[prep-release-3.3.14] Update changelog for 3.3.14

[ticket/17421] Rename extensions section to "not installed"

.devcontainer/resources/phpbb-config.yml

@@ -30,7 +30,7 @@ installer:
     server:
         cookie_secure: false
         server_protocol: http://
-        force_server_vars: false
+        force_server_vars: true
         server_name: localhost
         server_port: 80
         script_path: /

.devcontainer/resources/setup.sh

@@ -34,6 +34,14 @@ sudo ln -s /workspaces/phpbb/phpBB /var/www/html
 echo "[Codespaces] Copy phpBB configuration"
 cp /workspaces/phpbb/.devcontainer/resources/phpbb-config.yml /workspaces/phpbb/phpBB/install/install-config.yml
 
+# Force the server URL to reflect the Codespace
+# https://docs.github.com/en/codespaces/developing-in-a-codespace/default-environment-variables-for-your-codespace
+if [ "$CODESPACES" = true ] ; then
+    echo "[Codespaces] Set the phpBB server name using default environment variables"
+    codespaces_url="${CODESPACE_NAME}-80.${GITHUB_CODESPACES_PORT_FORWARDING_DOMAIN}"
+    sed -i "s/localhost/$codespaces_url/g" /workspaces/phpbb/phpBB/install/install-config.yml
+fi
+
 # Install phpBB
 echo "[Codespaces] Run phpBB CLI installation"
 cd /workspaces/phpbb/phpBB && composer install --no-interaction

.github/PULL_REQUEST_TEMPLATE.md

@@ -7,4 +7,4 @@ Checklist:
 
 Tracker ticket:
 
-https://tracker.phpbb.com/browse/PHPBB3-12345
+https://tracker.phpbb.com/browse/PHPBB-12345

.github/workflows/check_merge_to_master.yml

@@ -0,0 +1,70 @@
+name: Check merge to master
+
+on:
+    pull_request_target:
+        types: [ opened, synchronize, reopened ]
+        branches:
+            - 3.3.x
+
+jobs:
+    merge-check:
+        if: github.event_name == 'pull_request_target' && github.event.pull_request.base.ref == '3.3.x'
+        runs-on: ubuntu-latest
+        steps:
+            -   name: Checkout the repository
+                uses: actions/checkout@v3
+                with:
+                    fetch-depth: 0  # Ensure full history is fetched
+
+            -   name: Set up Git user
+                run: |
+                    git config --global user.name "github-actions"
+                    git config --global user.email "github-actions@github.com"
+
+            -   name: Fetch all branches
+                run: git fetch origin
+
+            -   name: Simulate merging PR into 3.3.x
+                id: simulate_merge
+                run: |
+                    git checkout 3.3.x
+                    git fetch origin pull/${{ github.event.pull_request.number }}/head
+                    git merge --no-ff FETCH_HEAD || exit 1
+
+            -   name: Attempt to merge updated 3.3.x into master
+                id: merge_master
+                run: |
+                    git checkout master
+                    if git merge --no-ff 3.3.x --no-commit; then
+                      echo "mergeable=true" >> $GITHUB_OUTPUT
+                    else
+                      echo "mergeable=false" >> $GITHUB_OUTPUT
+                      git merge --abort
+                    fi
+
+            - name: Find Comment
+              uses: peter-evans/find-comment@v3
+              id: fc
+              with:
+                  issue-number: ${{ github.event.pull_request.number }}
+                  comment-author: 'github-actions[bot]'
+                  body-includes: The attempt to merge branch `3.3.x` into `master` has completed
+
+            -   name: Post comment on PR
+                if: always()  # Ensure this step always runs, regardless of merge result
+                uses: peter-evans/create-or-update-comment@v4
+                with:
+                    token: ${{ secrets.GITHUB_TOKEN }}
+                    issue-number: ${{ github.event.pull_request.number }}
+                    comment-id: ${{ steps.fc.outputs.comment-id }}
+                    edit-mode: replace
+                    body: |
+                        The attempt to merge branch `3.3.x` into `master` has completed after considering the changes in this PR.
+
+                        - Merge result: ${{ steps.merge_master.outputs.mergeable == 'true' && 'Success ✅' || 'Conflict ❌' }}
+
+                        ${{ steps.merge_master.outputs.mergeable == 'true' && 'This PR is ready to be merged.' || 'A separate PR will be needed to merge `3.3.x` into `master`.' }}
+
+            -   name: Mark job as succeeded
+                if: always()
+                run: echo "Merge check completed. Ignoring the result to avoid failed status."

.github/workflows/merge_3.3.x_to_master.yml

@@ -0,0 +1,60 @@
+name: Merge 3.3.x into master
+
+on:
+    push:
+        branches:
+            - 3.3.x
+
+jobs:
+    merge-branch:
+        runs-on: ubuntu-latest
+
+        steps:
+            - uses: actions/create-github-app-token@v1
+              id: app-token
+              with:
+                  app-id: ${{ vars.MERGE_MASTER_APP_ID }}
+                  private-key: ${{ secrets.MERGE_MASTER_SECRET }}
+
+            - name: Checkout the repository
+              uses: actions/checkout@v4
+              with:
+                  fetch-depth: 0  # Fetch full history for proper merging
+                  ref: 3.3.x      # Checkout the 3.3.x branch
+                  token: ${{ steps.app-token.outputs.token }}
+
+            - name: Fetch the latest commit information
+              id: get-commit-info
+              run: |
+                  # Get the latest commit SHA and its author details
+                  COMMIT_SHA=$(git rev-parse HEAD)
+                  COMMIT_AUTHOR_NAME=$(git log -1 --pretty=format:'%an' $COMMIT_SHA)
+                  COMMIT_AUTHOR_EMAIL=$(git log -1 --pretty=format:'%ae' $COMMIT_SHA)
+
+                  # Save them as output for later steps
+                  echo "commit_sha=$COMMIT_SHA" >> $GITHUB_ENV
+                  echo "commit_author_name=$COMMIT_AUTHOR_NAME" >> $GITHUB_ENV
+                  echo "commit_author_email=$COMMIT_AUTHOR_EMAIL" >> $GITHUB_ENV
+
+            - name: Set up Git with the pull request author's info
+              run: |
+                  git config --global user.name "${{ env.commit_author_name }}"
+                  git config --global user.email "${{ env.commit_author_email }}"
+
+            - name: Fetch all branches
+              run: git fetch --all
+
+            - name: Merge 3.3.x into master
+              run: |
+                  git checkout master
+                  if git merge --no-ff 3.3.x; then
+                      echo "merge_failed=false" >> $GITHUB_ENV
+                  else
+                      echo "merge_failed=true" >> $GITHUB_ENV
+                  fi
+
+            - name: Push changes to master if merge was successful
+              if: env.merge_failed == 'false'
+              run: git push origin master
+              env:
+                  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/tests.yml

