mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-05-16 20:39:49 +02:00
Code Issues Releases Wiki Activity

Merge pull request #6196 from marc1706/ticket/16764

Browse Source 
[ticket/16764] Remove remote avatar functionality
This commit is contained in:
Máté Bartus 2021-04-24 08:35:16 +02:00 committed by GitHub
commit 3e6e8ece18
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
23 changed files with 81 additions and 469 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
phpBB/adm/style/acp_avatar_options_remote.html
View File

@ -1,11 +0,0 @@
<dl>
<dt><label for="avatar_remote_url">{L_LINK_REMOTE_AVATAR}{L_COLON}</label><br /><span>{L_LINK_REMOTE_AVATAR_EXPLAIN}</span></dt>
<dd><input type="url" name="avatar_remote_url" id="avatar_remote_url" value="{AVATAR_REMOTE_URL}" class="inputbox" /></dd>
</dl>
<dl>
<dt><label for="avatar_remote_width">{L_LINK_REMOTE_SIZE}{L_COLON}</label><br /><span>{L_LINK_REMOTE_SIZE_EXPLAIN}</span></dt>
<dd>
<input type="number" name="avatar_remote_width" id="avatar_remote_width" min="{AVATAR_MIN_WIDTH}" max="{AVATAR_MAX_WIDTH}" value="{AVATAR_REMOTE_WIDTH}" class="inputbox autowidth" /> {L_PIXEL} &times;&nbsp;
<input type="number" name="avatar_remote_height" id="avatar_remote_height" min="{AVATAR_MIN_HEIGHT}" max="{AVATAR_MAX_HEIGHT}" value="{AVATAR_REMOTE_HEIGHT}" class="inputbox autowidth" /> {L_PIXEL}
</dd>
</dl>

7
phpBB/adm/style/acp_avatar_options_upload.html
View File

@ -2,10 +2,3 @@
<dt><label for="avatar_upload_file">{L_UPLOAD_AVATAR_FILE}{L_COLON}</label></dt>
<dd><input type="hidden" name="MAX_FILE_SIZE" value="{AVATAR_UPLOAD_SIZE}" /><input type="file" name="avatar_upload_file" id="avatar_upload_file" class="inputbox autowidth" accept="{{ AVATAR_ALLOWED_EXTENSIONS }}" /></dd>
</dl>
<!-- IF S_UPLOAD_AVATAR_URL -->
<dl>
<dt><label for="avatar_upload_url">{L_UPLOAD_AVATAR_URL}{L_COLON}</label><br /><span>{L_UPLOAD_AVATAR_URL_EXPLAIN}</span></dt>
<dd><input type="url" name="avatar_upload_url" id="avatar_upload_url" value="" class="inputbox" /></dd>
</dl>
<!-- ENDIF -->

14
phpBB/config/default/container/services_avatar.yml
View File

@ -52,20 +52,6 @@ services:
tags:
- { name: avatar.driver }
avatar.driver.remote:
class: phpbb\avatar\driver\remote
arguments:
- '@config'
- '@upload_imagesize'
- '%core.root_path%'
- '%core.php_ext%'
- '@path_helper'
- '@cache.driver'
calls:
- [set_name, [avatar.driver.remote]]
tags:
- { name: avatar.driver }
avatar.driver.upload:
class: phpbb\avatar\driver\upload
arguments:

1
phpBB/includes/questionnaire/questionnaire.php
View File

@ -267,7 +267,6 @@ class phpbb_questionnaire_phpbb_data_provider
'allow_autologin' => true,
'allow_avatar' => true,
'allow_avatar_local' => true,
'allow_avatar_remote' => true,
'allow_avatar_upload' => true,
'allow_bbcode' => true,
'allow_birthdays' => true,

1
phpBB/install/convertors/convert_phpbb20.php
View File

@ -115,7 +115,6 @@ $config_schema = array(
'allow_sig' => 'allow_sig',
'allow_namechange' => 'allow_namechange',
'allow_avatar_local' => 'allow_avatar_local',
'allow_avatar_remote' => 'allow_avatar_remote',
'allow_avatar_upload' => 'allow_avatar_upload',
'board_disable' => 'board_disable',
'sitename' => 'phpbb_set_encoding(sitename)',

2
phpBB/install/schemas/schema_data.sql
View File

@ -11,8 +11,6 @@ INSERT INTO phpbb_config (config_name, config_value) VALUES ('allow_autologin',
INSERT INTO phpbb_config (config_name, config_value) VALUES ('allow_avatar', '1');
INSERT INTO phpbb_config (config_name, config_value) VALUES ('allow_avatar_gravatar', '0');
INSERT INTO phpbb_config (config_name, config_value) VALUES ('allow_avatar_local', '0');
INSERT INTO phpbb_config (config_name, config_value) VALUES ('allow_avatar_remote', '0');
INSERT INTO phpbb_config (config_name, config_value) VALUES ('allow_avatar_remote_upload', '0');
INSERT INTO phpbb_config (config_name, config_value) VALUES ('allow_avatar_upload', '1');
INSERT INTO phpbb_config (config_name, config_value) VALUES ('allow_bbcode', '1');
INSERT INTO phpbb_config (config_name, config_value) VALUES ('allow_birthdays', '1');

