diff options
-rw-r--r-- | phpBB/includes/acp/acp_groups.php | 18 | ||||
-rw-r--r-- | phpBB/includes/functions_user.php | 27 | ||||
-rw-r--r-- | phpBB/includes/ucp/ucp_groups.php | 7 | ||||
-rw-r--r-- | phpBB/language/en/common.php | 1 | ||||
-rw-r--r-- | phpBB/styles/prosilver/template/ucp_groups_manage.html | 2 | ||||
-rw-r--r-- | tests/functional/acp_groups_test.php | 21 | ||||
-rw-r--r-- | tests/functional/common_groups_test.php | 55 | ||||
-rw-r--r-- | tests/functional/ucp_groups_test.php | 21 |
8 files changed, 145 insertions, 7 deletions
diff --git a/phpBB/includes/acp/acp_groups.php b/phpBB/includes/acp/acp_groups.php index beb7aefee5..83c355540e 100644 --- a/phpBB/includes/acp/acp_groups.php +++ b/phpBB/includes/acp/acp_groups.php @@ -413,13 +413,21 @@ class acp_groups } } - // Validate the length of "Maximum number of allowed recipients per private message" setting. - // We use 16777215 as a maximum because it matches MySQL unsigned mediumint maximum value - // which is the lowest amongst DBMSes supported by phpBB3 - if ($max_recipients_error = validate_data($submit_ary, array('max_recipients' => array('num', false, 0, 16777215)))) + /* + * Validate the length of "Maximum number of allowed recipients per + * private message" setting. We use 16777215 as a maximum because it matches + * MySQL unsigned mediumint maximum value which is the lowest amongst DBMSes + * supported by phpBB3. Also validate the submitted colour value. + */ + $validation_checks = array( + 'max_recipients' => array('num', false, 0, 16777215), + 'colour' => array('hex_colour', true), + ); + + if ($validation_error = validate_data($submit_ary, $validation_checks)) { // Replace "error" string with its real, localised form - $error = array_merge($error, array_map(array(&$user, 'lang'), $max_recipients_error)); + $error = array_merge($error, array_map(array(&$user, 'lang'), $validation_error)); } if (!sizeof($error)) diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php index 5a6a0b4a05..61972c3876 100644 --- a/phpBB/includes/functions_user.php +++ b/phpBB/includes/functions_user.php @@ -1247,8 +1247,9 @@ function validate_data($data, $val_ary) { $function = array_shift($validate); array_unshift($validate, $data[$var]); + $function_prefix = (function_exists('phpbb_validate_' . $function)) ? 'phpbb_validate_' : 'validate'; - if ($result = call_user_func_array('validate_' . $function, $validate)) + if ($result = call_user_func_array($function_prefix . $function, $validate)) { // Since errors are checked later for their language file existence, we need to make sure custom errors are not adjusted. $error[] = (empty($user->lang[$result . '_' . strtoupper($var)])) ? $result : $result . '_' . strtoupper($var); @@ -1899,6 +1900,30 @@ function validate_jabber($jid) } /** +* Validate hex colour value +* +* @param string $colour The hex colour value +* @param bool $optional Whether the colour value is optional. True if an empty +* string will be accepted as correct input, false if not. +* @return bool|string Error message if colour value is incorrect, false if it +* fits the hex colour code +*/ +function phpbb_validate_hex_colour($colour, $optional = false) +{ + if (empty($colour)) + { + return (($optional) ? false : 'WRONG_DATA'); + } + + if (!preg_match('/^([0-9a-fA-F]{6}|[0-9a-fA-F]{3})$/', $colour)) + { + return 'WRONG_DATA'; + } + + return false; +} + +/** * Verifies whether a style ID corresponds to an active style. * * @param int $style_id The style_id of a style which should be checked if activated or not. diff --git a/phpBB/includes/ucp/ucp_groups.php b/phpBB/includes/ucp/ucp_groups.php index d62dbb1866..9365913541 100644 --- a/phpBB/includes/ucp/ucp_groups.php +++ b/phpBB/includes/ucp/ucp_groups.php @@ -595,6 +595,13 @@ class ucp_groups $error[] = $user->lang['FORM_INVALID']; } + // Validate submitted colour value + if ($colour_error = validate_data($submit_ary, array('colour' => array('hex_colour', true)))) + { + // Replace "error" string with its real, localised form + $error = array_merge($error, array_map(array(&$user, 'lang'), $colour_error)); + } + if (!sizeof($error)) { // Only set the rank, colour, etc. if it's changed or if we're adding a new diff --git a/phpBB/language/en/common.php b/phpBB/language/en/common.php index baf398b146..c986e8213d 100644 --- a/phpBB/language/en/common.php +++ b/phpBB/language/en/common.php @@ -722,6 +722,7 @@ $lang = array_merge($lang, array( 'WHO_IS_ONLINE' => 'Who