aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--build/build.xml2
-rw-r--r--phpBB/adm/style/permission_mask.html2
-rw-r--r--phpBB/adm/style/permissions.js4
-rw-r--r--phpBB/assets/javascript/plupload.js17
-rw-r--r--phpBB/docs/CHANGELOG.html28
-rw-r--r--phpBB/docs/CREDITS.txt6
-rw-r--r--phpBB/includes/acp/acp_bbcodes.php12
-rw-r--r--phpBB/includes/acp/acp_prune.php1
-rw-r--r--phpBB/includes/functions_user.php5
-rw-r--r--phpBB/includes/message_parser.php29
-rw-r--r--phpBB/includes/ucp/ucp_pm_compose.php7
-rw-r--r--phpBB/language/en/common.php2
-rw-r--r--phpBB/phpbb/db/driver/mysqli.php3
-rw-r--r--phpBB/phpbb/db/migration/data/v32x/v328.php36
-rw-r--r--phpBB/phpbb/textformatter/s9e/factory.php2
-rw-r--r--phpBB/phpbb/textformatter/s9e/parser.php2
-rw-r--r--phpBB/posting.php5
-rw-r--r--phpBB/styles/prosilver/template/plupload.html1
-rw-r--r--tests/functional/fileupload_form_test.php9
-rw-r--r--tests/functional/plupload_test.php14
-rw-r--r--tests/functions/fixtures/validate_email.xml24
-rw-r--r--tests/functions/validate_user_email_test.php12
-rw-r--r--tests/test_framework/phpbb_functional_test_case.php51
-rw-r--r--tests/text_formatter/s9e/default_formatting_test.php2
-rw-r--r--tests/text_processing/tickets_data/PHPBB3-13921.html2
25 files changed, 235 insertions, 43 deletions
diff --git a/build/build.xml b/build/build.xml
index 9e9b19923f..5748260679 100644
--- a/build/build.xml
+++ b/build/build.xml
@@ -4,7 +4,7 @@
<!-- a few settings for the build -->
<property name="newversion" value="3.3.0-b1-dev" />
<property name="prevversion" value="3.2.7" />
- <property name="olderversions" value="3.1.0, 3.1.1, 3.1.2, 3.1.3, 3.1.4, 3.1.5, 3.1.6, 3.1.7, 3.1.7-pl1, 3.1.8, 3.1.9, 3.1.10, 3.1.11, 3.1.12, 3.2.0-a1, 3.2.0-a2, 3.2.0-b1, 3.2.0-b2, 3.2.0-RC1, 3.2.0-RC2, 3.2.0, 3.2.1, 3.2.2, 3.2.3, 3.2.4, 3.2.5, 3.2.6" />
+ <property name="olderversions" value="3.1.0, 3.1.1, 3.1.2, 3.1.3, 3.1.4, 3.1.5, 3.1.6, 3.1.7, 3.1.7-pl1, 3.1.8, 3.1.9, 3.1.10, 3.1.11, 3.1.12, 3.2.0-a1, 3.2.0-a2, 3.2.0-b1, 3.2.0-b2, 3.2.0-RC1, 3.2.0-RC2, 3.2.0, 3.2.1, 3.2.2, 3.2.3, 3.2.4, 3.2.5, 3.2.6, 3.2.8-RC1" />
<!-- no configuration should be needed beyond this point -->
<property name="oldversions" value="${olderversions}, ${prevversion}" />
diff --git a/phpBB/adm/style/permission_mask.html b/phpBB/adm/style/permission_mask.html
index c556664b8c..23294d60df 100644
--- a/phpBB/adm/style/permission_mask.html
+++ b/phpBB/adm/style/permission_mask.html
@@ -9,6 +9,8 @@
var role_options = new Array();
+ var no_role_assigned = "{LA_NO_ROLE_ASSIGNED}";
+
<!-- IF S_ROLE_JS_ARRAY -->
{S_ROLE_JS_ARRAY}
<!-- ENDIF -->
diff --git a/phpBB/adm/style/permissions.js b/phpBB/adm/style/permissions.js
index 9178adab50..af8e21ad51 100644
--- a/phpBB/adm/style/permissions.js
+++ b/phpBB/adm/style/permissions.js
@@ -279,6 +279,10 @@ function reset_role(id) {
}
t.options[0].selected = true;
+
+ var parent = t.parentNode;
+ parent.querySelector('span.dropdown-trigger').innerText = no_role_assigned;
+ parent.querySelector('input[data-name^=role]').value = '0';
}
/**
diff --git a/phpBB/assets/javascript/plupload.js b/phpBB/assets/javascript/plupload.js
index fab1ca6d7c..5e8db8b035 100644
--- a/phpBB/assets/javascript/plupload.js
+++ b/phpBB/assets/javascript/plupload.js
@@ -90,6 +90,12 @@ phpbb.plupload.getSerializedData = function() {
