diff options
64 files changed, 649 insertions, 226 deletions
diff --git a/phpBB/adm/style/acp_email.html b/phpBB/adm/style/acp_email.html index 950ecb40b0..63acd7fcc1 100644 --- a/phpBB/adm/style/acp_email.html +++ b/phpBB/adm/style/acp_email.html @@ -47,6 +47,8 @@ <dd><input id="send" type="checkbox" class="radio" name="send_immediately" checked="checked" /></dd> </dl> +<!-- EVENT acp_email_options_after --> + <p class="submit-buttons"> <input class="button1" type="submit" id="submit" name="submit" value="{L_SEND_EMAIL}" /> <input class="button2" type="reset" id="reset" name="reset" value="{L_RESET}" /> diff --git a/phpBB/adm/style/acp_forums.html b/phpBB/adm/style/acp_forums.html index af79791ff8..756092a1f0 100644 --- a/phpBB/adm/style/acp_forums.html +++ b/phpBB/adm/style/acp_forums.html @@ -111,6 +111,7 @@ <fieldset> <legend>{L_FORUM_SETTINGS}</legend> + <!-- EVENT acp_forums_main_settings_prepend --> <dl> <dt><label for="forum_type">{L_FORUM_TYPE}{L_COLON}</label></dt> <dd><select id="forum_type" name="forum_type" onchange="display_options(this.options[this.selectedIndex].value);">{S_FORUM_TYPE_OPTIONS}</select></dd> @@ -182,6 +183,7 @@ <dt><label for="forum_style">{L_FORUM_STYLE}{L_COLON}</label></dt> <dd><select id="forum_style" name="forum_style"><option value="0">{L_DEFAULT_STYLE}</option>{S_STYLES_OPTIONS}</select></dd> </dl> + <!-- EVENT acp_forums_main_settings_append --> </fieldset> <div id="forum_cat_options"> @@ -198,6 +200,7 @@ <div id="forum_post_options"> <fieldset> <legend>{L_GENERAL_FORUM_SETTINGS}</legend> + <!-- EVENT acp_forums_normal_settings_prepend --> <dl> <dt><label for="forum_status">{L_FORUM_STATUS}{L_COLON}</label></dt> <dd><select id="forum_status" name="forum_status">{S_STATUS_OPTIONS}</select></dd> @@ -246,6 +249,7 @@ <fieldset> <legend>{L_FORUM_PRUNE_SETTINGS}</legend> + <!-- EVENT acp_forums_prune_settings_prepend --> <dl> <dt><label for="enable_prune">{L_FORUM_AUTO_PRUNE}{L_COLON}</label><br /><span>{L_FORUM_AUTO_PRUNE_EXPLAIN}</span></dt> <dd><label><input type="radio" class="radio" name="enable_prune" value="1"<!-- IF S_PRUNE_ENABLE --> id="enable_prune" checked="checked"<!-- ENDIF --> /> {L_YES}</label> @@ -291,6 +295,7 @@ <dt><label for="prune_shadow_days">{L_AUTO_PRUNE_SHADOW_DAYS}{L_COLON}</label><br /><span>{L_AUTO_PRUNE_SHADOW_DAYS_EXPLAIN}</span></dt> <dd><input type="number" id="prune_shadow_days" name="prune_shadow_days" value="{PRUNE_SHADOW_DAYS}" maxlength="4" size="4" min="0" max="9999" /> {L_DAYS}</dd> </dl> + <!-- EVENT acp_forums_prune_settings_append --> </fieldset> </div> @@ -317,6 +322,7 @@ <div id="forum_rules_options"> <fieldset> <legend>{L_FORUM_RULES}</legend> + <!-- EVENT acp_forums_rules_settings_prepend --> <dl> <dt><label for="forum_rules_link">{L_FORUM_RULES_LINK}{L_COLON}</label><br /><span>{L_FORUM_RULES_LINK_EXPLAIN}</span></dt> <dd><input class="text medium" type="text" id="forum_rules_link" name="forum_rules_link" value="{FORUM_RULES_LINK}" maxlength="255" /></dd> @@ -334,6 +340,7 @@ <label><input type="checkbox" class="radio" name="rules_parse_smilies"<!-- IF S_SMILIES_CHECKED --> checked="checked"<!-- ENDIF --> /> {L_PARSE_SMILIES}</label> <label><input type="checkbox" class="radio" name="rules_parse_urls"<!-- IF S_URLS_CHECKED --> checked="checked"<!-- ENDIF --> /> {L_PARSE_URLS}</label></dd> </dl> + <!-- EVENT acp_forums_rules_settings_append --> </fieldset> </div> diff --git a/phpBB/assets/javascript/core.js b/phpBB/assets/javascript/core.js index 6ddbba7515..6481a2e113 100644 --- a/phpBB/assets/javascript/core.js +++ b/phpBB/assets/javascript/core.js @@ -386,7 +386,8 @@ phpbb.ajaxify = function(options) { type: method, data: data, success: returnHandler, - error: errorHandler + error: errorHandler, + cache: false }); request.always(function() { $loadingIndicator.fadeOut(phpbb.alertTime); diff --git a/phpBB/config/services.yml b/phpBB/config/services.yml index 5003697564..975f2f7580 100644 --- a/phpBB/config/services.yml +++ b/phpBB/config/services.yml @@ -75,6 +75,7 @@ services: - @controller.provider - @ext.manager - @symfony_request + - @request - @filesystem - %core.root_path% - %core.php_ext% @@ -155,6 +156,8 @@ services: - null - %core.disable_super_globals% + # WARNING: The Symfony request does not escape the input and should be used very carefully + # prefer the phpbb request (service @request) as possible symfony_request: class: phpbb\symfony_request arguments: diff --git a/phpBB/docs/events.md b/phpBB/docs/events.md index c51bc72160..7863814daa 100644 --- a/phpBB/docs/events.md +++ b/phpBB/docs/events.md @@ -16,11 +16,59 @@ acp_bbcodes_edit_fieldsets_after * Since: 3.1.0-a3 * Purpose: Add settings to BBCode add/edit form +acp_email_options_after +=== +* Location: adm/style/acp_email.html +* Since: 3.1.2-RC1 +* Purpose: Add settings to mass email form + +acp_forums_main_settings_append +=== +* Location: adm/style/acp_forums.html +* Since: 3.1.2-RC1 +* Purpose: Add settings to forums at end of main settings section + +acp_forums_main_settings_prepend +=== +* Location: adm/style/acp_forums.html +* Since: 3.1.2-RC1 +* Purpose: Add settings to forums before main settings section + acp_forums_normal_settings_append === * Location: adm/style/acp_forums.html * Since: 3.1.0-a1 -* Purpose: Add settings to forums +* Purpose: Add settings to forums at end of normal settings section + +acp_forums_normal_settings_prepend +=== +* Location: adm/style/acp_forums.html +* Since: 3.1.2-RC1 +* Purpose: Add settings to forums before normal settings section + +acp_forums_prune_settings_append +=== +* Location: adm/style/acp_forums.html +* Since: 3.1.2-RC1 +* Purpose: Add settings to forums at end of prune settings section + +acp_forums_prune_settings_prepend +=== +* Location: adm/style/acp_forums.html +* Since: 3.1.2-RC1 +* Purpose: Add settings to forums before prune settings section + +acp_forums_rules_settings_append +=== +* Location: adm/style/acp_forums.html +* Since: 3.1.2-RC1 +* Purpose: Add settings to forums at end of rules settings section + +acp_forums_rules_settings_prepend +=== +* Location: adm/style/acp_forums.html +* Since: 3.1.2-RC1 +* Purpose: Add settings to forums before rules settings section acp_group_options_before === @@ -111,7 +159,7 @@ acp_ranks_list_column_before * Locations: + adm/style/acp_ranks.html * Since: 3.1.0-RC3 -* Purpose: Add content after the last column (but before the action column) +* Purpose: Add content after the last column (but before the action column) in the ranks list in the ACP acp_ranks_list_header_after @@ -126,7 +174,7 @@ acp_ranks_list_header_before * Locations: + adm/style/acp_ranks.html * Since: 3.1.0-RC3 -* Purpose: Add content after the last header-column (but before the action column) +* Purpose: Add content after the last header-column (but before the action column) in the ranks list in the ACP acp_simple_footer_after @@ -336,6 +384,14 @@ index_body_block_stats_prepend * Since: 3.1.0-b3 * Purpose: Prepend content to the statistics list on the Board index +index_body_forumlist_body_after +=== +* Locations: + + styles/prosilver/template/index_body.html + + styles/subsilver2/template/index_body.html +* Since: 3.1.1 +* Purpose: Add content after the forum list body on the index page + index_body_markforums_after === * Locations: @@ -418,6 +474,30 @@ memberlist_body_username_prepend * Purpose: Add information before every username in the memberlist. Works in all display modes (leader, group and normal memberlist). +memberlist_search_fields_after +=== +* Locations: + + styles/prosilver/template/memberlist_search.html + + styles/subsilver2/template/memberlist_search.html +* Since: 3.1.2-RC1 +* Purpose: Add information after the search fields column. + +memberlist_search_fields_before +=== +* Locations: + + styles/prosilver/template/memberlist_search.html + + styles/subsilver2/template/memberlist_search.html +* Since: 3.1.2-RC1 +* Purpose: Add information before the search fields column. + +memberlist_search_sorting_options_before +=== +* Locations: + + styles/prosilver/template/memberlist_search.html + + styles/subsilver2/template/memberlist_search.html +* Since: 3.1.2-RC1 +* Purpose: Add information before the search sorting options field. + memberlist_view_contact_after === * Locations: @@ -756,6 +836,14 @@ posting_editor_buttons_before * Since: 3.1.0-a3 * Purpose: Add content before the BBCode posting buttons +posting_editor_buttons_custom_tags_before +=== +* Locations: + + styles/prosilver/template/posting_buttons.html + + styles/subsilver2/template/posting_buttons.html +* Since: 3.1.2-RC1 +* Purpose: Add content inside the BBCode posting buttons and before the customs BBCode + posting_editor_message_after === * Locations: @@ -1011,7 +1099,7 @@ ucp_pm_viewmessage_post_buttons_after + styles/prosilver/template/ucp_pm_viewmessage.html + styles/subsilver2/template/ucp_pm_viewmessage.html * Since: 3.1.0-RC3 -* Purpose: Add post button to private messages (next to edit, quote etc), at +* Purpose: Add post button to private messages (next to edit, quote etc), at the end of the list. ucp_pm_viewmessage_post_buttons_before @@ -1020,7 +1108,7 @@ ucp_pm_viewmessage_post_buttons_before + styles/prosilver/template/ucp_pm_viewmessage.html + styles/subsilver2/template/ucp_pm_viewmessage.html * Since: 3.1.0-RC3 -* Purpose: Add post button to private messages (next to edit, quote etc), at +* Purpose: Add post button to private messages (next to edit, quote etc), at the start of the list. ucp_pm_viewmessage_print_head_append diff --git a/phpBB/includes/acp/acp_board.php b/phpBB/includes/acp/acp_board.php index f4f7512f0c..63e2647f02 100644 --- a/phpBB/includes/acp/acp_board.php +++ b/phpBB/includes/acp/acp_board.php @@ -615,7 +615,15 @@ class acp_board { add_log('admin', 'LOG_CONFIG_' . strtoupper($mode)); - trigger_error($user->lang['CONFIG_UPDATED'] . adm_back_link($this->u_action)); + $message = $user->lang('CONFIG_UPDATED'); + $message_type = E_USER_NOTICE; + if (!$config['email_enable'] && in_array($mode, array('email', 'registration')) && + in_array($config['require_activation'], array(USER_ACTIVATION_SELF, USER_ACTIVATION_ADMIN))) + { + $message .