From d668f3a3c335b67b3c9aa59e3e0db16dcad9c721 Mon Sep 17 00:00:00 2001
From: rubencm <rubencm@gmail.com>
Date: Mon, 3 Feb 2020 00:44:44 +0000
Subject: [PATCH 1/4] [ticket/16352] Deprecate a few function/classes

PHPBB3-16352
---
 phpBB/includes/functions.php               | 43 ---------------------
 phpBB/includes/functions_compatibility.php | 45 ++++++++++++++++++++++
 phpBB/phpbb/php/ini.php                    |  1 +
 3 files changed, 46 insertions(+), 43 deletions(-)

diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php
index c9f589c174..eb120de7a4 100644
--- a/phpBB/includes/functions.php
+++ b/phpBB/includes/functions.php
@@ -20,49 +20,6 @@ if (!defined('IN_PHPBB'))
 }
 
 // Common global functions
-/**
-* Load the autoloaders added by the extensions.
-*
-* @param string $phpbb_root_path Path to the phpbb root directory.
-*/
-function phpbb_load_extensions_autoloaders($phpbb_root_path)
-{
-	$iterator = new \RecursiveIteratorIterator(
-		new \phpbb\recursive_dot_prefix_filter_iterator(
-			new \RecursiveDirectoryIterator(
-				$phpbb_root_path . 'ext/',
-				\FilesystemIterator::SKIP_DOTS | \FilesystemIterator::FOLLOW_SYMLINKS
-			)
-		),
-		\RecursiveIteratorIterator::SELF_FIRST
-	);
-	$iterator->setMaxDepth(2);
-
-	foreach ($iterator as $file_info)
-	{
-		if ($file_info->getFilename() === 'vendor' && $iterator->getDepth() === 2)
-		{
-			$filename = $file_info->getRealPath() . '/autoload.php';
-			if (file_exists($filename))
-			{
-				require $filename;
-			}
-		}
-	}
-}
-
-/**
-* Casts a variable to the given type.
-*
-* @deprecated
-*/
-function set_var(&$result, $var, $type, $multibyte = false)
-{
-	// no need for dependency injection here, if you have the object, call the method yourself!
-	$type_cast_helper = new \phpbb\request\type_cast_helper();
-	$type_cast_helper->set_var($result, $var, $type, $multibyte);
-}
-
 /**
 * Generates an alphanumeric random string of given length
 *
diff --git a/phpBB/includes/functions_compatibility.php b/phpBB/includes/functions_compatibility.php
index e95fa40a58..7a23ceaf75 100644
--- a/phpBB/includes/functions_compatibility.php
+++ b/phpBB/includes/functions_compatibility.php
@@ -511,3 +511,48 @@ function phpbb_pcre_utf8_support()
 {
 	return true;
 }
+
+/**
+* Load the autoloaders added by the extensions.
+*
+* @param string $phpbb_root_path Path to the phpbb root directory.
+*
+* @deprecated 3.2.9 (To be removed 4.0.0)
+*/
+function phpbb_load_extensions_autoloaders($phpbb_root_path)
+{
+	$iterator = new \RecursiveIteratorIterator(
+		new \phpbb\recursive_dot_prefix_filter_iterator(
+			new \RecursiveDirectoryIterator(
+				$phpbb_root_path . 'ext/',
+				\FilesystemIterator::SKIP_DOTS | \FilesystemIterator::FOLLOW_SYMLINKS
+			)
+		),
+		\RecursiveIteratorIterator::SELF_FIRST
+	);
+	$iterator->setMaxDepth(2);
+
+	foreach ($iterator as $file_info)
+	{
+		if ($file_info->getFilename() === 'vendor' && $iterator->getDepth() === 2)
+		{
+			$filename = $file_info->getRealPath() . '/autoload.php';
+			if (file_exists($filename))
+			{
+				require $filename;
+			}
+		}
+	}
+}
+
+/**
+* Casts a variable to the given type.
+*
+* @deprecated
+*/
+function set_var(&$result, $var, $type, $multibyte = false)
+{
+	// no need for dependency injection here, if you have the object, call the method yourself!
+	$type_cast_helper = new \phpbb\request\type_cast_helper();
+	$type_cast_helper->set_var($result, $var, $type, $multibyte);
+}
diff --git a/phpBB/phpbb/php/ini.php b/phpBB/phpbb/php/ini.php
index 73a30659a6..3a07fec5a8 100644
--- a/phpBB/phpbb/php/ini.php
+++ b/phpBB/phpbb/php/ini.php
@@ -17,6 +17,7 @@ namespace phpbb\php;
 * Wrapper class for ini_get function.
 *
 * Provides easier handling of the different interpretations of ini values.
+* @deprecated 3.2.9 (To be removed 4.0.0)
 */
 class ini
 {

