mirror of
https://github.com/phpbb/phpbb.git
synced 2025-03-18 22:50:29 +01:00
Merge branch '3.3.x'
This commit is contained in:
commit
2c65df7185
@ -193,7 +193,7 @@ class acp_board
|
||||
'allow_post_flash' => array('lang' => 'ALLOW_POST_FLASH', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true),
|
||||
'allow_smilies' => array('lang' => 'ALLOW_SMILIES', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => false),
|
||||
'allow_post_links' => array('lang' => 'ALLOW_POST_LINKS', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true),
|
||||
'allowed_schemes_links' => array('lang' => 'ALLOWED_SCHEMES_LINKS', 'validate' => 'string', 'type' => 'text:0:255', 'explain' => true),
|
||||
'allowed_schemes_links' => array('lang' => 'ALLOWED_SCHEMES_LINKS', 'validate' => 'csv', 'type' => 'text:0:255', 'explain' => true),
|
||||
'allow_nocensors' => array('lang' => 'ALLOW_NO_CENSORS', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true),
|
||||
'allow_bookmarks' => array('lang' => 'ALLOW_BOOKMARKS', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true),
|
||||
'enable_post_confirm' => array('lang' => 'VISUAL_CONFIRM_POST', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true),
|
||||
@ -497,6 +497,19 @@ class acp_board
|
||||
$cfg_array = (isset($_REQUEST['config'])) ? $request->variable('config', array('' => ''), true) : $this->new_config;
|
||||
$error = array();
|
||||
|
||||
// Prevalidate allowed URL schemes
|
||||
if ($mode == 'post')
|
||||
{
|
||||
$schemes = array_filter(explode(',', $cfg_array['allowed_schemes_links']));
|
||||
foreach ($schemes as $scheme)
|
||||
{
|
||||
if (!preg_match('#^[a-z][a-z0-9+\\-.]*$#Di', $scheme))
|
||||
{
|
||||
$error[] = $language->lang('URL_SCHEME_INVALID', $language->lang('ALLOWED_SCHEMES_LINKS'), $scheme);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// We validate the complete config if wished
|
||||
validate_config_vars($display_vars['vars'], $cfg_array, $error);
|
||||
|
||||
|
@ -442,13 +442,27 @@ function validate_config_vars($config_vars, &$cfg_array, &$error)
|
||||
switch ($validator[$type])
|
||||
{
|
||||
case 'url':
|
||||
$cfg_array[$config_name] = trim($cfg_array[$config_name]);
|
||||
|
||||
if (!empty($cfg_array[$config_name]) && !preg_match('#^' . get_preg_expression('url') . '$#iu', $cfg_array[$config_name]))
|
||||
case 'csv':
|
||||
if ($validator[$type] == 'url')
|
||||
{
|
||||
$error[] = $language->lang('URL_INVALID', $language->lang($config_definition['lang']));
|
||||
}
|
||||
$cfg_array[$config_name] = trim($cfg_array[$config_name]);
|
||||
|
||||
if (!empty($cfg_array[$config_name]) && !preg_match('#^' . get_preg_expression('url') . '$#iu', $cfg_array[$config_name]))
|
||||
{
|
||||
$error[] = $language->lang('URL_INVALID', $language->lang($config_definition['lang']));
|
||||
}
|
||||
}
|
||||
else if ($validator[$type] == 'csv')
|
||||
{
|
||||
// Validate comma separated values
|
||||
$unfiltered_array = explode(',', $cfg_array[$config_name]);
|
||||
$filtered_array = array_filter($unfiltered_array);
|
||||
if (!empty($filtered_array) && count($unfiltered_array) !== count($filtered_array))
|
||||
{
|
||||
$error[] = $language->lang('CSV_INVALID', $language->lang($config_definition['lang']));
|
||||
}
|
||||
|
||||
}
|
||||
// no break here
|
||||
|
||||
case 'string':
|
||||
|
@ -254,6 +254,7 @@ $lang = array_merge($lang, array(
|
||||
'CRON_NO_SUCH_TASK' => 'Could not find cron task “%s”.',
|
||||
'CRON_NO_TASK' => 'No cron tasks need to be run right now.',
|
||||
'CRON_NO_TASKS' => 'No cron tasks could be found.',
|
||||
'CSV_INVALID' => 'The provided comma-separated setting “%1$s” is invalid. The values should be delimited by comma only, it should not contain any leading or trailing delimiters.',
|
||||
'CURRENT_VERSION' => 'Current version',
|
||||
|
||||
'DEACTIVATE' => 'Deactivate',
|
||||
@ -335,6 +336,7 @@ $lang = array_merge($lang, array(
|
||||
|
||||
'UCP' => 'User Control Panel',
|
||||
'URL_INVALID' => 'The provided URL for the setting “%1$s” is invalid.',
|
||||
'URL_SCHEME_INVALID' => 'The provided scheme “%2$s” in comma-separated setting “%1$s” is invalid. Scheme should start with a latin character followed by alphanumeric characters, hyphens or dots.',
|
||||
'USERNAMES_EXPLAIN' => 'Place each username on a separate line.',
|
||||
'USER_CONTROL_PANEL' => 'User Control Panel',
|
||||
|
||||
|
61
tests/functional/acp_post_settings_test.php
Normal file
61
tests/functional/acp_post_settings_test.php
Normal file
@ -0,0 +1,61 @@
|
||||
<?php
|
||||
/**
|
||||
*
|
||||
* This file is part of the phpBB Forum Software package.