is online', 'WRONG_PASSWORD' => 'You entered an incorrect password.', + 'WRONG_DATA_COLOUR' => 'The colour value you entered is invalid.', 'WRONG_DATA_ICQ' => 'The number you entered is not a valid ICQ number.', 'WRONG_DATA_JABBER' => 'The name you entered is not a valid Jabber account name.', 'WRONG_DATA_LANG' => 'The language you specified is not valid.', diff --git a/phpBB/styles/prosilver/template/ucp_groups_manage.html b/phpBB/styles/prosilver/template/ucp_groups_manage.html index a58829f99f..c90461312e 100644 --- a/phpBB/styles/prosilver/template/ucp_groups_manage.html +++ b/phpBB/styles/prosilver/template/ucp_groups_manage.html @@ -54,7 +54,7 @@ <fieldset> <dl> <dt><label for="group_colour">{L_GROUP_COLOR}:</label><br /><span>{L_GROUP_COLOR_EXPLAIN}</span></dt> - <dd><input name="group_colour" type="text" id="group_colour" value="{GROUP_COLOUR}" size="7" maxlength="7" class="inputbox narrow" /> <span style="background-color: {GROUP_COLOUR};"> </span> [ <a href="{U_SWATCH}" onclick="popup(this.href, 636, 150, '_swatch'); return false;">{L_COLOUR_SWATCH}</a> ]</dd> + <dd><input name="group_colour" type="text" id="group_colour" value="{GROUP_COLOUR}" size="6" maxlength="6" class="inputbox narrow" /> <span style="background-color: {GROUP_COLOUR};"> </span> [ <a href="{U_SWATCH}" onclick="popup(this.href, 636, 150, '_swatch'); return false;">{L_COLOUR_SWATCH}</a> ]</dd> </dl> <dl> <dt><label for="group_rank">{L_GROUP_RANK}:</label></dt> diff --git a/tests/functional/acp_groups_test.php b/tests/functional/acp_groups_test.php new file mode 100644 index 0000000000..3d8cabb086 --- /dev/null +++ b/tests/functional/acp_groups_test.php @@ -0,0 +1,21 @@ +<?php +/** +* +* @package testing +* @copyright (c) 2013 phpBB Group +* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2 +* +*/ + +require_once dirname(__FILE__) . '/common_groups_test.php'; + +/** +* @group functional +*/ +class phpbb_functional_acp_groups_test extends phpbb_functional_common_groups_test +{ + protected function get_url() + { + return 'adm/index.php?i=groups&mode=manage&action=edit'; + } +} diff --git a/tests/functional/common_groups_test.php b/tests/functional/common_groups_test.php new file mode 100644 index 0000000000..02a538d46e --- /dev/null +++ b/tests/functional/common_groups_test.php @@ -0,0 +1,55 @@ +<?php +/** +* +* @package testing +* @copyright (c) 2013 phpBB Group +* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2 +* +*/ + +/** +* @group functional +*/ +abstract class phpbb_functional_common_groups_test extends phpbb_functional_test_case +{ + abstract protected function get_url(); + + public function groups_manage_test_data() + { + return array( + array('#AA0000', 'WRONG_DATA_COLOUR'), + array('AA0000', 'GROUP_UPDATED'), + array('AA0000v', 'WRONG_DATA_COLOUR'), + array('AA00000', 'WRONG_DATA_COLOUR'), + array('vAA0000', 'WRONG_DATA_COLOUR'), + array('AAG000','WRONG_DATA_COLOUR'), + array('a00', 'GROUP_UPDATED'), + array('ag0', 'WRONG_DATA_COLOUR'), + array('#aa0', 'WRONG_DATA_COLOUR'), + array('AA0000 ', 'GROUP_UPDATED'), + array('AA0000 abf', 'WRONG_DATA_COLOUR'), + array('AA0000 AA0000', 'WRONG_DATA_COLOUR'), + array('', 'GROUP_UPDATED'), + array('000', 'GROUP_UPDATED'), + array('000000', 'GROUP_UPDATED'), + ); + } + + /** + * @dataProvider groups_manage_test_data + */ + public function test_groups_manage($input, $expected) + { + $this->login(); + $this->admin_login(); + $this->add_lang(array('ucp', 'acp/groups')); + + // Manage Administrators group + $crawler = $this->request('GET', $this->get_url() . '&g=5&sid=' . $this->sid); + $this->assert_response_success(); + $form = $crawler->selectButton($this->lang('SUBMIT'))->form(); + $form['group_colour']->setValue($input); + $crawler = $this->client->submit($form); + $this->assertContains($this->lang($expected), $crawler->text()); + } +} diff --git a/tests/functional/ucp_groups_test.php b/tests/functional/ucp_groups_test.php new file mode 100644 index 0000000000..9c6b1edc5e --- /dev/null +++ b/tests/functional/ucp_groups_test.php @@ -0,0 +1,21 @@ +<?php +/** +* +* @package testing +* @copyright (c) 2013 phpBB Group +* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2 +* +*/ + +require_once dirname(__FILE__) . '/common_groups_test.php'; + +/** +* @group functional +*/ +class phpbb_functional_ucp_groups_test extends phpbb_functional_common_groups_test +{ + protected function get_url() + { + return 'ucp.php?i=groups&mode=manage&action=edit'; + } +} |