From 2fea7969d3887adcbbd78e8141a057d30932de29 Mon Sep 17 00:00:00 2001
From: rubencm <rubencm@gmail.com>
Date: Mon, 3 Feb 2020 01:38:35 +0000
Subject: [PATCH 2/4] [ticket/16352] Deprecate more functions

PHPBB3-16352
---
 phpBB/includes/bbcode.php                  |   4 +-
 phpBB/includes/functions.php               | 102 -------------
 phpBB/includes/functions_compatibility.php | 158 ++++++++++++++++++++-
 phpBB/phpbb/php/ini.php                    |   2 +-
 4 files changed, 160 insertions(+), 106 deletions(-)

diff --git a/phpBB/includes/bbcode.php b/phpBB/includes/bbcode.php
index c31b63a403..e50011af03 100644
--- a/phpBB/includes/bbcode.php
+++ b/phpBB/includes/bbcode.php
@@ -221,8 +221,6 @@ class bbcode
 			$db->sql_freeresult($result);
 		}
 
-		// To perform custom second pass in extension, use $this->bbcode_second_pass_by_extension()
-		// method which accepts variable number of parameters
 		foreach ($bbcode_ids as $bbcode_id)
 		{
 			switch ($bbcode_id)
@@ -681,6 +679,8 @@ class bbcode
 	* Accepts variable number of parameters
 	*
 	* @return mixed Second pass result
+	*
+	* @deprecated 3.2.10 (To be removed 4.0.0)
 	*/
 	function bbcode_second_pass_by_extension()
 	{
diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php
index eb120de7a4..12ac2adefc 100644
--- a/phpBB/includes/functions.php
+++ b/phpBB/includes/functions.php
@@ -3858,108 +3858,6 @@ function phpbb_optionset($bit, $set, $data)
 	return $data;
 }
 
-/**
-* Login using http authenticate.
-*
-* @param array	$param		Parameter array, see $param_defaults array.
-*
-* @return null
-*/
-function phpbb_http_login($param)
-{
-	global $auth, $user, $request;
-	global $config;
-
-	$param_defaults = array(
-		'auth_message'	=> '',
-
-		'autologin'		=> false,
-		'viewonline'	=> true,
-		'admin'			=> false,
-	);
-
-	// Overwrite default values with passed values
-	$param = array_merge($param_defaults, $param);
-
-	// User is already logged in
-	// We will not overwrite his session
-	if (!empty($user->data['is_registered']))
-	{
-		return;
-	}
-
-	// $_SERVER keys to check
-	$username_keys = array(
-		'PHP_AUTH_USER',
-		'Authorization',
-		'REMOTE_USER', 'REDIRECT_REMOTE_USER',
-		'HTTP_AUTHORIZATION', 'REDIRECT_HTTP_AUTHORIZATION',
-		'REMOTE_AUTHORIZATION', 'REDIRECT_REMOTE_AUTHORIZATION',
-		'AUTH_USER',
-	);
-
-	$password_keys = array(
-		'PHP_AUTH_PW',
-		'REMOTE_PASSWORD',
-		'AUTH_PASSWORD',
-	);
-
-	$username = null;
-	foreach ($username_keys as $k)
-	{
-		if ($request->is_set($k, \phpbb\request\request_interface::SERVER))
-		{
-			$username = htmlspecialchars_decode($request->server($k));
-			break;
-		}
-	}
-
-	$password = null;
-	foreach ($password_keys as $k)
-	{
-		if ($request->is_set($k, \phpbb\request\request_interface::SERVER))
-		{
-			$password = htmlspecialchars_decode($request->server($k));
-			break;
-		}
-	}
-
-	// Decode encoded information (IIS, CGI, FastCGI etc.)
-	if (!is_null($username) && is_null($password) && strpos($username, 'Basic ') === 0)
-	{
-		list($username, $password) = explode(':', base64_decode(substr($username, 6)), 2);
-	}
-
-	if (!is_null($username) && !is_null($password))
-	{
-		set_var($username, $username, 'string', true);
-		set_var($password, $password, 'string', true);
-
-		$auth_result = $auth->login($username, $password, $param['autologin'], $param['viewonline'], $param['admin']);
-
-		if ($auth_result['status'] == LOGIN_SUCCESS)
-		{
-			return;
-		}
-		else if ($auth_result['status'] == LOGIN_ERROR_ATTEMPTS)
-		{
-			send_status_line(401, 'Unauthorized');
-
-			trigger_error('NOT_AUTHORISED');
-		}
-	}
-
-	// Prepend sitename to auth_message
-	$param['auth_message'] = ($param['auth_message'] === '') ? $config['sitename'] : $config['sitename'] . ' - ' . $param['auth_message'];
-
-	// We should probably filter out non-ASCII characters - RFC2616
-	$param['auth_message'] = preg_replace('/[\x80-\xFF]/', '?', $param['auth_message']);
-
-	header('WWW-Authenticate: Basic realm="' . $param['auth_message'] . '"');
-	send_status_line(401, 'Unauthorized');
-
-	trigger_error('NOT_AUTHORISED');
-}
 