obj['attachment_data[' + i + '][' + key + ']'] = datum[key];
}
}
+
+ // Insert form data
+ var $pluploadForm = $(phpbb.plupload.config.form_hook).first();
+ obj.creation_time = $pluploadForm.find('input[type=hidden][name="creation_time"]').val();
+ obj.form_token = $pluploadForm.find('input[type=hidden][name="form_token"]').val();
+
return obj;
};
@@ -264,6 +270,17 @@ phpbb.plupload.deleteFile = function(row, attachId) {
return;
}
+
+ // Handle errors while deleting file
+ if (typeof response.error !== 'undefined') {
+ phpbb.alert(phpbb.plupload.lang.ERROR, response.error.message);
+
+ // We will have to assume that the deletion failed. So leave the file status as uploaded.
+ row.find('.file-status').toggleClass('file-uploaded');
+
+ return;
+ }
+
phpbb.plupload.update(response, 'removal', index);
// Check if the user can upload files now if he had reached the max files limit.
phpbb.plupload.handleMaxFilesReached();
diff --git a/phpBB/docs/CHANGELOG.html b/phpBB/docs/CHANGELOG.html
index 0e16773dd3..0c9b56d1bf 100644
--- a/phpBB/docs/CHANGELOG.html
+++ b/phpBB/docs/CHANGELOG.html
@@ -50,6 +50,7 @@
<ol>
<li><a href="#changelog">Changelog</a>
<ul>
+ <li><a href="#v328rc1">Changes since 3.2.8-RC1</a></li>
<li><a href="#v327">Changes since 3.2.7</a></li>
<li><a href="#v326">Changes since 3.2.6</a></li>
<li><a href="#v326rc1">Changes since 3.2.6-RC1</a></li>
@@ -139,6 +140,28 @@
<div class="inner">
<div class="content">
+ <a name="v328rc1"></a><h3>Changes since 3.2.8-RC1</h3>
+ <h4>Bug</h4>
+ <ul>
+ <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-15467">PHPBB3-15467</a>] - Permission settings do not take affect when set using All YES/NO/NEVER</li>
+ <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16123">PHPBB3-16123</a>] - PHP error (Array to string conversion) on new user registration if email address is banned and &quot; Reason shown to the banned&quot; is empty</li>
+ <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16136">PHPBB3-16136</a>] - Missing word in 'AUTH_PROVIDER_OAUTH_ERROR_ALREADY_LINKED' </li>
+ </ul>
+ <h4>Improvement</h4>
+ <ul>
+ <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16134">PHPBB3-16134</a>] - Exclude group leaders on group member purge</li>
+ </ul>
+ <h4>Security Issue</h4>
+ <ul>
+ <li>[SECURITY-243] - CSS injection via BBCode tag</li>
+ <li>[SECURITY-244] - Missing form token check when handling attachments</li>
+ <li>[SECURITY-246] - Missing form token check when managing BBCodes</li>
+ </ul>
+ <h4>Hardening</h4>
+ <ul>
+ <li>[SECURITY-247] - Disable MySQLi local infile to prevent local file inclusion</li>
+ </ul>
+
<a name="v327"></a><h3>Changes since 3.2.7</h3>
<h4>Bug</h4>
<ul>
@@ -193,7 +216,6 @@
<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16078">PHPBB3-16078</a>] - Use chrome webdriver for UI tests</li>
<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16089">PHPBB3-16089</a>] - Add core.confirm_box_ajax_before</li>
<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16097">PHPBB3-16097</a>] - Add core.viewtopic_gen_sort_selects_before</li>
- <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16101">PHPBB3-16101</a>] - Add Referrer-Policy header</li>
<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16102">PHPBB3-16102</a>] - Add core.posting_modify_post_subject</li>
