From b7b0b0ccc3fbf92324948e8c5e616a3e06343600 Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Tue, 14 May 2013 13:43:53 +0200 Subject: [ticket/11538] Make sure group color can't exceed maximum of 6 characters In order to prevent future issues with this, a basic set of functional tests for the UCP groups manage page have been added. PHPBB3-11538 --- phpBB/includes/ucp/ucp_groups.php | 10 ++++++++++ 1 file changed, 10 insertions(+) (limited to 'phpBB/includes/ucp/ucp_groups.php') diff --git a/phpBB/includes/ucp/ucp_groups.php b/phpBB/includes/ucp/ucp_groups.php index d62dbb1866..c1db19774a 100644 --- a/phpBB/includes/ucp/ucp_groups.php +++ b/phpBB/includes/ucp/ucp_groups.php @@ -597,6 +597,16 @@ class ucp_groups if (!sizeof($error)) { + // Make sure maximum length of 6 of group color is not exceeded + if (strpos($submit_ary['colour'], '#') === 0) + { + $submit_ary['colour'] = substr($submit_ary['colour'], 1, 6); + } + else + { + $submit_ary['colour'] = substr($submit_ary['colour'], 0, 6); + } + // Only set the rank, colour, etc. if it's changed or if we're adding a new // group. This prevents existing group members being updated if no changes // were made. -- cgit v1.2.1 From a547ba3f9d569410107574a151af9a2f301bb68e Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Tue, 14 May 2013 19:44:55 +0200 Subject: [ticket/11538] Use regex for testing color value and improve tests We are now using a regex with preg_match() in order to properly check if the entered color value is in hex color format or not. A proper error message is triggered if an incorrect color value is entered and the prepended '#' is removed if necessary. PHPBB3-11538 --- phpBB/includes/ucp/ucp_groups.php | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) (limited to 'phpBB/includes/ucp/ucp_groups.php') diff --git a/phpBB/includes/ucp/ucp_groups.php b/phpBB/includes/ucp/ucp_groups.php index c1db19774a..3f06e74159 100644 --- a/phpBB/includes/ucp/ucp_groups.php +++ b/phpBB/includes/ucp/ucp_groups.php @@ -595,18 +595,22 @@ class ucp_groups $error[] = $user->lang['FORM_INVALID']; } - if (!sizeof($error)) + if (!empty($submit_ary['colour'])) { - // Make sure maximum length of 6 of group color is not exceeded - if (strpos($submit_ary['colour'], '#') === 0) + preg_match('/^(#?)+(?:[0-9a-fA-F]{6}|[0-9a-fA-F]{3})\b/', $submit_ary['colour'], $group_colour); + + if (sizeof($group_colour)) { - $submit_ary['colour'] = substr($submit_ary['colour'], 1, 6); + $submit_ary['colour'] = (strpos($group_colour[0], '#') !== false) ? str_replace('#', '', $group_colour[0]) : $group_colour[0]; } else { - $submit_ary['colour'] = substr($submit_ary['colour'], 0, 6); + $error[] = $user->lang['COLOUR_INVALID']; } + } + if (!sizeof($error)) + { // Only set the rank, colour, etc. if it's changed or if we're adding a new // group. This prevents existing group members being updated if no changes // were made. -- cgit v1.2.1 From 1fae7720e43c8ff853225e16d0de54395d9ab051 Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Tue, 14 May 2013 21:27:25 +0200 Subject: [ticket/11538] Fix incorrect regex and test for duplicate # in color string PHPBB3-11538 --- phpBB/includes/ucp/ucp_groups.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'phpBB/includes/ucp/ucp_groups.php') diff --git a/phpBB/includes/ucp/ucp_groups.php b/phpBB/includes/ucp/ucp_groups.php index 3f06e74159..8ff76eac42 100644 --- a/phpBB/includes/ucp/ucp_groups.php +++ b/phpBB/includes/ucp/ucp_groups.php @@ -597,7 +597,7 @@ class ucp_groups if (!empty($submit_ary['colour'])) { - preg_match('/^(#?)+(?:[0-9a-fA-F]{6}|[0-9a-fA-F]{3})\b/', $submit_ary['colour'], $group_colour); + preg_match('/^#?(?:[0-9a-fA-F]{6}|[0-9a-fA-F]{3})\b/', $submit_ary['colour'], $group_colour); if (sizeof($group_colour)) { -- cgit v1.2.1 From deefe5c0e48534cea1327cf685255d109d9d7e2c Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Tue, 14 May 2013 22:39:33 +0200 Subject: [ticket/11538] Simplify colour value check and remove support for '#' The input length for the hex color is now limited to 6 characters and the support for colors starting with a '#' has been dropped. The allowed input length of 7 in prosilver seems to have been a relict from old ages of phpBB3. In order to have proper support for correct checking of the colour value, the new code was also ported to the ACP groups manage page. The tests have been modified to reflect the changes to the behavior of the color check. Tests for the ACP will follow. PHPBB3-11538 --- phpBB/includes/ucp/ucp_groups.php | 15 ++++----------- 1 file changed, 4 insertions(+), 11 deletions(-) (limited to 'phpBB/includes/ucp/ucp_groups.php') diff --git a/phpBB/includes/ucp/ucp_groups.php b/phpBB/includes/ucp/ucp_groups.php index 8ff76eac42..bf6af8b6f1 100644 --- a/phpBB/includes/ucp/ucp_groups.php +++ b/phpBB/includes/ucp/ucp_groups.php @@ -595,18 +595,11 @@ class ucp_groups $error[] = $user->lang['FORM_INVALID']; } - if (!empty($submit_ary['colour'])) + // Validate submitted colour value + if ($colour_error = validate_data($submit_ary, array('colour' => array('match', true, '/^([0-9a-fA-F]{6}|[0-9a-fA-F]{3})\b/')))) { - preg_match('/^#?