[ticket/14481] Respect HTTP_X_FORWARDED headers for implying https
* marc1706/ticket/14481:
[ticket/14481] Add tests for x_forwarded_proto header
[ticket/14481] Use port 443 if https is specified in x-forwarded-proto
[ticket/14481] Respect HTTP_X_FORWARDED headers for implying https
This was previously removed without needing to. Adding it back to force
users to not emulate the page for previous versions of IE. The
imagetoolbar http-equiv tag was not restored as IE does not contain that
anymore since IE7. Also, the chome=1 has been removed from the
X-UA-Compatible content as ChromeFrame does not receive any further
updates since 2014 and is potentially broken.
PHPBB3-14136
Currently, the unique way to disable the update of session_page is to pass
"false" to the parameter of session_begin(). This method is directly
called in app.php, so pages served from the routing system can't disable
the update of session informations.
By moving the update to page_footer, we can allow controllers to tell to
the session manager that we don't want to update the session infos.
PHPBB3-14261
[ticket/14070] Properly pass whether config should be ignored for avatars
* marc1706/ticket/14070:
[ticket/14070] Properly pass whether config should be ignored for avatars
In certain situations, an SQL error DUPLICATE ERROR for KEY 'PRIMARY'
in the forums_track table is produced when marking forums read
(viewforum.php?f=xx&mark=forums).
The problem happens when there are duplicates in the forum_id array.
The solution is to remove those duplicates.
PHPBB3-10711
* prep-release-3.1.4:
[ticket/security-180] Use language variable for redirect error in 3.1+
[ticket/security-180] Merge if statement with previous one in 3.1.x
[ticket/security-180] Add tests for redirecting to main URL
[ticket/security-180] Always fail when redirecting to an insecure URL
[ticket/security-180] Make sure that redirect goes to full URL plus slash
[ticket/security-180] Check if redirect URL contains board URL
The code was added as a workaround for bugs in very old versions of IIS,
dating back to 2002: see commit 849d76697444f4e3523845f8c96569ccde57d868.
Newer IIS versions handle the 'Location' header just fine, so we can avoid
the unnecessary HTML page for redirects. Given that it seems to work fine
since IIS 6.0 (on WinServer 2003), I don't think it's worth adding a special
check for earlier versions as they are no longer supported by MS as well.
PHPBB3-12101
* ticket/13765:
[ticket/13765] Verify SERVER_PROTOCOL has the expected format before using it.
Conflicts:
phpBB/includes/functions.php
phpBB/includes/startup.php
Currently email addresses are parsed incorrectly due to the regex structure.
Namely, if localpart consists of several dot separated parts, only the last
part with the trailing dot will be captured.
The patch change this behavior to capture the whole localpart.
PHPBB3-13433
