| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
PHPBB3-14576
|
|
|
|
| |
PHPBB3-13762
|
|\
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* 3.1.x:
[ticket/security-180] Use language variable for redirect error in 3.1+
[ticket/security-180] Merge if statement with previous one in 3.1.x
[ticket/security-180] Add tests for redirecting to main URL
[ticket/security-180] Always fail when redirecting to an insecure URL
[ticket/security-180] Make sure that redirect goes to full URL plus slash
[ticket/security-180] Check if redirect URL contains board URL
|
| |\
| | |
| | |
| | |
| | | |
Conflicts:
tests/security/redirect_test.php
|
| | |
| | |
| | |
| | | |
SECURITY-180
|
| | |
| | |
| | |
| | | |
SECURITY-180
|
| |\ \
| | |/
| | |
| | |
| | | |
Conflicts:
tests/security/redirect_test.php
|
| | |
| | |
| | |
| | | |
SECURITY-180
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The ORIG_PATH_INFO on IIS also contains the script name. Only use that
for killing the script after removing the script name from ORIG_PATH_INFO.
PHPBB3-13549
|
| | |
| | |
| | |
| | | |
PHPBB3-13531
|
|/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* Moving filesystem service to \phpbb\filesystem namespace
* Wraping Symfony's Filesystem component
* Moving filesystem related functions from includes/functions.php
into \phpbb\filesystem\filesystem
Functions moved (and deprecated):
- phpbb_chmod
- phpbb_is_writable
- phpbb_is_absolute
- phpbb_own_realpath
- phpbb_realpath
* Adding interface for filesystem service
PHPBB3-13697
|
| |
| |
| |
| | |
PHPBB3-13280
|
| |
| |
| |
| | |
PHPBB3-13280
|
| |
| |
| |
| |
| |
| |
| | |
This reverts commit a1b58d05d158ff7afd789c1b27821e17198f8d58, reversing
changes made to 0e772afb9db640e54e84cfccaddcf74f3edbb3fb.
PHPBB3-13280
|
| |
| |
| |
| | |
PHPBB3-13280
|
| |
| |
| |
| | |
PHPBB3-13280
|
| |
| |
| |
| | |
PHPBB3-12932
|
| |
| |
| |
| | |
PHPBB3-12099
|
| |
| |
| |
| | |
PHPBB3-12099
|
| |
| |
| |
| | |
PHPBB3-12594
|
|\ \
| | |
| | | |
[ticket/12090] Pass route name to url() instead of the url itself
|
| | |
| | |
| | |
| | | |
PHPBB3-12090
|
|/ /
| |
| |
| |
| |
| |
| |
| | |
The deprecated passwords functions are no longer used in the core and have
been replaced with the passwords manager. Therefore, the functions are
moved to the functions_compatibility file.
PHPBB3-12239
|
|\ \
| | |
| | | |
[feature/passwords] Add password hashing manager with support for newer hashing algorithms
|
| | |
| | |
| | |
| | | |
PHPBB3-11610
|
| |\ \
| | | |
| | | |
| | | |
| | | | |
Conflicts:
phpBB/config/services.yml
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This list is in the order of how the driver types would be used. If a driver
is not supported we will try the subsequent one.
PHPBB3-11610
|
| | | |
| | | |
| | | |
| | | | |
PHPBB3-11610
|
| |\ \ \
| | | | |
| | | | |
| | | | |
| | | | | |
Conflicts:
phpBB/includes/functions.php
|
| | | | |
| | | | |
| | | | |
| | | | | |
PHPBB3-11610
|
| | | | |
| | | | |
| | | | |
| | | | | |
PHPBB3-11610
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
The user's page directory needs to be added to the redirect URL for proper
redirects outside of the forum root. Fix the unit tests accordingly.
PHPBB3-11997
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
The redirect function will now properly redirect to where we want it to.
It will no longer try to check if the file or directory we redirect to exist.
This will ensure compatibility with the new routes.
PHPBB3-11997
|
| | | | |
| | | | |
| | | | |
| | | | | |
PHPBB3-11997
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Redirects to parent folders were possible with the previous redirect function.
This change will allow these redirects again.
PHPBB3-11997
|
| | | | |
| | | | |
| | | | |
| | | | | |
PHPBB3-11997
|
| | | | |
| | | | |
| | | | |
| | | | | |
PHPBB3-11997
|
| |_|/ /
|/| | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
We currently do a lot of checks in order to prevent users from getting to
a 404 page. However, this logic relies on checking if a file or folder exists.
Due to the front controllers and the URL rewriting in 3.1, it is no longer
possible to rely on existing files for redirecting. This patch will take
care of properly redirecting users to front controller files. An incorrect
link will cause users to get a 404 error though.
PHPBB3-11997
|
| | | |
| | | |
| | | |
| | | | |
PHPBB3-11850
|
| | | |
| | | |
| | | |
| | | | |
PHPBB3-11850
|
| | | |
| | | |
| | | |
| | | | |
PHPBB3-11850
|
|\ \ \ \
| | |/ /
| |/| |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
# By Nils Adermann (68) and others
# Via Andreas Fischer (12) and others
* 'develop' of github.com:phpbb/phpbb3: (102 commits)
[ticket/11876] Replace MD5 with SHA256.
[ticket/11876] Move checksum generation from build PHP files to phing build.xml
[develop-olympus] Build against 3.0.12 instead of 3.0.12-RC3. Tag exists now.
[prep-release-3.0.12] Update changelog for 3.0.12 release.
[ticket/11873] Add unit test for large password input.
[ticket/11873] Do not hash very large passwords in order to safe resources.
[ticket/11862] Correct var names in user_delete() events due to prune-users
[develop-olympus] Use 3.0.13-dev as build version. Use latest 3.0.12 RC tag.
[prep-release-3.0.12] Bumping version number for 3.0.12 final.
[ticket/11852] Add class file
[ticket/11852] Move tests to folder with new class name
[ticket/11852] Split filesystem and path_helper into 2 classes
[ticket/11868] Add @depends to test
[ticket/11868] Add functional test for registration
[ticket/11868] Replace phpbb_request_interface references
[ticket/11866] Only single backslash in .md files
[ticket/11866] Remove outdated and broken develop script
[ticket/11866] More namespaces
[ticket/11866] Update some occurances of phpbb_db_ to new Namespace
[ticket/11865] Convert old class name to namespaced version
...
Conflicts:
tests/security/extract_current_page_test.php
tests/session/testable_facade.php
|
| |\ \ \
| | |/ /
| |/| /
| | |/
| | |
| | |
| | | |
* develop-olympus:
[prep-release-3.0.12] Update changelog for 3.0.12 release.
[ticket/11873] Add unit test for large password input.
[ticket/11873] Do not hash very large passwords in order to safe resources.
|
| | |
| | |
| | |
| | |
| | |
| | | |
The password should be rejected quite fast.
PHPBB3-11873
|
| | |
| | |
| | |
| | | |
PHPBB3-11159
|
| | |
| | |
| | |
| | | |
PHPBB3-11700
|
| | |
| | |
| | |
| | | |
PHPBB3-11700
|
|/ /
| |
| |
| | |
PHPBB3-11850
|
| |
| |
| |
| |
| |
| | |
There were a few error messages that a user could experience that would, previously, be without any the ability to be localized. There are some more E_USER_ERRORs that I did not change to a constant, for example the error message that is displayed if there aren't any folders in /language.
PHPBB3-9975
|
| |
| |
| |
| | |
PHPBB3-10973
|