Merge pull request #2954 from rxu/ticket/13055

[ticket/13055] Fix string profile fields validation to support unicode

phpBB/language/en/acp/profile.php

@@ -119,6 +119,12 @@ $lang = array_merge($lang, array(
 
 	'LANG_SPECIFIC_OPTIONS'		=> 'Language specific options [<strong>%s</strong>]',
 
+	'LETTER_NUM_DOTS'			=> 'Any letters, numbers and dots (periods)',
+	'LETTER_NUM_ONLY'			=> 'Any letters and numbers',
+	'LETTER_NUM_PUNCTUATION'	=> 'Any letters, numbers, comma, dots, underscores and dashes beginning with any letter',
+	'LETTER_NUM_SPACERS'		=> 'Any letters, numbers and spacers',
+	'LETTER_NUM_UNDERSCORE'		=> 'Any letters, numbers and underscores',
+
 	'MAX_FIELD_CHARS'		=> 'Maximum number of characters',
 	'MAX_FIELD_NUMBER'		=> 'Highest allowed number',
 	'MIN_FIELD_CHARS'		=> 'Minimum number of characters',

phpBB/language/en/ucp.php

@@ -214,6 +214,11 @@ $lang = array_merge($lang, array(
 	'FIELD_INVALID_CHARS_ALPHA_PUNCTUATION'	=> 'The field “%s” has invalid characters, only alphanumeric or _,-. characters are allowed and the first character must be alphabetic.',
 	'FIELD_INVALID_CHARS_ALPHA_SPACERS'	=> 'The field “%s” has invalid characters, only alphanumeric, space or -+_[] characters are allowed.',
 	'FIELD_INVALID_CHARS_ALPHA_UNDERSCORE'	=> 'The field “%s” has invalid characters, only alphanumeric or _ characters are allowed.',
+	'FIELD_INVALID_CHARS_LETTER_NUM_DOTS'	=> 'The field “%s” has invalid characters, only letter, number or . characters are allowed.',
+	'FIELD_INVALID_CHARS_LETTER_NUM_ONLY'	=> 'The field “%s” has invalid characters, only letter and number characters are allowed.',
+	'FIELD_INVALID_CHARS_LETTER_NUM_PUNCTUATION'	=> 'The field “%s” has invalid characters, only letter, number or _,-. characters are allowed and the first character must be alphabetic.',
+	'FIELD_INVALID_CHARS_LETTER_NUM_SPACERS'		=> 'The field “%s” has invalid characters, only letter, number, space or -+_[] characters are allowed.',
+	'FIELD_INVALID_CHARS_LETTER_NUM_UNDERSCORE'		=> 'The field “%s” has invalid characters, only letter, number or _ characters are allowed.',
 	'FIELD_INVALID_DATE'				=> 'The field “%s” has an invalid date.',
 	'FIELD_INVALID_URL'					=> 'The field “%s” has an invalid url.',
 	'FIELD_INVALID_VALUE'				=> 'The field “%s” has an invalid value.',

phpBB/phpbb/db/migration/data/v310/profilefield_field_validation_length.php

@@ -0,0 +1,90 @@
+<?php
+/**
+*
+* This file is part of the phpBB Forum Software package.
+*
+* @copyright (c) phpBB Limited <https://www.phpbb.com>
+* @license GNU General Public License, version 2 (GPL-2.0)
+*
+* For full copyright and license information, please see
+* the docs/CREDITS.txt file.
+*
+*/
+
+namespace phpbb\db\migration\data\v310;
+
+class profilefield_field_validation_length extends \phpbb\db\migration\migration
+{
+	protected $validation_options_old = array(
+		'ALPHA_SPACERS'		=> '[\w_\+\. \-\[\]]+',
+	);
+
+	protected $validation_options_new = array(
+		'ALPHA_SPACERS'		=> '[\w\x20_+\-\[\]]+',
+	);
+
+	static public function depends_on()
+	{
+		return array(
+			'\phpbb\db\migration\data\v310\rc3',
+		);
+	}
+
+	public function update_schema()
+	{
+		return array(
+			'change_columns'	=> array(
+				$this->table_prefix . 'profile_fields'			=> array(
+					'field_validation'	=> array('VCHAR_UNI:64', ''),
+				),
+			),
+		);
+	}
+
+	public function revert_schema()
+	{
+		return array(
+			'change_columns'	=> array(
+				$this->table_prefix . 'profile_fields'			=> array(
+					'field_validation'	=> array('VCHAR_UNI:20', ''),
+				),
+			),
+		);
+	}
+
+	public function update_data()
+	{
+		return array(
+			array('custom', array(array($this, 'update_profile_fields_validation'))),
+		);
+	}
+
+	public function revert_data()
+	{
+		return array(
+			array('custom', array(array($this, 'revert_profile_fields_validation'))),
+		);
+	}
+
+	public function update_profile_fields_validation()
+	{
+		foreach ($this->validation_options_new as $validation_type => $regex)
+		{
+			$sql = 'UPDATE ' . $this->table_prefix . "profile_fields
+				SET field_validation = '" . $this->db->sql_escape($this->validation_options_new[$validation_type]) . "'
+				WHERE field_validation = '" . $this->db->sql_escape($this->validation_options_old[$validation_type]) . "'";
+			$this->sql_query($sql);
+		}
+	}
+
+	public function revert_profile_fields_validation()
+	{
+		foreach ($this->validation_options_new as $validation_type => $regex)
+		{
+			$sql = 'UPDATE ' . $this->table_prefix . "profile_fields
+				SET field_validation = '" . $this->db->sql_escape($this->validation_options_old[$validation_type]) . "'
+				WHERE field_validation = '" . $this->db->sql_escape($this->validation_options_new[$validation_type]) . "'";
+			$this->sql_query($sql);
+		}
+	}
+}

