From aca6e64669079abc385f3094d8b6c186d9b46082 Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Fri, 6 Nov 2015 10:20:05 +0100 Subject: [ticket/14272] Only use maxlength and size for allowed input elements PHPBB3-14272 --- phpBB/adm/style/acp_attachments.html | 4 ++-- phpBB/adm/style/acp_avatar_options_gravatar.html | 4 ++-- phpBB/adm/style/acp_avatar_options_remote.html | 4 ++-- phpBB/adm/style/acp_captcha.html | 4 ++-- phpBB/adm/style/acp_forums.html | 12 +++++----- phpBB/adm/style/acp_groups.html | 4 ++-- phpBB/adm/style/acp_icons.html | 8 +++---- phpBB/adm/style/acp_inactive.html | 2 +- phpBB/adm/style/acp_jabber.html | 4 ++-- phpBB/adm/style/acp_ranks.html | 2 +- phpBB/adm/style/acp_search.html | 10 ++++---- phpBB/includes/acp/acp_attachments.php | 4 ++-- phpBB/includes/acp/acp_board.php | 4 ++-- phpBB/includes/functions_acp.php | 27 ++++++++++++---------- phpBB/phpbb/profilefields/type/type_int.php | 6 ++--- phpBB/phpbb/profilefields/type/type_string.php | 6 ++--- phpBB/phpbb/profilefields/type/type_text.php | 6 ++--- phpBB/phpbb/profilefields/type/type_url.php | 6 ++--- phpBB/phpbb/search/fulltext_native.php | 6 ++--- phpBB/phpbb/search/fulltext_postgres.php | 4 ++-- phpBB/phpbb/search/fulltext_sphinx.php | 4 ++-- phpBB/styles/prosilver/template/mcp_topic.html | 4 ++-- phpBB/styles/prosilver/template/pagination.html | 2 +- .../styles/prosilver/template/posting_editor.html | 2 +- .../prosilver/template/posting_poll_body.html | 4 ++-- phpBB/styles/subsilver2/template/mcp_topic.html | 4 ++-- .../subsilver2/template/posting_attach_body.html | 2 +- phpBB/styles/subsilver2/template/posting_body.html | 2 +- .../subsilver2/template/posting_poll_body.html | 4 ++-- tests/functions_acp/build_cfg_template_test.php | 8 +++---- 30 files changed, 83 insertions(+), 80 deletions(-) diff --git a/phpBB/adm/style/acp_attachments.html b/phpBB/adm/style/acp_attachments.html index da8a0096ea..d048191864 100644 --- a/phpBB/adm/style/acp_attachments.html +++ b/phpBB/adm/style/acp_attachments.html @@ -196,7 +196,7 @@
-
+
@@ -346,7 +346,7 @@ {orphan.REAL_FILENAME} {orphan.FILETIME} {orphan.FILESIZE} - {L_ATTACH_ID}{L_COLON} + {L_ATTACH_ID}{L_COLON} diff --git a/phpBB/adm/style/acp_avatar_options_gravatar.html b/phpBB/adm/style/acp_avatar_options_gravatar.html index 0c2e8cc984..dbe9891e19 100644 --- a/phpBB/adm/style/acp_avatar_options_gravatar.html +++ b/phpBB/adm/style/acp_avatar_options_gravatar.html @@ -5,7 +5,7 @@

{L_GRAVATAR_AVATAR_SIZE_EXPLAIN}
- {L_PIXEL} ×  - {L_PIXEL} + {L_PIXEL} ×  + {L_PIXEL}
diff --git a/phpBB/adm/style/acp_avatar_options_remote.html b/phpBB/adm/style/acp_avatar_options_remote.html index 1c0e3db599..3b514620b4 100644 --- a/phpBB/adm/style/acp_avatar_options_remote.html +++ b/phpBB/adm/style/acp_avatar_options_remote.html @@ -5,7 +5,7 @@

{L_LINK_REMOTE_SIZE_EXPLAIN}
- {L_PIXEL} ×  - {L_PIXEL} + {L_PIXEL} ×  + {L_PIXEL}
diff --git a/phpBB/adm/style/acp_captcha.html b/phpBB/adm/style/acp_captcha.html index f4866653c3..9c1f25fa03 100644 --- a/phpBB/adm/style/acp_captcha.html +++ b/phpBB/adm/style/acp_captcha.html @@ -20,11 +20,11 @@