6
phpBB/language/en/acp/board.php
View File

@ -106,16 +106,12 @@ $lang = array_merge($lang, array(
// Avatar Settings
$lang = array_merge($lang, array(
'ACP_AVATAR_SETTINGS_EXPLAIN' => 'Avatars are generally small, unique images a user can associate with themselves. Depending on the style they are usually displayed below the username when viewing topics. Here you can determine how users can define their avatars. Please note that in order to upload avatars you need to have created the directory you name below and ensure it can be written to by the web server. Please also note that file size limits are only imposed on uploaded avatars, they do not apply to remotely linked images.',
'ACP_AVATAR_SETTINGS_EXPLAIN' => 'Avatars are generally small, unique images a user can associate with themselves. Depending on the style they are usually displayed below the username when viewing topics. Here you can determine how users can define their avatars. Please note that in order to upload avatars you need to have created the directory you name below and ensure it can be written to by the web server.',
'ALLOW_AVATARS' => 'Enable avatars',
'ALLOW_AVATARS_EXPLAIN' => 'Allow general usage of avatars;<br>If you disable avatars in general or avatars of a certain mode, the disabled avatars will no longer be shown on the board, but users will still be able to download their own avatars in the User Control Panel.',
'ALLOW_GRAVATAR' => 'Enable gravatar avatars',
'ALLOW_LOCAL' => 'Enable gallery avatars',
'ALLOW_REMOTE' => 'Enable remote avatars',
'ALLOW_REMOTE_EXPLAIN' => 'Avatars linked to from another website.<br><em><strong class="error">Warning:</strong> Enabling this feature might allow users to check for the existence of files and services that are only accessible on the local network.</em>',
'ALLOW_REMOTE_UPLOAD' => 'Enable remote avatar uploading',
'ALLOW_REMOTE_UPLOAD_EXPLAIN' => 'Allow uploading of avatars from another website.<br><em><strong class="error">Warning:</strong> Enabling this feature might allow users to check for the existence of files and services that are only accessible on the local network.</em>',
'ALLOW_UPLOAD' => 'Enable avatar uploading',
'AVATAR_GALLERY_PATH' => 'Avatar gallery path',
'AVATAR_GALLERY_PATH_EXPLAIN' => 'Path under your phpBB root directory for pre-loaded images, e.g. <samp>images/avatars/gallery</samp>.<br>Double dots like <samp>../</samp> will be stripped from the path for security reasons.',

2
phpBB/language/en/common.php
View File

@ -105,7 +105,6 @@ $lang = array_merge($lang, array(
'AUTH_PROVIDER_OAUTH_TOKEN_ERROR_INCORRECTLY_STORED' => 'OAuth token incorrectly stored.',
'AVATAR_DISALLOWED_CONTENT' => 'The upload was rejected because the uploaded file was identified as a possible attack vector.',
'AVATAR_DISALLOWED_EXTENSION' => 'This file cannot be displayed because the extension <strong>%s</strong> is not allowed.',
'AVATAR_EMPTY_REMOTE_DATA' => 'The specified avatar could not be uploaded because the remote data appears to be invalid or corrupted.',
'AVATAR_EMPTY_FILEUPLOAD' => 'The uploaded avatar file is empty.',
'AVATAR_INVALID_FILENAME' => '%s is an invalid filename.',
'AVATAR_NOT_UPLOADED' => 'Avatar could not be uploaded.',
@ -114,7 +113,6 @@ $lang = array_merge($lang, array(
'AVATAR_PARTIAL_UPLOAD' => 'The specified file was only partially uploaded.',
'AVATAR_PHP_SIZE_NA' => 'The avatars filesize is too large.<br />The maximum allowed filesize set in php.ini could not be determined.',
'AVATAR_PHP_SIZE_OVERRUN' => 'The avatars filesize is too large. The maximum allowed upload size is %1$d %2$s.<br />Please note this is set in php.ini and cannot be overridden.',
'AVATAR_REMOTE_UPLOAD_TIMEOUT' => 'The specified avatar could not be uploaded because the request timed out.',
'AVATAR_PHP_UPLOAD_STOPPED' => 'A PHP extension has stopped the file upload.',
'AVATAR_URL_INVALID' => 'The URL you specified is invalid.',
'AVATAR_URL_NOT_FOUND' => 'The file specified could not be found.',