 /**
 * Escapes and quotes a string for use as an HTML/XML attribute value.
diff --git a/phpBB/includes/functions_compatibility.php b/phpBB/includes/functions_compatibility.php
index 7a23ceaf75..4112812dc6 100644
--- a/phpBB/includes/functions_compatibility.php
+++ b/phpBB/includes/functions_compatibility.php
@@ -517,7 +517,7 @@ function phpbb_pcre_utf8_support()
 *
 * @param string $phpbb_root_path Path to the phpbb root directory.
 *
-* @deprecated 3.2.9 (To be removed 4.0.0)
+* @deprecated 3.2.10 (To be removed 4.0.0)
 */
 function phpbb_load_extensions_autoloaders($phpbb_root_path)
 {
@@ -556,3 +556,159 @@ function set_var(&$result, $var, $type, $multibyte = false)
 	$type_cast_helper = new \phpbb\request\type_cast_helper();
 	$type_cast_helper->set_var($result, $var, $type, $multibyte);
 }
+
+
+/**
+* Login using http authenticate.
+*
+* @param array	$param		Parameter array, see $param_defaults array.
+*
+* @return null
+*
+* @deprecated 3.2.10 (To be removed 4.0.0)
+*/
+function phpbb_http_login($param)
+{
+	global $auth, $user, $request;
+	global $config;
+
+	$param_defaults = array(
+		'auth_message'	=> '',
+
+		'autologin'		=> false,
+		'viewonline'	=> true,
+		'admin'			=> false,
+	);
+
+	// Overwrite default values with passed values
+	$param = array_merge($param_defaults, $param);
+
+	// User is already logged in
+	// We will not overwrite his session
+	if (!empty($user->data['is_registered']))
+	{
+		return;
+	}
+
+	// $_SERVER keys to check
+	$username_keys = array(
+		'PHP_AUTH_USER',
+		'Authorization',
+		'REMOTE_USER', 'REDIRECT_REMOTE_USER',
+		'HTTP_AUTHORIZATION', 'REDIRECT_HTTP_AUTHORIZATION',
+		'REMOTE_AUTHORIZATION', 'REDIRECT_REMOTE_AUTHORIZATION',
+		'AUTH_USER',
+	);
+
+	$password_keys = array(
+		'PHP_AUTH_PW',
+		'REMOTE_PASSWORD',
+		'AUTH_PASSWORD',
+	);
+
+	$username = null;
+	foreach ($username_keys as $k)
+	{
+		if ($request->is_set($k, \phpbb\request\request_interface::SERVER))
+		{
+			$username = htmlspecialchars_decode($request->server($k));
+			break;
+		}
+	}
+
+	$password = null;
+	foreach ($password_keys as $k)
+	{
+		if ($request->is_set($k, \phpbb\request\request_interface::SERVER))
+		{
+			$password = htmlspecialchars_decode($request->server($k));
+			break;
+		}
+	}
+
+	// Decode encoded information (IIS, CGI, FastCGI etc.)
+	if (!is_null($username) && is_null($password) && strpos($username, 'Basic ') === 0)
+	{
+		list($username, $password) = explode(':', base64_decode(substr($username, 6)), 2);
+	}
+
+	if (!is_null($username) && !is_null($password))
+	{
+		set_var($username, $username, 'string', true);
+		set_var($password, $password, 'string', true);
+
+		$auth_result = $auth->login($username, $password, $param['autologin'], $param['viewonline'], $param['admin']);