@@ -128,6 +128,8 @@ jobs:
                       db: "mysql:5.7"
                     - php: '8.3'
                       db: "mysql:5.7"
+                    - php: '8.4'
+                      db: "mysql:5.7"
 
         name: PHP ${{ matrix.php }} - ${{ matrix.db_alias != '' && matrix.db_alias || matrix.db }}
 
@@ -261,6 +263,8 @@ jobs:
                       db: "postgres:14"
                     - php: '8.3'
                       db: "postgres:14"
+                    - php: '8.4'
+                      db: "postgres:14"
 
         name: PHP ${{ matrix.php }} - ${{ matrix.db }}
 
@@ -347,7 +351,7 @@ jobs:
 
     # Other database types, namely sqlite3 and mssql
     other-tests:
-        runs-on: ubuntu-22.04
+        runs-on: ubuntu-20.04
         strategy:
             matrix:
                 include:
@@ -357,14 +361,14 @@ jobs:
                       db: "mcr.microsoft.com/mssql/server:2017-latest"
                       db_alias: 'MSSQL 2017'
                     - php: '7.2'
-                      db: "mcr.microsoft.com/mssql/server:2019-latest"
+                      db: "mcr.microsoft.com/mssql/server:2019-CU27-ubuntu-20.04"
                       db_alias: 'MSSQL 2019'
 
         name: PHP ${{ matrix.php }} - ${{ matrix.db_alias != '' && matrix.db_alias || matrix.db }}
 
         services:
             mssql:
-                image: ${{ matrix.db != 'mcr.microsoft.com/mssql/server:2017-latest' && matrix.db != 'mcr.microsoft.com/mssql/server:2019-latest' && 'mcr.microsoft.com/mssql/server:2017-latest' || matrix.db }}
+                image: ${{ matrix.db != 'mcr.microsoft.com/mssql/server:2017-latest' && matrix.db != 'mcr.microsoft.com/mssql/server:2019-CU27-ubuntu-20.04' && 'mcr.microsoft.com/mssql/server:2017-latest' || matrix.db }}
                 env:
                     SA_PASSWORD: "Pssw0rd_12"
                     ACCEPT_EULA: "y"
@@ -396,7 +400,7 @@ jobs:
               env:
                   MATRIX_DB: ${{ matrix.db }}
               run: |
-                  if [ $MATRIX_DB == 'mcr.microsoft.com/mssql/server:2017-latest' ] || [ $MATRIX_DB == 'mcr.microsoft.com/mssql/server:2019-latest' ]
+                  if [ $MATRIX_DB == 'mcr.microsoft.com/mssql/server:2017-latest' ] || [ $MATRIX_DB == 'mcr.microsoft.com/mssql/server:2019-CU27-ubuntu-20.04' ]
                   then
                       db='mssql'
                   else
@@ -469,6 +473,9 @@ jobs:
                     - php: '8.3'
                       db: "postgres"
                       type: 'unit'
+                    - php: '8.4'
+                      db: "postgres"
+                      type: 'unit'
                     - php: '7.4'
                       db: "postgres"
                       type: 'functional'
@@ -484,6 +491,9 @@ jobs:
                     - php: '8.3'
                       db: "postgres"
                       type: 'functional'
+                    - php: '8.4'
+                      db: "postgres"
+                      type: 'functional'
 
         name: Windows - PHP ${{ matrix.php }} - ${{ matrix.db }} - ${{ matrix.type }}
 

README.md

@@ -42,8 +42,8 @@ We have unit and functional tests in order to prevent regressions. You can view
 
 Branch  | Description | GitHub Actions |
 ------- | ----------- | -------------- |
-**master** | Latest development version | ![Tests](https://github.com/phpbb/phpbb/workflows/Tests/badge.svg?branch=master) |
-**3.3.x** | Development of version 3.3.x | ![Tests](https://github.com/phpbb/phpbb/workflows/Tests/badge.svg?branch=3.3.x) |
+**master** | Latest development version | ![Tests](https://github.com/phpbb/phpbb/actions/workflows/tests.yml/badge.svg?branch=master) |
+**3.3.x** | Development of version 3.3.x | ![Tests](https://github.com/phpbb/phpbb/actions/workflows/tests.yml/badge.svg?branch=3.3.x) |
 
 ## 📜 License
 

build/build.xml

@@ -2,9 +2,9 @@
 
 <project name="phpBB" description="The phpBB forum software" default="all" basedir="../">
 	<!-- a few settings for the build -->
-	<property name="newversion" value="3.3.12" />
-	<property name="prevversion" value="3.3.11" />
-	<property name="olderversions" value="3.1.0, 3.1.1, 3.1.2, 3.1.3, 3.1.4, 3.1.5, 3.1.6, 3.1.7, 3.1.7-pl1, 3.1.8, 3.1.9, 3.1.10, 3.1.11, 3.1.12, 3.2.0, 3.2.1, 3.2.2, 3.2.3, 3.2.4, 3.2.5, 3.2.6, 3.2.7, 3.2.8, 3.2.9, 3.2.10, 3.2.11, 3.3.0, 3.3.1, 3.3.2, 3.3.3, 3.3.4, 3.3.5, 3.3.6, 3.3.7, 3.3.8, 3.3.9, 3.3.10, 3.3.12-RC1" />
+	<property name="newversion" value="3.3.14" />
+	<property name="prevversion" value="3.3.13" />
+	<property name="olderversions" value="3.1.0, 3.1.1, 3.1.2, 3.1.3, 3.1.4, 3.1.5, 3.1.6, 3.1.7, 3.1.7-pl1, 3.1.8, 3.1.9, 3.1.10, 3.1.11, 3.1.12, 3.2.0, 3.2.1, 3.2.2, 3.2.3, 3.2.4, 3.2.5, 3.2.6, 3.2.7, 3.2.8, 3.2.9, 3.2.10, 3.2.11, 3.3.0, 3.3.1, 3.3.2, 3.3.3, 3.3.4, 3.3.5, 3.3.6, 3.3.7, 3.3.8, 3.3.9, 3.3.10, 3.3.11, 3.3.12, 3.3.14-RC1" />
 	<!-- no configuration should be needed beyond this point -->
 