2
phpBB/language/en/help/faq.php
View File

@ -166,7 +166,7 @@ $lang = array_merge($lang, array(
'HELP_FAQ_SEARCH_OWN_QUESTION' => 'How can I find my own posts and topics?',
'HELP_FAQ_USERSETTINGS_AVATAR_ANSWER' => 'There are two images which may appear along with a username when viewing posts. One of them may be an image associated with your rank, generally in the form of stars, blocks or dots, indicating how many posts you have made or your status on the board. Another, usually larger, image is known as an avatar and is generally unique or personal to each user.',
'HELP_FAQ_USERSETTINGS_AVATAR_DISPLAY_ANSWER' => 'Within your User Control Panel, under “Profile” you can add an avatar by using one of the four following methods: Gravatar, Gallery, Remote or Upload. It is up to the board administrator to enable avatars and to choose the way in which avatars can be made available. If you are unable to use avatars, contact a board administrator.',
'HELP_FAQ_USERSETTINGS_AVATAR_DISPLAY_ANSWER' => 'Within your User Control Panel, under “Profile” you can add an avatar by using one of the four following methods: Gravatar, Gallery or Upload. It is up to the board administrator to enable avatars and to choose the way in which avatars can be made available. If you are unable to use avatars, contact a board administrator.',
'HELP_FAQ_USERSETTINGS_AVATAR_DISPLAY_QUESTION' => 'How do I display an avatar?',
'HELP_FAQ_USERSETTINGS_AVATAR_QUESTION' => 'What are the images next to my username?',
'HELP_FAQ_USERSETTINGS_CHANGE_SETTINGS_ANSWER' => 'If you are a registered user, all your settings are stored in the board database. To alter them, visit your User Control Panel; a link can usually be found by clicking on your username at the top of board pages. This system will allow you to change all your settings and preferences.',

6
phpBB/language/en/ucp.php
View File

@ -96,8 +96,6 @@ $lang = array_merge($lang, array(
'AVATAR_DRIVER_GRAVATAR_EXPLAIN'=> 'Gravatar is a service that allows you to maintain the same avatar across multiple websites. Visit <a href="http://www.gravatar.com/">Gravatar</a> for more information.',
'AVATAR_DRIVER_LOCAL_TITLE' => 'Gallery avatar',
'AVATAR_DRIVER_LOCAL_EXPLAIN' => 'You can choose your avatar from a locally available set of avatars.',
'AVATAR_DRIVER_REMOTE_TITLE' => 'Remote avatar',
'AVATAR_DRIVER_REMOTE_EXPLAIN' => 'Link to avatar images from another website.',
'AVATAR_DRIVER_UPLOAD_TITLE' => 'Upload avatar',
'AVATAR_DRIVER_UPLOAD_EXPLAIN' => 'Upload your own custom avatar.',
'AVATAR_EXPLAIN' => 'Maximum dimensions; width: %1$s, height: %2$s, file size: %3$.2f KiB.',
@ -279,10 +277,6 @@ $lang = array_merge($lang, array(
'JOIN_SELECTED' => 'Join selected',
'LANGUAGE' => 'Language',
'LINK_REMOTE_AVATAR' => 'Link off-site',
'LINK_REMOTE_AVATAR_EXPLAIN'=> 'Enter the URL of the location containing the avatar image you wish to link to.',
'LINK_REMOTE_SIZE' => 'Avatar dimensions',
'LINK_REMOTE_SIZE_EXPLAIN' => 'Specify the width and height of the avatar, leave blank to attempt automatic verification.',
'LOGIN_EXPLAIN_UCP' => 'Please login in order to access the User Control Panel.',
'LOGIN_LINK' => 'Link or register your account on an external service with your board account',
'LOGIN_LINK_EXPLAIN' => 'You have attempted to login with an external service that is not yet connected to an account on this board. You must now either link this account to an existing account or create a new account.',

