From 7740ab5dc35734177e64bed3a21a94ab11d5d0aa Mon Sep 17 00:00:00 2001 From: Nathan Guse Date: Mon, 30 Dec 2013 11:31:24 -0600 Subject: [ticket/12006] Cleanup the module auth function token replacement code PHPBB3-12006 --- phpBB/includes/functions_module.php | 22 ++++++++++++++++++++-- 1 file changed, 20 insertions(+), 2 deletions(-) diff --git a/phpBB/includes/functions_module.php b/phpBB/includes/functions_module.php index e1259eba12..a8855a3be2 100644 --- a/phpBB/includes/functions_module.php +++ b/phpBB/includes/functions_module.php @@ -351,6 +351,15 @@ class p_master [(),] | [^\s(),]+)/x', $module_auth, $match); + // Valid tokens for auth and their replacements + $valid_tokens = array( + 'acl_([a-z0-9_]+)(,\$id)?' => '(int) $auth->acl_get(\'\\1\'\\2)', + '\$id' => '(int) $forum_id', + 'aclf_([a-z0-9_]+)' => '(int) $auth->acl_getf_global(\'\\1\')', + 'cfg_([a-z0-9_]+)' => '(int) $config[\'\\1\']', + 'request_([a-zA-Z0-9_]+)' => '$request->variable(\'\\1\', false)', + ); + $tokens = $match[0]; for ($i = 0, $size = sizeof($tokens); $i < $size; $i++) { @@ -366,7 +375,7 @@ class p_master break; default: - if (!preg_match('#(?:acl_([a-z0-9_]+)(,\$id)?)|(?:\$id)|(?:aclf_([a-z0-9_]+))|(?:cfg_([a-z0-9_]+))|(?:request_([a-zA-Z0-9_]+))#', $token)) + if (!preg_match('#(?:' . implode(array_keys($valid_tokens), ')|(?:') . ')#', $token)) { $token = ''; } @@ -379,8 +388,17 @@ class p_master // Make sure $id separation is working fine $module_auth = str_replace(' , ', ',', $module_auth); + $module_auth = preg_replace( + // Array keys with # prepended/appended + array_map(function($value){ + return '#' . $value . '#'; + }, array_keys($valid_tokens)), + array_values($valid_tokens), + $module_auth + ); + $is_auth = false; - eval('$is_auth = (int) (' . preg_replace(array('#acl_([a-z0-9_]+)(,\$id)?#', '#\$id#', '#aclf_([a-z0-9_]+)#', '#cfg_([a-z0-9_]+)#', '#request_([a-zA-Z0-9_]+)#'), array('(int) $auth->acl_get(\'\\1\'\\2)', '(int) $forum_id', '(int) $auth->acl_getf_global(\'\\1\')', '(int) $config[\'\\1\']', '$request->variable(\'\\1\', false)'), $module_auth) . ');'); + eval('$is_auth = (int) (' . $module_auth . ');'); return $is_auth; } -- cgit v1.2.1 From 05cf83aca7a8f3ddacff932419508a65cfe48455 Mon Sep 17 00:00:00 2001 From: Nathan Guse Date: Mon, 30 Dec 2013 11:46:51 -0600 Subject: [ticket/12006] Add extension enabled check token to module auth PHPBB3-12006 --- phpBB/includes/functions_module.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/phpBB/includes/functions_module.php b/phpBB/includes/functions_module.php index a8855a3be2..ea3b3356bb 100644 --- a/phpBB/includes/functions_module.php +++ b/phpBB/includes/functions_module.php @@ -334,7 +334,7 @@ class p_master static function module_auth($module_auth, $forum_id) { global $auth, $config; - global $request; + global $request, $phpbb_extension_manager; $module_auth = trim($module_auth); @@ -358,6 +358,7 @@ class p_master 'aclf_([a-z0-9_]+)' => '(int) $auth->acl_getf_global(\'\\1\')', 'cfg_([a-z0-9_]+)' => '(int) $config[\'\\1\']', 'request_([a-zA-Z0-9_]+)' => '$request->variable(\'\\1\', false)', + 'ext_([a-zA-Z0-9_/]+)' => 