 	<property name="oldversions" value="${olderversions}, ${prevversion}" />
@@ -181,6 +181,7 @@
 
 		<!-- create an empty config.php file (not for diffs) -->
 		<touch file="build/new_version/phpBB3/config.php" />
+		<copy file="build/new_version/phpBB3/phpbb/.htaccess" tofile="build/new_version/phpBB3/vendor/.htaccess" />
 
 	</target>
 

git-tools/hooks/commit-msg

@@ -224,7 +224,7 @@ do
 			"footer")
 				err=$ERR_FOOTER;
 				# Each ticket is on its own line
-				echo "$line" | grep -Eq "^PHPBB3-[0-9]+$";
+				echo "$line" | grep -Eq "^PHPBB3?-[0-9]+$";
 			;;
 			"eof")
 				err=$ERR_EOF;
@@ -356,7 +356,7 @@ echo "$expecting" | grep -q "eof" || (
 	# Check the branch ticket is mentioned, doesn't make sense otherwise
 	if [ $ticket -gt 0 ]
 	then
-		echo "$tickets" | grep -Eq "\bPHPBB3-$ticket\b" || (
+		echo "$tickets" | grep -Eq "\bPHPBB3?-$ticket\b" || (
 			complain "Ticket ID [$ticket] of branch missing from list of tickets:" >&2;
 			complain "$tickets" | sed 's/ /\n/g;s/^/* /g' >&2;
 			quit $ERR_FOOTER;

git-tools/hooks/prepare-commit-msg

@@ -47,7 +47,7 @@ then
 		# Branch is prefixed with 'ticket/', append ticket ID to message
 		if [ "$branch" != "${branch##ticket/}" ];
 		then
-			tail="$(printf '\n\nPHPBB3-%s' "$ticket_id")";
+			tail="$(printf '\n\nPHPBB-%s' "$ticket_id")";
 		fi
 	fi
 

phpBB/adm/style/acp_ext_list.html

@@ -42,59 +42,52 @@
 		</tr>
 	</thead>
 	<tbody>
-		<!-- IF .enabled -->
-		<tr>
-			<td class="row3" colspan="4"><strong>{L_EXTENSIONS_ENABLED}</strong><!-- EVENT acp_ext_list_enabled_title_after --></td>
-		</tr>
-		<!-- BEGIN enabled -->
-		<tr class="ext_enabled row-highlight">
-			<td><strong title="{enabled.NAME}">{enabled.META_DISPLAY_NAME}</strong><!-- EVENT acp_ext_list_enabled_name_after --></td>
-			<td style="text-align: center;">
-				<!-- IF enabled.S_VERSIONCHECK -->
-				<strong class="<!-- IF enabled.S_UP_TO_DATE -->current-ext<!-- ELSE -->outdated-ext<!-- ENDIF -->">{enabled.META_VERSION}</strong>
-				<!-- IF not enabled.S_UP_TO_DATE --><i class="fa fa-exclamation-circle outdated-ext" aria-hidden="true"></i><!-- ENDIF -->
-				<!-- ELSE -->
-				{enabled.META_VERSION}
-				<!-- ENDIF -->
-			</td>
-			<td style="text-align: center;"><a href="{enabled.U_DETAILS}">{L_DETAILS}</a></td>
-			<td style="text-align: center;">
-				<!-- BEGIN actions -->
-					<a href="{enabled.actions.U_ACTION}"<!-- IF enabled.actions.L_ACTION_EXPLAIN --> title="{enabled.actions.L_ACTION_EXPLAIN}"<!-- ENDIF -->>{enabled.actions.L_ACTION}</a>
-					<!-- IF not enabled.actions.S_LAST_ROW -->&nbsp;|&nbsp;<!-- ENDIF -->
-				<!-- END actions -->
-			</td>
-		</tr>
-		<!-- END enabled -->
-		<!-- ENDIF -->
-
-		<!-- IF .disabled -->
-		<tr>
-			<td class="row3" colspan="4"><strong>{L_EXTENSIONS_DISABLED}</strong><!-- EVENT acp_ext_list_disabled_title_after --></td>
-		</tr>
-		<!-- BEGIN disabled -->
-		<tr class="ext_disabled row-highlight">
-			<td><strong title="{disabled.NAME}">{disabled.META_DISPLAY_NAME}</strong><!-- EVENT acp_ext_list_disabled_name_after --></td>
-			<td style="text-align: center;">
-				<!-- IF disabled.S_VERSIONCHECK -->
-				<strong class="<!-- IF disabled.S_UP_TO_DATE -->current-ext<!-- ELSE -->outdated-ext<!-- ENDIF -->">{disabled.META_VERSION}</strong>
-				<!-- IF not disabled.S_UP_TO_DATE --><i class="fa fa-exclamation-circle outdated-ext" aria-hidden="true"></i><!-- ENDIF -->
-				<!-- ELSE -->
-				{disabled.META_VERSION}
-				<!-- ENDIF -->
-			</td>
-			<td style="text-align: center;">
-				<!-- IF disabled.U_DETAILS --><a href="{disabled.U_DETAILS}">{L_DETAILS}</a><!-- ENDIF -->
-			</td>
-			<td style="text-align: center;">
-				<!-- BEGIN actions -->
-					<a href="{disabled.actions.U_ACTION}"<!-- IF disabled.actions.L_ACTION_EXPLAIN --> title="{disabled.actions.L_ACTION_EXPLAIN}"<!-- ENDIF -->>{disabled.actions.L_ACTION}</a>
-					<!-- IF not disabled.actions.S_LAST_ROW -->&nbsp;|&nbsp;<!-- ENDIF -->
-				<!-- END actions -->
-			</td>
-		</tr>
-		<!-- END disabled -->
-		<!-- ENDIF -->
+		{% for list in ['enabled', 'disabled', 'not_installed'] %}
+			{% set blockname = attribute(loops, list) %}
+			{% if blockname|length %}
+			<tr>
+				<td class="row3" colspan="4"><strong>{{ lang('EXTENSIONS_' ~ list|upper) }}</strong>
+					{% if list == 'enabled' %}
+						{% EVENT acp_ext_list_enabled_title_after %}
+					{% elseif list == 'disabled' %}
+						{% EVENT acp_ext_list_disabled_title_after %}
+					{% elseif list == 'not_installed' %}
+						{% EVENT acp_ext_list_not_installed_title_after %}
+					{% endif %}
+				</td>
+			</tr>
+			{% for data in blockname %}
+			<tr class="ext_{{ list }} row-highlight">
+				<td><strong title="{{ data.NAME }}">{{ data.META_DISPLAY_NAME }}</strong>
+					{% if list == 'enabled' %}
+						{% EVENT acp_ext_list_enabled_name_after %}
+					{% elseif list == 'disabled' %}
+						{% EVENT acp_ext_list_disabled_name_after %}
+					{% elseif list == 'not_installed' %}
+						{% EVENT acp_ext_list_not_installed_name_after %}
+					{% endif %}
+				</td>
+				<td style="text-align: center;">
+					{% if data.S_VERSIONCHECK %}
+					<strong class="{% if data.S_UP_TO_DATE %}current-ext{% else %}outdated-ext{% endif %}">{{ data.META_VERSION }}</strong>
+					{% if not data.S_UP_TO_DATE %}<i class="fa fa-exclamation-circle outdated-ext" aria-hidden="true"></i>{% endif %}
+					{% else %}
+					{{ data.META_VERSION }}
+					{% endif %}
+				</td>
+				<td style="text-align: center;">
+					{% if data.U_DETAILS %}<a href="{{ data.U_DETAILS }}">{{ lang ('DETAILS') }}</a>{% endif %}
+				</td>
+				<td style="text-align: center;">
+					{% for actions in data.actions %}
+						<a href="{{ actions.U_ACTION }}"{% if actions.L_ACTION_EXPLAIN %} title="{{ actions.L_ACTION_EXPLAIN }}"{% endif %}>{{ actions.L_ACTION }}</a>
+						{% if not actions.S_LAST_ROW %}&nbsp;|&nbsp;{% endif %}
+					{% endfor %}
+				</td>
+			</tr>
+			{% endfor %}
+			{% endif %}
+		{% endfor %}
 	</tbody>
 	</table>
 

