From 9d4d212e0f71789e1f0332046dd852d80ab9c8ba Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Thu, 24 Oct 2013 13:55:23 +0200 Subject: [ticket/11525] Only remove group or user prefix from given avatar data Until now, the user data had both user_id and group_id keys in the avatar data. As both group_ and user_ prefixes were removed the group_id was collapsed onto the user_id and therefore all users in the same group had the same prefix for their uploaded avatars. This patch will make sure that the correct id is used depending on whether it's a group's or user's avatar data. PHPBB3-11525 --- phpBB/phpbb/avatar/manager.php | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) (limited to 'phpBB/phpbb/avatar') diff --git a/phpBB/phpbb/avatar/manager.php b/phpBB/phpbb/avatar/manager.php index c28380a401..f2bb1a5dbe 100644 --- a/phpBB/phpbb/avatar/manager.php +++ b/phpBB/phpbb/avatar/manager.php @@ -178,14 +178,15 @@ class manager } /** - * Strip out user_ and group_ prefixes from keys + * Strip out user_, group_, or other prefixes from array keys * * @param array $row User data or group data + * @param string $prefix Prefix of data keys * * @return array User data or group data with keys that have been * stripped from the preceding "user_" or "group_" */ - static public function clean_row($row) + static public function clean_row($row, $prefix = '') { // Upon creation of a user/group $row might be empty if (empty($row)) @@ -196,7 +197,7 @@ class manager $keys = array_keys($row); $values = array_values($row); - $keys = array_map(array('\phpbb\avatar\manager', 'strip_prefix'), $keys); + array_walk($keys, array('\phpbb\avatar\manager', 'strip_prefix'), $prefix); return array_combine($keys, $values); } @@ -205,11 +206,12 @@ class manager * Strip prepending user_ or group_ prefix from key * * @param string Array key - * @return string Key that has been stripped from its prefix + * @return void */ - static protected function strip_prefix($key) + static protected function strip_prefix(&$key, $null, $prefix) { - return preg_replace('#^(?:user_|group_)#', '', $key); + $regex = ($prefix !== '') ? "#^(?:{$prefix}_)#" : '#^(?:user_|group_)#'; + $key = preg_replace($regex, '', $key); } /** -- cgit v1.2.1 From 9b0b5481fe05b10a254861495280d04721e8d9d1 Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Thu, 24 Oct 2013 21:03:06 +0200 Subject: [ticket/11534] Check remote avatar content type if possible This should make sure that error pages like 404 or 503 pages are not treated as remote avatar images. PHPBB3-11534 --- phpBB/phpbb/avatar/driver/remote.php | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) (limited to 'phpBB/phpbb/avatar') diff --git a/phpBB/phpbb/avatar/driver/remote.php b/phpBB/phpbb/avatar/driver/remote.php index 1aa638dfe5..a04c6879f3 100644 --- a/phpBB/phpbb/avatar/driver/remote.php +++ b/phpBB/phpbb/avatar/driver/remote.php @@ -125,6 +125,37 @@ class remote extends \phpbb\avatar\driver\driver $types = \fileupload::image_types(); $extension = strtolower(\filespec::get_extension($url)); + // Check if this is actually an image + if ($file_stream = @fopen($url, 'r')) + { + // Timeout after 1 second + stream_set_timeout($file_stream, 1); + $meta = stream_get_meta_data($file_stream); + foreach ($meta['wrapper_data'] as $header) + { + $header = preg_split('/ /', $header, 2); + if (strtr(strtolower(trim($header[0], ':')), '_', '-') === 'content-type') + { + if (strpos($header[1], 'image/') !