= '<br /><br />' . $user->lang('ACC_ACTIVATION_WARNING'); + $message_type = E_USER_WARNING; + } + trigger_error($message . adm_back_link($this->u_action), $message_type); } $this->tpl_name = 'acp_board'; @@ -792,20 +800,19 @@ class acp_board global $user, $config; $act_ary = array( - 'ACC_DISABLE' => USER_ACTIVATION_DISABLE, - 'ACC_NONE' => USER_ACTIVATION_NONE, + 'ACC_DISABLE' => array(true, USER_ACTIVATION_DISABLE), + 'ACC_NONE' => array(true, USER_ACTIVATION_NONE), + 'ACC_USER' => array($config['email_enable'], USER_ACTIVATION_SELF), + 'ACC_ADMIN' => array($config['email_enable'], USER_ACTIVATION_ADMIN), ); - if ($config['email_enable']) - { - $act_ary['ACC_USER'] = USER_ACTIVATION_SELF; - $act_ary['ACC_ADMIN'] = USER_ACTIVATION_ADMIN; - } - $act_options = ''; - foreach ($act_ary as $key => $value) + $act_options = ''; + foreach ($act_ary as $key => $data) { + list($available, $value) = $data; $selected = ($selected_value == $value) ? ' selected="selected"' : ''; - $act_options .= '<option value="' . $value . '"' . $selected . '>' . $user->lang[$key] . '</option>'; + $class = (!$available) ? ' class="disabled-option"' : ''; + $act_options .= '<option value="' . $value . '"' . $selected . $class . '>' . $user->lang($key) . '</option>'; } return $act_options; diff --git a/phpBB/includes/functions_admin.php b/phpBB/includes/functions_admin.php index e3e8657afb..5ddaf31cf5 100644 --- a/phpBB/includes/functions_admin.php +++ b/phpBB/includes/functions_admin.php @@ -2512,6 +2512,7 @@ function phpbb_cache_moderators($db, $cache, $auth) { $usernames_ary[$row['user_id']] = $row['username']; } + $db->sql_freeresult($result); foreach ($hold_ary as $user_id => $forum_id_ary) { @@ -2806,6 +2807,7 @@ function view_inactive_users(&$users, &$user_count, $limit = 0, $offset = 0, $li $users[] = $row; } + $db->sql_freeresult($result); return $offset; } diff --git a/phpBB/includes/mcp/mcp_forum.php b/phpBB/includes/mcp/mcp_forum.php index 0c6acaa908..c18ca1aa1d 100644 --- a/phpBB/includes/mcp/mcp_forum.php +++ b/phpBB/includes/mcp/mcp_forum.php @@ -165,6 +165,22 @@ function mcp_forum_view($id, $mode, $action, $forum_info) AND ' . $phpbb_content_visibility->get_visibility_sql('topic', $forum_id, 't.') . " $limit_time_sql ORDER BY t.topic_type DESC, $sort_order_sql"; + + /** + * Modify SQL query before MCP forum view topic list is queried + * + * @event core.mcp_view_forum_modify_sql + * @var string sql SQL query for forum view topic list + * @var int forum_id ID of the forum + * @var string limit_time_sql SQL query part for limit time + * @var string sort_order_sql SQL query part for sort order + * @var int topics_per_page Number of topics per page + * @var int start Start value + * @since 3.1.2-RC1 + */ + $vars = array('sql', 'forum_id', 'limit_time_sql', 'sort_order_sql', 'topics_per_page', 'start'); + extract($phpbb_dispatcher->trigger_event('core.mcp_view_forum_modify_sql', compact($vars))); + $result = $db->sql_query_limit($sql, $topics_per_page, $start); $topic_list = $topic_tracking_info = array(); diff --git a/phpBB/includes/mcp/mcp_main.php b/phpBB/includes/mcp/mcp_main.php index 19a0ee3051..227ae84bd6 100644 --- a/phpBB/includes/mcp/mcp_main.php +++ b/phpBB/includes/mcp/mcp_main.php @@ -813,8 +813,17 @@ function mcp_delete_topic($topic_ids, $is_soft = false, $soft_delete_reason = '' $user->add_lang('posting'); + // If there are only shadow topics, we neither need a reason nor softdelete + $sql = 'SELECT topic_id + FROM ' . TOPICS_TABLE . ' + WHERE ' . $db->sql_in_set('topic_id', $topic_ids) . ' + AND topic_moved_id = 0'; + $result = $db->sql_query_limit($sql, 1); + $only_shadow = !$db->sql_fetchfield('topic_id'); + $db->sql_freeresult($result); + $only_softdeleted = false; - if ($auth->acl_get('m_delete', $forum_id) && $auth->acl_get('m_softdelete', $forum_id)) + if (!$only_shadow && $auth->acl_get('m_delete', $forum_id) && $auth->acl_get('m_softdelete', $forum_id)) { // If there are only soft deleted topics, we display a message why the option is not available $sql = 'SELECT topic_id @@ -827,6 +836,7 @@ function mcp_delete_topic($topic_ids, $is_soft = false, $soft_delete_reason = '' } $template->assign_vars(array( + 'S_SHADOW_TOPICS' => $only_shadow, 'S_SOFTDELETED' => $only_softdeleted, 'S_TOPIC_MODE' => true, 'S_ALLOWED_DELETE' => $auth->acl_get('m_delete', $forum_id), @@ -839,7 +849,7 @@ function mcp_delete_topic($topic_ids, $is_soft = false, $soft_delete_reason = '' $l_confirm .= '_PERMANENTLY'; $s_hidden_fields['delete_permanent'] = '1'; } - else if (!$auth->acl_get('m_softdelete', $forum_id)) + else if ($only_shadow || !$auth->acl_get('m_softdelete', $forum_id)) { $s_hidden_fields['delete_permanent'] = '1'; } diff --git a/phpBB/includes/message_parser.php b/phpBB/includes/message_parser.php index 92ace7b585..bc996cf275 100644 --- a/phpBB/includes/message_parser.php +++ b/phpBB/includes/message_parser.php @@ -1103,7 +1103,7 @@ class parse_message extends bbcode_firstpass */ function parse($allow_bbcode, $allow_magic_url, $allow_smilies, $allow_img_bbcode = true, $allow_flash_bbcode = true, $allow_quote_bbcode = true, $allow_url_bbcode = true, $update_this_message = true, $mode = 'post') { - global $config, $db, $user; + global $config, $db, $user, $phpbb_dispatcher; $this->mode = $mode; @@ -1158,6 +1158,49 @@ class parse_message extends bbcode_firstpass } } + /** + * This event can be used for additional message checks/cleanup before parsing + * + * @event core.message_parser_check_message + * @var bool allow_bbcode Do we allow BBCodes + * @var bool allow_magic_url Do we allow magic urls + * @var bool allow_smilies Do we allow smilies + * @var bool allow_img_bbcode Do we allow image BBCode + * @var bool allow_flash_bbcode Do we allow flash BBCode + * @var bool allow_quote_bbcode Do we allow quote BBCode + * @var bool allow_url_bbcode Do we allow url BBCode + * @var bool update_this_message Do we alter the parsed message + * @var string mode Posting mode + * @var string message The message text to parse + * @var bool return Do we return after the event is triggered if $warn_msg is not empty + * @var array warn_msg Array of the warning messages + * @since 3.1.2-RC1 + */ + $message = $this->message; + $warn_msg = $this->warn_msg; + $return = false; + $vars = array( + 'allow_bbcode', + 'allow_magic_url', + 'allow_smilies', + 'allow_img_bbcode', + 'allow_flash_bbcode', + 'allow_quote_bbcode', + 'allow_url_bbcode', + 'update_this_message', + 'mode', + 'message', + 'return', + 'warn_msg', + ); + extract($phpbb_dispatcher->trigger_event('core.message_parser_check_message', compact($vars))); + $this->message = $message; + $this->warn_msg = $warn_msg; + if ($return && !empty($this->warn_msg)) + { + return (!$update_this_message) ? $return_message : $this->warn_msg; + } + // Prepare BBcode (just prepares some tags for better parsing) if ($allow_bbcode && strpos($this->message, '[') !== false) { diff --git a/phpBB/includes/ucp/ucp_register.php b/phpBB/includes/ucp/ucp_register.php index 88078c10af..14f6a8bc02 100644 --- a/phpBB/includes/ucp/ucp_register.php +++ b/phpBB/includes/ucp/ucp_register.php @@ -33,7 +33,8 @@ class ucp_register global $request, $phpbb_container; // - if ($config['require_activation'] == USER_ACTIVATION_DISABLE) + if ($config['require_activation'] == USER_ACTIVATION_DISABLE || + (in_array($config['require_activation'], array(USER_ACTIVATION_SELF, USER_ACTIVATION_ADMIN)) && !$config['email_enable'])) { trigger_error('UCP_REGISTER_DISABLE'); } diff --git a/phpBB/language/en/acp/board.php b/phpBB/language/en/acp/board.php index ae7565d608..8d6c1c141d 100644 --- a/phpBB/language/en/acp/board.php +++ b/phpBB/language/en/acp/board.php @@ -221,7 +221,8 @@ $lang = array_merge($lang, array( 'ACP_REGISTER_SETTINGS_EXPLAIN' => 'Here you are able to define registration and profile related settings.', 'ACC_ACTIVATION' => 'Account activation', - 'ACC_ACTIVATION_EXPLAIN' => 'This determines whether users have immediate access to the board or if confirmation is required. You can also completely disable new registrations. “Board-wide email” must be enabled in order to use user or admin activation.', + 'ACC_ACTIVATION_EXPLAIN' => 'This determines whether users have immediate access to the board or if confirmation is required. You can also completely disable new registrations. <em>“Board-wide email” must be enabled in order to use user or admin activation.</em>', + 'ACC_ACTIVATION_WARNING' => 'Please note that the currently selected activation method requires emails to be enabled, otherwise registration will be disabled. We recommend to either select a different activation method or reenable emails.', 'NEW_MEMBER_POST_LIMIT' => 'New member post limit', 'NEW_MEMBER_POST_LIMIT_EXPLAIN' => 'New members are within the <em>Newly Registered Users</em> group until they reach this number of posts. You can use this group to keep them from using the PM system or to review their posts. <strong>A value of 0 disables this feature.</strong>', 'NEW_MEMBER_GROUP_DEFAULT' => 'Set Newly Registered Users group to default', @@ -556,7 +557,7 @@ $lang = array_merge($lang, array( 'EMAIL_SIG' => 'Email signature', 'EMAIL_SIG_EXPLAIN' => 'This text will be attached to all emails the board sends.', 'ENABLE_EMAIL' => 'Enable board-wide emails', - 'ENABLE_EMAIL_EXPLAIN' => 'If this is set to disabled no emails will be sent by the board at all. <em>Note the user and admin account activation settings require this setting to be enabled. If currently using “user” or “admin” activation in the activation settings, disabling this setting will require no activation of new accounts.</em>', + 'ENABLE_EMAIL_EXPLAIN' => 'If this is set to disabled no emails will be sent by the board at all. <em>Note the user and admin account activation settings require this setting to be enabled. If currently using “user” or “admin” activation in the activation settings, disabling this setting will disable registration.