{L_REG_LIMIT_EXPLAIN}
-
+

{L_MAX_LOGIN_ATTEMPTS_EXPLAIN}
-
+

{L_VISUAL_CONFIRM_POST_EXPLAIN}
diff --git a/phpBB/adm/style/acp_forums.html b/phpBB/adm/style/acp_forums.html index 0d8b8ad583..bba66c14d2 100644 --- a/phpBB/adm/style/acp_forums.html +++ b/phpBB/adm/style/acp_forums.html @@ -242,7 +242,7 @@

{L_FORUM_TOPICS_PAGE_EXPLAIN}
-
+
@@ -257,15 +257,15 @@

{L_AUTO_PRUNE_FREQ_EXPLAIN}
-
{L_DAYS}
+
{L_DAYS}

{L_AUTO_PRUNE_DAYS_EXPLAIN}
-
{L_DAYS}
+
{L_DAYS}

{L_AUTO_PRUNE_VIEWED_EXPLAIN}
-
{L_DAYS}
+
{L_DAYS}

{L_PRUNE_OLD_POLLS_EXPLAIN}
@@ -289,11 +289,11 @@

{L_AUTO_PRUNE_SHADOW_FREQ_EXPLAIN}
-
{L_DAYS}
+
{L_DAYS}

{L_AUTO_PRUNE_SHADOW_DAYS_EXPLAIN}
-
{L_DAYS}
+
{L_DAYS}
diff --git a/phpBB/adm/style/acp_groups.html b/phpBB/adm/style/acp_groups.html index d24d62497d..e062dbe005 100644 --- a/phpBB/adm/style/acp_groups.html +++ b/phpBB/adm/style/acp_groups.html @@ -86,11 +86,11 @@ {L_GROUP_SETTINGS_SAVE}

{L_GROUP_MESSAGE_LIMIT_EXPLAIN}
-
+

{L_GROUP_MAX_RECIPIENTS_EXPLAIN}
-
+

{L_GROUP_COLOR_EXPLAIN}
diff --git a/phpBB/adm/style/acp_icons.html b/phpBB/adm/style/acp_icons.html index f18dad0ef6..e0d2840bb5 100644 --- a/phpBB/adm/style/acp_icons.html +++ b/phpBB/adm/style/acp_icons.html @@ -108,8 +108,8 @@ - - + + @@ -136,8 +136,8 @@ - - + + + {L_DISPLAY_LOG}{L_COLON}  {S_LIMIT_DAYS} {L_SORT_BY}{L_COLON} {S_SORT_KEY} {S_SORT_DIR} {L_USERS_PER_PAGE}{L_COLON} diff --git a/phpBB/adm/style/acp_jabber.html b/phpBB/adm/style/acp_jabber.html index 9246987f1f..3c3b895624 100644 --- a/phpBB/adm/style/acp_jabber.html +++ b/phpBB/adm/style/acp_jabber.html @@ -31,7 +31,7 @@

{L_JAB_PORT_EXPLAIN}
-
+

{L_JAB_USERNAME_EXPLAIN}
@@ -50,7 +50,7 @@

{L_JAB_PACKAGE_SIZE_EXPLAIN}
-
+
diff --git a/phpBB/adm/style/acp_ranks.html b/phpBB/adm/style/acp_ranks.html index fa06513b98..e67c9acd80 100644 --- a/phpBB/adm/style/acp_ranks.html +++ b/phpBB/adm/style/acp_ranks.html @@ -44,7 +44,7 @@
style="display: none;">
-
+
diff --git a/phpBB/adm/style/acp_search.html b/phpBB/adm/style/acp_search.html index 1cde52acf3..0736d22fe7 100644 --- a/phpBB/adm/style/acp_search.html +++ b/phpBB/adm/style/acp_search.html @@ -18,11 +18,11 @@