== 0) + { + $error[] = 'AVATAR_URL_INVALID'; + fclose($file_stream); + return false; + } + else + { + fclose($file_stream); + break; + } + } + } + } + else + { + $error[] = 'AVATAR_URL_INVALID'; + return false; + } + if (!empty($image_data) && (!isset($types[$image_data[2]]) || !in_array($extension, $types[$image_data[2]]))) { if (!isset($types[$image_data[2]])) -- cgit v1.2.1 From b2f638b79359ee6df600ca940ffa2b1657235364 Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Sun, 27 Oct 2013 09:52:09 +0100 Subject: [ticket/11857] Use passed service collection instead of container in manager The service collection that was already passed to the avatar manager should be used in the avatar manager method get_driver() instead of the container itself. PHPBB3-11857 --- phpBB/phpbb/avatar/manager.php | 30 +++++++++++++++++++----------- 1 file changed, 19 insertions(+), 11 deletions(-) (limited to 'phpBB/phpbb/avatar') diff --git a/phpBB/phpbb/avatar/manager.php b/phpBB/phpbb/avatar/manager.php index c28380a401..7c26bce5ae 100644 --- a/phpBB/phpbb/avatar/manager.php +++ b/phpBB/phpbb/avatar/manager.php @@ -41,12 +41,6 @@ class manager */ protected $avatar_drivers; - /** - * Service container object - * @var object - */ - protected $container; - /** * Default avatar data row * @var array @@ -63,13 +57,27 @@ class manager * * @param \phpbb\config\config $config phpBB configuration * @param array $avatar_drivers Avatar drivers passed via the service container - * @param object $container Container object */ - public function __construct(\phpbb\config\config $config, $avatar_drivers, $container) + public function __construct(\phpbb\config\config $config, $avatar_drivers) { $this->config = $config; - $this->avatar_drivers = $avatar_drivers; - $this->container = $container; + $this->register_avatar_drivers($avatar_drivers); + } + + /** + * Register avatar drivers + * + * @param array $avatar_drivers Service collection of avatar drivers + */ + protected function register_avatar_drivers($avatar_drivers) + { + if (!empty($avatar_drivers)) + { + foreach ($avatar_drivers as $driver) + { + $this->avatar_drivers[$driver->get_name()] = $driver; + } + } } /** @@ -112,7 +120,7 @@ class manager * There is no need to handle invalid avatar types as the following code * will cause a ServiceNotFoundException if the type does not exist */ - $driver = $this->container->get($avatar_type); + $driver = $this->avatar_drivers[$avatar_type]; return $driver; } -- cgit v1.2.1 From 7aa8f6461f1e85cf91931f56b95384e54fec07c2 Mon Sep 17 00:00:00 2001 From: Andreas Fischer Date: Wed, 30 Oct 2013 13:05:28 +0100 Subject: [task/code-sniffer] Remove the IN_PHPBB check side-effect from class files. PHPBB3-11980 --- phpBB/phpbb/avatar/driver/driver.php | 8 -------- phpBB/phpbb/avatar/driver/driver_interface.php | 8 -------- phpBB/phpbb/avatar/driver/gravatar.php | 8 -------- phpBB/phpbb/avatar/driver/local.php | 8 -------- phpBB/phpbb/avatar/driver/remote.php | 8 -------- phpBB/phpbb/avatar/driver/upload.php | 8 -------- phpBB/phpbb/avatar/manager.php | 8 -------- 7 files changed, 56 deletions(-) (limited to 'phpBB/phpbb/avatar') diff --git a/phpBB/phpbb/avatar/driver/driver.php b/phpBB/phpbb/avatar/driver/driver.php index 206df86543..d360614122 100644 --- a/phpBB/phpbb/avatar/driver/driver.php +++ b/phpBB/phpbb/avatar/driver/driver.php @@ -9,14 +9,6 @@ namespace phpbb\avatar\driver; -/** -* @ignore -*/ -if (!defined('IN_PHPBB')) -{ - exit; -} - /** * Base class for avatar drivers * @package phpBB3 diff --git