diff options
Diffstat (limited to 'phpBB/phpbb')
9 files changed, 135 insertions, 25 deletions
diff --git a/phpBB/phpbb/auth/provider/oauth/oauth.php b/phpBB/phpbb/auth/provider/oauth/oauth.php index 8809a0c6b4..93419d2915 100644 --- a/phpBB/phpbb/auth/provider/oauth/oauth.php +++ b/phpBB/phpbb/auth/provider/oauth/oauth.php @@ -191,7 +191,7 @@ class oauth extends \phpbb\auth\provider\base return $provider->login($username, $password); } - // Requst the name of the OAuth service + // Request the name of the OAuth service $service_name_original = $this->request->variable('oauth_service', '', false); $service_name = 'auth.provider.oauth.service.' . strtolower($service_name_original); if ($service_name_original === '' || !array_key_exists($service_name, $this->service_providers)) @@ -221,24 +221,33 @@ class oauth extends \phpbb\auth\provider\base 'provider' => $service_name_original, 'oauth_provider_id' => $unique_id ); + $sql = 'SELECT user_id FROM ' . $this->auth_provider_oauth_token_account_assoc . ' WHERE ' . $this->db->sql_build_array('SELECT', $data); $result = $this->db->sql_query($sql); $row = $this->db->sql_fetchrow($result); $this->db->sql_freeresult($result); + $redirect_data = array( + 'auth_provider' => 'oauth', + 'login_link_oauth_service' => $service_name_original, + ); + /** * Event is triggered before check if provider is already associated with an account * * @event core.oauth_login_after_check_if_provider_id_has_match - * @var array row User row - * @var array data Provider data - * @var \OAuth\Common\Service\ServiceInterface service OAuth service + * @var array row User row + * @var array data Provider data + * @var array redirect_data Data to be appended to the redirect url + * @var \OAuth\Common\Service\ServiceInterface service OAuth service * @since 3.2.3-RC1 + * @changed 3.2.6-RC1 Added redirect_data */ $vars = array( 'row', 'data', + 'redirect_data', 'service', ); extract($this->dispatcher->trigger_event('core.oauth_login_after_check_if_provider_id_has_match', compact($vars))); @@ -250,10 +259,7 @@ class oauth extends \phpbb\auth\provider\base 'status' => LOGIN_SUCCESS_LINK_PROFILE, 'error_msg' => 'LOGIN_OAUTH_ACCOUNT_NOT_LINKED', 'user_row' => array(), - 'redirect_data' => array( - 'auth_provider' => 'oauth', - 'login_link_oauth_service' => $service_name_original, - ), + 'redirect_data' => $redirect_data, ); } @@ -270,11 +276,36 @@ class oauth extends \phpbb\auth\provider\base throw new \Exception('AUTH_PROVIDER_OAUTH_ERROR_INVALID_ENTRY'); } + /** + * Check if the user is banned. + * The fourth parameter, return, has to be true, + * otherwise the OAuth login is still called and + * an uncaught exception is thrown as there is no + * token stored in the database. + */ + $ban = $this->user->check_ban($row['user_id'], $row['user_ip'], $row['user_email'], true); + if (!empty($ban)) + { + $till_date = !empty($ban['ban_end']) ? $this->user->format_date($ban['ban_end']) : ''; + $message = !empty($ban['ban_end']) ? 'BOARD_BAN_TIME' : 'BOARD_BAN_PERM'; + + $contact_link = phpbb_get_board_contact_link($this->config, $this->phpbb_root_path, $this->php_ext); + $message = $this->user->lang($message, $till_date, '<a href="' . $contact_link . '">', '</a>'); + $message .= !empty($ban['ban_give_reason']) ? '<br /><br />' . $this->user->lang('BOARD_BAN_REASON', $ban['ban_give_reason']) : ''; + $message .