mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-04-21 00:02:18 +02:00
Code Issues Releases Wiki Activity

Merge pull request #2925 from nickvergessen/ticket/12983

Browse Source 
Ticket/12983 UCP preferences, Display posts ordering by: input is not properly validated
This commit is contained in:
Marc Alexander 2014-09-07 11:41:44 +02:00
commit a0ee6ccdf3
3 changed files with 107 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
phpBB/includes/ucp/ucp_prefs.php
View File

@ -223,11 +223,11 @@ class ucp_prefs
$data = array(
'topic_sk' => request_var('topic_sk', (!empty($user->data['user_topic_sortby_type'])) ? $user->data['user_topic_sortby_type'] : 't'),
'topic_sd' => request_var('topic_sd', (!empty($user->data['user_topic_sortby_dir'])) ? $user->data['user_topic_sortby_dir'] : 'd'),
'topic_st' => request_var('topic_st', (!empty($user->data['user_topic_show_days'])) ? $user->data['user_topic_show_days'] : 0),
'topic_st' => request_var('topic_st', (!empty($user->data['user_topic_show_days'])) ? (int) $user->data['user_topic_show_days'] : 0),
'post_sk' => request_var('post_sk', (!empty($user->data['user_post_sortby_type'])) ? $user->data['user_post_sortby_type'] : 't'),
'post_sd' => request_var('post_sd', (!empty($user->data['user_post_sortby_dir'])) ? $user->data['user_post_sortby_dir'] : 'a'),
'post_st' => request_var('post_st', (!empty($user->data['user_post_show_days'])) ? $user->data['user_post_show_days'] : 0),
'post_st' => request_var('post_st', (!empty($user->data['user_post_show_days'])) ? (int) $user->data['user_post_show_days'] : 0),
'images' => request_var('images', (bool) $user->optionget('viewimg')),
'flash' => request_var('flash', (bool) $user->optionget('viewflash')),
@ -254,10 +254,22 @@ class ucp_prefs
if ($submit)
{
$error = validate_data($data, array(
'topic_sk' => array('string', false, 1, 1),
'topic_sd' => array('string', false, 1, 1),
'post_sk' => array('string', false, 1, 1),
'post_sd' => array('string', false, 1, 1),
'topic_sk' => array(
array('string', false, 1, 1),
array('match', false, '#(a|r|s|t|v)#'),
),
'topic_sd' => array(
array('string', false, 1, 1),
array('match', false, '#(a|d)#'),
),
'post_sk' => array(
array('string', false, 1, 1),
array('match', false, '#(a|s|t)#'),
),
'post_sd' => array(
array('string', false, 1, 1),
array('match', false, '#(a|d)#'),
),
));
if (!check_form_key('ucp_prefs_view'))

4
phpBB/language/en/common.php
View File

@ -864,6 +864,10 @@ $lang = array_merge($lang, array(
'WRONG_DATA_COLOUR' => 'The colour value you entered is invalid.',
'WRONG_DATA_JABBER' => 'The name you entered is not a valid Jabber account name.',
'WRONG_DATA_LANG' => 'The language you specified is not valid.',
'WRONG_DATA_POST_SD' => 'The post sort direction you specified is not valid.',
'WRONG_DATA_POST_SK' => 'The post sort option you specified is not valid.',
'WRONG_DATA_TOPIC_SD' => 'The topic sort direction you specified is not valid.',
'WRONG_DATA_TOPIC_SK' => 'The topic sort option you specified is not valid.',
'WROTE' => 'wrote',
'YAHOO' => 'Yahoo Messenger',

85
tests/functional/ucp_preferences_test.php Normal file
View File

@ -0,0 +1,85 @@
<?php
/**
*
* This file is part of the phpBB Forum Software package.
*
* @copyright (c) phpBB Limited <https://www.phpbb.com>
* @license GNU General Public License, version 2 (GPL-2.0)
*
* For full copyright and license information, please see
* the docs/CREDITS.txt file.
*
*/
/**
* @group functional
*/
class phpbb_functional_ucp_preferences_test extends phpbb_functional_test_case
{
public function test_submitting_preferences_view()
{
$this->add_lang('ucp');
$this->login();
$crawler = self::request('GET', 'ucp.php?i=ucp_prefs&mode=view');
$this->assertContainsLang('UCP_PREFS_VIEW', $crawler->filter('#cp-main h2')->text());
$form = $crawler->selectButton('Submit')->form(array(
'topic_sk' => 'a',
'topic_sd' => 'a',
'topic_st' => '1',
'post_sk' => 'a',
'post_sd' => 'a',
'post_st' => '1',
));
$crawler = self::submit($form);
$this->assertContainsLang('PREFERENCES_UPDATED', $crawler->filter('#message')->text());
}
public function test_submitting_invalid_preferences_view()
{
$this->add_lang('ucp');
$this->login();
$crawler = self::request('GET', 'ucp.php?i=ucp_prefs&mode=view');
$this->assertContainsLang('UCP_PREFS_VIEW', $crawler->filter('#cp-main h2')->text());
$form = $crawler->selectButton('Submit')->form();
if (!method_exists($form, 'disableValidation'))
{
$this->markTestIncomplete('The crawler cannot select invalid values, until Symfony 2.4!');
}
$form = $form->disableValidation();
$form['topic_sk']->select('z');
$form['topic_sd']->select('z');
$form['topic_st']->select('test');
$form['post_sk']->select('z');
$form['post_sd']->select('z');
$form['post_st']->select('test');
$crawler = self::submit($form);
$this->assertContainsLang('WRONG_DATA_POST_SD', $crawler->filter('#cp-main')->text());
$this->assertContainsLang('WRONG_DATA_POST_SK', $crawler->filter('#cp-main')->text());
$this->assertContainsLang('WRONG_DATA_TOPIC_SD', $crawler->filter('#cp-main')->text());
$this->assertContainsLang('WRONG_DATA_TOPIC_SK', $crawler->filter('#cp-main')->text());
}
public function test_read_preferences_view()
{
$this->add_lang('ucp');
$this->login();
$crawler = self::request('GET', 'ucp.php?i=ucp_prefs&mode=view');
$this->assertContainsLang('UCP_PREFS_VIEW', $crawler->filter('#cp-main h2')->text());
$form = $crawler->selectButton('Submit')->form();
$this->assertEquals('a', $form->get('topic_sk')->getValue());
$this->assertEquals('a', $form->get('topic_sd')->getValue());
$this->assertEquals('1', $form->get('topic_st')->getValue());
$this->assertEquals('a', $form->get('post_sk')->getValue());
$this->assertEquals('a', $form->get('post_sd')->getValue());
$this->assertEquals('1', $form->get('post_st')->getValue());
}
}