From 084e1ae5603f4204945d25afcfabaeb1198df20f Mon Sep 17 00:00:00 2001 From: Hari Sankar R Date: Tue, 3 Apr 2012 22:15:59 +0530 Subject: [PATCH 01/12] [ticket/10561] All users can choose deactivated styles (fixed). A form exploit enabled the users to select a deactivated style. Fixed with extra check on submit, with a new function styles_verify to check if the selected style is activated or not. PHPBB3-10561 --- phpBB/includes/functions.php | 18 ++++++++++++++++++ phpBB/includes/ucp/ucp_prefs.php | 3 ++- 2 files changed, 20 insertions(+), 1 deletion(-) diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index 0320230a7d..530638c56b 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -1238,6 +1238,24 @@ function style_select($default = '', $all = false) return $style_options; } +/** +* Check if style is activated +*/ +function style_verify($style_id = 0) +{ + global $db; + + $sql = 'SELECT style_id, style_active + FROM ' . STYLES_TABLE . " + WHERE style_id = $style_id"; + $result = $db->sql_query($sql); + + $style_verified = $db->sql_fetchrow($result); + $db->sql_freeresult($result); + + return $style_verified['style_active']; +} + /** * Pick a timezone */ diff --git a/phpBB/includes/ucp/ucp_prefs.php b/phpBB/includes/ucp/ucp_prefs.php index 13167b2b3d..0df8acd5af 100644 --- a/phpBB/includes/ucp/ucp_prefs.php +++ b/phpBB/includes/ucp/ucp_prefs.php @@ -61,7 +61,8 @@ class ucp_prefs if ($submit) { - $data['style'] = ($config['override_user_style']) ? $config['default_style'] : $data['style']; + $data['style'] = ($config['override_user_style']) ? $config['default_style'] : + (style_verify($data['style']) ? $data['style'] : ((int) $user->data['user_style'])); $error = validate_data($data, array( 'dateformat' => array('string', false, 1, 30), From b81a5afc2541e035b78bfe5f7c8374c9d4ae6b9f Mon Sep 17 00:00:00 2001 From: Hari Sankar R Date: Tue, 3 Apr 2012 22:56:06 +0530 Subject: [PATCH 02/12] [ticket/10561] Changes made to function phpbb_style_is_active(). Fixed return type, documented function and, removed style_id from fetch. PHPBB3-10561 --- phpBB/includes/functions.php | 12 +++++++----- phpBB/includes/ucp/ucp_prefs.php | 2 +- 2 files changed, 8 insertions(+), 6 deletions(-) diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index 530638c56b..3881299648 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -1239,21 +1239,23 @@ function style_select($default = '', $all = false) } /** -* Check if style is activated +* @author Hari Sankar R +* @param int $style_id The style_id of a style which should be checked if activated or not. +* @return boolean */ -function style_verify($style_id = 0) +function phpbb_style_is_active($style_id) { global $db; - $sql = 'SELECT style_id, style_active + $sql = 'SELECT style_active FROM ' . STYLES_TABLE . " - WHERE style_id = $style_id"; + WHERE style_id = ". (int) $style_id; $result = $db->sql_query($sql); $style_verified = $db->sql_fetchrow($result); $db->sql_freeresult($result); - return $style_verified['style_active']; + return (bool) $style_verified['style_active']; } /** diff --git a/phpBB/includes/ucp/ucp_prefs.php b/phpBB/includes/ucp/ucp_prefs.php index 0df8acd5af..e81bd1e1bb 100644 --- a/phpBB/includes/ucp/ucp_prefs.php +++ b/phpBB/includes/ucp/ucp_prefs.php @@ -62,7 +62,7 @@ class ucp_prefs if ($submit) { $data['style'] = ($config['override_user_style']) ? $config['default_style'] : - (style_verify($data['style']) ? $data['style'] : ((int) $user->data['user_style'])); + (phpbb_style_is_active($data['style']) ? $data['style'] : ((int) $user->data['user_style'])); $error = validate_data($data, array( 'dateformat' => array('string', false, 1, 30), From c5481371b9e4dc6f30f7a9bce1beba21530f9977 Mon Sep 17 00:00:00 2001 From: Hari Sankar R Date: Tue, 3 Apr 2012 23:04:56 +0530 Subject: [PATCH 03/12] [ticket/10561] Changes made to $db->sql_fetchrow(). Changed $db->sql_fetchrow() to $db->sql_fetchfield(). PHPBB3-10561 --- phpBB/includes/functions.