<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16103">PHPBB3-16103</a>] - Add core.pm_modify_message_subject</li>
<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16106">PHPBB3-16106</a>] - Add core.mcp_main_before</li>
@@ -212,6 +234,10 @@
<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16112">PHPBB3-16112</a>] - Update composer dependencies to latest</li>
<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16119">PHPBB3-16119</a>] - The text input for poll question has a too high maxlength attribute</li>
</ul>
+ <h4>Hardening</h4>
+ <ul>
+ <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16101">PHPBB3-16101</a>] - Add Referrer-Policy header</li>
+ </ul>
<a name="v326"></a><h3>Changes since 3.2.6</h3>
<h4>Bug</h4>
diff --git a/phpBB/docs/CREDITS.txt b/phpBB/docs/CREDITS.txt
index 337c9cf536..64f5588bac 100644
--- a/phpBB/docs/CREDITS.txt
+++ b/phpBB/docs/CREDITS.txt
@@ -1,7 +1,7 @@
/**
*
-* phpBB © Copyright phpBB Limited 2003-2016
-* http://www.phpbb.com
+* phpBB © Copyright phpBB Limited 2003-2019
+* https://www.phpbb.com
*
* phpBB is free software. You can redistribute it and/or modify it
* under the terms of the GNU General Public License, version 2 (GPL-2.0)
@@ -27,7 +27,6 @@ phpBB Developers: bantu (Andreas Fischer)
Derky (Derk Ruitenbeek)
Elsensee (Oliver Schramm)
Hanakin (Michael Miday)
- MichaelC (Michael Cullum)
Nicofuma (Tristan Darricau)
rubencm (Rubén Calvo)
@@ -63,6 +62,7 @@ phpBB Developers: A_Jelly_Doughnut (Josh Woody) [01/2010 - 11/2010]
igorw (Igor Wiedler) [08/2010 - 02/2013]
imkingdavid (David King) [11/2012 - 06/2014]
kellanved (Henry Sudhof) [04/2007 - 03/2011]
+ MichaelC (Michael Cullum) [11/2017 - 09/2019]
nickvergessen (Joas Schilling)[04/2010 - 12/2015]
Oleg (Oleg Pudeyev) [01/2011 - 05/2013]
prototech (Cesar Gallegos) [01/2014 - 12/2016]
diff --git a/phpBB/includes/acp/acp_bbcodes.php b/phpBB/includes/acp/acp_bbcodes.php
index b59f9e3a39..5360ab0f7b 100644
--- a/phpBB/includes/acp/acp_bbcodes.php
+++ b/phpBB/includes/acp/acp_bbcodes.php
@@ -33,7 +33,6 @@ class acp_bbcodes
// Set up general vars
$action = $request->variable('action', '');
$bbcode_id = $request->variable('bbcode', 0);
- $submit = $request->is_set_post('submit');
$this->tpl_name = 'acp_bbcodes';
$this->page_title = 'ACP_BBCODES';
@@ -41,11 +40,6 @@ class acp_bbcodes
add_form_key($form_key);
- if ($submit && !check_form_key($form_key))
- {
- trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING);
- }
-
// Set up mode-specific vars
switch ($action)
{
@@ -179,6 +173,12 @@ class acp_bbcodes
extract($phpbb_dispatcher->trigger_event('core.acp_bbcodes_modify_create', compact($vars)));
$warn_text = preg_match('%<[^>]*\{text[\d]*\}[^>]*>%i', $bbcode_tpl);
+
+ if (!$warn_text && !check_form_key($form_key))
+ {
+ trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING);
+ }
+
if (!$warn_text || confirm_box(true))
{
$data = $this->build_regexp($bbcode_match, $bbcode_tpl);
diff --git a/phpBB/includes/acp/acp_prune.php b/phpBB/includes/acp/acp_prune.php
index 3eee4f7922..c5f7789de8 100644
--- a/phpBB/includes/acp/acp_prune.php
+++ b/phpBB/includes/acp/acp_prune.php
@@ -537,6 +537,7 @@ class acp_prune
AND ug.user_id <> ' . ANONYMOUS . '
AND u.user_type <> ' . USER_FOUNDER . '
AND ug.user_pending = 0
+ AND ug.group_leader = 0
AND u.user_id = ug.user_id
' . (!empty($user_ids) ? ' AND ' . $db->sql_in_set('ug.user_id', $user_ids) : '');