phpBB/phpbb/profilefields/type/type_string_common.php

@@ -21,8 +21,13 @@ abstract class type_string_common extends type_base
 		'ALPHA_ONLY'		=> '[\w]+',
 		'ALPHA_UNDERSCORE'	=> '[\w_]+',
 		'ALPHA_DOTS'        => '[\w.]+',
-		'ALPHA_SPACERS'		=> '[\w_\+\. \-\[\]]+',
+		'ALPHA_SPACERS'		=> '[\w\x20_+\-\[\]]+',
 		'ALPHA_PUNCTUATION' => '[a-zA-Z][\w\.,\-_]+',
+		'LETTER_NUM_ONLY'			=> '[\p{Lu}\p{Ll}0-9]+',
+		'LETTER_NUM_UNDERSCORE'		=> '[\p{Lu}\p{Ll}0-9_]+',
+		'LETTER_NUM_DOTS'			=> '[\p{Lu}\p{Ll}0-9.]+',
+		'LETTER_NUM_SPACERS'		=> '[\p{Lu}\p{Ll}0-9\x20_+\-\[\]]+',
+		'LETTER_NUM_PUNCTUATION'	=> '[\p{Lu}\p{Ll}][\p{Lu}\p{Ll}0-9.,\-_]+',
 	);
 
 	/**
@@ -79,7 +84,7 @@ abstract class type_string_common extends type_base
 		if (!empty($field_data['field_validation']) && $field_data['field_validation'] != '.*')
 		{
 			$field_validate = ($field_type != 'text') ? $field_value : bbcode_nl2br($field_value);
-			if (!preg_match('#^' . str_replace('\\\\', '\\', $field_data['field_validation']) . '$#i', $field_validate))
+			if (!preg_match('#^' . str_replace('\\\\', '\\', $field_data['field_validation']) . '$#iu', $field_validate))
 			{
 				$validation = array_search($field_data['field_validation'], $this->validation_options);
 				if ($validation)

tests/profilefields/type_string_test.php

@@ -167,6 +167,55 @@ class phpbb_profilefield_type_string_test extends phpbb_test_case
 				'FIELD_INVALID_CHARS_ALPHA_PUNCTUATION-field',
 				'Required field should reject field having invalid input for the given validation',
 			),
+			// UTF-8 string tests
+			array(
+				'ö äö äö ä',
+				array('field_validation' => '[\p{Lu}\p{Ll}0-9]+'),
+				'FIELD_INVALID_CHARS_LETTER_NUM_ONLY-field',
+				'Required field should reject spaces in UTF-8 letternumeric only field',
+			),
+			array(
+				'Имя123',
+				array('field_validation' => '[\p{Lu}\p{Ll}0-9]+'),
+				false,
+				'Required field should accept UTF-8 letternumeric only field',
+			),
+			array(
+				'Ö äö äö- ä+',
+				array('field_validation' => '[\p{Lu}\p{Ll}0-9_]+'),
+				'FIELD_INVALID_CHARS_LETTER_NUM_UNDERSCORE-field',
+				'Required field should reject spacers in UTF-8 letternumeric with underscore field',
+			),
+			array(
+				'Правильное.Имя123',
+				array('field_validation' => '[\p{Lu}\p{Ll}0-9.]+'),
+				false,
+				'Required field should accept UTF-8 letternumeric field with dots',
+			),
+			array(
+				'Неправильное.,имя123',
+				array('field_validation' => '[\p{Lu}\p{Ll}0-9.]+'),
+				'FIELD_INVALID_CHARS_LETTER_NUM_DOTS-field',
+				'Required field should reject comma in UTF-8 letternumeric field with dots',
+			),
+			array(
+				'Ö äö äö- ä+',
+				array('field_validation' => '[\p{Lu}\p{Ll}0-9\x20_+\-\[\]]+'),
+				false,
+				'Required field should accept spacers in UTF-8 letternumeric with spacers field',
+			),
+			array(
+				'skype.test.name,_this',
+				array('field_validation' => '[\p{Lu}\p{Ll}][\p{Lu}\p{Ll}0-9.,\-_]+'),
+				false,
+				'Required field should accept alphanumeric value for UTF-8 letternumeric field with punctuations',
+			),
+			array(
+				'1skype.this.should.fail',
+				array('field_validation' => '[\p{Lu}\p{Ll}][\p{Lu}\p{Ll}0-9.,\-_]+'),
+				'FIELD_INVALID_CHARS_LETTER_NUM_PUNCTUATION-field',
+				'Required field should reject field having leading numeric for UTF-8 letternumeric field with punctuations',
+			),
 		);
 	}