From 23bdb2eedebee5a625ba35baf3098566bb966127 Mon Sep 17 00:00:00 2001
From: Tristan Darricau <github@nicofuma.fr>
Date: Tue, 19 Apr 2016 12:03:32 +0200
Subject: [PATCH 1/3] [ticket/security-196] Escapes the exception messages
 before displaying them

SECURITY-196
---
 phpBB/phpbb/event/kernel_exception_subscriber.php | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/phpBB/phpbb/event/kernel_exception_subscriber.php b/phpBB/phpbb/event/kernel_exception_subscriber.php
index eb7831ad34..34c8422b0a 100644
--- a/phpBB/phpbb/event/kernel_exception_subscriber.php
+++ b/phpBB/phpbb/event/kernel_exception_subscriber.php
@@ -34,6 +34,9 @@ class kernel_exception_subscriber implements EventSubscriberInterface
 	*/
 	protected $user;
 
+	/** @var \phpbb\request\type_cast_helper */
+	protected $type_caster;
+
 	/**
 	* Construct method
 	*
@@ -44,6 +47,7 @@ class kernel_exception_subscriber implements EventSubscriberInterface
 	{
 		$this->template = $template;
 		$this->user = $user;
+		$this->type_caster = new \phpbb\request\type_cast_helper();
 	}
 
 	/**
@@ -57,6 +61,7 @@ class kernel_exception_subscriber implements EventSubscriberInterface
 		$exception = $event->getException();
 
 		$message = $exception->getMessage();
+		$this->type_caster->set_var($message, $message, 'string', false, false);
 
 		if ($exception instanceof \phpbb\exception\exception_interface)
 		{

From cb226f83be87bf3d3695c53f1c48b71795cceff4 Mon Sep 17 00:00:00 2001
From: Marc Alexander <admin@m-a-styles.de>
Date: Sat, 1 Oct 2016 16:38:35 +0100
Subject: [PATCH 2/3] [prep-release-3.1.10] Update version numbers for 3.1.10

---
 build/build.xml                       | 2 +-
 phpBB/includes/constants.php          | 2 +-
 phpBB/install/schemas/schema_data.sql | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/build/build.xml b/build/build.xml
index 100795663b..cc29aec654 100644
--- a/build/build.xml
+++ b/build/build.xml
@@ -2,7 +2,7 @@
 
 <project name="phpBB" description="The phpBB forum software" default="all" basedir="../">
 	<!-- a few settings for the build -->
-	<property name="newversion" value="3.1.11-dev" />
+	<property name="newversion" value="3.1.10" />
 	<property name="prevversion" value="3.1.9" />
 	<property name="olderversions" value="3.0.14, 3.1.0, 3.1.1, 3.1.2, 3.1.3, 3.1.4, 3.1.5, 3.1.6, 3.1.7, 3.1.7-pl1, 3.1.8" />
 	<!-- no configuration should be needed beyond this point -->
diff --git a/phpBB/includes/constants.php b/phpBB/includes/constants.php
index cafb819ffc..23839e3d9a 100644
--- a/phpBB/includes/constants.php
+++ b/phpBB/includes/constants.php
@@ -28,7 +28,7 @@ if (!defined('IN_PHPBB'))
 */
 
 // phpBB Version
-define('PHPBB_VERSION', '3.1.11-dev');
+define('PHPBB_VERSION', '3.1.10');
 
 // QA-related
 // define('PHPBB_QA', 1);
diff --git a/phpBB/install/schemas/schema_data.sql b/phpBB/install/schemas/schema_data.sql
index e13b23e4c4..3449829d8c 100644
--- a/phpBB/install/schemas/schema_data.sql
+++ b/phpBB/install/schemas/schema_data.sql
@@ -273,7 +273,7 @@ INSERT INTO phpbb_config (config_name, config_value) VALUES ('tpl_allow_php', '0
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('upload_icons_path', 'images/upload_icons');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('upload_path', 'files');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('use_system_cron', '0');
-INSERT INTO phpbb_config (config_name, config_value) VALUES ('version', '3.1.11-dev');
+INSERT INTO phpbb_config (config_name, config_value) VALUES ('version', '3.1.10');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('warnings_expire_days', '90');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('warnings_gc', '14400');
 

From 71e632b9f021ca5df3479e86d2a40130c6458641 Mon Sep 17 00:00:00 2001
From: Marc Alexander <admin@m-a-styles.de>
Date: Sat, 1 Oct 2016 16:39:04 +0100
Subject: [PATCH 3/3] [prep-release-3.1.10] Add 3.1.10 migration

---
 phpBB/phpbb/db/migration/data/v31x/v3110.php | 36 ++++++++++++++++++++
 1 file changed, 36 insertions(+)
 create mode 100644 phpBB/phpbb/db/migration/data/v31x/v3110.php

diff --git a/phpBB/phpbb/db/migration/data/v31x/v3110.php b/phpBB/phpbb/db/migration/data/v31x/v3110.php
new file mode 100644
index 0000000000..b89b4cc6e6
--- /dev/null
+++ b/phpBB/phpbb/db/migration/data/v31x/v3110.php
@@ -0,0 +1,36 @@
+<?php
+/**
+*
+* This file is part of the phpBB Forum Software package.
+*
+* @copyright (c) phpBB Limited <https://www.phpbb.com>
+* @license GNU General Public License, version 2 (GPL-2.0)
+*
+* For full copyright and license information, please see
+* the docs/CREDITS.txt file.
+*
+*/
+
+namespace phpbb\db\migration\data\v31x;
+
+class v3110 extends \phpbb\db\migration\migration
+{
+	public function effectively_installed()
+	{
+		return phpbb_version_compare($this->config['version'], '3.1.10', '>=');
+	}
+
+	static public function depends_on()
+	{
+		return array(
+			'\phpbb\db\migration\data\v31x\v3110rc1',
+		);
+	}
+
+	public function update_data()
+	{
+		return array(
+			array('config.update', array('version', '3.1.10')),
+		);
+	}
+}