[prep-release-3.3.15] Update changelog for 3.3.15

[ticket/security-283] Use jQuery to generate HTML for page from page data

.devcontainer/resources/phpbb-config.yml

@@ -30,7 +30,7 @@ installer:
     server:
         cookie_secure: false
         server_protocol: http://
-        force_server_vars: false
+        force_server_vars: true
         server_name: localhost
         server_port: 80
         script_path: /

.devcontainer/resources/setup.sh

@@ -34,6 +34,14 @@ sudo ln -s /workspaces/phpbb/phpBB /var/www/html
 echo "[Codespaces] Copy phpBB configuration"
 cp /workspaces/phpbb/.devcontainer/resources/phpbb-config.yml /workspaces/phpbb/phpBB/install/install-config.yml
 
+# Force the server URL to reflect the Codespace
+# https://docs.github.com/en/codespaces/developing-in-a-codespace/default-environment-variables-for-your-codespace
+if [ "$CODESPACES" = true ] ; then
+    echo "[Codespaces] Set the phpBB server name using default environment variables"
+    codespaces_url="${CODESPACE_NAME}-80.${GITHUB_CODESPACES_PORT_FORWARDING_DOMAIN}"
+    sed -i "s/localhost/$codespaces_url/g" /workspaces/phpbb/phpBB/install/install-config.yml
+fi
+
 # Install phpBB
 echo "[Codespaces] Run phpBB CLI installation"
 cd /workspaces/phpbb/phpBB && composer install --no-interaction

.github/PULL_REQUEST_TEMPLATE.md

@@ -7,4 +7,4 @@ Checklist:
 
 Tracker ticket:
 
-https://tracker.phpbb.com/browse/PHPBB3-12345
+https://tracker.phpbb.com/browse/PHPBB-12345

.github/workflows/check_merge_to_master.yml

@@ -0,0 +1,70 @@
+name: Check merge to master
+
+on:
+    pull_request_target:
+        types: [ opened, synchronize, reopened ]
+        branches:
+            - 3.3.x
+
+jobs:
+    merge-check:
+        if: github.event_name == 'pull_request_target' && github.event.pull_request.base.ref == '3.3.x'
+        runs-on: ubuntu-latest
+        steps:
+            -   name: Checkout the repository
+                uses: actions/checkout@v3
+                with:
+                    fetch-depth: 0  # Ensure full history is fetched
+
+            -   name: Set up Git user
+                run: |
+                    git config --global user.name "github-actions"
+                    git config --global user.email "github-actions@github.com"
+
+            -   name: Fetch all branches
+                run: git fetch origin
+
+            -   name: Simulate merging PR into 3.3.x
+                id: simulate_merge
+                run: |
+                    git checkout 3.3.x
+                    git fetch origin pull/${{ github.event.pull_request.number }}/head
+                    git merge --no-ff FETCH_HEAD || exit 1
+
+            -   name: Attempt to merge updated 3.3.x into master
+                id: merge_master
+                run: |
+                    git checkout master
+                    if git merge --no-ff 3.3.x --no-commit; then
+                      echo "mergeable=true" >> $GITHUB_OUTPUT
+                    else
+                      echo "mergeable=false" >> $GITHUB_OUTPUT
+                      git merge --abort
+                    fi
+
+            - name: Find Comment
+              uses: peter-evans/find-comment@v3
+              id: fc
+              with:
+                  issue-number: ${{ github.event.pull_request.number }}
+                  comment-author: 'github-actions[bot]'
+                  body-includes: The attempt to merge branch `3.3.x` into `master` has completed
+
+            -   name: Post comment on PR
+                if: always()  # Ensure this step always runs, regardless of merge result
+                uses: peter-evans/create-or-update-comment@v4
+                with:
+                    token: ${{ secrets.GITHUB_TOKEN }}
+                    issue-number: ${{ github.event.pull_request.number }}
+                    comment-id: ${{ steps.fc.outputs.comment-id }}
+                    edit-mode: replace
+                    body: |
+                        The attempt to merge branch `3.3.x` into `master` has completed after considering the changes in this PR.
+
+                        - Merge result: ${{ steps.merge_master.outputs.mergeable == 'true' && 'Success ✅' || 'Conflict ❌' }}
+
+                        ${{ steps.merge_master.outputs.mergeable == 'true' && 'This PR is ready to be merged.' || 'A separate PR will be needed to merge `3.3.x` into `master`.' }}
+
+            -   name: Mark job as succeeded
+                if: always()
+                run: echo "Merge check completed. Ignoring the result to avoid failed status."

.github/workflows/merge_3.3.x_to_master.yml

@@ -0,0 +1,60 @@
+name: Merge 3.3.x into master
+
+on:
+    push:
+        branches:
+            - 3.3.x
+
+jobs:
+    merge-branch:
+        runs-on: ubuntu-latest
+
+        steps:
+            - uses: actions/create-github-app-token@v1
+              id: app-token
+              with:
+                  app-id: ${{ vars.MERGE_MASTER_APP_ID }}
+                  private-key: ${{ secrets.MERGE_MASTER_SECRET }}
+
+            - name: Checkout the repository
+              uses: actions/checkout@v4
+              with:
+                  fetch-depth: 0  # Fetch full history for proper merging
+                  ref: 3.3.x      # Checkout the 3.3.x branch
+                  token: ${{ steps.app-token.outputs.token }}
+
+            - name: Fetch the latest commit information
+              id: get-commit-info
+              run: |
+                  # Get the latest commit SHA and its author details
+                  COMMIT_SHA=$(git rev-parse HEAD)
+                  COMMIT_AUTHOR_NAME=$(git log -1 --pretty=format:'%an' $COMMIT_SHA)
+                  COMMIT_AUTHOR_EMAIL=$(git log -1 --pretty=format:'%ae' $COMMIT_SHA)
+
+                  # Save them as output for later steps
+                  echo "commit_sha=$COMMIT_SHA" >> $GITHUB_ENV
+                  echo "commit_author_name=$COMMIT_AUTHOR_NAME" >> $GITHUB_ENV
+                  echo "commit_author_email=$COMMIT_AUTHOR_EMAIL" >> $GITHUB_ENV
+
+            - name: Set up Git with the pull request author's info
+              run: |
+                  git config --global user.name "${{ env.commit_author_name }}"
+                  git config --global user.email "${{ env.commit_author_email }}"
+
+            - name: Fetch all branches
+              run: git fetch --all
+
+            - name: Merge 3.3.x into master
+              run: |
+                  git checkout master
+                  if git merge --no-ff 3.3.x; then
+                      echo "merge_failed=false" >> $GITHUB_ENV
+                  else
+                      echo "merge_failed=true" >> $GITHUB_ENV
+                  fi
+
+            - name: Push changes to master if merge was successful
+              if: env.merge_failed == 'false'
+              run: git push origin master
+              env:
+                  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/tests.yml

@@ -128,6 +128,8 @@ jobs:
                       db: "mysql:5.7"
                     - php: '8.3'
                       db: "mysql:5.7"
+                    - php: '8.4'
+                      db: "mysql:5.7"
 
         name: PHP ${{ matrix.php }} - ${{ matrix.db_alias != '' && matrix.db_alias || matrix.db }}
 
@@ -261,6 +263,8 @@ jobs:
                       db: "postgres:14"
                     - php: '8.3'
                       db: "postgres:14"
+                    - php: '8.4'
+                      db: "postgres:14"
 
         name: PHP ${{ matrix.php }} - ${{ matrix.db }}
 
@@ -347,7 +351,7 @@ jobs:
 
     # Other database types, namely sqlite3 and mssql
     other-tests:
-        runs-on: ubuntu-22.04
+        runs-on: ubuntu-20.04
         strategy:
             matrix:
                 include:
@@ -357,14 +361,14 @@ jobs:
                       db: "mcr.microsoft.com/mssql/server:2017-latest"
                       db_alias: 'MSSQL 2017'
                     - php: '7.2'
-                      db: "mcr.microsoft.com/mssql/server:2019-latest"
+                      db: "mcr.microsoft.com/mssql/server:2019-CU27-ubuntu-20.04"
                       db_alias: 'MSSQL 2019'
 
         name: PHP ${{ matrix.php }} - ${{ matrix.db_alias != '' && matrix.db_alias || matrix.db }}
 
         services:
             mssql:
-                image: ${{ matrix.db != 'mcr.microsoft.com/mssql/server:2017-latest' && matrix.db != 'mcr.microsoft.com/mssql/server:2019-latest' && 'mcr.microsoft.com/mssql/server:2017-latest' || matrix.db }}
+                image: ${{ matrix.db != 'mcr.microsoft.com/mssql/server:2017-latest' && matrix.db != 'mcr.microsoft.com/mssql/server:2019-CU27-ubuntu-20.04' && 'mcr.microsoft.com/mssql/server:2017-latest' || matrix.db }}
                 env:
                     SA_PASSWORD: "Pssw0rd_12"
                     ACCEPT_EULA: "y"
@@ -396,7 +400,7 @@ jobs:
               env:
                   MATRIX_DB: ${{ matrix.db }}
               run: |
-                  if [ $MATRIX_DB == 'mcr.microsoft.com/mssql/server:2017-latest' ] || [ $MATRIX_DB == 'mcr.microsoft.com/mssql/server:2019-latest' ]
+                  if [ $MATRIX_DB == 'mcr.microsoft.com/mssql/server:2017-latest' ] || [ $MATRIX_DB == 'mcr.microsoft.com/mssql/server:2019-CU27-ubuntu-20.04' ]
                   then
                       db='mssql'
                   else
@@ -469,6 +473,9 @@ jobs:
                     - php: '8.3'
                       db: "postgres"
                       type: 'unit'
+                    - php: '8.4'
+                      db: "postgres"
+                      type: 'unit'
                     - php: '7.4'
                       db: "postgres"
                       type: 'functional'
@@ -484,6 +491,9 @@ jobs:
                     - php: '8.3'
                       db: "postgres"
                       type: 'functional'
+                    - php: '8.4'
+                      db: "postgres"
+                      type: 'functional'
 
         name: Windows - PHP ${{ matrix.php }} - ${{ matrix.db }} - ${{ matrix.type }}
 

README.md

@@ -42,8 +42,8 @@ We have unit and functional tests in order to prevent regressions. You can view
 
 Branch  | Description | GitHub Actions |
 ------- | ----------- | -------------- |
-**master** | Latest development version | ![Tests](https://github.com/phpbb/phpbb/workflows/Tests/badge.svg?branch=master) |
-**3.3.x** | Development of version 3.3.x | ![Tests](https://github.com/phpbb/phpbb/workflows/Tests/badge.svg?branch=3.3.x) |
+**master** | Latest development version | ![Tests](https://github.com/phpbb/phpbb/actions/workflows/tests.yml/badge.svg?branch=master) |
+**3.3.x** | Development of version 3.3.x | ![Tests](https://github.com/phpbb/phpbb/actions/workflows/tests.yml/badge.svg?branch=3.3.x) |
 
 ## 📜 License
 

SECURITY.md

@@ -0,0 +1,13 @@
+# Security Policy
+
+## Reporting a Vulnerability
+
+Please do not post potential security vulnerabilities publicly. Instead, report them to the phpBB team.
+We take security very seriously and will respond to reports about potential security vulnerabilities as quickly as possible.
+There are multiple ways a potential security vulnerability can be reported:
+
+- HackerOne: [phpBB | Vulnerability Disclosure Program | HackerOne](https://hackerone.com/phpbb)
+- Create a report in the security tracker: [Security Tracker](https://www.phpbb.com/security/)
+- Send an email: [security@phpbb.com](mailto:security@phpbb.com)
+
+Please provide as much detail as possible when reporting a vulnerability. You can expect to receive an update on your report within a few days. If the vulnerability is accepted, we will work on a fix and keep you informed of the progress. If the vulnerability is declined, we will provide an explanation.

build/build.xml

@@ -2,9 +2,9 @@
 
 <project name="phpBB" description="The phpBB forum software" default="all" basedir="../">
 	<!-- a few settings for the build -->
-	<property name="newversion" value="3.3.12" />
-	<property name="prevversion" value="3.3.11" />
-	<property name="olderversions" value="3.1.0, 3.1.1, 3.1.2, 3.1.3, 3.1.4, 3.1.5, 3.1.6, 3.1.7, 3.1.7-pl1, 3.1.8, 3.1.9, 3.1.10, 3.1.11, 3.1.12, 3.2.0, 3.2.1, 3.2.2, 3.2.3, 3.2.4, 3.2.5, 3.2.6, 3.2.7, 3.2.8, 3.2.9, 3.2.10, 3.2.11, 3.3.0, 3.3.1, 3.3.2, 3.3.3, 3.3.4, 3.3.5, 3.3.6, 3.3.7, 3.3.8, 3.3.9, 3.3.10, 3.3.12-RC1" />
+	<property name="newversion" value="3.3.15" />
+	<property name="prevversion" value="3.3.14" />
+	<property name="olderversions" value="3.1.0, 3.1.1, 3.1.2, 3.1.3, 3.1.4, 3.1.5, 3.1.6, 3.1.7, 3.1.7-pl1, 3.1.8, 3.1.9, 3.1.10, 3.1.11, 3.1.12, 3.2.0, 3.2.1, 3.2.2, 3.2.3, 3.2.4, 3.2.5, 3.2.6, 3.2.7, 3.2.8, 3.2.9, 3.2.10, 3.2.11, 3.3.0, 3.3.1, 3.3.2, 3.3.3, 3.3.4, 3.3.5, 3.3.6, 3.3.7, 3.3.8, 3.3.9, 3.3.10, 3.3.11, 3.3.12, 3.3.13, 3.3.15-RC1" />
 	<!-- no configuration should be needed beyond this point -->
 
 	<property name="oldversions" value="${olderversions}, ${prevversion}" />
@@ -181,6 +181,7 @@
 
 		<!-- create an empty config.php file (not for diffs) -->
 		<touch file="build/new_version/phpBB3/config.php" />
+		<copy file="build/new_version/phpBB3/phpbb/.htaccess" tofile="build/new_version/phpBB3/vendor/.htaccess" />
 
 	</target>
 

git-tools/hooks/commit-msg

@@ -224,7 +224,7 @@ do
 			"footer")
 				err=$ERR_FOOTER;
 				# Each ticket is on its own line
-				echo "$line" | grep -Eq "^PHPBB3-[0-9]+$";
+				echo "$line" | grep -Eq "^PHPBB3?-[0-9]+$";
 			;;
 			"eof")
 				err=$ERR_EOF;
@@ -356,7 +356,7 @@ echo "$expecting" | grep -q "eof" || (
 	# Check the branch ticket is mentioned, doesn't make sense otherwise
 	if [ $ticket -gt 0 ]
 	then
-		echo "$tickets" | grep -Eq "\bPHPBB3-$ticket\b" || (
+		echo "$tickets" | grep -Eq "\bPHPBB3?-$ticket\b" || (
 			complain "Ticket ID [$ticket] of branch missing from list of tickets:" >&2;
 			complain "$tickets" | sed 's/ /\n/g;s/^/* /g' >&2;
 			quit $ERR_FOOTER;

git-tools/hooks/prepare-commit-msg

@@ -47,7 +47,7 @@ then
 		# Branch is prefixed with 'ticket/', append ticket ID to message
 		if [ "$branch" != "${branch##ticket/}" ];
 		then
-			tail="$(printf '\n\nPHPBB3-%s' "$ticket_id")";
+			tail="$(printf '\n\nPHPBB-%s' "$ticket_id")";
 		fi
 	fi
 

phpBB/adm/style/acp_ext_list.html

@@ -42,59 +42,52 @@
 		</tr>
 	</thead>
 	<tbody>
-		<!-- IF .enabled -->
-		<tr>
-			<td class="row3" colspan="4"><strong>{L_EXTENSIONS_ENABLED}</strong><!-- EVENT acp_ext_list_enabled_title_after --></td>
-		</tr>
-		<!-- BEGIN enabled -->
-		<tr class="ext_enabled row-highlight">
-			<td><strong title="{enabled.NAME}">{enabled.META_DISPLAY_NAME}</strong><!-- EVENT acp_ext_list_enabled_name_after --></td>
-			<td style="text-align: center;">
-				<!-- IF enabled.S_VERSIONCHECK -->
-				<strong class="<!-- IF enabled.S_UP_TO_DATE -->current-ext<!-- ELSE -->outdated-ext<!-- ENDIF -->">{enabled.META_VERSION}</strong>
-				<!-- IF not enabled.S_UP_TO_DATE --><i class="fa fa-exclamation-circle outdated-ext" aria-hidden="true"></i><!-- ENDIF -->
-				<!-- ELSE -->
-				{enabled.META_VERSION}
-				<!-- ENDIF -->
-			</td>
-			<td style="text-align: center;"><a href="{enabled.U_DETAILS}">{L_DETAILS}</a></td>
-			<td style="text-align: center;">
-				<!-- BEGIN actions -->
-					<a href="{enabled.actions.U_ACTION}"<!-- IF enabled.actions.L_ACTION_EXPLAIN --> title="{enabled.actions.L_ACTION_EXPLAIN}"<!-- ENDIF -->>{enabled.actions.L_ACTION}</a>
-					<!-- IF not enabled.actions.S_LAST_ROW -->&nbsp;|&nbsp;<!-- ENDIF -->
-				<!-- END actions -->
-			</td>
-		</tr>
-		<!-- END enabled -->
-		<!-- ENDIF -->
-
-		<!-- IF .disabled -->
-		<tr>
-			<td class="row3" colspan="4"><strong>{L_EXTENSIONS_DISABLED}</strong><!-- EVENT acp_ext_list_disabled_title_after --></td>
-		</tr>
-		<!-- BEGIN disabled -->
-		<tr class="ext_disabled row-highlight">
-			<td><strong title="{disabled.NAME}">{disabled.META_DISPLAY_NAME}</strong><!-- EVENT acp_ext_list_disabled_name_after --></td>
-			<td style="text-align: center;">
-				<!-- IF disabled.S_VERSIONCHECK -->
-				<strong class="<!-- IF disabled.S_UP_TO_DATE -->current-ext<!-- ELSE -->outdated-ext<!-- ENDIF -->">{disabled.META_VERSION}</strong>
-				<!-- IF not disabled.S_UP_TO_DATE --><i class="fa fa-exclamation-circle outdated-ext" aria-hidden="true"></i><!-- ENDIF -->
-				<!-- ELSE -->
-				{disabled.META_VERSION}
-				<!-- ENDIF -->
-			</td>
-			<td style="text-align: center;">
-				<!-- IF disabled.U_DETAILS --><a href="{disabled.U_DETAILS}">{L_DETAILS}</a><!-- ENDIF -->
-			</td>
-			<td style="text-align: center;">
-				<!-- BEGIN actions -->
-					<a href="{disabled.actions.U_ACTION}"<!-- IF disabled.actions.L_ACTION_EXPLAIN --> title="{disabled.actions.L_ACTION_EXPLAIN}"<!-- ENDIF -->>{disabled.actions.L_ACTION}</a>
-					<!-- IF not disabled.actions.S_LAST_ROW -->&nbsp;|&nbsp;<!-- ENDIF -->
-				<!-- END actions -->
-			</td>
-		</tr>
-		<!-- END disabled -->
-		<!-- ENDIF -->
+		{% for list in ['enabled', 'disabled', 'not_installed'] %}
+			{% set blockname = attribute(loops, list) %}
+			{% if blockname|length %}
+			<tr>
+				<td class="row3" colspan="4"><strong>{{ lang('EXTENSIONS_' ~ list|upper) }}</strong>
+					{% if list == 'enabled' %}
+						{% EVENT acp_ext_list_enabled_title_after %}
+					{% elseif list == 'disabled' %}
+						{% EVENT acp_ext_list_disabled_title_after %}
+					{% elseif list == 'not_installed' %}
+						{% EVENT acp_ext_list_not_installed_title_after %}
+					{% endif %}
+				</td>
+			</tr>
+			{% for data in blockname %}
+			<tr class="ext_{{ list }} row-highlight">
+				<td><strong title="{{ data.NAME }}">{{ data.META_DISPLAY_NAME }}</strong>
+					{% if list == 'enabled' %}
+						{% EVENT acp_ext_list_enabled_name_after %}
+					{% elseif list == 'disabled' %}
+						{% EVENT acp_ext_list_disabled_name_after %}
+					{% elseif list == 'not_installed' %}
+						{% EVENT acp_ext_list_not_installed_name_after %}
+					{% endif %}
+				</td>
+				<td style="text-align: center;">
+					{% if data.S_VERSIONCHECK %}
+					<strong class="{% if data.S_UP_TO_DATE %}current-ext{% else %}outdated-ext{% endif %}">{{ data.META_VERSION }}</strong>
+					{% if not data.S_UP_TO_DATE %}<i class="fa fa-exclamation-circle outdated-ext" aria-hidden="true"></i>{% endif %}
+					{% else %}
+					{{ data.META_VERSION }}
+					{% endif %}
+				</td>
+				<td style="text-align: center;">
+					{% if data.U_DETAILS %}<a href="{{ data.U_DETAILS }}">{{ lang ('DETAILS') }}</a>{% endif %}
+				</td>
+				<td style="text-align: center;">
+					{% for actions in data.actions %}
+						<a href="{{ actions.U_ACTION }}"{% if actions.L_ACTION_EXPLAIN %} title="{{ actions.L_ACTION_EXPLAIN }}"{% endif %}>{{ actions.L_ACTION }}</a>
+						{% if not actions.S_LAST_ROW %}&nbsp;|&nbsp;{% endif %}
+					{% endfor %}
+				</td>
+			</tr>
+			{% endfor %}
+			{% endif %}
+		{% endfor %}
 	</tbody>
 	</table>
 

phpBB/adm/style/acp_groups.html

@@ -225,6 +225,7 @@
 
 	<fieldset>
 		<legend>{L_ADD_USERS}</legend>
+	{% EVENT acp_groups_add_user_options_before %}
 	<dl>
 		<dt><label for="leader">{L_USER_GROUP_LEADER}{L_COLON}</label></dt>
 		<dd><label><input name="leader" type="radio" class="radio" value="1" /> {L_YES}</label>
@@ -235,11 +236,13 @@
 		<dd><label><input name="default" type="radio" class="radio" value="1" /> {L_YES}</label>
 			<label><input name="default" type="radio" class="radio" id="default" value="0" checked="checked" /> {L_NO}</label></dd>
 	</dl>
+	{% EVENT acp_groups_add_user_usernames_before %}
 	<dl>
 		<dt><label for="usernames">{L_USERNAME}{L_COLON}</label><br /><span>{L_USERNAMES_EXPLAIN}</span></dt>
 		<dd><textarea id="usernames" name="usernames" cols="40" rows="5"></textarea></dd>
 		<dd><!-- EVENT acp_groups_find_username_prepend -->[ <a href="{U_FIND_USERNAME}" onclick="find_username(this.href); return false;">{L_FIND_USERNAME}</a> ]<!-- EVENT acp_groups_find_username_append --></dd>
 	</dl>
+	{% EVENT acp_groups_add_user_options_after %}
 