$result = $db->sql_query($sql);
diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php
index 3bf4aa16b7..e0b6a9d0c6 100644
--- a/phpBB/includes/functions_user.php
+++ b/phpBB/includes/functions_user.php
@@ -1945,9 +1945,10 @@ function validate_user_email($email, $allowed_email = false)
return $validate_email;
}
- if (($ban = $user->check_ban(false, false, $email, true)) !== false)
+ $ban = $user->check_ban(false, false, $email, true);
+ if (!empty($ban))
{
- return ($ban === true) ? 'EMAIL_BANNED' : (!empty($ban['ban_give_reason']) ? $ban['ban_give_reason'] : $ban);
+ return !empty($ban['ban_give_reason']) ? $ban['ban_give_reason'] : 'EMAIL_BANNED';
}
if (!$config['allow_emailreuse'])
diff --git a/phpBB/includes/message_parser.php b/phpBB/includes/message_parser.php
index 0b79cca864..e1c28223dc 100644
--- a/phpBB/includes/message_parser.php
+++ b/phpBB/includes/message_parser.php
@@ -1525,6 +1525,35 @@ class parse_message extends bbcode_firstpass
}
/**
+ * Check attachment form token depending on submit type
+ *
+ * @param \phpbb\language\language $language Language
+ * @param \phpbb\request\request_interface $request Request
+ * @param string $form_name Form name for checking form key
+ *
+ * @return bool True if form token is not needed or valid, false if needed and invalid
+ */
+ function check_attachment_form_token(\phpbb\language\language $language, \phpbb\request\request_interface $request, $form_name)
+ {
+ $add_file = $request->is_set_post('add_file');
+ $delete_file = $request->is_set_post('delete_file');
+
+ if (($add_file || $delete_file) && !check_form_key($form_name))
+ {
+ $this->warn_msg[] = $language->lang('FORM_INVALID');
+
+ if ($request->is_ajax() && $this->plupload)
+ {
+ $this->plupload->emit_error(-400, 'FORM_INVALID');
+ }
+
+ return false;
+ }
+
+ return true;
+ }
+
+ /**
* Parse Attachments
*/
function parse_attachments($form_name, $mode, $forum_id, $submit, $preview, $refresh, $is_message = false)
diff --git a/phpBB/includes/ucp/ucp_pm_compose.php b/phpBB/includes/ucp/ucp_pm_compose.php
index cb45112b01..06baa279a5 100644
--- a/phpBB/includes/ucp/ucp_pm_compose.php
+++ b/phpBB/includes/ucp/ucp_pm_compose.php
@@ -26,7 +26,7 @@ if (!defined('IN_PHPBB'))
function compose_pm($id, $mode, $action, $user_folders = array())
{
global $template, $db, $auth, $user, $cache;
- global $phpbb_root_path, $phpEx, $config;
+ global $phpbb_root_path, $phpEx, $config, $language;
global $request, $phpbb_dispatcher, $phpbb_container;
// Damn php and globals - i know, this is horrible
@@ -799,7 +799,10 @@ function compose_pm($id, $mode, $action, $user_folders = array())
extract($phpbb_dispatcher->trigger_event('core.ucp_pm_compose_modify_parse_before', compact($vars)));
// Parse Attachments - before checksum is calculated
- $message_parser->parse_attachments('fileupload', $action, 0, $submit, $preview, $refresh, true);
+ if ($message_parser->check_attachment_form_token($language, $request, 'ucp_pm_compose'))
+ {
+ $message_parser->parse_attachments('fileupload', $action, 0, $submit, $preview, $refresh, true);
+ }
if (count($message_parser->warn_msg) && !($remove_u || $remove_g || $add_to || $add_bcc))
{
diff --git a/phpBB/language/en/common.php b/phpBB/language/en/common.php
index 666e98bd9b..f77cf0c0c8 100644
--- a/phpBB/language/en/common.php
+++ b/phpBB/language/en/common.php