</em>', 'SMTP_AUTH_METHOD' => 'Authentication method for SMTP', 'SMTP_AUTH_METHOD_EXPLAIN' => 'Only used if a username/password is set, ask your provider if you are unsure which method to use.', 'SMTP_CRAM_MD5' => 'CRAM-MD5', diff --git a/phpBB/phpbb/auth/provider/db.php b/phpBB/phpbb/auth/provider/db.php index 722eeffa9a..ba67c11e75 100644 --- a/phpBB/phpbb/auth/provider/db.php +++ b/phpBB/phpbb/auth/provider/db.php @@ -87,7 +87,7 @@ class db extends \phpbb\auth\provider\base $username_clean = utf8_clean_string($username); - $sql = 'SELECT user_id, username, user_password, user_passchg, user_email, user_type, user_login_attempts + $sql = 'SELECT * FROM ' . USERS_TABLE . " WHERE username_clean = '" . $this->db->sql_escape($username_clean) . "'"; $result = $this->db->sql_query($sql); @@ -123,7 +123,7 @@ class db extends \phpbb\auth\provider\base 'username_clean' => $username_clean, ); $sql = 'INSERT INTO ' . LOGIN_ATTEMPT_TABLE . $this->db->sql_build_array('INSERT', $attempt_data); - $result = $this->db->sql_query($sql); + $this->db->sql_query($sql); } else { @@ -175,7 +175,7 @@ class db extends \phpbb\auth\provider\base } // Check password ... - if ($this->passwords_manager->check($password, $row['user_password'])) + if ($this->passwords_manager->check($password, $row['user_password'], $row)) { // Check for old password hash... if ($this->passwords_manager->convert_flag || strlen($row['user_password']) == 32) diff --git a/phpBB/phpbb/controller/helper.php b/phpBB/phpbb/controller/helper.php index 187e455d48..52e6947c2c 100644 --- a/phpBB/phpbb/controller/helper.php +++ b/phpBB/phpbb/controller/helper.php @@ -44,6 +44,9 @@ class helper /* @var \phpbb\symfony_request */ protected $symfony_request; + /* @var \phpbb\request\request_interface */ + protected $request; + /** * @var \phpbb\filesystem The filesystem object */ @@ -70,16 +73,18 @@ class helper * @param \phpbb\controller\provider $provider Path provider * @param \phpbb\extension\manager $manager Extension manager object * @param \phpbb\symfony_request $symfony_request Symfony Request object + * @param \phpbb\request\request_interface $request phpBB request object * @param \phpbb\filesystem $filesystem The filesystem object * @param string $phpbb_root_path phpBB root path * @param string $php_ext PHP file extension */ - public function __construct(\phpbb\template\template $template, \phpbb\user $user, \phpbb\config\config $config, \phpbb\controller\provider $provider, \phpbb\extension\manager $manager, \phpbb\symfony_request $symfony_request, \phpbb\filesystem $filesystem, $phpbb_root_path, $php_ext) + public function __construct(\phpbb\template\template $template, \phpbb\user $user, \phpbb\config\config $config, \phpbb\controller\provider $provider, \phpbb\extension\manager $manager, \phpbb\symfony_request $symfony_request, \phpbb\request\request_interface $request, \phpbb\filesystem $filesystem, $phpbb_root_path, $php_ext) { $this->template = $template; $this->user = $user; $this->config = $config; $this->symfony_request = $symfony_request; + $this->request = $request; $this->filesystem = $filesystem; $this->phpbb_root_path = $phpbb_root_path; $this->php_ext = $php_ext; @@ -153,7 +158,7 @@ class helper } } - $base_url = $this->filesystem->clean_path($base_url); + $base_url = $this->request->escape($this->filesystem->clean_path($base_url), true); $context->setBaseUrl($base_url); @@ -197,6 +202,6 @@ class helper */ public function get_current_url() { - return generate_board_url(true) . $this->symfony_request->getRequestUri(); + return generate_board_url(true) . $this->request->escape($this->symfony_request->getRequestUri(), true); } } diff --git a/phpBB/phpbb/db/migration/data/v310/captcha_plugins.php b/phpBB/phpbb/db/migration/data/v310/captcha_plugins.php index 13071e9891..328c08f1ec 100644 --- a/phpBB/phpbb/db/migration/data/v310/captcha_plugins.php +++ b/phpBB/phpbb/db/migration/data/v310/captcha_plugins.php @@ -25,9 +25,13 @@ class captcha_plugins extends \phpbb\db\migration\migration public function update_data() { $captcha_plugin = $this->config['captcha_plugin']; - if (strpos($this->config['captcha_plugin'], 'phpbb_captcha_') === 0) + if (strpos($captcha_plugin, 'phpbb_captcha_') === 0) { - $captcha_plugin = substr($this->config['captcha_plugin'], strlen('phpbb_captcha_')); + $captcha_plugin = substr($captcha_plugin, strlen('phpbb_captcha_')); + } + else if (strpos($captcha_plugin, 'phpbb_') === 0) + { + $captcha_plugin = substr($captcha_plugin, strlen('phpbb_')); } return array( diff --git a/phpBB/phpbb/db/migration/data/v310/reset_missing_captcha_plugin.php b/phpBB/phpbb/db/migration/data/v310/reset_missing_captcha_plugin.php index d5f9076196..8211457dc6 100644 --- a/phpBB/phpbb/db/migration/data/v310/reset_missing_captcha_plugin.php +++ b/phpBB/phpbb/db/migration/data/v310/reset_missing_captcha_plugin.php @@ -29,7 +29,8 @@ class reset_missing_captcha_plugin extends \phpbb\db\migration\migration { return array( array('if', array( - (!is_file($this->phpbb_root_path . "includes/captcha/plugins/{$this->config['captcha_plugin']}_plugin." . $this->php_ext)), + (is_dir($this->phpbb_root_path . 'includes/captcha/plugins/') && + !is_file($this->phpbb_root_path . "includes/captcha/plugins/{$this->config['captcha_plugin']}_plugin." . $this->php_ext)), array('config.update', array('captcha_plugin', 'phpbb_captcha_nogd')), )), ); diff --git a/phpBB/phpbb/path_helper.php b/phpBB/phpbb/path_helper.php index 936564d8b6..4a446a5d9d 100644 --- a/phpBB/phpbb/path_helper.php +++ b/phpBB/phpbb/path_helper.php @@ -154,6 +154,7 @@ class path_helper return $this->web_root_path; } + // We do not need to escape $path_info, $request_uri and $script_name because we can not find their content in the result. // Path info (e.g. /foo/bar) $path_info = $this->filesystem->clean_path($this->symfony_request->getPathInfo()); @@ -203,9 +204,12 @@ class path_helper */ if ($this->request->is_ajax() && $this->symfony_request->get('_referer')) { + // We need to escape $absolute_board_url because it can be partially concatenated to the result. + $absolute_board_url = $this->request->escape($this->symfony_request->getSchemeAndHttpHost() . $this->symfony_request->getBasePath(), true); + $referer_web_root_path = $this->get_web_root_path_from_ajax_referer( $this->symfony_request->get('_referer'), - $this->symfony_request->getSchemeAndHttpHost() . $this->symfony_request->getBasePath() + $absolute_board_url ); return $this->web_root_path = $this->phpbb_root_path . $referer_web_root_path; } diff --git a/phpBB/phpbb/request/request.php b/phpBB/phpbb/request/request.php index ea9854894c..f0f2f7e2a2 100644 --- a/phpBB/phpbb/request/request.php +++ b/phpBB/phpbb/request/request.php @@ -416,4 +416,27 @@ class request implements \phpbb\request\request_interface { return $this->input[$super_global]; } + + /** + * {@inheritdoc} + */ + public function escape($var, $multibyte) + { + if (is_array($var)) + { + $result = array(); + foreach ($var as $key => $value) + { + $this->type_cast_helper->set_var($key, $key, gettype($key), $multibyte); + $result[$key] = $this->escape($value, $multibyte); + } + $var = $result; + } + else + { + $this->type_cast_helper->set_var($var, $var, 'string', $multibyte); + } + + return $var; + } } diff --git a/phpBB/phpbb/request/request_interface.php b/phpBB/phpbb/request/request_interface.php index 3236f73990..47b3b3a4ed 100644 --- a/phpBB/phpbb/request/request_interface.php +++ b/phpBB/phpbb/request/request_interface.php @@ -142,4 +142,14 @@ interface request_interface * @return array The original array of the requested super global. */ public function get_super_global($super_global = \phpbb\request\request_interface::REQUEST); + + /** + * Escape a string variable. + * + * @param mixed $value The contents to fill with + * @param bool $multibyte Indicates whether string values may contain UTF-8 characters. + * Default is false, causing all bytes outside the ASCII range (0-127) to be replaced with question marks. + * @return string|array + */ + public function escape($value, $multibyte); } diff --git a/phpBB/phpbb/session.php b/phpBB/phpbb/session.php index a06ff9c594..dc90d942c3 100644 --- a/phpBB/phpbb/session.php +++ b/phpBB/phpbb/session.php @@ -31,10 +31,11 @@ class session var $update_session_page = true; /** - * Extract current session page - * - * @param string $root_path current root path (phpbb_root_path) - */ + * Extract current session page + * + * @param string $root_path current root path (phpbb_root_path) + * @return array + */ static function extract_current_page($root_path) { global $request, $symfony_request, $phpbb_filesystem; @@ -42,8 +43,8 @@ class session $page_array = array(); // First of all, get the request uri... - $script_name = $symfony_request->getScriptName(); - $args = explode('&', $symfony_request->getQueryString()); + $script_name = $request->escape($symfony_request->getScriptName(), true); + $args = $request->escape(explode('&', $symfony_request->getQueryString()), true); // If we are unable to get the script name we use REQUEST_URI as a failover and note it within the page array for easier support... if (!$script_name) diff --git a/phpBB/phpbb/symfony_request.php b/phpBB/phpbb/symfony_request.php index 02d22c480f..2931cae3cc 100644 --- a/phpBB/phpbb/symfony_request.php +++ b/phpBB/phpbb/symfony_request.php @@ -15,6 +15,10 @@ namespace phpbb; use Symfony\Component\HttpFoundation\Request; +/** + * WARNING: The Symfony request does not escape the input and should be used very carefully + * prefer the phpbb request as possible + */ class symfony_request extends Request { /** @@ -24,32 +28,12 @@ class symfony_request extends Request */ public function __construct(\phpbb\request\request_interface $phpbb_request) { - // This function is meant to sanitize the global input arrays - $sanitizer = function(&$value, $key) { - $type_cast_helper = new \phpbb\request\type_cast_helper(); - $type_cast_helper->set_var($value, $value, gettype($value), true); - }; - - // This function is meant for additional handling of server variables - $server_sanitizer = function(&$value, $key) use ($sanitizer) { - $sanitizer($value, $key); - $value = str_replace('&', '&', $value); - }; - $get_parameters = $phpbb_request->get_super_global(\phpbb\request\request_interface::GET); $post_parameters = $phpbb_request->get_super_global(\phpbb\request\request_interface::POST); $server_parameters = $phpbb_request->get_super_global(\phpbb\request\request_interface::SERVER); $files_parameters = $phpbb_request->get_super_global(\phpbb\request\request_interface::FILES); $cookie_parameters = $phpbb_request->get_super_global(\phpbb\request\request_interface::COOKIE); - array_walk_recursive($get_parameters, $sanitizer); - array_walk_recursive($post_parameters, $sanitizer); - array_walk_recursive($files_parameters, $sanitizer); - array_walk_recursive($cookie_parameters, $sanitizer); - - // Run special sanitizer for server superglobal - array_walk_recursive($server_parameters, $server_sanitizer); - parent::__construct($get_parameters, $post_parameters, array(), $cookie_parameters, $files_parameters, $server_parameters); } } diff --git a/phpBB/phpbb/template/twig/twig.php b/phpBB/phpbb/template/twig/twig.php index a3b002f350..5b71bb5e8a 100644 --- a/phpBB/phpbb/template/twig/twig.php +++ b/phpBB/phpbb/template/twig/twig.php @@ -189,13 +189,24 @@ class twig extends \phpbb\template\base { $path = $this->phpbb_root_path . trim($directory, '/') . "/{$name}/"; $template_path = $path . 