This will further harden the ACP security by adding link hashes to links and
form tokens to forms that did not have these yet and result in modified
settings or write action on the filesystem or database. These few links and
forms were still relying on the global ACP protection, mainly due to them
not posing further risks of compromising data. After this change these will
now also be properly protected against tampering.
PHPBB3-14789
phpBB already had limited support for partial downloads, but only for
resuming downloads, disregarding any range ending before EOF.
WebKit on iOS and OS X uses partial downloads when fetching media
files. Previously, only MP3 attachments could play directly in the
browser, reported as a live stream, but with this change, all
supported media formats should render as expected.
Tested using cURL by verifying that partial downloads give exactly the
same results compared to Apache.
PHPBB3-14774
All browser engines that descend from WebKit declare themselves as
Safari in the user agent, including Chrome. Currently, the code
assumes that any Safari-like browser cannot handle the RFC-compliant
filename syntax. At least for recent versions of Safari, this is no
longer the case, and the legacy syntax results in URI-quoted
filenames. Using the standard syntax works as expected in both Safari
9 and Chrome 45.
The ticket reporting this issue is from January 2014, so we can safely
ignore compatibility: any browser still relying on the previous
behaviour is unlikely to receive security updates.
PHPBB3-12133
Mistakenly brought in the modified 3.2.x version verbatim instead of diffing
against the 3.1.x version of ucp_main.php. Removed any changes I didn't
explicitly make.
PHPBB3-14638
Adds various event hooks to the Manage subscriptions page of the User
Control Panel. core.ucp_subscribed_post_data allows us to handle
additional post data from the form that unwatches subscriptions.
core.ucp_main_subscribed_forums_modify_query,
core.ucp_main_topiclist_count_modify_query and
core.ucp_main_topiclist_modify_query all modify the queries used to get
the list of subscribed forums and subscribed/bookmarked topics.
core.ucp_main_subscribed_forum_modify_template_vars and
core.ucp_main_topiclist_topic_modify_template_vars modify the template
variable array associated with each subscribed forum and topic row.
This is a backport to 3.1.x of the code in PR #4318.
PHPBB3-14638