phpBB/adm/style/acp_groups.html

@@ -225,6 +225,7 @@
 
 	<fieldset>
 		<legend>{L_ADD_USERS}</legend>
+	{% EVENT acp_groups_add_user_options_before %}
 	<dl>
 		<dt><label for="leader">{L_USER_GROUP_LEADER}{L_COLON}</label></dt>
 		<dd><label><input name="leader" type="radio" class="radio" value="1" /> {L_YES}</label>
@@ -235,11 +236,13 @@
 		<dd><label><input name="default" type="radio" class="radio" value="1" /> {L_YES}</label>
 			<label><input name="default" type="radio" class="radio" id="default" value="0" checked="checked" /> {L_NO}</label></dd>
 	</dl>
+	{% EVENT acp_groups_add_user_usernames_before %}
 	<dl>
 		<dt><label for="usernames">{L_USERNAME}{L_COLON}</label><br /><span>{L_USERNAMES_EXPLAIN}</span></dt>
 		<dd><textarea id="usernames" name="usernames" cols="40" rows="5"></textarea></dd>
 		<dd><!-- EVENT acp_groups_find_username_prepend -->[ <a href="{U_FIND_USERNAME}" onclick="find_username(this.href); return false;">{L_FIND_USERNAME}</a> ]<!-- EVENT acp_groups_find_username_append --></dd>
 	</dl>
+	{% EVENT acp_groups_add_user_options_after %}
 
 	<p class="quick">
 		<input class="button2" type="submit" name="addusers" value="{L_SUBMIT}" />

phpBB/adm/style/acp_main.html

@@ -14,27 +14,31 @@
 
 	<p>{L_ADMIN_INTRO}</p>
 
-	<!-- IF S_UPDATE_INCOMPLETE -->
+	{% if S_UPDATE_INCOMPLETE %}
 		<div class="errorbox">
-			<p>{L_UPDATE_INCOMPLETE} <a href="{U_VERSIONCHECK}">{L_MORE_INFORMATION}</a></p>
+			<p>{{ lang('UPDATE_INCOMPLETE') }} <a href="{{ U_VERSIONCHECK }}">{{ lang('MORE_INFORMATION') }}</a></p>
 		</div>
-	<!-- ELSEIF S_VERSIONCHECK_FAIL -->
+	{% elseif S_VERSIONCHECK_FAIL %}
 		<div class="errorbox notice">
-			<p>{L_VERSIONCHECK_FAIL}</p>
-			<p>{VERSIONCHECK_FAIL_REASON}</p>
-			<p><a href="{U_VERSIONCHECK_FORCE}">{L_VERSIONCHECK_FORCE_UPDATE}</a> &middot; <a href="{U_VERSIONCHECK}">{L_MORE_INFORMATION}</a></p>
+			<p>{{ lang('VERSIONCHECK_FAIL') }}</p>
+			<p>{{ VERSIONCHECK_FAIL_REASON }}</p>
+			<p><a href="{{ U_VERSIONCHECK_FORCE }}">{{ lang('VERSIONCHECK_FORCE_UPDATE') }}</a> &middot; <a href="{{ U_VERSIONCHECK }}">{{ lang('MORE_INFORMATION') }}</a></p>
 		</div>
-	<!-- ELSEIF not S_VERSION_UP_TO_DATE -->
+	{% elseif not S_VERSION_UP_TO_DATE %}
 		<div class="errorbox">
-			<p>{L_VERSION_NOT_UP_TO_DATE_TITLE}</p>
-			<p><a href="{U_VERSIONCHECK_FORCE}">{L_VERSIONCHECK_FORCE_UPDATE}</a> &middot; <a href="{U_VERSIONCHECK}">{L_MORE_INFORMATION}</a></p>
+			<p>{{ lang('VERSION_NOT_UP_TO_DATE_TITLE') }}</p>
+			<p><a href="{{ U_VERSIONCHECK_FORCE }}">{{ lang('VERSIONCHECK_FORCE_UPDATE') }}</a> &middot; <a href="{{ U_VERSIONCHECK }}">{{ lang('MORE_INFORMATION') }}</a></p>
 		</div>
-	<!-- ENDIF -->
-	<!-- IF S_VERSION_UPGRADEABLE -->
+	{% elseif S_VERSION_UP_TO_DATE && S_VERSIONCHECK_FORCE %}
+		<div class="successbox">
+			<p>{{ lang('VERSION_UP_TO_DATE_ACP') }}</p>
+		</div>
+	{% endif %}
+	{% if S_VERSION_UPGRADEABLE %}
 		<div class="errorbox notice">
-			<p>{UPGRADE_INSTRUCTIONS}</p>
+			<p>{{ UPGRADE_INSTRUCTIONS }}</p>
 		</div>
-	<!-- ENDIF -->
+	{% endif %}
 
