From 56477a8f7c1421ecc01f15258f0739ce8438db32 Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Sun, 30 Jun 2019 22:40:34 +0200 Subject: [ticket/security/244] Add form token check to plupload SECURTIY-244 --- phpBB/assets/javascript/plupload.js | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) (limited to 'phpBB/assets/javascript') diff --git a/phpBB/assets/javascript/plupload.js b/phpBB/assets/javascript/plupload.js index fab1ca6d7c..5e8db8b035 100644 --- a/phpBB/assets/javascript/plupload.js +++ b/phpBB/assets/javascript/plupload.js @@ -90,6 +90,12 @@ phpbb.plupload.getSerializedData = function() { obj['attachment_data[' + i + '][' + key + ']'] = datum[key]; } } + + // Insert form data + var $pluploadForm = $(phpbb.plupload.config.form_hook).first(); + obj.creation_time = $pluploadForm.find('input[type=hidden][name="creation_time"]').val(); + obj.form_token = $pluploadForm.find('input[type=hidden][name="form_token"]').val(); + return obj; }; @@ -264,6 +270,17 @@ phpbb.plupload.deleteFile = function(row, attachId) { return; } + + // Handle errors while deleting file + if (typeof response.error !== 'undefined') { + phpbb.alert(phpbb.plupload.lang.ERROR, response.error.message); + + // We will have to assume that the deletion failed. So leave the file status as uploaded. + row.find('.file-status').toggleClass('file-uploaded'); + + return; + } + phpbb.plupload.update(response, 'removal', index); // Check if the user can upload files now if he had reached the max files limit. phpbb.plupload.handleMaxFilesReached(); -- cgit v1.2.1 From 8bc056ebe6d5876c6de2a2ca84bf234678c3e702 Mon Sep 17 00:00:00 2001 From: mrgoldy Date: Sun, 25 Aug 2019 21:24:22 +0200 Subject: [ticket/16076] addFileFilter to check max file size per mime type PHPBB3-16076 --- phpBB/assets/javascript/plupload.js | 38 +++++++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) (limited to 'phpBB/assets/javascript') diff --git a/phpBB/assets/javascript/plupload.js b/phpBB/assets/javascript/plupload.js index fab1ca6d7c..ab6d0d7e88 100644 --- a/phpBB/assets/javascript/plupload.js +++ b/phpBB/assets/javascript/plupload.js @@ -446,6 +446,44 @@ phpbb.plupload.fileError = function(file, error) { phpbb.plupload.uploader = new plupload.Uploader(phpbb.plupload.config); phpbb.plupload.initialize(); +/** + * Add a file filter to check for max file sizes per mime type. + */ +plupload.addFileFilter('mime_types_max_file_size', function(types, file, cb) { + if (file.size !== 'undefined') { + $(types).each(function(i, type) { + let extensions = [], + exts_array = type.extensions.split(','); + + $(exts_array).each(function(i, extension) { + /^\s*\*\s*$/.test(extension) ? extensions.push("\\.*") : extensions.push("\\." + extension.replace(new RegExp("[" + "/^$.*+?|()[]{}\\".replace(/./g, "\\$&") + "]", "g"), "\\$&")); + }); + + let regex = new RegExp("(" + extensions.join("|") + ")$", "i"); + + if (regex.test(file.name)) { + if (type.max_file_size !== 'undefined' && type.max_file_size) { + if (file.size > type.max_file_size) { + phpbb.plupload.uploader.trigger('Error', { + code: plupload.FILE_SIZE_ERROR, + message: plupload.translate('File size error.'), + file: file + }); + + cb(false); + } else { + cb(true); + } + } else { + cb(true); + } + + return false; + } + }); + } +}); + var $fileList = $('#file-list'); /** -- cgit v1.2.1 From 2a32d74d2067e046ee0167490a57fe904186c6f4 Mon Sep 17 00:00:00 2001 From: mrgoldy Date: Wed, 4 Sep 2019 15:29:50 +0200 Subject: [ticket/15422] Remove redundant BBCode helpline PHPBB3-15422 --- phpBB/assets/javascript/editor.js | 13 +++---------- 1 file changed, 3 insertions(+), 10 deletions(-) (limited to 'phpBB/assets/javascript') diff --git a/phpBB/assets/javascript/editor.js b/phpBB/assets/javascript/editor.js index 23244f5a40..24cbc09f58 100644 --- a/phpBB/assets/javascript/editor.js +++ b/phpBB/assets/javascript/editor.js @@ -17,17 +17,10 @@ var is_ie = ((clientPC.indexOf('msie') !== -1) && (clientPC.indexOf('opera') === var is_win = ((clientPC.indexOf('win') !== -1) || (clientPC.indexOf('16bit') !== -1)); var baseHeight; -/** -* Shows the help messages in the helpline window -*/ -function helpline(help) { - document.forms[form_name].helpbox.value = help_line[help]; -} - /** * Fix a bug involving the TextRange object. From * http://www.frostjedi.com/terra/scripts/demo/caretBug.html -*/ +*/ function initInsertions() { var doc; @@ -104,8 +97,8 @@ function bbfontstyle(bbopen, bbclose) { } // IE else if (document.selection) { - var range = textarea.createTextRange(); - range.move("character", new_pos); + var range = textarea.createTextRange(); + range.move("character", new_pos); range.select(); storeCaret(textarea); } -- cgit v1.2.1 From c9284e1c687c4a76d6b8503f980eecc21bc35939 Mon Sep 17 00:00:00 2001 From: mrgoldy Date: Sun, 22 Sep 2019 12:04:10 +0200 Subject: [ticket/16076] camelCase and callback PHPBB3-16076 --- phpBB/assets/javascript/plupload.js | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) (limited to 'phpBB/assets/javascript') diff --git a/phpBB/assets/javascript/plupload.js b/phpBB/assets/javascript/plupload.js index ab6d0d7e88..f82da1acb1 100644 --- a/phpBB/assets/javascript/plupload.js +++ b/phpBB/assets/javascript/plupload.js @@ -449,13 +449,13 @@ phpbb.plupload.initialize(); /** * Add a file filter to check for max file sizes per mime type. */ -plupload.addFileFilter('mime_types_max_file_size', function(types, file, cb) { +plupload.addFileFilter('mime_types_max_file_size', function(types, file, callback) { if (file.size !== 'undefined') { $(types).each(function(i, type) { let extensions = [], - exts_array = type.extensions.split(','); + extsArray = type.extensions.split(','); - $(exts_array).each(function(i, extension) { + $(extsArray).each(function(i, extension) { /^\s*\*\s*$/.test(extension) ? extensions.push("\\.*") : extensions.push("\\." + extension.replace(new RegExp("[" + "/^$.*+?|()[]{}\\".replace(/./g, "\\$&") + "]", "g"), "\\$&")); }); @@ -470,12 +470,12 @@ plupload.addFileFilter('mime_types_max_file_size', function(types, file, cb) { file: file }); - cb(false); + callback(false); } else { - cb(true); + callback(true); } } else { - cb(true); + callback(true); } return false; -- cgit v1.2.1