1
0
mirror of https://github.com/phpbb/phpbb.git synced 2025-03-14 04:30:29 +01:00

[ticket/16524] Remove u_emoji permission checks

PHPBB3-16524
This commit is contained in:
rxu 2020-06-19 17:22:34 +07:00 committed by Marc Alexander
parent b1c6b3bc94
commit befab4f3c1
No known key found for this signature in database
GPG Key ID: 50E0D2423696F995
8 changed files with 7 additions and 122 deletions

View File

@ -82,7 +82,6 @@ services:
profilefields.type.string:
class: phpbb\profilefields\type\type_string
arguments:
- '@auth'
- '@request'
- '@template'
- '@user'
@ -92,7 +91,6 @@ services:
profilefields.type.text:
class: phpbb\profilefields\type\type_text
arguments:
- '@auth'
- '@request'
- '@template'
- '@user'
@ -102,7 +100,6 @@ services:
profilefields.type.url:
class: phpbb\profilefields\type\type_url
arguments:
- '@auth'
- '@request'
- '@template'
- '@user'

View File

@ -79,7 +79,7 @@ $lang = array_merge($lang, array(
'ACL_U_SAVEDRAFTS' => 'Can save drafts',
'ACL_U_CHGCENSORS' => 'Can disable word censors',
'ACL_U_SIG' => 'Can use signature',
'ACL_U_EMOJI' => 'Can use emoji and rich text characters in topic title<br><em>This setting also affects profile fields.</em>',
'ACL_U_EMOJI' => 'Can use emoji and rich text characters in topic title',
'ACL_U_SENDPM' => 'Can send private messages',
'ACL_U_MASSPM' => 'Can send private messages to multiple users',

View File

@ -256,14 +256,10 @@ class manager
$cp_data['pf_' . $row['field_ident']] = $profile_field->get_profile_field($row);
/**
* Replace Emojis and other 4bit UTF-8 chars not allowed by MySQL with UCR/NCR
* using their Numeric Character Reference's Hexadecimal notation.
* Check the permissions for using Emojis first.
* Replace Emoji and other 4bit UTF-8 chars not allowed by MySQL
* with their Numeric Character Reference's Hexadecimal notation.
*/
if ($this->auth->acl_get('u_emoji'))
{
$cp_data['pf_' . $row['field_ident']] = utf8_encode_ucr($cp_data['pf_' . $row['field_ident']]);
}
$cp_data['pf_' . $row['field_ident']] = utf8_encode_ucr($cp_data['pf_' . $row['field_ident']]);
$check_value = $cp_data['pf_' . $row['field_ident']];

View File

@ -15,12 +15,6 @@ namespace phpbb\profilefields\type;
class type_string extends type_string_common
{
/**
* Auth object
* @var \phpbb\auth\auth
*/
protected $auth;
/**
* Request object
* @var \phpbb\request\request
@ -42,14 +36,12 @@ class type_string extends type_string_common
/**
* Construct
*
* @param \phpbb\auth\auth $auth Auth object
* @param \phpbb\request\request $request Request object
* @param \phpbb\template\template $template Template object
* @param \phpbb\user $user User object
*/
public function __construct(\phpbb\auth\auth $auth, \phpbb\request\request $request, \phpbb\template\template $template, \phpbb\user $user)
public function __construct(\phpbb\request\request $request, \phpbb\template\template $template, \phpbb\user $user)
{
$this->auth = $auth;
$this->request = $request;
$this->template = $template;
$this->user = $user;
@ -107,17 +99,6 @@ class type_string extends type_string_common
*/
public function validate_profile_field(&$field_value, $field_data)
{
/**
* Check for out-of-bounds characters that are currently
* not supported by utf8_bin in MySQL if Emoji are not allowed
*/
if (!$this->auth->acl_get('u_emoji'))
{
if (preg_match_all('/[\x{10000}-\x{10FFFF}]/u', $field_value))
{
return $this->user->lang('FIELD_INVALID_CHARS_INVALID', $this->get_field_name($field_data['lang_name']));
}
}
return $this->validate_string_profile_field('string', $field_value, $field_data);
}

View File

@ -15,12 +15,6 @@ namespace phpbb\profilefields\type;
class type_text extends type_string_common
{
/**
* Auth object
* @var \phpbb\auth\auth
*/
protected $auth;
/**
* Request object
* @var \phpbb\request\request
@ -42,14 +36,12 @@ class type_text extends type_string_common
/**
* Construct
*
* @param \phpbb\auth\auth $auth Auth object
* @param \phpbb\request\request $request Request object
* @param \phpbb\template\template $template Template object
* @param \phpbb\user $user User object
*/
public function __construct(\phpbb\auth\auth $auth, \phpbb\request\request $request, \phpbb\template\template $template, \phpbb\user $user)
public function __construct(\phpbb\request\request $request, \phpbb\template\template $template, \phpbb\user $user)
{
$this->auth = $auth;
$this->request = $request;
$this->template = $template;
$this->user = $user;
@ -107,17 +99,6 @@ class type_text extends type_string_common
*/
public function validate_profile_field(&$field_value, $field_data)
{
/**
* Check for out-of-bounds characters that are currently
* not supported by utf8_bin in MySQL if Emoji are not allowed
*/
if (!$this->auth->acl_get('u_emoji'))
{
if (preg_match_all('/[\x{10000}-\x{10FFFF}]/u', $field_value))
{
return $this->user->lang('FIELD_INVALID_CHARS_INVALID', $this->get_field_name($field_data['lang_name']));
}
}
return $this->validate_string_profile_field('text', $field_value, $field_data);
}

