A new table was created to save all failed login attempts with
corresponding information on username, ip and useragent. By default
the limit is 50 login attempts within 6 hours per IP. The limit is
relatively high to avoid big problems on sites behind a reverse
proxy that don't receive the forwarded-for value as REMOTE_ADDR but
see all users as coming from the same IP address. But if these
users run into problems a special forwarded-for option is available
to limit logins by forwarded-for value instead of ip.
PHPBB3-9992
There are currently two hard limits for the number of BBCodes
allowed. One is enforced by the type of the `bbcode_id` column,
the other by an hard limit in `acp/acp_bbcode.php`. However this
limit can never be reached due to the size of the database column.
Suggested fix involves adding a new constant to define the max.
number of BBCodes (as with smilies) and chaning the database
column from a tinyint to a smallint to actually allow 1511 BBCodes
PHPBB3-7778
* prep-release-3.0.8:
[prep-release-3.0.8] Incrementing version number to 3.0.8 and update changelog
[ticket/9903] Script for detecting potentially malicious flash bbcodes
[ticket/9904] Update WebPI Parameters.xml to work with WebMatrix.
[ticket/9903] Fix XSS in BBcode-parser's Flash-BBcode.
Conflicts:
phpBB/includes/constants.php
phpBB/install/database_update.php
phpBB/install/schemas/schema_data.sql
Generally, our config table is not really suited for holding large datasets. Because feed settings for the forums to enable news feeds and excluded forums rely on the forums itself we have decided to introduce a forum_options table where custom options can be stored.
Additionally, for this to work across all DBMS we support, we added a new method to the DBAL for the bitwise AND operator.
Also moved the forum/topic feed template variable to the location where they belong to (forum and topic view)
git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@9965 89ea8834-ac86-4346-8a33-228a782c2dd0
- add option for minimum post chars (which is a required setting for quick reply, therefore we introduce it here)
git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@9656 89ea8834-ac86-4346-8a33-228a782c2dd0
Added min/max captcha chars constants and changed the length from 5-8 to 4-7
git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@9437 89ea8834-ac86-4346-8a33-228a782c2dd0
- Automatic URL parsing no longer allows dots in the schema but can parse URLs starting after a dot [Bug #15110]
- Dynamic width for birthday select boxes [Bug #15149]
git-svn-id: file:///svn/phpbb/trunk@8246 89ea8834-ac86-4346-8a33-228a782c2dd0
- changed highlighting so foo* will match foo again [Bug #10031]
- restructured magic urls (functionality still mostly the same), added a check for entities in urls and punctuation at the end of magic urls [Bugs #10639, #10293]
- undid the workaround for urls in quotes, as it's fixed by the new magic url handling
- allow magic urls enclosed in BBCode [Bug #10319]
- added handling for IPv6 addresses to the IP checking without adding extra options [Bug #9538]
- correctly handle search in search results of search queries with brackets [Bug #10581]
- added information about requirements for auth_apache [Bug #10107]
git-svn-id: file:///svn/phpbb/trunk@7559 89ea8834-ac86-4346-8a33-228a782c2dd0
imagesets are now "intelligently" multilingual, one may use imagesets inside of CSS files now (as well as properties like the width and height of an imageset's image)
all previous styles should change their imageset.cfg to be like prosilver and subsilver2 (notice how there is now an imageset.cfg in the /en folder, there should be one for each language)
git-svn-id: file:///svn/phpbb/trunk@7304 89ea8834-ac86-4346-8a33-228a782c2dd0
- allow cancelling search index creation/removal
- custom CSS class name input too short [Bug #8328]
- give an error message if a password wasn't convertable (special characters in non-standard encoding)
- moved still_on_time to functions.php, used by acp_search and converter, might be useful for MODs (or complex cron scripts)
- do not allow empty passwords on login
- add sids to local URLs in posts (this was a really terrible bug to fix ;-)) [Bug #7892]
- ignore invalid HTTP_X_FORWARDED_FOR headers (just use REMOTE_ADDR if invalid) [Bug #8314]
- changed forum listing code on search page and acp_attachments [Bug #6658]
- search indexing uses still_on_time(), smaller batch size (1000) and meta_refresh() instead of redirect(), this should solve a few problems [Bugs #8034, #8270]
- made password requirement language strings clearer
- ALPHA is not meant to be alphanumric [Bug #7764]
- display bug in firefox on linux making the pagination wrap on search results page (caused by  )
git-svn-id: file:///svn/phpbb/trunk@7076 89ea8834-ac86-4346-8a33-228a782c2dd0
- removing extension from physical filename for uploaded attachments (as has been suggested some time ago from our community), can still be used by using the new 'unique_ext' mode on file cleaning
- fixed a bug with copying attachments if copying a topic
- made sure no attachment files get removed used at another location
- changed media player "embed" code. For some this may result in no auto-resizing - though a download link has been added.
git-svn-id: file:///svn/phpbb/trunk@6831 89ea8834-ac86-4346-8a33-228a782c2dd0