+
+		if ($auth_result['status'] == LOGIN_SUCCESS)
+		{
+			return;
+		}
+		else if ($auth_result['status'] == LOGIN_ERROR_ATTEMPTS)
+		{
+			send_status_line(401, 'Unauthorized');
+
+			trigger_error('NOT_AUTHORISED');
+		}
+	}
+
+	// Prepend sitename to auth_message
+	$param['auth_message'] = ($param['auth_message'] === '') ? $config['sitename'] : $config['sitename'] . ' - ' . $param['auth_message'];
+
+	// We should probably filter out non-ASCII characters - RFC2616
+	$param['auth_message'] = preg_replace('/[\x80-\xFF]/', '?', $param['auth_message']);
+
+	header('WWW-Authenticate: Basic realm="' . $param['auth_message'] . '"');
+	send_status_line(401, 'Unauthorized');
+
+	trigger_error('NOT_AUTHORISED');
+}
+
+/**
+* Converts query string (GET) parameters in request into hidden fields.
+*
+* Useful for forwarding GET parameters when submitting forms with GET method.
+*
+* It is possible to omit some of the GET parameters, which is useful if
+* they are specified in the form being submitted.
+*
+* sid is always omitted.
+*
+* @param \phpbb\request\request $request Request object
+* @param array $exclude A list of variable names that should not be forwarded
+* @return string HTML with hidden fields
+*
+* @deprecated 3.2.10 (To be removed 4.0.0)
+*/
+function phpbb_build_hidden_fields_for_query_params($request, $exclude = null)
+{
+	$names = $request->variable_names(\phpbb\request\request_interface::GET);
+	$hidden = '';
+	foreach ($names as $name)
+	{
+		// Sessions are dealt with elsewhere, omit sid always
+		if ($name == 'sid')
+		{
+			continue;
+		}
+
+		// Omit any additional parameters requested
+		if (!empty($exclude) && in_array($name, $exclude))
+		{
+			continue;
+		}
+
+		$escaped_name = phpbb_quoteattr($name);
+
+		// Note: we might retrieve the variable from POST or cookies
+		// here. To avoid exposing cookies, skip variables that are
+		// overwritten somewhere other than GET entirely.
+		$value = $request->variable($name, '', true);
+		$get_value = $request->variable($name, '', true, \phpbb\request\request_interface::GET);
+		if ($value === $get_value)
+		{
+			$escaped_value = phpbb_quoteattr($value);
+			$hidden .= "<input type='hidden' name=$escaped_name value=$escaped_value />";
+		}
+	}
+	return $hidden;
+}
diff --git a/phpBB/phpbb/php/ini.php b/phpBB/phpbb/php/ini.php
index 3a07fec5a8..24a5b5ecec 100644
--- a/phpBB/phpbb/php/ini.php
+++ b/phpBB/phpbb/php/ini.php
@@ -17,7 +17,7 @@ namespace phpbb\php;
 * Wrapper class for ini_get function.
 *
 * Provides easier handling of the different interpretations of ini values.
-* @deprecated 3.2.9 (To be removed 4.0.0)
+* @deprecated 3.2.10 (To be removed 4.0.0)
 */
 class ini
 {

