From b7f69edaa273fec2b29a9300a766ffb9639686d2 Mon Sep 17 00:00:00 2001
From: Jakub Senko <jakubsenko@gmail.com>
Date: Sun, 26 Oct 2014 20:08:28 +0100
Subject: [PATCH 1/2] [ticket/12866] Assume underscore is part of \w

PHPBB3-12866
---
 .../profilefields/type/type_string_common.php | 10 ++++----
 tests/profilefields/type_string_test.php      | 24 ++++++++++++++-----
 2 files changed, 23 insertions(+), 11 deletions(-)

diff --git a/phpBB/phpbb/profilefields/type/type_string_common.php b/phpBB/phpbb/profilefields/type/type_string_common.php
index ff33a7b49c..f5e1992044 100644
--- a/phpBB/phpbb/profilefields/type/type_string_common.php
+++ b/phpBB/phpbb/profilefields/type/type_string_common.php
@@ -18,11 +18,11 @@ abstract class type_string_common extends type_base
 	protected $validation_options = array(
 		'CHARS_ANY'			=> '.*',
 		'NUMBERS_ONLY'		=> '[0-9]+',
-		'ALPHA_ONLY'		=> '[\w]+',
-		'ALPHA_UNDERSCORE'	=> '[\w_]+',
-		'ALPHA_DOTS'        => '[\w.]+',
-		'ALPHA_SPACERS'		=> '[\w\x20_+\-\[\]]+',
-		'ALPHA_PUNCTUATION' => '[a-zA-Z][\w\.,\-_]+',
+		'ALPHA_ONLY'		=> '[a-zA-Z0-9]+',
+		'ALPHA_UNDERSCORE'	=> '[\w]+',
+		'ALPHA_DOTS'        => '[a-zA-Z0-9.]+',
+		'ALPHA_SPACERS'		=> '[\w\x20+\-\[\]]+',
+		'ALPHA_PUNCTUATION' => '[a-zA-Z][\w\.,\-]+',
 		'LETTER_NUM_ONLY'			=> '[\p{Lu}\p{Ll}0-9]+',
 		'LETTER_NUM_UNDERSCORE'		=> '[\p{Lu}\p{Ll}0-9_]+',
 		'LETTER_NUM_DOTS'			=> '[\p{Lu}\p{Ll}0-9.]+',
diff --git a/tests/profilefields/type_string_test.php b/tests/profilefields/type_string_test.php
index a7be087fb5..0417afbfab 100644
--- a/tests/profilefields/type_string_test.php
+++ b/tests/profilefields/type_string_test.php
@@ -133,37 +133,49 @@ class phpbb_profilefield_type_string_test extends phpbb_test_case
 			),
 			array(
 				'ö äö äö ä',
-				array('field_validation' => '[\w]+'),
+				array('field_validation' => '[a-zA-Z0-9]+'),
 				'FIELD_INVALID_CHARS_ALPHA_ONLY-field',
 				'Required field should reject UTF-8 in alpha only field',
 			),
+			array(
+				'a_abc',
+				array('field_validation' => '[a-zA-Z0-9]+'),
+				'FIELD_INVALID_CHARS_ALPHA_ONLY-field',
+				'Required field should reject underscore in alpha only field',
+			),
 			array(
 				'Hello',
-				array('field_validation' => '[\w]+'),
+				array('field_validation' => '[a-zA-Z0-9]+'),
 				false,
 				'Required field should accept a characters only field',
 			),
 			array(
 				'Valid.Username123',
-				array('field_validation' => '[\w.]+'),
+				array('field_validation' => '[a-zA-Z0-9.]+'),
 				false,
 				'Required field should accept a alphanumeric field with dots',
 			),
 			array(
 				'Invalid.,username123',
-				array('field_validation' => '[\w.]+'),
+				array('field_validation' => '[a-zA-Z0-9.]+'),
 				'FIELD_INVALID_CHARS_ALPHA_DOTS-field',
 				'Required field should reject field with comma',
 			),
+			array(
+				'Invalid._username123',
+				array('field_validation' => '[a-zA-Z0-9.]+'),
+				'FIELD_INVALID_CHARS_ALPHA_DOTS-field',
+				'Required field should reject field with underscore',
+			),
 			array(
 				'skype.test.name,_this',
-				array('field_validation' => '[a-zA-Z][\w\.,\-_]+'),
+				array('field_validation' => '[a-zA-Z][\w\.,\-]+'),
 				false,
 				'Required field should accept alphanumeric field with punctuations',
 			),
 			array(
 				'1skype.this.should.faila',
-				array('field_validation' => '[a-zA-Z][\w\.,\-_]+'),
+				array('field_validation' => '[a-zA-Z][\w\.,\-]+'),
 				'FIELD_INVALID_CHARS_ALPHA_PUNCTUATION-field',
 				'Required field should reject field having invalid input for the given validation',
 			),

From 1145af71bf08519b389ab57600d855689664ecfc Mon Sep 17 00:00:00 2001
From: Joas Schilling <nickvergessen@gmx.de>
Date: Sat, 22 Nov 2014 11:56:21 +0100
Subject: [PATCH 2/2] [ticket/12866] Update existing profile fields with the
 new validation

PHPBB3-12866
---
 ...filefield_remove_underscore_from_alpha.php | 47 +++++++++++++++++++
 1 file changed, 47 insertions(+)
 create mode 100644 phpBB/phpbb/db/migration/data/v31x/profilefield_remove_underscore_from_alpha.php

diff --git a/phpBB/phpbb/db/migration/data/v31x/profilefield_remove_underscore_from_alpha.php b/phpBB/phpbb/db/migration/data/v31x/profilefield_remove_underscore_from_alpha.php
new file mode 100644
index 0000000000..1f25d239a6
--- /dev/null
+++ b/phpBB/phpbb/db/migration/data/v31x/profilefield_remove_underscore_from_alpha.php
@@ -0,0 +1,47 @@
+<?php
+
+/**
+ *
+ * This file is part of the phpBB Forum Software package.
+ *
+ * @copyright (c) phpBB Limited <https://www.phpbb.com>
+ * @license GNU General Public License, version 2 (GPL-2.0)
+ *
+ * For full copyright and license information, please see
+ * the docs/CREDITS.txt file.
+ *
+ */
+
+namespace phpbb\db\migration\data\v31x;
+
+class profilefield_remove_underscore_from_alpha extends \phpbb\db\migration\migration
+{
+	static public function depends_on()
+	{
+		return array('\phpbb\db\migration\data\v31x\v311');
+	}
+
+	public function update_data()
+	{
+		return array(
+			array('custom', array(array($this, 'remove_underscore_from_alpha_validations'))),
+		);
+	}
+
+	public function remove_underscore_from_alpha_validations()
+	{
+		$this->update_validation_rule('[\w]+', '[a-zA-Z0-9]+');
+		$this->update_validation_rule('[\w_]+', '[\w]+');
+		$this->update_validation_rule('[\w.]+', '[a-zA-Z0-9.]+');
+		$this->update_validation_rule('[\w\x20_+\-\[\]]+', '[\w\x20+\-\[\]]+');
+		$this->update_validation_rule('[a-zA-Z][\w\.,\-_]+', '[a-zA-Z][\w\.,\-]+');
+	}
+
+	public function update_validation_rule($old_validation, $new_validation)
+	{
+		$sql = 'UPDATE ' . PROFILE_FIELDS_TABLE . "
+			SET field_validation = '" . $this->db->sql_escpape($new_validation) . "'
+			WHERE field_validation = '" . $this->db->sql_escpape($old_validation) . "'";
+		$this->db->sql_query($sql);
+	}
+}