 	<p class="quick">
 		<input class="button2" type="submit" name="addusers" value="{L_SUBMIT}" />

phpBB/adm/style/acp_main.html

@@ -14,27 +14,31 @@
 
 	<p>{L_ADMIN_INTRO}</p>
 
-	<!-- IF S_UPDATE_INCOMPLETE -->
+	{% if S_UPDATE_INCOMPLETE %}
 		<div class="errorbox">
-			<p>{L_UPDATE_INCOMPLETE} <a href="{U_VERSIONCHECK}">{L_MORE_INFORMATION}</a></p>
+			<p>{{ lang('UPDATE_INCOMPLETE') }} <a href="{{ U_VERSIONCHECK }}">{{ lang('MORE_INFORMATION') }}</a></p>
 		</div>
-	<!-- ELSEIF S_VERSIONCHECK_FAIL -->
+	{% elseif S_VERSIONCHECK_FAIL %}
 		<div class="errorbox notice">
-			<p>{L_VERSIONCHECK_FAIL}</p>
-			<p>{VERSIONCHECK_FAIL_REASON}</p>
-			<p><a href="{U_VERSIONCHECK_FORCE}">{L_VERSIONCHECK_FORCE_UPDATE}</a> &middot; <a href="{U_VERSIONCHECK}">{L_MORE_INFORMATION}</a></p>
+			<p>{{ lang('VERSIONCHECK_FAIL') }}</p>
+			<p>{{ VERSIONCHECK_FAIL_REASON }}</p>
+			<p><a href="{{ U_VERSIONCHECK_FORCE }}">{{ lang('VERSIONCHECK_FORCE_UPDATE') }}</a> &middot; <a href="{{ U_VERSIONCHECK }}">{{ lang('MORE_INFORMATION') }}</a></p>
 		</div>
-	<!-- ELSEIF not S_VERSION_UP_TO_DATE -->
+	{% elseif not S_VERSION_UP_TO_DATE %}
 		<div class="errorbox">
-			<p>{L_VERSION_NOT_UP_TO_DATE_TITLE}</p>
-			<p><a href="{U_VERSIONCHECK_FORCE}">{L_VERSIONCHECK_FORCE_UPDATE}</a> &middot; <a href="{U_VERSIONCHECK}">{L_MORE_INFORMATION}</a></p>
+			<p>{{ lang('VERSION_NOT_UP_TO_DATE_TITLE') }}</p>
+			<p><a href="{{ U_VERSIONCHECK_FORCE }}">{{ lang('VERSIONCHECK_FORCE_UPDATE') }}</a> &middot; <a href="{{ U_VERSIONCHECK }}">{{ lang('MORE_INFORMATION') }}</a></p>
 		</div>
-	<!-- ENDIF -->
-	<!-- IF S_VERSION_UPGRADEABLE -->
+	{% elseif S_VERSION_UP_TO_DATE && S_VERSIONCHECK_FORCE %}
+		<div class="successbox">
+			<p>{{ lang('VERSION_UP_TO_DATE_ACP') }}</p>
+		</div>
+	{% endif %}
+	{% if S_VERSION_UPGRADEABLE %}
 		<div class="errorbox notice">
-			<p>{UPGRADE_INSTRUCTIONS}</p>
+			<p>{{ UPGRADE_INSTRUCTIONS }}</p>
 		</div>
-	<!-- ENDIF -->
+	{% endif %}
 
 	<!-- IF S_SEARCH_INDEX_MISSING -->
 		<div class="errorbox">

phpBB/adm/style/admin.js

@@ -5,7 +5,7 @@
 /**
 * Parse document block
 */
-function parse_document(container) 
+function parse_document(container)
 {
 	var test = document.createElement('div'),
 		oldBrowser = (typeof test.style.borderRadius == 'undefined');
@@ -90,7 +90,7 @@ function parse_document(container)
 				}
 			});
 		}
-		
+
 		headersLength = headers.length;
 
 		// Add header text to each cell as <dfn>
@@ -121,8 +121,8 @@ function parse_document(container)
 				}
 
 				if ((text.length && text !== '-') || cell.children().length) {
-					if (headers[column] != '') {
-						cell.prepend('<dfn style="display: none;">' + headers[column] + '</dfn>');
+					if (headers[column].length) {
+						cell.prepend($("<dfn>").css('display', 'none').text(headers[column]));
 					}
 				}
 				else {
@@ -143,7 +143,7 @@ function parse_document(container)
 	*/
 	container.find('table.responsive > tbody').each(function() {
 		var items = $(this).children('tr');
-		if (items.length == 0)
+		if (!items.length)
 		{
 			$(this).parent('table:first').addClass('responsive-hide');
 		}
@@ -157,7 +157,7 @@ function parse_document(container)
 		if ($this.html() == '&nbsp;') {
 			$this.addClass('responsive-hide');
 		}
-		
+
 	});
 
 	/**
@@ -184,7 +184,7 @@ function parse_document(container)
 			var width = $body.width(),
 				height = $this.height();
 
-			if (arguments.length == 0 && (!responsive || width <= lastWidth) && height <= maxHeight) {
+			if (!arguments.length && (!responsive || width <= lastWidth) && height <= maxHeight) {
 				return;
 			}
 

phpBB/adm/style/ajax.js

@@ -235,14 +235,20 @@ function submitPermissions() {
 				if ($alertBoxLink) {
 					// Remove forum_id[] from URL
 					$alertBoxLink.attr('href', $alertBoxLink.attr('href').replace(/(&forum_id\[\]=[0-9]+)/g, ''));
-					var previousPageForm = '<form action="' + $alertBoxLink.attr('href') + '" method="post">';
-					$.each(forumIds, function (key, value) {
-						previousPageForm += '<input type="text" name="forum_id[]" value="' + value + '" />';
+					const $previousPageForm = $('<form>').attr({
+						action: $alertBoxLink.attr('href'),
+						method: 'post'
+					});
+
+					$.each(forumIds, function (key, value) {
+						$previousPageForm.append($('<input>').attr({
+							type: 'text',
+							name: 'forum_id[]',
+							value: value
+						}));
 					});
-					previousPageForm += '</form>';
 
 					$alertBoxLink.on('click', function (e) {
-						var $previousPageForm = $(previousPageForm);
 						$('body').append($previousPageForm);
 						e.preventDefault();
 						$previousPageForm.submit();
@@ -257,12 +263,19 @@ function submitPermissions() {
 					setTimeout(function () {
 						// Create forum to submit using POST. This will prevent
 						// exceeding the maximum length of URLs
-						var form = '<form action="' + res.REFRESH_DATA.url.replace(/(&forum_id\[\]=[0-9]+)/g, '') + '" method="post">';
-						$.each(forumIds, function (key, value) {
-							form += '<input type="text" name="forum_id[]" value="' + value + '" />';
+						const $form = $('<form>').attr({
+							action: res.REFRESH_DATA.url.replace(/(&forum_id\[\]=[0-9]+)/g, ''),
+							method: 'post'
 						});
-						form += '</form>';
-						$form = $(form);
+
+						$.each(forumIds, function (key, value) {
+							$form.append($('<input>').attr({
+								type: 'text',
+								name: 'forum_id[]',
+								value: value
+							}));
+						});
+
 						$('body').append($form);
 
 						// Hide the alert even if we refresh the page, in case the user

phpBB/composer.lock

@@ -3027,16 +3027,16 @@
         },
         {
             "name": "myclabs/deep-copy",
-            "version": "1.11.1",
+            "version": "1.12.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/myclabs/DeepCopy.git",
-                "reference": "7284c22080590fb39f2ffa3e9057f10a4ddd0e0c"
+                "reference": "3a6b9a42cd8f8771bd4295d13e1423fa7f3d942c"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/myclabs/DeepCopy/zipball/7284c22080590fb39f2ffa3e9057f10a4ddd0e0c",
-                "reference": "7284c22080590fb39f2ffa3e9057f10a4ddd0e0c",
+                "url": "https://api.github.com/repos/myclabs/DeepCopy/zipball/3a6b9a42cd8f8771bd4295d13e1423fa7f3d942c",
+                "reference": "3a6b9a42cd8f8771bd4295d13e1423fa7f3d942c",
                 "shasum": ""
             },
             "require": {
@@ -3044,11 +3044,12 @@
             },
             "conflict": {
                 "doctrine/collections": "<1.6.8",
-                "doctrine/common": "<2.13.3 || >=3,<3.2.2"
+                "doctrine/common": "<2.13.3 || >=3 <3.2.2"
             },
             "require-dev": {
                 "doctrine/collections": "^1.6.8",
                 "doctrine/common": "^2.13.3 || ^3.2.2",
+                "phpspec/prophecy": "^1.10",
                 "phpunit/phpunit": "^7.5.20 || ^8.5.23 || ^9.5.13"
             },
             "type": "library",
@@ -3074,7 +3075,7 @@
             ],
             "support": {
                 "issues": "https://github.com/myclabs/DeepCopy/issues",
-                "source": "https://github.com/myclabs/DeepCopy/tree/1.11.1"
+                "source": "https://github.com/myclabs/DeepCopy/tree/1.12.0"
             },
             "funding": [
                 {
@@ -3082,7 +3083,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2023-03-08T13:26:56+00:00"
+            "time": "2024-06-12T14:39:25+00:00"
         },
         {
             "name": "phar-io/manifest",
@@ -3533,24 +3534,24 @@
         },
         {
             "name": "phpspec/prophecy",
-            "version": "v1.18.0",
+            "version": "v1.19.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/phpspec/prophecy.git",
-                "reference": "d4f454f7e1193933f04e6500de3e79191648ed0c"
+                "reference": "67a759e7d8746d501c41536ba40cd9c0a07d6a87"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/phpspec/prophecy/zipball/d4f454f7e1193933f04e6500de3e79191648ed0c",
-                "reference": "d4f454f7e1193933f04e6500de3e79191648ed0c",
+                "url": "https://api.github.com/repos/phpspec/prophecy/zipball/67a759e7d8746d501c41536ba40cd9c0a07d6a87",
+                "reference": "67a759e7d8746d501c41536ba40cd9c0a07d6a87",
                 "shasum": ""
             },
             "require": {
                 "doctrine/instantiator": "^1.2 || ^2.0",
                 "php": "^7.2 || 8.0.* || 8.1.* || 8.2.* || 8.3.*",
                 "phpdocumentor/reflection-docblock": "^5.2",
-                "sebastian/comparator": "^3.0 || ^4.0 || ^5.0",
-                "sebastian/recursion-context": "^3.0 || ^4.0 || ^5.0"
+                "sebastian/comparator": "^3.0 || ^4.0 || ^5.0 || ^6.0",
+                "sebastian/recursion-context": "^3.0 || ^4.0 || ^5.0 || ^6.0"
             },
             "require-dev": {
                 "phpspec/phpspec": "^6.0 || ^7.0",
@@ -3596,9 +3597,9 @@
             ],
             "support": {
                 "issues": "https://github.com/phpspec/prophecy/issues",
-                "source": "https://github.com/phpspec/prophecy/tree/v1.18.0"
+                "source": "https://github.com/phpspec/prophecy/tree/v1.19.0"
             },
-            "time": "2023-12-07T16:22:33+00:00"
+            "time": "2024-02-29T11:52:51+00:00"
         },
         {
             "name": "phpunit/dbunit",
@@ -3726,16 +3727,16 @@
         },
         {
             "name": "phpunit/php-file-iterator",
-            "version": "2.0.5",
+            "version": "2.0.6",
             "source": {
                 "type": "git",
                 "url": "https://github.com/sebastianbergmann/php-file-iterator.git",
-                "reference": "42c5ba5220e6904cbfe8b1a1bda7c0cfdc8c12f5"
+                "reference": "69deeb8664f611f156a924154985fbd4911eb36b"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/sebastianbergmann/php-file-iterator/zipball/42c5ba5220e6904cbfe8b1a1bda7c0cfdc8c12f5",
-                "reference": "42c5ba5220e6904cbfe8b1a1bda7c0cfdc8c12f5",
+                "url": "https://api.github.com/repos/sebastianbergmann/php-file-iterator/zipball/69deeb8664f611f156a924154985fbd4911eb36b",
+                "reference": "69deeb8664f611f156a924154985fbd4911eb36b",
                 "shasum": ""
             },
             "require": {
@@ -3774,7 +3775,7 @@
             ],
             "support": {
                 "issues": "https://github.com/sebastianbergmann/php-file-iterator/issues",
-                "source": "https://github.com/sebastianbergmann/php-file-iterator/tree/2.0.5"
+                "source": "https://github.com/sebastianbergmann/php-file-iterator/tree/2.0.6"
             },
             "funding": [
                 {
@@ -3782,7 +3783,7 @@
                     "type": "github"
                 }
             ],
-            "time": "2021-12-02T12:42:26+00:00"
+            "time": "2024-03-01T13:39:50+00:00"
         },
         {
             "name": "phpunit/php-text-template",
@@ -3831,16 +3832,16 @@
         },
         {
             "name": "phpunit/php-timer",
-            "version": "2.1.3",
+            "version": "2.1.4",
             "source": {
                 "type": "git",
                 "url": "https://github.com/sebastianbergmann/php-timer.git",
-                "reference": "2454ae1765516d20c4ffe103d85a58a9a3bd5662"
+                "reference": "a691211e94ff39a34811abd521c31bd5b305b0bb"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/sebastianbergmann/php-timer/zipball/2454ae1765516d20c4ffe103d85a58a9a3bd5662",
-                "reference": "2454ae1765516d20c4ffe103d85a58a9a3bd5662",
+                "url": "https://api.github.com/repos/sebastianbergmann/php-timer/zipball/a691211e94ff39a34811abd521c31bd5b305b0bb",
+                "reference": "a691211e94ff39a34811abd521c31bd5b305b0bb",
                 "shasum": ""
             },
             "require": {
@@ -3878,7 +3879,7 @@
             ],
             "support": {
                 "issues": "https://github.com/sebastianbergmann/php-timer/issues",
-                "source": "https://github.com/sebastianbergmann/php-timer/tree/2.1.3"
+                "source": "https://github.com/sebastianbergmann/php-timer/tree/2.1.4"
             },
             "funding": [
                 {
@@ -3886,7 +3887,7 @@
                     "type": "github"
                 }
             ],
-            "time": "2020-11-30T08:20:02+00:00"
+            "time": "2024-03-01T13:42:41+00:00"
         },
         {
             "name": "phpunit/php-token-stream",
@@ -4038,16 +4039,16 @@
         },
         {
             "name": "sebastian/code-unit-reverse-lookup",
-            "version": "1.0.2",
+            "version": "1.0.3",
             "source": {
                 "type": "git",
                 "url": "https://github.com/sebastianbergmann/code-unit-reverse-lookup.git",
-                "reference": "1de8cd5c010cb153fcd68b8d0f64606f523f7619"
+                "reference": "92a1a52e86d34cde6caa54f1b5ffa9fda18e5d54"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/sebastianbergmann/code-unit-reverse-lookup/zipball/1de8cd5c010cb153fcd68b8d0f64606f523f7619",
-                "reference": "1de8cd5c010cb153fcd68b8d0f64606f523f7619",
+                "url": "https://api.github.com/repos/sebastianbergmann/code-unit-reverse-lookup/zipball/92a1a52e86d34cde6caa54f1b5ffa9fda18e5d54",
+                "reference": "92a1a52e86d34cde6caa54f1b5ffa9fda18e5d54",
                 "shasum": ""
             },
             "require": {
@@ -4081,7 +4082,7 @@
             "homepage": "https://github.com/sebastianbergmann/code-unit-reverse-lookup/",
             "support": {
                 "issues": "https://github.com/sebastianbergmann/code-unit-reverse-lookup/issues",
-                "source": "https://github.com/sebastianbergmann/code-unit-reverse-lookup/tree/1.0.2"
+                "source": "https://github.com/sebastianbergmann/code-unit-reverse-lookup/tree/1.0.3"
             },
             "funding": [
                 {
@@ -4089,7 +4090,7 @@
                     "type": "github"
                 }
             ],
-            "time": "2020-11-30T08:15:22+00:00"
+            "time": "2024-03-01T13:45:45+00:00"
         },
         {
             "name": "sebastian/comparator",
@@ -4167,16 +4168,16 @@
         },
         {
             "name": "sebastian/diff",
-            "version": "3.0.4",
+            "version": "3.0.6",
             "source": {
                 "type": "git",
                 "url": "https://github.com/sebastianbergmann/diff.git",
-                "reference": "6296a0c086dd0117c1b78b059374d7fcbe7545ae"
+                "reference": "98ff311ca519c3aa73ccd3de053bdb377171d7b6"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/sebastianbergmann/diff/zipball/6296a0c086dd0117c1b78b059374d7fcbe7545ae",
-                "reference": "6296a0c086dd0117c1b78b059374d7fcbe7545ae",
+                "url": "https://api.github.com/repos/sebastianbergmann/diff/zipball/98ff311ca519c3aa73ccd3de053bdb377171d7b6",
+                "reference": "98ff311ca519c3aa73ccd3de053bdb377171d7b6",
                 "shasum": ""
             },
             "require": {
@@ -4221,7 +4222,7 @@
             ],
             "support": {
                 "issues": "https://github.com/sebastianbergmann/diff/issues",
-                "source": "https://github.com/sebastianbergmann/diff/tree/3.0.4"
+                "source": "https://github.com/sebastianbergmann/diff/tree/3.0.6"
             },
             "funding": [
                 {
@@ -4229,20 +4230,20 @@
                     "type": "github"
                 }
             ],
-            "time": "2023-05-07T05:30:20+00:00"
+            "time": "2024-03-02T06:16:36+00:00"
         },
         {
             "name": "sebastian/environment",
-            "version": "4.2.4",
+            "version": "4.2.5",
             "source": {
                 "type": "git",
                 "url": "https://github.com/sebastianbergmann/environment.git",
-                "reference": "d47bbbad83711771f167c72d4e3f25f7fcc1f8b0"
+                "reference": "56932f6049a0482853056ffd617c91ffcc754205"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/sebastianbergmann/environment/zipball/d47bbbad83711771f167c72d4e3f25f7fcc1f8b0",
-                "reference": "d47bbbad83711771f167c72d4e3f25f7fcc1f8b0",
+                "url": "https://api.github.com/repos/sebastianbergmann/environment/zipball/56932f6049a0482853056ffd617c91ffcc754205",
+                "reference": "56932f6049a0482853056ffd617c91ffcc754205",
                 "shasum": ""
             },
             "require": {
@@ -4284,7 +4285,7 @@
             ],
             "support": {
                 "issues": "https://github.com/sebastianbergmann/environment/issues",
-                "source": "https://github.com/sebastianbergmann/environment/tree/4.2.4"
+                "source": "https://github.com/sebastianbergmann/environment/tree/4.2.5"
             },
             "funding": [
                 {
@@ -4292,24 +4293,24 @@
                     "type": "github"
                 }
             ],
-            "time": "2020-11-30T07:53:42+00:00"
+            "time": "2024-03-01T13:49:59+00:00"
         },
         {
             "name": "sebastian/exporter",
-            "version": "3.1.5",
+            "version": "3.1.6",
             "source": {
                 "type": "git",
                 "url": "https://github.com/sebastianbergmann/exporter.git",
-                "reference": "73a9676f2833b9a7c36968f9d882589cd75511e6"
+                "reference": "1939bc8fd1d39adcfa88c5b35335910869214c56"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/sebastianbergmann/exporter/zipball/73a9676f2833b9a7c36968f9d882589cd75511e6",
-                "reference": "73a9676f2833b9a7c36968f9d882589cd75511e6",
+                "url": "https://api.github.com/repos/sebastianbergmann/exporter/zipball/1939bc8fd1d39adcfa88c5b35335910869214c56",
+                "reference": "1939bc8fd1d39adcfa88c5b35335910869214c56",
                 "shasum": ""
             },
             "require": {
-                "php": ">=7.0",
+                "php": ">=7.2",
                 "sebastian/recursion-context": "^3.0"
             },
             "require-dev": {
@@ -4361,7 +4362,7 @@
             ],
             "support": {
                 "issues": "https://github.com/sebastianbergmann/exporter/issues",
-                "source": "https://github.com/sebastianbergmann/exporter/tree/3.1.5"
+                "source": "https://github.com/sebastianbergmann/exporter/tree/3.1.6"
             },
             "funding": [
                 {
@@ -4369,7 +4370,7 @@
                     "type": "github"
                 }
             ],
-            "time": "2022-09-14T06:00:17+00:00"
+            "time": "2024-03-02T06:21:38+00:00"
         },
         {
             "name": "sebastian/global-state",
@@ -4428,16 +4429,16 @@
         },
         {
             "name": "sebastian/object-enumerator",
-            "version": "3.0.4",
+            "version": "3.0.5",
             "source": {
                 "type": "git",
                 "url": "https://github.com/sebastianbergmann/object-enumerator.git",
-                "reference": "e67f6d32ebd0c749cf9d1dbd9f226c727043cdf2"
+                "reference": "ac5b293dba925751b808e02923399fb44ff0d541"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/sebastianbergmann/object-enumerator/zipball/e67f6d32ebd0c749cf9d1dbd9f226c727043cdf2",
-                "reference": "e67f6d32ebd0c749cf9d1dbd9f226c727043cdf2",
+                "url": "https://api.github.com/repos/sebastianbergmann/object-enumerator/zipball/ac5b293dba925751b808e02923399fb44ff0d541",
+                "reference": "ac5b293dba925751b808e02923399fb44ff0d541",
                 "shasum": ""
             },
             "require": {
@@ -4473,7 +4474,7 @@
             "homepage": "https://github.com/sebastianbergmann/object-enumerator/",
             "support": {
                 "issues": "https://github.com/sebastianbergmann/object-enumerator/issues",
-                "source": "https://github.com/sebastianbergmann/object-enumerator/tree/3.0.4"
+                "source": "https://github.com/sebastianbergmann/object-enumerator/tree/3.0.5"
             },
             "funding": [
                 {
@@ -4481,20 +4482,20 @@
                     "type": "github"
                 }
             ],
-            "time": "2020-11-30T07:40:27+00:00"
+            "time": "2024-03-01T13:54:02+00:00"
         },
         {
             "name": "sebastian/object-reflector",
-            "version": "1.1.2",
+            "version": "1.1.3",
             "source": {
                 "type": "git",
                 "url": "https://github.com/sebastianbergmann/object-reflector.git",
-                "reference": "9b8772b9cbd456ab45d4a598d2dd1a1bced6363d"
+                "reference": "1d439c229e61f244ff1f211e5c99737f90c67def"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/sebastianbergmann/object-reflector/zipball/9b8772b9cbd456ab45d4a598d2dd1a1bced6363d",
-                "reference": "9b8772b9cbd456ab45d4a598d2dd1a1bced6363d",
+                "url": "https://api.github.com/repos/sebastianbergmann/object-reflector/zipball/1d439c229e61f244ff1f211e5c99737f90c67def",
+                "reference": "1d439c229e61f244ff1f211e5c99737f90c67def",
                 "shasum": ""
             },
             "require": {
@@ -4528,7 +4529,7 @@
             "homepage": "https://github.com/sebastianbergmann/object-reflector/",
             "support": {
                 "issues": "https://github.com/sebastianbergmann/object-reflector/issues",
-                "source": "https://github.com/sebastianbergmann/object-reflector/tree/1.1.2"
+                "source": "https://github.com/sebastianbergmann/object-reflector/tree/1.1.3"
             },
             "funding": [
                 {
@@ -4536,20 +4537,20 @@
                     "type": "github"
                 }
             ],
-            "time": "2020-11-30T07:37:18+00:00"
+            "time": "2024-03-01T13:56:04+00:00"
         },
         {
             "name": "sebastian/recursion-context",
-            "version": "3.0.1",
+            "version": "3.0.2",
             "source": {
                 "type": "git",
                 "url": "https://github.com/sebastianbergmann/recursion-context.git",
-                "reference": "367dcba38d6e1977be014dc4b22f47a484dac7fb"
+                "reference": "9bfd3c6f1f08c026f542032dfb42813544f7d64c"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/sebastianbergmann/recursion-context/zipball/367dcba38d6e1977be014dc4b22f47a484dac7fb",
-                "reference": "367dcba38d6e1977be014dc4b22f47a484dac7fb",
+                "url": "https://api.github.com/repos/sebastianbergmann/recursion-context/zipball/9bfd3c6f1f08c026f542032dfb42813544f7d64c",
+                "reference": "9bfd3c6f1f08c026f542032dfb42813544f7d64c",
                 "shasum": ""
             },
             "require": {
@@ -4591,7 +4592,7 @@
             "homepage": "http://www.github.com/sebastianbergmann/recursion-context",
             "support": {
                 "issues": "https://github.com/sebastianbergmann/recursion-context/issues",
-                "source": "https://github.com/sebastianbergmann/recursion-context/tree/3.0.1"
+                "source": "https://github.com/sebastianbergmann/recursion-context/tree/3.0.2"
             },
             "funding": [
                 {
@@ -4599,20 +4600,20 @@
                     "type": "github"
                 }
             ],
-            "time": "2020-11-30T07:34:24+00:00"
+            "time": "2024-03-01T14:07:30+00:00"
         },
         {
             "name": "sebastian/resource-operations",
-            "version": "2.0.2",
+            "version": "2.0.3",
             "source": {
                 "type": "git",
                 "url": "https://github.com/sebastianbergmann/resource-operations.git",
-                "reference": "31d35ca87926450c44eae7e2611d45a7a65ea8b3"
+                "reference": "72a7f7674d053d548003b16ff5a106e7e0e06eee"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/sebastianbergmann/resource-operations/zipball/31d35ca87926450c44eae7e2611d45a7a65ea8b3",
-                "reference": "31d35ca87926450c44eae7e2611d45a7a65ea8b3",
+                "url": "https://api.github.com/repos/sebastianbergmann/resource-operations/zipball/72a7f7674d053d548003b16ff5a106e7e0e06eee",
+                "reference": "72a7f7674d053d548003b16ff5a106e7e0e06eee",
                 "shasum": ""
             },
             "require": {
@@ -4642,8 +4643,7 @@
             "description": "Provides a list of PHP built-in functions that operate on resources",
             "homepage": "https://www.github.com/sebastianbergmann/resource-operations",
             "support": {
-                "issues": "https://github.com/sebastianbergmann/resource-operations/issues",
-                "source": "https://github.com/sebastianbergmann/resource-operations/tree/2.0.2"
+                "source": "https://github.com/sebastianbergmann/resource-operations/tree/2.0.3"
             },
             "funding": [
                 {
@@ -4651,7 +4651,7 @@
                     "type": "github"
                 }
             ],
-            "time": "2020-11-30T07:30:19+00:00"
+            "time": "2024-03-01T13:59:09+00:00"
         },
         {
             "name": "sebastian/version",
@@ -4702,16 +4702,16 @@
         },
         {
             "name": "squizlabs/php_codesniffer",
-            "version": "3.9.0",
+            "version": "3.10.1",
             "source": {
                 "type": "git",
                 "url": "https://github.com/PHPCSStandards/PHP_CodeSniffer.git",
-                "reference": "d63cee4890a8afaf86a22e51ad4d97c91dd4579b"
+                "reference": "8f90f7a53ce271935282967f53d0894f8f1ff877"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/PHPCSStandards/PHP_CodeSniffer/zipball/d63cee4890a8afaf86a22e51ad4d97c91dd4579b",
-                "reference": "d63cee4890a8afaf86a22e51ad4d97c91dd4579b",
+                "url": "https://api.github.com/repos/PHPCSStandards/PHP_CodeSniffer/zipball/8f90f7a53ce271935282967f53d0894f8f1ff877",
+                "reference": "8f90f7a53ce271935282967f53d0894f8f1ff877",
                 "shasum": ""
             },
             "require": {
@@ -4778,7 +4778,7 @@
                     "type": "open_collective"
                 }
             ],
-            "time": "2024-02-16T15:06:51+00:00"
+            "time": "2024-05-22T21:24:41+00:00"
         },
         {
             "name": "symfony/browser-kit",
@@ -4985,16 +4985,16 @@
         },
         {
             "name": "theseer/tokenizer",
-            "version": "1.2.2",
+            "version": "1.2.3",
             "source": {
                 "type": "git",
                 "url": "https://github.com/theseer/tokenizer.git",
-                "reference": "b2ad5003ca10d4ee50a12da31de12a5774ba6b96"
+                "reference": "737eda637ed5e28c3413cb1ebe8bb52cbf1ca7a2"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/theseer/tokenizer/zipball/b2ad5003ca10d4ee50a12da31de12a5774ba6b96",
-                "reference": "b2ad5003ca10d4ee50a12da31de12a5774ba6b96",
+                "url": "https://api.github.com/repos/theseer/tokenizer/zipball/737eda637ed5e28c3413cb1ebe8bb52cbf1ca7a2",
+                "reference": "737eda637ed5e28c3413cb1ebe8bb52cbf1ca7a2",
                 "shasum": ""
             },
             "require": {
@@ -5023,7 +5023,7 @@
             "description": "A small library for converting tokenized PHP source code into XML and potentially other formats",
             "support": {
                 "issues": "https://github.com/theseer/tokenizer/issues",
-                "source": "https://github.com/theseer/tokenizer/tree/1.2.2"
+                "source": "https://github.com/theseer/tokenizer/tree/1.2.3"
             },
             "funding": [
                 {
@@ -5031,7 +5031,7 @@
                     "type": "github"
                 }
             ],
-            "time": "2023-11-20T00:12:19+00:00"
+            "time": "2024-03-03T12:36:25+00:00"
         },
         {
             "name": "webmozart/assert",