{L_SEARCH_INTERVAL_EXPLAIN}
-
{L_SECONDS}
+
{L_SECONDS}

{L_SEARCH_GUEST_INTERVAL_EXPLAIN}
-
{L_SECONDS}
+
{L_SECONDS}

{L_LIMIT_SEARCH_LOAD_EXPLAIN}
@@ -30,15 +30,15 @@

{L_MIN_SEARCH_AUTHOR_CHARS_EXPLAIN}
-
+

{L_MAX_NUM_SEARCH_KEYWORDS_EXPLAIN}
-
+

{L_SEARCH_STORE_RESULTS_EXPLAIN}
-
{L_SECONDS}
+
{L_SECONDS}
diff --git a/phpBB/includes/acp/acp_attachments.php b/phpBB/includes/acp/acp_attachments.php index 4956aab241..b0e0711b22 100644 --- a/phpBB/includes/acp/acp_attachments.php +++ b/phpBB/includes/acp/acp_attachments.php @@ -1735,8 +1735,8 @@ class acp_attachments $size_var = $filesize['si_identifier']; $value = $filesize['value']; - // size="8" and maxlength="15" attributes as a fallback for browsers that do not support type="number" yet. - return ' '; + // size and maxlength must not be specified for input of type number + return ' '; } /** diff --git a/phpBB/includes/acp/acp_board.php b/phpBB/includes/acp/acp_board.php index 4a1c74fd77..cec621e89d 100644 --- a/phpBB/includes/acp/acp_board.php +++ b/phpBB/includes/acp/acp_board.php @@ -842,7 +842,7 @@ class acp_board { global $user; - return ' ' . $user->lang['MIN_CHARS'] . '   ' . $user->lang['MAX_CHARS']; + return ' ' . $user->lang['MIN_CHARS'] . '   ' . $user->lang['MAX_CHARS']; } /** @@ -870,7 +870,7 @@ class acp_board { global $user; - return ' ' . $user->lang['MIN_CHARS'] . '   ' . $user->lang['MAX_CHARS']; + return ' ' . $user->lang['MIN_CHARS'] . '   ' . $user->lang['MAX_CHARS']; } /** diff --git a/phpBB/includes/functions_acp.php b/phpBB/includes/functions_acp.php index d566336d26..bd12c3dd5c 100644 --- a/phpBB/includes/functions_acp.php +++ b/phpBB/includes/functions_acp.php @@ -254,6 +254,16 @@ function build_cfg_template($tpl_type, $key, &$new, $config_key, $vars) case 'text': case 'url': case 'email': + case 'tel': + case 'search': + // maxlength and size are only valid for these types and will be + // ignored for other input types. + $size = (int) $tpl_type[1]; + $maxlength = (int) $tpl_type[2]; + + $tpl = ''; + break; + case 'color': case 'date': case 'time': @@ -261,39 +271,32 @@ function build_cfg_template($tpl_type, $key, &$new, $config_key, $vars) case 'datetime-local': case 'month': case 'range': - case 'search': - case 'tel': case 'week': - $size = (int) $tpl_type[1]; - $maxlength = (int) $tpl_type[2]; - - $tpl = ''; + $tpl = ''; break; case 'number': - $min = $max = $maxlength = ''; + $max = ''; $min = ( isset($tpl_type[1]) ) ? (int) $tpl_type[1] : false; if ( isset($tpl_type[2]) ) { $max = (int) $tpl_type[2]; - $maxlength = strlen( (string) $max ); } - $tpl = ''; + $tpl = ''; break; case 'dimension': - $min = $max = $maxlength = $size = ''; + $max = ''; $min = (int) $tpl_type[1]; if ( isset($tpl_type[2]) ) { $max = (int) $tpl_type[2]; - $size = $maxlength = strlen( (string) $max ); } - $tpl = ' x '; + $tpl = ' x '; break; case 'textarea': diff --git a/phpBB/phpbb/profilefields/type/type_int.php b/phpBB/phpbb/profilefields/type/type_int.php index dd08df94c1..9dc0181cb8 100644 --- a/phpBB/phpbb/profilefields/type/type_int.php +++ b/phpBB/phpbb/profilefields/type/type_int.php @@ -61,9 +61,9 @@ class type_int extends type_base public function get_options($default_lang_id, $field_data) { $options = array( - 0 => array('TITLE' => $this->user->lang['FIELD_LENGTH'], 'FIELD' => ''), - 1 => array('TITLE' => $this->user->lang['MIN_FIELD_NUMBER'], 'FIELD' => ''), - 2 => array('TITLE' => $this->user->lang['MAX_FIELD_NUMBER'], 'FIELD' => ''), + 