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index 3881299648..a6ddcdd0a3 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -1252,10 +1252,10 @@ function phpbb_style_is_active($style_id) WHERE style_id = ". (int) $style_id; $result = $db->sql_query($sql); - $style_verified = $db->sql_fetchrow($result); + $style_verified = (bool) $db->sql_fetchfield('style_active');; $db->sql_freeresult($result); - return (bool) $style_verified['style_active']; + return $style_verified; } /** From a84b97f58e8177eb28ad41cfb261200d523c9ff5 Mon Sep 17 00:00:00 2001 From: Hari Sankar R Date: Tue, 3 Apr 2012 23:15:16 +0530 Subject: [PATCH 04/12] [ticket/10561] Fixed syntax error and renamed return variables. Renamed $style_verified to $style_is_active and fixed extra ';'. PHPBB3-10561 --- phpBB/includes/functions.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index a6ddcdd0a3..70a961a744 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -1252,10 +1252,10 @@ function phpbb_style_is_active($style_id) WHERE style_id = ". (int) $style_id; $result = $db->sql_query($sql); - $style_verified = (bool) $db->sql_fetchfield('style_active');; + $style_is_active = (bool) $db->sql_fetchfield('style_active'); $db->sql_freeresult($result); - return $style_verified; + return $style_is_active; } /** From 018419b36cf4d81cf2fa3f82d85f9bc8580c9c19 Mon Sep 17 00:00:00 2001 From: Hari Sankar R Date: Thu, 5 Apr 2012 19:31:18 +0530 Subject: [PATCH 05/12] [ticket/10561] Moved and renamed the funtion validate_style(). Fixed minor changes as suggested by @bantu. PHPBB3-10561 --- phpBB/includes/functions.php | 20 -------------------- phpBB/includes/functions_user.php | 19 +++++++++++++++++++ phpBB/includes/ucp/ucp_prefs.php | 10 ++++++++-- 3 files changed, 27 insertions(+), 22 deletions(-) diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index 70a961a744..0320230a7d 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -1238,26 +1238,6 @@ function style_select($default = '', $all = false) return $style_options; } -/** -* @author Hari Sankar R -* @param int $style_id The style_id of a style which should be checked if activated or not. -* @return boolean -*/ -function phpbb_style_is_active($style_id) -{ - global $db; - - $sql = 'SELECT style_active - FROM ' . STYLES_TABLE . " - WHERE style_id = ". (int) $style_id; - $result = $db->sql_query($sql); - - $style_is_active = (bool) $db->sql_fetchfield('style_active'); - $db->sql_freeresult($result); - - return $style_is_active; -} - /** * Pick a timezone */ diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php index 10fb57ea97..7313844955 100644 --- a/phpBB/includes/functions_user.php +++ b/phpBB/includes/functions_user.php @@ -1948,6 +1948,25 @@ function validate_jabber($jid) return false; } +/** +* @param int $style_id The style_id of a style which should be checked if activated or not. +* @return boolean +*/ +function phpbb_validate_style($style_id) +{ + global $db; + + $sql = 'SELECT style_active + FROM ' . STYLES_TABLE . ' + WHERE style_id = '. (int) $style_id; + $result = $db->sql_query($sql); + + $style_is_active = (bool) $db->sql_fetchfield('style_active'); + $db->sql_freeresult($result); + + return $style_is_active; +} + /** * Remove avatar */ diff --git a/phpBB/includes/ucp/ucp_prefs.php b/phpBB/includes/ucp/ucp_prefs.php index e81bd1e1bb..5b915824d6 100644 --- a/phpBB/includes/ucp/ucp_prefs.php +++ b/phpBB/includes/ucp/ucp_prefs.php @@ -61,8 +61,14 @@ class ucp_prefs if ($submit) { - $data['style'] = ($config['override_user_style']) ? $config['default_style'] : - (phpbb_style_is_active($data['style']) ? $data['style'] : ((int) $user->data['user_style'])); + if ($config['override_user_style']) + { + $data['style'] = $config['default_style']; + } + else if (!phpbb_validate_style($data['style'])) + { + $data['style'] = (int) $user->data['user_style']); + } $error = validate_data($data, array( 'dateformat' => array('string', false, 1, 30), From ea5ae09c7d899bd0daa2b8b18371d6c4fbba4c5e Mon Sep 17 00:00:00 2001 From: Hari Sankar R Date: Fri, 6 Apr 2012 14:09:56 +0530 Subject: [PATCH 06/12] [ticket/10561] Added section in database_update.php Added section to check for existing users using a deactivated style, and revert it to default style. PHPBB3-10561 --- phpBB/install/database_update.php | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/phpBB/install/database_update.php b/phpBB/install/database_update.php index a1b7dcd47f..91016273e6 100644 --- a/phpBB/install/database_update.php +++ b/phpBB/install/database_update.php @@ -1871,6 +1871,24 @@ function change_database_data(&$no_updates, $version) } // end Bing Bot addition + // Updates users having current style a deactivated one + $sql = 'SELECT style_id + FROM ' . STYLES_TABLE . ' + WHERE style_active = 0'; + $result = $db->sql_query($sql); + + while($temp = $db->sql_fetchfield('style_id', false, $result)) + { + $styles[] = $temp; + } + + $db->sql_freeresult($result); + $sql = 'UPDATE ' . USERS_TABLE . ' + SET user_style = ' . $config['default_style'] .' + WHERE ' . $db->sql_in_set('user_style', $styles); + $result = $db->sql_query($sql); + $db->sql_freeresult($result); + // Delete shadow topics pointing to not existing topics $batch_size = 500; From 1808a61fe3e89399aec4ecced36e270faa7d0beb Mon Sep 17 00:00:00 2001 From: Hari Sankar R Date: Sat, 7 Apr 2012 19:42:42 +0530 Subject: [PATCH 07/12] [ticket/10561] Added to database_update:database_update_info() Updates made to database_update.php PHPBB3-10561 --- phpBB/install/database_update.php | 45 ++++++++++++++++++------------- 1 file changed, 27 insertions(+), 18 deletions(-) diff --git a/phpBB/install/database_update.php b/phpBB/install/database_update.php index 91016273e6..096d90219b 100644 --- a/phpBB/install/database_update.php +++ b/phpBB/install/database_update.php @@ -993,6 +993,8 @@ function database_update_info() '3.0.10-RC2' => array(), // No changes from 3.0.10-RC3 to 3.0.10 '3.0.10-RC3' => array(), + // No changes from 3.0.10 to 3.0.11-RC1 + '3.0.10' => array(), /** @todo DROP LOGIN_ATTEMPT_TABLE.attempt_id in 3.0.11-RC1 */ ); @@ -1871,24 +1873,6 @@ function change_database_data(&$no_updates, $version) } // end Bing Bot addition - // Updates users having current style a deactivated one - $sql = 'SELECT style_id - FROM ' . STYLES_TABLE . ' - WHERE style_active = 0'; - $result = $db->sql_query($sql); - - while($temp = $db->sql_fetchfield('style_id', false, $result)) - { - $styles[] = $temp; - } - - $db->sql_freeresult($result); - $sql = 'UPDATE ' . USERS_TABLE . ' - SET user_style = ' . $config['default_style'] .' - WHERE ' . $db->sql_in_set('user_style', $styles); - $result = $db->sql_query($sql); - $db->sql_freeresult($result); - // Delete shadow topics pointing to not existing topics $batch_size = 500; @@ -2042,6 +2026,31 @@ function change_database_data(&$no_updates, $version) // No changes from 3.0.10-RC3 to 3.0.10 case '3.0.10-RC3': break; + + // Changes from 3.0.10 to 3.0.11-RC1 + case '3.0.10': + // Updates users having current style a deactivated