phpBB/config/default/container/services_console.yml

@@ -281,6 +281,22 @@ services:
         tags:
             - { name: console.command }
 
+    console.command.user.delete_id:
+        class: phpbb\console\command\user\delete_id
+        arguments:
+            - '@dbal.conn'
+            - '@language'
+            - '@log'
+            - '@user'
+            - '@user_loader'
+            - '%tables.bots%'
+            - '%tables.user_group%'
+            - '%tables.users%'
+            - '%core.root_path%'
+            - '%core.php_ext%'
+        tags:
+            - { name: console.command }
+
     console.command.user.reclean:
         class: phpbb\console\command\user\reclean
         arguments:

phpBB/config/default/container/services_ucp.yml

@@ -1,4 +1,15 @@
 services:
+    phpbb.ucp.controller.delete_cookies:
+        class: phpbb\ucp\controller\delete_cookies
+        arguments:
+            - '@config'
+            - '@dispatcher'
+            - '@language'
+            - '@request'
+            - '@user'
+            - '%core.root_path%'
+            - '%core.php_ext%'
+
     phpbb.ucp.controller.reset_password:
         class: phpbb\ucp\controller\reset_password
         arguments:

phpBB/config/default/routing/ucp.yml

@@ -1,3 +1,7 @@
+phpbb_ucp_delete_cookies_controller:
+    path: /delete_cookies
+    defaults: { _controller: phpbb.ucp.controller.delete_cookies:handle }
+
 phpbb_ucp_reset_password_controller:
     path: /reset_password
     defaults: { _controller: phpbb.ucp.controller.reset_password:reset }

phpBB/docs/CHANGELOG.html

@@ -50,6 +50,12 @@
 <ol>
 	<li><a href="#changelog">Changelog</a>
 	<ul>
+		<li><a href="#v3315rc1">Changes since 3.3.15-RC1</a></li>
+		<li><a href="#v3314">Changes since 3.3.14</a></li>
+		<li><a href="#v3314rc1">Changes since 3.3.14-RC1</a></li>
+		<li><a href="#v3313">Changes since 3.3.13</a></li>
+		<li><a href="#v3313rc1">Changes since 3.3.13-RC1</a></li>
+		<li><a href="#v3312">Changes since 3.3.12</a></li>
 		<li><a href="#v3312rc1">Changes since 3.3.12-RC1</a></li>
 		<li><a href="#v3311">Changes since 3.3.11</a></li>
 		<li><a href="#v3310">Changes since 3.3.10</a></li>
@@ -169,6 +175,133 @@
 		<div class="inner">
 
 		<div class="content">
+			<a name="v3315rc1"></a><h3>Changes since 3.3.15-RC1</h3>
+			<h4>Bug</h4>
+			<ul>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17480">PHPBB-17480</a>] - PHP fatal error in version check failure</li>
+			</ul>
+			<h4>Security Issue</h4>
+			<ul>
+				<li>[<a href="https://tracker.phpbb.com/browse/SECURITY-283">SECURITY-283</a>] - Use jQuery to generate HTML from page data</li>
+			</ul>
+
+			<a name="v3314"></a><h3>Changes since 3.3.14</h3>
+			<h4>Bug</h4>
+			<ul>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17227">PHPBB-17227</a>] - Member list sorting bug - repeating users on several pages</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17381">PHPBB-17381</a>] - 'topic_views' column overflow blocks access to the topic</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17417">PHPBB-17417</a>] - Day selection not visible when no results</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17422">PHPBB-17422</a>] - Ascending posts pagination</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17436">PHPBB-17436</a>] - PHP fatal error while converting from phpBB 2.0 with Attachment MOD</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17455">PHPBB-17455</a>] - PHP warning on MySQLi connection failure</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17463">PHPBB-17463</a>] - Extra &amp; in unread posts search pagination </li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17468">PHPBB-17468</a>] - Reset password feature is not restricted to email</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17470">PHPBB-17470</a>] - Enable feeds setting not enforced</li>
+			</ul>
+			<h4>Improvement</h4>
+			<ul>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17429">PHPBB-17429</a>] - Adding event before users have been added to a group</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17431">PHPBB-17431</a>] - Add more vars to memberlist event</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17433">PHPBB-17433</a>] - Unclear instructions in ACP, Server settings</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17443">PHPBB-17443</a>] - Various Guzzle client issues for version checks</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17446">PHPBB-17446</a>] - Add acp_account_activation_edit_add event</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17461">PHPBB-17461</a>] - Add php events for ACP main actions</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17467">PHPBB-17467</a>] - Add TLS v.1.3 support to email messenger connection</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17471">PHPBB-17471</a>] - Forum feed link in forumlist_body does not return the correct URL</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17478">PHPBB-17478</a>] - Add security policy to repository</li>
+			</ul>
+
+			<a name="v3314rc1"></a><h3>Changes since 3.3.14-RC1</h3>
+			<h4>Improvement</h4>
+			<ul>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17421">PHPBB-17421</a>] - Rename section for not installed extensions to not installed</li>
+			</ul>
+
+			<a name="v3313"></a><h3>Changes since 3.3.13</h3>
+			<h4>Bug</h4>
+			<ul>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17181">PHPBB-17181</a>] - If statement to highlight Reported PMS on the view message page doesn't work.</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17383">PHPBB-17383</a>] - HELO/EHLO error while using gethostbyaddr()</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17384">PHPBB-17384</a>] - Passing E_USER_ERROR to trigger_error() is deprecated in PHP 8.4</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17385">PHPBB-17385</a>] - Version check without SSL flag for CDB extensions fails</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17386">PHPBB-17386</a>] - Incorrect trace result while tracing user-based permissions</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17387">PHPBB-17387</a>] - PHP warnings in search results</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17390">PHPBB-17390</a>] - Missing buttons for approval of new messages</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17391">PHPBB-17391</a>] - PHP warnings on attempt to create user group having name already in use</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17398">PHPBB-17398</a>] - Ajax error on deleting cookies</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17405">PHPBB-17405</a>] - Function phpbb_gmgetdate() returns incorrect result for edge cases</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17410">PHPBB-17410</a>] - UCP tabs do not work when testing out another user's permissions</li>
+			</ul>
+			<h4>Improvement</h4>
+			<ul>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-16852">PHPBB-16852</a>] - Addition of a new PHP event concerning bump topics</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17359">PHPBB-17359</a>] - Distinct disabled and not installed extensions in the list</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17376">PHPBB-17376</a>] - Link reference to quote post is a poor accessibility experience</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17382">PHPBB-17382</a>] - Incorrect grammar on FAQ page regarding searching for members</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17388">PHPBB-17388</a>] - Add php event to bump_topic_allowed function</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17394">PHPBB-17394</a>] - Check mergeability of PR on GitHub Actions</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17396">PHPBB-17396</a>] - Automatically handle merges of 3.3.x into master</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17397">PHPBB-17397</a>] - Add event for forum_data query in viewforum</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17402">PHPBB-17402</a>] - Add possibility to force reparsing BBCode via CLI</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17407">PHPBB-17407</a>] - Limit mergeability check to single comment</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17411">PHPBB-17411</a>] - Add core event to search.php</li>
+			</ul>
+
+			<a name="v3313rc1"></a><h3>Changes since 3.3.13-RC1</h3>
+			<h4>Bug</h4>
+			<ul>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17377">PHPBB-17377</a>] - MSSQL builds on GitHub actions broken</li>
+			</ul>
+
+			<a name="v3312"></a><h3>Changes since 3.3.12</h3>
+			<h4>Bug</h4>
+			<ul>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-13916">PHPBB-13916</a>] - Cancelling save draft removes previous notify setting on posting page</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-14454">PHPBB-14454</a>] - Accessing ACP modules while testing user permissions returns a General Error</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-15043">PHPBB-15043</a>] - Searching no longer working in 3.2.0</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-15576">PHPBB-15576</a>] - PM subject truncated to shorter length than maxlength</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-16213">PHPBB-16213</a>] - vendor and phpbb folders should have .htaccess files</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-16907">PHPBB-16907</a>] - &quot;phpbb&quot; value in &quot;hiddenSegments&quot; blocks client requests for extensions in IIS</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17109">PHPBB-17109</a>] - Users without the &quot;Can use signature&quot; permission should not see checkboxes for signature</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17175">PHPBB-17175</a>] - Breadcrumbs show wrong forum and topic when using 'email topic'</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17301">PHPBB-17301</a>] - Wrong length parameter for fread in phpbb/cache/driver/file.php can lead to unusable forum</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17327">PHPBB-17327</a>] - Fix linting issue in console user add command</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17332">PHPBB-17332</a>] - New permission copied from existing permission ignores permission set options</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17337">PHPBB-17337</a>] - Transaction begin is missing from mysqli driver </li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17338">PHPBB-17338</a>] - Incorrect members list sorting by user_last_visit</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17351">PHPBB-17351</a>] - phpBB2 password hashes incorrectly handled during rehash cron</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17352">PHPBB-17352</a>] - Long rank titles push other profile details below</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17353">PHPBB-17353</a>] - Gravatar avatar src is not image src</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17356">PHPBB-17356</a>] - Errors hidden by at are being displayed in PHP 8 or newer</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17358">PHPBB-17358</a>] - Redis cache never expires with the TTL of 0</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17362">PHPBB-17362</a>] - Missing declaration of property in extension manager</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17365">PHPBB-17365</a>] - Enforce the search word limit on queries containing operators without white space</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17366">PHPBB-17366</a>] - Captcha disappears on error message from registration &amp; posting</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17369">PHPBB-17369</a>] - Permanently deleting soft-deleted topics returns incorrect forum in redirect link</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17370">PHPBB-17370</a>] - Deleting Cookies on FAQ/other pages</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17374">PHPBB-17374</a>] - ACP - Maintenance - Logs: Deleting Error / Bug</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17375">PHPBB-17375</a>] - User lastvisit gets updated too often in session garbage collection</li>
+			</ul>
+			<h4>Improvement</h4>
+			<ul>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-16553">PHPBB-16553</a>] - Disapproving a reported post causes a &quot;Module not accessible&quot; error</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17308">PHPBB-17308</a>] - Rename tracker project key to PHPBB-</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17315">PHPBB-17315</a>] - Add new template events to group</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17316">PHPBB-17316</a>] - Add template events to ucp_groups_manage</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17317">PHPBB-17317</a>] - Update button text and make it more readable</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17325">PHPBB-17325</a>] - Show explicit message for &quot;Re-Check version&quot; if installed version is still up to date</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17340">PHPBB-17340</a>] - Update composer to 2.7.7</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17342">PHPBB-17342</a>] - Add PHP 8.4-dev tests to GitHub Actions</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17347">PHPBB-17347</a>] - Support deleting users by ID via console</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17350">PHPBB-17350</a>] - Add user IP address to log when installing extensions on fresh installs</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17355">PHPBB-17355</a>] - Update gravatar hash to sha256</li>
+			</ul>
+			<h4>Task</h4>
+			<ul>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-13933">PHPBB-13933</a>] - Update tokens' definitions in acp_bbcodes</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-16890">PHPBB-16890</a>] - Edit the config sample files and web.config to deny access to the &quot;config&quot; directory</li>
+			</ul>
+
 			<a name="v3312rc1"></a><h3>Changes since 3.3.12-RC1</h3>
 			<h4>Bug</h4>
 			<ul>

phpBB/docs/events.md

@@ -94,6 +94,20 @@ acp_ext_list_enabled_title_after
 * Since: 3.1.11-RC1
 * Purpose: Add text after enabled extensions section title.
 
+acp_ext_list_not_installed_name_after
+===
+* Location: adm/style/acp_ext_list.html
+* Since: 3.3.14-RC1
+* Changed: 3.3.14 Renamed from acp_ext_list_available_name_after
+* Purpose: Add content after the name of not installed extensions in the list
+
+acp_ext_list_not_installed_title_after
+===
+* Location: adm/style/acp_ext_list.html
+* Since: 3.3.14-RC1
+* Changed: 3.3.14 Renamed from acp_ext_list_available_title_after
+* Purpose: Add text after not installed extensions section title.
+
 acp_forums_custom_settings
 ===
 * Location: adm/style/acp_forums.html
@@ -184,6 +198,24 @@ acp_group_types_prepend
 * Since: 3.2.9-RC1
 * Purpose: Add additional group type options to group settings (prepend the list)
 
+acp_groups_add_user_options_after
+===
+* Location: adm/style/acp_groups.html
+* Since: 3.3.13-RC1
+* Purpose: Add content after options for adding user to group in the ACP
+
+acp_groups_add_user_options_before
+===
+* Location: adm/style/acp_groups.html
+* Since: 3.3.13-RC1
+* Purpose: Add content before options for adding user to group in the ACP
+
+acp_groups_add_user_usernames_before
+===
+* Location: adm/style/acp_groups.html
+* Since: 3.3.13-RC1
+* Purpose: Add content before usernames option for adding user to group in the ACP
+
 acp_groups_find_username_append
 ===
 * Location: adm/style/acp_groups.html
@@ -2535,6 +2567,20 @@ ucp_friend_list_before
 * Since: 3.1.0-a4
 * Purpose: Add optional elements before list of friends in UCP
 
+ucp_group_settings_after
+===
+* Locations:
+    + styles/prosilver/template/ucp_groups_manage.html
+* Since: 3.3.13-RC1
+* Purpose: Add content after options for managing a group in the UCP
+
+ucp_group_settings_before
+===
+* Locations:
+    + styles/prosilver/template/ucp_groups_manage.html
+* Since: 3.3.13-RC1
+* Purpose: Add content before options for managing a group in the UCP
+
 ucp_header_content_before
 ===
 * Locations:

phpBB/docs/lighttpd.sample.conf

@@ -1,7 +1,7 @@
 # Sample lighttpd configuration file for phpBB.
 # Global settings have been removed, copy them
 # from your system's lighttpd.conf.
-# Tested with lighttpd 1.4.35
+# Tested with lighttpd 1.4.36
 
 # If you want to use the X-Sendfile feature,
 # uncomment the 'allow-x-send-file' for the fastcgi
@@ -13,7 +13,7 @@
 # for the details on X-Sendfile.
 