0 => array('TITLE' => $this->user->lang['FIELD_LENGTH'], 'FIELD' => ''), + 1 => array('TITLE' => $this->user->lang['MIN_FIELD_NUMBER'], 'FIELD' => ''), + 2 => array('TITLE' => $this->user->lang['MAX_FIELD_NUMBER'], 'FIELD' => ''), 3 => array('TITLE' => $this->user->lang['DEFAULT_VALUE'], 'FIELD' => ''), ); diff --git a/phpBB/phpbb/profilefields/type/type_string.php b/phpBB/phpbb/profilefields/type/type_string.php index 67befc457d..a8432eaae5 100644 --- a/phpBB/phpbb/profilefields/type/type_string.php +++ b/phpBB/phpbb/profilefields/type/type_string.php @@ -61,9 +61,9 @@ class type_string extends type_string_common public function get_options($default_lang_id, $field_data) { $options = array( - 0 => array('TITLE' => $this->user->lang['FIELD_LENGTH'], 'FIELD' => ''), - 1 => array('TITLE' => $this->user->lang['MIN_FIELD_CHARS'], 'FIELD' => ''), - 2 => array('TITLE' => $this->user->lang['MAX_FIELD_CHARS'], 'FIELD' => ''), + 0 => array('TITLE' => $this->user->lang['FIELD_LENGTH'], 'FIELD' => ''), + 1 => array('TITLE' => $this->user->lang['MIN_FIELD_CHARS'], 'FIELD' => ''), + 2 => array('TITLE' => $this->user->lang['MAX_FIELD_CHARS'], 'FIELD' => ''), 3 => array('TITLE' => $this->user->lang['FIELD_VALIDATION'], 'FIELD' => ''), ); diff --git a/phpBB/phpbb/profilefields/type/type_text.php b/phpBB/phpbb/profilefields/type/type_text.php index bacf60a213..79ee82351a 100644 --- a/phpBB/phpbb/profilefields/type/type_text.php +++ b/phpBB/phpbb/profilefields/type/type_text.php @@ -61,9 +61,9 @@ class type_text extends type_string_common public function get_options($default_lang_id, $field_data) { $options = array( - 0 => array('TITLE' => $this->user->lang['FIELD_LENGTH'], 'FIELD' => ' ' . $this->user->lang['ROWS'] . '
' . $this->user->lang['COLUMNS'] . ' '), - 1 => array('TITLE' => $this->user->lang['MIN_FIELD_CHARS'], 'FIELD' => ''), - 2 => array('TITLE' => $this->user->lang['MAX_FIELD_CHARS'], 'FIELD' => ''), + 0 => array('TITLE' => $this->user->lang['FIELD_LENGTH'], 'FIELD' => ' ' . $this->user->lang['ROWS'] . '
' . $this->user->lang['COLUMNS'] . ' '), + 1 => array('TITLE' => $this->user->lang['MIN_FIELD_CHARS'], 'FIELD' => ''), + 2 => array('TITLE' => $this->user->lang['MAX_FIELD_CHARS'], 'FIELD' => ''), 3 => array('TITLE' => $this->user->lang['FIELD_VALIDATION'], 'FIELD' => ''), ); diff --git a/phpBB/phpbb/profilefields/type/type_url.php b/phpBB/phpbb/profilefields/type/type_url.php index fe0bffd582..375cf5b19a 100644 --- a/phpBB/phpbb/profilefields/type/type_url.php +++ b/phpBB/phpbb/profilefields/type/type_url.php @@ -29,9 +29,9 @@ class type_url extends type_string public function get_options($default_lang_id, $field_data) { $options = array( - 0 => array('TITLE' => $this->user->lang['FIELD_LENGTH'], 'FIELD' => ''), - 1 => array('TITLE' => $this->user->lang['MIN_FIELD_CHARS'], 'FIELD' => ''), - 2 => array('TITLE' => $this->user->lang['MAX_FIELD_CHARS'], 'FIELD' => ''), + 0 => array('TITLE' => $this->user->lang['FIELD_LENGTH'], 'FIELD' => ''), + 1 => array('TITLE' => $this->user->lang['MIN_FIELD_CHARS'], 'FIELD' => ''), + 2 => array('TITLE' => $this->user->lang['MAX_FIELD_CHARS'], 'FIELD' => ''), ); return $options; diff --git a/phpBB/phpbb/search/fulltext_native.php b/phpBB/phpbb/search/fulltext_native.php index a02f889415..e2c02ffdab 100644 --- a/phpBB/phpbb/search/fulltext_native.php +++ b/phpBB/phpbb/search/fulltext_native.php @@ -1975,15 +1975,15 @@ class fulltext_native extends \phpbb\search\base

