1
0
mirror of https://github.com/phpbb/phpbb.git synced 2025-10-23 04:36:15 +02:00
Commit Graph

1567 Commits

Author SHA1 Message Date
Marc Alexander
34e9b4d066 Merge pull request #35 from phpbb/ticket/security-203-rhea
[ticket/security-203] Fully validate version check data in version helper -- Rhea
2017-07-16 15:29:35 +02:00
Marc Alexander
e0eeea800c [ticket/14961] Add cookie notice as enablable feature
Uses Insites cookieconsent v3.0.3:
https://cookieconsent.insites.com

PHPBB3-14961
2017-01-06 00:57:12 +01:00
Marc Alexander
d63b644b2b Merge branch 'ticket/security-203' into ticket/security-203-rhea 2016-12-28 22:53:59 +01:00
Marc Alexander
658820654f [ticket/security-203] Fully validate version check data in version helper
This will also take care of SECURITY-204 as it's the same underlying issue.
Admins still need to ensure they don't visit malicious sites for URLs
provided by extensions.

SECURITY-203
2016-12-26 22:01:51 +01:00
Marc Alexander
0e8a573a71 Merge branch '3.1.x' into 3.2.x 2016-11-27 20:45:12 +01:00
Jakub Senko
e974f338af [ticket/14739] Remove SQLite 2.8.x database driver
PHPBB3-14739
2016-11-16 17:59:28 +01:00
Jakub Senko
260dc5ed7c [ticket/14863] Properly treat plural rules in confirmation box title
PHPBB3-14863
2016-11-13 17:21:41 +01:00
Tristan Darricau
b8ef36ddb1 Merge branch '3.1.x' into 3.2.x
* 3.1.x:
  [ticket/14818] Optimize generate_board_url function
2016-10-24 23:08:09 +02:00
Tristan Darricau
e3a85ff0a7 Merge pull request #4487 from gmixo/patch-2
[ticket/14818] Optimize generate_board_url function

* gmixo/patch-2:
  [ticket/14818] Optimize generate_board_url function
2016-10-24 23:08:06 +02:00
Marc Alexander
2a038d45df Merge branch '3.1.x' into 3.2.x 2016-10-23 11:48:56 +02:00
kasimi
f02afe58bc [ticket/14827] Possibility to add multiple form keys
PHPBB3-14827
2016-10-19 22:42:52 +02:00
MIkhail Gulyaev
868d55913d [ticket/14818] Optimize generate_board_url function
if $config['force_server_vars'] no need to calculate $request
2016-10-17 12:54:08 +07:00
Marc Alexander
9a64bffd68 Merge pull request #4459 from rxu/ticket/14794
[ticket/14794] Adjust redirect() behavior for PHP 7.1+ compatibility
2016-09-23 21:10:26 +02:00
rxu
a5ccdc7997 [ticket/14794] Adjust redirect() behavior for PHP 7.1+ compatibility
PHPBB3-14794
2016-09-23 19:47:05 +07:00
rxu
35c62d1e74 [ticket/14793] Fix "A non-numeric value encountered" PHP warning on PHP 7.1+
PHPBB3-14793
2016-09-22 22:29:18 +07:00
Jakub Senko
4b6c2c8cde [ticket/10961] Send HTTP 403 when applicable
PHPBB3-10961
2016-09-01 08:48:37 +02:00
Marc Alexander
63d3b240a4 Merge branch '3.1.x' into 3.2.x 2016-06-19 17:49:07 +02:00
Jakub Senko
10d96d4f33 [ticket/14429] Add core.modify_users_online_string_modify
PHPBB3-14429
2016-05-27 13:46:23 +02:00
Tristan Darricau
386d31ec63 Merge branch '3.1.x' into 3.2.x
* 3.1.x:
  [ticket/14481] Add tests for x_forwarded_proto header
  [ticket/14481] Use port 443 if https is specified in x-forwarded-proto
  [ticket/14481] Respect HTTP_X_FORWARDED headers for implying https
2016-03-27 12:56:03 +02:00
Tristan Darricau
5442a25967 Merge pull request #4182 from marc1706/ticket/14481
[ticket/14481] Respect HTTP_X_FORWARDED headers for implying https