 	<!-- IF S_SEARCH_INDEX_MISSING -->
 		<div class="errorbox">

phpBB/composer.lock

@@ -3027,16 +3027,16 @@
         },
         {
             "name": "myclabs/deep-copy",
-            "version": "1.11.1",
+            "version": "1.12.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/myclabs/DeepCopy.git",
-                "reference": "7284c22080590fb39f2ffa3e9057f10a4ddd0e0c"
+                "reference": "3a6b9a42cd8f8771bd4295d13e1423fa7f3d942c"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/myclabs/DeepCopy/zipball/7284c22080590fb39f2ffa3e9057f10a4ddd0e0c",
-                "reference": "7284c22080590fb39f2ffa3e9057f10a4ddd0e0c",
+                "url": "https://api.github.com/repos/myclabs/DeepCopy/zipball/3a6b9a42cd8f8771bd4295d13e1423fa7f3d942c",
+                "reference": "3a6b9a42cd8f8771bd4295d13e1423fa7f3d942c",
                 "shasum": ""
             },
             "require": {
@@ -3044,11 +3044,12 @@
             },
             "conflict": {
                 "doctrine/collections": "<1.6.8",
-                "doctrine/common": "<2.13.3 || >=3,<3.2.2"
+                "doctrine/common": "<2.13.3 || >=3 <3.2.2"
             },
             "require-dev": {
                 "doctrine/collections": "^1.6.8",
                 "doctrine/common": "^2.13.3 || ^3.2.2",
+                "phpspec/prophecy": "^1.10",
                 "phpunit/phpunit": "^7.5.20 || ^8.5.23 || ^9.5.13"
             },
             "type": "library",
@@ -3074,7 +3075,7 @@
             ],
             "support": {
                 "issues": "https://github.com/myclabs/DeepCopy/issues",
-                "source": "https://github.com/myclabs/DeepCopy/tree/1.11.1"
+                "source": "https://github.com/myclabs/DeepCopy/tree/1.12.0"
             },
             "funding": [
                 {
@@ -3082,7 +3083,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2023-03-08T13:26:56+00:00"
+            "time": "2024-06-12T14:39:25+00:00"
         },
         {
             "name": "phar-io/manifest",
@@ -3533,24 +3534,24 @@
         },
         {
             "name": "phpspec/prophecy",
-            "version": "v1.18.0",
+            "version": "v1.19.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/phpspec/prophecy.git",
-                "reference": "d4f454f7e1193933f04e6500de3e79191648ed0c"
+                "reference": "67a759e7d8746d501c41536ba40cd9c0a07d6a87"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/phpspec/prophecy/zipball/d4f454f7e1193933f04e6500de3e79191648ed0c",
-                "reference": "d4f454f7e1193933f04e6500de3e79191648ed0c",
+                "url": "https://api.github.com/repos/phpspec/prophecy/zipball/67a759e7d8746d501c41536ba40cd9c0a07d6a87",
+                "reference": "67a759e7d8746d501c41536ba40cd9c0a07d6a87",
                 "shasum": ""
             },
             "require": {
                 "doctrine/instantiator": "^1.2 || ^2.0",
                 "php": "^7.2 || 8.0.* || 8.1.* || 8.2.* || 8.3.*",
                 "phpdocumentor/reflection-docblock": "^5.2",
-                "sebastian/comparator": "^3.0 || ^4.0 || ^5.0",
-                "sebastian/recursion-context": "^3.0 || ^4.0 || ^5.0"
+                "sebastian/comparator": "^3.0 || ^4.0 || ^5.0 || ^6.0",
+                "sebastian/recursion-context": "^3.0 || ^4.0 || ^5.0 || ^6.0"
             },
             "require-dev": {
                 "phpspec/phpspec": "^6.0 || ^7.0",
@@ -3596,9 +3597,9 @@
             ],
             "support": {
                 "issues": "https://github.com/phpspec/prophecy/issues",
-                "source": "https://github.com/phpspec/prophecy/tree/v1.18.0"
+                "source": "https://github.com/phpspec/prophecy/tree/v1.19.0"
             },
-            "time": "2023-12-07T16:22:33+00:00"
+            "time": "2024-02-29T11:52:51+00:00"
         },
         {
             "name": "phpunit/dbunit",
@@ -3726,16 +3727,16 @@
         },
         {
             "name": "phpunit/php-file-iterator",
-            "version": "2.0.5",
+            "version": "2.0.6",
             "source": {
                 "type": "git",
                 "url": "https://github.com/sebastianbergmann/php-file-iterator.git",
-                "reference": "42c5ba5220e6904cbfe8b1a1bda7c0cfdc8c12f5"
+                "reference": "69deeb8664f611f156a924154985fbd4911eb36b"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/sebastianbergmann/php-file-iterator/zipball/42c5ba5220e6904cbfe8b1a1bda7c0cfdc8c12f5",
-                "reference": "42c5ba5220e6904cbfe8b1a1bda7c0cfdc8c12f5",
+                "url": "https://api.github.com/repos/sebastianbergmann/php-file-iterator/zipball/69deeb8664f611f156a924154985fbd4911eb36b",
+                "reference": "69deeb8664f611f156a924154985fbd4911eb36b",
                 "shasum": ""
             },
             "require": {
@@ -3774,7 +3775,7 @@
             ],
             "support": {
                 "issues": "https://github.com/sebastianbergmann/php-file-iterator/issues",
-                "source": "https://github.com/sebastianbergmann/php-file-iterator/tree/2.0.5"
+                "source": "https://github.com/sebastianbergmann/php-file-iterator/tree/2.0.6"
             },
             "funding": [
                 {
@@ -3782,7 +3783,7 @@
                     "type": "github"
                 }
             ],
-            "time": "2021-12-02T12:42:26+00:00"
+            "time": "2024-03-01T13:39:50+00:00"
         },
         {
             "name": "phpunit/php-text-template",
@@ -3831,16 +3832,16 @@
         },
         {
             "name": "phpunit/php-timer",
-            "version": "2.1.3",
+            "version": "2.1.4",
             "source": {
                 "type": "git",
                 "url": "https://github.com/sebastianbergmann/php-timer.git",
-                "reference": "2454ae1765516d20c4ffe103d85a58a9a3bd5662"
