From b9cb3b9e3ed17c2cf8737767ce7d67ed966216b5 Mon Sep 17 00:00:00 2001
From: Joas Schilling <nickvergessen@gmx.de>
Date: Fri, 5 Sep 2014 13:24:31 +0200
Subject: [PATCH 1/3] [ticket/12983] Correctly validate sorting options in the
 UCP

PHPBB3-12983
---
 phpBB/includes/ucp/ucp_prefs.php | 24 ++++++++++++++++++------
 phpBB/language/en/common.php     |  4 ++++
 2 files changed, 22 insertions(+), 6 deletions(-)

diff --git a/phpBB/includes/ucp/ucp_prefs.php b/phpBB/includes/ucp/ucp_prefs.php
index b0a8e8d374..3ff8fe9ada 100644
--- a/phpBB/includes/ucp/ucp_prefs.php
+++ b/phpBB/includes/ucp/ucp_prefs.php
@@ -223,11 +223,11 @@ class ucp_prefs
 				$data = array(
 					'topic_sk'		=> request_var('topic_sk', (!empty($user->data['user_topic_sortby_type'])) ? $user->data['user_topic_sortby_type'] : 't'),
 					'topic_sd'		=> request_var('topic_sd', (!empty($user->data['user_topic_sortby_dir'])) ? $user->data['user_topic_sortby_dir'] : 'd'),
-					'topic_st'		=> request_var('topic_st', (!empty($user->data['user_topic_show_days'])) ? $user->data['user_topic_show_days'] : 0),
+					'topic_st'		=> request_var('topic_st', (!empty($user->data['user_topic_show_days'])) ? (int) $user->data['user_topic_show_days'] : 0),
 
 					'post_sk'		=> request_var('post_sk', (!empty($user->data['user_post_sortby_type'])) ? $user->data['user_post_sortby_type'] : 't'),
 					'post_sd'		=> request_var('post_sd', (!empty($user->data['user_post_sortby_dir'])) ? $user->data['user_post_sortby_dir'] : 'a'),
-					'post_st'		=> request_var('post_st', (!empty($user->data['user_post_show_days'])) ? $user->data['user_post_show_days'] : 0),
+					'post_st'		=> request_var('post_st', (!empty($user->data['user_post_show_days'])) ? (int) $user->data['user_post_show_days'] : 0),
 
 					'images'		=> request_var('images', (bool) $user->optionget('viewimg')),
 					'flash'			=> request_var('flash', (bool) $user->optionget('viewflash')),
@@ -254,10 +254,22 @@ class ucp_prefs
 				if ($submit)
 				{
 					$error = validate_data($data, array(
-						'topic_sk'	=> array('string', false, 1, 1),
-						'topic_sd'	=> array('string', false, 1, 1),
-						'post_sk'	=> array('string', false, 1, 1),
-						'post_sd'	=> array('string', false, 1, 1),
+						'topic_sk'	=> array(
+							array('string', false, 1, 1),
+							array('match', false, '#(a|r|s|t|v)#'),
+						),
+						'topic_sd'	=> array(
+							array('string', false, 1, 1),
+							array('match', false, '#(a|d)#'),
+						),
+						'post_sk'	=> array(
+							array('string', false, 1, 1),
+							array('match', false, '#(a|s|t)#'),
+						),
+						'post_sd'	=> array(
+							array('string', false, 1, 1),
+							array('match', false, '#(a|d)#'),
+						),
 					));
 
 					if (!check_form_key('ucp_prefs_view'))
diff --git a/phpBB/language/en/common.php b/phpBB/language/en/common.php
index 783faa8fad..c27086fd38 100644
--- a/phpBB/language/en/common.php
+++ b/phpBB/language/en/common.php
@@ -864,6 +864,10 @@ $lang = array_merge($lang, array(
 	'WRONG_DATA_COLOUR'			=> 'The colour value you entered is invalid.',
 	'WRONG_DATA_JABBER'			=> 'The name you entered is not a valid Jabber account name.',
 	'WRONG_DATA_LANG'			=> 'The language you specified is not valid.',
+	'WRONG_DATA_POST_SD'		=> 'The post sort direction you specified is not valid.',
+	'WRONG_DATA_POST_SK'		=> 'The post sort option you specified is not valid.',
+	'WRONG_DATA_TOPIC_SD'		=> 'The topic sort direction you specified is not valid.',
+	'WRONG_DATA_TOPIC_SK'		=> 'The topic sort option you specified is not valid.',
 	'WROTE'						=> 'wrote',
 