* marc1706/ticket/14481:
  [ticket/14481] Add tests for x_forwarded_proto header
  [ticket/14481] Use port 443 if https is specified in x-forwarded-proto
  [ticket/14481] Respect HTTP_X_FORWARDED headers for implying https
2016-03-27 12:56:03 +02:00
Tristan Darricau
8d98981012 Merge pull request #4218 from marc1706/ticket/14527
[ticket/14527] Retrieve link URL from href and not link text

* marc1706/ticket/14527:
  [ticket/14527] Decode automatically generated postlink without prefix
  [ticket/14527] Add tests for reverted improper fix
  [ticket/14527] Retrieve link URL from href and not link text
2016-03-25 11:35:47 +01:00
Marc Alexander
2e3f89444a Merge branch 'ticket/14136' into ticket/14136-3.2.x
Conflicts:
	phpBB/adm/style/install_update_diff.html
	phpBB/adm/style/installer_header.html
	phpBB/install/database_update.php
	phpBB/install/index.php
	phpBB/styles/subsilver2/template/overall_header.html
	phpBB/styles/subsilver2/template/simple_header.html
	phpBB/styles/subsilver2/template/ucp_pm_viewmessage_print.html
	phpBB/styles/subsilver2/template/viewtopic_print.html
2016-03-24 16:12:56 +01:00
Marc Alexander
244d171cb0 [ticket/14136] Add back X-UA-Compatible meta tag
This was previously removed without needing to. Adding it back to force
users to not emulate the page for previous versions of IE. The
imagetoolbar http-equiv tag was not restored as IE does not contain that
anymore since IE7. Also, the chome=1 has been removed from the
X-UA-Compatible content as ChromeFrame does not receive any further
updates since 2014 and is potentially broken.

PHPBB3-14136
2016-03-24 16:07:07 +01:00
Tristan Darricau
dc097221d8 [ticket/14550] Fix the number of characters returned by unique_id()
PHPBB3-14450
2016-03-23 10:18:22 +01:00
Marc Alexander
17b8e93a53 [ticket/14527] Decode automatically generated postlink without prefix
The http prefix gets automatically added and should be removed prior
to outputting the post to the user.

PHPBB3-14527
2016-03-13 14:48:21 +01:00
Marc Alexander
58678ff21c [ticket/14527] Retrieve link URL from href and not link text
PHPBB3-14527
2016-03-13 12:20:09 +01:00
Marc Alexander
0e84856a45 Merge branch '3.1.x' into 3.2.x 2016-03-10 12:19:10 +01:00
Marc Alexander
9bcf8df5d0 Merge pull request #4184 from lavigor/ticket/14486
[ticket/14486] Add an event and fix an event in login_box()
2016-03-10 12:18:47 +01:00
Máté Bartus
a01e3a0ffa Merge branch '3.1.x' into 3.2.x
* 3.1.x:
  [ticket/14132] Use transaction for adding notifications to type table
  [ticket/14519] Skip query if all unread notifications are retrieved
  [ticket/14483] Do not send headers by default on access via controller

