mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-05-14 11:35:33 +02:00
Code Issues Releases Wiki Activity
31,500 Commits 18 Branches 192 Tags
Commit Graph

1625 Commits

Author SHA1 Message Date
rubencm
b07fb709ba [ticket/16352] Remove duplicated function 
PHPBB3-16352
 2020-02-03 02:24:56 +00:00
rubencm
2fea7969d3 [ticket/16352] Deprecate more functions 
PHPBB3-16352
 2020-02-03 01:44:02 +00:00
rubencm
d668f3a3c3 [ticket/16352] Deprecate a few function/classes 
PHPBB3-16352
 2020-02-03 00:44:44 +00:00
Marc Alexander
38e5913338
Merge pull request #5637 from EA117/ticket/16054 
[ticket/16054] Restore ability to login from any template.
 2019-08-11 20:02:11 +02:00
Derky
6ada02b060 Merge pull request #5628 from marc1706/ticket/16101 
[ticket/16101] Add Referrer-Policy header to phpBB's headers
 2019-07-30 07:34:13 +02:00
Marc Alexander
51205febe3
Merge pull request #5635 from EA117/ticket/16066 
[ticket/16066] Fix FORM_INVALID always returned for banned user.
 2019-07-29 21:38:13 +02:00
EA117
792882ef63 [ticket/16054] Restore ability to login from any template. 
Moving the login form's add_form_key() work into page_header(), so that the
template variables required for presenting a login form are again available
to any template that chooses to consume them.

PHPBB3-16054
 2019-07-28 15:15:39 -05:00
EA117
636fc7fad7 [ticket/16066] Fix FORM_INVALID always returned for banned user. 
After the introduction of add_form_key() and check_form_key() calls to
login_box() in phpBB 3.2.6 and later, if a banned user attempts to login,
they receive a "The submitted form was invalid. Try submitting again."
Instead of the message indicating that they are banned, and why.

This is happening because check_ban() actually calls into login_box()
recursively, but after the $user->session_id has been switched to a new
session ID for the logging-on user.  Therefore, now that check_form_key()
has been introduced to login_box(), it is impossible for check_form_key()
to succeed during this recursive call.

Fix is to make login_box()'s use of check_form_key() conditional on whether
IN_CHECK_BAN is defined, so that the recursive call does not attempt to
re-validate the form_key again.  Note the form_key has already been
successfully verified by the original call into login_box(), prior to calling
into check_ban() and attempting to recursively call login_box().  So the
protection of why check_form_key() was added is still intact with this change.

PHPBB3-16066
 2019-07-28 12:25:54 -05:00
Marc Alexander
f567b2bb69
Merge pull request #5459 from mrgoldy/ticket/15886 
[ticket/15886] Group helper functions
 2019-07-28 15:31:09 +02:00
Marc Alexander
b59e101d8d
Merge pull request #5610 from espipj/ticket/16070 
[ticket/16070] Remove support for WebSTAR and Xitami
 2019-07-23 21:18:22 +02:00
Jakub Senko
90dcd1a0f4
[ticket/16089] Add core.confirm_box_ajax_before 
PHPBB3-16089
 2019-07-22 08:19:32 +02:00
Marc Alexander
30f8e5d638
[ticket/16101] Add Referrer-Policy header to phpBB's headers 
PHPBB3-16101
 2019-07-20 09:43:24 +02:00
espipj
0c3ff0419c [ticket/16070] Remove unused code 
PHPBB3-16070
 2019-05-27 21:26:44 +01:00
Marc Alexander
4b6bdbe558
[ticket/16042] Adjust positioning and add comment to overwrite 
PHPBB3-16042
 2019-05-02 21:29:11 +02:00
Marc Alexander
3c822556c1
[ticket/16042] Use S_LOGIN_REDIRECT to output login form token 
PHPBB3-16042
 2019-05-02 21:21:07 +02:00
rubencm
540a6b7d2e [ticket/16036] Add S_FORM_TOKEN_LOGIN to all login forms 
PHPBB3-16036
 2019-04-29 16:13:26 +00:00
Marc Alexander
f75dd1628c
Merge pull request #48 from phpbb/ticket/security/228 
[ticket/security/228] Add form token to login box
 2019-04-27 13:26:36 +02:00
Derky
b836898016 [ticket/security/228] Add form token to login box 
SECURITY-228
 2019-04-26 12:11:52 +02:00
Marc Alexander
c8ff4b4109
Merge pull request #5513 from mrgoldy/ticket/15942 
[ticket/15942] Allow array in confirm_box title
 2019-04-17 09:26:11 +02:00
Marc Alexander
0e38bebaa5
[ticket/15942] Add language to compatibility globals & use in confirm_box 
PHPBB3-15942
 2019-04-17 08:22:44 +02:00
mrgoldy
a16ebf04d3 [ticket/15942] Past tense 
PHPBB3-15942
 2019-04-16 10:38:26 +02:00
mrgoldy
2131adac5c [ticket/15942] Update DocBlock 
PHPBB3-15942
 2019-04-16 10:15:01 +02:00
3D-I
8e8fa203b9 [ticket/15972] Let the event be triggered 
Removes old coding which is there just to save a few iterations.