+                "reference": "a691211e94ff39a34811abd521c31bd5b305b0bb"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/sebastianbergmann/php-timer/zipball/2454ae1765516d20c4ffe103d85a58a9a3bd5662",
-                "reference": "2454ae1765516d20c4ffe103d85a58a9a3bd5662",
+                "url": "https://api.github.com/repos/sebastianbergmann/php-timer/zipball/a691211e94ff39a34811abd521c31bd5b305b0bb",
+                "reference": "a691211e94ff39a34811abd521c31bd5b305b0bb",
                 "shasum": ""
             },
             "require": {
@@ -3878,7 +3879,7 @@
             ],
             "support": {
                 "issues": "https://github.com/sebastianbergmann/php-timer/issues",
-                "source": "https://github.com/sebastianbergmann/php-timer/tree/2.1.3"
+                "source": "https://github.com/sebastianbergmann/php-timer/tree/2.1.4"
             },
             "funding": [
                 {
@@ -3886,7 +3887,7 @@
                     "type": "github"
                 }
             ],
-            "time": "2020-11-30T08:20:02+00:00"
+            "time": "2024-03-01T13:42:41+00:00"
         },
         {
             "name": "phpunit/php-token-stream",
@@ -4038,16 +4039,16 @@
         },
         {
             "name": "sebastian/code-unit-reverse-lookup",
-            "version": "1.0.2",
+            "version": "1.0.3",
             "source": {
                 "type": "git",
                 "url": "https://github.com/sebastianbergmann/code-unit-reverse-lookup.git",
-                "reference": "1de8cd5c010cb153fcd68b8d0f64606f523f7619"
+                "reference": "92a1a52e86d34cde6caa54f1b5ffa9fda18e5d54"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/sebastianbergmann/code-unit-reverse-lookup/zipball/1de8cd5c010cb153fcd68b8d0f64606f523f7619",
-                "reference": "1de8cd5c010cb153fcd68b8d0f64606f523f7619",
+                "url": "https://api.github.com/repos/sebastianbergmann/code-unit-reverse-lookup/zipball/92a1a52e86d34cde6caa54f1b5ffa9fda18e5d54",
+                "reference": "92a1a52e86d34cde6caa54f1b5ffa9fda18e5d54",
                 "shasum": ""
             },
             "require": {
@@ -4081,7 +4082,7 @@
             "homepage": "https://github.com/sebastianbergmann/code-unit-reverse-lookup/",
             "support": {
                 "issues": "https://github.com/sebastianbergmann/code-unit-reverse-lookup/issues",
-                "source": "https://github.com/sebastianbergmann/code-unit-reverse-lookup/tree/1.0.2"
+                "source": "https://github.com/sebastianbergmann/code-unit-reverse-lookup/tree/1.0.3"
             },
             "funding": [
                 {
@@ -4089,7 +4090,7 @@
                     "type": "github"
                 }
             ],
-            "time": "2020-11-30T08:15:22+00:00"
+            "time": "2024-03-01T13:45:45+00:00"
         },
         {
             "name": "sebastian/comparator",
@@ -4167,16 +4168,16 @@
         },
         {
             "name": "sebastian/diff",
-            "version": "3.0.4",
+            "version": "3.0.6",
             "source": {
                 "type": "git",
                 "url": "https://github.com/sebastianbergmann/diff.git",
-                "reference": "6296a0c086dd0117c1b78b059374d7fcbe7545ae"
+                "reference": "98ff311ca519c3aa73ccd3de053bdb377171d7b6"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/sebastianbergmann/diff/zipball/6296a0c086dd0117c1b78b059374d7fcbe7545ae",
-                "reference": "6296a0c086dd0117c1b78b059374d7fcbe7545ae",
+                "url": "https://api.github.com/repos/sebastianbergmann/diff/zipball/98ff311ca519c3aa73ccd3de053bdb377171d7b6",
+                "reference": "98ff311ca519c3aa73ccd3de053bdb377171d7b6",
                 "shasum": ""
             },
             "require": {
@@ -4221,7 +4222,7 @@
             ],
             "support": {
                 "issues": "https://github.com/sebastianbergmann/diff/issues",
-                "source": "https://github.com/sebastianbergmann/diff/tree/3.0.4"
+                "source": "https://github.com/sebastianbergmann/diff/tree/3.0.6"
             },
             "funding": [
                 {
@@ -4229,20 +4230,20 @@
                     "type": "github"
                 }
             ],
-            "time": "2023-05-07T05:30:20+00:00"
+            "time": "2024-03-02T06:16:36+00:00"
         },
         {
             "name": "sebastian/environment",
-            "version": "4.2.4",
+            "version": "4.2.5",
             "source": {
                 "type": "git",
                 "url": "https://github.com/sebastianbergmann/environment.git",
-                "reference": "d47bbbad83711771f167c72d4e3f25f7fcc1f8b0"
+                "reference": "56932f6049a0482853056ffd617c91ffcc754205"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/sebastianbergmann/environment/zipball/d47bbbad83711771f167c72d4e3f25f7fcc1f8b0",
-                "reference": "d47bbbad83711771f167c72d4e3f25f7fcc1f8b0",
+                "url": "https://api.github.com/repos/sebastianbergmann/environment/zipball/56932f6049a0482853056ffd617c91ffcc754205",
+                "reference": "56932f6049a0482853056ffd617c91ffcc754205",
                 "shasum": ""
             },
             "require": {
@@ -4284,7 +4285,7 @@
             ],
             "support": {
                 "issues": "https://github.com/sebastianbergmann/environment/issues",
-                "source": "https://github.com/sebastianbergmann/environment/tree/4.2.4"
+                "source": "https://github.com/sebastianbergmann/environment/tree/4.2.5"
             },
             "funding": [
                 {
@@ -4292,24 +4293,24 @@
                     "type": "github"
                 }
             ],
-            "time": "2020-11-30T07:53:42+00:00"
+            "time": "2024-03-01T13:49:59+00:00"
         },
         {