 	'YAHOO'				=> 'Yahoo Messenger',

From 647a75249c83908acd1d23e1aa71d9119a4510a8 Mon Sep 17 00:00:00 2001
From: Joas Schilling <nickvergessen@gmx.de>
Date: Fri, 5 Sep 2014 13:32:44 +0200
Subject: [PATCH 2/3] [ticket/12983] Add functional test for ucp pref module

PHPBB3-12983
---
 tests/functional/ucp_preferences_test.php | 67 +++++++++++++++++++++++
 1 file changed, 67 insertions(+)
 create mode 100644 tests/functional/ucp_preferences_test.php

diff --git a/tests/functional/ucp_preferences_test.php b/tests/functional/ucp_preferences_test.php
new file mode 100644
index 0000000000..c904f5af06
--- /dev/null
+++ b/tests/functional/ucp_preferences_test.php
@@ -0,0 +1,67 @@
+<?php
+/**
+*
+* This file is part of the phpBB Forum Software package.
+*
+* @copyright (c) phpBB Limited <https://www.phpbb.com>
+* @license GNU General Public License, version 2 (GPL-2.0)
+*
+* For full copyright and license information, please see
+* the docs/CREDITS.txt file.
+*
+*/
+
+/**
+* @group functional
+*/
+class phpbb_functional_ucp_preferences_test extends phpbb_functional_test_case
+{
+	public function test_submitting_profile_info()
+	{
+		$this->add_lang('ucp');
+		$this->login();
+
+		$crawler = self::request('GET', 'ucp.php?i=ucp_prefs&mode=view');
+		$this->assertContainsLang('UCP_PREFS_VIEW', $crawler->filter('#cp-main h2')->text());
+
+		$form = $crawler->selectButton('Submit')->form(array(
+			'topic_sk'	=> 'a',
+			'topic_sd'	=> 'a',
+			'topic_st'	=> '1',
+			'post_sk'	=> 'a',
+			'post_sd'	=> 'a',
+			'post_st'	=> '1',
+		));
+
+		$crawler = self::submit($form);
+		$this->assertContainsLang('PREFERENCES_UPDATED', $crawler->filter('#message')->text());
+
+		$crawler = self::request('GET', 'ucp.php?i=ucp_prefs&mode=view');
+		$this->assertContainsLang('UCP_PREFS_VIEW', $crawler->filter('#cp-main h2')->text());
+
+		$form = $crawler->selectButton('Submit')->form(array(
+			'topic_sk'	=> 'z',
+			'topic_sd'	=> 'z',
+			'topic_st'	=> 'test',
+			'post_sk'	=> 'z',
+			'post_sd'	=> 'z',
+			'post_st'	=> 'test',
+		));
+
+		$crawler = self::submit($form);
+		$this->assertContainsLang('WRONG_DATA_POST_SD', $crawler->filter('#cp-main')->text());
+		$this->assertContainsLang('WRONG_DATA_POST_SK', $crawler->filter('#cp-main')->text());
+		$this->assertContainsLang('WRONG_DATA_TOPIC_SD', $crawler->filter('#cp-main')->text());
+		$this->assertContainsLang('WRONG_DATA_TOPIC_SK', $crawler->filter('#cp-main')->text());
+
+		$crawler = self::request('GET', 'ucp.php?i=ucp_prefs&mode=view');
+		$form = $crawler->selectButton('Submit')->form();
+
+		$this->assertEquals('a', $form->get('topic_sk')->getValue());
+		$this->assertEquals('a', $form->get('topic_sd')->getValue());
+		$this->assertEquals('1', $form->get('topic_st')->getValue());
+		$this->assertEquals('a', $form->get('post_sk')->getValue());
+		$this->assertEquals('a', $form->get('post_sd')->getValue());
+		$this->assertEquals('1', $form->get('post_st')->getValue());
+	}
+}