one + $deactivated_style_ids = array(); + $sql = 'SELECT style_id + FROM ' . STYLES_TABLE . ' + WHERE style_active = 0'; + $result = $db->sql_query($sql); + + while ($temp_style_id = $db->sql_fetchfield('style_id', false, $result)) + { + $deactivated_style_ids[] = (int) $temp_style_id; + } + + $db->sql_freeresult($result); + if (!empty($deactivated_style_ids)) + { + $sql = 'UPDATE ' . USERS_TABLE . ' + SET user_style = ' . $config['default_style'] .' + WHERE ' . $db->sql_in_set('user_style', $deactivated_style_ids); + $result = $db->sql_query($sql); + } + $no_updates = false; + break; } } From 03a35581c4b0dcb7c20885d4ca807ea7117872cb Mon Sep 17 00:00:00 2001 From: Hari Sankar R Date: Sat, 7 Apr 2012 23:15:12 +0530 Subject: [PATCH 08/12] [ticket/10561] Reverted to phpbb_style_is_active() Changes made to function name, reverted to old. PHPBB3-10561 --- phpBB/includes/functions_user.php | 2 +- phpBB/includes/ucp/ucp_prefs.php | 4 ++-- phpBB/install/database_update.php | 5 +++-- 3 files changed, 6 insertions(+), 5 deletions(-) diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php index 7313844955..770eab48d5 100644 --- a/phpBB/includes/functions_user.php +++ b/phpBB/includes/functions_user.php @@ -1952,7 +1952,7 @@ function validate_jabber($jid) * @param int $style_id The style_id of a style which should be checked if activated or not. * @return boolean */ -function phpbb_validate_style($style_id) +function phpbb_style_is_active($style_id) { global $db; diff --git a/phpBB/includes/ucp/ucp_prefs.php b/phpBB/includes/ucp/ucp_prefs.php index 5b915824d6..f6fe916d8b 100644 --- a/phpBB/includes/ucp/ucp_prefs.php +++ b/phpBB/includes/ucp/ucp_prefs.php @@ -65,9 +65,9 @@ class ucp_prefs { $data['style'] = $config['default_style']; } - else if (!phpbb_validate_style($data['style'])) + else if (!phpbb_style_is_active($data['style'])) { - $data['style'] = (int) $user->data['user_style']); + $data['style'] = (int) $user->data['user_style']; } $error = validate_data($data, array( diff --git a/phpBB/install/database_update.php b/phpBB/install/database_update.php index 096d90219b..8f00b18846 100644 --- a/phpBB/install/database_update.php +++ b/phpBB/install/database_update.php @@ -2030,18 +2030,18 @@ function change_database_data(&$no_updates, $version) // Changes from 3.0.10 to 3.0.11-RC1 case '3.0.10': // Updates users having current style a deactivated one - $deactivated_style_ids = array(); $sql = 'SELECT style_id FROM ' . STYLES_TABLE . ' WHERE style_active = 0'; $result = $db->sql_query($sql); + $deactivated_style_ids = array(); while ($temp_style_id = $db->sql_fetchfield('style_id', false, $result)) { $deactivated_style_ids[] = (int) $temp_style_id; } - $db->sql_freeresult($result); + if (!empty($deactivated_style_ids)) { $sql = 'UPDATE ' . USERS_TABLE . ' @@ -2049,6 +2049,7 @@ function change_database_data(&$no_updates, $version) WHERE ' . $db->sql_in_set('user_style', $deactivated_style_ids); $result = $db->sql_query($sql); } + $no_updates = false; break; } From 4e630ef1601ef39c7947de7d071fdccf68f52e3b Mon Sep 17 00:00:00 2001 From: Hari Sankar R Date: Mon, 9 Apr 2012 00:33:55 +0530 Subject: [PATCH 09/12] [ticket/10561] Casted $config['default_style'] to int PHPBB3-10561 --- phpBB/includes/ucp/ucp_prefs.php | 2 +- phpBB/install/database_update.