a/phpBB/phpbb/avatar/driver/driver_interface.php b/phpBB/phpbb/avatar/driver/driver_interface.php index d9540c19db..7f049469a2 100644 --- a/phpBB/phpbb/avatar/driver/driver_interface.php +++ b/phpBB/phpbb/avatar/driver/driver_interface.php @@ -9,14 +9,6 @@ namespace phpbb\avatar\driver; -/** -* @ignore -*/ -if (!defined('IN_PHPBB')) -{ - exit; -} - /** * Interface for avatar drivers * @package phpBB3 diff --git a/phpBB/phpbb/avatar/driver/gravatar.php b/phpBB/phpbb/avatar/driver/gravatar.php index 3ad783932e..d64f4da734 100644 --- a/phpBB/phpbb/avatar/driver/gravatar.php +++ b/phpBB/phpbb/avatar/driver/gravatar.php @@ -9,14 +9,6 @@ namespace phpbb\avatar\driver; -/** -* @ignore -*/ -if (!defined('IN_PHPBB')) -{ - exit; -} - /** * Handles avatars hosted at gravatar.com * @package phpBB3 diff --git a/phpBB/phpbb/avatar/driver/local.php b/phpBB/phpbb/avatar/driver/local.php index 0686ffe79a..f6acc6e636 100644 --- a/phpBB/phpbb/avatar/driver/local.php +++ b/phpBB/phpbb/avatar/driver/local.php @@ -9,14 +9,6 @@ namespace phpbb\avatar\driver; -/** -* @ignore -*/ -if (!defined('IN_PHPBB')) -{ - exit; -} - /** * Handles avatars selected from the board gallery * @package phpBB3 diff --git a/phpBB/phpbb/avatar/driver/remote.php b/phpBB/phpbb/avatar/driver/remote.php index 1aa638dfe5..12cbd883f4 100644 --- a/phpBB/phpbb/avatar/driver/remote.php +++ b/phpBB/phpbb/avatar/driver/remote.php @@ -9,14 +9,6 @@ namespace phpbb\avatar\driver; -/** -* @ignore -*/ -if (!defined('IN_PHPBB')) -{ - exit; -} - /** * Handles avatars hosted remotely * @package phpBB3 diff --git a/phpBB/phpbb/avatar/driver/upload.php b/phpBB/phpbb/avatar/driver/upload.php index bda872df7a..822c40af98 100644 --- a/phpBB/phpbb/avatar/driver/upload.php +++ b/phpBB/phpbb/avatar/driver/upload.php @@ -9,14 +9,6 @@ namespace phpbb\avatar\driver; -/** -* @ignore -*/ -if (!defined('IN_PHPBB')) -{ - exit; -} - /** * Handles avatars uploaded to the board * @package phpBB3 diff --git a/phpBB/phpbb/avatar/manager.php b/phpBB/phpbb/avatar/manager.php index 7c26bce5ae..5fe5e2b0a1 100644 --- a/phpBB/phpbb/avatar/manager.php +++ b/phpBB/phpbb/avatar/manager.php @@ -9,14 +9,6 @@ namespace phpbb\avatar; -/** -* @ignore -*/ -if (!defined('IN_PHPBB')) -{ - exit; -} - /** * @package avatar */ -- cgit v1.2.1 From 47f2caff6b3f05f6703e359bf4712bd69d23c04c Mon Sep 17 00:00:00 2001 From: Joas Schilling Date: Sun, 10 Nov 2013 22:19:06 +0100 Subject: [ticket/11525] Fix doc blocks PHPBB3-11525 --- phpBB/phpbb/avatar/manager.php | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) (limited to 'phpBB/phpbb/avatar') diff --git a/phpBB/phpbb/avatar/manager.php b/phpBB/phpbb/avatar/manager.php index f2bb1a5dbe..90cd83898f 100644 --- a/phpBB/phpbb/avatar/manager.php +++ b/phpBB/phpbb/avatar/manager.php @@ -180,8 +180,8 @@ class manager /** * Strip out user_, group_, or other prefixes from array keys * - * @param array $row User data or group data - * @param string $prefix Prefix of data keys + * @param array $row User data or group data + * @param string $prefix Prefix of data keys (e.g. user), should not include the trailing underscore * * @return array User data or group data with keys that have been * stripped from the preceding "user_" or "group_" @@ -205,8 +205,11 @@ class manager /** * Strip prepending user_ or group_ prefix from key * - * @param string Array key - * @return void + * @param string $key Array key + * @param string $null Parameter is ignored by the function, just required by the array_walk + * @param string $prefix Prefix that should be stripped off from the keys (e.g. user) + * Should not include the trailing underscore + * @return null */ static protected function strip_prefix(&$key, $null, $prefix) { -- cgit v1.2.1 From aa84f7de04b0efdf871d75694aee60e5ecf37f56 Mon Sep 17 00:00:00 2001 From: Joas Schilling Date: Sun, 10 Nov 2013 23:07:07 +0100 Subject: [ticket/11525] Prefix id parameter with 'g' again when its a group avatar PHPBB3-11525 --- phpBB/phpbb/avatar/manager.php | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) (limited to 'phpBB/phpbb/avatar') diff --git a/phpBB/phpbb/avatar/manager.php b/phpBB/phpbb/avatar/manager.php index 90cd83898f..9f6a5fb089 100644 --- a/phpBB/phpbb/avatar/manager.php +++ b/phpBB/phpbb/avatar/manager.php @@ -183,8 +183,9 @@ class manager * @param array $row User data or group data * @param string $prefix Prefix of data keys (e.g. user), should not include the trailing underscore * - * @return array User data or group data with keys that have been - * stripped from the preceding "user_" or "group_" + * @return array User or group data with keys that have been + * stripped from the preceding "user_" or "group_" + * Also the group id is prefixed with g, when the prefix group is removed. */ static public function clean_row($row, $prefix = '') { @@ -198,8 +199,14 @@ class manager $values = array_values($row); array_walk($keys, array('\phpbb\avatar\manager', 'strip_prefix'), $prefix); + $row = array_combine($keys, $values); - return array_combine($keys, $values); + if ($prefix == 'group') + { + $row['id'] = 'g' . $row['id']; + } + + return $row; } /** -- cgit v1.2.1 From 13a4ceedb18ba938d3cd18e2f68707385bc9283a Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Wed, 13 Nov 2013 18:27:40 +0100 Subject: [ticket/11525] Use foreach instead of array_walk in method clean_row() This approach is cleaner and probably even faster the previous ways that included using array_walk() or array_map() and other helper functions and methods. PHPBB3-11525 --- phpBB/phpbb/avatar/manager.php | 32 +++++++++----------------------- 1 file changed, 9 insertions(+), 23 deletions(-) (limited to 'phpBB/phpbb/avatar') diff --git a/phpBB/phpbb/avatar/manager.php b/phpBB/phpbb/avatar/manager.php index 9f6a5fb089..12d7861cdf 100644 --- a/phpBB/phpbb/avatar/manager.php +++ b/phpBB/phpbb/avatar/manager.php @@ -195,33 +195,19 @@ class manager return self::$default_row; } - $keys = array_keys($row); - $values = array_values($row); - - array_walk($keys, array('\phpbb\avatar\manager', 'strip_prefix'), $prefix); - $row = array_combine($keys, $values); - - if ($prefix == 'group') + $output = array(); + foreach ($row as $key => $value) { - $row['id'] = 'g' . $row['id']; + $key = preg_replace("#^(?:{$prefix}_)#", '', $key); + $output[$key] = $value; } - return $row; - } + if ($prefix === 'group' && isset($output['id'])) + { + $output['id'] = 'g' . $output['id']; + } - /** - * Strip prepending user_ or group_ prefix from key - * - * @param string $key Array key - * @param string $null Parameter is ignored by the function, just required by the array_walk - * @param string $prefix Prefix that should be stripped off from the keys (e.g. user) - * Should not include the trailing underscore - * @return null - */ - static protected function strip_prefix(&$key, $null, $prefix) - { - $regex = ($prefix !== '') ? "#^(?:{$prefix}_)#" : '#^(?:user_|group_)#'; - $key = preg_replace($regex, '', $key); + return $output; } /** -- cgit v1.2.1