Code commits
phpBB Rhea
-
Marc 1d523531b52c5b7019db348e2bc573c18c92e1d7
Merge branch '3.1.x' into 3.2.x
-
Marc 53f186d96bc6dd3c5870201562116e17d008d64b
Merge branch 'prep-release-3.2.1' into 3.2.x
-
Marc 5216bf44838f8395d27b3df4ec1641a6407cb466 m
[prep-release-3.2.1] Add missing .htaccess file
- phpBB/phpbb/db/migration/data/v32x/.htaccess (version 5216bf44838f8395d27b3df4ec1641a6407cb466)
-
Marc c56ebb53125676c7962c1547a649c982aef60664 m
Merge branch 'prep-release-3.1.11' into prep-release-3.2.1
-
Marc d490190a99a137ab2a4c33f9ced4945614319855 m
Merge pull request #4864 from lavigor/ticket/15259
[ticket/15259] Fatal error on SQLite/Oracle database update -
Marc 337c8451e750fe89b9a8eb0b461db1a5699ca005 m
Merge pull request #4865 from JoshyPHP/ticket/15261
[ticket/15261] Fix censoring HTML tags -
Marc 4b733426698760801ff2b8ce3ce077c16732d4ef m
[prep-release-3.2.1] Add migration for 3.2.1
- phpBB/phpbb/db/migration/data/v32x/v321.php (version 4b733426698760801ff2b8ce3ce077c16732d4ef)
-
Marc 0e505c6fc7f0a5440eaeaf43f493077b02356b02 m
[prep-release-3.2.1] Update versions for 3.2.1
- build/build.xml (version 0e505c6fc7f0a5440eaeaf43f493077b02356b02)
- phpBB/includes/constants.php (version 0e505c6fc7f0a5440eaeaf43f493077b02356b02)
- phpBB/install/schemas/schema_data.sql (version 0e505c6fc7f0a5440eaeaf43f493077b02356b02)
-
Marc 5b21903e66731d85e12632fe38651301a34a8240 m
[ticket/security/210] Fix tests for 3.2.x
SECURITY-210- tests/avatar/manager_test.php (version 5b21903e66731d85e12632fe38651301a34a8240)
-
Marc 05513b96a4ab045b92376cd24cf96b27bf6b55c8 m
Merge pull request #39 from phpbb/ticket/security/210-rhea
[ticket/security/210] Prevent using IP addresses or ports for remote avatar -- Rhea -
Marc 34e9b4d0660151fffe60291ad4c51359af3c7dd9 m
Merge pull request #35 from phpbb/ticket/security-203-rhea
[ticket/security-203] Fully validate version check data in version helper -- Rhea -
Marc 6f897568daef94545e61f361b2b4f77023a50a28 m
Merge pull request #30 from phpbb/ticket/security-181-rhea
[ticket/security-181] Harden protection of migrations files and other directories -
Marc 65aaef1f83920fc25266fbea5608427bb930f329 m
Merge branch 'prep-release-3.1.11' into 3.1.x
-
Marc 149375253685b3a38996f63015a74b7a0f53aa14 m
[prep-release-3.1.11] Add migration for 3.1.11
- phpBB/phpbb/db/migration/data/v31x/v3111.php (version 149375253685b3a38996f63015a74b7a0f53aa14)
-
Marc 3df3cb87c5066b6913619c18f8f612677c3e6ec4 m
[prep-release-3.1.11] Update version numbers to 3.1.11
- build/build.xml (version 3df3cb87c5066b6913619c18f8f612677c3e6ec4)
- phpBB/includes/constants.php (version 3df3cb87c5066b6913619c18f8f612677c3e6ec4)
- phpBB/install/schemas/schema_data.sql (version 3df3cb87c5066b6913619c18f8f612677c3e6ec4)
-
Marc 0b405a2cdc108a42a3d1d49218b733a76f6c2237 m
Merge pull request #38 from phpbb/ticket/security/210
[ticket/security/210] Prevent using IP addresses or ports for remote avatar -
Marc 4ed45c4e1276335ff6581a4db58b0173c9905528 m
Merge pull request #32 from phpbb/ticket/security-203
[ticket/security-203] Fully validate version check data in version helper -
Marc c99820eb6b13e928fdc2138840e0ec77cd4fe6c9 m
Merge pull request #29 from phpbb/ticket/security-181
[ticket/security-181] Harden protection of migrations files and other directories -
Marc 0ec5e2197908d69bfa18a0e257131e967cd96ec4 m
Merge pull request #37 from phpbb/ticket/security/208
[ticket/security/208] Add form key to password reset form -
Marc c1d835b6b4a8d1cc987842725e3442b627f81796 m
Merge pull request #36 from phpbb/ticket/security/124
