Build #67

Plan branch:

Build: #67 failed Changes by nicofuma

Code commits

phpBB Rhea

  • nicofuma

    nicofuma 19bbbfe0f3e9898f2ee8d8d392ecf2584dafce86

    Merge branch '3.1.x' into 3.2.x
    * 3.1.x:
      [ticket/14789] Add form tokens to tests and uncomment add_form_key
      [ticket/14789] Add link hashes and form tokens to all acp links/buttons

  • nicofuma

    nicofuma bc08813866a4496b88777a5d152f601ac521fef1 m

    Merge pull request #4452 from marc1706/ticket/14789
    [ticket/14789] Further harden ACP link and form checks

    * marc1706/ticket/14789:
      [ticket/14789] Add form tokens to tests and uncomment add_form_key
      [ticket/14789] Add link hashes and form tokens to all acp links/buttons

  • Marc

    Marc 72f6241aa2c6d129c8c49380d84fd915d589aa6c m

    [ticket/14789] Add form tokens to tests and uncomment add_form_key
    PHPBB3-14789

    • phpBB/includes/acp/acp_search.php (version 72f6241aa2c6d129c8c49380d84fd915d589aa6c)
    • tests/functional/search/base.php (version 72f6241aa2c6d129c8c49380d84fd915d589aa6c)
  • Marc

    Marc 585a3ed863c267f36584a3fb9a0cf35f6a2e4c2d m

    [ticket/14789] Add link hashes and form tokens to all acp links/buttons
    This will further harden the ACP security by adding link hashes to links and
    form tokens to forms that did not have these yet and result in modified
    settings or write action on the filesystem or database. These few links and
    forms were still relying on the global ACP protection, mainly due to them
    not posing further risks of compromising data. After this change these will
    now also be properly protected against tampering.

    PHPBB3-14789

    • phpBB/includes/acp/acp_database.php (version 585a3ed863c267f36584a3fb9a0cf35f6a2e4c2d)
    • phpBB/includes/acp/acp_icons.php (version 585a3ed863c267f36584a3fb9a0cf35f6a2e4c2d)
    • phpBB/includes/acp/acp_language.php (version 585a3ed863c267f36584a3fb9a0cf35f6a2e4c2d)
    • phpBB/includes/acp/acp_modules.php (version 585a3ed863c267f36584a3fb9a0cf35f6a2e4c2d)
    • phpBB/includes/acp/acp_permission_roles.php (version 585a3ed863c267f36584a3fb9a0cf35f6a2e4c2d)
    • phpBB/includes/acp/acp_profile.php (version 585a3ed863c267f36584a3fb9a0cf35f6a2e4c2d)
    • phpBB/includes/acp/acp_reasons.php (version 585a3ed863c267f36584a3fb9a0cf35f6a2e4c2d)
    • phpBB/includes/acp/acp_search.php (version 585a3ed863c267f36584a3fb9a0cf35f6a2e4c2d)