 # Load moules
-server.modules += ( 
+server.modules += (
 	"mod_access",
 	"mod_fastcgi",
 	"mod_rewrite",
@@ -32,12 +32,12 @@ $HTTP["host"] == "www.myforums.com" {
 	server.name				= "www.myforums.com"
 	server.document-root	= "/path/to/phpbb"
 	server.dir-listing		= "disable"
-	
+
 	index-file.names		= ( "index.php", "index.htm", "index.html" )
 	accesslog.filename		= "/var/log/lighttpd/access-www.myforums.com.log"
-	
-	# Deny access to internal phpbb files.	
-	$HTTP["url"] =~ "^/(config\.php|common\.php|cache|files|images/avatars/upload|includes|phpbb|store|vendor)" {
+
+	# Deny access to internal phpbb files.
+	$HTTP["url"] =~ "^/(config|common\.php|cache|files|images/avatars/upload|includes|phpbb|store|vendor)" {
 		url.access-deny = ( "" )
 	}
 
@@ -45,27 +45,28 @@ $HTTP["host"] == "www.myforums.com" {
 	$HTTP["url"] =~ "/\.svn|/\.git" {
 		url.access-deny = ( "" )
 	}
-	
+
 	# Deny access to apache configuration files.
 	$HTTP["url"] =~ "/\.htaccess|/\.htpasswd|/\.htgroups" {
 		url.access-deny = ( "" )
 	}
-	
+
 	# The following 3 lines will rewrite URLs passed through the front controller
 	# to not require app.php in the actual URL. In other words, a controller is
 	# by default accessed at /app.php/my/controller, but can also be accessed at
 	# /my/controller
 	url.rewrite-if-not-file = (
-	   "^/(.*)$" => "/app.php/$1"
+		"^/install/(.*)$" => "/install/app.php/$1",
+		"^/(.*)$" => "/app.php/$1"
 	)
-	
-	fastcgi.server = ( ".php" => 
+
+	fastcgi.server = ( ".php" =>
 		((
 			"bin-path" => "/usr/bin/php-cgi",
 			"socket" => "/tmp/php.socket",
 			"max-procs" => 4,
 			"idle-timeout" => 30,
-			"bin-environment" => ( 
+			"bin-environment" => (
 				"PHP_FCGI_CHILDREN" => "10",
 				"PHP_FCGI_MAX_REQUESTS" => "10000"
 			),

phpBB/docs/nginx.sample.conf

@@ -63,7 +63,7 @@ server {
 		}
 
 		# Deny access to internal phpbb files.
-		location ~ /(config\.php|common\.php|cache|files|images/avatars/upload|includes|(?<!ext/)phpbb(?!\w+)|store|vendor) {
+		location ~ /(config|common\.php|cache|files|images/avatars/upload|includes|(?<!ext/)phpbb(?!\w+)|store|vendor) {
 			deny all;
 			# deny was ignored before 0.8.40 for connections over IPv6.
 			# Use internal directive to prohibit access on older versions.

phpBB/includes/acp/acp_bbcodes.php

@@ -110,6 +110,7 @@ class acp_bbcodes
 				);
 
 				$bbcode_tokens = array('TEXT', 'SIMPLETEXT', 'INTTEXT', 'IDENTIFIER', 'NUMBER', 'EMAIL', 'URL', 'LOCAL_URL', 'RELATIVE_URL', 'COLOR');
+				$bbcode_tokens = array_merge($bbcode_tokens, ['ALNUM', 'CHOICE', 'FLOAT', 'HASHMAP', 'INT', 'IP', 'IPPORT', 'IPV4', 'IPV6', 'MAP', 'RANGE', 'REGEXP', 'TIMESTAMP', 'UINT']);
 
 				/**
 				* Modify custom bbcode template data before we display the add/edit form

phpBB/includes/acp/acp_board.php

@@ -386,7 +386,7 @@ class acp_board
 					'vars'	=> array(
 						'legend1'				=> 'ACP_SERVER_SETTINGS',
 						'gzip_compress'			=> array('lang' => 'ENABLE_GZIP',		'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
-						'use_system_cron'		=> array('lang' => 'USE_SYSTEM_CRON',		'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
+						'use_system_cron'		=> array('lang' => 'USE_SYSTEM_CRON',		'validate' => 'bool',	'type' => 'radio:enabled_disabled', 'explain' => true),
 
 						'legend2'				=> 'PATH_SETTINGS',
 						'enable_mod_rewrite'	=> array('lang' => 'MOD_REWRITE_ENABLE',	'validate' => 'bool',	'type' => 'custom', 'method' => 'enable_mod_rewrite', 'explain' => true),
@@ -921,7 +921,7 @@ class acp_board
 	*/
 	function select_acc_activation($selected_value, $value)
 	{
-		global $user, $config;
+		global $user, $config, $phpbb_dispatcher;
 
 		$act_ary = array(
 			'ACC_DISABLE'	=> array(true, USER_ACTIVATION_DISABLE),
@@ -931,6 +931,18 @@ class acp_board
 		);
 
 		$act_options = '';
+
+		/**
+		 * Event to add and/or modify account activation configurations
+		 *
+		 * @event core.acp_account_activation_edit_add
+		 * @var	array	act_ary		Array of account activation methods
+		 * @var	string	act_options	Options available in the activation method
+		 * @since 3.3.15-RC1
+		 */
+		$vars = ['act_ary', 'act_options'];
+		extract($phpbb_dispatcher->trigger_event('core.acp_account_activation_edit_add', compact($vars)));
+
 		foreach ($act_ary as $key => $data)
 		{
 			list($available, $value) = $data;

phpBB/includes/acp/acp_extensions.php

@@ -12,6 +12,7 @@
 */
 
 use phpbb\exception\exception_interface;
+use phpbb\exception\runtime_exception;
 use phpbb\exception\version_check_exception;
 
 /**
@@ -344,7 +345,7 @@ class acp_extensions
 
 						$this->template->assign_block_vars('updates_available', $updates_available);
 					}
-					catch (exception_interface $e)
+					catch (runtime_exception $e)
 					{
 						$message = call_user_func_array(array($this->user, 'lang'), array_merge(array($e->getMessage()), $e->get_parameters()));
 
@@ -423,7 +424,7 @@ class acp_extensions
 						$enabled_extension_meta_data[$name]['S_VERSIONCHECK'] = true;
 						$enabled_extension_meta_data[$name]['U_VERSIONCHECK_FORCE'] = $this->u_action . '&action=details&versioncheck_force=1&ext_name=' . urlencode($md_manager->get_metadata('name'));
 					}
-					catch (exception_interface $e)
+					catch (runtime_exception $e)
 					{
 						// Ignore exceptions due to the version check
 					}
@@ -433,7 +434,7 @@ class acp_extensions
 					$enabled_extension_meta_data[$name]['S_VERSIONCHECK'] = false;
 				}
 			}
-			catch (exception_interface $e)
+			catch (runtime_exception $e)
 			{
 				$message = call_user_func_array(array($this->user, 'lang'), array_merge(array($e->getMessage()), $e->get_parameters()));
 				$this->template->assign_block_vars('disabled', array(
@@ -501,7 +502,7 @@ class acp_extensions
 			{
 				$disabled_extension_meta_data[$name]['S_VERSIONCHECK'] = false;
 			}
-			catch (exception_interface $e)
+			catch (runtime_exception $e)
 			{
 				$message = call_user_func_array(array($this->user, 'lang'), array_merge(array($e->getMessage()), $e->get_parameters()));
 				$this->template->assign_block_vars('disabled', array(
@@ -572,10 +573,10 @@ class acp_extensions
 			{
 				$available_extension_meta_data[$name]['S_VERSIONCHECK'] = false;
 			}
-			catch (exception_interface $e)
+			catch (runtime_exception $e)
 			{
 				$message = call_user_func_array(array($this->user, 'lang'), array_merge(array($e->getMessage()), $e->get_parameters()));
-				$this->template->assign_block_vars('disabled', array(
+				$this->template->assign_block_vars('not_installed', array(
 					'META_DISPLAY_NAME'		=> $this->user->lang('EXTENSION_INVALID_LIST', $name, $message),
 					'S_VERSIONCHECK'		=> false,
 				));
@@ -589,9 +590,9 @@ class acp_extensions
 			$block_vars['NAME'] = $name;
 			$block_vars['U_DETAILS'] = $this->u_action . '&action=details&ext_name=' . urlencode($name);
 
-			$this->template->assign_block_vars('disabled', $block_vars);
+			$this->template->assign_block_vars('not_installed', $block_vars);
 
-			$this->output_actions('disabled', array(
+			$this->output_actions('not_installed', array(
 				'ENABLE'		=> $this->u_action . '&action=enable_pre&ext_name=' . urlencode($name),
 			));
 		}

phpBB/includes/acp/acp_groups.php

@@ -396,7 +396,7 @@ class acp_groups
 					$allow_desc_urls	= $request->variable('desc_parse_urls', false);
 					$allow_desc_smilies	= $request->variable('desc_parse_smilies', false);
 
-					$submit_ary = array(
+					$submit_ary = [
 						'colour'			=> $request->variable('group_colour', ''),
 						'rank'				=> $request->variable('group_rank', 0),
 						'receive_pm'		=> isset($_REQUEST['group_receive_pm']) ? 1 : 0,
@@ -406,7 +406,13 @@ class acp_groups
 						'max_recipients'	=> $request->variable('group_max_recipients', 0),
 						'founder_manage'	=> 0,
 						'skip_auth'			=> $request->variable('group_skip_auth', 0),
-					);
+
+						// Initialize avatar data
+						'avatar'			=> $avatar_data['avatar'] ?? '',
+						'avatar_type'		=> $avatar_data['avatar_type'] ?? '',
+						'avatar_height'		=> $avatar_data['avatar_height'] ?? 0,
+						'avatar_width'		=> $avatar_data['avatar_width'] ?? 0,
+					];
 
 					if ($user->data['user_type'] == USER_FOUNDER)
 					{

phpBB/includes/acp/acp_logs.php

@@ -51,7 +51,7 @@ class acp_logs
 		$pagination = $phpbb_container->get('pagination');
 
 		// Delete entries if requested and able
-		if (($deletemark || $deleteall) && $auth->acl_get('a_clearlogs'))
+		if (($deleteall || ($deletemark && count($marked))) && $auth->acl_get('a_clearlogs'))
 		{
 			if (confirm_box(true))
 			{

phpBB/includes/acp/acp_main.php

@@ -100,6 +100,20 @@ class acp_main
 					default:
 						$confirm = true;
 						$confirm_lang = 'CONFIRM_OPERATION';
+
+						/**
+						 * Event to add confirm box for custom ACP quick actions
+						 *
+						 * @event core.acp_main_add_actions_confirm
+						 * @var	string	id				The module ID
+						 * @var	string	mode			The module mode
+						 * @var	string	action			Custom action type name
+						 * @var	boolean	confirm			Do we display the confirm box to run the custom action
+						 * @var	string	confirm_lang	Lang var name to display in confirm box
+						 * @since 3.3.15-RC1
+						 */
+						$vars = ['id', 'mode', 'action', 'confirm', 'confirm_lang'];
+						extract($phpbb_dispatcher->trigger_event('core.acp_main_add_actions_confirm', compact($vars)));
 				}
 
 				if ($confirm)
@@ -423,6 +437,19 @@ class acp_main
 							trigger_error('PURGE_SESSIONS_SUCCESS');
 						}
 					break;
+
+					default:
+						/**
+						 * Event to add custom ACP quick actions
+						 *
+						 * @event core.acp_main_add_actions
+						 * @var	string	id				The module ID
+						 * @var	string	mode			The module mode
+						 * @var	string	action			Custom action type name
+						 * @since 3.3.15-RC1
+						 */
+						$vars = ['id', 'mode', 'action'];
+						extract($phpbb_dispatcher->trigger_event('core.acp_main_add_actions', compact($vars)));
 				}
 			}
 		}
@@ -454,10 +481,11 @@ class acp_main
 				$template->assign_vars(array(
 					'S_VERSION_UP_TO_DATE'		=> empty($updates_available),
 					'S_VERSION_UPGRADEABLE'		=> !empty($upgrades_available),
+					'S_VERSIONCHECK_FORCE'		=> (bool) $recheck,
 					'UPGRADE_INSTRUCTIONS'		=> !empty($upgrades_available) ? $user->lang('UPGRADE_INSTRUCTIONS', $upgrades_available['current'], $upgrades_available['announcement']) : false,
 				));
 			}
-			catch (\RuntimeException $e)
+			catch (\phpbb\exception\runtime_exception $e)
 			{
 				$message = call_user_func_array(array($user, 'lang'), array_merge(array($e->getMessage()), $e->get_parameters()));
 				$template->assign_vars(array(

phpBB/includes/acp/acp_users.php

@@ -1088,7 +1088,7 @@ class acp_users
 					$s_action_options .= '<option value="' . $value . '">' . $user->lang['USER_ADMIN_' . $lang] . '</option>';
 				}
 
-				$last_active = (!empty($user_row['session_time'])) ? $user_row['session_time'] : $user_row['user_last_active'];
+				$last_active = $user_row['user_last_active'] ?: ($user_row['session_time'] ?? 0);
 
 				$inactive_reason = '';
 				if ($user_row['user_type'] == USER_INACTIVE)

phpBB/includes/constants.php

@@ -28,7 +28,7 @@ if (!defined('IN_PHPBB'))
 */
 
 // phpBB Version
-@define('PHPBB_VERSION', '3.3.12');
+@define('PHPBB_VERSION', '3.3.15');
 
 // QA-related
 // define('PHPBB_QA', 1);

phpBB/includes/functions.php

@@ -107,9 +107,17 @@ function phpbb_gmgetdate($time = false)
 	}
 
 	// getdate() interprets timestamps in local time.
-	// What follows uses the fact that getdate() and
-	// date('Z') balance each other out.
-	return getdate($time - date('Z'));
+	// So use UTC timezone temporarily to get UTC date info array.
+	$current_timezone = date_default_timezone_get();
+
+	// Set UTC timezone and get respective date info
+	date_default_timezone_set('UTC');
+	$date_info = getdate($time);
+
+	// Restore timezone back
+	date_default_timezone_set($current_timezone);
+
+	return $date_info;
 }
 
 /**
@@ -3028,8 +3036,16 @@ function msg_handler($errno, $msg_text, $errfile, $errline)
 	global $phpbb_root_path, $msg_title, $msg_long_text, $phpbb_log;
 	global $phpbb_container;
 
+	// https://www.php.net/manual/en/language.operators.errorcontrol.php
+	// error_reporting() return a different error code inside the error handler after php 8.0
+	$suppresed = E_ERROR | E_CORE_ERROR | E_COMPILE_ERROR | E_USER_ERROR | E_RECOVERABLE_ERROR | E_PARSE;
+	if (PHP_VERSION_ID < 80000)
+	{
+		$suppresed = 0;
+	}
+
 	// Do not display notices if we suppress them via @
-	if (error_reporting() == 0 && $errno != E_USER_ERROR && $errno != E_USER_WARNING && $errno != E_USER_NOTICE)
+	if (error_reporting() == $suppresed && $errno != E_USER_ERROR && $errno != E_USER_WARNING && $errno != E_USER_NOTICE)
 	{
 		return;
 	}
@@ -4053,7 +4069,7 @@ function page_header($page_title = '', $display_online_list = false, $item_id =
 		'U_SEARCH_UNANSWERED'	=> append_sid("{$phpbb_root_path}search.$phpEx", 'search_id=unanswered'),
 		'U_SEARCH_UNREAD'		=> append_sid("{$phpbb_root_path}search.$phpEx", 'search_id=unreadposts'),
 		'U_SEARCH_ACTIVE_TOPICS'=> append_sid("{$phpbb_root_path}search.$phpEx", 'search_id=active_topics'),
-		'U_DELETE_COOKIES'		=> append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=delete_cookies'),
+		'U_DELETE_COOKIES'		=> $controller_helper->route('phpbb_ucp_delete_cookies_controller'),
 		'U_CONTACT_US'			=> ($config['contact_admin_form_enable'] && $config['email_enable']) ? append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=contactadmin') : '',
 		'U_TEAM'				=> (!$auth->acl_get('u_viewprofile')) ? '' : append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=team'),
 		'U_TERMS_USE'			=> append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=terms'),

phpBB/includes/functions_content.php

@@ -289,7 +289,27 @@ function make_jumpbox($action, $forum_id = false, $select_all = false, $acl_list
 */
 function bump_topic_allowed($forum_id, $topic_bumped, $last_post_time, $topic_poster, $last_topic_poster)
 {
-	global $config, $auth, $user;
+	global $config, $auth, $user, $phpbb_dispatcher;
+
+	/**
+	 * Event to run code before the topic bump checks
+	 *
+	 * @event core.bump_topic_allowed_before
+	 * @var	int		forum_id			ID of the forum
+	 * @var	int		topic_bumped		Flag indicating if the topic was already bumped (0/1)
+	 * @var	int		last_post_time		The time of the topic last post
+	 * @var	int		topic_poster		User ID of the topic author
+	 * @var	int		last_topic_poster	User ID of the topic last post author
+	 * @since 3.3.14-RC1
+	 */
+	$vars = [
+		'forum_id',
+		'topic_bumped',
+		'last_post_time',
+		'topic_poster',
+		'last_topic_poster',
+	];
+	extract($phpbb_dispatcher->trigger_event('core.bump_topic_allowed_before', compact($vars)));
 
 	// Check permission and make sure the last post was not already bumped
 	if (!$auth->acl_get('f_bump', $forum_id) || $topic_bumped)
@@ -312,6 +332,28 @@ function bump_topic_allowed($forum_id, $topic_bumped, $last_post_time, $topic_po
 		return false;
 	}
 
+	/**
+	 * Event to run code after the topic bump checks
+	 *
+	 * @event core.bump_topic_allowed_after
+	 * @var	int		forum_id			ID of the forum
+	 * @var	int		topic_bumped		Flag indicating if the topic was already bumped (0/1)
+	 * @var	int		last_post_time		The time of the topic last post
+	 * @var	int		topic_poster		User ID of the topic author
+	 * @var	int		last_topic_poster	User ID of the topic last post author
+	 * @var	int		bump_time			Bump time range
+	 * @since 3.3.14-RC1
+	 */
+	$vars = [
+		'forum_id',
+		'topic_bumped',
+		'last_post_time',
+		'topic_poster',
+		'last_topic_poster',
+		'bump_time',
+	];
+	extract($phpbb_dispatcher->trigger_event('core.bump_topic_allowed_after', compact($vars)));
+
 	// A bump time of 0 will completely disable the bump feature... not intended but might be useful.
 	return $bump_time;
 }
@@ -325,119 +367,95 @@ function bump_topic_allowed($forum_id, $topic_bumped, $last_post_time, $topic_po
 *
 * @return	string			Context of the specified words separated by "..."
 */
-function get_context($text, $words, $length = 400)
+function get_context(string $text, array $words, int $length = 400): string
 {
-	// first replace all whitespaces with single spaces
-	$text = preg_replace('/ +/', ' ', strtr($text, "\t\n\r\x0C ", '     '));
-
-	// we need to turn the entities back into their original form, to not cut the message in between them
-	$entities = array('<', '>', '[', ']', '.', ':', ':');
-	$characters = array('<', '>', '[', ']', '.', ':', ':');
-	$text = str_replace($entities, $characters, $text);
-
-	$word_indizes = array();
-	if (count($words))
+	if ($length <= 0)
 	{
-		$match = '';
-		// find the starting indizes of all words
-		foreach ($words as $word)
-		{
-			if ($word)
-			{
-				if (preg_match('#(?:[^\w]|^)(' . $word . ')(?:[^\w]|$)#i', $text, $match))
-				{
-					if (empty($match[1]))
-					{
-						continue;
-					}
-
-					$pos = utf8_strpos($text, $match[1]);
-					if ($pos !== false)
-					{
-						$word_indizes[] = $pos;
-					}
-				}
-			}
-		}
-		unset($match);
-
-		if (count($word_indizes))
-		{
-			$word_indizes = array_unique($word_indizes);
-			sort($word_indizes);
-
-			$wordnum = count($word_indizes);
-			// number of characters on the right and left side of each word
-			$sequence_length = (int) ($length / (2 * $wordnum)) - 2;
-			$final_text = '';
-			$word = $j = 0;
-			$final_text_index = -1;
-
-			// cycle through every character in the original text
-			for ($i = $word_indizes[$word], $n = utf8_strlen($text); $i < $n; $i++)
-			{
-				// if the current position is the start of one of the words then append $sequence_length characters to the final text
-				if (isset($word_indizes[$word]) && ($i == $word_indizes[$word]))
-				{
-					if ($final_text_index < $i - $sequence_length - 1)
-					{
-						$final_text .= '... ' . preg_replace('#^([^ ]*)#', '', utf8_substr($text, $i - $sequence_length, $sequence_length));
-					}
-					else
-					{
-						// if the final text is already nearer to the current word than $sequence_length we only append the text
-						// from its current index on and distribute the unused length to all other sequenes
-						$sequence_length += (int) (($final_text_index - $i + $sequence_length + 1) / (2 * $wordnum));
-						$final_text .= utf8_substr($text, $final_text_index + 1, $i - $final_text_index - 1);
-					}
-					$final_text_index = $i - 1;
-
-					// add the following characters to the final text (see below)
-					$word++;
-					$j = 1;
-				}
-
-				if ($j > 0)
-				{
-					// add the character to the final text and increment the sequence counter
-					$final_text .= utf8_substr($text, $i, 1);
-					$final_text_index++;
-					$j++;
-
-					// if this is a whitespace then check whether we are done with this sequence
-					if (utf8_substr($text, $i, 1) == ' ')
-					{
-						// only check whether we have to exit the context generation completely if we haven't already reached the end anyway
-						if ($i + 4 < $n)
-						{
-							if (($j > $sequence_length && $word >= $wordnum) || utf8_strlen($final_text) > $length)
-							{
-								$final_text .= ' ...';
-								break;
-							}
-						}
-						else
-						{
-							// make sure the text really reaches the end
-							$j -= 4;
-						}
-
-						// stop context generation and wait for the next word
-						if ($j > $sequence_length)
-						{
-							$j = 0;
-						}
-					}
-				}
-			}
-			return str_replace($characters, $entities, $final_text);
-		}
+		return $text;
 	}
 
-	if (!count($words) || !count($word_indizes))
+	// We need to turn the entities back into their original form, to not cut the message in between them
+	$text = htmlspecialchars_decode($text);
+
+	// Replace all spaces/invisible characters with single spaces
+	$text = preg_replace("/[\p{Z}\h\v]+/u", ' ', $text);
+
+	$text_length = utf8_strlen($text);
+
+	// Get first occurrence of each word
+	$word_indexes = [];
+	foreach ($words as $word)
 	{
-		return str_replace($characters, $entities, ((utf8_strlen($text) >= $length + 3) ? utf8_substr($text, 0, $length) . '...' : $text));
+		$pos = utf8_stripos($text, $word);
+
+		if ($pos !== false)
+		{
+			$word_indexes[$pos] = $word;
+		}
 	}
+	if (!empty($word_indexes))
+	{
+		ksort($word_indexes);
+
+		// Size of the fragment of text per word
+		$num_indexes = count($word_indexes);
+		$characters_per_word = (int) ($length / $num_indexes) + 2; // 2 to leave one character of margin at the sides to don't cut words
+
+		// Get text fragment indexes
+		$fragments = [];
+		foreach ($word_indexes as $index => $word)
+		{
+			$word_length = utf8_strlen($word);
+			$start = max(0, min($text_length - 1 - $characters_per_word, (int) ($index + ($word_length / 2) - ($characters_per_word / 2))));
+			$end = $start + $characters_per_word;
+
+			// Check if we can merge this fragment into the previous fragment
+			if (!empty($fragments))
+			{
+				[$prev_start, $prev_end] = end($fragments);
+
+				if ($prev_end + $characters_per_word >= $index + $word_length)
+				{
+					array_pop($fragments);
+					$start = $prev_start;
+					$end = $prev_end + $characters_per_word;
+				}
+			}
+
+			$fragments[] = [$start, $end];
+		}
+	}
+	else
+	{
+		// There is no coincidences, so we just create a fragment with the first $length characters
+		$fragments[] = [0, $length];
+		$end = $length;
+	}
+
+	$output = [];
+	foreach ($fragments as [$start, $end])
+	{
+		$fragment = utf8_substr($text, $start, $end - $start + 1);
+
+		$fragment_start = 0;
+		$fragment_end = $end - $start + 1;
+
+		// Find the first valid alphanumeric character in the fragment to don't cut words
+		if ($start > 0 && preg_match('/[^\p{L}\p{N}][\p{L}\p{N}]/u', $fragment, $matches, PREG_OFFSET_CAPTURE))
+		{
+			$fragment_start = utf8_strlen(substr($fragment, 0, (int) $matches[0][1])) + 1;
+		}
+
+		// Find the last valid alphanumeric character in the fragment to don't cut words
+		if ($end < $text_length - 1 && preg_match_all('/[\p{L}\p{N}][^\p{L}\p{N}]/u', $fragment, $matches, PREG_OFFSET_CAPTURE))
+		{
+			$fragment_end = utf8_strlen(substr($fragment, 0, end($matches[0])[1]));
+		}
+
+		$output[] = utf8_substr($fragment, $fragment_start, $fragment_end - $fragment_start + 1);
+	}
+
+	return ($fragments[0][0] !== 0 ? '... ' : '') . utf8_htmlspecialchars(implode(' ... ', $output)) . ($end < $text_length - 1 ? ' ...' : '');
 }
 
