1
0
mirror of https://github.com/phpbb/phpbb.git synced 2025-10-25 05:36:13 +02:00
Commit Graph

1680 Commits

Author SHA1 Message Date
Marc Alexander
51205febe3 Merge pull request #5635 from EA117/ticket/16066
[ticket/16066] Fix FORM_INVALID always returned for banned user.
2019-07-29 21:38:13 +02:00
EA117
792882ef63 [ticket/16054] Restore ability to login from any template.
Moving the login form's add_form_key() work into page_header(), so that the
template variables required for presenting a login form are again available
to any template that chooses to consume them.

PHPBB3-16054
2019-07-28 15:15:39 -05:00
EA117
636fc7fad7 [ticket/16066] Fix FORM_INVALID always returned for banned user.
After the introduction of add_form_key() and check_form_key() calls to
login_box() in phpBB 3.2.6 and later, if a banned user attempts to login,
they receive a "The submitted form was invalid. Try submitting again."
Instead of the message indicating that they are banned, and why.

This is happening because check_ban() actually calls into login_box()
recursively, but after the $user->session_id has been switched to a new
session ID for the logging-on user.  Therefore, now that check_form_key()
has been introduced to login_box(), it is impossible for check_form_key()
to succeed during this recursive call.

Fix is to make login_box()'s use of check_form_key() conditional on whether
IN_CHECK_BAN is defined, so that the recursive call does not attempt to
re-validate the form_key again.  Note the form_key has already been
successfully verified by the original call into login_box(), prior to calling
into check_ban() and attempting to recursively call login_box().  So the
protection of why check_form_key() was added is still intact with this change.

PHPBB3-16066
2019-07-28 12:25:54 -05:00
Marc Alexander
2df9230902 Merge branch '3.2.x' into 3.3.x 2019-07-28 17:18:40 +02:00
Marc Alexander
f567b2bb69 Merge pull request #5459 from mrgoldy/ticket/15886
[ticket/15886] Group helper functions
2019-07-28 15:31:09 +02:00
Marc Alexander
c382536f47 Merge branch '3.2.x' into 3.3.x 2019-07-23 21:18:27 +02:00
Marc Alexander
b59e101d8d Merge pull request #5610 from espipj/ticket/16070
[ticket/16070] Remove support for WebSTAR and Xitami
2019-07-23 21:18:22 +02:00
Marc Alexander
b5e6f34cd9 Merge branch '3.2.x' into 3.3.x 2019-07-23 21:08:54 +02:00
Jakub Senko
90dcd1a0f4 [ticket/16089] Add core.confirm_box_ajax_before
PHPBB3-16089
2019-07-22 08:19:32 +02:00
Marc Alexander
30f8e5d638 [ticket/16101] Add Referrer-Policy header to phpBB's headers
PHPBB3-16101
2019-07-20 09:43:24 +02:00
espipj
0c3ff0419c [ticket/16070] Remove unused code
PHPBB3-16070
2019-05-27 21:26:44 +01:00
rubencm
6643c904d5 [ticket/12629] Rename errors_show to show_errors
PHPBB3-12629
2019-05-09 21:23:58 +02:00
Rubén Calvo
ba088f6bdc [ticket/12629] Add debug.errors_show
PHPBB3-12629
2019-05-09 21:22:52 +02:00
Jakub Senko
4f402465bf [ticket/12628] Introduce debug.memory
Also fix one debug.sql_explain missing from the previous PR

PHPBB3-12628
2019-05-09 19:02:14 +02:00
Rubén Calvo
7c26569d93 [ticket/15413] Login redirect to previous page
PHPBB3-15413
2019-05-09 18:59:30 +02:00
Jakub Senko
139eb17bb7 [ticket/12624] Add debug.load_time parameter
PHPBB3-12624
2019-05-09 18:40:15 +02:00
Jakub Senko
b4d4336ef4 [ticket/12627] Add debug.sql_explain parameter
PHPBB3-12627
2019-05-09 18:29:22 +02:00
Máté Bartus
7a831c3e28 [ticket/14548] Move deprecated globals and functions
PHPBB3-14584
2019-05-06 21:26:55 +02:00
Marc Alexander
4b6bdbe558 [ticket/16042] Adjust positioning and add comment to overwrite
PHPBB3-16042
2019-05-02 21:29:11 +02:00
Marc Alexander
3c822556c1 [ticket/16042] Use S_LOGIN_REDIRECT to output login form token
PHPBB3-16042
2019-05-02 21:21:07 +02:00
rubencm
540a6b7d2e [ticket/16036] Add S_FORM_TOKEN_LOGIN to all login forms
PHPBB3-16036
2019-04-29 16:13:26 +00:00
Marc Alexander
f75dd1628c Merge pull request #48 from phpbb/ticket/security/228
[ticket/security/228] Add form token to login box
2019-04-27 13:26:36 +02:00
Derky
b836898016 [ticket/security/228] Add form token to login box
SECURITY-228
2019-04-26 12:11:52 +02:00
Marc Alexander
c8ff4b4109 Merge pull request #5513 from mrgoldy/ticket/15942
[ticket/15942] Allow array in confirm_box title
2019-04-17 09:26:11 +02:00
Marc Alexander
0e38bebaa5 [ticket/15942] Add language to compatibility globals & use in confirm_box
PHPBB3-15942
2019-04-17 08:22:44 +02:00
mrgoldy
a16ebf04d3 [ticket/15942] Past tense
PHPBB3-15942
2019-04-16 10:38:26 +02:00
mrgoldy
2131adac5c [ticket/15942] Update DocBlock
PHPBB3-15942
2019-04-16 10:15:01 +02:00
3D-I
8e8fa203b9 [ticket/15972] Let the event be triggered
Removes old coding which is there just to save a few iterations.

