From 882a3c383103802c491404032c5d267e4f5271a0 Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Sat, 22 Jul 2017 17:26:41 +0200 Subject: [ticket/security/211] Make sure website URL only uses http & https schemes SECURITY-211 --- phpBB/phpbb/profilefields/type/type_url.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'phpBB/phpbb') diff --git a/phpBB/phpbb/profilefields/type/type_url.php b/phpBB/phpbb/profilefields/type/type_url.php index 375cf5b19a..2bc0002262 100644 --- a/phpBB/phpbb/profilefields/type/type_url.php +++ b/phpBB/phpbb/profilefields/type/type_url.php @@ -64,7 +64,7 @@ class type_url extends type_string return false; } - if (!preg_match('#^' . get_preg_expression('url') . '$#iu', $field_value)) + if (!preg_match('#^' . get_preg_expression('url_http') . '$#iu', $field_value)) { return $this->user->lang('FIELD_INVALID_URL', $this->get_field_name($field_data['lang_name'])); } -- cgit v1.2.1 From 2749bfe26ccae7db4174cdd83453d79366113c28 Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Sun, 23 Jul 2017 10:40:30 +0200 Subject: [ticket/security/211] Only run make_clickable() on URL type profile fields SECURITY-211 --- phpBB/phpbb/profilefields/type/type_string_common.php | 1 - phpBB/phpbb/profilefields/type/type_url.php | 15 +++++++++++++++ 2 files changed, 15 insertions(+), 1 deletion(-) (limited to 'phpBB/phpbb') diff --git a/phpBB/phpbb/profilefields/type/type_string_common.php b/phpBB/phpbb/profilefields/type/type_string_common.php index f5e1992044..2648d03930 100644 --- a/phpBB/phpbb/profilefields/type/type_string_common.php +++ b/phpBB/phpbb/profilefields/type/type_string_common.php @@ -108,7 +108,6 @@ abstract class type_string_common extends type_base return null; } - $field_value = make_clickable($field_value); $field_value = censor_text($field_value); $field_value = bbcode_nl2br($field_value); return $field_value; diff --git a/phpBB/phpbb/profilefields/type/type_url.php b/phpBB/phpbb/profilefields/type/type_url.php index 2bc0002262..7bdd60e19d 100644 --- a/phpBB/phpbb/profilefields/type/type_url.php +++ b/phpBB/phpbb/profilefields/type/type_url.php @@ -71,4 +71,19 @@ class type_url extends type_string return false; } + + /** + * {@inheritDoc} + */ + public function get_profile_value($field_value, $field_data) + { + if (!preg_match('#^' . get_preg_expression('url_http') . '$#iu', $field_value)) + { + return null; + } + + $field_value = make_clickable($field_value); + + return parent::get_profile_value($field_value, $field_data); + } } -- cgit v1.2.1 From 342a7cbd55829283663ad6ba29f924eeb53fca38 Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Thu, 3 Aug 2017 22:20:33 +0200 Subject: [ticket/security/211] Allow make_clickable() again after change to regex SECURITY-211 --- phpBB/phpbb/profilefields/type/type_string_common.php | 1 + phpBB/phpbb/profilefields/type/type_url.php | 2 -- 2 files changed, 1 insertion(+), 2 deletions(-) (limited to 'phpBB/phpbb') diff --git a/phpBB/phpbb/profilefields/type/type_string_common.php b/phpBB/phpbb/profilefields/type/type_string_common.php index 2648d03930..f5e1992044 100644 --- a/phpBB/phpbb/profilefields/type/type_string_common.php +++ b/phpBB/phpbb/profilefields/type/type_string_common.php @@ -108,6 +108,7 @@ abstract class type_string_common extends type_base return null; } + $field_value = make_clickable($field_value); $field_value = censor_text($field_value); $field_value = bbcode_nl2br($field_value); return $field_value; diff --git a/phpBB/phpbb/profilefields/type/type_url.php b/phpBB/phpbb/profilefields/type/type_url.php index 7bdd60e19d..37815b66a5 100644 --- a/phpBB/phpbb/profilefields/type/type_url.php +++ b/phpBB/phpbb/profilefields/type/type_url.php @@ -82,8 +82,6 @@ class type_url extends type_string return null; } - $field_value = make_clickable($field_value); - return parent::get_profile_value($field_value, $field_data); } } -- cgit v1.2.1 From 949f07e8ba81f6d711b7f7fa6024a19da71dc249 Mon Sep 17 00:00:00 2001 From: abyssmedia <30393121+abyssmedia@users.noreply.github.com> Date: Mon, 24 Jul 2017 00:04:43 +0400 Subject: [ticket/15303] Correctly refer to $memcached and not $memcache PHPBB3-15303 --- phpBB/phpbb/cache/driver/memcached.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'phpBB/phpbb') diff --git a/phpBB/phpbb/cache/driver/memcached.php b/phpBB/phpbb/cache/driver/memcached.php index a7da22d7e8..808e15afe8 100644 --- a/phpBB/phpbb/cache/driver/memcached.php +++ b/phpBB/phpbb/cache/driver/memcached.php @@ -68,7 +68,7 @@ class memcached extends \phpbb\cache\driver\memory foreach (explode(',', PHPBB_ACM_MEMCACHE) as $u) { preg_match('#(.*)/(\d+)#', $u, $parts); - $this->memcache->addServer(trim($parts[1]), (int) trim($parts[2])); + $this->memcached->addServer(trim($parts[1]), (int) trim($parts[2])); } } -- cgit v1.2.1 From 5def7e255ec46175b74a31523f89309136e78869 Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Sun, 31 Dec 2017 16:39:02 +0100 Subject: [prep-release-3.1.12] Add migration for 3.1.12 --- phpBB/phpbb/db/migration/data/v31x/v3112.php | 36 ++++++++++++++++++++++++++++ 1 file changed, 36 insertions(+) create mode 100644 phpBB/phpbb/db/migration/data/v31x/v3112.php (limited to 'phpBB/phpbb') diff --git a/phpBB/phpbb/db/migration/data/v31x/v3112.php b/phpBB/phpbb/db/migration/data/v31x/v3112.php new file mode 100644 index 0000000000..0d75d35184 --- /dev/null +++ b/phpBB/phpbb/db/migration/data/v31x/v3112.php @@ -0,0 +1,36 @@ + +* @license GNU General Public License, version 2 (GPL-2.0) +* +* For full copyright and license information, please see +* the docs/CREDITS.txt file. +* +*/ + +namespace phpbb\db\migration\data\v31x; + +class v3112 extends \phpbb\db\migration\migration +{ + public function effectively_installed() + { + return phpbb_version_compare($this->config['version'], '3.1.12', '>='); + } + + static public function depends_on() + { + return array( + '\phpbb\db\migration\data\v31x\v3111', + ); + } + + public function update_data() + { + return array( + array('config.update', array('version', '3.1.12')), + ); + } +} -- cgit v1.2.1