From a3accfaf461bc963f0661bdab1befbc9ef50a514 Mon Sep 17 00:00:00 2001
From: Matt Friedman <maf675@gmail.com>
Date: Wed, 11 Jan 2017 01:54:14 -0800
Subject: [PATCH] [ticket/14989] Allow more admin-configurable schemes in post
 links

PHPBB3-14989
---
 phpBB/includes/acp/acp_board.php  |  7 ++++++
 phpBB/language/en/acp/board.php   |  2 ++
 tests/functional/posting_test.php | 41 +++++++++++++++++++++++++++++++
 3 files changed, 50 insertions(+)

diff --git a/phpBB/includes/acp/acp_board.php b/phpBB/includes/acp/acp_board.php
index 02af98ec54..84c3a89052 100644
--- a/phpBB/includes/acp/acp_board.php
+++ b/phpBB/includes/acp/acp_board.php
@@ -196,6 +196,7 @@ class acp_board
 						'allow_post_flash'		=> array('lang' => 'ALLOW_POST_FLASH',		'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
 						'allow_smilies'			=> array('lang' => 'ALLOW_SMILIES',			'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => false),
 						'allow_post_links'		=> array('lang' => 'ALLOW_POST_LINKS',		'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
+						'allowed_schemes_links'	=> array('lang' => 'ALLOWED_SCHEMES_LINKS',	'validate' => 'string',	'type' => 'text:0:255', 'explain' => true),
 						'allow_nocensors'		=> array('lang' => 'ALLOW_NO_CENSORS',		'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
 						'allow_bookmarks'		=> array('lang' => 'ALLOW_BOOKMARKS',		'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
 						'enable_post_confirm'	=> array('lang' => 'VISUAL_CONFIRM_POST',	'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
@@ -551,6 +552,12 @@ class acp_board
 			}
 		}
 
+		// Invalidate the text_formatter cache when posting options are changed
+		if ($mode == 'post' && $submit)
+		{
+			$phpbb_container->get('text_formatter.cache')->invalidate();
+		}
+
 		// Store news and exclude ids
 		if ($mode == 'feed' && $submit)
 		{
diff --git a/phpBB/language/en/acp/board.php b/phpBB/language/en/acp/board.php
index e3d8e6742f..6e9087af02 100644
--- a/phpBB/language/en/acp/board.php
+++ b/phpBB/language/en/acp/board.php
@@ -161,6 +161,8 @@ $lang = array_merge($lang, array(
 	'ACP_POST_SETTINGS_EXPLAIN'			=> 'Here you can set all default settings for posting.',
 	'ALLOW_POST_LINKS'					=> 'Allow links in posts/private messages',
 	'ALLOW_POST_LINKS_EXPLAIN'			=> 'If disallowed the <code>[URL]</code> BBCode tag and automatic/magic URLs are disabled.',
+	'ALLOWED_SCHEMES_LINKS'				=> 'Allowed schemes in links',
+	'ALLOWED_SCHEMES_LINKS_EXPLAIN'		=> 'Users can only post schemeless URLs or one of the comma-separated list of allowed schemes.',
 	'ALLOW_POST_FLASH'					=> 'Allow use of <code>[FLASH]</code> BBCode tag in posts',
 	'ALLOW_POST_FLASH_EXPLAIN'			=> 'If disallowed the <code>[FLASH]</code> BBCode tag is disabled in posts. Otherwise the permission system controls which users can use the <code>[FLASH]</code> BBCode tag.',
 
diff --git a/tests/functional/posting_test.php b/tests/functional/posting_test.php
index 9dd8a1dc91..f3b222b388 100644
--- a/tests/functional/posting_test.php
+++ b/tests/functional/posting_test.php
@@ -246,4 +246,45 @@ class phpbb_functional_posting_test extends phpbb_functional_test_case
 		// Test that the preview contains the correct link
 		$this->assertEquals($url, $crawler->filter('#preview a')->attr('href'));
 	}
+
+	public function test_allowed_schemes_links()
+	{
+		$text = 'http://example.org/ tcp://localhost:22/ServiceName';
+
+		$this->login();
+		$this->admin_login();
+
+		// Post with default settings
+		$crawler = self::request('GET', 'posting.php?mode=post&f=2');
+		$form = $crawler->selectButton('Preview')->form(array(
+			'subject' => 'Test subject',
+			'message' => $text,
+		));
+		$crawler = self::submit($form);
+		$this->assertContains(
+			'<a href="http://example.org/" class="postlink">http://example.org/</a> tcp://localhost:22/ServiceName',
+			$crawler->filter('#preview .content')->html()
+		);
+
+		// Update allowed schemes
+		$crawler = self::request('GET', 'adm/index.php?sid=' . $this->sid . '&i=acp_board&mode=post');
+		$form = $crawler->selectButton('Submit')->form();
+		$values = $form->getValues();
+		$values['config[allowed_schemes_links]'] = 'https,tcp';
+		$form->setValues($values);
+		$crawler = self::submit($form);
+		$this->assertEquals(1, $crawler->filter('.successbox')->count());
+
+		// Post with new settings
+		$crawler = self::request('GET', 'posting.php?mode=post&f=2');
+		$form = $crawler->selectButton('Preview')->form(array(
+			'subject' => 'Test subject',
+			'message' => $text,
+		));
+		$crawler = self::submit($form);
+		$this->assertContains(
+			'http://example.org/ <a href="tcp://localhost:22/ServiceName" class="postlink">tcp://localhost:22/ServiceName</a>',
+			$crawler->filter('#preview .content')->html()
+		);
+	}
 }