PHPBB3-15972
2019-02-26 23:56:28 +01:00
3D-I
2cd574321f [ticket/15972] Add core.markread_after
PHPBB3-15972
2019-02-20 19:57:56 +01:00
mrgoldy
3f4b7059cb [ticket/15942] Allow array in confirm_box title
PHPBB3-15942
2019-01-15 20:50:37 +01:00
mrgoldy
50cec4d54c [ticket/15886] Change phpbb_get_group_avatar variable names
PHPBB3-15886
2018-12-30 14:15:03 +01:00
Ruben Calvo
31703585cb [ticket/15860] Unique_id() return 16 characters again
PHPBB3-15860
2018-10-31 10:41:57 +00:00
Ruben Calvo
1f14f7c327 [ticket/15860] Fix format of backup files
PHPBB3-15860
2018-10-30 11:18:34 +00:00
Marc Alexander
2fcf49c839 Merge pull request #5381 from senky/ticket/15616
[ticket/15616] Remove jumpbox from login_forum.html
2018-10-13 16:31:02 -07:00
Marc Alexander
40332ecfcc Merge pull request #5374 from senky/ticket/15758
[ticket/15758] Show translated msg for INSECURE_REDIRECT
2018-10-10 22:49:08 +02:00
Marc Alexander
6087f0347c Merge pull request #5377 from senky/ticket/15700
[ticket/15700] Use correct T_THEME_LANG_NAME
2018-10-09 22:58:32 +02:00
Marc Alexander
6e61804e45 Merge pull request #5370 from senky/ticket/15805
[ticket/15805] Add result to core.login_box_redirect
2018-10-08 22:27:55 +02:00
Jakub Senko
d29d4389f9 [ticket/15758] Show translated msg for INSECURE_REDIRECT
PHPBB3-15758
2018-09-28 12:27:55 +02:00
Jakub Senko
f82e0a83d1 [ticket/15616] Add jumpbox to login_forum.html
PHPBB3-15616
2018-09-26 16:29:43 +02:00
Jakub Senko
dab4c10c2f [ticket/15700] Use correct T_THEME_LANG_NAME
PHPBB3-15700
2018-09-25 15:24:34 +02:00
Jakub Senko
1d0fdc446f [ticket/15805] Add result to core.login_box_redirect
PHPBB3-15805
2018-09-24 16:09:51 +02:00
Rubén Calvo
ced8599e30 [ticket/15723] Rewrite unique_id too
PHPBB3-15723
2018-08-08 20:36:16 +02:00
Rubén Calvo
ffcfec044b [ticket/15723] Rewrite gen_rand_string() and gen_rand_string_friendly()
PHPBB3-15723
2018-07-14 11:42:32 +02:00
Tristan Darricau
078d076526 Merge pull request #5253 from senky/ticket/15618
[ticket/15618] Display The team link only to users with permission

* github.com:/phpbb/phpbb:
  [ticket/15618] Display The team link only to users with permission
2018-07-08 18:41:04 +02:00
Tristan Darricau
bc7b998632 Merge branch 'prep-release-3.2.3' into 3.2.x
* prep-release-3.2.3:
  [ticket/15676] Use paragraphs and classes as suggested by hanakin
  [ticket/15676] Use twig syntax
  [ticket/15676] Simplify link text and use privacy link in cookie notice
  [ticket/15676] Display privacy notice in footer & allow overriding U_PRIVACY
2018-07-08 17:38:27 +02:00
Rubén Calvo
d4d8aec02a [ticket/15695] Fix gen_rand_string returning less characters than expected
PHPBB3-15695
2018-06-18 22:38:14 +02:00
Jakub Senko
c61b9358ff [ticket/15618] Display The team link only to users with permission
PHPBB3-15618
2018-06-18 12:55:24 +02:00
Marc Alexander
9e50e52fa5 [ticket/15693] Update tests to reflect changes to gen_rand_string()
PHPBB3-15693
2018-06-17 11:01:11 +02:00
Rubén Calvo
f75c400db4 [ticket/15693] Fix get_rand_string()
PHPBB3-15693
2018-06-15 19:22:35 +02:00
Marc Alexander
25a46ef4b3 [ticket/15676] Simplify link text and use privacy link in cookie notice
PHPBB3-15676
2018-05-31 22:15:36 +02:00