236
phpBB/phpbb/avatar/driver/remote.php
View File

@ -1,236 +0,0 @@
<?php
/**
*
* This file is part of the phpBB Forum Software package.
*
* @copyright (c) phpBB Limited <https://www.phpbb.com>
* @license GNU General Public License, version 2 (GPL-2.0)
*
* For full copyright and license information, please see
* the docs/CREDITS.txt file.
*
*/
namespace phpbb\avatar\driver;
/**
* Handles avatars hosted remotely
*/
class remote extends \phpbb\avatar\driver\driver
{
/**
* {@inheritdoc}
*/
public function get_data($row)
{
return array(
'src' => $row['avatar'],
'width' => $row['avatar_width'],
'height' => $row['avatar_height'],
);
}
/**
* {@inheritdoc}
*/
public function prepare_form($request, $template, $user, $row, &$error)
{
$template->assign_vars(array(
'AVATAR_REMOTE_WIDTH' => ((in_array($row['avatar_type'], array(AVATAR_REMOTE, $this->get_name(), 'remote'))) && $row['avatar_width']) ? $row['avatar_width'] : $request->variable('avatar_remote_width', ''),
'AVATAR_REMOTE_HEIGHT' => ((in_array($row['avatar_type'], array(AVATAR_REMOTE, $this->get_name(), 'remote'))) && $row['avatar_height']) ? $row['avatar_height'] : $request->variable('avatar_remote_width', ''),
'AVATAR_REMOTE_URL' => ((in_array($row['avatar_type'], array(AVATAR_REMOTE, $this->get_name(), 'remote'))) && $row['avatar']) ? $row['avatar'] : '',
));
return true;
}
/**
* {@inheritdoc}
*/
public function process_form($request, $template, $user, $row, &$error)
{
global $phpbb_dispatcher;
$url = $request->variable('avatar_remote_url', '');
$width = $request->variable('avatar_remote_width', 0);
$height = $request->variable('avatar_remote_height', 0);
if (empty($url))
{
return false;
}
if (!preg_match('#^(http|https|ftp)://#i', $url))
{
$url = 'http://' . $url;
}
if (!function_exists('validate_data'))
{
require($this->phpbb_root_path . 'includes/functions_user.' . $this->php_ext);
}
$validate_array = validate_data(
array(
'url' => $url,
),
array(
'url' => array('string', true, 5, 255),
)
);
$error = array_merge($error, $validate_array);
if (!empty($error))
{
return false;
}
/**
* Event to make custom validation of avatar upload
*
* @event core.ucp_profile_avatar_upload_validation
* @var string url Image url
* @var string width Image width
* @var string height Image height
* @var array error Error message array
* @since 3.2.9-RC1
*/
$vars = array('url', 'width', 'height', 'error');
extract($phpbb_dispatcher->trigger_event('core.ucp_profile_avatar_upload_validation', compact($vars)));
if (!empty($error))
{
return false;
}
// Check if this url looks alright
// Do not allow specifying the port (see RFC 3986) or IP addresses
if (!preg_match('#^(http|https|ftp)://(?:(.*?\.)*?[a-z0-9\-]+?\.[a-z]{2,4}|(?:\d{1,3}\.){3,5}\d{1,3}):?([0-9]*?).*?\.('. implode('|', $this->allowed_extensions) . ')$#i', $url) ||
preg_match('@^(http|https|ftp)://[^/:?#]+:[0-9]+[/:?#]@i', $url) ||
preg_match('#^(http|https|ftp)://(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])#i', $url) ||
preg_match('#^(http|https|ftp)://(?:(?:(?:[\dA-F]{1,4}:){6}(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:::(?:[\dA-F]{1,4}:){0,5}(?:[\dA-F]{1,4}(?::[\dA-F]{1,4})?|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:):(?:[\dA-F]{1,4}:){4}(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,2}:(?:[\dA-F]{1,4}:){3}(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,3}:(?:[\dA-F]{1,4}:){2}(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,4}:(?:[\dA-F]{1,4}:)(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,5}:(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,6}:[\dA-F]{1,4})|(?:(?:[\dA-F]{1,4}:){1,7}:)|(?:::))#i', $url))
{
$error[] = 'AVATAR_URL_INVALID';
return false;
}
// Get image dimensions
if (($width <= 0 || $height <= 0) && (($image_data = $this->imagesize->getImageSize($url)) === false))
{
$error[] = 'UNABLE_GET_IMAGE_SIZE';
return false;
}
if (!empty($image_data) && ($image_data['width'] <= 0 || $image_data['height'] <= 0))
{
$error[] = 'AVATAR_NO_SIZE';
return false;
}
$width = ($width && $height) ? $width : $image_data['width'];
$height = ($width && $height) ? $height : $image_data['height'];
if ($width <= 0 || $height <= 0)
{
$error[] = 'AVATAR_NO_SIZE';
return false;
}
$types = \phpbb\files\upload::image_types();
$extension = strtolower(\phpbb\files\filespec::get_extension($url));
// Check if this is actually an image
if ($file_stream = @fopen($url, 'r'))
{
// Timeout after 1 second
stream_set_timeout($file_stream, 1);
// read some data to ensure headers are present
fread($file_stream, 1024);
$meta = stream_get_meta_data($file_stream);
if (isset($meta['wrapper_data']['headers']) && is_array($meta['wrapper_data']['headers']))
{
$headers = $meta['wrapper_data']['headers'];
}
else if (isset($meta['wrapper_data']) && is_array($meta['wrapper_data']))
{
$headers = $meta['wrapper_data'];
}
else
{
$headers = array();
}
foreach ($headers as $header)
{
$header = preg_split('/ /', $header, 2);
if (strtr(strtolower(trim($header[0], ':')), '_', '-') === 'content-type')
{
if (strpos($header[1], 'image/') !== 0)
{
$error[] = 'AVATAR_URL_INVALID';
fclose($file_stream);
return false;
}
else
{
fclose($file_stream);
break;
}
}
}
}
else
{
$error[] = 'AVATAR_URL_INVALID';
return false;
}
if (!empty($image_data) && (!isset($types[$image_data['type']]) || !in_array($extension, $types[$image_data['type']])))
{
if (!isset($types[$image_data['type']]))
{
$error[] = 'UNABLE_GET_IMAGE_SIZE';
}
else
{
$error[] = array('IMAGE_FILETYPE_MISMATCH', $types[$image_data['type']][0], $extension);
}
return false;
}
if ($this->config['avatar_max_width'] || $this->config['avatar_max_height'])
{
if ($width > $this->config['avatar_max_width'] || $height > $this->config['avatar_max_height'])
{
$error[] = array('AVATAR_WRONG_SIZE', $this->config['avatar_min_width'], $this->config['avatar_min_height'], $this->config['avatar_max_width'], $this->config['avatar_max_height'], $width, $height);
return false;
}
}
if ($this->config['avatar_min_width'] || $this->config['avatar_min_height'])
{
if ($width < $this->config['avatar_min_width'] || $height < $this->config['avatar_min_height'])
{
$error[] = array('AVATAR_WRONG_SIZE', $this->config['avatar_min_width'], $this->config['avatar_min_height'], $this->config['avatar_max_width'], $this->config['avatar_max_height'], $width, $height);
return false;
}
}
return array(
'avatar' => $url,
'avatar_width' => $width,
'avatar_height' => $height,
);
}
/**
* {@inheritdoc}
*/
public function get_template_name()
{
return 'ucp_avatar_options_remote.html';
}
}

