diff options
| -rw-r--r-- | phpBB/config/default/container/services_text_formatter.yml | 1 | ||||
| -rw-r--r-- | phpBB/includes/acp/acp_board.php | 7 | ||||
| -rw-r--r-- | phpBB/install/schemas/schema_data.sql | 1 | ||||
| -rw-r--r-- | phpBB/language/en/acp/board.php | 2 | ||||
| -rw-r--r-- | phpBB/phpbb/db/migration/data/v320/allowed_schemes_links.php | 24 | ||||
| -rw-r--r-- | phpBB/phpbb/textformatter/s9e/factory.php | 19 | ||||
| -rw-r--r-- | tests/functional/posting_test.php | 41 | ||||
| -rw-r--r-- | tests/test_framework/phpbb_test_case_helpers.php | 30 | ||||
| -rw-r--r-- | tests/text_formatter/s9e/factory_test.php | 1 |
9 files changed, 119 insertions, 7 deletions
diff --git a/phpBB/config/default/container/services_text_formatter.yml b/phpBB/config/default/container/services_text_formatter.yml index ae698af9e4..5a3307175f 100644 --- a/phpBB/config/default/container/services_text_formatter.yml +++ b/phpBB/config/default/container/services_text_formatter.yml @@ -32,6 +32,7 @@ services: - @text_formatter.data_access - @cache.driver - @dispatcher + - @config - %text_formatter.cache.dir% - %text_formatter.cache.parser.key% - %text_formatter.cache.renderer.key% diff --git a/phpBB/includes/acp/acp_board.php b/phpBB/includes/acp/acp_board.php index 6e636d2f7d..b1ddd4be70 100644 --- a/phpBB/includes/acp/acp_board.php +++ b/phpBB/includes/acp/acp_board.php @@ -197,6 +197,7 @@ class acp_board 'allow_post_flash' => array('lang' => 'ALLOW_POST_FLASH', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true), 'allow_smilies' => array('lang' => 'ALLOW_SMILIES', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => false), 'allow_post_links' => array('lang' => 'ALLOW_POST_LINKS', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true), + 'allowed_schemes_links' => array('lang' => 'ALLOWED_SCHEMES_LINKS', 'validate' => 'string', 'type' => 'text:0:255', 'explain' => true), 'allow_nocensors' => array('lang' => 'ALLOW_NO_CENSORS', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true), 'allow_bookmarks' => array('lang' => 'ALLOW_BOOKMARKS', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true), 'enable_post_confirm' => array('lang' => 'VISUAL_CONFIRM_POST', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true), @@ -550,6 +551,12 @@ class acp_board } } + // Invalidate the text_formatter cache when posting options are changed + if ($mode == 'post' && $submit) + { + $phpbb_container->get('text_formatter.cache')->invalidate(); + } + // Store news and exclude ids if ($mode == 'feed' && $submit) { diff --git a/phpBB/install/schemas/schema_data.sql b/phpBB/install/schemas/schema_data.sql index c53c252e2f..ca561ec35d 100644 --- a/phpBB/install/schemas/schema_data.sql +++ b/phpBB/install/schemas/schema_data.sql @@ -41,6 +41,7 @@ INSERT INTO phpbb_config (config_name, config_value) VALUES ('allow_sig_pm', '1' INSERT INTO phpbb_config (config_name, config_value) VALUES ('allow_sig_smilies', '1'); INSERT INTO phpbb_config (config_name, config_value) VALUES ('allow_smilies', '1'); INSERT INTO phpbb_config (config_name, config_value) VALUES ('allow_topic_notify', '1'); +INSERT INTO phpbb_config (config_name, config_value) VALUES ('allowed_schemes_links', 'http,https,ftp'); INSERT INTO phpbb_config (config_name, config_value) VALUES ('assets_version', '1'); INSERT INTO phpbb_config (config_name, config_value) VALUES ('attachment_quota', '52428800'); INSERT INTO phpbb_config (config_name, config_value) VALUES ('auth_bbcode_pm', '1'); diff --git a/phpBB/language/en/acp/board.php b/phpBB/language/en/acp/board.php index 001775349a..69d6158241 100644 --- a/phpBB/language/en/acp/board.php +++ b/phpBB/language/en/acp/board.php @@ -161,6 +161,8 @@ $lang = array_merge($lang, array( 'ACP_POST_SETTINGS_EXPLAIN' => 'Here you can set all default settings for posting.', 'ALLOW_POST_LINKS' => 'Allow links in posts/private messages', 'ALLOW_POST_LINKS_EXPLAIN' => 'If disallowed the <code>[URL]</code> BBCode