             "name": "sebastian/exporter",
-            "version": "3.1.5",
+            "version": "3.1.6",
             "source": {
                 "type": "git",
                 "url": "https://github.com/sebastianbergmann/exporter.git",
-                "reference": "73a9676f2833b9a7c36968f9d882589cd75511e6"
+                "reference": "1939bc8fd1d39adcfa88c5b35335910869214c56"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/sebastianbergmann/exporter/zipball/73a9676f2833b9a7c36968f9d882589cd75511e6",
-                "reference": "73a9676f2833b9a7c36968f9d882589cd75511e6",
+                "url": "https://api.github.com/repos/sebastianbergmann/exporter/zipball/1939bc8fd1d39adcfa88c5b35335910869214c56",
+                "reference": "1939bc8fd1d39adcfa88c5b35335910869214c56",
                 "shasum": ""
             },
             "require": {
-                "php": ">=7.0",
+                "php": ">=7.2",
                 "sebastian/recursion-context": "^3.0"
             },
             "require-dev": {
@@ -4361,7 +4362,7 @@
             ],
             "support": {
                 "issues": "https://github.com/sebastianbergmann/exporter/issues",
-                "source": "https://github.com/sebastianbergmann/exporter/tree/3.1.5"
+                "source": "https://github.com/sebastianbergmann/exporter/tree/3.1.6"
             },
             "funding": [
                 {
@@ -4369,7 +4370,7 @@
                     "type": "github"
                 }
             ],
-            "time": "2022-09-14T06:00:17+00:00"
+            "time": "2024-03-02T06:21:38+00:00"
         },
         {
             "name": "sebastian/global-state",
@@ -4428,16 +4429,16 @@
         },
         {
             "name": "sebastian/object-enumerator",
-            "version": "3.0.4",
+            "version": "3.0.5",
             "source": {
                 "type": "git",
                 "url": "https://github.com/sebastianbergmann/object-enumerator.git",
-                "reference": "e67f6d32ebd0c749cf9d1dbd9f226c727043cdf2"
+                "reference": "ac5b293dba925751b808e02923399fb44ff0d541"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/sebastianbergmann/object-enumerator/zipball/e67f6d32ebd0c749cf9d1dbd9f226c727043cdf2",
-                "reference": "e67f6d32ebd0c749cf9d1dbd9f226c727043cdf2",
+                "url": "https://api.github.com/repos/sebastianbergmann/object-enumerator/zipball/ac5b293dba925751b808e02923399fb44ff0d541",
+                "reference": "ac5b293dba925751b808e02923399fb44ff0d541",
                 "shasum": ""
             },
             "require": {
@@ -4473,7 +4474,7 @@
             "homepage": "https://github.com/sebastianbergmann/object-enumerator/",
             "support": {
                 "issues": "https://github.com/sebastianbergmann/object-enumerator/issues",
-                "source": "https://github.com/sebastianbergmann/object-enumerator/tree/3.0.4"
+                "source": "https://github.com/sebastianbergmann/object-enumerator/tree/3.0.5"
             },
             "funding": [
                 {
@@ -4481,20 +4482,20 @@
                     "type": "github"
                 }
             ],
-            "time": "2020-11-30T07:40:27+00:00"
+            "time": "2024-03-01T13:54:02+00:00"
         },
         {
             "name": "sebastian/object-reflector",
-            "version": "1.1.2",
+            "version": "1.1.3",
             "source": {
                 "type": "git",
                 "url": "https://github.com/sebastianbergmann/object-reflector.git",
-                "reference": "9b8772b9cbd456ab45d4a598d2dd1a1bced6363d"
+                "reference": "1d439c229e61f244ff1f211e5c99737f90c67def"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/sebastianbergmann/object-reflector/zipball/9b8772b9cbd456ab45d4a598d2dd1a1bced6363d",
-                "reference": "9b8772b9cbd456ab45d4a598d2dd1a1bced6363d",
+                "url": "https://api.github.com/repos/sebastianbergmann/object-reflector/zipball/1d439c229e61f244ff1f211e5c99737f90c67def",
+                "reference": "1d439c229e61f244ff1f211e5c99737f90c67def",
                 "shasum": ""
             },
             "require": {
@@ -4528,7 +4529,7 @@
             "homepage": "https://github.com/sebastianbergmann/object-reflector/",
             "support": {
                 "issues": "https://github.com/sebastianbergmann/object-reflector/issues",
-                "source": "https://github.com/sebastianbergmann/object-reflector/tree/1.1.2"
+                "source": "https://github.com/sebastianbergmann/object-reflector/tree/1.1.3"
             },
             "funding": [
                 {
@@ -4536,20 +4537,20 @@
                     "type": "github"
                 }
             ],
-            "time": "2020-11-30T07:37:18+00:00"
+            "time": "2024-03-01T13:56:04+00:00"
         },
         {
             "name": "sebastian/recursion-context",
-            "version": "3.0.1",
+            "version": "3.0.2",
             "source": {
                 "type": "git",
                 "url": "https://github.com/sebastianbergmann/recursion-context.git",
-                "reference": "367dcba38d6e1977be014dc4b22f47a484dac7fb"
+                "reference": "9bfd3c6f1f08c026f542032dfb42813544f7d64c"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/sebastianbergmann/recursion-context/zipball/367dcba38d6e1977be014dc4b22f47a484dac7fb",
-                "reference": "367dcba38d6e1977be014dc4b22f47a484dac7fb",
+                "url": "https://api.github.com/repos/sebastianbergmann/recursion-context/zipball/9bfd3c6f1f08c026f542032dfb42813544f7d64c",
+                "reference": "9bfd3c6f1f08c026f542032dfb42813544f7d64c",
                 "shasum": ""
             },
             "require": {
@@ -4591,7 +4592,7 @@
             "homepage": "http://www.github.com/sebastianbergmann/recursion-context",