' . $this->user->lang['MIN_SEARCH_CHARS_EXPLAIN'] . '
-
+

' . $this->user->lang['MAX_SEARCH_CHARS_EXPLAIN'] . '
-
+

' . $this->user->lang['COMMON_WORD_THRESHOLD_EXPLAIN'] . '
-
%
+
%
'; diff --git a/phpBB/phpbb/search/fulltext_postgres.php b/phpBB/phpbb/search/fulltext_postgres.php index c2186b0df3..04441e6226 100644 --- a/phpBB/phpbb/search/fulltext_postgres.php +++ b/phpBB/phpbb/search/fulltext_postgres.php @@ -1089,11 +1089,11 @@ class fulltext_postgres extends \phpbb\search\base

' . $this->user->lang['FULLTEXT_POSTGRES_MIN_WORD_LEN_EXPLAIN'] . '
-
+

' . $this->user->lang['FULLTEXT_POSTGRES_MAX_WORD_LEN_EXPLAIN'] . '
-
+
'; diff --git a/phpBB/phpbb/search/fulltext_sphinx.php b/phpBB/phpbb/search/fulltext_sphinx.php index 612ef8f1f3..e935b0f6d1 100644 --- a/phpBB/phpbb/search/fulltext_sphinx.php +++ b/phpBB/phpbb/search/fulltext_sphinx.php @@ -952,11 +952,11 @@ class fulltext_sphinx

' . $this->user->lang['FULLTEXT_SPHINX_PORT_EXPLAIN'] . '
-
+

' . $this->user->lang['FULLTEXT_SPHINX_INDEXER_MEM_LIMIT_EXPLAIN'] . '
-
' . $this->user->lang['MIB'] . '
+
' . $this->user->lang['MIB'] . '

' . $this->user->lang['FULLTEXT_SPHINX_CONFIG_FILE_EXPLAIN'] . '
diff --git a/phpBB/styles/prosilver/template/mcp_topic.html b/phpBB/styles/prosilver/template/mcp_topic.html index c21b676370..e6978191de 100644 --- a/phpBB/styles/prosilver/template/mcp_topic.html +++ b/phpBB/styles/prosilver/template/mcp_topic.html @@ -34,7 +34,7 @@