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/phpBB/includes/ucp/ucp_prefs.php b/phpBB/includes/ucp/ucp_prefs.php index f6fe916d8b..17d7d23f02 100644 --- a/phpBB/includes/ucp/ucp_prefs.php +++ b/phpBB/includes/ucp/ucp_prefs.php @@ -63,7 +63,7 @@ class ucp_prefs { if ($config['override_user_style']) { - $data['style'] = $config['default_style']; + $data['style'] = (int) $config['default_style']; } else if (!phpbb_style_is_active($data['style'])) { diff --git a/phpBB/install/database_update.php b/phpBB/install/database_update.php index 8f00b18846..576b3c0ba8 100644 --- a/phpBB/install/database_update.php +++ b/phpBB/install/database_update.php @@ -2045,7 +2045,7 @@ function change_database_data(&$no_updates, $version) if (!empty($deactivated_style_ids)) { $sql = 'UPDATE ' . USERS_TABLE . ' - SET user_style = ' . $config['default_style'] .' + SET user_style = ' . (int) $config['default_style'] .' WHERE ' . $db->sql_in_set('user_style', $deactivated_style_ids); $result = $db->sql_query($sql); } From 9bce716081f55f209afbfb3ecf1a097b47292da4 Mon Sep 17 00:00:00 2001 From: Hari Sankar R Date: Mon, 9 Apr 2012 00:57:29 +0530 Subject: [PATCH 10/12] [ticket/10561] Added function desc for phpbb_style_is_active() PHPBB3-10561 --- phpBB/includes/functions_user.php | 2 ++ 1 file changed, 2 insertions(+) diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php index 770eab48d5..83316be2a3 100644 --- a/phpBB/includes/functions_user.php +++ b/phpBB/includes/functions_user.php @@ -1949,6 +1949,8 @@ function validate_jabber($jid) } /** +* Verifies whether a style ID corresponds to an active style. +* * @param int $style_id The style_id of a style which should be checked if activated or not. * @return boolean */ From 8442b19e59e3d07129c3ef5286ada84a3ac64b98 Mon Sep 17 00:00:00 2001 From: Hari Sankar R Date: Mon, 9 Apr 2012 01:04:17 +0530 Subject: [PATCH 11/12] [ticket/10561] Changed $temp_style_id to $style_id PHPBB3-10561 --- phpBB/install/database_update.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/phpBB/install/database_update.php b/phpBB/install/database_update.php index 576b3c0ba8..ba89a07e92 100644 --- a/phpBB/install/database_update.php +++ b/phpBB/install/database_update.php @@ -2036,9 +2036,9 @@ function change_database_data(&$no_updates, $version) $result = $db->sql_query($sql); $deactivated_style_ids = array(); - while ($temp_style_id = $db->sql_fetchfield('style_id', false, $result)) + while ($style_id = $db->sql_fetchfield('style_id', false, $result)) { - $deactivated_style_ids[] = (int) $temp_style_id; + $deactivated_style_ids[] = (int) $style_id; } $db->sql_freeresult($result); From 2a48284fc9125edad2dbd9de41dfb1ef61926b6b Mon Sep 17 00:00:00 2001 From: Hari Sankar R Date: Mon, 9 Apr 2012 01:25:17 +0530 Subject: [PATCH 12/12] [ticket/10561] Removed extra tabs, changes made to $db->sql_query() Substituted $db->sql_query() with _sql() PHPBB3-10561 --- phpBB/install/database_update.php | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/phpBB/install/database_update.php b/phpBB/install/database_update.php index ba89a07e92..6097341ace 100644 --- a/phpBB/install/database_update.php +++ b/phpBB/install/database_update.php @@ -2031,8 +2031,8 @@ function change_database_data(&$no_updates, $version) case '3.0.10': // Updates users having current style a deactivated one $sql = 'SELECT style_id - FROM ' . STYLES_TABLE . ' - WHERE style_active = 0'; + FROM ' . STYLES_TABLE . ' + WHERE style_active = 0'; $result = $db->sql_query($sql); $deactivated_style_ids = array(); @@ -2045,9 +2045,9 @@ function change_database_data(&$no_updates, $version) if (!empty($deactivated_style_ids)) { $sql = 'UPDATE ' . USERS_TABLE . ' - SET user_style = ' . (int) $config['default_style'] .' - WHERE ' . $db->sql_in_set('user_style', $deactivated_style_ids); - $result = $db->sql_query($sql); + SET user_style = ' . (int) $config['default_style'] .' + WHERE ' . $db->sql_in_set('user_style', $deactivated_style_ids); + _sql($sql, $errored, $error_ary); } $no_updates = false;