= !empty($ban['ban_triggered_by']) ? '<br /><br /><em>' . $this->user->lang('BAN_TRIGGERED_BY_' . strtoupper($ban['ban_triggered_by'])) . '</em>' : ''; + + return array( + 'status' => LOGIN_BREAK, + 'error_msg' => $message, + 'user_row' => $row, + ); + } + // Update token storage to store the user_id $storage->set_user_id($row['user_id']); /** - * Event is triggered after user is successfuly logged in via OAuth. + * Event is triggered after user is successfully logged in via OAuth. * * @event core.auth_oauth_login_after * @var array row User row @@ -674,6 +705,7 @@ class oauth extends \phpbb\auth\provider\base 'oauth_service' => $actual_name, ), + 'SERVICE_ID' => $actual_name, 'SERVICE_NAME' => $this->user->lang['AUTH_PROVIDER_OAUTH_SERVICE_' . strtoupper($actual_name)], 'UNIQUE_ID' => (isset($oauth_user_ids[$actual_name])) ? $oauth_user_ids[$actual_name] : null, ); @@ -707,7 +739,7 @@ class oauth extends \phpbb\auth\provider\base AND user_id = " . (int) $user_id; $this->db->sql_query($sql); - // Clear all tokens belonging to the user on this servce + // Clear all tokens belonging to the user on this service $service_name = 'auth.provider.oauth.service.' . strtolower($link_data['oauth_service']); $storage = new \phpbb\auth\provider\oauth\token_storage($this->db, $this->user, $this->auth_provider_oauth_token_storage_table, $this->auth_provider_oauth_state_table); $storage->clearToken($service_name); diff --git a/phpBB/phpbb/db/migration/data/v32x/v326rc1.php b/phpBB/phpbb/db/migration/data/v32x/v326rc1.php new file mode 100644 index 0000000000..092700d3db --- /dev/null +++ b/phpBB/phpbb/db/migration/data/v32x/v326rc1.php @@ -0,0 +1,37 @@ +<?php +/** +* +* This file is part of the phpBB Forum Software package. +* +* @copyright (c) phpBB Limited <https://www.phpbb.com> +* @license GNU General Public License, version 2 (GPL-2.0) +* +* For full copyright and license information, please see +* the docs/CREDITS.txt file. +* +*/ + +namespace phpbb\db\migration\data\v32x; + +class v326rc1 extends \phpbb\db\migration\migration +{ + public function effectively_installed() + { + return phpbb_version_compare($this->config['version'], '3.2.6-RC1', '>='); + } + + static public function depends_on() + { + return array( + '\phpbb\db\migration\data\v32x\v325', + ); + + } + + public function update_data() + { + return array( + array('config.update', array('version', '3.2.6-RC1')), + ); + } +} diff --git a/phpBB/phpbb/event/md_exporter.php b/phpBB/phpbb/event/md_exporter.php index 085b20c234..c3942bd7ce 100644 --- a/phpBB/phpbb/event/md_exporter.php +++ b/phpBB/phpbb/event/md_exporter.php @@ -143,6 +143,8 @@ class md_exporter list($event_name, $details) = explode("\n===\n", $event, 2); $this->validate_event_name($event_name); + $sorted_events = [$this->current_event, $event_name]; + natsort($sorted_events); $this->current_event = $event_name; if (isset($this->events[$this->current_event])) @@ -150,6 +152,12 @@ class md_exporter throw new \LogicException("The event '{$this->current_event}' is defined multiple times"); } + // Use array_values() to get actual first element and check against natural order + if (array_values($sorted_events)[0] === $event_name) + { + throw new \LogicException("The event '{$sorted_events[1]}' should be defined before '{$sorted_events[0]}'"); + } + if (($this->filter == 'adm' && strpos($this->current_event, 'acp_') !