Conflicts:
	phpBB/phpbb/notification/manager.php
2016-03-08 22:18:42 +01:00
Marc Alexander
62a2619300 [ticket/14483] Do not send headers by default on access via controller
PHPBB3-14483
2016-03-06 21:10:42 +01:00
lavigor
40bd4c8b72 [ticket/14486] Use empty() and move error check.
PHPBB3-14486
2016-02-27 20:05:59 +03:00
Tristan Darricau
58359b1587 [ticket/14457] Replaces unique_id implementation by random_bytes()
PHPBB3-14457
2016-02-18 17:30:31 +01:00
lavigor
4b4584bcd4 [ticket/14486] Add an event and fix an event in login_box()
PHPBB3-14486
2016-02-18 19:22:11 +03:00
Marc Alexander
9eedf29021 [ticket/14481] Use port 443 if https is specified in x-forwarded-proto
PHPBB3-14481
2016-02-16 16:33:19 +01:00
Joas Schilling
8663edce76 Merge branch '3.1.x' into 3.2.x
Conflicts:
	build/build.xml
	phpBB/docs/CHANGELOG.html
	phpBB/includes/constants.php
	phpBB/includes/functions_user.php
	phpBB/install/convertors/convert_phpbb20.php
	phpBB/install/schemas/schema_data.sql
	phpBB/styles/prosilver/style.cfg
	phpBB/styles/subsilver2/style.cfg
2016-02-13 18:08:01 +01:00
Oliver Schramm
1bd4895d7a [ticket/14409] Update session page info before displaying online list
PHPBB3-14409
2016-02-13 15:58:05 +01:00
Marc Alexander
8e5b5a5c07 Merge branch '3.1.x' 2016-01-16 23:10:37 +01:00
lavigor
fef03a1946 [ticket/14412] Comment fixes for PHPDoc in the events
PHPBB3-14412
2016-01-15 14:07:50 +03:00
Marc Alexander
73900d1857 [ticket/13454] Remove more unused variables
This should be the last part. Off to checking if the changes were correct.

PHPBB3-13454
2016-01-06 13:52:11 +01:00
Marc Alexander
7a6a16e3a5 [ticket/13454] Remove unused variables
This is part 5 and there is more to come.

PHPBB3-13454
2016-01-06 13:52:11 +01:00
Tristan Darricau
f14a9b7069 Merge branch '3.1.x'
* 3.1.x:
  [ticket/14261] Fix tests by removing old code.
  [ticket/14261] Move the update of session informations to page_footer()
2015-12-07 21:52:38 +01:00
Zoddo
88dd8a4849 [ticket/14261] Move the update of session informations to page_footer()
Currently, the unique way to disable the update of session_page is to pass
"false" to the parameter of session_begin(). This method is directly
called in app.php, so pages served from the routing system can't disable
the update of session informations.

By moving the update to page_footer, we can allow controllers to tell to
the session manager that we don't want to update the session infos.

PHPBB3-14261
2015-10-27 17:26:18 +01:00
Cesar G
a246cb6414 Merge branch '3.1.x'
* 3.1.x:
  [ticket/14249] Fix online list order
2015-10-22 10:05:25 -07:00
Oliver Schramm
93208d597a [ticket/14249] Fix online list order
PHPBB3-14249
2015-10-21 21:51:43 +02:00
Tristan Darricau
ce45813e2c Merge branch '3.1.x'
* 3.1.x:
  [ticket/13591] Change SQL query into array to allow
2015-10-12 10:20:32 +02:00
Tristan Darricau
2668fa42ad Merge pull request #3946 from RMcGirr83/ticket_13591
[ticket/13591] Change SQL query into array to allow

* RMcGirr83/ticket_13591:
  [ticket/13591] Change SQL query into array to allow
2015-10-12 10:20:16 +02:00
Tristan Darricau
fcf797c3f2 Merge branch '3.1.x'
* 3.1.x:
  [ticket/14200] Allow hidden users to see himself on viewonline
2015-10-12 09:20:13 +02:00
Zoddo
8eb9ce50b0 [ticket/14200] Allow hidden users to see himself on viewonline
PHPBB3-14200
2015-10-10 16:33:40 +02:00
RMcGirr83
8a52ccc938 [ticket/13591] Change SQL query into array to allow
extension authors to modify SQL query

PHPBB3-13591
2015-10-08 14:18:45 -04:00
Michael Miday
956723af0e [ticket/12769] Properly include FA 2015-09-17 18:37:25 +02:00