From 96a7e04ea5109deaac0fa70f1f91bb0e489d80cd Mon Sep 17 00:00:00 2001
From: rubencm <rubencm@gmail.com>
Date: Mon, 3 Feb 2020 02:20:35 +0000
Subject: [PATCH 3/4] [ticket/16352] Deprecate phpbb_delete_user_pms

PHPBB3-16352
---
 phpBB/includes/functions_compatibility.php | 21 +++++++++++++++++++++
 phpBB/includes/functions_privmsgs.php      | 19 -------------------
 2 files changed, 21 insertions(+), 19 deletions(-)

diff --git a/phpBB/includes/functions_compatibility.php b/phpBB/includes/functions_compatibility.php
index 4112812dc6..cd9869842e 100644
--- a/phpBB/includes/functions_compatibility.php
+++ b/phpBB/includes/functions_compatibility.php
@@ -712,3 +712,24 @@ function phpbb_build_hidden_fields_for_query_params($request, $exclude = null)
 	}
 	return $hidden;
 }
+
+/**
+* Delete all PM(s) for a given user and delete the ones without references
+*
+* @param	int		$user_id	ID of the user whose private messages we want to delete
+*
+* @return	boolean		False if there were no pms found, true otherwise.
+*
+* @deprecated 3.2.10 (To be removed 4.0.0)
+*/
+function phpbb_delete_user_pms($user_id)
+{
+	$user_id = (int) $user_id;
+
+	if (!$user_id)
+	{
+		return false;
+	}
+
+	return phpbb_delete_users_pms(array($user_id));
+}
diff --git a/phpBB/includes/functions_privmsgs.php b/phpBB/includes/functions_privmsgs.php
index 436b437cfa..58fe79598b 100644
--- a/phpBB/includes/functions_privmsgs.php
+++ b/phpBB/includes/functions_privmsgs.php
@@ -1179,25 +1179,6 @@ function delete_pm($user_id, $msg_ids, $folder_id)
 	return true;
 }
 
-/**
-* Delete all PM(s) for a given user and delete the ones without references
-*
-* @param	int		$user_id	ID of the user whose private messages we want to delete
-*
-* @return	boolean		False if there were no pms found, true otherwise.
-*/
-function phpbb_delete_user_pms($user_id)
-{
-	$user_id = (int) $user_id;
-
-	if (!$user_id)
-	{
-		return false;
-	}
-
-	return phpbb_delete_users_pms(array($user_id));
-}
-
 /**
 * Delete all PM(s) for given users and delete the ones without references
 *

From b07fb709ba44475a64e9389b2f8561834c70a057 Mon Sep 17 00:00:00 2001
From: rubencm <rubencm@gmail.com>
Date: Mon, 3 Feb 2020 02:24:56 +0000
Subject: [PATCH 4/4] [ticket/16352] Remove duplicated function

PHPBB3-16352
---
 phpBB/includes/functions.php | 48 ------------------------------------
 1 file changed, 48 deletions(-)

diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php
index 12ac2adefc..19c45981e0 100644
--- a/phpBB/includes/functions.php
+++ b/phpBB/includes/functions.php
@@ -3906,54 +3906,6 @@ function phpbb_quoteattr($data, $entities = null)
 	return $data;
 }
 
-/**
-* Converts query string (GET) parameters in request into hidden fields.
-*
-* Useful for forwarding GET parameters when submitting forms with GET method.
-*
-* It is possible to omit some of the GET parameters, which is useful if
-* they are specified in the form being submitted.
-*
-* sid is always omitted.
-*
-* @param \phpbb\request\request $request Request object
-* @param array $exclude A list of variable names that should not be forwarded
-* @return string HTML with hidden fields
-*/
-function phpbb_build_hidden_fields_for_query_params($request, $exclude = null)
-{
-	$names = $request->variable_names(\phpbb\request\request_interface::GET);
-	$hidden = '';
-	foreach ($names as $name)
-	{
-		// Sessions are dealt with elsewhere, omit sid always
-		if ($name == 'sid')
-		{
-			continue;
-		}
-
-		// Omit any additional parameters requested
-		if (!empty($exclude) && in_array($name, $exclude))
-		{
-			continue;
-		}
-
-		$escaped_name = phpbb_quoteattr($name);
-
-		// Note: we might retrieve the variable from POST or cookies
-		// here. To avoid exposing cookies, skip variables that are
-		// overwritten somewhere other than GET entirely.
-		$value = $request->variable($name, '', true);
-		$get_value = $request->variable($name, '', true, \phpbb\request\request_interface::GET);
-		if ($value === $get_value)
-		{
-			$escaped_value = phpbb_quoteattr($value);
-			$hidden .= "<input type='hidden' name=$escaped_name value=$escaped_value />";
-		}
-	}
-	return $hidden;
-}
-
 /**
 * Get user avatar
 *