 /**

phpBB/includes/functions_display.php

@@ -1603,7 +1603,7 @@ function phpbb_show_profile($data, $user_notes_enabled = false, $warn_user_enabl
 
 	if ($data['user_allow_viewonline'] || $auth->acl_get('u_viewonline'))
 	{
-		$last_active = (!empty($data['session_time'])) ? $data['session_time'] : $data['user_last_active'];
+		$last_active = $data['user_last_active'] ?: ($data['session_time'] ?? 0);
 	}
 	else
 	{

phpBB/includes/functions_messenger.php

@@ -1418,22 +1418,22 @@ class smtp_class
 		global $user;
 
 		// Here we try to determine the *real* hostname (reverse DNS entry preferrably)
-		$local_host = $user->host;
-
-		if (function_exists('php_uname'))
+		if (function_exists('php_uname') && !empty($local_host = php_uname('n')))
 		{
-			$local_host = php_uname('n');
-
 			// Able to resolve name to IP
 			if (($addr = @gethostbyname($local_host)) !== $local_host)
 			{
 				// Able to resolve IP back to name
-				if (($name = @gethostbyaddr($addr)) !== $addr)
+				if (!empty($name = @gethostbyaddr($addr)) && $name !== $addr)
 				{
 					$local_host = $name;
 				}
 			}
 		}
+		else
+		{
+			$local_host = $user->host;
+		}
 
 		// If we are authenticating through pop-before-smtp, we
 		// have to login ones before we get authenticated
@@ -1615,12 +1615,10 @@ class smtp_class
 		$result = false;
 		$stream_meta = stream_get_meta_data($this->socket);
 
-		if (socket_set_blocking($this->socket, 1))
+		if (stream_set_blocking($this->socket, 1))
 		{
-			// https://secure.php.net/manual/en/function.stream-socket-enable-crypto.php#119122
-			$crypto = (phpbb_version_compare(PHP_VERSION, '5.6.7', '<')) ? STREAM_CRYPTO_METHOD_TLS_CLIENT : STREAM_CRYPTO_METHOD_SSLv23_CLIENT;
-			$result = stream_socket_enable_crypto($this->socket, true, $crypto);
-			socket_set_blocking($this->socket, (int) $stream_meta['blocked']);
+			$result = stream_socket_enable_crypto($this->socket, true, STREAM_CRYPTO_METHOD_TLS_CLIENT);
+			stream_set_blocking($this->socket, (int) $stream_meta['blocked']);
 		}
 
 		return $result;

phpBB/includes/functions_module.php

@@ -480,7 +480,7 @@ class p_master
 	*/
 	function set_active($id = false, $mode = false)
 	{
-		global $request;
+		global $auth, $request, $user;
 
 		$icat = false;
 		$this->active_module = false;
@@ -502,6 +502,14 @@ class p_master
 			$id = $this->p_class . '_' . $id;
 		}
 
+		// Fallback to acp main page for special test permission mode
+		if ($this->p_class === 'acp' && $user->data['user_perm_from'] && $auth->acl_get('a_switchperm'))
+		{
+			$id = '';
+			$mode = '';
+			$icat = false;
+		}
+
 		$category = false;
 		foreach ($this->module_ary as $row_id => $item_ary)
 		{

phpBB/includes/functions_privmsgs.php

@@ -1689,7 +1689,7 @@ function submit_pm($mode, $subject, &$data_ary, $put_in_outbox = true)
 	}
 
 	// First of all make sure the subject are having the correct length.
-	$subject = truncate_string($subject);
+	$subject = truncate_string($subject, $mode === 'post' ? 120 : 124);
 
 	$db->sql_transaction('begin');
 

phpBB/includes/functions_user.php

@@ -2759,6 +2759,28 @@ function group_user_add($group_id, $user_id_ary = false, $username_ary = false,
 		return 'GROUP_USERS_EXIST';
 	}
 
+	/**
+	 * Event before users are added to a group
+	 *
+	 * @event core.group_add_user_before
+	 * @var	int		group_id		ID of the group to which users are added
+	 * @var	string 	group_name		Name of the group
+	 * @var	array	user_id_ary		IDs of the users to be added
+	 * @var	array	username_ary	Names of the users to be added
+	 * @var	int		pending			Pending setting, 1 if user(s) added are pending
+	 * @var	array	add_id_ary		IDs of the users to be added who are not members yet
+	 * @since 3.3.15-RC1
+	 */
+	$vars = array(
+		'group_id',
+		'group_name',
+		'user_id_ary',
+		'username_ary',
+		'pending',
+		'add_id_ary',
+	);
+	extract($phpbb_dispatcher->trigger_event('core.group_add_user_before', compact($vars)));
+
 	$db->sql_transaction('begin');
 
 	// Insert the new users

phpBB/includes/mcp/mcp_post.php

@@ -222,6 +222,7 @@ function mcp_post_details($id, $mode, $action)
 		'U_POST_ACTION'			=> "$url&i=$id&mode=post_details", // Use this for action parameters
 		'U_APPROVE_ACTION'		=> append_sid("{$phpbb_root_path}mcp.$phpEx", "i=queue&p=$post_id"),
 
+		'S_CAN_APPROVE'			=> $auth->acl_get('m_approve', $post_info['forum_id']),
 		'S_CAN_VIEWIP'			=> $auth->acl_get('m_info', $post_info['forum_id']),
 		'S_CAN_CHGPOSTER'		=> $auth->acl_get('m_chgposter', $post_info['forum_id']),
 		'S_CAN_LOCK_POST'		=> $auth->acl_get('m_lock', $post_info['forum_id']),

phpBB/includes/mcp/mcp_queue.php

@@ -284,6 +284,7 @@ class mcp_queue
 				$post_data = array(
 					'S_MCP_QUEUE'			=> true,
 					'U_APPROVE_ACTION'		=> append_sid("{$phpbb_root_path}mcp.$phpEx", "i=queue&p=$post_id"),
+					'S_CAN_APPROVE'			=> $auth->acl_get('m_approve', $post_info['forum_id']),
 					'S_CAN_DELETE_POST'		=> $auth->acl_get('m_delete', $post_info['forum_id']),
 					'S_CAN_VIEWIP'			=> $auth->acl_get('m_info', $post_info['forum_id']),
 					'S_POST_REPORTED'		=> $post_info['post_reported'],

phpBB/includes/mcp/mcp_reports.php

@@ -252,6 +252,7 @@ class mcp_reports
 				$report_template = array(
 					'S_MCP_REPORT'			=> true,
 					'S_CLOSE_ACTION'		=> append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=reports&mode=report_details&p=' . $post_id),
+					'S_CAN_APPROVE'			=> $auth->acl_get('m_approve', $post_info['forum_id']),
 					'S_CAN_VIEWIP'			=> $auth->acl_get('m_info', $post_info['forum_id']),
 					'S_POST_REPORTED'		=> $post_info['post_reported'],
 					'S_POST_UNAPPROVED'		=> $post_info['post_visibility'] == ITEM_UNAPPROVED || $post_info['post_visibility'] == ITEM_REAPPROVE,
@@ -260,6 +261,7 @@ class mcp_reports
 					'S_USER_NOTES'			=> true,
 
 					'U_EDIT'					=> ($auth->acl_get('m_edit', $post_info['forum_id'])) ? append_sid("{$phpbb_root_path}posting.$phpEx", "mode=edit&p={$post_info['post_id']}") : '',
+					'U_APPROVE_ACTION'			=> append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=queue&p=' . $post_id),
 					'U_MCP_APPROVE'				=> append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=queue&mode=approve_details&p=' . $post_id),
 					'U_MCP_REPORT'				=> append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=reports&mode=report_details&p=' . $post_id),
 					'U_MCP_REPORTER_NOTES'		=> append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=notes&mode=user_notes&u=' . $report['user_id']),

phpBB/includes/ucp/ucp_prefs.php

@@ -488,6 +488,8 @@ class ucp_prefs
 				}
 
 				$template->assign_vars(array(
+					'S_SIG_ALLOWED'	=> $config['allow_sig'] && $auth->acl_get('u_sig'),
+
 					'S_BBCODE'	=> $data['bbcode'],
 					'S_SMILIES'	=> $data['smilies'],
 					'S_SIG'		=> $data['sig'],

phpBB/includes/utf/utf_tools.php

@@ -72,6 +72,22 @@ function utf8_strpos($str, $needle, $offset = null)
 	}
 }
 
+/**
+* UTF-8 aware alternative to stripos
+* @ignore
+*/
+function utf8_stripos($str, $needle, $offset = null)
+{
+	if (is_null($offset))
+	{
+		return mb_stripos($str, $needle);
+	}
+	else
+	{
+		return mb_stripos($str, $needle, $offset);
+	}
+}
+
 /**
 * UTF-8 aware alternative to strtolower
 * @ignore

phpBB/install/convertors/convert_phpbb20.php

@@ -38,7 +38,7 @@ $dbms = $phpbb_config_php_file->convert_30_dbms_to_31($dbms);
 $convertor_data = array(
 	'forum_name'	=> 'phpBB 2.0.x',
 	'version'		=> '1.0.3',
-	'phpbb_version'	=> '3.3.12',
+	'phpbb_version'	=> '3.3.15',
 	'author'		=> '<a href="https://www.phpbb.com/">phpBB Limited</a>',
 	'dbms'			=> $dbms,
 	'dbhost'		=> $dbhost,

phpBB/install/convertors/functions_phpbb20.php

@@ -1418,9 +1418,9 @@ function phpbb_attachment_extension_group_name()
 	$result = $db->sql_query($sql);
 
 	$extension_groups_updated = array();
-	while ($lang_dir = $db->sql_fetchfield('lang_dir'))
+	while ($row = $db->sql_fetchrow($result))
 	{
-		$lang_dir = basename($lang_dir);
+		$lang_dir = basename($row['lang_dir']);
 		$lang_file = $phpbb_root_path . 'language/' . $lang_dir . '/acp/attachments.' . $phpEx;
 
 		if (!file_exists($lang_file))

phpBB/install/phpbbcli.php

@@ -23,7 +23,7 @@ if (php_sapi_name() !== 'cli')
 define('IN_PHPBB', true);
 define('IN_INSTALL', true);
 define('PHPBB_ENVIRONMENT', 'production');
-define('PHPBB_VERSION', '3.3.12');
+define('PHPBB_VERSION', '3.3.15');
 $phpbb_root_path = __DIR__ . '/../';
 $phpEx = substr(strrchr(__FILE__, '.'), 1);
 

phpBB/install/schemas/schema_data.sql

@@ -316,7 +316,7 @@ INSERT INTO phpbb_config (config_name, config_value) VALUES ('update_hashes_lock
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('upload_icons_path', 'images/upload_icons');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('upload_path', 'files');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('use_system_cron', '0');
-INSERT INTO phpbb_config (config_name, config_value) VALUES ('version', '3.3.12');
+INSERT INTO phpbb_config (config_name, config_value) VALUES ('version', '3.3.15');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('warnings_expire_days', '90');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('warnings_gc', '14400');
 

phpBB/install/startup.php

@@ -51,7 +51,15 @@ function installer_msg_handler($errno, $msg_text, $errfile, $errline)
 {
 	global $phpbb_installer_container, $msg_long_text;
 
-	if (error_reporting() == 0)
+	// Acording to https://www.php.net/manual/en/language.operators.errorcontrol.php
+	// error_reporting() return a different error code inside the error handler after php 8.0
+	$suppresed = E_ERROR | E_CORE_ERROR | E_COMPILE_ERROR | E_USER_ERROR | E_RECOVERABLE_ERROR | E_PARSE;
+	if (PHP_VERSION_ID < 80000)
+	{
+		$suppresed = 0;
+	}
+
+	if (error_reporting() == $suppresed)
 	{
 		return true;
 	}

phpBB/language/en/acp/board.php

@@ -493,8 +493,8 @@ $lang = array_merge($lang, array(
 	'SMILIES_PATH_EXPLAIN'		=> 'Path under your phpBB root directory, e.g. <samp>images/smilies</samp>.',
 	'UPLOAD_ICONS_PATH'			=> 'Extension group icons storage path',
 	'UPLOAD_ICONS_PATH_EXPLAIN'	=> 'Path under your phpBB root directory, e.g. <samp>images/upload_icons</samp>.',
-	'USE_SYSTEM_CRON'		=> 'Run periodic tasks from system cron',
-	'USE_SYSTEM_CRON_EXPLAIN'		=> 'When off, phpBB will arrange for periodic tasks to be run automatically. When on, phpBB will not schedule any periodic tasks by itself; a system administrator must arrange for <code>bin/phpbbcli.php cron:run</code> to be run by the system cron facility at regular intervals (e.g. every 5 minutes).',
+	'USE_SYSTEM_CRON'			=> 'Run periodic tasks from operating system cron',
+	'USE_SYSTEM_CRON_EXPLAIN'	=> 'When disabled, phpBB will arrange for periodic tasks to be run automatically. When enabled, phpBB will not schedule any periodic tasks by itself; a system administrator must arrange for <code>bin/phpbbcli.php cron:run</code> to be run by the operating system cron facility at regular intervals (e.g. every 5 minutes).',
 ));
 
 // Security Settings

phpBB/language/en/acp/extensions.php

@@ -47,8 +47,9 @@ $lang = array_merge($lang, array(
 
 	'DETAILS'				=> 'Details',
 
-	'EXTENSIONS_DISABLED'	=> 'Disabled Extensions',
-	'EXTENSIONS_ENABLED'	=> 'Enabled Extensions',
+	'EXTENSIONS_NOT_INSTALLED'	=> 'Not installed Extensions',
+	'EXTENSIONS_DISABLED'		=> 'Disabled Extensions',
+	'EXTENSIONS_ENABLED'		=> 'Enabled Extensions',
 
 	'EXTENSION_DELETE_DATA'	=> 'Delete data',
 	'EXTENSION_DISABLE'		=> 'Disable',

phpBB/language/en/acp/posting.php

@@ -88,6 +88,20 @@ $lang = array_merge($lang, array(
 		'LOCAL_URL'		=> 'A local URL. The URL must be relative to the topic page and cannot contain a server name or protocol, as links are prefixed with “%s”',
 		'RELATIVE_URL'	=> 'A relative URL. You can use this to match parts of a URL, but be careful: a full URL is a valid relative URL. When you want to use relative URLs of your board, use the LOCAL_URL token.',
 		'COLOR'			=> 'A HTML colour, can be either in the numeric form <samp>#FF1234</samp> or a <a href="http://www.w3.org/TR/CSS21/syndata.html#value-def-color">CSS colour keyword</a> such as <samp>fuchsia</samp> or <samp>InactiveBorder</samp>',
+		'ALNUM'			=> 'Characters from the latin alphabet (A-Z) and numbers.',
+		'CHOICE'		=> 'A choice of specified values, e.g. <samp>{CHOICE=spades,hearts,diamonds,clubs}</samp>. The values are treated as case-insensitive by default and can be treated case-sensitive by specifying the <samp>caseSensitive</samp> option: <samp>{CHOICE=Spades,Hearts,Diamonds,Clubs;caseSensitive}</samp>',
+		'FLOAT'			=> 'A decimal value, e.g. <samp>0.5</samp>.',
+		'HASHMAP'		=> 'Maps strings to their replacement in the form <samp>{HASHMAP=string1:replacement1,string2:replacement2}</samp>. Case-sensitive. Preserves unknown values by default.',
+		'INT'			=> 'An integer value, e.g. <samp>2</samp>.',
+		'IP'			=> 'A valid IPv4 or IPv6 address.',
+		'IPPORT'		=> 'A valid IPv4 or IPv6 address with port number.',
+		'IPV4'			=> 'A valid IPv4 address.',
+		'IPV6'			=> 'A valid IPv6 address.',
+		'MAP'			=> 'Maps strings to their replacement in the form <samp>{MAP=string1:replacement1,string2:replacement2}</samp>. Case-insensitive. Preserves unknown values by default.',
+		'RANGE'			=> 'Accepts an integer in the given range, e.g. <samp>{RANGE=-10,42}</samp>.',
+		'REGEXP'		=> 'Validates its value against a given regexp, e.g. <samp>{REGEXP=/^foo\w+bar$/}</samp>.',
+		'TIMESTAMP'		=> 'A timestamp such as <samp>1h30m10s</samp> which will be converted to a number of seconds. Also accepts a number.',
+		'UINT'			=> 'An unsigned integer value. Same as <samp>{INT}</samp>, but rejects values less than 0.',
 	),
 ));
 

phpBB/language/en/cli.php

@@ -75,6 +75,7 @@ $lang = array_merge($lang, array(
 	'CLI_DESCRIPTION_REPARSER_REPARSE'					=> 'Reparses stored text with the current text_formatter services.',
 	'CLI_DESCRIPTION_REPARSER_REPARSE_ARG_1'			=> 'Type of text to reparse. Leave blank to reparse everything.',
 	'CLI_DESCRIPTION_REPARSER_REPARSE_OPT_DRY_RUN'		=> 'Do not save any changes; just print what would happen',
+	'CLI_DESCRIPTION_REPARSER_REPARSE_OPT_FORCE_BBCODE'	=> 'Re-parse all BBCodes without exception. Note that any previously disabled BBCodes will be reprocessed, enabled, and fully rendered.',
 	'CLI_DESCRIPTION_REPARSER_REPARSE_OPT_RANGE_MIN'	=> 'Lowest record ID to process',
 	'CLI_DESCRIPTION_REPARSER_REPARSE_OPT_RANGE_MAX'	=> 'Highest record ID to process',
 	'CLI_DESCRIPTION_REPARSER_REPARSE_OPT_RANGE_SIZE'	=> 'Approximate number of records to process at a time',
@@ -108,6 +109,8 @@ $lang = array_merge($lang, array(
 	'CLI_DESCRIPTION_USER_ADD_OPTION_NOTIFY'	=> 'Send account activation email to the new user (not sent by default)',
 	'CLI_DESCRIPTION_USER_DELETE'				=> 'Delete a user account.',
 	'CLI_DESCRIPTION_USER_DELETE_USERNAME'		=> 'Username of the user to delete',
+	'CLI_DESCRIPTION_USER_DELETE_ID'			=> 'Delete user accounts by ID.',
+	'CLI_DESCRIPTION_USER_DELETE_ID_OPTION_ID'	=> 'User IDs of the users to delete',
 	'CLI_DESCRIPTION_USER_DELETE_OPTION_POSTS'	=> 'Delete all posts by the user. Without this option, the user’s posts will be retained.',
 	'CLI_DESCRIPTION_USER_RECLEAN'				=> 'Re-clean usernames.',
 
@@ -155,10 +158,14 @@ $lang = array_merge($lang, array(
 	'CLI_THUMBNAIL_NOTHING_TO_GENERATE'	=> 'No thumbnails to generate.',
 	'CLI_THUMBNAIL_NOTHING_TO_DELETE'	=> 'No thumbnails to delete.',
 
-	'CLI_USER_ADD_SUCCESS'		=> 'Successfully added user %s.',
-	'CLI_USER_DELETE_CONFIRM'	=> 'Are you sure you want to delete ‘%s’? [y/N]',
-	'CLI_USER_RECLEAN_START'	=> 'Re-cleaning usernames',
-	'CLI_USER_RECLEAN_DONE'		=> [
+	'CLI_USER_ADD_SUCCESS'			=> 'Successfully added user %s.',
+	'CLI_USER_DELETE_CONFIRM'		=> 'Are you sure you want to delete ‘%s’? [y/N]',
+	'CLI_USER_DELETE_ID_CONFIRM'	=> 'Are you sure you want to delete the user IDs ‘%s’? [y/N]',
+	'CLI_USER_DELETE_ID_SUCCESS'	=> 'Successfully deleted user IDs.',
+	'CLI_USER_DELETE_ID_START'		=> 'Deleting users by ID',
+	'CLI_USER_DELETE_NONE'			=> 'No users were deleted by user ID.',
+	'CLI_USER_RECLEAN_START'		=> 'Re-cleaning usernames',
+	'CLI_USER_RECLEAN_DONE'			=> [
 		0	=> 'Re-cleaning complete. No usernames needed to be cleaned.',
 		1	=> 'Re-cleaning complete. %d username was cleaned.',
 		2	=> 'Re-cleaning complete. %d usernames were cleaned.',

phpBB/language/en/common.php

@@ -357,6 +357,7 @@ $lang = array_merge($lang, array(
 	'HIDE_ME'						=> 'Hide my online status this session',
 	'HOURS'							=> 'Hours',
 	'HOME'							=> 'Home',
+	'HTTP_HANDLER_NOT_FOUND'		=> 'The operation could not be completed because the cURL PHP extension and allow_url_fopen PHP ini setting have been disabled and no other HTTP handler could be found.',
 
