* 3.1.x:
[ticket/security-180] Use language variable for redirect error in 3.1+
[ticket/security-180] Merge if statement with previous one in 3.1.x
[ticket/security-180] Add tests for redirecting to main URL
[ticket/security-180] Always fail when redirecting to an insecure URL
[ticket/security-180] Make sure that redirect goes to full URL plus slash
[ticket/security-180] Check if redirect URL contains board URL
The ORIG_PATH_INFO on IIS also contains the script name. Only use that
for killing the script after removing the script name from ORIG_PATH_INFO.
PHPBB3-13549
The deprecated passwords functions are no longer used in the core and have
been replaced with the passwords manager. Therefore, the functions are
moved to the functions_compatibility file.
PHPBB3-12239
The user's page directory needs to be added to the redirect URL for proper
redirects outside of the forum root. Fix the unit tests accordingly.
PHPBB3-11997
The redirect function will now properly redirect to where we want it to.
It will no longer try to check if the file or directory we redirect to exist.
This will ensure compatibility with the new routes.
PHPBB3-11997
We currently do a lot of checks in order to prevent users from getting to
a 404 page. However, this logic relies on checking if a file or folder exists.
Due to the front controllers and the URL rewriting in 3.1, it is no longer
possible to rely on existing files for redirecting. This patch will take
care of properly redirecting users to front controller files. An incorrect
link will cause users to get a 404 error though.
PHPBB3-11997
# By Nils Adermann (68) and others
# Via Andreas Fischer (12) and others
* 'develop' of github.com:phpbb/phpbb3: (102 commits)
[ticket/11876] Replace MD5 with SHA256.
[ticket/11876] Move checksum generation from build PHP files to phing build.xml
[develop-olympus] Build against 3.0.12 instead of 3.0.12-RC3. Tag exists now.
[prep-release-3.0.12] Update changelog for 3.0.12 release.
[ticket/11873] Add unit test for large password input.
[ticket/11873] Do not hash very large passwords in order to safe resources.
[ticket/11862] Correct var names in user_delete() events due to prune-users
[develop-olympus] Use 3.0.13-dev as build version. Use latest 3.0.12 RC tag.
[prep-release-3.0.12] Bumping version number for 3.0.12 final.
[ticket/11852] Add class file
[ticket/11852] Move tests to folder with new class name
[ticket/11852] Split filesystem and path_helper into 2 classes
[ticket/11868] Add @depends to test
[ticket/11868] Add functional test for registration
[ticket/11868] Replace phpbb_request_interface references
[ticket/11866] Only single backslash in .md files
[ticket/11866] Remove outdated and broken develop script
[ticket/11866] More namespaces
[ticket/11866] Update some occurances of phpbb_db_ to new Namespace
[ticket/11865] Convert old class name to namespaced version
...
Conflicts:
tests/security/extract_current_page_test.php
tests/session/testable_facade.php
* develop-olympus:
[prep-release-3.0.12] Update changelog for 3.0.12 release.
[ticket/11873] Add unit test for large password input.
[ticket/11873] Do not hash very large passwords in order to safe resources.
There were a few error messages that a user could experience that would, previously, be without any the ability to be localized. There are some more E_USER_ERRORs that I did not change to a constant, for example the error message that is displayed if there aren't any folders in /language.
PHPBB3-9975