== 0) || ($this->filter == 'styles' && strpos($this->current_event, 'acp_') === 0)) { diff --git a/phpBB/phpbb/install/module/obtain_data/task/obtain_database_data.php b/phpBB/phpbb/install/module/obtain_data/task/obtain_database_data.php index dc7b060746..6ec1e612b9 100644 --- a/phpBB/phpbb/install/module/obtain_data/task/obtain_database_data.php +++ b/phpBB/phpbb/install/module/obtain_data/task/obtain_database_data.php @@ -78,10 +78,10 @@ class obtain_database_data extends \phpbb\install\task_base implements \phpbb\in $dbms = $this->io_handler->get_input('dbms', ''); $dbhost = $this->io_handler->get_input('dbhost', '', true); $dbport = $this->io_handler->get_input('dbport', ''); - $dbuser = $this->io_handler->get_input('dbuser', ''); - $dbpasswd = $this->io_handler->get_raw_input('dbpasswd', ''); - $dbname = $this->io_handler->get_input('dbname', ''); - $table_prefix = $this->io_handler->get_input('table_prefix', ''); + $dbuser = $this->io_handler->get_input('dbuser', '', true); + $dbpasswd = $this->io_handler->get_raw_input('dbpasswd', '', true); + $dbname = $this->io_handler->get_input('dbname', '', true); + $table_prefix = $this->io_handler->get_input('table_prefix', '', true); // Check database data $user_data_vaild = $this->check_database_data($dbms, $dbhost, $dbport, $dbuser, $dbpasswd, $dbname, $table_prefix); diff --git a/phpBB/phpbb/install/module/obtain_data/task/obtain_email_data.php b/phpBB/phpbb/install/module/obtain_data/task/obtain_email_data.php index e8a9c971b7..7cd0d7bf23 100644 --- a/phpBB/phpbb/install/module/obtain_data/task/obtain_email_data.php +++ b/phpBB/phpbb/install/module/obtain_data/task/obtain_email_data.php @@ -50,11 +50,11 @@ class obtain_email_data extends \phpbb\install\task_base implements \phpbb\insta // E-mail data $email_enable = $this->io_handler->get_input('email_enable', true); $smtp_delivery = $this->io_handler->get_input('smtp_delivery', ''); - $smtp_host = $this->io_handler->get_input('smtp_host', ''); + $smtp_host = $this->io_handler->get_input('smtp_host', '', true); $smtp_port = $this->io_handler->get_input('smtp_port', ''); $smtp_auth = $this->io_handler->get_input('smtp_auth', ''); - $smtp_user = $this->io_handler->get_input('smtp_user', ''); - $smtp_passwd = $this->io_handler->get_input('smtp_pass', ''); + $smtp_user = $this->io_handler->get_input('smtp_user', '', true); + $smtp_passwd = $this->io_handler->get_input('smtp_pass', '', true); $auth_methods = array('PLAIN', 'LOGIN', 'CRAM-MD5', 'DIGEST-MD5', 'POP-BEFORE-SMTP'); diff --git a/phpBB/phpbb/install/module/obtain_data/task/obtain_server_data.php b/phpBB/phpbb/install/module/obtain_data/task/obtain_server_data.php index 1ef70eae08..5096ce284e 100644 --- a/phpBB/phpbb/install/module/obtain_data/task/obtain_server_data.php +++ b/phpBB/phpbb/install/module/obtain_data/task/obtain_server_data.php @@ -79,9 +79,9 @@ class obtain_server_data extends \phpbb\install\task_base implements \phpbb\inst $cookie_secure = $this->io_handler->get_input('cookie_secure', $cookie_secure); $server_protocol = $this->io_handler->get_input('server_protocol', $server_protocol); $force_server_vars = $this->io_handler->get_input('force_server_vars', 0); - $server_name = $this->io_handler->get_input('server_name', $server_name); + $server_name = $this->io_handler->get_input('server_name', $server_name, true); $server_port = $this->io_handler->get_input('server_port', $server_port); - $script_path = $this->io_handler->get_input('script_path', $script_path); + $script_path = $this->io_handler->get_input('script_path', $script_path, true); // Clean up script path if ($script_path !