 	'ICQ'						=> 'ICQ',
 	'IF'						=> 'If',

phpBB/language/en/help/faq.php

@@ -158,7 +158,7 @@ $lang = array_merge($lang, array(
 	'HELP_FAQ_SEARCH_BLANK_QUESTION'	=> 'Why does my search return a blank page!?',
 	'HELP_FAQ_SEARCH_FORUM_ANSWER'	=> 'Enter a search term in the search box located on the index, forum or topic pages. Advanced search can be accessed by clicking the “Advance Search” link which is available on all pages on the forum. How to access the search may depend on the style used.',
 	'HELP_FAQ_SEARCH_FORUM_QUESTION'	=> 'How can I search a forum or forums?',
-	'HELP_FAQ_SEARCH_MEMBERS_ANSWER'	=> 'Visit to the “Members” page and click the “Find a member” link.',
+	'HELP_FAQ_SEARCH_MEMBERS_ANSWER'	=> 'Visit the memberlist and click the “Find a member” link.',
 	'HELP_FAQ_SEARCH_MEMBERS_QUESTION'	=> 'How do I search for members?',
 	'HELP_FAQ_SEARCH_NO_RESULT_ANSWER'	=> 'Your search was probably too vague and included many common terms which are not indexed by phpBB. Be more specific and use the options available within Advanced search.',
 	'HELP_FAQ_SEARCH_NO_RESULT_QUESTION'	=> 'Why does my search return no results?',

phpBB/language/en/viewtopic.php

@@ -112,6 +112,7 @@ $lang = array_merge($lang, array(
 	'VIEW_INFO'				=> 'Post details',
 	'VIEW_NEXT_TOPIC'		=> 'Next topic',
 	'VIEW_PREVIOUS_TOPIC'	=> 'Previous topic',
+	'VIEW_QUOTED_POST'		=> 'View quoted post',
 	'VIEW_RESULTS'			=> 'View results',
 	'VIEW_TOPIC_POSTS'		=> array(
 		1	=> '%d post',

phpBB/memberlist.php

@@ -816,11 +816,26 @@ switch ($mode)
 		* Modify user's template vars before we display the profile
 		*
 		* @event core.memberlist_modify_view_profile_template_vars
-		* @var	array	template_ary	Array with user's template vars
+		* @var	array	template_ary			Array with user's template vars
+		* @var	int		user_id					The user ID
+		* @var	bool	user_notes_enabled		Is the mcp user notes module enabled?
+		* @var	bool	warn_user_enabled		Is the mcp warnings module enabled?
+		* @var	bool	friends_enabled			Is the ucp friends module enabled?
+		* @var	bool	foes_enabled			Is the ucp foes module enabled?
+		* @var	bool    friend					Is the user friend?
+		* @var	bool	foe						Is the user foe?
 		* @since 3.2.6-RC1
+		* @changed 3.3.15-RC1 Added vars user_id, user_notes_enabled, warn_user_enabled, friend, friends_enabled, foe, foes_enabled
 		*/
 		$vars = array(
 			'template_ary',
+			'user_id',
+			'user_notes_enabled',
+			'warn_user_enabled',
+			'friend',
+			'friends_enabled',
+			'foe',
+			'foes_enabled',
 		);
 		extract($phpbb_dispatcher->trigger_event('core.memberlist_modify_view_profile_template_vars', compact($vars)));
 
@@ -941,10 +956,19 @@ switch ($mode)
 		}
 		else if ($topic_id)
 		{
-			$sql = 'SELECT f.parent_id, f.forum_parents, f.left_id, f.right_id, f.forum_type, f.forum_name, f.forum_id, f.forum_desc, f.forum_desc_uid, f.forum_desc_bitfield, f.forum_desc_options, f.forum_options, t.topic_title
-					FROM ' . FORUMS_TABLE . ' as f,
-						' . TOPICS_TABLE . ' as t
-					WHERE t.forum_id = f.forum_id';
+			// Generate the navlinks based on the selected topic
+			$navlinks_sql_array = [
+				'SELECT'    => 'f.parent_id, f.forum_parents, f.left_id, f.right_id, f.forum_type, f.forum_name, 
+					f.forum_id, f.forum_desc, f.forum_desc_uid, f.forum_desc_bitfield, f.forum_desc_options, 
+					f.forum_options, t.topic_title',
+				'FROM'      => [
+					FORUMS_TABLE  => 'f',
+					TOPICS_TABLE  => 't',
+				],
+				'WHERE'     => 't.forum_id = f.forum_id AND t.topic_id = ' . (int) $topic_id,
+			];
+
+			$sql = $db->sql_build_query('SELECT', $navlinks_sql_array);
 			$result = $db->sql_query($sql);
 			$topic_data = $db->sql_fetchrow($result);
 			$db->sql_freeresult($result);
@@ -1366,10 +1390,10 @@ switch ($mode)
 
 		$order_by .= $sort_key_sql[$sort_key] . ' ' . (($sort_dir == 'a') ? 'ASC' : 'DESC');
 
-		// Unfortunately we must do this here for sorting by rank, else the sort order is applied wrongly
-		if ($sort_key == 'm')
+		// For sorting by non-unique columns (rank, posts) add unique sort key to avoid duplicated rows in results
+		if ($sort_key == 'm' || $sort_key == 'd')
 		{
-			$order_by .= ', u.user_posts DESC';
+			$order_by .= ', u.user_id ASC';
 		}
 
 		/**
@@ -1713,7 +1737,7 @@ switch ($mode)
 			{
 				$row['session_time'] = $session_ary[$row['user_id']]['session_time'] ?? 0;
 				$row['session_viewonline'] = $session_ary[$row['user_id']]['session_viewonline'] ?? 0;
-				$row['last_visit'] = (!empty($row['session_time'])) ? $row['session_time'] : $row['user_last_active'];
+				$row['last_visit'] = $row['user_last_active'] ?: $row['session_time'];
 
 				$id_cache[$row['user_id']] = $row;
 			}

phpBB/phpbb/.htaccess

@@ -0,0 +1,25 @@
+# With Apache 2.4 the "Order, Deny" syntax has been deprecated and moved from
+# module mod_authz_host to a new module called mod_access_compat (which may be
+# disabled) and a new "Require" syntax has been introduced to mod_authz_core.
+# We could just conditionally provide both versions, but unfortunately Apache
+# does not explicitly tell us its version if the module mod_version is not
+# available. In this case, we check for the availability of module
+# mod_authz_core (which should be on 2.4 or higher only) as a best guess.
+<IfModule mod_version.c>
+	<IfVersion < 2.4>
+		Order Allow,Deny
+		Deny from All
+	</IfVersion>
+	<IfVersion >= 2.4>
+		Require all denied
+	</IfVersion>
+</IfModule>
+<IfModule !mod_version.c>
+	<IfModule !mod_authz_core.c>
+		Order Allow,Deny
+		Deny from All
+	</IfModule>
+	<IfModule mod_authz_core.c>
+		Require all denied
+	</IfModule>
+</IfModule>

phpBB/phpbb/auth/auth.php

@@ -776,7 +776,7 @@ class auth
 
 		$sql_group = ($group_id !== false) ? ((!is_array($group_id)) ? 'group_id = ' . (int) $group_id : $db->sql_in_set('group_id', array_map('intval', $group_id))) : '';
 		$sql_forum = ($forum_id !== false) ? ((!is_array($forum_id)) ? 'AND a.forum_id = ' . (int) $forum_id : 'AND ' . $db->sql_in_set('a.forum_id', array_map('intval', $forum_id))) : '';
-		$sql_is_local = $forum_id !== false ? 'AND ao.is_local <> 0' : '';
+		$sql_is_local = !empty($forum_id) ? 'AND ao.is_local <> 0' : '';
 
 		$sql_opts = '';
 		$hold_ary = $sql_ary = array();

phpBB/phpbb/avatar/driver/gravatar.php

@@ -21,7 +21,7 @@ class gravatar extends \phpbb\avatar\driver\driver
 	/**
 	* The URL for the gravatar service
 	*/
-	const GRAVATAR_URL = '//secure.gravatar.com/avatar/';
+	const GRAVATAR_URL = '//gravatar.com/avatar/';
 
 	/**
 	* {@inheritdoc}
@@ -29,7 +29,7 @@ class gravatar extends \phpbb\avatar\driver\driver
 	public function get_data($row)
 	{
 		return array(
-			'src' => $row['avatar'],
+			'src' => $this->get_gravatar_url($row),
 			'width' => $row['avatar_width'],
 			'height' => $row['avatar_height'],
 		);
@@ -53,7 +53,7 @@ class gravatar extends \phpbb\avatar\driver\driver
 	{
 		$template->assign_vars(array(
 			'AVATAR_GRAVATAR_WIDTH' => (($row['avatar_type'] == $this->get_name() || $row['avatar_type'] == 'gravatar') && $row['avatar_width']) ? $row['avatar_width'] : $request->variable('avatar_gravatar_width', ''),
-			'AVATAR_GRAVATAR_HEIGHT' => (($row['avatar_type'] == $this->get_name() || $row['avatar_type'] == 'gravatar') && $row['avatar_height']) ? $row['avatar_height'] : $request->variable('avatar_gravatar_width', ''),
+			'AVATAR_GRAVATAR_HEIGHT' => (($row['avatar_type'] == $this->get_name() || $row['avatar_type'] == 'gravatar') && $row['avatar_height']) ? $row['avatar_height'] : $request->variable('avatar_gravatar_height', ''),
 			'AVATAR_GRAVATAR_EMAIL' => (($row['avatar_type'] == $this->get_name() || $row['avatar_type'] == 'gravatar') && $row['avatar']) ? $row['avatar'] : '',
 		));
 
@@ -175,7 +175,7 @@ class gravatar extends \phpbb\avatar\driver\driver
 		global $phpbb_dispatcher;
 
 		$url = self::GRAVATAR_URL;
-		$url .=  md5(strtolower(trim($row['avatar'])));
+		$url .= hash('sha256', strtolower(trim($row['avatar'])));
 
 		if ($row['avatar_width'] || $row['avatar_height'])
 		{

phpBB/phpbb/cache/driver/file.php

@@ -330,6 +330,27 @@ class file extends \phpbb\cache\driver\base
 		return $query_result;
 	}
 
+	/**
+	 * Cleanup when loading invalid data global file
+	 *
+	 * @param string $file Filename
+	 * @param resource $handle
+	 *
+	 * @return void
+	 */
+	private function cleanup_invalid_data_global(string $file, $handle): void
+	{
+		if (is_resource($handle))
+		{
+			fclose($handle);
+		}
+
+		$this->vars = $this->var_expires = [];
+		$this->is_modified = false;
+
+		$this->remove_file($file);
+	}
+
 	/**
 	* Read cached data from a specified file
 	*
@@ -372,14 +393,7 @@ class file extends \phpbb\cache\driver\base
 
 				if (!is_numeric($bytes) || ($bytes = (int) $bytes) === 0)
 				{
-					// We cannot process the file without a valid number of bytes
-					// so we discard it
-					fclose($handle);
-
-					$this->vars = $this->var_expires = array();
-					$this->is_modified = false;
-
-					$this->remove_file($file);
+					$this->cleanup_invalid_data_global($file, $handle);
 
 					return false;
 				}
@@ -392,9 +406,17 @@ class file extends \phpbb\cache\driver\base
 				}
 
 				$var_name = substr(fgets($handle), 0, -1);
+				$data_length = $bytes - strlen($var_name);
+
+				if ($data_length <= 0)
+				{
+					$this->cleanup_invalid_data_global($file, $handle);
+
+					return false;
+				}
 
 				// Read the length of bytes that consists of data.
-				$data = fread($handle, $bytes - strlen($var_name));
+				$data = fread($handle, $data_length);
 				$data = @unserialize($data);
 
 				// Don't use the data if it was invalid

phpBB/phpbb/cache/driver/redis.php

@@ -129,6 +129,10 @@ class redis extends \phpbb\cache\driver\memory
 	/**
 	* Store data in the cache
 	*
+	* For the info, see https://phpredis.github.io/phpredis/Redis.html#method_set,
+	* https://redis.io/docs/latest/commands/set/
+	* and https://redis.io/docs/latest/commands/expire/#appendix-redis-expires
+	*
 	* @access protected
 	* @param string $var Cache key
 	* @param mixed $data Data to store
@@ -137,11 +141,7 @@ class redis extends \phpbb\cache\driver\memory
 	*/
 	function _write($var, $data, $ttl = 2592000)
 	{
-		if ($ttl == 0)
-		{
-			return $this->redis->set($var, $data);
-		}
-		return $this->redis->setex($var, $ttl, $data);
+		return $this->redis->set($var, $data, ['EXAT' => time() + $ttl]);
 	}
 
 	/**

phpBB/phpbb/captcha/plugins/recaptcha_v3.php

@@ -359,6 +359,7 @@ class recaptcha_v3 extends captcha_abstract
 		if ($result->isSuccess())
 		{
 			$this->solved = true;
+			$this->confirm_code = $this->code;
 
 			return false;
 		}

phpBB/phpbb/console/command/fixup/update_hashes.php

@@ -100,7 +100,15 @@ class update_hashes extends \phpbb\console\command\command
 		while ($row = $this->db->sql_fetchrow($result))
 		{
 			$old_hash = preg_replace('/^\$CP\$/', '', $row['user_password']);
-			$new_hash = $this->passwords_manager->hash($old_hash, array($this->default_type));
+
+			// If stored hash type is unknown then it's md5 hash with no prefix
+			// First rehash it using $H$ as hash type identifier (salted_md5)
+			if (!$this->passwords_manager->detect_algorithm($old_hash))
+			{
+				$old_hash = $this->passwords_manager->hash($old_hash, '$H$');
+			}
+
+			$new_hash = $this->passwords_manager->hash($old_hash, [$this->default_type]);
 
 			$sql = 'UPDATE ' . USERS_TABLE . "
 					SET user_password = '" . $this->db->sql_escape($new_hash) . "'

phpBB/phpbb/console/command/reparser/reparse.php

@@ -92,6 +92,12 @@ class reparse extends \phpbb\console\command\command
 				InputOption::VALUE_NONE,
 				$this->user->lang('CLI_DESCRIPTION_REPARSER_REPARSE_OPT_DRY_RUN')
 			)
+			->addOption(
+				'force-bbcode-reparsing',
+				null,
+				InputOption::VALUE_NONE,
+				$this->user->lang('CLI_DESCRIPTION_REPARSER_REPARSE_OPT_FORCE_BBCODE')
+			)
 			->addOption(
 				'resume',
 				null,
@@ -222,13 +228,15 @@ class reparse extends \phpbb\console\command\command
 
 		// Start from $max and decrement $current by $size until we reach $min
 		$current = $max;
+
+		$force_bbcode_reparsing = (bool) $this->get_option('force-bbcode-reparsing');
 		while ($current >= $min)
 		{
 			$start = max($min, $current + 1 - $size);
 			$end   = max($min, $current);
 
 			$progress->setMessage($this->user->lang('CLI_REPARSER_REPARSE_REPARSING', $reparser->get_name(), $start, $end));
-			$reparser->reparse_range($start, $end);
+			$reparser->reparse_range($start, $end, $force_bbcode_reparsing);
 
 			$current = $start - 1;
 			$progress->setProgress($max + 1 - $start);

phpBB/phpbb/console/command/user/add.php

@@ -337,7 +337,7 @@ class add extends command
 
 			$sql_ary = [
 				'user_actkey'				=> $user_actkey,
-				'user_actkey_expiration'	=> \phpbb\user::get_token_expiration(),
+				'user_actkey_expiration'	=> user::get_token_expiration(),
 			];
 
 			$sql = 'UPDATE ' . USERS_TABLE . '

phpBB/phpbb/console/command/user/delete_id.php

@@ -0,0 +1,227 @@
+<?php
+/**
+ *
+ * This file is part of the phpBB Forum Software package.
+ *
+ * @copyright (c) phpBB Limited <https://www.phpbb.com>
+ * @license GNU General Public License, version 2 (GPL-2.0)
+ *
+ * For full copyright and license information, please see
+ * the docs/CREDITS.txt file.
+ *
+ */
+
+namespace phpbb\console\command\user;
+
+use phpbb\console\command\command;
+use phpbb\db\driver\driver_interface;
+use phpbb\language\language;
+use phpbb\log\log_interface;
+use phpbb\user;
+use phpbb\user_loader;
+use Symfony\Component\Console\Input\InputArgument;
+use Symfony\Component\Console\Input\InputInterface;
+use Symfony\Component\Console\Input\InputOption;
+use Symfony\Component\Console\Output\OutputInterface;
+use Symfony\Component\Console\Question\ConfirmationQuestion;
+use Symfony\Component\Console\Style\SymfonyStyle;
+
+class delete_id extends command
+{
+	/** @var driver_interface */
+	protected $db;
+
+	/** @var language */
+	protected $language;
+
+	/** @var log_interface */
+	protected $log;
+
+	/** @var user_loader */
+	protected $user_loader;
+
+	/** @var string Bots table */
+	protected $bots_table;
+
+	/** @var string User group table */
+	protected $user_group_table;
+
+	/** @var string Users table */
+	protected $users_table;
+
+	/** @var string phpBB root path */
+	protected $phpbb_root_path;
+
+	/** @var string PHP extension */
+	protected $php_ext;
+
+	/**
+	 * Construct method
+	 *
+	 * @param driver_interface $db
+	 * @param language         $language
+	 * @param log_interface    $log
+	 * @param user             $user
+	 * @param user_loader      $user_loader
+	 * @param string           $bots_table
+	 * @param string           $user_group_table
+	 * @param string           $users_table
+	 * @param string           $phpbb_root_path
+	 * @param string           $php_ext
+	 */
+	public function __construct(driver_interface $db, language $language, log_interface $log, user $user, user_loader $user_loader,
+								string $bots_table, string $user_group_table, string $users_table, string $phpbb_root_path, string $php_ext)
+	{
+		$this->db = $db;
+		$this->language = $language;
+		$this->log = $log;
+		$this->user_loader = $user_loader;
+		$this->bots_table = $bots_table;
+		$this->user_group_table = $user_group_table;
+		$this->users_table = $users_table;
+		$this->phpbb_root_path = $phpbb_root_path;
+		$this->php_ext = $php_ext;
+
+		$this->language->add_lang('acp/users');
+		parent::__construct($user);
+	}
+
+	/**
+	 * Sets the command name and description
+	 *
+	 * @return void
+	 */
+	protected function configure(): void
+	{
+		$this
+			->setName('user:delete_id')
+			->setDescription($this->language->lang('CLI_DESCRIPTION_USER_DELETE_ID'))
+			->addArgument(
+				'user_ids',
+				InputArgument::REQUIRED | InputArgument::IS_ARRAY,
+				$this->language->lang('CLI_DESCRIPTION_USER_DELETE_ID_OPTION_ID')
+			)
+			->addOption(
+				'delete-posts',
+				null,
+				InputOption::VALUE_NONE,
+				$this->language->lang('CLI_DESCRIPTION_USER_DELETE_OPTION_POSTS')
+			)
+		;
+	}
+
+	/**
+	 * Executes the command user:delete_ids
+	 *
+	 * Deletes a list of user ids from the database. An option to delete the users' posts
+	 * is available, by default posts will be retained.
+	 *
+	 * @param InputInterface  $input  The input stream used to get the options
+	 * @param OutputInterface $output The output stream, used to print messages
+	 *
+	 * @return int 0 if all is well, 1 if any errors occurred
+	 */
+	protected function execute(InputInterface $input, OutputInterface $output): int
+	{
+		$user_ids = $input->getArgument('user_ids');
+		$mode = ($input->getOption('delete-posts')) ? 'remove' : 'retain';
+		$deleted_users = 0;
+		$io = new SymfonyStyle($input, $output);
+
+		if (count($user_ids) > 0)
+		{
+			$this->user_loader->load_users($user_ids);
+
+			$progress = $this->create_progress_bar(count($user_ids), $io, $output);
+			$progress->setMessage($this->language->lang('CLI_USER_DELETE_ID_START'));
+			$progress->start();
+
+			foreach ($user_ids as $user_id)
+			{
+				$user_row = $this->user_loader->get_user($user_id);
+
+				// Skip anonymous user
+				if ($user_row['user_id'] == ANONYMOUS)
+				{
+					$progress->advance();
+					continue;
+				}
+				else if ($user_row['user_type'] == USER_IGNORE)
+				{
+					$this->delete_bot_user($user_row);
+				}
+				else
+				{
+					if (!function_exists('user_delete'))
+					{
+						require($this->phpbb_root_path . 'includes/functions_user.' . $this->php_ext);
+					}
+
+					user_delete($mode, $user_row['user_id'], $user_row['username']);
+
+					$this->log->add('admin', ANONYMOUS, '', 'LOG_USER_DELETED', false, array($user_row['username']));
+				}
+
+				$progress->advance();
+				$deleted_users++;
+			}
+
+			$progress->finish();
+
+			if ($deleted_users > 0)
+			{
+				$io->success($this->language->lang('CLI_USER_DELETE_ID_SUCCESS'));
+			}
+		}
+
+		if (!$deleted_users)
+		{
+			$io->note($this->language->lang('CLI_USER_DELETE_NONE'));
+		}
+
+		return 0;
+	}
+
+	/**
+	 * Interacts with the user.
+	 * Confirm they really want to delete the account...last chance!
+	 *
+	 * @param InputInterface  $input  An InputInterface instance
+	 * @param OutputInterface $output An OutputInterface instance
+	 */
+	protected function interact(InputInterface $input, OutputInterface $output): void
+	{
+		$helper = $this->getHelper('question');
+
+		$user_ids = $input->getArgument('user_ids');
+		if (count($user_ids) > 0)
+		{
+			$question = new ConfirmationQuestion(
+				$this->language->lang('CLI_USER_DELETE_ID_CONFIRM', implode(',', $user_ids)),
+				false
+			);
+
+			if (!$helper->ask($input, $output, $question))
+			{
+				$input->setArgument('user_ids', []);
+			}
+		}
+	}
+
+	/**
+	 * Deletes a bot user
+	 *
+	 * @param array $user_row
+	 * @return void
+	 */
+	protected function delete_bot_user(array $user_row): void
+	{
+		$delete_tables = [$this->bots_table, $this->user_group_table, $this->users_table];
+		foreach ($delete_tables as $table)
+		{
+			$sql = "DELETE FROM $table
+				WHERE user_id = " . (int) $user_row['user_id'];
+			$this->db->sql_query($sql);
+		}
+	}
+}

phpBB/phpbb/cron/task/core/update_hashes.php

@@ -107,7 +107,15 @@ class update_hashes extends \phpbb\cron\task\base
 			while ($row = $this->db->sql_fetchrow($result))
 			{
 				$old_hash = preg_replace('/^\$CP\$/', '', $row['user_password']);
-				$new_hash = $this->passwords_manager->hash($old_hash, array($this->default_type));
+
+				// If stored hash type is unknown then it's md5 hash with no prefix
+				// First rehash it using $H$ as hash type identifier (salted_md5)
+				if (!$this->passwords_manager->detect_algorithm($old_hash))
+				{
+					$old_hash = $this->passwords_manager->hash($old_hash, '$H$');
+				}
+
+				$new_hash = $this->passwords_manager->hash($old_hash, [$this->default_type]);
 
