobar';

+ $this->login('anothertestuser');

+ $crawler = self::request('GET', 'index.php');

+ $this->assertContains('anothertestuser', $crawler->filter('#username_logged_in')->text());

+ $sql = 'UPDATE ' . CONFIG_TABLE . " SET config_value = 'db' WHERE config_name = 'auth_method'";

+ $db->sql_query($sql);

+ $config['auth_method'] = 'db';

+ }

+

+ /**