@@ -91,7 +91,7 @@ $lang = array_merge($lang, array(
'ATTACHED_IMAGE_NOT_IMAGE' => 'The image file you tried to attach is invalid.',
'AUTHOR' => 'Author',
'AUTH_NO_PROFILE_CREATED' => 'The creation of a user profile was unsuccessful.',
- 'AUTH_PROVIDER_OAUTH_ERROR_ALREADY_LINKED' => 'The account is already linked with other user.',
+ 'AUTH_PROVIDER_OAUTH_ERROR_ALREADY_LINKED' => 'This external service is already associated with another board account.',
'AUTH_PROVIDER_OAUTH_ERROR_INVALID_ENTRY' => 'Invalid database entry.',
'AUTH_PROVIDER_OAUTH_ERROR_INVALID_SERVICE_TYPE' => 'Invalid service type provided to OAuth service handler.',
'AUTH_PROVIDER_OAUTH_ERROR_SERVICE_NOT_CREATED' => 'OAuth service not created',
diff --git a/phpBB/phpbb/db/driver/mysqli.php b/phpBB/phpbb/db/driver/mysqli.php
index df8b88c315..0c1c063262 100644
--- a/phpBB/phpbb/db/driver/mysqli.php
+++ b/phpBB/phpbb/db/driver/mysqli.php
@@ -68,6 +68,9 @@ class mysqli extends \phpbb\db\driver\mysql_base
if ($this->db_connect_id && $this->dbname != '')
{
+ // Disable loading local files on client side
+ @mysqli_options($this->db_connect_id, MYSQLI_OPT_LOCAL_INFILE, false);
+
@mysqli_query($this->db_connect_id, "SET NAMES 'utf8'");
// enforce strict mode on databases that support it
diff --git a/phpBB/phpbb/db/migration/data/v32x/v328.php b/phpBB/phpbb/db/migration/data/v32x/v328.php
new file mode 100644
index 0000000000..28ff2c7033
--- /dev/null
+++ b/phpBB/phpbb/db/migration/data/v32x/v328.php
@@ -0,0 +1,36 @@
+<?php
+/**
+*
+* This file is part of the phpBB Forum Software package.
+*
+* @copyright (c) phpBB Limited <https://www.phpbb.com>
+* @license GNU General Public License, version 2 (GPL-2.0)
+*
+* For full copyright and license information, please see
+* the docs/CREDITS.txt file.
+*
+*/
+
+namespace phpbb\db\migration\data\v32x;
+
+class v328 extends \phpbb\db\migration\migration
+{
+ public function effectively_installed()
+ {
+ return phpbb_version_compare($this->config['version'], '3.2.8', '>=');
+ }
+
+ static public function depends_on()
+ {
+ return array(
+ '\phpbb\db\migration\data\v32x\v328rc1',
+ );
+ }
+
+ public function update_data()
+ {
+ return array(
+ array('config.update', array('version', '3.2.8')),
+ );
+ }
+}
diff --git a/phpBB/phpbb/textformatter/s9e/factory.php b/phpBB/phpbb/textformatter/s9e/factory.php
index 6191b9a315..dca1c78d40 100644
--- a/phpBB/phpbb/textformatter/s9e/factory.php
+++ b/phpBB/phpbb/textformatter/s9e/factory.php
@@ -110,7 +110,7 @@ class factory implements \phpbb\textformatter\cache_interface
'i' => '<span style="font-style: italic"><xsl:apply-templates/></span>',
'u' => '<span style="text-decoration: underline"><xsl:apply-templates/></span>',
'img' => '<img src="{IMAGEURL}" class="postimage" alt="{L_IMAGE}"/>',
- 'size' => '<span style="font-size: {FONTSIZE}%; line-height: normal"><xsl:apply-templates/></span>',
+ 'size' => '<span><xsl:attribute name="style"><xsl:text>font-size: </xsl:text><xsl:value-of select="substring(@size, 1, 4)"/><xsl:text>%; line-height: normal</xsl:text></xsl:attribute><xsl:apply-templates/></span>',
'color' => '<span style="color: {COLOR}"><xsl:apply-templates/></span>',
'email' => '<a>
<xsl:attribute name="href">
diff --git a/phpBB/phpbb/textformatter/s9e/parser.php b/phpBB/phpbb/textformatter/s9e/parser.php