tag and automatic/magic URLs are disabled.', + 'ALLOWED_SCHEMES_LINKS' => 'Allowed schemes in links', + 'ALLOWED_SCHEMES_LINKS_EXPLAIN' => 'Users can only post schemeless URLs or one of the comma-separated list of allowed schemes.', 'ALLOW_POST_FLASH' => 'Allow use of <code>[FLASH]</code> BBCode tag in posts', 'ALLOW_POST_FLASH_EXPLAIN' => 'If disallowed the <code>[FLASH]</code> BBCode tag is disabled in posts. Otherwise the permission system controls which users can use the <code>[FLASH]</code> BBCode tag.', diff --git a/phpBB/phpbb/db/migration/data/v320/allowed_schemes_links.php b/phpBB/phpbb/db/migration/data/v320/allowed_schemes_links.php new file mode 100644 index 0000000000..de127e3745 --- /dev/null +++ b/phpBB/phpbb/db/migration/data/v320/allowed_schemes_links.php @@ -0,0 +1,24 @@ +<?php +/** +* +* This file is part of the phpBB Forum Software package. +* +* @copyright (c) phpBB Limited <https://www.phpbb.com> +* @license GNU General Public License, version 2 (GPL-2.0) +* +* For full copyright and license information, please see +* the docs/CREDITS.txt file. +* +*/ + +namespace phpbb\db\migration\data\v320; + +class allowed_schemes_links extends \phpbb\db\migration\migration +{ + public function update_data() + { + return array( + array('config.add', array('allowed_schemes_links', 'http,https,ftp')), + ); + } +} diff --git a/phpBB/phpbb/textformatter/s9e/factory.php b/phpBB/phpbb/textformatter/s9e/factory.php index 2aab97b667..4a04b34cd8 100644 --- a/phpBB/phpbb/textformatter/s9e/factory.php +++ b/phpBB/phpbb/textformatter/s9e/factory.php @@ -43,6 +43,11 @@ class factory implements \phpbb\textformatter\cache_interface protected $cache_key_renderer; /** + * @var \phpbb\config\config + */ + protected $config; + + /** * @var array Custom tokens used in bbcode.html and their corresponding token from the definition */ protected $custom_tokens = array( @@ -127,16 +132,18 @@ class factory implements \phpbb\textformatter\cache_interface * @param \phpbb\textformatter\data_access $data_access * @param \phpbb\cache\driver\driver_interface $cache * @param \phpbb\event\dispatcher_interface $dispatcher + * @param \phpbb\config\config $config * @param string $cache_dir Path to the cache dir * @param string $cache_key_parser Cache key used for the parser * @param string $cache_key_renderer Cache key used for the renderer */ - public function __construct(\phpbb\textformatter\data_access $data_access, \phpbb\cache\driver\driver_interface $cache, \phpbb\event\dispatcher_interface $dispatcher, $cache_dir, $cache_key_parser, $cache_key_renderer) + public function __construct(\phpbb\textformatter\data_access $data_access, \phpbb\cache\driver\driver_interface $cache, \phpbb\event\dispatcher_interface $dispatcher, \phpbb\config\config $config, $cache_dir, $cache_key_parser, $cache_key_renderer) { $this->cache = $cache; $this->cache_dir = $cache_dir; $this->cache_key_parser = $cache_key_parser; $this->cache_key_renderer = $cache_key_renderer; + $this->config = $config; $this->data_access = $data_access; $this->dispatcher = $dispatcher; } @@ -190,6 +197,16 @@ class factory implements \phpbb\textformatter\cache_interface $vars = array('configurator'); extract($this->dispatcher->trigger_event('core.text_formatter_s9e_configure_before', compact($vars))); + // Reset the list of allowed schemes + foreach ($configurator->urlConfig->getAllowedSchemes() as $scheme) + { + $configurator->urlConfig->disallowScheme($scheme); + } + foreach (explode(',', $this->config['allowed_schemes_links']) as $scheme) + { + $configurator->urlConfig->allowScheme(trim($scheme)); + } + // Convert newlines to br elements by default $configurator->rootRules->enableAutoLineBreaks(); diff --git a/tests/functional/posting_test.php b/tests/functional/posting_test.php index 724c42b289..fa9ff028da 100644 --- a/tests/functional/posting_test.php +++ b/tests/functional/posting_test.php @@ -205,4 +205,45 @@ class