'template/'; + $theme_path = $path . 'theme/'; + $is_valid_dir = false; if (is_dir($template_path)) { + $is_valid_dir = true; + $paths[] = $template_path; + } + if (is_dir($theme_path)) + { + $is_valid_dir = true; + $paths[] = $theme_path; + } + + if ($is_valid_dir) + { // Add the base style directory as a safe directory $this->twig->getLoader()->addSafeDirectory($path); - - $paths[] = $template_path; } } } @@ -253,25 +264,38 @@ class twig extends \phpbb\template\base { $ext_style_template_path = $ext_path . $template_dir['ext_path']; $ext_style_path = dirname($ext_style_template_path); + $ext_style_theme_path = $ext_style_path . 'theme/'; } else { $ext_style_path = $ext_path . 'styles/' . $template_dir['name'] . '/'; $ext_style_template_path = $ext_style_path . 'template/'; + $ext_style_theme_path = $ext_style_path . 'theme/'; } } else { $ext_style_path = $ext_path . 'styles/' . $template_dir . '/'; $ext_style_template_path = $ext_style_path . 'template/'; + $ext_style_theme_path = $ext_style_path . 'theme/'; } + $ok = false; if (is_dir($ext_style_template_path)) { + $ok = true; + $paths[] = $ext_style_template_path; + } + if (is_dir($ext_style_theme_path)) + { + $ok = true; + $paths[] = $ext_style_theme_path; + } + + if ($ok) + { // Add the base style directory as a safe directory $this->twig->getLoader()->addSafeDirectory($ext_style_path); - - $paths[] = $ext_style_template_path; } } diff --git a/phpBB/posting.php b/phpBB/posting.php index 764a16d386..4c32276d17 100644 --- a/phpBB/posting.php +++ b/phpBB/posting.php @@ -73,7 +73,6 @@ $current_time = time(); * @var bool preview Whether or not the post is being previewed * @var bool save Whether or not a draft is being saved * @var bool load Whether or not a draft is being loaded -* @var bool delete Whether or not the post is being deleted * @var bool cancel Whether or not to cancel the form (returns to * viewtopic or viewforum depending on if the user * is posting a new topic or editing a post) @@ -85,6 +84,7 @@ $current_time = time(); * NOTE: Should be actual language strings, NOT * language keys. * @since 3.1.0-a1 +* @change 3.1.2-RC1 Removed 'delete' var as it does not exist */ $vars = array( 'post_id', @@ -96,7 +96,6 @@ $vars = array( 'preview', 'save', 'load', - 'delete', 'cancel', 'refresh', 'mode', @@ -870,6 +869,43 @@ if ($submit || $preview || $refresh) // Parse Attachments - before checksum is calculated $message_parser->parse_attachments('fileupload', $mode, $forum_id, $submit, $preview, $refresh); + /** + * This event allows you to modify message text before parsing + * + * @event core.posting_modify_message_text + * @var array post_data Array with post data + * @var string mode What action to take if the form is submitted + * post|reply|quote|edit|delete|bump|smilies|popup + * @var int post_id ID of the post + * @var int topic_id ID of the topic + * @var int forum_id ID of the forum + * @var bool submit Whether or not the form has been submitted + * @var bool preview Whether or not the post is being previewed + * @var bool save Whether or not a draft is being saved + * @var bool load Whether or not a draft is being loaded + * @var bool cancel Whether or not to cancel the form (returns to + * viewtopic or viewforum depending on if the user + * is posting a new topic or editing a post) + * @var bool refresh Whether or not to retain previously submitted data + * @var object message_parser The message parser object + * @since 3.1.2-RC1 + */ + $vars = array( + 'post_data', + 'mode', + 'post_id', + 'topic_id', + 'forum_id', + 'submit', + 'preview', + 'save', + 'load', + 'cancel', + 'refresh', + 'message_parser', + ); + extract($phpbb_dispatcher->trigger_event('core.posting_modify_message_text', compact($vars))); + // Grab md5 'checksum' of new message $message_md5 = md5($message_parser->message); @@ -1727,7 +1763,6 @@ $page_data = array( * @var bool preview Whether or not the post is being previewed * @var bool save Whether or not a draft is being saved * @var bool load Whether or not a draft is being loaded -* @var bool delete Whether or not the post is being deleted * @var bool cancel Whether or not to cancel the form (returns to * viewtopic or viewforum depending on if the user * is posting a new topic or editing a post) @@ -1744,6 +1779,7 @@ $page_data = array( * s_topic_icons, form_enctype, s_action, s_hidden_fields, * post_id, topic_id, forum_id, submit, preview, save, load, * delete, cancel, refresh, error, page_data, message_parser +* @change 3.1.2-RC1 Removed 'delete' var as it does not exist */ $vars = array( 'post_data', @@ -1761,7 +1797,6 @@ $vars = array( 'preview', 'save', 'load', - 'delete', 'cancel', 'refresh', 'error', diff --git a/phpBB/styles/prosilver/template/confirm_delete_body.html b/phpBB/styles/prosilver/template/confirm_delete_body.html index f164b5f357..f0a7ab2bdb 100644 --- a/phpBB/styles/prosilver/template/confirm_delete_body.html +++ b/phpBB/styles/prosilver/template/confirm_delete_body.html @@ -2,6 +2,7 @@ <form action="{S_CONFIRM_ACTION}" method="post"> <p>{MESSAGE_TEXT}</p> + <!-- IF not S_SHADOW_TOPICS --> <!-- IF not S_SOFTDELETED and S_ALLOWED_DELETE and S_ALLOWED_SOFTDELETE --> <label> <strong>{L_DELETE_PERMANENTLY}{L_COLON}</strong> @@ -14,6 +15,7 @@ <strong>{L_DELETE_REASON}{L_COLON}</strong><br /><span>{L_DELETE_REASON_EXPLAIN}</span><br /> <input type="text" name="delete_reason" value="" class="inputbox autowidth" maxlength="120" size="45" /> </label> + <!-- ENDIF --> <fieldset class="submit-buttons"> <input type="button" name="confirm" value="{L_YES}" class="button1" /> @@ -33,6 +35,7 @@ <p>{MESSAGE_TEXT}</p> + <!-- IF not S_SHADOW_TOPICS --> <fieldset class="fields1"> <!-- IF not S_SOFTDELETED and S_ALLOWED_DELETE and S_ALLOWED_SOFTDELETE --> <dl> @@ -51,6 +54,7 @@ <dd><input type="text" name="delete_reason" id="delete_reason" value="" class="inputbox autowidth" maxlength="120" size="45" /></dd> </dl> </fieldset> + <!-- ENDIF --> <fieldset class="submit-buttons"> {S_HIDDEN_FIELDS} diff --git a/phpBB/styles/prosilver/template/index_body.html b/phpBB/styles/prosilver/template/index_body.html index 1e1eb22c6f..f620b6e966 100644 --- a/phpBB/styles/prosilver/template/index_body.html +++ b/phpBB/styles/prosilver/template/index_body.html @@ -13,6 +13,8 @@ <!-- INCLUDE forumlist_body.html --> +<!-- EVENT index_body_forumlist_body_after --> + <!-- IF not S_USER_LOGGED_IN and not S_IS_BOT --> <form method="post" action="{S_LOGIN_ACTION}" class="headerspace"> <h3><a href="{U_LOGIN_LOGOUT}">{L_LOGIN_LOGOUT}</a><!-- IF S_REGISTER_ENABLED --> • <a href="{U_REGISTER}">{L_REGISTER}</a><!-- ENDIF --></h3> diff --git a/phpBB/styles/prosilver/template/memberlist_search.html b/phpBB/styles/prosilver/template/memberlist_search.html index 4fba966151..ef5d29a8fa 100644 --- a/phpBB/styles/prosilver/template/memberlist_search.html +++ b/phpBB/styles/prosilver/template/memberlist_search.html @@ -6,6 +6,7 @@ <p>{L_FIND_USERNAME_EXPLAIN}</p> + <!-- EVENT memberlist_search_fields_before --> <fieldset class="fields1 column1"> <dl style="overflow: visible;"> <dt><label for="username">{L_USERNAME}{L_COLON}</label></dt> @@ -39,6 +40,7 @@ <dt><label for="search_group_id">{L_GROUP}{L_COLON}</label></dt> <dd><select name="search_group_id" id="search_group_id">{S_GROUP_SELECT}</select></dd> </dl> + <!-- EVENT memberlist_search_sorting_options_before --> <dl> <dt><label for="sk" class="label3">{L_SORT_BY}{L_COLON}</label></dt> <dd><select name="sk" id="sk">{S_SORT_OPTIONS}</select> <select name="sd">{S_ORDER_SELECT}</select></dd> @@ -66,6 +68,7 @@ <dd><input class="inputbox medium" type="text" name="ip" id="ip" value="{IP}" /></dd> </dl> <!-- ENDIF --> + <!-- EVENT memberlist_search_fields_after --> </fieldset> <div class="clear"></div> diff --git a/phpBB/styles/prosilver/template/posting_buttons.html b/phpBB/styles/prosilver/template/posting_buttons.html index 3dad6606bb..1555b12369 100644 --- a/phpBB/styles/prosilver/template/posting_buttons.html +++ b/phpBB/styles/prosilver/template/posting_buttons.html @@ -92,6 +92,9 @@ <!-- ENDIF --> </select> <input type="button" class="button2 bbcode-color" name="bbpalette" id="bbpalette" value="{L_FONT_COLOR}" onclick="change_palette();" title="{L_BBCODE_S_HELP}" /> + + <!-- EVENT posting_editor_buttons_custom_tags_before --> + <!-- BEGIN custom_tags --> <input type="button" class="button2 bbcode-{custom_tags.BBCODE_TAG_CLEAN}" name="addbbcode{custom_tags.BBCODE_ID}" value="{custom_tags.BBCODE_TAG}" onclick="bbstyle({custom_tags.BBCODE_ID})" title="{custom_tags.BBCODE_HELPLINE}" /> <!-- END custom_tags --> diff --git a/phpBB/styles/prosilver/theme/common.css b/phpBB/styles/prosilver/theme/common.css index adcd04b15e..9da24b6ef9 100644 --- a/phpBB/styles/prosilver/theme/common.css +++ b/phpBB/styles/prosilver/theme/common.css @@ -601,7 +601,7 @@ ul.linklist.bulletin > li.no-bulletin:before { } .breadcrumbs .crumb:before { - content: '‹'; + content: '\2039'; font-weight: bold; padding: 0 0.5em; } diff --git a/phpBB/styles/subsilver2/template/confirm_delete_body.html b/phpBB/styles/subsilver2/template/confirm_delete_body.html index 18df397fc3..44aec9b60a 100644 --- a/phpBB/styles/subsilver2/template/confirm_delete_body.html +++ b/phpBB/styles/subsilver2/template/confirm_delete_body.html @@ -14,6 +14,7 @@ <p class="gen">{MESSAGE_TEXT}</p> <br /> + <!-- IF not S_SHADOW_TOPICS --> <table border="0" width="90%" cellspacing="2" cellpadding="1"> <!-- IF not S_SOFTDELETED and S_ALLOWED_DELETE and S_ALLOWED_SOFTDELETE --> <tr> @@ -30,6 +31,7 @@ </tr> </table> <br /> + <!-- ENDIF --> {S_HIDDEN_FIELDS} <input type="submit" name="confirm" value="{L_YES}" class="btnmain" /> diff --git a/phpBB/styles/subsilver2/template/index_body.html b/phpBB/styles/subsilver2/template/index_body.html index 1a2786015f..bfc2229221 100644 --- a/phpBB/styles/subsilver2/template/index_body.html +++ b/phpBB/styles/subsilver2/template/index_body.html @@ -14,6 +14,8 @@ <!-- INCLUDE forumlist_body.html --> +<!-- EVENT index_body_forumlist_body_after --> + <!-- IF not S_IS_BOT or U_TEAM --> <span class="gensmall"> <!-- IF not S_IS_BOT --><a href="{U_DELETE_COOKIES}">{L_DELETE_COOKIES}</a><!-- ENDIF --> diff --git a/phpBB/styles/subsilver2/template/memberlist_search.html b/phpBB/styles/subsilver2/template/memberlist_search.html index 12dd10be2e..2096062607 100644 --- a/phpBB/styles/subsilver2/template/memberlist_search.html +++ b/phpBB/styles/subsilver2/template/memberlist_search.html @@ -66,6 +66,7 @@ <form method="post" action="{S_MODE_ACTION}" name="search"> +<!