== '/') diff --git a/phpBB/phpbb/install/module/obtain_data/task/obtain_update_ftp_data.php b/phpBB/phpbb/install/module/obtain_data/task/obtain_update_ftp_data.php index f31472fc58..3c17576c13 100644 --- a/phpBB/phpbb/install/module/obtain_data/task/obtain_update_ftp_data.php +++ b/phpBB/phpbb/install/module/obtain_data/task/obtain_update_ftp_data.php @@ -85,10 +85,10 @@ class obtain_update_ftp_data extends task_base $method = $methods[0]; } - $ftp_host = $this->iohandler->get_input('ftp_host', ''); - $ftp_user = $this->iohandler->get_input('ftp_user', ''); - $ftp_pass = htmlspecialchars_decode($this->iohandler->get_input('ftp_pass', '')); - $ftp_path = $this->iohandler->get_input('ftp_path', ''); + $ftp_host = $this->iohandler->get_input('ftp_host', '', true); + $ftp_user = $this->iohandler->get_input('ftp_user', '', true); + $ftp_pass = htmlspecialchars_decode($this->iohandler->get_input('ftp_pass', '', true)); + $ftp_path = $this->iohandler->get_input('ftp_path', '', true); $ftp_port = $this->iohandler->get_input('ftp_port', 21); $ftp_time = $this->iohandler->get_input('ftp_timeout', 10); diff --git a/phpBB/phpbb/message/admin_form.php b/phpBB/phpbb/message/admin_form.php index 96b8d3499e..ae1c1d8614 100644 --- a/phpBB/phpbb/message/admin_form.php +++ b/phpBB/phpbb/message/admin_form.php @@ -22,6 +22,9 @@ class admin_form extends form /** @var \phpbb\config\db_text */ protected $config_text; + /** @var \phpbb\event\dispatcher_interface */ + protected $dispatcher; + /** @var string */ protected $subject; /** @var string */ @@ -37,13 +40,15 @@ class admin_form extends form * @param \phpbb\config\db_text $config_text * @param \phpbb\db\driver\driver_interface $db * @param \phpbb\user $user + * @param \phpbb\event\dispatcher_interface $dispatcher * @param string $phpbb_root_path * @param string $phpEx */ - public function __construct(\phpbb\auth\auth $auth, \phpbb\config\config $config, \phpbb\config\db_text $config_text, \phpbb\db\driver\driver_interface $db, \phpbb\user $user, $phpbb_root_path, $phpEx) + public function __construct(\phpbb\auth\auth $auth, \phpbb\config\config $config, \phpbb\config\db_text $config_text, \phpbb\db\driver\driver_interface $db, \phpbb\user $user, \phpbb\event\dispatcher_interface $dispatcher, $phpbb_root_path, $phpEx) { parent::__construct($auth, $config, $db, $user, $phpbb_root_path, $phpEx); $this->config_text = $config_text; + $this->dispatcher = $dispatcher; } /** @@ -91,6 +96,29 @@ class admin_form extends form $this->errors[] = $this->user->lang['EMPTY_MESSAGE_EMAIL']; } + $subject = $this->subject; + $body = $this->body; + $errors = $this->errors; + + /** + * You can use this event to modify subject and/or body and add new errors. + * + * @event core.message_admin_form_submit_before + * @var string subject Message subject + * @var string body Message body + * @var array errors Form errors + * @since 3.2.6-RC1 + */ + $vars = [ + 'subject', + 'body', + 'errors', + ]; + extract($this->dispatcher->trigger_event('core.message_admin_form_submit_before', compact($vars))); + $this->subject = $subject; + $this->body = $body; + $this->errors = $errors; + if ($this->user->data['is_registered']) { $this->message->set_sender_from_user($this->user); diff --git a/phpBB/phpbb/session.php b/phpBB/phpbb/session.php index 80934dc411..31f32af7c4 100644 --- a/phpBB/phpbb/session.php +++ b/phpBB/phpbb/session.php @@ -1299,7 +1299,12 @@ class session trigger_error($message); } - return ($banned && $ban_row['ban_give_reason']) ? $ban_row['ban_give_reason'] : $banned; + if (!empty($ban_row)) + { + $ban_row['ban_triggered_by'] = $ban_triggered_by; + } + + return ($banned && $ban_row) ? $ban_row : $banned; } /** |