View File

@ -47,7 +47,7 @@ class phpbb_functional_ucp_profile_test extends phpbb_functional_test_case
$this->assertEquals('phpbb.youtube', $form->get('pf_phpbb_youtube')->getValue());
}
public function test_submitting_emoji_allowed()
public function test_submitting_emoji()
{
$this->add_lang('ucp');
$this->login();
@ -65,70 +65,4 @@ class phpbb_functional_ucp_profile_test extends phpbb_functional_test_case
$form = $crawler->selectButton('Submit')->form();
$this->assertEquals('😁', $form->get('pf_phpbb_location')->getValue());
}
public function test_submitting_emoji_disallowed()
{
$this->add_lang(['ucp', 'acp/permissions']);
$this->login();
$this->admin_login();
// Group global permissions
$crawler = self::request('GET', 'adm/index.php?i=acp_permissions&icat=16&mode=setting_group_global&sid=' . $this->sid);
$this->assertContainsLang('ACP_GROUPS_PERMISSIONS_EXPLAIN', $this->get_content());
// Select Registered users group
$form = $crawler->selectButton($this->lang('SUBMIT'))->form(['group_id' => [2]]);
$crawler = self::submit($form);
$this->assertContainsLang('ACL_SET', $crawler->filter('h1')->eq(1)->text());
// Globals for \phpbb\auth\auth
global $db, $cache;
$db = $this->get_db();
$cache = new phpbb_mock_null_cache;
$auth = new \phpbb\auth\auth;
// Hardcoded user_id
$user_data = $auth->obtain_user_data(2);
$auth->acl($user_data);
$this->assertEquals(1, $auth->acl_get('u_emoji'));
// Set u_emoji to never
$form = $crawler->selectButton($this->lang('APPLY_PERMISSIONS'))->form(['setting[2][0][u_emoji]' => '0']);
$crawler = self::submit($form);
$this->assertContainsLang('AUTH_UPDATED', $crawler->text());
// check acl again
$auth = new \phpbb\auth\auth;
$user_data = $auth->obtain_user_data(2);
$auth->acl($user_data);
$this->assertEquals(0, $auth->acl_get('u_emoji'));
$crawler = self::request('GET', 'ucp.php?i=ucp_profile&mode=profile_info');
$this->assertContainsLang('UCP_PROFILE_PROFILE_INFO', $crawler->filter('#cp-main h2')->text());
$form = $crawler->selectButton('Submit')->form([
'pf_phpbb_location' => '😁', // grinning face with smiling eyes Emoji
]);
$crawler = self::submit($form);
$this->assertContains('The field “Location” has invalid characters.', $crawler->filter('p[class="error"]')->text());
// Set u_emoji back to Yes
$crawler = self::request('GET', 'adm/index.php?i=acp_permissions&icat=16&mode=setting_group_global&sid=' . $this->sid);
$this->assertContainsLang('ACP_GROUPS_PERMISSIONS_EXPLAIN', $this->get_content());
// Select Registered users group
$form = $crawler->selectButton($this->lang('SUBMIT'))->form(['group_id' => [2]]);
$crawler = self::submit($form);
$this->assertContainsLang('ACL_SET', $crawler->filter('h1')->eq(1)->text());
// Set u_emoji to never
$form = $crawler->selectButton($this->lang('APPLY_PERMISSIONS'))->form(["setting[2][0][u_emoji]" => '1']);
$crawler = self::submit($form);
$this->assertContainsLang('AUTH_UPDATED', $crawler->text());
// check acl again
$auth = new \phpbb\auth\auth;
$user_data = $auth->obtain_user_data(2);
$auth->acl($user_data);
$this->assertEquals(1, $auth->acl_get('u_emoji'));
}
}

View File

@ -26,7 +26,6 @@ class phpbb_profilefield_type_string_test extends phpbb_test_case
{
global $config, $request, $user, $cache, $phpbb_root_path, $phpEx;
$auth = new \phpbb\auth\auth();
$user = $this->getMock('\phpbb\user', array(), array(
new \phpbb\language\language(new \phpbb\language\language_file_loader($phpbb_root_path, $phpEx)),
'\phpbb\datetime'
@ -41,7 +40,6 @@ class phpbb_profilefield_type_string_test extends phpbb_test_case
$template = $this->getMock('\phpbb\template\template');
$this->cp = new \phpbb\profilefields\type\type_string(
$auth,
$request,
$template,
$user

View File

@ -30,7 +30,6 @@ class phpbb_profilefield_type_url_test extends phpbb_test_case
{
global $config, $request, $user, $cache, $phpbb_root_path, $phpEx;
$auth = new \phpbb\auth\auth();
$config = new \phpbb\config\config([]);
$cache = new phpbb_mock_cache;
$user = $this->getMock('\phpbb\user', array(), array(
@ -45,7 +44,6 @@ class phpbb_profilefield_type_url_test extends phpbb_test_case
$template = $this->getMock('\phpbb\template\template');
$this->cp = new \phpbb\profilefields\type\type_url(
$auth,
$request,
$template,
$user