52
phpBB/phpbb/avatar/driver/upload.php
View File

@ -90,7 +90,6 @@ class upload extends \phpbb\avatar\driver\driver
}
$template->assign_vars(array(
'S_UPLOAD_AVATAR_URL' => ($this->config['allow_avatar_remote_upload']) ? true : false,
'AVATAR_UPLOAD_SIZE' => $this->config['avatar_filesize'],
'AVATAR_ALLOWED_EXTENSIONS' => implode(',', preg_replace('/^/', '.', $this->allowed_extensions)),
));
@ -120,59 +119,15 @@ class upload extends \phpbb\avatar\driver\driver
$this->config['avatar_max_height'])
->set_disallowed_content((isset($this->config['mime_triggers']) ? explode('|', $this->config['mime_triggers']) : false));
$url = $request->variable('avatar_upload_url', '');
$upload_file = $request->file('avatar_upload_file');
if (!empty($upload_file['name']))
{
$file = $upload->handle_upload('files.types.form_storage', 'avatar_upload_file');
}
else if (!empty($this->config['allow_avatar_remote_upload']) && !empty($url))
{
if (!preg_match('#^(http|https|ftp)://#i', $url))
{
$url = 'http://' . $url;
}
if (!function_exists('validate_data'))
{
require($this->phpbb_root_path . 'includes/functions_user.' . $this->php_ext);
}
$validate_array = validate_data(
array(
'url' => $url,
),
array(
'url' => array('string', true, 5, 255),
)
);
$error = array_merge($error, $validate_array);
if (!empty($error))
{
return false;
}
// Do not allow specifying the port (see RFC 3986) or IP addresses
// remote_upload() will do its own check for allowed filetypes
if (!preg_match('#^(http|https|ftp)://(?:(.*?\.)*?[a-z0-9\-]+?\.[a-z]{2,4}|(?:\d{1,3}\.){3,5}\d{1,3}):?([0-9]*?).*?\.('. implode('|', $this->allowed_extensions) . ')$#i', $url) ||
preg_match('@^(http|https|ftp)://[^/:?#]+:[0-9]+[/:?#]@i', $url) ||
preg_match('#^(http|https|ftp)://(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])#i', $url) ||
preg_match('#^(http|https|ftp)://(?:(?:(?:[\dA-F]{1,4}:){6}(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:::(?:[\dA-F]{1,4}:){0,5}(?:[\dA-F]{1,4}(?::[\dA-F]{1,4})?|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:):(?:[\dA-F]{1,4}:){4}(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,2}:(?:[\dA-F]{1,4}:){3}(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,3}:(?:[\dA-F]{1,4}:){2}(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,4}:(?:[\dA-F]{1,4}:)(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,5}:(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,6}:[\dA-F]{1,4})|(?:(?:[\dA-F]{1,4}:){1,7}:)|(?:::))#i', $url))
{
$error[] = 'AVATAR_URL_INVALID';
return false;
}
$file = $upload->handle_upload('files.types.remote_storage', $url);
}
else
if (empty($upload_file['name']))
{
return false;
}
$file = $upload->handle_upload('files.types.form_storage', 'avatar_upload_file');
$prefix = $this->config['avatar_salt'] . '_';
$file->clean_filename('avatar', $prefix, $row['id']);
@ -251,7 +206,6 @@ class upload extends \phpbb\avatar\driver\driver
public function prepare_form_acp($user)
{
return array(
'allow_avatar_remote_upload'=> array('lang' => 'ALLOW_REMOTE_UPLOAD', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true),
'avatar_filesize' => array('lang' => 'MAX_FILESIZE', 'validate' => 'int:0', 'type' => 'number:0', 'explain' => true, 'append' => ' ' . $user->lang['BYTES']),
);
}

4
phpBB/phpbb/avatar/manager.php
View File

@ -104,12 +104,10 @@ class manager
case AVATAR_GALLERY:
$avatar_type = 'avatar.driver.local';
break;
case AVATAR_UPLOAD:
$avatar_type = 'avatar.driver.upload';
break;
case AVATAR_REMOTE:
$avatar_type = 'avatar.driver.remote';
break;
}
if (!isset($avatar_drivers[$avatar_type]))

50
phpBB/phpbb/db/migration/data/v400/remove_remote_avatar.php Normal file
View File