{L_POSTS_PER_PAGE_EXPLAIN}
-
+
@@ -73,7 +73,7 @@
- + {L_SELECT_TOPIC}
{TO_TOPIC_INFO}
diff --git a/phpBB/styles/prosilver/template/pagination.html b/phpBB/styles/prosilver/template/pagination.html index 4680eaa175..29aae53026 100644 --- a/phpBB/styles/prosilver/template/pagination.html +++ b/phpBB/styles/prosilver/template/pagination.html @@ -7,7 +7,7 @@
  • {L_JUMP_TO_PAGE}{L_COLON}
  • - +
diff --git a/phpBB/styles/prosilver/template/posting_editor.html b/phpBB/styles/prosilver/template/posting_editor.html index 484ca341c4..f897bf7a3b 100644 --- a/phpBB/styles/prosilver/template/posting_editor.html +++ b/phpBB/styles/prosilver/template/posting_editor.html @@ -164,7 +164,7 @@
-
+
{L_STICK_TOPIC_FOR_EXPLAIN}
diff --git a/phpBB/styles/prosilver/template/posting_poll_body.html b/phpBB/styles/prosilver/template/posting_poll_body.html index dcaec14a93..ee7100aded 100644 --- a/phpBB/styles/prosilver/template/posting_poll_body.html +++ b/phpBB/styles/prosilver/template/posting_poll_body.html @@ -27,12 +27,12 @@
-
+
{L_POLL_MAX_OPTIONS_EXPLAIN}
-
+
{L_POLL_FOR_EXPLAIN}
diff --git a/phpBB/styles/subsilver2/template/mcp_topic.html b/phpBB/styles/subsilver2/template/mcp_topic.html index 7d54510cee..c6a8236b20 100644 --- a/phpBB/styles/subsilver2/template/mcp_topic.html +++ b/phpBB/styles/subsilver2/template/mcp_topic.html @@ -44,7 +44,7 @@ {L_MERGE_TOPIC_ID} - {L_SELECT_TOPIC} + {L_SELECT_TOPIC} @@ -57,7 +57,7 @@ {L_POSTS_PER_PAGE}
{L_POSTS_PER_PAGE_EXPLAIN} - + {L_DISPLAY_POSTS}{L_COLON} {S_SELECT_SORT_DAYS} {L_SORT_BY} {S_SELECT_SORT_KEY} {S_SELECT_SORT_DIR}  diff --git a/phpBB/styles/subsilver2/template/posting_attach_body.html b/phpBB/styles/subsilver2/template/posting_attach_body.html index 8c70e4c831..67b3aaf3ea 100644 --- a/phpBB/styles/subsilver2/template/posting_attach_body.html +++ b/phpBB/styles/subsilver2/template/posting_attach_body.html @@ -31,7 +31,7 @@ {L_FILENAME} - + {L_FILE_COMMENT} diff --git a/phpBB/styles/subsilver2/template/posting_body.html b/phpBB/styles/subsilver2/template/posting_body.html index fd5ab9dd63..b984c9f96f 100644 --- a/phpBB/styles/subsilver2/template/posting_body.html +++ b/phpBB/styles/subsilver2/template/posting_body.html @@ -336,7 +336,7 @@ {L_STICK_TOPIC_FOR}{L_COLON}
{L_STICKY_ANNOUNCE_TIME_LIMIT} -  {L_DAYS} {L_STICK_TOPIC_FOR_EXPLAIN} +  {L_DAYS} {L_STICK_TOPIC_FOR_EXPLAIN} diff --git a/phpBB/styles/subsilver2/template/posting_poll_body.html b/phpBB/styles/subsilver2/template/posting_poll_body.html index 07cb6d527e..a18f319c1c 100644 --- a/phpBB/styles/subsilver2/template/posting_poll_body.html +++ b/phpBB/styles/subsilver2/template/posting_poll_body.html @@ -15,11 +15,11 @@ {L_POLL_MAX_OPTIONS}{L_COLON}
{L_POLL_MAX_OPTIONS_EXPLAIN} - + {L_POLL_FOR}{L_COLON} -  {L_DAYS} {L_POLL_FOR_EXPLAIN} +  {L_DAYS} {L_POLL_FOR_EXPLAIN} diff --git a/tests/functions_acp/build_cfg_template_test.php b/tests/functions_acp/build_cfg_template_test.php index a8d7ae6f09..2e3a8adac7 100644 --- a/tests/functions_acp/build_cfg_template_test.php +++ b/tests/functions_acp/build_cfg_template_test.php @@ -68,7 +68,7 @@ class phpbb_functions_acp_build_cfg_template_test extends phpbb_test_case array('config_key_name_width' => 10, 'config_key_name_height' => 20), 'config_key_name', array(), - ' x ', + ' x ', ), array( array('dimension', 0, 15), @@ -76,7 +76,7 @@ class phpbb_functions_acp_build_cfg_template_test extends phpbb_test_case array('config_key_name_width' => 10, 'config_key_name_height' => 20), 'config_key_name', array(), - ' x ', + ' x ', ), ); } @@ -104,7 +104,7 @@ class phpbb_functions_acp_build_cfg_template_test extends phpbb_test_case array('config_key_name' => 10), 'config_key_name', array(), - '', + '', ), array( array('number', -1, 9999), @@ -112,7 +112,7 @@ class phpbb_functions_acp_build_cfg_template_test extends phpbb_test_case array('config_key_name' => 10), 'config_key_name', array(), - '', + '', ), ); } -- cgit v1.2.1