|
||||
*
|
||||
* @copyright (c) phpBB Limited <https://www.phpbb.com>
|
||||
* @license GNU General Public License, version 2 (GPL-2.0)
|
||||
*
|
||||
* For full copyright and license information, please see
|
||||
* the docs/CREDITS.txt file.
|
||||
*
|
||||
*/
|
||||
|
||||
/**
|
||||
* @group functional
|
||||
*/
|
||||
class phpbb_functional_acp_post_settings_test extends phpbb_functional_test_case
|
||||
{
|
||||
public function test_allowed_schemes_links()
|
||||
{
|
||||
$this->add_lang(['acp/common', 'acp/board']);
|
||||
$this->login();
|
||||
$this->admin_login();
|
||||
|
||||
$crawler = self::request('GET', 'adm/index.php?i=acp_board&mode=post&sid=' . $this->sid);
|
||||
$this->assertContainsLang('ACP_POST_SETTINGS_EXPLAIN', $this->get_content());
|
||||
|
||||
// Test trailing comma - invalid
|
||||
$form = $crawler->selectButton($this->lang('SUBMIT'))->form([
|
||||
'config[allowed_schemes_links]' => 'http,https,ftp,'
|
||||
]);
|
||||
$crawler = self::submit($form);
|
||||
$this->assertContainsLang('WARNING', $crawler->filter('div[class="errorbox"] > h3')->text());
|
||||
$this->assertStringContainsString($this->lang('CSV_INVALID', $this->lang('ALLOWED_SCHEMES_LINKS')), $crawler->filter('div[class="errorbox"] > p')->text());
|
||||
|
||||
// Test trailing comma and invalid scheme - invalid
|
||||
$form = $crawler->selectButton($this->lang('SUBMIT'))->form([
|
||||
'config[allowed_schemes_links]' => 'http,https,2ftp,'
|
||||
]);
|
||||
$crawler = self::submit($form);
|
||||
$this->assertContainsLang('WARNING', $crawler->filter('div[class="errorbox"] > h3')->text());
|
||||
$this->assertStringContainsString($this->lang('CSV_INVALID', $this->lang('ALLOWED_SCHEMES_LINKS')), $crawler->filter('div[class="errorbox"] > p')->text());
|
||||
$this->assertStringContainsString($this->lang('URL_SCHEME_INVALID', $this->lang('ALLOWED_SCHEMES_LINKS'), '2ftp'), $crawler->filter('div[class="errorbox"] > p')->text());
|
||||
|
||||
// Test empty setting - valid
|
||||
$form = $crawler->selectButton($this->lang('SUBMIT'))->form([
|
||||
'config[allowed_schemes_links]' => ''
|
||||
]);
|
||||
$crawler = self::submit($form);
|
||||
$this->assertContainsLang('CONFIG_UPDATED', $crawler->filter('div[class="successbox"] > p')->text());
|
||||
|
||||
// Restore default setting - 'http,https,ftp'
|
||||
$crawler = self::request('GET', 'adm/index.php?i=acp_board&mode=post&sid=' . $this->sid);
|
||||
$this->assertContainsLang('ACP_POST_SETTINGS_EXPLAIN', $this->get_content());
|
||||
$form = $crawler->selectButton($this->lang('SUBMIT'))->form([
|
||||
'config[allowed_schemes_links]' => 'http,https,ftp'
|
||||
]);
|
||||
$crawler = self::submit($form);
|
||||
$this->assertContainsLang('CONFIG_UPDATED', $crawler->filter('div[class="successbox"] > p')->text());
|
||||
}
|
||||
}
|
Loading…
x
Reference in New Issue
Block a user