(?:[0-9a-fA-F]{6}|[0-9a-fA-F]{3})\b/', $submit_ary['colour'], $group_colour); - - if (sizeof($group_colour)) - { - $submit_ary['colour'] = (strpos($group_colour[0], '#') !== false) ? str_replace('#', '', $group_colour[0]) : $group_colour[0]; - } - else - { - $error[] = $user->lang['COLOUR_INVALID']; - } + // Replace "error" string with its real, localised form + $error = array_merge($error, array_map(array(&$user, 'lang'), $colour_error)); } if (!sizeof($error)) -- cgit v1.2.1 From 204cdb21640aead9f7560034bb8e686c17707476 Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Wed, 15 May 2013 12:30:05 +0200 Subject: [ticket/11538] Make sure regex doesn't allow multiple color values This will now make sure that 'AAFF00' will be matched but strings like 'AAFF00 AABB00' will not. PHPBB3-11538 --- phpBB/includes/ucp/ucp_groups.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'phpBB/includes/ucp/ucp_groups.php') diff --git a/phpBB/includes/ucp/ucp_groups.php b/phpBB/includes/ucp/ucp_groups.php index bf6af8b6f1..58c8d1ae4a 100644 --- a/phpBB/includes/ucp/ucp_groups.php +++ b/phpBB/includes/ucp/ucp_groups.php @@ -596,7 +596,7 @@ class ucp_groups } // Validate submitted colour value - if ($colour_error = validate_data($submit_ary, array('colour' => array('match', true, '/^([0-9a-fA-F]{6}|[0-9a-fA-F]{3})\b/')))) + if ($colour_error = validate_data($submit_ary, array('colour' => array('match', true, '/^([0-9a-fA-F]{6}|[0-9a-fA-F]{3})$/')))) { // Replace "error" string with its real, localised form $error = array_merge($error, array_map(array(&$user, 'lang'), $colour_error)); -- cgit v1.2.1 From 1715619fda2aebd7ebae960e5fcbdf4b24ce4dca Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Thu, 16 May 2013 13:22:43 +0200 Subject: [ticket/11538] Add function phpbb_validate_colour for validating colours It will be possible to use this function via the validate_data() function interface that has already been used previously. Thus, this new function will extend the capabilities of validate_data() to checking hex color values. PHPBB3-11538 --- phpBB/includes/ucp/ucp_groups.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'phpBB/includes/ucp/ucp_groups.php') diff --git a/phpBB/includes/ucp/ucp_groups.php b/phpBB/includes/ucp/ucp_groups.php index 58c8d1ae4a..9d2cf2728d 100644 --- a/phpBB/includes/ucp/ucp_groups.php +++ b/phpBB/includes/ucp/ucp_groups.php @@ -596,7 +596,7 @@ class ucp_groups } // Validate submitted colour value - if ($colour_error = validate_data($submit_ary, array('colour' => array('match', true, '/^([0-9a-fA-F]{6}|[0-9a-fA-F]{3})$/')))) + if ($colour_error = validate_data($submit_ary, array('colour' => array('colour')))) { // Replace "error" string with its real, localised form $error = array_merge($error, array_map(array(&$user, 'lang'), $colour_error)); -- cgit v1.2.1 From b49ce5eb3a54a6c256955d3510fe409a6f4511aa Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Sun, 19 May 2013 11:29:11 +0200 Subject: [ticket/11538] Rename phpbb_validate_colour to phpbb_validate_hex_colour PHPBB3-11538 --- phpBB/includes/ucp/ucp_groups.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'phpBB/includes/ucp/ucp_groups.php') diff --git a/phpBB/includes/ucp/ucp_groups.php b/phpBB/includes/ucp/ucp_groups.php index 9d2cf2728d..20a55d8c32 100644 --- a/phpBB/includes/ucp/ucp_groups.php +++ b/phpBB/includes/ucp/ucp_groups.php @@ -596,7 +596,7 @@ class ucp_groups } // Validate submitted colour value - if ($colour_error = validate_data($submit_ary, array('colour' => array('colour')))) + if ($colour_error = validate_data($submit_ary, array('colour' => array('hex_colour')))) { // Replace "error" string with its real, localised form $error = array_merge($error, array_map(array(&$user, 'lang'), $colour_error)); -- cgit v1.2.1 From cd1da92d8540d6b4aa0fa1ccf2bcafe68007288a Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Sun, 19 May 2013 17:45:45 +0200 Subject: [ticket/11538] Add optional switch as argument to hex colour validation The value of $optional will decide whether an empty string will be treated as incorrect input or if it is allowed. The optional argument will default to false and therefore treat an empty string as incorrect unless explicitly told to not do so. PHPBB3-11538 --- phpBB/includes/ucp/ucp_groups.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'phpBB/includes/ucp/ucp_groups.php') diff --git a/phpBB/includes/ucp/ucp_groups.php b/phpBB/includes/ucp/ucp_groups.php index 20a55d8c32..9365913541 100644 --- a/phpBB/includes/ucp/ucp_groups.php +++ b/phpBB/includes/ucp/ucp_groups.php @@ -596,7 +596,7 @@ class ucp_groups } // Validate submitted colour value - if ($colour_error = validate_data($submit_ary, array('colour' => array('hex_colour')))) + if ($colour_error = validate_data($submit_ary, array('colour' => array('hex_colour', true)))) { // Replace "error" string with its real, localised form $error = array_merge($error, array_map(array(&$user, 'lang'), $colour_error)); -- cgit v1.2.1