@ -0,0 +1,50 @@
<?php
/**
*
* This file is part of the phpBB Forum Software package.
*
* @copyright (c) phpBB Limited <https://www.phpbb.com>
* @license GNU General Public License, version 2 (GPL-2.0)
*
* For full copyright and license information, please see
* the docs/CREDITS.txt file.
*
*/
namespace phpbb\db\migration\data\v400;
use phpbb\db\migration\container_aware_migration;
class remove_remote_avatar extends container_aware_migration
{
public static function depends_on()
{
return ['\phpbb\db\migration\data\v400\dev'];
}
public function update_data()
{
return [
['config.remove', ['allow_avatar_remote']],
['config.remove', ['allow_avatar_remote_upload']],
['custom', [[$this, 'remove_remote_avatars']]],
];
}
public function remove_remote_avatars(): void
{
// Remove remote avatar from users and groups
$sql = 'UPDATE ' . $this->table_prefix . "users
SET user_avatar = '',
user_avatar_type = ''
WHERE user_avatar_type = 'avatar.driver.remote'";
$this->db->sql_query($sql);
$sql = 'UPDATE ' . $this->table_prefix . "groups
SET group_avatar = '',
group_avatar_type = ''
WHERE group_avatar_type = 'avatar.driver.remote'";
$this->db->sql_query($sql);
}
}

11
phpBB/styles/prosilver/template/ucp_avatar_options_remote.html
View File

@ -1,11 +0,0 @@
<dl>
<dt><label for="avatar_remote_url">{L_LINK_REMOTE_AVATAR}{L_COLON}</label><br /><span>{L_LINK_REMOTE_AVATAR_EXPLAIN}</span></dt>
<dd><input type="url" name="avatar_remote_url" id="avatar_remote_url" value="{AVATAR_REMOTE_URL}" class="inputbox" data-reset-on-edit="#avatar_remote_width, #avatar_remote_height" /></dd>
</dl>
<dl>
<dt><label for="avatar_remote_width">{L_LINK_REMOTE_SIZE}{L_COLON}</label><br /><span>{L_LINK_REMOTE_SIZE_EXPLAIN}</span></dt>
<dd>
<label for="avatar_remote_width"><input type="number" name="avatar_remote_width" id="avatar_remote_width" min="{AVATAR_MIN_WIDTH}" max="{AVATAR_MAX_WIDTH}" value="{AVATAR_REMOTE_WIDTH}" class="inputbox autowidth" /> {L_PIXEL}</label> &times;&nbsp;
<label for="avatar_remote_height"><input type="number" name="avatar_remote_height" id="avatar_remote_height" min="{AVATAR_MIN_HEIGHT}" max="{AVATAR_MAX_HEIGHT}" value="{AVATAR_REMOTE_HEIGHT}" class="inputbox autowidth" /> {L_PIXEL}</label>
</dd>
</dl>

7
phpBB/styles/prosilver/template/ucp_avatar_options_upload.html
View File

@ -2,10 +2,3 @@
<dt><label for="avatar_upload_file">{L_UPLOAD_AVATAR_FILE}{L_COLON}</label></dt>
<dd><input type="hidden" name="MAX_FILE_SIZE" value="{AVATAR_UPLOAD_SIZE}" /><input type="file" name="avatar_upload_file" id="avatar_upload_file" class="inputbox autowidth" accept="{{ AVATAR_ALLOWED_EXTENSIONS }}" /></dd>
</dl>
<!-- IF S_UPLOAD_AVATAR_URL -->
<dl>
<dt><label for="avatar_upload_url">{L_UPLOAD_AVATAR_URL}{L_COLON}</label><br /><span>{L_UPLOAD_AVATAR_URL_EXPLAIN}</span></dt>
<dd><input type="url" name="avatar_upload_url" id="avatar_upload_url" value="" class="inputbox" /></dd>
</dl>
<!-- ENDIF -->