index 3698dca224..a36fc63141 100644
--- a/phpBB/phpbb/textformatter/s9e/parser.php
+++ b/phpBB/phpbb/textformatter/s9e/parser.php
@@ -342,7 +342,7 @@ class parser implements \phpbb\textformatter\parser_interface
return false;
}
- if ($size < 1)
+ if ($size < 1 || !is_numeric($size))
{
return false;
}
diff --git a/phpBB/posting.php b/phpBB/posting.php
index e4ba0303cc..20f6ddf8e5 100644
--- a/phpBB/posting.php
+++ b/phpBB/posting.php
@@ -974,7 +974,10 @@ if ($submit || $preview || $refresh)
}
// Parse Attachments - before checksum is calculated
- $message_parser->parse_attachments('fileupload', $mode, $forum_id, $submit, $preview, $refresh);
+ if ($message_parser->check_attachment_form_token($language, $request, 'posting'))
+ {
+ $message_parser->parse_attachments('fileupload', $mode, $forum_id, $submit, $preview, $refresh);
+ }
/**
* This event allows you to modify message text before parsing
diff --git a/phpBB/styles/prosilver/template/plupload.html b/phpBB/styles/prosilver/template/plupload.html
index 1eb84372e8..593070321d 100644
--- a/phpBB/styles/prosilver/template/plupload.html
+++ b/phpBB/styles/prosilver/template/plupload.html
@@ -57,6 +57,7 @@ phpbb.plupload = {
lang: {
ERROR: '{LA_ERROR}',
TOO_MANY_ATTACHMENTS: '{LA_TOO_MANY_ATTACHMENTS}',
+ FORM_INVALID: '{LA_FORM_INVALID}',
},
order: '{ATTACH_ORDER}',
maxFiles: {MAX_ATTACHMENTS},
diff --git a/tests/functional/fileupload_form_test.php b/tests/functional/fileupload_form_test.php
index b0838344de..b2f230b66f 100644
--- a/tests/functional/fileupload_form_test.php
+++ b/tests/functional/fileupload_form_test.php
@@ -46,6 +46,13 @@ class phpbb_functional_fileupload_form_test extends phpbb_functional_test_case
private function upload_file($filename, $mimetype)
{
+ $crawler = self::$client->request(
+ 'GET',
+ 'posting.php?mode=reply&f=2&t=1&sid=' . $this->sid
+ );
+
+ $file_form_data = array_merge(['add_file' => $this->lang('ADD_FILE')], $this->get_hidden_fields($crawler, 'posting.php?mode=reply&f=2&t=1&sid=' . $this->sid));
+
$file = array(
'tmp_name' => $this->path . $filename,
'name' => $filename,
@@ -57,7 +64,7 @@ class phpbb_functional_fileupload_form_test extends phpbb_functional_test_case
$crawler = self::$client->request(
'POST',
'posting.php?mode=reply&f=2&t=1&sid=' . $this->sid,
- array('add_file' => $this->lang('ADD_FILE')),
+ $file_form_data,
array('fileupload' => $file)
);
diff --git a/tests/functional/plupload_test.php b/tests/functional/plupload_test.php
index c3b2e5b9eb..b7b5b08360 100644
--- a/tests/functional/plupload_test.php
+++ b/tests/functional/plupload_test.php
@@ -76,6 +76,10 @@ class phpbb_functional_plupload_test extends phpbb_functional_test_case
$chunk_size = ceil(filesize($this->path . 'valid.jpg') / self::CHUNKS);
$handle = fopen($this->path . 'valid.jpg', 'rb');
+ $crawler = self::$client->request('POST', $url . '&sid=' . $this->sid);
+
+ $file_form_data = $this->get_hidden_fields($crawler, $url);
+
for ($i = 0; $i < self::CHUNKS; $i++)
{
$chunk = fread($handle, $chunk_size);
@@ -94,13 +98,13 @@ class phpbb_functional_plupload_test extends phpbb_functional_test_case
$crawler = self::$client->request(
'POST',
$url . '&sid=' . $this->sid,
- array(
+ array_merge(array(
'chunk' => $i,
'chunks' => self::CHUNKS,
'name' => md5('valid') . '.jpg',
'real_filename' => 'valid.jpg',
'add_file' => $this->lang('ADD_FILE'),
- ),