-- EVENT memberlist_search_fields_before --> <table class="tablebg" width="100%" cellspacing="1"> <tr> <th colspan="4">{L_FIND_USERNAME}</th> @@ -111,6 +112,7 @@ <td colspan="2" class="row1"> </td> <!-- ENDIF --> </tr> +<!-- EVENT memberlist_search_sorting_options_before --> <tr> <td class="row1"><b class="genmed">{L_SORT_BY}{L_COLON}</b></td> <td class="row2" nowrap="nowrap"><select name="sk">{S_SORT_OPTIONS}</select> <select name="sd">{S_ORDER_SELECT}</select> </td> @@ -120,6 +122,7 @@ <td class="cat" colspan="4" align="center"><input class="btnmain" type="submit" name="submit" value="{L_SEARCH}" /> <input class="btnlite" type="reset" value="{L_RESET}" /></td> </tr> </table> +<!-- EVENT memberlist_search_fields_after --> {S_FORM_TOKEN} </form> diff --git a/phpBB/styles/subsilver2/template/posting_buttons.html b/phpBB/styles/subsilver2/template/posting_buttons.html index d1c0f79a16..516cd0922b 100644 --- a/phpBB/styles/subsilver2/template/posting_buttons.html +++ b/phpBB/styles/subsilver2/template/posting_buttons.html @@ -69,21 +69,18 @@ <!-- ENDIF --> </select></span> </div> - <!-- EVENT posting_editor_buttons_after --> -<!-- ENDIF --> - </td> -</tr> -<!-- IF S_BBCODE_ALLOWED and .custom_tags --> - <tr valign="middle" align="{S_CONTENT_FLOW_BEGIN}"> - <td colspan="2"> + <!-- EVENT posting_editor_buttons_custom_tags_before --> + <!-- IF .custom_tags --> <div id="custom-bbcode-buttons"> - <!-- BEGIN custom_tags --> + <!-- BEGIN custom_tags --> <input type="button" class="btnbbcode bbcode-{custom_tags.BBCODE_TAG_CLEAN}" name="addbbcode{custom_tags.BBCODE_ID}" value="{custom_tags.BBCODE_TAG}" onclick="bbstyle({custom_tags.BBCODE_ID})"<!-- IF custom_tags.BBCODE_HELPLINE !== '' --> onmouseover="helpline('cb_{custom_tags.BBCODE_ID}')" onmouseout="helpline('tip')"<!-- ENDIF --> /> - <!-- END custom_tags --> + <!-- END custom_tags --> </div> - </td> - </tr> + <!-- ENDIF --> + <!-- EVENT posting_editor_buttons_after --> <!-- ENDIF --> + </td> +</tr> <!-- IF S_BBCODE_ALLOWED --> <tr> <td<!-- IF $S_SIGNATURE or S_EDIT_DRAFT --> colspan="2"<!-- ENDIF -->><input type="text" readonly="readonly" name="helpbox" style="width:100%" class="helpline" value="{L_STYLES_TIP}" /></td> diff --git a/phpBB/viewtopic.php b/phpBB/viewtopic.php index 30beea337a..a44169d3f1 100644 --- a/phpBB/viewtopic.php +++ b/phpBB/viewtopic.php @@ -616,7 +616,9 @@ $base_url = append_sid("{$phpbb_root_path}viewtopic.$phpEx", "f=$forum_id&t= * @var int topic_id Topic ID * @var array topic_tracking_info Array with topic tracking data * @var int total_posts Topic total posts count +* @var string viewtopic_url URL to the topic page * @since 3.1.0-RC4 +* @change 3.1.2-RC1 Added viewtopic_url */ $vars = array( 'base_url', @@ -628,6 +630,7 @@ $vars = array( 'topic_id', 'topic_tracking_info', 'total_posts', + 'viewtopic_url', ); extract($phpbb_dispatcher->trigger_event('core.viewtopic_assign_template_vars_before', compact($vars))); diff --git a/phpunit.xml.dist b/phpunit.xml.dist index bcc63d6fd9..c6e539b7ba 100644 --- a/phpunit.xml.dist +++ b/phpunit.xml.dist @@ -37,15 +37,9 @@ </groups> <filter> - <blacklist> - <directory>./tests</directory> - </blacklist> <whitelist> <directory suffix=".php">./phpBB/includes/</directory> <directory suffix=".php">./phpBB/phpbb/</directory> - <exclude> - <directory suffix=".php">./phpBB/includes/captcha/</directory> - </exclude> </whitelist> </filter> </phpunit> diff --git a/tests/auth/provider_db_test.php b/tests/auth/provider_db_test.php index e33eae6b54..09ca0816bf 100644 --- a/tests/auth/provider_db_test.php +++ b/tests/auth/provider_db_test.php @@ -78,7 +78,14 @@ class phpbb_auth_provider_db_test extends phpbb_database_test_case ), ); - $this->assertEquals($expected, $provider->login('foobar', 'example')); + $login_return = $provider->login('foobar', 'example'); + $this->assertEquals($expected['status'], $login_return['status']); + $this->assertEquals($expected['error_msg'], $login_return['error_msg']); + + foreach ($expected['user_row'] as $key => $value) + { + $this->assertEquals($value, $login_return['user_row'][$key]); + } // Check if convert works $login_return = $provider->login('foobar2', 'example'); diff --git a/tests/console/cron/run_test.php b/tests/console/cron/run_test.php index 029dc5249b..f76e967484 100644 --- a/tests/console/cron/run_test.php +++ b/tests/console/cron/run_test.php @@ -16,6 +16,7 @@ use Symfony\Component\Console\Tester\CommandTester; use phpbb\console\command\cron\run; require_once dirname(__FILE__) . '/tasks/simple.php'; +require_once dirname(__FILE__) . '/../../../phpBB/includes/functions.php'; class phpbb_console_command_cron_run_test extends phpbb_database_test_case { diff --git a/tests/controller/common_helper_route.php b/tests/controller/common_helper_route.php index 859832412d..6723e3bc52 100644 --- a/tests/controller/common_helper_route.php +++ b/tests/controller/common_helper_route.php @@ -63,21 +63,21 @@ abstract class phpbb_controller_common_helper_route extends phpbb_test_case protected function generate_route_objects() { - $request = new phpbb_mock_request(); - $request->overwrite('SCRIPT_NAME', $this->get_uri(), \phpbb\request\request_interface::SERVER); - $request->overwrite('SCRIPT_FILENAME', $this->get_script_name(), \phpbb\request\request_interface::SERVER); - $request->overwrite('REQUEST_URI', $this->get_uri(), \phpbb\request\request_interface::SERVER); - $request->overwrite('SERVER_NAME', 'localhost', \phpbb\request\request_interface::SERVER); - $request->overwrite('SERVER_PORT', '80', \phpbb\request\request_interface::SERVER); + $this->request = new phpbb_mock_request(); + $this->request->overwrite('SCRIPT_NAME', $this->get_uri(), \phpbb\request\request_interface::SERVER); + $this->request->overwrite('SCRIPT_FILENAME', $this->get_script_name(), \phpbb\request\request_interface::SERVER); + $this->request->overwrite('REQUEST_URI', $this->get_uri(), \phpbb\request\request_interface::SERVER); + $this->request->overwrite('SERVER_NAME', 'localhost', \phpbb\request\request_interface::SERVER); + $this->request->overwrite('SERVER_PORT', '80', \phpbb\request\request_interface::SERVER); $this->symfony_request = new \phpbb\symfony_request( - $request + $this->request ); $this->filesystem = new \phpbb\filesystem(); $this->phpbb_path_helper = new \phpbb\path_helper( $this->symfony_request, $this->filesystem, - $this->getMock('\phpbb\request\request'), + $this->request, $phpbb_root_path, $phpEx ); @@ -130,7 +130,7 @@ abstract class phpbb_controller_common_helper_route extends phpbb_test_case */ public function test_helper_url_no_rewrite($route, $params, $is_amp, $session_id, $expected, $description) { - $this->helper = new phpbb_mock_controller_helper($this->template, $this->user, $this->config, $this->provider, $this->extension_manager, $this->symfony_request, $this->filesystem, $this->root_path, 'php', dirname(__FILE__) . '/'); + $this->helper = new phpbb_mock_controller_helper($this->template, $this->user, $this->config, $this->provider, $this->extension_manager, $this->symfony_request, $this->request, $this->filesystem, $this->root_path, 'php', dirname(__FILE__) . '/'); $this->assertEquals($expected, $this->helper->route($route, $params, $is_amp, $session_id)); } @@ -170,7 +170,7 @@ abstract class phpbb_controller_common_helper_route extends phpbb_test_case public function test_helper_url_with_rewrite($route, $params, $is_amp, $session_id, $expected, $description) { $this->config = new \phpbb\config\config(array('enable_mod_rewrite' => '1')); - $this->helper = new phpbb_mock_controller_helper($this->template, $this->user, $this->config, $this->provider, $this->extension_manager, $this->symfony_request, $this->filesystem, $this->root_path, 'php', dirname(__FILE__) . '/'); + $this->helper = new phpbb_mock_controller_helper($this->template, $this->user, $this->config, $this->provider, $this->extension_manager, $this->symfony_request, $this->request, $this->filesystem, $this->root_path, 'php', dirname(__FILE__) . '/'); $this->assertEquals($expected, $this->helper->route($route, $params, $is_amp, $session_id)); } @@ -210,7 +210,7 @@ abstract class phpbb_controller_common_helper_route extends phpbb_test_case public function test_helper_url_absolute($route, $params, $is_amp, $session_id, $expected, $description) { $this->config = new \phpbb\config\config(array('enable_mod_rewrite' => '0')); - $this->helper = new phpbb_mock_controller_helper($this->template, $this->user, $this->config, $this->provider, $this->extension_manager, $this->symfony_request, $this->filesystem, $this->root_path, 'php', dirname(__FILE__) . '/'); + $this->helper = new phpbb_mock_controller_helper($this->template, $this->user, $this->config, $this->provider, $this->extension_manager, $this->symfony_request, $this->request, $this->filesystem, $this->root_path, 'php', dirname(__FILE__) . '/'); $this->assertEquals($expected, $this->helper->route($route, $params, $is_amp, $session_id, UrlGeneratorInterface::ABSOLUTE_URL)); } @@ -250,7 +250,7 @@ abstract class phpbb_controller_common_helper_route extends phpbb_test_case public function test_helper_url_relative_path($route, $params, $is_amp, $session_id, $expected, $description) { $this->config = new \phpbb\config\config(array('enable_mod_rewrite' => '0')); - $this->helper = new phpbb_mock_controller_helper($this->template, $this->user, $this->config, $this->provider, $this->extension_manager, $this->symfony_request, $this->filesystem, $this->root_path, 'php', dirname(__FILE__) . '/'); + $this->helper = new phpbb_mock_controller_helper($this->template, $this->user, $this->config, $this->provider, $this->extension_manager, $this->symfony_request, $this->request, $this->filesystem, $this->root_path, 'php', dirname(__FILE__) . '/'); $this->assertEquals($expected, $this->helper->route($route, $params, $is_amp, $session_id, UrlGeneratorInterface::RELATIVE_PATH)); } @@ -290,7 +290,7 @@ abstract class phpbb_controller_common_helper_route extends phpbb_test_case public function test_helper_url_network($route, $params, $is_amp, $session_id, $expected, $description) { $this->config = new \phpbb\config\config(array('enable_mod_rewrite' => '0')); - $this->helper = new phpbb_mock_controller_helper($this->template, $this->user, $this->config, $this->provider, $this->extension_manager, $this->symfony_request, $this->filesystem, $this->root_path, 