PHPBB3-15972
 2019-02-26 23:56:28 +01:00
3D-I
2cd574321f [ticket/15972] Add core.markread_after 
PHPBB3-15972
 2019-02-20 19:57:56 +01:00
mrgoldy
3f4b7059cb [ticket/15942] Allow array in confirm_box title 
PHPBB3-15942
 2019-01-15 20:50:37 +01:00
mrgoldy
50cec4d54c [ticket/15886] Change phpbb_get_group_avatar variable names 
PHPBB3-15886
 2018-12-30 14:15:03 +01:00
Ruben Calvo
31703585cb [ticket/15860] Unique_id() return 16 characters again 
PHPBB3-15860
 2018-10-31 10:41:57 +00:00
Ruben Calvo
1f14f7c327 [ticket/15860] Fix format of backup files 
PHPBB3-15860
 2018-10-30 11:18:34 +00:00
Marc Alexander
2fcf49c839
Merge pull request #5381 from senky/ticket/15616 
[ticket/15616] Remove jumpbox from login_forum.html
 2018-10-13 16:31:02 -07:00
Marc Alexander
40332ecfcc
Merge pull request #5374 from senky/ticket/15758 
[ticket/15758] Show translated msg for INSECURE_REDIRECT
 2018-10-10 22:49:08 +02:00
Marc Alexander
6087f0347c
Merge pull request #5377 from senky/ticket/15700 
[ticket/15700] Use correct T_THEME_LANG_NAME
 2018-10-09 22:58:32 +02:00
Marc Alexander
6e61804e45
Merge pull request #5370 from senky/ticket/15805 
[ticket/15805] Add result to core.login_box_redirect
 2018-10-08 22:27:55 +02:00
Jakub Senko
d29d4389f9
[ticket/15758] Show translated msg for INSECURE_REDIRECT 
PHPBB3-15758
 2018-09-28 12:27:55 +02:00
Jakub Senko
f82e0a83d1
[ticket/15616] Add jumpbox to login_forum.html 
PHPBB3-15616
 2018-09-26 16:29:43 +02:00
Jakub Senko
dab4c10c2f
[ticket/15700] Use correct T_THEME_LANG_NAME 
PHPBB3-15700
 2018-09-25 15:24:34 +02:00
Jakub Senko
1d0fdc446f
[ticket/15805] Add result to core.login_box_redirect 
PHPBB3-15805
 2018-09-24 16:09:51 +02:00
Rubén Calvo
ced8599e30 [ticket/15723] Rewrite unique_id too 
PHPBB3-15723
 2018-08-08 20:36:16 +02:00
Rubén Calvo
ffcfec044b [ticket/15723] Rewrite gen_rand_string() and gen_rand_string_friendly() 
PHPBB3-15723
 2018-07-14 11:42:32 +02:00
Tristan Darricau
078d076526 Merge pull request #5253 from senky/ticket/15618 
[ticket/15618] Display The team link only to users with permission

* github.com:/phpbb/phpbb:
  [ticket/15618] Display The team link only to users with permission
 2018-07-08 18:41:04 +02:00
Tristan Darricau
bc7b998632 Merge branch 'prep-release-3.2.3' into 3.2.x 
* prep-release-3.2.3:
  [ticket/15676] Use paragraphs and classes as suggested by hanakin
  [ticket/15676] Use twig syntax
  [ticket/15676] Simplify link text and use privacy link in cookie notice
  [ticket/15676] Display privacy notice in footer & allow overriding U_PRIVACY
 2018-07-08 17:38:27 +02:00
Rubén Calvo
d4d8aec02a [ticket/15695] Fix gen_rand_string returning less characters than expected 
PHPBB3-15695
 2018-06-18 22:38:14 +02:00
Jakub Senko
c61b9358ff
[ticket/15618] Display The team link only to users with permission 
PHPBB3-15618
 2018-06-18 12:55:24 +02:00
Marc Alexander
9e50e52fa5
[ticket/15693] Update tests to reflect changes to gen_rand_string() 
PHPBB3-15693
 2018-06-17 11:01:11 +02:00
Rubén Calvo
f75c400db4 [ticket/15693] Fix get_rand_string() 
PHPBB3-15693
 2018-06-15 19:22:35 +02:00
Marc Alexander
25a46ef4b3
[ticket/15676] Simplify link text and use privacy link in cookie notice 
PHPBB3-15676
 2018-05-31 22:15:36 +02:00
Marc Alexander
c6a35237a2
[ticket/15676] Display privacy notice in footer & allow overriding U_PRIVACY 
PHPBB3-15676
 2018-05-31 09:31:33 +02:00
Marc Alexander
69a168bcb2
Merge pull request #5074 from marc1706/ticket/15498 
[ticket/15498] Do not pass whether URL uses router to is_route
 2018-01-07 11:04:37 +01:00
Marc Alexander
1b4bad6583
Merge remote-tracking branch 'upstream/3.2.x' into prep-release-3.2.2 2018-01-07 11:02:31 +01:00
Marc Alexander
e31474542d
[ticket/15498] Do not pass whether URL uses router to is_route 
is_route expects a flag of whether this is a route that was generated
with the router as opposed to is_router_used() which returns whether
the router will be used via app.php.

PHPBB3-15498
 2018-01-06 10:53:12 +01:00
rxu
8c3808e9e7
[ticket/14972] Fix sizeof calls 
As of PHP 7.2, only arrays and objects implementing the Countable interface
should be passed as a count() or sizeof() parameter.
See https://github.com/php/php-src/blob/php-7.2.0alpha2/UPGRADING#L197-L198
Also, sizeof() seems to be sheduled for deprecation, see
https://wiki.php.net/rfc/deprecations_php_7_2#suggested_deprecations

PHPBB3-14972
 2018-01-01 13:08:12 +01:00