+ ), $file_form_data),
array('fileupload' => $file),
array('X-PHPBB-USING-PLUPLOAD' => '1')
);
@@ -134,17 +138,19 @@ class phpbb_functional_plupload_test extends phpbb_functional_test_case
'error' => UPLOAD_ERR_OK,
);
+ $file_form_data = $this->get_hidden_fields(null, $url);
+
self::$client->setServerParameter('HTTP_X_PHPBB_USING_PLUPLOAD', '1');
self::$client->request(
'POST',
$url . '&sid=' . $this->sid,
- array(
+ array_merge(array(
'chunk' => '0',
'chunks' => '1',
'name' => md5('valid') . '.jpg',
'real_filename' => 'valid.jpg',
'add_file' => $this->lang('ADD_FILE'),
- ),
+ ), $file_form_data),
array('fileupload' => $file)
);
diff --git a/tests/functions/fixtures/validate_email.xml b/tests/functions/fixtures/validate_email.xml
index eb4fd90217..fa139f6f18 100644
--- a/tests/functions/fixtures/validate_email.xml
+++ b/tests/functions/fixtures/validate_email.xml
@@ -1,5 +1,29 @@
<?xml version="1.0" encoding="UTF-8" ?>
<dataset>
+ <table name="phpbb_banlist">
+ <column>ban_id</column>
+ <column>ban_userid</column>
+ <column>ban_exclude</column>
+ <column>ban_end</column>
+ <column>ban_email</column>
+ <column>ban_give_reason</column>
+ <row>
+ <value>1</value>
+ <value>0</value>
+ <value>0</value>
+ <value>0</value>
+ <value>banned@example.com</value>
+ <value></value>
+ </row>
+ <row>
+ <value>2</value>
+ <value>0</value>
+ <value>0</value>
+ <value>0</value>
+ <value>banned2@example.com</value>
+ <value>just because</value>
+ </row>
+ </table>
<table name="phpbb_users">
<column>user_id</column>
<column>username</column>
diff --git a/tests/functions/validate_user_email_test.php b/tests/functions/validate_user_email_test.php
index a05a7808a4..eeb5bfc2a9 100644
--- a/tests/functions/validate_user_email_test.php
+++ b/tests/functions/validate_user_email_test.php
@@ -28,10 +28,16 @@ class phpbb_functions_validate_user_email_test extends phpbb_database_test_case
protected function setUp(): void
{
+ global $cache, $phpbb_dispatcher, $phpbb_root_path, $phpEx;
+
parent::setUp();
+ $cache = new \phpbb\cache\driver\file();
+ $cache->purge();
$this->db = $this->new_dbal();
- $this->user = new phpbb_mock_user;
+ $phpbb_dispatcher = new phpbb_mock_event_dispatcher();
+ $language = new phpbb\language\language(new phpbb\language\language_file_loader($phpbb_root_path, $phpEx));
+ $this->user = new phpbb\user($language, '\phpbb\datetime');
$this->helper = new phpbb_functions_validate_data_helper($this);
}
@@ -47,7 +53,6 @@ class phpbb_functions_validate_user_email_test extends phpbb_database_test_case
$config['email_check_mx'] = $check_mx;
$db = $this->db;
$user = $this->user;
- $user->optionset('banned_users', array('banned@example.com'));
}
public static function validate_user_email_data()
@@ -58,7 +63,8 @@ class phpbb_functions_validate_user_email_test extends phpbb_database_test_case
array('valid_complex', array(), "'%$~test@example.com"),
array('invalid', array('EMAIL_INVALID'), 'fööbar@example.com'),
array('taken', array('EMAIL_TAKEN'), 'admin@example.com'),
- array('banned', array('EMAIL_BANNED'), 'banned@example.com'),
+ array('banned', ['just because'], 'banned2@example.com'),
+ array('banned', ['EMAIL_BANNED'], 'banned@example.com')
);
}
diff --git a/tests/test_framework/phpbb_functional_test_case.php b/tests/test_framework/phpbb_functional_test_case.php
index 090ee07d65..4c2afa4f30 100644