[ticket/security/124] Filter out disallowed search query items -
Marc e7be47c93d5fc6488005d95ac7598af5f4817bb3 m
Merge branch 'ticket/security/210' into ticket/security/210-rhea
-
Marc fa631947f15754a50379598d83cb237bbfac2cca m
[ticket/security/210] Adjust regex and add tests for IPv6
SECURITY-210- phpBB/phpbb/avatar/driver/remote.php (version fa631947f15754a50379598d83cb237bbfac2cca)
- phpBB/phpbb/avatar/driver/upload.php (version fa631947f15754a50379598d83cb237bbfac2cca)
- tests/avatar/manager_test.php (version fa631947f15754a50379598d83cb237bbfac2cca)
-
Marc 3fc3f55d349c9022de28fed85c3bfa2d317c5075 m
Merge branch 'ticket/security/210' into ticket/security/210-rhea
-
Marc a281d526dc6cf48011c1d9e04399848f7c0c08c2 m
[ticket/security/210] Prevent using IP addresses or ports for remote avatar
SECURITY-210- phpBB/phpbb/avatar/driver/remote.php (version a281d526dc6cf48011c1d9e04399848f7c0c08c2)
- phpBB/phpbb/avatar/driver/upload.php (version a281d526dc6cf48011c1d9e04399848f7c0c08c2)
- tests/avatar/manager_test.php (version a281d526dc6cf48011c1d9e04399848f7c0c08c2)
-
lavigor <lavigor@users.noreply.github.com> 24bde10028a1a7d8d479e2a381bec047485b4273 m
[ticket/15259] Fatal error on SQLite/Oracle database update
Add a test.
PHPBB3-15259- tests/dbal/db_tools_test.php (version 24bde10028a1a7d8d479e2a381bec047485b4273)
-
JoshyPHP <s9e.dev@gmail.com> 329e5c5e052588b0f22c9046b9fbc19c9e551c81 m
[ticket/15261] Fix censoring HTML tags
PHPBB3-15261- phpBB/composer.json (version 329e5c5e052588b0f22c9046b9fbc19c9e551c81)
- phpBB/composer.lock (version 329e5c5e052588b0f22c9046b9fbc19c9e551c81)
- phpBB/phpbb/textformatter/s9e/renderer.php (version 329e5c5e052588b0f22c9046b9fbc19c9e551c81)
- tests/text_processing/tickets_data/PHPBB3-15261.html (version 329e5c5e052588b0f22c9046b9fbc19c9e551c81)
- tests/text_processing/tickets_data/PHPBB3-15261.txt (version 329e5c5e052588b0f22c9046b9fbc19c9e551c81)
- tests/text_processing/tickets_data/PHPBB3-15261.xml (version 329e5c5e052588b0f22c9046b9fbc19c9e551c81)
-
lavigor <lavigor@users.noreply.github.com> b7ce395fbe6e2087a400487cb2431dc9ea66b8a9 m
[ticket/15259] Fatal error on SQLite/Oracle database update
PHPBB3-15259- phpBB/phpbb/db/tools/tools.php (version b7ce395fbe6e2087a400487cb2431dc9ea66b8a9)
-
Marc 41df4d3c4c2d387a5382c132219115891d78ed60 m
[ticket/security/208] Add form key to password reset form
SECURITY-208- phpBB/includes/ucp/ucp_remind.php (version 41df4d3c4c2d387a5382c132219115891d78ed60)
-
Marc 4303ae9ae6910d848af92a50bf51c4e43accae73 m
[ticket/security/124] Filter out disallowed search query items
SECURITY-124- phpBB/phpbb/search/fulltext_mysql.php (version 4303ae9ae6910d848af92a50bf51c4e43accae73)
-
Marc 93ca17f07a574e3a8e1ed2879387788085836fa8 m
Merge branch 'ticket/security-181' into ticket/security-181-rhea
-
Marc 1dea4625d0f958787c6357bef84a6d7a5453fe5f m
[ticket/security-181] Update wording in INSTALL.html
SECURITY-181- phpBB/docs/INSTALL.html (version 1dea4625d0f958787c6357bef84a6d7a5453fe5f)
-
Marc d63b644b2b976b6b067f779af91cc7699c4bd522 m
Merge branch 'ticket/security-203' into ticket/security-203-rhea
-
Marc 90a77ba9d3e97718e9da7d1ee95ece4e756d26b7 m
[ticket/security-203] Allow more characters for branch names
SECURITY-203- phpBB/phpbb/version_helper.php (version 90a77ba9d3e97718e9da7d1ee95ece4e756d26b7)
-
Marc ad251e4590744b0927019ae935c92c7101aa7678 m
[ticket/security-203] Do not add null values to versions info
Also stopped using reference for validate_versions() method argument.