From d5801333f7c3724c82057eeccf522cf32c6a253b Mon Sep 17 00:00:00 2001
From: Joas Schilling <nickvergessen@gmx.de>
Date: Sat, 6 Sep 2014 17:16:56 +0200
Subject: [PATCH 3/3] [ticket/12983] Do not test invalid values until Symfony
 2.4

PHPBB3-12983
---
 tests/functional/ucp_preferences_test.php | 36 +++++++++++++++++------
 1 file changed, 27 insertions(+), 9 deletions(-)

diff --git a/tests/functional/ucp_preferences_test.php b/tests/functional/ucp_preferences_test.php
index c904f5af06..7ef325dc4b 100644
--- a/tests/functional/ucp_preferences_test.php
+++ b/tests/functional/ucp_preferences_test.php
@@ -16,7 +16,7 @@
 */
 class phpbb_functional_ucp_preferences_test extends phpbb_functional_test_case
 {
-	public function test_submitting_profile_info()
+	public function test_submitting_preferences_view()
 	{
 		$this->add_lang('ucp');
 		$this->login();
@@ -35,26 +35,44 @@ class phpbb_functional_ucp_preferences_test extends phpbb_functional_test_case
 
 		$crawler = self::submit($form);
 		$this->assertContainsLang('PREFERENCES_UPDATED', $crawler->filter('#message')->text());
+	}
+
+	public function test_submitting_invalid_preferences_view()
+	{
+		$this->add_lang('ucp');
+		$this->login();
 
 		$crawler = self::request('GET', 'ucp.php?i=ucp_prefs&mode=view');
 		$this->assertContainsLang('UCP_PREFS_VIEW', $crawler->filter('#cp-main h2')->text());
+		$form = $crawler->selectButton('Submit')->form();
 
-		$form = $crawler->selectButton('Submit')->form(array(
-			'topic_sk'	=> 'z',
-			'topic_sd'	=> 'z',
-			'topic_st'	=> 'test',
-			'post_sk'	=> 'z',
-			'post_sd'	=> 'z',
-			'post_st'	=> 'test',
-		));
+		if (!method_exists($form, 'disableValidation'))
+		{
+			$this->markTestIncomplete('The crawler cannot select invalid values, until Symfony 2.4!');
+		}
+
+		$form = $form->disableValidation();
+		$form['topic_sk']->select('z');
+		$form['topic_sd']->select('z');
+		$form['topic_st']->select('test');
+		$form['post_sk']->select('z');
+		$form['post_sd']->select('z');
+		$form['post_st']->select('test');
 
 		$crawler = self::submit($form);
 		$this->assertContainsLang('WRONG_DATA_POST_SD', $crawler->filter('#cp-main')->text());
 		$this->assertContainsLang('WRONG_DATA_POST_SK', $crawler->filter('#cp-main')->text());
 		$this->assertContainsLang('WRONG_DATA_TOPIC_SD', $crawler->filter('#cp-main')->text());
 		$this->assertContainsLang('WRONG_DATA_TOPIC_SK', $crawler->filter('#cp-main')->text());
+	}
+
+	public function test_read_preferences_view()
+	{
+		$this->add_lang('ucp');
+		$this->login();
 
 		$crawler = self::request('GET', 'ucp.php?i=ucp_prefs&mode=view');
+		$this->assertContainsLang('UCP_PREFS_VIEW', $crawler->filter('#cp-main h2')->text());
 		$form = $crawler->selectButton('Submit')->form();
 
 		$this->assertEquals('a', $form->get('topic_sk')->getValue());