'array_key_exists(\'\\1\', $phpbb_extension_manager->all_enabled())', ); $tokens = $match[0]; -- cgit v1.2.1 From 6ab12c17790033366a05f765a4a03b14a2d3d3b6 Mon Sep 17 00:00:00 2001 From: Nathan Guse Date: Mon, 30 Dec 2013 12:32:48 -0600 Subject: [ticket/12006] Test for ext module auth PHPBB3-12006 --- tests/extension/ext/vendor2/foo/acp/a_info.php | 2 +- tests/extension/modules_test.php | 44 ++++++++++++++++++++++++-- 2 files changed, 42 insertions(+), 4 deletions(-) diff --git a/tests/extension/ext/vendor2/foo/acp/a_info.php b/tests/extension/ext/vendor2/foo/acp/a_info.php index 27e67c1556..e1eaa340b7 100644 --- a/tests/extension/ext/vendor2/foo/acp/a_info.php +++ b/tests/extension/ext/vendor2/foo/acp/a_info.php @@ -11,7 +11,7 @@ class a_info 'title' => 'Foobar', 'version' => '3.1.0-dev', 'modes' => array( - 'config' => array('title' => 'Config', 'auth' => '', 'cat' => array('ACP_MODS')), + 'config' => array('title' => 'Config', 'auth' => 'ext_vendor2/foo', 'cat' => array('ACP_MODS')), ), ); } diff --git a/tests/extension/modules_test.php b/tests/extension/modules_test.php index 5dcb24c691..c0a136e173 100644 --- a/tests/extension/modules_test.php +++ b/tests/extension/modules_test.php @@ -12,6 +12,7 @@ require_once dirname(__FILE__) . '/ext/vendor2/foo/mcp/a_info.php'; require_once dirname(__FILE__) . '/ext/vendor2/foo/acp/fail_info.php'; require_once dirname(__FILE__) . '/ext/vendor2/bar/acp/a_info.php'; require_once dirname(__FILE__) . '/../../phpBB/includes/acp/acp_modules.php'; +require_once dirname(__FILE__) . '/../../phpBB/includes/functions_module.php'; class phpbb_extension_modules_test extends phpbb_test_case { @@ -59,7 +60,7 @@ class phpbb_extension_modules_test extends phpbb_test_case 'title' => 'Foobar', 'version' => '3.1.0-dev', 'modes' => array( - 'config' => array('title' => 'Config', 'auth' => '', 'cat' => array('ACP_MODS')), + 'config' => array('title' => 'Config', 'auth' => 'ext_vendor2/foo', 'cat' => array('ACP_MODS')), ), ), 'acp_foobar' => array( @@ -133,7 +134,7 @@ class phpbb_extension_modules_test extends phpbb_test_case 'title' => 'Foobar', 'version' => '3.1.0-dev', 'modes' => array ( - 'config' => array ('title' => 'Config', 'auth' => '', 'cat' => array ('ACP_MODS')), + 'config' => array ('title' => 'Config', 'auth' => 'ext_vendor2/foo', 'cat' => array ('ACP_MODS')), ), ), ), $acp_modules); @@ -157,7 +158,7 @@ class phpbb_extension_modules_test extends phpbb_test_case 'title' => 'Foobar', 'version' => '3.1.0-dev', 'modes' => array( - 'config' => array('title' => 'Config', 'auth' => '', 'cat' => array('ACP_MODS')), + 'config' => array('title' => 'Config', 'auth' => 'ext_vendor2/foo', 'cat' => array('ACP_MODS')), ), ), 'acp_foobar' => array( @@ -191,4 +192,41 @@ class phpbb_extension_modules_test extends phpbb_test_case ) ), $acp_modules); } + + public function module_auth_test_data() + { + return array( + // module_auth, expected result + array('ext_foo', false), + array('ext_foo/bar', false), + array('ext_vendor3/bar', false), + array('ext_vendor2/foo', true), + ); + } + + /** + * @dataProvider module_auth_test_data + */ + public function test_modules_auth($module_auth, $expected) + { + global $phpbb_extension_manager; + + $phpbb_extension_manager = $this->extension_manager = new phpbb_mock_extension_manager( + dirname(__FILE__) . '/', + array( + 'vendor2/foo' => array( + 'ext_name' => 'vendor2/foo', + 'ext_active' => '1', + 'ext_path' => 'ext/vendor2/foo/', + ), + 'vendor3/bar' => array( + 'ext_name' => 'vendor3/bar', + 'ext_active' => '0', + 'ext_path' => 'ext/vendor3/bar/', + ), + ) + ); + + $this->assertEquals($expected, p_master::module_auth($module_auth, 0)); + } } -- cgit v1.2.1 From e3cba9ceba4994bbc4006f7107a3f5baee21e71d Mon Sep 17 00:00:00 2001 From: Nathan Guse Date: Fri, 10 Jan 2014 13:14:50 -0600 Subject: [ticket/12006] Add module_auth event PHPBB3-12006 --- phpBB/includes/functions_module.php | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/phpBB/includes/functions_module.php b/phpBB/includes/functions_module.php index ea3b3356bb..88e3fbce2f 100644 --- a/phpBB/includes/functions_module.php +++ b/phpBB/includes/functions_module.php @@ -361,6 +361,20 @@ class p_master 'ext_([a-zA-Z0-9_/]+)' => 'array_key_exists(\'\\1\', $phpbb_extension_manager->all_enabled())', ); + /** + * Alter tokens for module authorisation check + * + * @event core.module_auth + * @var array valid_tokens Valid tokens and their auth check + * replacements + * @var string module_auth The module_auth of the current + * module + * @var int forum_id The current forum_id + * @since 3.1-A3 + */ + $vars = array('valid_tokens', 'module_auth', 'forum_id'); + extract($phpbb_dispatcher->trigger_event('core.module_auth', compact($vars))); + $tokens = $match[0]; for ($i = 0, $size = sizeof($tokens); $i < $size; $i++) { -- cgit v1.2.1 From 7bac4bf9bd439f08f7aeb6ca67bdc14789a28d4c Mon Sep 17 00:00:00 2001 From: Nathan Guse Date: Fri, 10 Jan 2014 13:15:37 -0600 Subject: [ticket/12006] Missing a space PHPBB3-12006 --- phpBB/includes/functions_module.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/phpBB/includes/functions_module.php b/phpBB/includes/functions_module.php index 88e3fbce2f..cd84902acf 100644 --- a/phpBB/includes/functions_module.php +++ b/phpBB/includes/functions_module.php @@ -405,7 +405,7 @@ class p_master $module_auth = preg_replace( // Array keys with # prepended/appended - array_map(function($value){ + array_map(function($value) { return '#' . $value . '#'; }, array_keys($valid_tokens)), array_values($valid_tokens), -- cgit v1.2.1 From 2cf4b68351aa3abcb63f51e33e491ada097ded7c Mon Sep 17 00:00:00 2001 From: Nathan Guse Date: Fri, 17 Jan 2014 20:26:59 -0600 Subject: [ticket/12006] global $phpbb_dispatcher; PHPBB3-12006 --- phpBB/includes/functions_module.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/phpBB/includes/functions_module.php b/phpBB/includes/functions_module.php index cd84902acf..53055752f6 100644 --- a/phpBB/includes/functions_module.php +++ b/phpBB/includes/functions_module.php @@ -334,7 +334,7 @@ class p_master static function module_auth($module_auth, $forum_id) { global $auth, $config; - global $request, $phpbb_extension_manager; + global $request, $phpbb_extension_manager, $phpbb_dispatcher; $module_auth = trim($module_auth); -- cgit v1.2.1