 				// Increase number so we know that users were selected from the database
 				$affected_rows++;

phpBB/phpbb/db/driver/mysqli.php

@@ -59,14 +59,17 @@ class mysqli extends \phpbb\db\driver\mysql_base
 			}
 		}
 
-		$this->db_connect_id = mysqli_init();
-
-		if (!@mysqli_real_connect($this->db_connect_id, $this->server, $this->user, $sqlpassword, $this->dbname, $port, $socket, MYSQLI_CLIENT_FOUND_ROWS))
+		if (!$this->db_connect_id = mysqli_init())
 		{
-			$this->db_connect_id = '';
+			$this->connect_error = 'Failed to initialize MySQLi object.';
+
+		}
+		else if (!@mysqli_real_connect($this->db_connect_id, $this->server, $this->user, $sqlpassword, $this->dbname, $port, $socket, MYSQLI_CLIENT_FOUND_ROWS))
+		{
+			$this->connect_error = 'Failed to establish a connection to the MySQL database engine. Please ensure MySQL server is running and the database configuration parameters are correct.';
 		}
 
-		if ($this->db_connect_id && $this->dbname != '')
+		if (!$this->connect_error && $this->db_connect_id && $this->dbname != '')
 		{
 			// Disable loading local files on client side
 			@mysqli_options($this->db_connect_id, MYSQLI_OPT_LOCAL_INFILE, false);
@@ -155,7 +158,9 @@ class mysqli extends \phpbb\db\driver\mysql_base
 		switch ($status)
 		{
 			case 'begin':
-				return @mysqli_autocommit($this->db_connect_id, false);
+				@mysqli_autocommit($this->db_connect_id, false);
+				$result = @mysqli_begin_transaction($this->db_connect_id);
+				return $result;
 			break;
 
 			case 'commit':
@@ -355,15 +360,8 @@ class mysqli extends \phpbb\db\driver\mysql_base
 		if ($this->db_connect_id)
 		{
 			$error = [
-				'message'	=> $this->db_connect_id->error,
-				'code'		=> $this->db_connect_id->errno,
-			];
-		}
-		else if (function_exists('mysqli_connect_error'))
-		{
-			$error = [
-				'message'	=> $this->db_connect_id->connect_error,
-				'code'		=> $this->db_connect_id->connect_errno,
+				'message'	=> $this->db_connect_id->connect_error ?: $this->db_connect_id->error,
+				'code'		=> $this->db_connect_id->connect_errno ?: $this->db_connect_id->errno,
 			];
 		}
 		else

phpBB/phpbb/db/migration/data/v33x/topic_views_update.php

@@ -0,0 +1,47 @@
+<?php
+/**
+*
+* This file is part of the phpBB Forum Software package.
+*
+* @copyright (c) phpBB Limited <https://www.phpbb.com>
+* @license GNU General Public License, version 2 (GPL-2.0)
+*
+* For full copyright and license information, please see
+* the docs/CREDITS.txt file.
+*
+*/
+
+namespace phpbb\db\migration\data\v33x;
+
+class topic_views_update extends \phpbb\db\migration\migration
+{
+	public static function depends_on()
+	{
+		return [
+			'\phpbb\db\migration\data\v33x\v3314',
+		];
+	}
+
+	public function update_schema(): array
+	{
+		// This extends the topic view count field so we can support much larger values.
+		return [
+			'change_columns' => [
+				$this->table_prefix . 'topics' => [
+					'topic_views'  => ['ULINT', 0],
+				],
+			]
+		];
+	}
+
+	public function revert_schema(): array
+	{
+		return [
+			'change_columns' => [
+				$this->table_prefix . 'topics' => [
+					'topic_views'  => ['UINT', 0],
+				],
+			]
+		];
+	}
+}

phpBB/phpbb/db/migration/data/v33x/v3313.php

@@ -0,0 +1,36 @@
+<?php
+/**
+ *
+ * This file is part of the phpBB Forum Software package.
+ *
+ * @copyright (c) phpBB Limited <https://www.phpbb.com>
+ * @license GNU General Public License, version 2 (GPL-2.0)
+ *
+ * For full copyright and license information, please see
+ * the docs/CREDITS.txt file.
+ *
+ */
+
+namespace phpbb\db\migration\data\v33x;
+
+class v3313 extends \phpbb\db\migration\migration
+{
+	public function effectively_installed()
+	{
+		return version_compare($this->config['version'], '3.3.13', '>=');
+	}
+
+	public static function depends_on()
+	{
+		return [
+			'\phpbb\db\migration\data\v33x\v3313rc1',
+		];
+	}
+
+	public function update_data()
+	{
+		return [
+			['config.update', ['version', '3.3.13']],
+		];
+	}
+}

phpBB/phpbb/db/migration/data/v33x/v3313rc1.php

@@ -0,0 +1,36 @@
+<?php
+/**
+ *
+ * This file is part of the phpBB Forum Software package.
+ *
+ * @copyright (c) phpBB Limited <https://www.phpbb.com>
+ * @license GNU General Public License, version 2 (GPL-2.0)
+ *
+ * For full copyright and license information, please see
+ * the docs/CREDITS.txt file.
+ *
+ */
+
+namespace phpbb\db\migration\data\v33x;
+
+class v3313rc1 extends \phpbb\db\migration\migration
+{
+	public function effectively_installed()
+	{
+		return version_compare($this->config['version'], '3.3.13-RC1', '>=');
+	}
+
+	public static function depends_on()
+	{
+		return [
+			'\phpbb\db\migration\data\v33x\v3312',
+		];
+	}
+
+	public function update_data()
+	{
+		return [
+			['config.update', ['version', '3.3.13-RC1']],
+		];
+	}
+}

phpBB/phpbb/db/migration/data/v33x/v3314.php

@@ -0,0 +1,36 @@
+<?php
+/**
+ *
+ * This file is part of the phpBB Forum Software package.
+ *
+ * @copyright (c) phpBB Limited <https://www.phpbb.com>
+ * @license GNU General Public License, version 2 (GPL-2.0)
+ *
+ * For full copyright and license information, please see
+ * the docs/CREDITS.txt file.
+ *
+ */
+
+namespace phpbb\db\migration\data\v33x;
+
+class v3314 extends \phpbb\db\migration\migration
+{
+	public function effectively_installed()
+	{
+		return version_compare($this->config['version'], '3.3.14', '>=');
+	}
+
+	public static function depends_on()
+	{
+		return [
+			'\phpbb\db\migration\data\v33x\v3314rc1',
+		];
+	}
+
+	public function update_data()
+	{
+		return [
+			['config.update', ['version', '3.3.14']],
+		];
+	}
+}

phpBB/phpbb/db/migration/data/v33x/v3314rc1.php

@@ -0,0 +1,36 @@
+<?php
+/**
+ *
+ * This file is part of the phpBB Forum Software package.
+ *
+ * @copyright (c) phpBB Limited <https://www.phpbb.com>
+ * @license GNU General Public License, version 2 (GPL-2.0)
+ *
+ * For full copyright and license information, please see
+ * the docs/CREDITS.txt file.
+ *
+ */
+
+namespace phpbb\db\migration\data\v33x;
+
+class v3314rc1 extends \phpbb\db\migration\migration
+{
+	public function effectively_installed()
+	{
+		return version_compare($this->config['version'], '3.3.14-RC1', '>=');
+	}
+
+	public static function depends_on()
+	{
+		return [
+			'\phpbb\db\migration\data\v33x\v3313',
+		];
+	}
+
+	public function update_data()
+	{
+		return [
+			['config.update', ['version', '3.3.14-RC1']],
+		];
+	}
+}

phpBB/phpbb/db/migration/data/v33x/v3315.php

@@ -0,0 +1,36 @@
+<?php
+/**
+ *
+ * This file is part of the phpBB Forum Software package.
+ *
+ * @copyright (c) phpBB Limited <https://www.phpbb.com>
+ * @license GNU General Public License, version 2 (GPL-2.0)
+ *
+ * For full copyright and license information, please see
+ * the docs/CREDITS.txt file.
+ *
+ */
+
+namespace phpbb\db\migration\data\v33x;
+
+class v3315 extends \phpbb\db\migration\migration
+{
+	public function effectively_installed()
+	{
+		return version_compare($this->config['version'], '3.3.15', '>=');
+	}
+
+	public static function depends_on()
+	{
+		return [
+			'\phpbb\db\migration\data\v33x\v3315rc1',
+		];
+	}
+
+	public function update_data()
+	{
+		return [
+			['config.update', ['version', '3.3.15']],
+		];
+	}
+}

phpBB/phpbb/db/migration/data/v33x/v3315rc1.php

@@ -0,0 +1,36 @@
+<?php
+/**
+ *
+ * This file is part of the phpBB Forum Software package.
+ *
+ * @copyright (c) phpBB Limited <https://www.phpbb.com>
+ * @license GNU General Public License, version 2 (GPL-2.0)
+ *
+ * For full copyright and license information, please see
+ * the docs/CREDITS.txt file.
+ *
+ */
+
+namespace phpbb\db\migration\data\v33x;
+
+class v3315rc1 extends \phpbb\db\migration\migration
+{
+	public function effectively_installed()
+	{
+		return version_compare($this->config['version'], '3.3.15-RC1', '>=');
+	}
+
+	public static function depends_on()
+	{
+		return [
+			'\phpbb\db\migration\data\v33x\topic_views_update',
+		];
+	}
+
+	public function update_data()
+	{
+		return [
+			['config.update', ['version', '3.3.15-RC1']],
+		];
+	}
+}

phpBB/phpbb/db/migration/tool/permission.php

@@ -435,15 +435,14 @@ class permission implements \phpbb\db\migration\tool\tool_interface
 		}
 		$this->db->sql_freeresult($result);
 
-		if (empty($new_auth))
+		$type = (string) $type; // Prevent PHP bug.
+		if (empty($new_auth) || !in_array($type, ['role','group']))
 		{
 			return;
 		}
 
 		$current_auth = array();
 
-		$type = (string) $type; // Prevent PHP bug.
-
 		switch ($type)
 		{
 			case 'role':
@@ -525,40 +524,32 @@ class permission implements \phpbb\db\migration\tool\tool_interface
 			break;
 		}
 
-		$sql_ary = array();
-		switch ($type)
+		$sql_ary = $auth_update_list = [];
+		$table = $type == 'role' ? ACL_ROLES_DATA_TABLE : ACL_GROUPS_TABLE;
+		foreach ($new_auth as $auth_option_id)
 		{
-			case 'role':
-				foreach ($new_auth as $auth_option_id)
-				{
-					if (!isset($current_auth[$auth_option_id]))
-					{
-						$sql_ary[] = array(
-							'role_id'			=> $role_id,
-							'auth_option_id'	=> $auth_option_id,
-							'auth_setting'		=> $has_permission,
-						);
-					}
-				}
+			if (!isset($current_auth[$auth_option_id]))
+			{
+				$sql_ary[] = [
+					$type . '_id'		=> ${$type . '_id'},
+					'auth_option_id'	=> $auth_option_id,
+					'auth_setting'		=> (int) $has_permission,
+				];
+			}
+			else
+			{
+				$auth_update_list[] = $auth_option_id;
+			}
+		}
+		$this->db->sql_multi_insert($table, $sql_ary);
 
-				$this->db->sql_multi_insert(ACL_ROLES_DATA_TABLE, $sql_ary);
-			break;
-
-			case 'group':
-				foreach ($new_auth as $auth_option_id)
-				{
-					if (!isset($current_auth[$auth_option_id]))
-					{
-						$sql_ary[] = array(
-							'group_id'			=> $group_id,
-							'auth_option_id'	=> $auth_option_id,
-							'auth_setting'		=> $has_permission,
-						);
-					}
-				}
-
-				$this->db->sql_multi_insert(ACL_GROUPS_TABLE, $sql_ary);
-			break;
+		if (count($auth_update_list))
+		{
+			$sql = 'UPDATE ' . $table . '
+				SET auth_setting = ' . (int) $has_permission . '
+				WHERE ' . $this->db->sql_in_set('auth_option_id', $auth_update_list) . '
+					AND ' . $type . '_id = ' .  (int) ${$type . '_id'};
+			$this->db->sql_query($sql);
 		}
 
 		$this->auth->acl_clear_prefetch();

phpBB/phpbb/extension/manager.php

@@ -31,6 +31,7 @@ class manager
 	protected $php_ext;
 	protected $extensions;
 	protected $extension_table;
+	protected $filesystem;
 	protected $phpbb_root_path;
 	protected $cache_name;
 

phpBB/phpbb/feed/controller/feed.php

@@ -134,6 +134,8 @@ class feed
 	 */
 	public function forums()
 	{
+		$this->check_enabled();
+
 		if (!$this->config['feed_overall_forums'])
 		{
 			$this->send_unavailable();
@@ -151,6 +153,8 @@ class feed
 	 */
 	public function news()
 	{
+		$this->check_enabled();
+
 		// Get at least one news forum
 		$sql = 'SELECT forum_id
 					FROM ' . FORUMS_TABLE . '
@@ -176,6 +180,8 @@ class feed
 	 */
 	public function topics()
 	{
+		$this->check_enabled();
+
 		if (!$this->config['feed_topics_new'])
 		{
 			$this->send_unavailable();
@@ -193,6 +199,8 @@ class feed
 	 */
 	public function topics_new()
 	{
+		$this->check_enabled();
+
 		return $this->topics();
 	}
 
@@ -205,6 +213,8 @@ class feed
 	 */
 	public function topics_active()
 	{
+		$this->check_enabled();
+
 		if (!$this->config['feed_topics_active'])
 		{
 			$this->send_unavailable();
@@ -224,6 +234,8 @@ class feed
 	 */
 	public function forum($forum_id)
 	{
+		$this->check_enabled();
+
 		if (!$this->config['feed_forum'])
 		{
 			$this->send_unavailable();
@@ -243,6 +255,8 @@ class feed
 	 */
 	public function topic($topic_id)
 	{
+		$this->check_enabled();
+
 		if (!$this->config['feed_topic'])
 		{
 			$this->send_unavailable();
@@ -260,6 +274,8 @@ class feed
 	 */
 	public function overall()
 	{
+		$this->check_enabled();
+
 		if (!$this->config['feed_overall'])
 		{
 			$this->send_unavailable();
@@ -407,6 +423,22 @@ class feed
 		return $response;
 	}
 
+	/**
+	 * Check if feeds are enabled in the configuration.
+	 *
+	 * @throws http_exception If feeds are disabled.
+	 *
+	 * @return void
+	 */
+	protected function check_enabled()
+	{
+		// Feeds are disabled, no need to continue
+		if (!$this->config['feed_enable'])
+		{
+			throw new http_exception(404, 'NO_FEED_ENABLED');
+		}
+	}
+
 	/**
 	 * Throw and exception saying that the feed isn't available
 	 *

phpBB/phpbb/file_downloader.php

@@ -13,91 +13,127 @@
 
 namespace phpbb;
 
+use GuzzleHttp\Client;
+use GuzzleHttp\Exception\RequestException;
+use phpbb\exception\runtime_exception;
+
 class file_downloader
 {
+	const OK = 200;
+	const NOT_FOUND = 404;
+	const REQUEST_TIMEOUT = 408;
+
 	/** @var string Error string */
 	protected $error_string = '';
 
 	/** @var int Error number */
 	protected $error_number = 0;
 
+	/**
+	 * Create new guzzle client
+	 *
+	 * @param string $host
+	 * @param int $port
+	 * @param int $timeout
+	 *
+	 * @return Client
+	 */
+	protected function create_client(string $host, int $port = 443, int $timeout = 6): Client
+	{
+		// Only set URL scheme if not specified in URL
+		$url_parts = parse_url($host);
+		if (!isset($url_parts['scheme']))
+		{
+			$host = (($port === 443) ? 'https://' : 'http://') . $host;
+		}
+
+		// Initialize Guzzle client
+		return new Client([
+			'base_uri' => $host,
+			'timeout'  => $timeout,
+			'headers' => [
+				'user-agent' => 'phpBB/' . PHPBB_VERSION,
+				'accept' => '*/*',
+			  ],
+		]);
+	}
+
 	/**
 	 * Retrieve contents from remotely stored file
 	 *
-	 * @param string	$host			File host
-	 * @param string	$directory		Directory file is in
-	 * @param string	$filename		Filename of file to retrieve
-	 * @param int		$port			Port to connect to; default: 80
-	 * @param int		$timeout		Connection timeout in seconds; default: 6
+	 * @param string    $host            File host
+	 * @param string    $directory       Directory file is in
+	 * @param string    $filename        Filename of file to retrieve
+	 * @param int       $port            Port to connect to; default: 443
+	 * @param int       $timeout         Connection timeout in seconds; default: 6
 	 *
-	 * @return mixed File data as string if file can be read and there is no
-	 *			timeout, false if there were errors or the connection timed out
+	 * @return false|string File data as string if file can be read and there is no
+	 *         timeout, false if there were errors or the connection timed out
 	 *
-	 * @throws \phpbb\exception\runtime_exception If data can't be retrieved and no error
-	 *		message is returned
+	 * @throws runtime_exception If data can't be retrieved and no error
+	 *         message is returned
 	 */
-	public function get($host, $directory, $filename, $port = 80, $timeout = 6)
+	public function get(string $host, string $directory, string $filename, int $port = 443, int $timeout = 6)
 	{
+		try
+		{
+			// Initialize Guzzle client
+			$client = $this->create_client($host, $port, $timeout);
+		}
+		catch (\RuntimeException $exception)
+		{
+			throw new runtime_exception('HTTP_HANDLER_NOT_FOUND');
+		}
+
 		// Set default values for error variables
 		$this->error_number = 0;
 		$this->error_string = '';
 
-		if (function_exists('fsockopen') &&
-			$socket = @fsockopen(($port == 443 ? 'ssl://' : '') . $host, $port, $this->error_number, $this->error_string, $timeout)
-		)
+		try
 		{
-			@fputs($socket, "GET $directory/$filename HTTP/1.0\r\n");
-			@fputs($socket, "HOST: $host\r\n");
-			@fputs($socket, "Connection: close\r\n\r\n");
+			$response = $client->request('GET', "$directory/$filename");
 
-			$timer_stop = time() + $timeout;
-			stream_set_timeout($socket, $timeout);
-
-			$file_info = '';
-			$get_info = false;
-
-			while (!@feof($socket))
+			// Check if the response status code is 200 (OK)
+			if ($response->getStatusCode() == self::OK)
 			{
-				if ($get_info)
-				{
-					$file_info .= @fread($socket, 1024);
-				}
-				else
-				{
-					$line = @fgets($socket, 1024);
-					if ($line == "\r\n")
-					{
-						$get_info = true;
-					}
-					else if (stripos($line, '404 not found') !== false)
-					{
-						throw new \phpbb\exception\runtime_exception('FILE_NOT_FOUND', array($filename));
-					}
-				}
-
-				$stream_meta_data = stream_get_meta_data($socket);
-
-				if (!empty($stream_meta_data['timed_out']) || time() >= $timer_stop)
-				{
-					throw new \phpbb\exception\runtime_exception('FSOCK_TIMEOUT');
-				}
-			}
-			@fclose($socket);
-		}
-		else
-		{
-			if ($this->error_string)
-			{
-				$this->error_string = utf8_convert_message($this->error_string);
-				return false;
+				return $response->getBody()->getContents();
 			}
 			else
 			{
-				throw new \phpbb\exception\runtime_exception('FSOCK_DISABLED');
+				$this->error_number = $response->getStatusCode();
+				throw new runtime_exception('FILE_NOT_FOUND', [$filename]);
 			}
 		}
+		catch (RequestException $exception)
+		{
+			if ($exception->hasResponse())
+			{
+				$this->error_number = $exception->getResponse()->getStatusCode();
 
-		return $file_info;
+				if ($this->error_number == self::NOT_FOUND)
+				{
+					throw new runtime_exception('FILE_NOT_FOUND', [$filename]);
+				}
+			}
+			else
+			{
+				$this->error_number = self::REQUEST_TIMEOUT;
+				throw new runtime_exception('FSOCK_TIMEOUT');
+			}
+
+			$this->error_string = utf8_convert_message($exception->getMessage());
+			return false;
+		}
+		catch (runtime_exception $exception)
+		{
+			// Rethrow runtime_exceptions, only handle unknown cases below
+			throw $exception;
+		}
+		catch (\Throwable $exception)
+		{
+			$this->error_string = utf8_convert_message($exception->getMessage());
+			throw new runtime_exception('FSOCK_DISABLED');
+		}
 	}
 
 	/**
@@ -105,7 +141,7 @@ class file_downloader
 	 *
 	 * @return string Error string
 	 */
-	public function get_error_string()
+	public function get_error_string(): string
 	{
 		return $this->error_string;
 	}
@@ -115,7 +151,7 @@ class file_downloader
 	 *
 	 * @return int Error number
 	 */
-	public function get_error_number()
+	public function get_error_number(): int
 	{
 		return $this->error_number;
 	}

phpBB/phpbb/install/module/install_finish/task/install_extensions.php

@@ -144,7 +144,7 @@ class install_extensions extends \phpbb\install\task_base
 				if (isset($extensions[$ext_name]) && $extensions[$ext_name]['ext_active'])
 				{
 					// Create log
-					$this->log->add('admin', ANONYMOUS, '', 'LOG_EXT_ENABLE', time(), array($ext_name));
+					$this->log->add('admin', ANONYMOUS, $this->user->ip, 'LOG_EXT_ENABLE', time(), array($ext_name));
 					$this->iohandler->add_success_message(array('CLI_EXTENSION_ENABLE_SUCCESS', $ext_name));
 				}
 				else

phpBB/phpbb/install/module/update_database/task/update_extensions.php

@@ -174,7 +174,7 @@ class update_extensions extends task_base
 						if (isset($extensions[$ext_name]) && $extensions[$ext_name]['ext_active'])
 						{
 							// Create log
-							$this->log->add('admin', ANONYMOUS, '', 'LOG_EXT_UPDATE', time(), array($ext_name));
+							$this->log->add('admin', ANONYMOUS, $this->user->ip, 'LOG_EXT_UPDATE', time(), array($ext_name));
 							$this->iohandler->add_success_message(array('CLI_EXTENSION_UPDATE_SUCCESS', $ext_name));
 						}
 						else

phpBB/phpbb/path_helper.php

@@ -223,13 +223,13 @@ class path_helper
 		*
 		* The referer must be specified as a parameter in the query.
 		*/
-		if ($this->request->is_ajax() && $this->symfony_request->get('_referer'))
+		if ($this->request->is_ajax() && $this->request->header('Referer'))
 		{
 			// We need to escape $absolute_board_url because it can be partially concatenated to the result.
 			$absolute_board_url = $this->request->escape($this->symfony_request->getSchemeAndHttpHost() . $this->symfony_request->getBasePath(), true);
 