SECURTIY-203- phpBB/phpbb/version_helper.php (version ad251e4590744b0927019ae935c92c7101aa7678)
- tests/version/version_helper_remote_test.php (version ad251e4590744b0927019ae935c92c7101aa7678)
-
Marc 658820654f5789a786a5537c1b43991744b83d2c m
[ticket/security-203] Fully validate version check data in version helper
This will also take care of SECURITY-204 as it's the same underlying issue.
Admins still need to ensure they don't visit malicious sites for URLs
provided by extensions.
SECURITY-203- phpBB/includes/functions.php (version 658820654f5789a786a5537c1b43991744b83d2c)
- phpBB/language/en/acp/common.php (version 658820654f5789a786a5537c1b43991744b83d2c)
- phpBB/phpbb/version_helper.php (version 658820654f5789a786a5537c1b43991744b83d2c)
- tests/version/version_helper_remote_test.php (version 658820654f5789a786a5537c1b43991744b83d2c)
-
Marc 78c2e31ec2cab20f5fc0555706b27b63ad7d9437 m
[ticket/security-181] Add .htaccess to 3.2.x migrations
SECURITY-181- phpBB/phpbb/db/migration/data/v320/.htaccess (version 78c2e31ec2cab20f5fc0555706b27b63ad7d9437)
-
Marc a2953cb10c6f9318868b8727dd9e86cf419ff66c m
Merge branch 'ticket/security-181' into ticket/security-181-rhea
-
Marc 44dd1ef9842c83f7ba4a37bf4a17489d5fe73991 m
[ticket/security-181] Update INSTALL.html to ask for more secure apache config
SECURITY-181- phpBB/docs/INSTALL.html (version 44dd1ef9842c83f7ba4a37bf4a17489d5fe73991)
- phpBB/docs/assets/css/stylesheet.css (version 44dd1ef9842c83f7ba4a37bf4a17489d5fe73991)
-
Marc 7ba9b06881ddd70bd3b10e2785b91908e851cdaa m
[ticket/security-181] Port .htaccess changes to other webserver types
SECURITY-181- phpBB/docs/lighttpd.sample.conf (version 7ba9b06881ddd70bd3b10e2785b91908e851cdaa)
- phpBB/docs/nginx.sample.conf (version 7ba9b06881ddd70bd3b10e2785b91908e851cdaa)
- phpBB/web.config (version 7ba9b06881ddd70bd3b10e2785b91908e851cdaa)
-
Marc 61683f895cff778d722175a8e5ddd2a5facbc42f m
[ticket/security-181] Deny access to migrations folders
SECURITY-181- phpBB/phpbb/db/migration/data/v30x/.htaccess (version 61683f895cff778d722175a8e5ddd2a5facbc42f)
- phpBB/phpbb/db/migration/data/v310/.htaccess (version 61683f895cff778d722175a8e5ddd2a5facbc42f)
- phpBB/phpbb/db/migration/data/v31x/.htaccess (version 61683f895cff778d722175a8e5ddd2a5facbc42f)