'php', dirname(__FILE__) . '/'); + $this->helper = new phpbb_mock_controller_helper($this->template, $this->user, $this->config, $this->provider, $this->extension_manager, $this->symfony_request, $this->request, $this->filesystem, $this->root_path, 'php', dirname(__FILE__) . '/'); $this->assertEquals($expected, $this->helper->route($route, $params, $is_amp, $session_id, UrlGeneratorInterface::NETWORK_PATH)); } //TODO @@ -330,7 +330,7 @@ abstract class phpbb_controller_common_helper_route extends phpbb_test_case public function test_helper_url_absolute_with_rewrite($route, $params, $is_amp, $session_id, $expected, $description) { $this->config = new \phpbb\config\config(array('enable_mod_rewrite' => '1')); - $this->helper = new phpbb_mock_controller_helper($this->template, $this->user, $this->config, $this->provider, $this->extension_manager, $this->symfony_request, $this->filesystem, $this->root_path, 'php', dirname(__FILE__) . '/'); + $this->helper = new phpbb_mock_controller_helper($this->template, $this->user, $this->config, $this->provider, $this->extension_manager, $this->symfony_request, $this->request, $this->filesystem, $this->root_path, 'php', dirname(__FILE__) . '/'); $this->assertEquals($expected, $this->helper->route($route, $params, $is_amp, $session_id, UrlGeneratorInterface::ABSOLUTE_URL)); } @@ -370,7 +370,7 @@ abstract class phpbb_controller_common_helper_route extends phpbb_test_case public function test_helper_url_relative_path_with_rewrite($route, $params, $is_amp, $session_id, $expected, $description) { $this->config = new \phpbb\config\config(array('enable_mod_rewrite' => '1')); - $this->helper = new phpbb_mock_controller_helper($this->template, $this->user, $this->config, $this->provider, $this->extension_manager, $this->symfony_request, $this->filesystem, $this->root_path, 'php', dirname(__FILE__) . '/'); + $this->helper = new phpbb_mock_controller_helper($this->template, $this->user, $this->config, $this->provider, $this->extension_manager, $this->symfony_request, $this->request, $this->filesystem, $this->root_path, 'php', dirname(__FILE__) . '/'); $this->assertEquals($expected, $this->helper->route($route, $params, $is_amp, $session_id, UrlGeneratorInterface::RELATIVE_PATH)); } @@ -410,7 +410,7 @@ abstract class phpbb_controller_common_helper_route extends phpbb_test_case public function test_helper_url_network_with_rewrite($route, $params, $is_amp, $session_id, $expected, $description) { $this->config = new \phpbb\config\config(array('enable_mod_rewrite' => '1')); - $this->helper = new phpbb_mock_controller_helper($this->template, $this->user, $this->config, $this->provider, $this->extension_manager, $this->symfony_request, $this->filesystem, $this->root_path, 'php', dirname(__FILE__) . '/'); + $this->helper = new phpbb_mock_controller_helper($this->template, $this->user, $this->config, $this->provider, $this->extension_manager, $this->symfony_request, $this->request, $this->filesystem, $this->root_path, 'php', dirname(__FILE__) . '/'); $this->assertEquals($expected, $this->helper->route($route, $params, $is_amp, $session_id, UrlGeneratorInterface::NETWORK_PATH)); } } diff --git a/tests/controller/controller_test.php b/tests/controller/controller_test.php index 58bcf0ef81..62feee3fed 100644 --- a/tests/controller/controller_test.php +++ b/tests/controller/controller_test.php @@ -11,6 +11,8 @@ * */ +require_once dirname(__FILE__) . '/../../phpBB/includes/functions.php'; + use Symfony\Component\HttpFoundation\Request; use Symfony\Component\Config\FileLocator; use Symfony\Component\DependencyInjection\ContainerBuilder; diff --git a/tests/functional/acp_groups_test.php b/tests/functional/acp_groups_test.php index 4eb4747572..9dfdc93474 100644 --- a/tests/functional/acp_groups_test.php +++ b/tests/functional/acp_groups_test.php @@ -11,12 +11,12 @@ * */ -require_once dirname(__FILE__) . '/common_groups_test.php'; +require_once dirname(__FILE__) . '/common_groups_test_case.php'; /** * @group functional */ -class phpbb_functional_acp_groups_test extends phpbb_functional_common_groups_test +class phpbb_functional_acp_groups_test extends phpbb_functional_common_groups_test_case { protected $form_data; diff --git a/tests/functional/acp_registration_test.php b/tests/functional/acp_registration_test.php new file mode 100644 index 0000000000..ef9843679e --- /dev/null +++ b/tests/functional/acp_registration_test.php @@ -0,0 +1,55 @@ +<?php +/** +* +* This file is part of the phpBB Forum Software package. +* +* @copyright (c) phpBB Limited <https://www.phpbb.com> +* @license GNU General Public License, version 2 (GPL-2.0) +* +* For full copyright and license information, please see +* the docs/CREDITS.txt file. +* +*/ + +/** +* @group functional +*/ +class phpbb_functional_acp_registration_test extends phpbb_functional_test_case +{ + protected function set_email_enable($db, $status) + { + $sql = "UPDATE phpbb_config + SET config_value = '" . (($status) ? '1' : '0') . "' + WHERE config_name = 'email_enable'"; + $db->sql_query($sql); + + $this->purge_cache(); + } + + public function test_submitting_activation_method() + { + $db = $this->get_db(); + + $this->set_email_enable($db, false); + + $this->add_lang('acp/board'); + $this->login(); + $this->admin_login(); + + $crawler = self::request('GET', 'adm/index.php?i=acp_board&mode=registration&sid=' . $this->sid); + $this->assertContainsLang('ACP_REGISTER_SETTINGS_EXPLAIN', $this->get_content()); + + $form = $crawler->selectButton($this->lang('SUBMIT'))->form(); + $form['config[require_activation]']->select(USER_ACTIVATION_ADMIN); + $crawler = self::submit($form); + $this->assertContainsLang('ACC_ACTIVATION_WARNING', $crawler->filter('div.main')->text()); + + $crawler = self::request('GET', 'adm/index.php?i=acp_board&mode=registration&sid=' . $this->sid); + $form = $crawler->selectButton($this->lang('SUBMIT'))->form(); + $form['config[require_activation]']->select(USER_ACTIVATION_NONE); + $crawler = self::submit($form); + $this->assertNotContainsLang('ACC_ACTIVATION_WARNING', $crawler->filter('div.main')->text()); + + $this->set_email_enable($db, true); + } +} diff --git a/tests/functional/avatar_acp_groups_test.php b/tests/functional/avatar_acp_groups_test.php index 925335a2f7..ca8c84ab2e 100644 --- a/tests/functional/avatar_acp_groups_test.php +++ b/tests/functional/avatar_acp_groups_test.php @@ -11,12 +11,12 @@ * */ -require_once dirname(__FILE__) . '/common_avatar_test.php'; +require_once dirname(__FILE__) . '/common_avatar_test_case.php'; /** * @group functional */ -class phpbb_functional_avatar_acp_groups_test extends phpbb_functional_common_avatar_test +class phpbb_functional_avatar_acp_groups_test extends phpbb_functional_common_avatar_test_case { public function get_url() { diff --git a/tests/functional/avatar_acp_users_test.php b/tests/functional/avatar_acp_users_test.php index 5eca473157..8b05a28658 100644 --- a/tests/functional/avatar_acp_users_test.php +++ b/tests/functional/avatar_acp_users_test.php @@ -11,12 +11,12 @@ * */ -require_once dirname(__FILE__) . '/common_avatar_test.php'; +require_once dirname(__FILE__) . '/common_avatar_test_case.php'; /** * @group functional */ -class phpbb_functional_avatar_acp_users_test extends phpbb_functional_common_avatar_test +class phpbb_functional_avatar_acp_users_test extends phpbb_functional_common_avatar_test_case { public function get_url() { diff --git a/tests/functional/avatar_ucp_groups_test.php b/tests/functional/avatar_ucp_groups_test.php index 1e8ca911c6..52ef67543e 100644 --- a/tests/functional/avatar_ucp_groups_test.php +++ b/tests/functional/avatar_ucp_groups_test.php @@ -10,12 +10,12 @@ * the docs/CREDITS.txt file. * */ -require_once dirname(__FILE__) . '/common_avatar_test.php'; +require_once dirname(__FILE__) . '/common_avatar_test_case.php'; /** * @group functional */ -class phpbb_functional_avatar_ucp_groups_test extends phpbb_functional_common_avatar_test +class phpbb_functional_avatar_ucp_groups_test extends phpbb_functional_common_avatar_test_case { public function get_url() { diff --git a/tests/functional/avatar_ucp_users_test.php b/tests/functional/avatar_ucp_users_test.php index 972bfa0fb2..2f0832e092 100644 --- a/tests/functional/avatar_ucp_users_test.php +++ b/tests/functional/avatar_ucp_users_test.php @@ -11,12 +11,12 @@ * */ -require_once dirname(__FILE__) . '/common_avatar_test.php'; +require_once dirname(__FILE__) . '/common_avatar_test_case.php'; /** * @group functional */ -class phpbb_functional_avatar_ucp_users_test extends phpbb_functional_common_avatar_test +class phpbb_functional_avatar_ucp_users_test extends phpbb_functional_common_avatar_test_case { public function get_url() { diff --git a/tests/functional/common_avatar_test.php b/tests/functional/common_avatar_test_case.php index 82d7136c98..7278f23bcc 100644 --- a/tests/functional/common_avatar_test.php +++ b/tests/functional/common_avatar_test_case.php @@ -14,7 +14,7 @@ /** * @group functional */ -abstract class phpbb_functional_common_avatar_test extends phpbb_functional_test_case +abstract class phpbb_functional_common_avatar_test_case extends phpbb_functional_test_case { private $path; private $form_content; diff --git a/tests/functional/common_groups_test.php b/tests/functional/common_groups_test_case.php index 748d4d5e0a..521b7c84d2 100644 --- a/tests/functional/common_groups_test.php +++ b/tests/functional/common_groups_test_case.php @@ -14,7 +14,7 @@ /** * @group functional */ -abstract class phpbb_functional_common_groups_test extends phpbb_functional_test_case +abstract class phpbb_functional_common_groups_test_case extends phpbb_functional_test_case { abstract protected function get_url(); diff --git a/tests/functional/ucp_groups_test.php b/tests/functional/ucp_groups_test.php index 2b075b37a5..cd18a0fcae 100644 --- a/tests/functional/ucp_groups_test.php +++ b/tests/functional/ucp_groups_test.php @@ -11,12 +11,12 @@ * */ -require_once dirname(__FILE__) . '/common_groups_test.php'; +require_once dirname(__FILE__) . '/common_groups_test_case.php'; /** * @group functional */ -class phpbb_functional_ucp_groups_test extends phpbb_functional_common_groups_test +class phpbb_functional_ucp_groups_test extends phpbb_functional_common_groups_test_case { protected $db; diff --git a/tests/functions/build_url_test.php b/tests/functions/build_url_test.php index 5cfd1300de..a59b94c744 100644 --- a/tests/functions/build_url_test.php +++ b/tests/functions/build_url_test.php @@ -85,7 +85,6 @@ class phpbb_build_url_test extends phpbb_test_case global $user, $phpbb_root_path; $user->page['page'] = $page; - $output = build_url($strip_vars); $this->assertEquals($expected, $output); diff --git a/tests/functions/validate_username_test.php b/tests/functions/validate_username_test.php index dc9f685f04..4fa5af7ff3 100644 --- a/tests/functions/validate_username_test.php +++ b/tests/functions/validate_username_test.php @@ -11,6 +11,7 @@ * */ +require_once dirname(__FILE__) . '/../../phpBB/includes/functions.php'; require_once dirname(__FILE__) . '/../../phpBB/includes/functions_user.php'; require_once dirname(__FILE__) . '/../../phpBB/includes/utf/utf_tools.php'; require_once dirname(__FILE__) . '/../mock/cache.php'; diff --git a/tests/functions/insert_config_array_test.php b/tests/functions_acp/insert_config_array_test.php index bfcb05862e..1264b35bf4 100644 --- a/tests/functions/insert_config_array_test.php +++ b/tests/functions_acp/insert_config_array_test.php @@ -11,6 +11,8 @@ * */ +require_once dirname(__FILE__) . '/../../phpBB/includes/functions_acp.php'; + class phpbb_functions_insert_config_array_test extends phpbb_test_case { public function config_display_vars() diff --git a/tests/mock/controller_helper.php b/tests/mock/controller_helper.php index 9c13c309f2..ae3e7bf432 100644 --- a/tests/mock/controller_helper.php +++ b/tests/mock/controller_helper.php @@ -13,12 +13,13 @@ class phpbb_mock_controller_helper extends \phpbb\controller\helper { - public function __construct(\phpbb\template\template $template, \phpbb\user $user, \phpbb\config\config $config, \phpbb\controller\provider $provider, \phpbb\extension\manager $manager, \phpbb\symfony_request $symfony_request, \phpbb\filesystem $filesystem, $phpbb_root_path, $php_ext, $phpbb_root_path_ext) + public function __construct(\phpbb\template\template $template, \phpbb\user $user, \phpbb\config\config $config, \phpbb\controller\provider $provider, \phpbb\extension\manager $manager, \phpbb\symfony_request $symfony_request, \phpbb\request\request_interface $request, \phpbb\filesystem $filesystem, $phpbb_root_path, $php_ext, $phpbb_root_path_ext) { $this->template = $template; $this->user = $user; $this->config = $config; $this->symfony_request = $symfony_request; + $this->request = $request; $this->filesystem = $filesystem; $this->phpbb_root_path = $phpbb_root_path; $this->php_ext = $php_ext; diff --git a/tests/mock/request.php b/tests/mock/request.php index 304fcf0eaf..e7217a94a9 100644 --- a/tests/mock/request.php +++ b/tests/mock/request.php @@ -114,4 +114,25 @@ class phpbb_mock_request implements \phpbb\request\request_interface { $this->data[$super_global] = array_merge($this->data[$super_global], $values); } + + public function escape($var, $multibyte) + { + $type_cast_helper = new \phpbb\request\type_cast_helper(); + if (is_array($var)) + { + $result = array(); + foreach ($var as $key => $value) + { + $type_cast_helper->set_var($key, $key, gettype($key), $multibyte); + $result[$key] = $this->escape($value, $multibyte); + } + $var = $result; + } + else + { + $type_cast_helper->set_var($var, $var, 'string', $multibyte); + } + + return $var; + } } diff --git a/tests/notification/group_request_test.php b/tests/notification/group_request_test.php index afbc586601..0d1bda95ce 100644 --- a/tests/notification/group_request_test.php +++ b/tests/notification/group_request_test.php @@ -12,6 +12,7 @@ */ require_once dirname(__FILE__) . '/base.php'; +require_once dirname(__FILE__) . '/../../phpBB/includes/functions.php'; class phpbb_notification_group_request_test extends phpbb_tests_notification_base { diff --git a/tests/pagination/pagination_test.php b/tests/pagination/pagination_test.php index d36aa11a8a..494c667198 100644 --- a/tests/pagination/pagination_test.php +++ b/tests/pagination/pagination_test.php @@ -57,7 +57,7 @@ class phpbb_pagination_pagination_test extends phpbb_template_template_test_case $request ); - $this->helper = new phpbb_mock_controller_helper($this->template, $this->user, $this->config, $provider, $manager, $symfony_request, $filesystem, '', 'php', dirname(__FILE__) . '/'); + $this->helper = new phpbb_mock_controller_helper($this->template, $this->user, $this->config, $provider, $manager, $symfony_request, $request, $filesystem, '', 'php', dirname(__FILE__) . '/'); $this->pagination = new \phpbb\pagination($this->template, $this->user, $this->helper, $phpbb_dispatcher); } diff --git a/tests/security/base.php b/tests/security/base.php index 5519cac441..330408b448 100644 --- a/tests/security/base.php +++ b/tests/security/base.php @@ -13,6 +13,8 @@ abstract class phpbb_security_test_base extends phpbb_test_case { + protected $server = array(); + /** * Set up the required user object and server variables for the suites */ @@ -21,17 +23,18 @@ abstract class phpbb_security_test_base extends phpbb_test_case global $user, $phpbb_root_path, $phpEx, $request, $symfony_request, $phpbb_filesystem; // Put this into a global function being run by every test to init a proper user session - $server['HTTP_HOST'] = 'localhost'; - $server['SERVER_NAME'] = 'localhost'; - $server['SERVER_ADDR'] = '127.0.0.1'; - $server['SERVER_PORT'] = 80; - $server['REMOTE_ADDR'] = '127.0.0.1'; - $server['QUERY_STRING'] = ''; - $server['REQUEST_URI'] = '/tests/'; - $server['SCRIPT_NAME'] = '/tests/index.php'; - $server['PHP_SELF'] = '/tests/index.php'; - $server['HTTP_USER_AGENT'] = 'Mozilla/5.0 (Windows; U; Windows NT 6.0; de; rv:1.8.1.14) Gecko/20080404 Firefox/2.0.0.14'; - $server['HTTP_ACCEPT_LANGUAGE'] = 'de-de,de;q=0.8,en-us;q=0.5,en;q=0.3'; + $this->server['HTTP_HOST'] = 'localhost'; + $this->server['SERVER_NAME'] = 'localhost'; + $this->server['SERVER_ADDR'] = '127.0.0.1'; + $this->server['SERVER_PORT'] = 80; + $this->server['REMOTE_ADDR'] = '127.0.0.1'; + $this->server['QUERY_STRING'] = ''; + $this->server['REQUEST_URI'] = '/tests/'; + $this->server['SCRIPT_NAME'] = '/tests/index.php'; + $this->server['SCRIPT_FILENAME'] = '/var/www/tests/index.php'; + $this->server['PHP_SELF'] = '/tests/index.php'; + $this->server['HTTP_USER_AGENT'] = 'Mozilla/5.0 (Windows; U; Windows NT 6.0; de; rv:1.8.1.14) Gecko/20080404 Firefox/2.0.0.14'; + $this->server['HTTP_ACCEPT_LANGUAGE'] = 'de-de,de;q=0.8,en-us;q=0.5,en;q=0.3'; /* [HTTP_ACCEPT_ENCODING] => gzip,deflate @@ -40,31 +43,18 @@ abstract class phpbb_security_test_base extends phpbb_test_case [SCRIPT_FILENAME] => /var/www/tests/index.php */ - $request = new phpbb_mock_request(array(), array(), array(), $server); - $symfony_request = $this->getMock("\phpbb\symfony_request", array(), array( - $request, - )); - $symfony_request->expects($this->any()) - ->method('getScriptName') - ->will($this->returnValue($server['SCRIPT_NAME'])); - $symfony_request->expects($this->any()) - ->method('getQueryString') - ->will($this->returnValue($server['QUERY_STRING'])); - $symfony_request->expects($this->any()) - ->method('getBasePath') - ->will($this->returnValue($server['REQUEST_URI'])); - $symfony_request->expects($this->any()) - ->method('getPathInfo') - ->will($this->returnValue('/')); - $phpbb_filesystem = new \phpbb\filesystem($symfony_request, $phpbb_root_path, $phpEx); + $request = new phpbb_mock_request(array(), array(), array(), $this->server); + $symfony_request = new \phpbb\symfony_request($request); + + $phpbb_filesystem = new \phpbb\filesystem(); // Set no user and trick a bit to circumvent errors $user = new \phpbb\user('\phpbb\datetime'); $user->lang = true; - $user->browser = $server['HTTP_USER_AGENT']; + $user->browser = $this->server['HTTP_USER_AGENT']; $user->referer = ''; $user->forwarded_for = ''; - $user->host = $server['HTTP_HOST']; + $user->host = $this->server['HTTP_HOST']; $user->page = \phpbb\session::extract_current_page($phpbb_root_path); } diff --git a/tests/security/extract_current_page_test.php b/tests/security/extract_current_page_test.php index c127b69b2b..767b901a43 100644 --- a/tests/security/extract_current_page_test.php +++ b/tests/security/extract_current_page_test.php @@ -20,33 +20,25 @@ class phpbb_security_extract_current_page_test extends phpbb_security_test_base public function security_variables() { return array( - array('http://localhost/phpBB/index.php', 'mark=forums&x="><script>alert(/XSS/);</script>', 'mark=forums&x=%22%3E%3Cscript%3Ealert(/XSS/);%3C/script%3E'), - array('http://localhost/phpBB/index.php', 'mark=forums&x=%22%3E%3Cscript%3Ealert(/XSS/);%3C/script%3E', 'mark=forums&x=%22%3E%3Cscript%3Ealert(/XSS/);%3C/script%3E'), + array('mark=forums&x="><script>alert(/XSS/);</script>', 'mark=forums&x=%22%3E%3Cscript%3Ealert%28%2FXSS%2F%29%3B%3C%2Fscript%3E'), + array('mark=forums&x=%22%3E%3Cscript%3Ealert(/XSS/);%3C/script%3E', 'mark=forums&x=%22%3E%3Cscript%3Ealert%28%2FXSS%2F%29%3B%3C%2Fscript%3E'), + array('mark=forums&x=%22%3E%3Cscript%3Ealert%28%2FXSS%2F%29%3B%3C%2Fscript%3E', 'mark=forums&x=%22%3E%3Cscript%3Ealert%28%2FXSS%2F%29%3B%3C%2Fscript%3E'), ); } /** * @dataProvider security_variables */ - public function test_query_string_php_self($url, $query_string, $expected) + public function test_query_string_php_self($query_string, $expected) { global $symfony_request, $request; - $symfony_request = $this->getMock("\phpbb\symfony_request", array(), array( - $request, - )); - $symfony_request->expects($this->any()) - ->method('getScriptName') - ->will($this->returnValue($this->sanitizer($url))); - $symfony_request->expects($this->any()) - ->method('getQueryString') - ->will($this->returnValue($this->sanitizer($query_string))); - $symfony_request->expects($this->any()) - ->method('getBasePath') - ->will($this->returnValue($server['REQUEST_URI'])); - $symfony_request->expects($this->sanitizer($this->any())) - ->method('getPathInfo') - ->will($this->returnValue($this->sanitizer('/'))); + $this->server['REQUEST_URI'] = ''; + $this->server['QUERY_STRING'] = $query_string; + + $request = new phpbb_mock_request(array(), array(), array(), $this->server); + $symfony_request = new \phpbb\symfony_request($request); + $result = \phpbb\session::extract_current_page('./'); $label = 'Running extract_current_page on ' . $query_string . ' with PHP_SELF filled.'; @@ -56,41 +48,18 @@ class phpbb_security_extract_current_page_test extends phpbb_security_test_base /** * @dataProvider security_variables */ - public function test_query_string_request_uri($url, $query_string, $expected) + public function test_query_string_request_uri($query_string, $expected) { global $symfony_request, $request; - $symfony_request = $this->getMock("\phpbb\symfony_request", array(), array( - $request, - )); - $symfony_request->expects($this->any()) - ->method('getScriptName') - ->will($this->returnValue($this->sanitizer($url))); - $symfony_request->expects($this->any()) - ->method('getQueryString') - ->will($this->returnValue($this->sanitizer($query_string))); - $symfony_request->expects($this->any()) - ->method('getBasePath') - ->will($this->returnValue($this->sanitizer($server['REQUEST_URI']))); - $symfony_request->expects($this->any()) - ->method('getPathInfo') - ->will($this->returnValue($this->sanitizer('/'))); + $this->server['QUERY_STRING'] = $query_string; + + $request = new phpbb_mock_request(array(), array(), array(), $this->server); + $symfony_request = new \phpbb\symfony_request($request); $result = \phpbb\session::extract_current_page('./'); $label = 'Running extract_current_page on ' . $query_string . ' with REQUEST_URI filled.'; $this->assertEquals($expected, $result['query_string'], $label); } - - protected function sanitizer($value) - { - // Fix for objects passed in phpunit - if (is_object($value)) - { - return $value; - } - $type_cast_helper = new \phpbb\request\type_cast_helper(); - $type_cast_helper->set_var($value, $value, gettype($value), true); - return str_replace('&', '&', $value); - } } diff --git a/tests/security/redirect_test.php b/tests/security/redirect_test.php index 3961c2781e..21fb103ed1 100644 --- a/tests/security/redirect_test.php +++ b/tests/security/redirect_test.php @@ -73,6 +73,8 @@ class phpbb_security_redirect_test extends phpbb_security_test_base protected function setUp() { + global $phpbb_dispatcher; + parent::setUp(); $GLOBALS['config'] = array( @@ -80,6 +82,8 @@ class phpbb_security_redirect_test extends phpbb_security_test_base ); $this->path_helper = $this->get_path_helper(); + + $phpbb_dispatcher = new phpbb_mock_event_dispatcher(); } /** diff --git a/tests/session/extract_page_test.php b/tests/session/extract_page_test.php index f314d35f87..f0d1cdb60e 100644 --- a/tests/session/extract_page_test.php +++ b/tests/session/extract_page_test.php @@ -12,6 +12,7 @@ */ require_once dirname(__FILE__) . '/../test_framework/phpbb_session_test_case.php'; +require_once dirname(__FILE__) . '/../../phpBB/includes/functions.php'; class phpbb_session_extract_page_test extends phpbb_session_test_case { @@ -99,7 +100,7 @@ class phpbb_session_extract_page_test extends phpbb_session_test_case // ^-- Ignored because .. returns different directory in live vs testing 'query_string' => '', 'script_path' => '/phpBB/adm/', - //'root_script_path' => '/phpBB/', + //'root_script_path' => '/phpBB/adm/', //'page' => 'adm/index.php', 'forum' => 0, ), @@ -108,15 +109,15 @@ class phpbb_session_extract_page_test extends phpbb_session_test_case './', '/phpBB/adm/app.php', 'page=1&test=2', - '/phpBB/', + '/phpBB/adm/', '/foo/bar', array( 'page_name' => 'app.php/foo/bar', - 'page_dir' => '', + //'page_dir' => '', 'query_string' => 'page=1&test=2', - 'script_path' => '/phpBB/', - 'root_script_path' => '/phpBB/', - 'page' => 'app.php/foo/bar?page=1&test=2', + 'script_path' => '/phpBB/adm/', + //'root_script_path' => '/phpBB/adm/', + //'page' => 'app.php/foo/bar?page=1&test=2', 'forum' => 0, ), ), @@ -142,23 +143,25 @@ class phpbb_session_extract_page_test extends phpbb_session_test_case /** @dataProvider extract_current_page_data */ function test_extract_current_page($root_path, $getScriptName, $getQueryString, $getBasePath, $getPathInfo, $expected) { - global $symfony_request; + global $symfony_request, $request, $phpbb_filesystem; + + $phpbb_filesystem = new \phpbb\filesystem(); + + $server['HTTP_HOST'] = 'localhost'; + $server['SERVER_NAME'] = 'localhost'; + $server['SERVER_ADDR'] = '127.0.0.1'; + $server['SERVER_PORT'] = 80; + $server['REMOTE_ADDR'] = '127.0.0.1'; + $server['QUERY_STRING'] = $getQueryString; + $server['REQUEST_URI'] = $getScriptName . $getPathInfo . ($getQueryString === '' ? '' : '?' . $getQueryString); + $server['SCRIPT_NAME'] = $getScriptName; + $server['SCRIPT_FILENAME'] = '/var/www/' . $getScriptName; + $server['PHP_SELF'] = $getScriptName; + $server['HTTP_USER_AGENT'] = 'Mozilla/5.0 (Windows; U; Windows NT 6.0; de; rv:1.8.1.14) Gecko/20080404 Firefox/2.0.0.14'; + $server['HTTP_ACCEPT_LANGUAGE'] = 'de-de,de;q=0.8,en-us;q=0.5,en;q=0.3'; - $symfony_request = $this->getMock("\phpbb\symfony_request", array(), array( - new phpbb_mock_request(), - )); - $symfony_request->expects($this->any()) - ->method('getScriptName') - ->will($this->returnValue($getScriptName)); - $symfony_request->expects($this->any()) - ->method('getQueryString') - ->will($this->returnValue($getQueryString)); - $symfony_request->expects($this->any()) - ->method('getBasePath') - ->will($this->returnValue($getBasePath)); - $symfony_request->expects($this->any()) - ->method('getPathInfo') - ->will($this->returnValue($getPathInfo)); + $request = new phpbb_mock_request(array(), array(), array(), $server); + $symfony_request = new \phpbb\symfony_request($request); $output = \phpbb\session::extract_current_page($root_path); diff --git a/tests/template/ext/include/css/styles/all/theme/child_only.css b/tests/template/ext/include/css/styles/all/theme/child_only.css new file mode 100644 index 0000000000..e69de29bb2 --- /dev/null +++ b/tests/template/ext/include/css/styles/all/theme/child_only.css diff --git a/tests/template/ext/include/css/styles/all/theme/test.css b/tests/template/ext/include/css/styles/all/theme/test.css new file mode 100644 index 0000000000..e69de29bb2 --- /dev/null +++ b/tests/template/ext/include/css/styles/all/theme/test.css diff --git a/tests/template/template_includecss_test.php b/tests/template/template_includecss_test.php index ab91dd7a49..49bd9dec8b 100644 --- a/tests/template/template_includecss_test.php +++ b/tests/template/template_includecss_test.php @@ -15,18 +15,90 @@ require_once dirname(__FILE__) . '/template_test_case_with_tree.php'; class phpbb_template_template_includecss_test extends phpbb_template_template_test_case_with_tree { - public function test_includecss_compilation() + protected function setup_engine(array $new_config = array()) + { + global $phpbb_root_path, $phpEx, $user; + + $defaults = $this->config_defaults(); + $config = new \phpbb\config\config(array_merge($defaults, $new_config)); + + $this->phpbb_path_helper = new \phpbb\path_helper( + new \phpbb\symfony_request( + new phpbb_mock_request() + ), + new \phpbb\filesystem(), + $this->getMock('\phpbb\request\request'), + $phpbb_root_path, + $phpEx + ); + + $this->template_path = $this->test_path . '/templates'; + $this->parent_template_path = $this->test_path . '/parent_templates'; + $this->template = new phpbb\template\twig\twig( + $this->phpbb_path_helper, + $config, + $user, + new phpbb\template\context(), + new phpbb_mock_extension_manager( + dirname(__FILE__) . '/', + array( + 'include/css' => array( + 'ext_name' => 'include/css', + 'ext_active' => '1', + 'ext_path' => 'ext/include/css/', + ), + ) + ) + ); + $this->template->set_custom_style('tests', array($this->template_path, $this->parent_template_path)); + } + + public function template_data() + { + $url_base = explode('/', dirname(__FILE__)); + foreach ($url_base as &$dir) + { + $dir = rawurlencode($dir); + } + $url_base = implode('/', $url_base); + + return array( + /* + array( + // vars + // expected + ), + */ + array( + array('TEST' => 1), + '<link href="tests/template/templates/child_only.css?assets_version=1" rel="stylesheet" type="text/css" media="screen, projection" />', + ), + array( + array('TEST' => 2), + '<link href="tests/template/parent_templates/parent_only.css?assets_version=1" rel="stylesheet" type="text/css" media="screen, projection" />', + ), + array( + array('TEST' => 3), + '<link href="' . $url_base . '/ext/include/css/styles/all/theme/test.css?assets_version=1" rel="stylesheet" type="text/css" media="screen, projection" />', + ), + array( + array('TEST' => 4), + '<link href="' . $url_base . '/ext/include/css/styles/all/theme/child_only.css?assets_version=1" rel="stylesheet" type="text/css" media="screen, projection" />', + ), + ); + } + + /** + * @dataProvider template_data + */ + public function test_includecss_compilation($vars, $expected) { // Reset the engine state $this->setup_engine(array('assets_version' => 1)); - // Prepare correct result - $scripts = array( - '<link href="tests/template/templates/child_only.css?assets_version=1" rel="stylesheet" type="text/css" media="screen, projection" />', - '<link href="tests/template/parent_templates/parent_only.css?assets_version=1" rel="stylesheet" type="text/css" media="screen, projection" />', - ); + $this->template->assign_vars($vars); // Run test - $this->run_template('includecss.html', array(), array(), array(), implode('', $scripts)); + $this->run_template('includecss.html', array(), array(), array(), $expected); } } diff --git a/tests/template/templates/includecss.html b/tests/template/templates/includecss.html index a09e44f240..23e3c426d7 100644 --- a/tests/template/templates/includecss.html +++ b/tests/template/templates/includecss.html @@ -1,3 +1,10 @@ -<!-- INCLUDECSS child_only.css --> -<!-- INCLUDECSS parent_only.css --> +<!-- IF TEST === 1 --> + <!-- INCLUDECSS child_only.css --> +<!-- ELSEIF TEST === 2 --> + <!-- INCLUDECSS parent_only.css --> +<!-- ELSEIF TEST === 3 --> + <!-- INCLUDECSS @include_css/test.css --> +<!-- ELSEIF TEST === 4 --> + <!-- INCLUDECSS @include_css/child_only.css --> +<!-- ENDIF --> {$STYLESHEETS} diff --git a/tests/test_framework/phpbb_session_test_case.php b/tests/test_framework/phpbb_session_test_case.php index efad4d5166..1bf0277fe0 100644 --- a/tests/test_framework/phpbb_session_test_case.php +++ b/tests/test_framework/phpbb_session_test_case.php @@ -11,6 +11,7 @@ * */ +require_once dirname(__FILE__) . '/../../phpBB/includes/functions.php'; require_once dirname(__FILE__) . '/../session/testable_factory.php'; require_once dirname(__FILE__) . '/../session/testable_facade.php'; diff --git a/tests/tree/nestedset_forum_base.php b/tests/tree/nestedset_forum_base.php index 449b2e5ca8..c56be1f81e 100644 --- a/tests/tree/nestedset_forum_base.php +++ b/tests/tree/nestedset_forum_base.php @@ -11,6 +11,8 @@ * */ +require_once dirname(__FILE__) . '/../../phpBB/includes/functions.php'; + class phpbb_tests_tree_nestedset_forum_base extends phpbb_database_test_case { public function getDataSet() |