phpbb_functional_posting_test extends phpbb_functional_test_case $crawler->filter('#preview .signature')->html() ); } + + public function test_allowed_schemes_links() + { + $text = 'http://example.org/ tcp://localhost:22/ServiceName'; + + $this->login(); + $this->admin_login(); + + // Post with default settings + $crawler = self::request('GET', 'posting.php?mode=post&f=2'); + $form = $crawler->selectButton('Preview')->form(array( + 'subject' => 'Test subject', + 'message' => $text, + )); + $crawler = self::submit($form); + $this->assertContains( + '<a href="http://example.org/" class="postlink">http://example.org/</a> tcp://localhost:22/ServiceName', + $crawler->filter('#preview .content')->html() + ); + + // Update allowed schemes + $crawler = self::request('GET', 'adm/index.php?sid=' . $this->sid . '&i=acp_board&mode=post'); + $form = $crawler->selectButton('Submit')->form(); + $values = $form->getValues(); + $values['config[allowed_schemes_links]'] = 'https,tcp'; + $form->setValues($values); + $crawler = self::submit($form); + $this->assertEquals(1, $crawler->filter('.successbox')->count()); + + // Post with new settings + $crawler = self::request('GET', 'posting.php?mode=post&f=2'); + $form = $crawler->selectButton('Preview')->form(array( + 'subject' => 'Test subject', + 'message' => $text, + )); + $crawler = self::submit($form); + $this->assertContains( + 'http://example.org/ <a href="tcp://localhost:22/ServiceName" class="postlink">tcp://localhost:22/ServiceName</a>', + $crawler->filter('#preview .content')->html() + ); + } } diff --git a/tests/test_framework/phpbb_test_case_helpers.php b/tests/test_framework/phpbb_test_case_helpers.php index 70bd309653..3eefcdc5e3 100644 --- a/tests/test_framework/phpbb_test_case_helpers.php +++ b/tests/test_framework/phpbb_test_case_helpers.php @@ -473,8 +473,30 @@ class phpbb_test_case_helpers $phpbb_dispatcher = $dispatcher; } + // Set up the a minimum config + if ($container->has('config')) + { + $config = $container->get('config'); + } + else + { + $config = new \phpbb\config\config(array()); + } + $default_config = array( + 'allow_nocensors' => false, + 'allowed_schemes_links' => 'http,https,ftp', + 'smilies_path' => 'images/smilies', + ); + foreach ($default_config as $config_name => $config_value) + { + if (!isset($config[$config_name])) + { + $config[$config_name] = $config_value; + } + } + // Create and register the text_formatter.s9e.factory service - $factory = new \phpbb\textformatter\s9e\factory($dal, $cache, $dispatcher, $cache_dir, $cache_key_parser, $cache_key_renderer); + $factory = new \phpbb\textformatter\s9e\factory($dal, $cache, $dispatcher, $config, $cache_dir, $cache_key_parser, $cache_key_renderer); $container->set('text_formatter.s9e.factory', $factory); // Create a user if none was provided, and add the common lang strings @@ -537,12 +559,8 @@ class phpbb_test_case_helpers $dispatcher ); - $config = ($container->has('config')) - ? $container->get('config') - : new \phpbb\config\config(array('smilies_path' => 'images/smilies', 'allow_nocensors' => false)); - $auth = ($container->has('auth')) ? $container->get('auth') : new \phpbb\auth\auth; - // Calls configured in services.yml + $auth = ($container->has('auth')) ? $container->get('auth') : new \phpbb\auth\auth; $renderer->configure_quote_helper($quote_helper); $renderer->configure_smilies_path($config, $path_helper); $renderer->configure_user($user, $config, $auth); diff --git a/tests/text_formatter/s9e/factory_test.php b/tests/text_formatter/s9e/factory_test.php index 8382097544..c8bf595092 100644 --- a/tests/text_formatter/s9e/factory_test.php +++ b/tests/text_formatter/s9e/factory_test.php @@ -49,6 +49,7 @@ class phpbb_textformatter_s9e_factory_test extends phpbb_database_test_case $dal, $this->cache, $this->dispatcher, + new \phpbb\config\config(array('allowed_schemes_links' => 'http,https,ftp')), $this->get_cache_dir(), '_foo_parser', '_foo_renderer' |