From f8fbe3793680af1dae2db2829cfc84068831c52f Mon Sep 17 00:00:00 2001 From: rxu Date: Wed, 28 Jun 2017 00:58:03 +0700 Subject: [ticket/14972] replace all occurrences of sizeof() with the count() PHPBB3-14972 --- phpBB/phpbb/avatar/driver/local.php | 2 +- phpBB/phpbb/avatar/driver/upload.php | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) (limited to 'phpBB/phpbb/avatar') diff --git a/phpBB/phpbb/avatar/driver/local.php b/phpBB/phpbb/avatar/driver/local.php index f5547c4bc6..8b773017c5 100644 --- a/phpBB/phpbb/avatar/driver/local.php +++ b/phpBB/phpbb/avatar/driver/local.php @@ -64,7 +64,7 @@ class local extends \phpbb\avatar\driver\driver $table_cols = isset($row['avatar_gallery_cols']) ? $row['avatar_gallery_cols'] : 4; $row_count = $col_count = $avatar_pos = 0; - $avatar_count = sizeof($avatar_list[$category]); + $avatar_count = count($avatar_list[$category]); reset($avatar_list[$category]); diff --git a/phpBB/phpbb/avatar/driver/upload.php b/phpBB/phpbb/avatar/driver/upload.php index 887a0ff258..d765a27871 100644 --- a/phpBB/phpbb/avatar/driver/upload.php +++ b/phpBB/phpbb/avatar/driver/upload.php @@ -167,7 +167,7 @@ class upload extends \phpbb\avatar\driver\driver $file->clean_filename('avatar', $prefix, $row['id']); // If there was an error during upload, then abort operation - if (sizeof($file->error)) + if (count($file->error)) { $file->remove(); $error = $file->error; @@ -221,7 +221,7 @@ class upload extends \phpbb\avatar\driver\driver unset($filedata); - if (!sizeof($error)) + if (!count($error)) { // Move file and overwrite any existing image $file->move_file($destination, true); @@ -229,7 +229,7 @@ class upload extends \phpbb\avatar\driver\driver // If there was an error during move, then clean up leftovers $error = array_merge($error, $file->error); - if (sizeof($error)) + if (count($error)) { $file->remove(); return false; @@ -291,7 +291,7 @@ class upload extends \phpbb\avatar\driver\driver ); extract($this->dispatcher->trigger_event('core.avatar_driver_upload_delete_before', compact($vars))); - if (!sizeof($error) && $this->filesystem->exists($filename)) + if (!count($error) && $this->filesystem->exists($filename)) { try { -- cgit v1.2.1 From 3244cab37094e51a7a78055b05c0a7f980060865 Mon Sep 17 00:00:00 2001 From: GerB Date: Tue, 13 Feb 2018 11:28:19 +0100 Subject: [ticket/15547] Add file object to event Add file object to core.avatar_driver_upload_move_file_before. PHPBB3-15547 --- phpBB/phpbb/avatar/driver/upload.php | 3 +++ 1 file changed, 3 insertions(+) (limited to 'phpBB/phpbb/avatar') diff --git a/phpBB/phpbb/avatar/driver/upload.php b/phpBB/phpbb/avatar/driver/upload.php index d765a27871..77b44754ac 100644 --- a/phpBB/phpbb/avatar/driver/upload.php +++ b/phpBB/phpbb/avatar/driver/upload.php @@ -203,15 +203,18 @@ class upload extends \phpbb\avatar\driver\driver * * @event core.avatar_driver_upload_move_file_before * @var array filedata Array containing uploaded file data + * @var \phpbb\files\filespec file Instance of filespec class * @var string destination Destination directory where the file is going to be moved * @var string prefix Prefix for the avatar filename * @var array row Array with avatar row data * @var array error Array of errors, if filled in by this event file will not be moved * @since 3.1.6-RC1 * @changed 3.1.9-RC1 Added filedata + * @changed 3.2.3-RC1 Added file */ $vars = array( 'filedata', + 'file', 'destination', 'prefix', 'row', -- cgit v1.2.1 From 4544f5212c14b12d372686d6e09caefb90b026e2 Mon Sep 17 00:00:00 2001 From: Jakub Senko Date: Mon, 18 Jun 2018 13:10:19 +0200 Subject: [ticket/15620] Use separate local avatar cache file for every lang PHPBB3-15620 --- phpBB/phpbb/avatar/driver/local.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'phpBB/phpbb/avatar') diff --git a/phpBB/phpbb/avatar/driver/local.php b/phpBB/phpbb/avatar/driver/local.php index 8b773017c5..4b84e4201c 100644 --- a/phpBB/phpbb/avatar/driver/local.php +++ b/phpBB/phpbb/avatar/driver/local.php @@ -158,7 +158,7 @@ class local extends \phpbb\avatar\driver\driver */ protected function get_avatar_list($user) { - $avatar_list = ($this->cache == null) ? false : $this->cache->get('_avatar_local_list'); + $avatar_list = ($this->cache == null) ? false : $this->cache->get('_avatar_local_list_' . $user->data['user_lang']); if ($avatar_list === false) { @@ -198,7 +198,7 @@ class local extends \phpbb\avatar\driver\driver if ($this->cache != null) { - $this->cache->put('_avatar_local_list', $avatar_list, 86400); + $this->cache->put('_avatar_local_list_' . $user->data['user_lang'], $avatar_list, 86400); } } -- cgit v1.2.1 From 6a353853084ad7c7022f838e82ff82ff9ea11c9c Mon Sep 17 00:00:00 2001 From: Jakub Senko Date: Mon, 8 Oct 2018 15:45:21 +0200 Subject: [ticket/15833] Add core.avatar_manager_avatar_delete_after event PHPBB3-15833 --- phpBB/phpbb/avatar/manager.php | 23 ++++++++++++++++++++++- 1 file changed, 22 insertions(+), 1 deletion(-) (limited to 'phpBB/phpbb/avatar') diff --git a/phpBB/phpbb/avatar/manager.php b/phpBB/phpbb/avatar/manager.php index 26eb17c265..6d9604db04 100644 --- a/phpBB/phpbb/avatar/manager.php +++ b/phpBB/phpbb/avatar/manager.php @@ -21,6 +21,12 @@ class manager */ protected $config; + /** + * phpBB event dispatcher + * @var \phpbb\event\dispatcher_interface + */ + protected $phpbb_dispatcher; + /** * Array that contains a list of enabled drivers * @var array @@ -49,11 +55,13 @@ class manager * Construct an avatar manager object * * @param \phpbb\config\config $config phpBB configuration + * @param \phpbb\event\dispatcher_interface $phpbb_dispatcher phpBB event dispatcher * @param array $avatar_drivers Avatar drivers passed via the service container */ - public function __construct(\phpbb\config\config $config, $avatar_drivers) + public function __construct(\phpbb\config\config $config, \phpbb\event\dispatcher_interface $phpbb_dispatcher, $avatar_drivers) { $this->config = $config; + $this->phpbb_dispatcher = $phpbb_dispatcher; $this->register_avatar_drivers($avatar_drivers); } @@ -331,6 +339,19 @@ class manager WHERE user_avatar = '" . $db->sql_escape($avatar_data['avatar']) . "'"; $db->sql_query($sql); } + + /** + * Event is triggered after user avatar has been deleted + * + * @event core.avatar_manager_avatar_delete_after + * @var \phpbb\user user phpBB user object + * @var array avatar_data Normalised avatar-related user data + * @var string table Table to delete avatar from + * @var string prefix Column prefix to delete avatar from + * @since 3.2.4-RC1 + */ + $vars = array('user', 'avatar_data', 'table', 'prefix'); + extract($this->phpbb_dispatcher->trigger_event('core.avatar_manager_avatar_delete_after', compact($vars))); } /** -- cgit v1.2.1 From dc5a167c429a3813d66b0ae3d14242650466cac6 Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Wed, 17 Apr 2019 08:54:51 +0200 Subject: [ticket/security/231] Disable remote avatar functionality & add warning SECURITY-231 --- phpBB/phpbb/avatar/manager.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'phpBB/phpbb/avatar') diff --git a/phpBB/phpbb/avatar/manager.php b/phpBB/phpbb/avatar/manager.php index 6d9604db04..a909a91042 100644 --- a/phpBB/phpbb/avatar/manager.php +++ b/phpBB/phpbb/avatar/manager.php @@ -271,7 +271,7 @@ class manager $config_name = $driver->get_config_name(); return array( - 'allow_avatar_' . $config_name => array('lang' => 'ALLOW_' . strtoupper(str_replace('\\', '_', $config_name)), 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => false), + 'allow_avatar_' . $config_name => array('lang' => 'ALLOW_' . strtoupper(str_replace('\\', '_', $config_name)), 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true), ); } -- cgit v1.2.1 From 2575b499a38ccf2480d5da9d5c566f47a9e2d824 Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Sun, 28 Apr 2019 18:15:33 +0200 Subject: [prep-release-3.2.6] Update Changelog and add missing preg_match --- phpBB/phpbb/avatar/driver/upload.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'phpBB/phpbb/avatar') diff --git a/phpBB/phpbb/avatar/driver/upload.php b/phpBB/phpbb/avatar/driver/upload.php index 77b44754ac..a012bb15b6 100644 --- a/phpBB/phpbb/avatar/driver/upload.php +++ b/phpBB/phpbb/avatar/driver/upload.php @@ -148,7 +148,8 @@ class upload extends \phpbb\avatar\driver\driver // Do not allow specifying the port (see RFC 3986) or IP addresses // remote_upload() will do its own check for allowed filetypes - if (preg_match('@^(http|https|ftp)://[^/:?#]+:[0-9]+[/:?#]@i', $url) || + if (!preg_match('#^(http|https|ftp)://(?:(.*?\.)*?[a-z0-9\-]+?\.[a-z]{2,4}|(?:\d{1,3}\.){3,5}\d{1,3}):?([0-9]*?).*?\.('. implode('|', $this->allowed_extensions) . ')$#i', $url) || + preg_match('@^(http|https|ftp)://[^/:?#]+:[0-9]+[/:?#]@i', $url) || preg_match('#^(http|https|ftp)://(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])#i', $url) || preg_match('#^(http|https|ftp)://(?:(?:(?:[\dA-F]{1,4}:){6}(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:::(?:[\dA-F]{1,4}:){0,5}(?:[\dA-F]{1,4}(?::[\dA-F]{1,4})?|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:):(?:[\dA-F]{1,4}:){4}(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,2}:(?:[\dA-F]{1,4}:){3}(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,3}:(?:[\dA-F]{1,4}:){2}(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,4}:(?:[\dA-F]{1,4}:)(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,5}:(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,6}:[\dA-F]{1,4})|(?:(?:[\dA-F]{1,4}:){1,7}:)|(?:::))#i', $url)) { -- cgit v1.2.1