58
tests/avatar/manager_test.php
View File

@ -119,7 +119,6 @@ class phpbb_avatar_manager_test extends \phpbb_database_test_case
return array(
'local',
'upload',
'remote',
'gravatar',
);
}
@ -131,7 +130,6 @@ class phpbb_avatar_manager_test extends \phpbb_database_test_case
'avatar.driver.barfoo' => 'avatar.driver.barfoo',
'avatar.driver.foobar' => 'avatar.driver.foobar',
'avatar.driver.local' => 'avatar.driver.local',
'avatar.driver.remote' => 'avatar.driver.remote',
'avatar.driver.upload' => 'avatar.driver.upload',
'avatar.driver.gravatar' => 'avatar.driver.gravatar',
), $drivers);
@ -154,7 +152,6 @@ class phpbb_avatar_manager_test extends \phpbb_database_test_case
array('avatar.driver.local', null),
array(AVATAR_GALLERY, null),
array(AVATAR_UPLOAD, null),
array(AVATAR_REMOTE, null),
);
}
@ -175,7 +172,6 @@ class phpbb_avatar_manager_test extends \phpbb_database_test_case
array('avatar.driver.local', 'avatar.driver.local'),
array(AVATAR_GALLERY, 'avatar.driver.local'),
array(AVATAR_UPLOAD, 'avatar.driver.upload'),
array(AVATAR_REMOTE, 'avatar.driver.remote'),
);
}
@ -396,58 +392,4 @@ class phpbb_avatar_manager_test extends \phpbb_database_test_case
'avatar_height' => 0,
), $row);
}
public function data_remote_avatar_url()
{
return array(
array('127.0.0.1:91?foo.jpg', 80, 80, array('AVATAR_URL_INVALID')),
array(gethostbyname('secure.gravatar.com') . '/avatar/55502f40dc8b7c769880b10874abc9d0.jpg', 80, 80, array('AVATAR_URL_INVALID')),
array('secure.gravatar.com/avatar/55502f40dc8b7c769880b10874abc9d0.jpg', 80, 80),
array(gethostbyname('secure.gravatar.com') . ':120/avatar/55502f40dc8b7c769880b10874abc9d0.jpg', 80, 80, array('AVATAR_URL_INVALID')),
array('secure.gravatar.com:80/avatar/55502f40dc8b7c769880b10874abc9d0.jpg', 80, 80, array('AVATAR_URL_INVALID')),
array('secure.gravatar.com:80?55502f40dc8b7c769880b10874abc9d0.jpg', 80, 80, array('AVATAR_URL_INVALID')),
array('secure.gravatar.com?55502f40dc8b7c769880b10874abc9d0.jpg', 80, 80, array('AVATAR_URL_INVALID')), // should be a 404
array('2001:db8:0:0:0:0:2:1/avatar/55502f40dc8b7c769880b10874abc9d0.jpg', 80, 80, array('AVATAR_URL_INVALID')),
array('secure.gravatar.com/2001:db8:0:0:0:0:2:1/avatar/55502f40dc8b7c769880b10874abc9d0.jpg', 80, 80, array('AVATAR_URL_INVALID')),
array('secure.gravatar.com/127.0.0.1:80/avatar/55502f40dc8b7c769880b10874abc9d0.jpg', 80, 80, array('AVATAR_URL_INVALID')),
);
}
/**
* @dataProvider data_remote_avatar_url
*/
public function test_remote_avatar_url($url, $width, $height, $expected_error = array())
{
global $phpbb_root_path, $phpEx;
if (!function_exists('get_preg_expression'))
{
require($phpbb_root_path . 'includes/functions.' . $phpEx);
}
$this->config['server_name'] = 'foobar.com';
/** @var \phpbb\avatar\driver\remote $remote_avatar */
$remote_avatar = $this->manager->get_driver('avatar.driver.remote', false);
$request = new phpbb_mock_request(array(), array(
'avatar_remote_url' => $url,
'avatar_remote_width' => $width,
'avatar_remote_height' => $height,
));
$row = array();
$error = array();
$return = $remote_avatar->process_form($request, null, $this->user, $row, $error);
if (count($expected_error) > 0)
{
$this->assertFalse($return);
}
else
{
$this->assertNotEquals(false, $return);
}
$this->assertSame($expected_error, $error);
}
}

10
tests/functional/avatar_acp_groups_test.php
View File

@ -55,12 +55,12 @@ class phpbb_functional_avatar_acp_groups_test extends phpbb_functional_common_av
),
),
array(
'The URL you specified is invalid.',
'avatar_driver_remote',
'EMAIL_INVALID_EMAIL',
'avatar_driver_gravatar',
array(
'avatar_remote_url' => 'https://www.phpbb.com/avatar/55502f40dc8b7c769880b10874abc9d0.jpg',
'avatar_remote_width' => 80,
'avatar_remote_height' => 80,
'avatar_gravatar_email' => 'foobar123',
'avatar_gravatar_width' => 120,
'avatar_gravatar_height' => 120,
),
),
);

6
tests/functional/avatar_acp_users_test.php
View File

@ -39,9 +39,11 @@ class phpbb_functional_avatar_acp_users_test extends phpbb_functional_common_ava
// Remote avatar with correct link
array(
'USER_AVATAR_UPDATED',
'avatar_driver_upload',
'avatar_driver_gravatar',
array(
'avatar_upload_url' => 'https://secure.gravatar.com/avatar/55502f40dc8b7c769880b10874abc9d0.jpg',
'avatar_gravatar_email' => 'test@example.com',
'avatar_gravatar_width' => 80,
'avatar_gravatar_height' => 80,
),
),
// Reset avatar settings

18
tests/functional/avatar_ucp_groups_test.php
View File

@ -25,12 +25,14 @@ class phpbb_functional_avatar_ucp_groups_test extends phpbb_functional_common_av
public function avatar_ucp_groups_data()
{
return array(
// Incorrect URL
// Gravatar with incorrect email
array(
'AVATAR_URL_INVALID',
'avatar_driver_upload',
'EMAIL_INVALID_EMAIL',
'avatar_driver_gravatar',
array(
'avatar_upload_url' => 'https://secure.gravatar.com/avatar/55502f40dc8b7c769880b10874abc9d0?s=80',
'avatar_gravatar_email' => 'test.example.com',
'avatar_gravatar_width' => 80,
'avatar_gravatar_height' => 80,
),
),
/*
@ -47,11 +49,11 @@ class phpbb_functional_avatar_ucp_groups_test extends phpbb_functional_common_av
// Correct remote avatar
array(
'GROUP_UPDATED',
'avatar_driver_remote',
'avatar_driver_gravatar',
array(
'avatar_remote_url' => 'https://secure.gravatar.com/avatar/55502f40dc8b7c769880b10874abc9d0.jpg',
'avatar_remote_width' => 80,
'avatar_remote_height' => 80,
'avatar_gravatar_email' => 'test@example.com',
'avatar_gravatar_width' => 80,
'avatar_gravatar_height' => 80,
),
),
array(