--- a/tests/test_framework/phpbb_functional_test_case.php
+++ b/tests/test_framework/phpbb_functional_test_case.php
@@ -1232,24 +1232,14 @@ class phpbb_functional_test_case extends phpbb_test_case
'error' => UPLOAD_ERR_OK,
);
- $crawler = self::$client->request('POST', $posting_url, array('add_file' => $this->lang('ADD_FILE')), array('fileupload' => $file));
+ $file_form_data = array_merge(['add_file' => $this->lang('ADD_FILE')], $this->get_hidden_fields($crawler, $posting_url));
+
+ $crawler = self::$client->request('POST', $posting_url, $file_form_data, array('fileupload' => $file));
}
unset($form_data['upload_files']);
}
- $hidden_fields = array(
- $crawler->filter('[type="hidden"]')->each(function ($node, $i) {
- return array('name' => $node->attr('name'), 'value' => $node->attr('value'));
- }),
- );
-
- foreach ($hidden_fields as $fields)
- {
- foreach($fields as $field)
- {
- $form_data[$field['name']] = $field['value'];
- }
- }
+ $form_data = array_merge($form_data, $this->get_hidden_fields($crawler, $posting_url));
// I use a request because the form submission method does not allow you to send data that is not
// contained in one of the actual form fields that the browser sees (i.e. it ignores "hidden" inputs)
@@ -1380,4 +1370,37 @@ class phpbb_functional_test_case extends phpbb_test_case
return self::request('GET', substr($link, strpos($link, 'mcp.')));
}
+
+ /**
+ * Get hidden fields for URL
+ *
+ * @param Symfony\Component\DomCrawler\Crawler|null $crawler Crawler instance or null
+ * @param string $url Request URL
+ *
+ * @return array Hidden form fields array
+ */
+ protected function get_hidden_fields($crawler, $url)
+ {
+ if (!$crawler)
+ {
+ $crawler = self::$client->request('GET', $url);
+ }
+ $hidden_fields = [
+ $crawler->filter('[type="hidden"]')->each(function ($node, $i) {
+ return ['name' => $node->attr('name'), 'value' => $node->attr('value')];
+ }),
+ ];
+
+ $file_form_data = [];
+
+ foreach ($hidden_fields as $fields)
+ {
+ foreach($fields as $field)
+ {
+ $file_form_data[$field['name']] = $field['value'];
+ }
+ }
+
+ return $file_form_data;
+ }
}
diff --git a/tests/text_formatter/s9e/default_formatting_test.php b/tests/text_formatter/s9e/default_formatting_test.php
index a35c9138a5..1aa4f0bc3a 100644
--- a/tests/text_formatter/s9e/default_formatting_test.php
+++ b/tests/text_formatter/s9e/default_formatting_test.php
@@ -70,7 +70,7 @@ class phpbb_textformatter_s9e_default_formatting_test extends phpbb_test_case
),
array(
'[size=75]smaller[/size]',
- '<span style="font-size:75%;line-height:normal">smaller</span>'
+ '<span style="font-size: 75%; line-height: normal">smaller</span>'
),
array(
'[quote]quoted[/quote]',
diff --git a/tests/text_processing/tickets_data/PHPBB3-13921.html b/tests/text_processing/tickets_data/PHPBB3-13921.html
index 690668ef28..6a9dc7f504 100644
--- a/tests/text_processing/tickets_data/PHPBB3-13921.html
+++ b/tests/text_processing/tickets_data/PHPBB3-13921.html
@@ -1 +1 @@
-<span style="font-size:200%;line-height:normal"></span><div style="text-align:center"><span style="font-size:200%;line-height:normal">xxx</span></div> \ No newline at end of file
+<span style="font-size: 200%; line-height: normal"></span><div style="text-align:center"><span style="font-size: 200%; line-height: normal">xxx</span></div> \ No newline at end of file