1
0
mirror of https://github.com/phpbb/phpbb.git synced 2025-03-18 22:50:29 +01:00

Merge branch '3.3.x'

This commit is contained in:
Marc Alexander 2020-08-30 14:47:35 +02:00
commit 2c65df7185
No known key found for this signature in database
GPG Key ID: 50E0D2423696F995
4 changed files with 96 additions and 6 deletions

View File

@ -193,7 +193,7 @@ class acp_board
'allow_post_flash' => array('lang' => 'ALLOW_POST_FLASH', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true),
'allow_smilies' => array('lang' => 'ALLOW_SMILIES', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => false),
'allow_post_links' => array('lang' => 'ALLOW_POST_LINKS', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true),
'allowed_schemes_links' => array('lang' => 'ALLOWED_SCHEMES_LINKS', 'validate' => 'string', 'type' => 'text:0:255', 'explain' => true),
'allowed_schemes_links' => array('lang' => 'ALLOWED_SCHEMES_LINKS', 'validate' => 'csv', 'type' => 'text:0:255', 'explain' => true),
'allow_nocensors' => array('lang' => 'ALLOW_NO_CENSORS', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true),
'allow_bookmarks' => array('lang' => 'ALLOW_BOOKMARKS', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true),
'enable_post_confirm' => array('lang' => 'VISUAL_CONFIRM_POST', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true),
@ -497,6 +497,19 @@ class acp_board
$cfg_array = (isset($_REQUEST['config'])) ? $request->variable('config', array('' => ''), true) : $this->new_config;
$error = array();
// Prevalidate allowed URL schemes
if ($mode == 'post')
{
$schemes = array_filter(explode(',', $cfg_array['allowed_schemes_links']));
foreach ($schemes as $scheme)
{
if (!preg_match('#^[a-z][a-z0-9+\\-.]*$#Di', $scheme))
{
$error[] = $language->lang('URL_SCHEME_INVALID', $language->lang('ALLOWED_SCHEMES_LINKS'), $scheme);
}
}
}
// We validate the complete config if wished
validate_config_vars($display_vars['vars'], $cfg_array, $error);

View File

@ -442,13 +442,27 @@ function validate_config_vars($config_vars, &$cfg_array, &$error)
switch ($validator[$type])
{
case 'url':
$cfg_array[$config_name] = trim($cfg_array[$config_name]);
if (!empty($cfg_array[$config_name]) && !preg_match('#^' . get_preg_expression('url') . '$#iu', $cfg_array[$config_name]))
case 'csv':
if ($validator[$type] == 'url')
{
$error[] = $language->lang('URL_INVALID', $language->lang($config_definition['lang']));
}
$cfg_array[$config_name] = trim($cfg_array[$config_name]);
if (!empty($cfg_array[$config_name]) && !preg_match('#^' . get_preg_expression('url') . '$#iu', $cfg_array[$config_name]))
{
$error[] = $language->lang('URL_INVALID', $language->lang($config_definition['lang']));
}
}
else if ($validator[$type] == 'csv')
{
// Validate comma separated values
$unfiltered_array = explode(',', $cfg_array[$config_name]);
$filtered_array = array_filter($unfiltered_array);
if (!empty($filtered_array) && count($unfiltered_array) !== count($filtered_array))
{
$error[] = $language->lang('CSV_INVALID', $language->lang($config_definition['lang']));
}
}
// no break here
case 'string':

View File

@ -254,6 +254,7 @@ $lang = array_merge($lang, array(
'CRON_NO_SUCH_TASK' => 'Could not find cron task “%s”.',
'CRON_NO_TASK' => 'No cron tasks need to be run right now.',
'CRON_NO_TASKS' => 'No cron tasks could be found.',
'CSV_INVALID' => 'The provided comma-separated setting “%1$s” is invalid. The values should be delimited by comma only, it should not contain any leading or trailing delimiters.',
'CURRENT_VERSION' => 'Current version',
'DEACTIVATE' => 'Deactivate',
@ -335,6 +336,7 @@ $lang = array_merge($lang, array(
'UCP' => 'User Control Panel',
'URL_INVALID' => 'The provided URL for the setting “%1$s” is invalid.',
'URL_SCHEME_INVALID' => 'The provided scheme “%2$s” in comma-separated setting “%1$s” is invalid. Scheme should start with a latin character followed by alphanumeric characters, hyphens or dots.',
'USERNAMES_EXPLAIN' => 'Place each username on a separate line.',
'USER_CONTROL_PANEL' => 'User Control Panel',

View File

@ -0,0 +1,61 @@
<?php
/**
*
* This file is part of the phpBB Forum Software package.
*
* @copyright (c) phpBB Limited <https://www.phpbb.com>
* @license GNU General Public License, version 2 (GPL-2.0)
*
* For full copyright and license information, please see
* the docs/CREDITS.txt file.
*
*/
/**
* @group functional
*/
class phpbb_functional_acp_post_settings_test extends phpbb_functional_test_case
{
public function test_allowed_schemes_links()
{
$this->add_lang(['acp/common', 'acp/board']);
$this->login();
$this->admin_login();
$crawler = self::request('GET', 'adm/index.php?i=acp_board&mode=post&sid=' . $this->sid);
$this->assertContainsLang('ACP_POST_SETTINGS_EXPLAIN', $this->get_content());
// Test trailing comma - invalid
$form = $crawler->selectButton($this->lang('SUBMIT'))->form([
'config[allowed_schemes_links]' => 'http,https,ftp,'
]);
$crawler = self::submit($form);
$this->assertContainsLang('WARNING', $crawler->filter('div[class="errorbox"] > h3')->text());
$this->assertStringContainsString($this->lang('CSV_INVALID', $this->lang('ALLOWED_SCHEMES_LINKS')), $crawler->filter('div[class="errorbox"] > p')->text());
// Test trailing comma and invalid scheme - invalid
$form = $crawler->selectButton($this->lang('SUBMIT'))->form([
'config[allowed_schemes_links]' => 'http,https,2ftp,'
]);
$crawler = self::submit($form);
$this->assertContainsLang('WARNING', $crawler->filter('div[class="errorbox"] > h3')->text());
$this->assertStringContainsString($this->lang('CSV_INVALID', $this->lang('ALLOWED_SCHEMES_LINKS')), $crawler->filter('div[class="errorbox"] > p')->text());
$this->assertStringContainsString($this->lang('URL_SCHEME_INVALID', $this->lang('ALLOWED_SCHEMES_LINKS'), '2ftp'), $crawler->filter('div[class="errorbox"] > p')->text());
// Test empty setting - valid
$form = $crawler->selectButton($this->lang('SUBMIT'))->form([
'config[allowed_schemes_links]' => ''
]);
$crawler = self::submit($form);
$this->assertContainsLang('CONFIG_UPDATED', $crawler->filter('div[class="successbox"] > p')->text());
// Restore default setting - 'http,https,ftp'
$crawler = self::request('GET', 'adm/index.php?i=acp_board&mode=post&sid=' . $this->sid);
$this->assertContainsLang('ACP_POST_SETTINGS_EXPLAIN', $this->get_content());
$form = $crawler->selectButton($this->lang('SUBMIT'))->form([
'config[allowed_schemes_links]' => 'http,https,ftp'
]);
$crawler = self::submit($form);
$this->assertContainsLang('CONFIG_UPDATED', $crawler->filter('div[class="successbox"] > p')->text());
}
}