10
tests/functional/avatar_ucp_users_test.php
View File

@ -58,15 +58,17 @@ class phpbb_functional_avatar_ucp_users_test extends phpbb_functional_common_ava
public function test_display_upload_avatar()
{
$this->assert_avatar_submit('PROFILE_UPDATED',
'avatar_driver_upload',
'avatar_driver_gravatar',
array(
'avatar_upload_url' => 'https://secure.gravatar.com/avatar/55502f40dc8b7c769880b10874abc9d0.jpg',
)
'avatar_gravatar_email' => 'test@example.com',
'avatar_gravatar_width' => 80,
'avatar_gravatar_height' => 80,
),
);
$crawler = self::request('GET', $this->get_url() . '&sid=' . $this->sid);
$avatar_link = $crawler->filter('img')->attr('src');
$crawler = self::request('GET', $avatar_link . '&sid=' . $this->sid, array(), false);
self::request('GET', $avatar_link . '&sid=' . $this->sid, array(), false);
$content = self::$client->getResponse()->getContent();
self::assertEquals(false, stripos(trim($content), 'debug'), 'Output contains debug message');
}

3
tests/functional/common_avatar_test_case.php
View File

@ -35,7 +35,6 @@ abstract class phpbb_functional_common_avatar_test_case extends phpbb_functional
$crawler = self::request('GET', 'adm/index.php?i=acp_board&mode=avatar&sid=' . $this->sid);
// Check the default entries we should have
$this->assertContainsLang('ALLOW_GRAVATAR', $crawler->text());
$this->assertContainsLang('ALLOW_REMOTE_UPLOAD', $crawler->text());
$this->assertContainsLang('ALLOW_AVATARS', $crawler->text());
$this->assertContainsLang('ALLOW_LOCAL', $crawler->text());
@ -43,8 +42,6 @@ abstract class phpbb_functional_common_avatar_test_case extends phpbb_functional
$form = $crawler->selectButton($this->lang('SUBMIT'))->form();
$form['config[allow_avatar_local]']->select(1);
$form['config[allow_avatar_gravatar]']->select(1);
$form['config[allow_avatar_remote]']->select(1);
$form['config[allow_avatar_remote_upload]']->select(1);
$crawler = self::submit($form);
$this->assertContainsLang('CONFIG_UPDATED', $crawler->text());
}

33
tests/functional/common_groups_test_case.php
View File

@ -47,15 +47,12 @@ abstract class phpbb_functional_common_groups_test_case extends phpbb_functional
$crawler = self::request('GET', 'adm/index.php?i=board&mode=avatar&sid=' . $this->sid);
// Check the default entries we should have
$this->assertStringContainsString($this->lang('ALLOW_REMOTE_UPLOAD'), $crawler->text());
$this->assertStringContainsString($this->lang('ALLOW_AVATARS'), $crawler->text());
$this->assertStringContainsString($this->lang('ALLOW_LOCAL'), $crawler->text());
// Now start setting the needed settings
$form = $crawler->selectButton($this->lang('SUBMIT'))->form();
$form['config[allow_avatar_local]']->select(1);
$form['config[allow_avatar_remote]']->select(1);
$form['config[allow_avatar_remote_upload]']->select(1);
$crawler = self::submit($form);
$this->assertStringContainsString($this->lang('CONFIG_UPDATED'), $crawler->text());
}
@ -84,34 +81,4 @@ abstract class phpbb_functional_common_groups_test_case extends phpbb_functional
$crawler = self::submit($form);
$this->assertStringContainsString($this->lang($expected), $crawler->text());
}
public function group_avatar_min_max_data()
{
return array(
array('avatar_driver_upload', 'avatar_upload_url', 'foo', 'AVATAR_URL_INVALID'),
array('avatar_driver_upload', 'avatar_upload_url', 'foobar', 'AVATAR_URL_INVALID'),
array('avatar_driver_upload', 'avatar_upload_url', 'http://www.phpbb.com/' . str_repeat('f', 240) . '.png', 'TOO_LONG'),
array('avatar_driver_remote', 'avatar_remote_url', 'foo', 'AVATAR_URL_INVALID'),
array('avatar_driver_remote', 'avatar_remote_url', 'foobar', 'AVATAR_URL_INVALID'),
array('avatar_driver_remote', 'avatar_remote_url', 'http://www.phpbb.com/' . str_repeat('f', 240) . '.png', 'TOO_LONG'),
);
}
/**
* @dataProvider group_avatar_min_max_data
*/
public function test_group_avatar_min_max($avatar_type, $form_name, $input, $expected)
{
$this->login();
$this->admin_login();
$this->add_lang(array('ucp', 'acp/groups'));
$this->enable_all_avatars();
$crawler = self::request('GET', $this->get_url() . '&g=5&sid=' . $this->sid);
$form = $crawler->selectButton($this->lang('SUBMIT'))->form();
$form['avatar_driver']->setValue($avatar_type);
$form[$form_name]->setValue($input);
$crawler = self::submit($form);
$this->assertStringContainsString($this->lang($expected), $crawler->text());
}
}