 			$referer_web_root_path = $this->get_web_root_path_from_ajax_referer(
-				$this->symfony_request->get('_referer'),
+				$this->request->header('Referer'),
 				$absolute_board_url
 			);
 			return $this->web_root_path = $referer_web_root_path;

phpBB/phpbb/search/base.php

@@ -76,17 +76,10 @@ class base
 				}
 			}
 
-			// change the start to the actual end of the current request if the sort direction differs
-			// from the dirction in the cache and reverse the ids later
+			// If the sort direction differs from the direction in the cache, then reverse the ids array
 			if ($reverse_ids)
 			{
-				$start = $result_count - $start - $per_page;
-
-				// the user requested a page past the last index
-				if ($start < 0)
-				{
-					return SEARCH_RESULT_NOT_IN_CACHE;
-				}
+				$stored_ids = array_reverse($stored_ids);
 			}
 
 			for ($i = $start, $n = $start + $per_page; ($i < $n) && ($i < $result_count); $i++)
@@ -102,11 +95,6 @@ class base
 			}
 			unset($stored_ids);
 
-			if ($reverse_ids)
-			{
-				$id_ary = array_reverse($id_ary);
-			}
-
 			if (!$complete)
 			{
 				return SEARCH_RESULT_INCOMPLETE;

phpBB/phpbb/search/fulltext_native.php

@@ -299,7 +299,11 @@ class fulltext_native extends \phpbb\search\base
 		);
 
 		$keywords = preg_replace($match, $replace, $keywords);
-		$num_keywords = count(explode(' ', $keywords));
+
+		// Ensure a space exists before +, - and | to make the split and count work correctly
+		$countable_keywords = preg_replace('/(?<!\s)(\+|\-|\|)/', ' $1', $keywords);
+
+		$num_keywords = count(explode(' ', $countable_keywords));
 
 		// We limit the number of allowed keywords to minimize load on the database
 		if ($this->config['max_num_search_keywords'] && $num_keywords > $this->config['max_num_search_keywords'])

phpBB/phpbb/session.php

@@ -441,7 +441,7 @@ class session
 						$this->check_ban_for_current_session($config);
 
 						// Update user last active time accordingly, but in a minute or so
-						if ((int) $this->data['session_time'] - (int) $this->data['user_last_active'] > 60)
+						if ($this->time_now - (int) $this->data['user_last_active'] > 60)
 						{
 							$this->update_last_active_time();
 						}
@@ -819,7 +819,7 @@ class session
 				// Update the form key
 				$sql = 'UPDATE ' . USERS_TABLE . '
 					SET user_form_salt = \'' . $db->sql_escape($this->data['user_form_salt']) . '\',
-						user_last_active = ' . (int) $this->data['session_time'] . '
+						user_last_active = ' . (int) $this->time_now . '
 					WHERE user_id = ' . (int) $this->data['user_id'];
 				$db->sql_query($sql);
 			}
@@ -964,8 +964,8 @@ class session
 		}
 
 		/**
-		 * Get most recent session for each registered user to sync user last visit with it
-		 * Inner SELECT gets most recent sessions for each unique session_user_id
+		 * Get expired sessions for registered users, only most recent for each user
+		 * Inner SELECT gets most recent expired sessions for unique session_user_id
 		 * Outer SELECT gets data for them
 		 */
 		$sql_select = 'SELECT s1.session_page, s1.session_user_id, s1.session_time AS recent_time
@@ -973,7 +973,8 @@ class session
 			INNER JOIN (
 				SELECT session_user_id, MAX(session_time) AS recent_time
 				FROM ' . SESSIONS_TABLE . '
-				WHERE session_user_id <> ' . ANONYMOUS . '
+				WHERE session_time < ' . ($this->time_now - (int) $config['session_length']) . '
+					AND session_user_id <> ' . ANONYMOUS . '
 				GROUP BY session_user_id
 			) AS s2
 			ON s1.session_user_id = s2.session_user_id
@@ -1812,7 +1813,7 @@ class session
 		{
 			$sql = 'UPDATE ' . USERS_TABLE . '
 				SET user_lastvisit = ' . (int) $this->data['session_time'] . ',
-					user_last_active = ' . (int) $this->data['session_time'] . '
+					user_last_active = ' . $this->time_now . '
 				WHERE user_id = ' . (int) $this->data['user_id'];
 			$db->sql_query($sql);
 		}
@@ -1827,10 +1828,10 @@ class session
 	{
 		global $db;
 
-		if (isset($this->data['session_time'], $this->data['user_id']))
+		if (isset($this->time_now, $this->data['user_id']))
 		{
 			$sql = 'UPDATE ' . USERS_TABLE . '
-				SET user_last_active = ' . (int) $this->data['session_time'] . '
+				SET user_last_active = ' . $this->time_now . '
 				WHERE user_id = ' . (int) $this->data['user_id'];
 			$db->sql_query($sql);
 		}

phpBB/phpbb/textreparser/base.php

@@ -216,11 +216,11 @@ abstract class base implements reparser_interface
 	/**
 	* {@inheritdoc}
 	*/
-	public function reparse_range($min_id, $max_id)
+	public function reparse_range($min_id, $max_id, bool $force_bbcode_reparsing = false)
 	{
 		foreach ($this->get_records_by_range($min_id, $max_id) as $record)
 		{
-			$this->reparse_record($record);
+			$this->reparse_record($record, $force_bbcode_reparsing);
 		}
 	}
 
@@ -228,16 +228,17 @@ abstract class base implements reparser_interface
 	* Reparse given record
 	*
 	* @param array $record Associative array containing the record's data
+	* @param bool $force_bbcode_reparsing Flag indicating if BBCode should be reparsed unconditionally
 	*/
-	protected function reparse_record(array $record)
+	protected function reparse_record(array $record, bool $force_bbcode_reparsing = false)
 	{
 		// Guess magic URL state based on actual record content before adding fields
 		$record['enable_magic_url'] = $this->guess_magic_url($record);
 		$record = $this->add_missing_fields($record);
 
-		$flags = ($record['enable_bbcode']) ? OPTION_FLAG_BBCODE : 0;
-		$flags |= ($record['enable_smilies']) ? OPTION_FLAG_SMILIES : 0;
-		$flags |= ($record['enable_magic_url']) ? OPTION_FLAG_LINKS : 0;
+		$flags = ($record['enable_bbcode'] || $force_bbcode_reparsing) ? OPTION_FLAG_BBCODE : 0;
+		$flags |= ($record['enable_smilies'] || $force_bbcode_reparsing) ? OPTION_FLAG_SMILIES : 0;
+		$flags |= ($record['enable_magic_url'] || $force_bbcode_reparsing) ? OPTION_FLAG_LINKS : 0;
 		$unparsed = array_merge(
 			$record,
 			generate_text_for_edit($record['text'], $record['bbcode_uid'], $flags)
@@ -252,13 +253,13 @@ abstract class base implements reparser_interface
 			$unparsed['bbcode_uid'],
 			$bitfield,
 			$flags,
-			$unparsed['enable_bbcode'],
-			$unparsed['enable_magic_url'],
-			$unparsed['enable_smilies'],
-			$unparsed['enable_img_bbcode'],
+			$unparsed['enable_bbcode'] || $force_bbcode_reparsing,
+			$unparsed['enable_magic_url'] || $force_bbcode_reparsing,
+			$unparsed['enable_smilies'] || $force_bbcode_reparsing,
+			$unparsed['enable_img_bbcode'] || $force_bbcode_reparsing,
 			$unparsed['enable_flash_bbcode'],
-			$unparsed['enable_quote_bbcode'],
-			$unparsed['enable_url_bbcode'],
+			$unparsed['enable_quote_bbcode'] || $force_bbcode_reparsing,
+			$unparsed['enable_url_bbcode'] || $force_bbcode_reparsing,
 			'text_reparser.' . $this->get_name()
 		);
 

phpBB/phpbb/textreparser/reparser_interface.php

@@ -41,6 +41,7 @@ interface reparser_interface
 	*
 	* @param integer $min_id Lower bound
 	* @param integer $max_id Upper bound
+	* @param bool $force_bbcode_reparsing Flag indicating if BBCode should be reparsed unconditionally
 	*/
-	public function reparse_range($min_id, $max_id);
+	public function reparse_range($min_id, $max_id, bool $force_bbcode_reparsing = false);
 }

phpBB/phpbb/ucp/controller/delete_cookies.php

@@ -0,0 +1,134 @@
+<?php
+/**
+ *
+ * This file is part of the phpBB Forum Software package.
+ *
+ * @copyright (c) phpBB Limited <https://www.phpbb.com>
+ * @license GNU General Public License, version 2 (GPL-2.0)
+ *
+ * For full copyright and license information, please see
+ * the docs/CREDITS.txt file.
+ *
+ */
+
+namespace phpbb\ucp\controller;
+
+use phpbb\config\config;
+use phpbb\event\dispatcher_interface;
+use phpbb\language\language;
+use phpbb\request\request_interface;
+use phpbb\user;
+
+class delete_cookies
+{
+	/** @var config */
+	private $config;
+
+	/** @var dispatcher_interface */
+	private $dispatcher;
+
+	/** @var language */
+	private $language;
+
+	/** @var request_interface */
+	private $request;
+
+	/** @var user */
+	private $user;
+
+	/** @var string phpBB root path */
+	private $phpbb_root_path;
+
+	/** @var string PHP extension */
+	private $php_ext;
+
+	/**
+	 * Constructor for delete_cookies controller
+	 *
+	 * @param config $config
+	 * @param dispatcher_interface $dispatcher
+	 * @param language $language
+	 * @param request_interface $request
+	 * @param user $user
+	 */
+	public function __construct(config $config, dispatcher_interface $dispatcher, language $language, request_interface $request, user $user, string $phpbb_root_path, string $php_ext)
+	{
+		$this->config = $config;
+		$this->dispatcher = $dispatcher;
+		$this->language = $language;
+		$this->request = $request;
+		$this->user = $user;
+		$this->phpbb_root_path = $phpbb_root_path;
+		$this->php_ext = $php_ext;
+	}
+
+	/**
+	 * Handle delete cookies requests
+	 *
+	 * @return void
+	 */
+	public function handle()
+	{
+		$this->language->add_lang(['ucp']);
+
+		// Delete Cookies with dynamic names (do NOT delete poll cookies)
+		if (confirm_box(true))
+		{
+			$set_time = time() - 31536000;
+
+			foreach ($this->request->variable_names(request_interface::COOKIE) as $cookie_name)
+			{
+				// Only delete board cookies
+				if (strpos($cookie_name, $this->config['cookie_name'] . '_') !== 0)
+				{
+					continue;
+				}
+
+				$cookie_name = str_replace($this->config['cookie_name'] . '_', '', $cookie_name);
+
+				/**
+				 * Event to save custom cookies from deletion
+				 *
+				 * @event core.ucp_delete_cookies
+				 * @var	string	cookie_name		Cookie name to checking
+				 * @var	bool	retain_cookie	Do we retain our cookie or not, true if retain
+				 * @since 3.1.3-RC1
+				 * @changed 3.3.13-RC1 Moved to new delete_cookies controller
+				 */
+				$retain_cookie = false;
+				$vars = ['cookie_name', 'retain_cookie'];
+				extract($this->dispatcher->trigger_event('core.ucp_delete_cookies', compact($vars)));
+				if ($retain_cookie)
+				{
+					continue;
+				}
+
+				// Polls are stored as {cookie_name}_poll_{topic_id}, cookie_name_ got removed, therefore checking for poll_
+				if (strpos($cookie_name, 'poll_') !== 0)
+				{
+					$this->user->set_cookie($cookie_name, '', $set_time);
+				}
+			}
+
+			$this->user->set_cookie('track', '', $set_time);
+			$this->user->set_cookie('u', '', $set_time);
+			$this->user->set_cookie('k', '', $set_time);
+			$this->user->set_cookie('sid', '', $set_time);
+
+			// We destroy the session here, the user will be logged out nevertheless
+			$this->user->session_kill();
+			$this->user->session_begin();
+
+			meta_refresh(3, append_sid("{$this->phpbb_root_path}index.$this->php_ext"));
+
+			$message = $this->language->lang('COOKIES_DELETED') . '<br><br>' . $this->language->lang('RETURN_INDEX', '<a href="' . append_sid("{$this->phpbb_root_path}index.$this->php_ext") . '">', '</a>');
+			trigger_error($message);
+		}
+		else
+		{
+			confirm_box(false, 'DELETE_COOKIES', '');
+		}
+
+		redirect(append_sid("{$this->phpbb_root_path}index.$this->php_ext"));
+	}
+}

phpBB/phpbb/ucp/controller/reset_password.php

@@ -272,7 +272,7 @@ class reset_password
 						], false)
 				]);
 
-				$messenger->send($user_row['user_notify_type']);
+				$messenger->send(NOTIFY_EMAIL);
 
 				return $this->helper->message($message);
 			}

phpBB/phpbb/version_helper.php

@@ -381,7 +381,7 @@ class version_helper
 		}
 		else if ($info === false || $force_update)
 		{
-			$info = $this->file_downloader->get($this->host, $this->path, $this->file, $this->use_ssl ? 443 : 80);
+			$info = $this->file_downloader->get($this->host, $this->path, $this->file, $this->use_ssl ? 443 : 80, 30);
 			$error_string = $this->file_downloader->get_error_string();
 
 			if (!empty($error_string))

phpBB/posting.php

@@ -848,6 +848,7 @@ if ($save && $user->data['is_registered'] && $auth->acl_get('u_savedrafts') && (
 				'disable_smilies'	=> false,
 				'disable_magic_url'	=> false,
 				'attach_sig'		=> true,
+				'notify'			=> false,
 				'lock_topic'		=> false,
 
 				'topic_type'		=> POST_NORMAL,
@@ -1966,7 +1967,7 @@ $page_data = array(
 	'S_BBCODE_CHECKED'			=> ($bbcode_checked) ? ' checked="checked"' : '',
 	'S_SMILIES_ALLOWED'			=> $smilies_status,
 	'S_SMILIES_CHECKED'			=> ($smilies_checked) ? ' checked="checked"' : '',
-	'S_SIG_ALLOWED'				=> ($auth->acl_get('f_sigs', $forum_id) && $config['allow_sig'] && $user->data['is_registered']) ? true : false,
+	'S_SIG_ALLOWED'				=> ($user->data['is_registered'] && $config['allow_sig'] && $auth->acl_get('f_sigs', $forum_id) && $auth->acl_get('u_sig')) ? true : false,
 	'S_SIGNATURE_CHECKED'		=> ($sig_checked) ? ' checked="checked"' : '',
 	'S_NOTIFY_ALLOWED'			=> (!$user->data['is_registered'] || ($mode == 'edit' && $user->data['user_id'] != $post_data['poster_id']) || !$config['allow_topic_notify'] || !$config['email_enable']) ? false : true,
 	'S_NOTIFY_CHECKED'			=> ($notify_checked) ? ' checked="checked"' : '',

phpBB/search.php

@@ -90,8 +90,21 @@ switch ($search_id)
 	break;
 }
 
+$search_auth_check_override = false;
+/**
+* This event allows you to override search auth checks
+*
+* @event core.search_auth_check_override
+* @var	bool	search_auth_check_override	Whether or not the search auth check overridden
+* @since 3.3.14-RC1
+*/
+$vars = [
+	'search_auth_check_override',
+];
+extract($phpbb_dispatcher->trigger_event('core.search_auth_check_override', compact($vars)));
+
 // Is user able to search? Has search been disabled?
-if (!$auth->acl_get('u_search') || !$auth->acl_getf_global('f_search') || !$config['load_search'])
+if (!$search_auth_check_override && (!$auth->acl_get('u_search') || !$auth->acl_getf_global('f_search') || !$config['load_search']))
 {
 	$template->assign_var('S_NO_SEARCH', true);
 	trigger_error('NO_SEARCH');
@@ -684,10 +697,10 @@ if ($keywords || $author || $author_id || $search_id || $submit)
 	$hilit = str_replace(' ', '|', $hilit);
 
 	$u_hilit = urlencode(html_entity_decode(str_replace('|', ' ', $hilit), ENT_COMPAT));
-	$u_show_results = '&sr=' . $show_results;
+	$u_show_results = 'sr=' . $show_results;
 	$u_search_forum = implode('&fid%5B%5D=', $search_forum);
 
-	$u_search = append_sid("{$phpbb_root_path}search.$phpEx", $u_sort_param . $u_show_results);
+	$u_search = append_sid("{$phpbb_root_path}search.$phpEx", (($u_sort_param) ? $u_sort_param . '&' : '') . $u_show_results);
 	$u_search .= ($search_id) ? '&search_id=' . $search_id : '';
 	$u_search .= ($u_hilit) ? '&keywords=' . urlencode(html_entity_decode($keywords, ENT_COMPAT)) : '';
 	$u_search .= ($search_terms != 'all') ? '&terms=' . $search_terms : '';

phpBB/styles/prosilver/style.cfg

@@ -21,8 +21,8 @@
 # General Information about this style
 name = prosilver
 copyright = © phpBB Limited, 2007
-style_version = 3.3.12
-phpbb_version = 3.3.12
+style_version = 3.3.15
+phpbb_version = 3.3.15
 
 # Defining a different template bitfield
 # template_bitfield = //g=

phpBB/styles/prosilver/template/ajax.js

@@ -337,30 +337,6 @@ $('[data-ajax]').each(function() {
 	}
 });
 
-// Prevent accidental double submission of form
-$('[data-prevent-flood] input[type=submit]').click(function(event) {
-	const $submitButton = $(this); // Store the button element
-	const $form = $submitButton.closest('form');
-
-	// Always add the disabled class for visual feedback
-	$submitButton.addClass('disabled');
-
-	// Submit form if it hasn't been submitted yet
-	if (!$form.prop('data-form-submitted')) {
-		$form.prop('data-form-submitted', true);
-
-		return;
-	}
-
-	// Prevent default submission for subsequent clicks within 5 seconds
-	event.preventDefault();
-
-	setTimeout(() => {
-		$form.prop('removeProp', 'data-form-submitted');
-		$submitButton.removeClass('disabled'); // Re-enable after 5 seconds
-	}, 5000);
-});
-
 /**
  * This simply appends #preview to the action of the
  * QR action when you click the Full Editor & Preview button

phpBB/styles/prosilver/template/bbcode.html

@@ -38,11 +38,11 @@
 				<xsl:value-of select="$L_COLON"/>
 				<xsl:if test="@post_url">
 					<xsl:text> </xsl:text>
-					<a href="{@post_url}" data-post-id="{@post_id}" onclick="if(document.getElementById(hash.substr(1)))href=hash">&#8593;</a>
+					<a href="{@post_url}" aria-label="{L_VIEW_QUOTED_POST}" data-post-id="{@post_id}" onclick="if(document.getElementById(hash.substr(1)))href=hash"><i class="icon fa-arrow-circle-up fa-fw" aria-hidden="true"></i></a>
 				</xsl:if>
 				<xsl:if test="@msg_url">
 					<xsl:text> </xsl:text>
-					<a href="{@msg_url}" data-msg-id="{@msg_id}">&#8593;</a>
+					<a href="{@msg_url}" aria-label="{L_VIEW_QUOTED_POST}" data-msg-id="{@msg_id}"><i class="icon fa-arrow-circle-up fa-fw" aria-hidden="true"></i></a>
 				</xsl:if>
 				<xsl:if test="@date">
 					<span class="responsive-hide"><xsl:value-of select="@date"/></span>

phpBB/styles/prosilver/template/forum_fn.js

@@ -329,17 +329,6 @@ function parseDocument($container) {
 		}, 100);
 	});
 
-	/**
-	* Adjust HTML code for IE8 and older versions
-	*/
-	// if (oldBrowser) {
-	// 	// Fix .linklist.bulletin lists
-	// 	$container
-	// 		.find('ul.linklist.bulletin > li')
-	// 		.filter(':first-child, .rightside:last-child')
-	// 		.addClass('no-bulletin');
-	// }
-
 	/**
 	* Resize navigation (breadcrumbs) block to keep all links on same line
 	*/
@@ -661,7 +650,7 @@ function parseDocument($container) {
 				html = $children.html();
 			}
 
-			$block.append((first ? '' : '<br />') + html);
+			$block.append((first ? '' : '<br>') + html);
 
 			first = false;
 		});
@@ -681,7 +670,7 @@ function parseDocument($container) {
 
 		// Find all headers, get contents
 		$list.prev('.topiclist').find('li.header dd').not('.mark').each(function() {
-			headers.push($(this).text());
+			headers.push($("<div>").text($(this).text()).html());
 			headersLength++;
 		});
 
@@ -718,7 +707,7 @@ function parseDocument($container) {
 					html = headers[i] + ': <strong>' + html + '</strong>';
 				}
 
-				$block.append((first ? '' : '<br />') + html);
+				$block.append((first ? '' : '<br>') + html);
 
 				first = false;
 			});
@@ -784,7 +773,9 @@ function parseDocument($container) {
 				}
 
 				if ((text.length && text !== '-') || cell.children().length) {
-					cell.prepend('<dfn style="display: none;">' + headers[column] + '</dfn>');
+					if (headers[column].length) {
+						cell.prepend($("<dfn>").css('display', 'none').text(headers[column]));
+					}
 				} else {
 					cell.addClass('empty');
 				}

phpBB/styles/prosilver/template/forumlist_body.html

@@ -37,7 +37,7 @@
 					<div class="list-inner">
 						<!-- IF S_ENABLE_FEEDS and forumrow.S_FEED_ENABLED -->
 							<!--
-								<a class="feed-icon-forum" title="{L_FEED} - {forumrow.FORUM_NAME}" href="{U_FEED}?f={forumrow.FORUM_ID}">
+								<a class="feed-icon-forum" title="{L_FEED} - {forumrow.FORUM_NAME}" href="{{ path('phpbb_feed_forum', { forum_id : forumrow.FORUM_ID } ) }}">
 									<i class="icon fa-rss-square fa-fw icon-orange" aria-hidden="true"></i><span class="sr-only">{L_FEED} - {forumrow.FORUM_NAME}</span>
 								</a>
 							-->

phpBB/styles/prosilver/template/mcp_post.html

@@ -78,6 +78,7 @@
 		<p class="author"><span><i class="icon fa-file fa-fw icon-lightgray icon-md" aria-hidden="true"></i><span class="sr-only">{MINI_POST_IMG}</span></span> {L_POSTED} {L_POST_BY_AUTHOR} {POST_AUTHOR_FULL} &raquo; {POST_DATE}</p>
 		<!-- ENDIF -->
 
+		{% if S_CAN_APPROVE %}
 		<!-- IF S_POST_UNAPPROVED -->
 			<form method="post" id="mcp_approve" action="{U_APPROVE_ACTION}">
 
@@ -101,6 +102,7 @@
 			</p>
 			</form>
 		<!-- ENDIF -->
+		{% endif %}
 
 		{% if S_POST_REPORTED and not S_MCP_REPORT %}
 			<p class="post-notice reported">