             "support": {
                 "issues": "https://github.com/sebastianbergmann/recursion-context/issues",
-                "source": "https://github.com/sebastianbergmann/recursion-context/tree/3.0.1"
+                "source": "https://github.com/sebastianbergmann/recursion-context/tree/3.0.2"
             },
             "funding": [
                 {
@@ -4599,20 +4600,20 @@
                     "type": "github"
                 }
             ],
-            "time": "2020-11-30T07:34:24+00:00"
+            "time": "2024-03-01T14:07:30+00:00"
         },
         {
             "name": "sebastian/resource-operations",
-            "version": "2.0.2",
+            "version": "2.0.3",
             "source": {
                 "type": "git",
                 "url": "https://github.com/sebastianbergmann/resource-operations.git",
-                "reference": "31d35ca87926450c44eae7e2611d45a7a65ea8b3"
+                "reference": "72a7f7674d053d548003b16ff5a106e7e0e06eee"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/sebastianbergmann/resource-operations/zipball/31d35ca87926450c44eae7e2611d45a7a65ea8b3",
-                "reference": "31d35ca87926450c44eae7e2611d45a7a65ea8b3",
+                "url": "https://api.github.com/repos/sebastianbergmann/resource-operations/zipball/72a7f7674d053d548003b16ff5a106e7e0e06eee",
+                "reference": "72a7f7674d053d548003b16ff5a106e7e0e06eee",
                 "shasum": ""
             },
             "require": {
@@ -4642,8 +4643,7 @@
             "description": "Provides a list of PHP built-in functions that operate on resources",
             "homepage": "https://www.github.com/sebastianbergmann/resource-operations",
             "support": {
-                "issues": "https://github.com/sebastianbergmann/resource-operations/issues",
-                "source": "https://github.com/sebastianbergmann/resource-operations/tree/2.0.2"
+                "source": "https://github.com/sebastianbergmann/resource-operations/tree/2.0.3"
             },
             "funding": [
                 {
@@ -4651,7 +4651,7 @@
                     "type": "github"
                 }
             ],
-            "time": "2020-11-30T07:30:19+00:00"
+            "time": "2024-03-01T13:59:09+00:00"
         },
         {
             "name": "sebastian/version",
@@ -4702,16 +4702,16 @@
         },
         {
             "name": "squizlabs/php_codesniffer",
-            "version": "3.9.0",
+            "version": "3.10.1",
             "source": {
                 "type": "git",
                 "url": "https://github.com/PHPCSStandards/PHP_CodeSniffer.git",
-                "reference": "d63cee4890a8afaf86a22e51ad4d97c91dd4579b"
+                "reference": "8f90f7a53ce271935282967f53d0894f8f1ff877"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/PHPCSStandards/PHP_CodeSniffer/zipball/d63cee4890a8afaf86a22e51ad4d97c91dd4579b",
-                "reference": "d63cee4890a8afaf86a22e51ad4d97c91dd4579b",
+                "url": "https://api.github.com/repos/PHPCSStandards/PHP_CodeSniffer/zipball/8f90f7a53ce271935282967f53d0894f8f1ff877",
+                "reference": "8f90f7a53ce271935282967f53d0894f8f1ff877",
                 "shasum": ""
             },
             "require": {
@@ -4778,7 +4778,7 @@
                     "type": "open_collective"
                 }
             ],
-            "time": "2024-02-16T15:06:51+00:00"
+            "time": "2024-05-22T21:24:41+00:00"
         },
         {
             "name": "symfony/browser-kit",
@@ -4985,16 +4985,16 @@
         },
         {
             "name": "theseer/tokenizer",
-            "version": "1.2.2",
+            "version": "1.2.3",
             "source": {
                 "type": "git",
                 "url": "https://github.com/theseer/tokenizer.git",
-                "reference": "b2ad5003ca10d4ee50a12da31de12a5774ba6b96"
+                "reference": "737eda637ed5e28c3413cb1ebe8bb52cbf1ca7a2"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/theseer/tokenizer/zipball/b2ad5003ca10d4ee50a12da31de12a5774ba6b96",
-                "reference": "b2ad5003ca10d4ee50a12da31de12a5774ba6b96",
+                "url": "https://api.github.com/repos/theseer/tokenizer/zipball/737eda637ed5e28c3413cb1ebe8bb52cbf1ca7a2",
+                "reference": "737eda637ed5e28c3413cb1ebe8bb52cbf1ca7a2",
                 "shasum": ""
             },
             "require": {
@@ -5023,7 +5023,7 @@
             "description": "A small library for converting tokenized PHP source code into XML and potentially other formats",
             "support": {
                 "issues": "https://github.com/theseer/tokenizer/issues",
-                "source": "https://github.com/theseer/tokenizer/tree/1.2.2"
+                "source": "https://github.com/theseer/tokenizer/tree/1.2.3"
             },
             "funding": [
                 {
@@ -5031,7 +5031,7 @@
                     "type": "github"
                 }
             ],
-            "time": "2023-11-20T00:12:19+00:00"
+            "time": "2024-03-03T12:36:25+00:00"
         },
         {
             "name": "webmozart/assert",

phpBB/config/default/container/services_console.yml

@@ -281,6 +281,22 @@ services:
         tags:
             - { name: console.command }
 
+    console.command.user.delete_id:
+        class: phpbb\console\command\user\delete_id
+        arguments:
+            - '@dbal.conn'
+            - '@language'
+            - '@log'
+            - '@user'
+            - '@user_loader'
+            - '%tables.bots%'
+            - '%tables.user_group%'
+            - '%tables.users%'
+            - '%core.root_path%'
+            - '%core.php_ext%'
+        tags:
+            - { name: console.command }
+
     console.command.user.reclean:
         class: phpbb\console\command\user\reclean
         arguments:

phpBB/config/default/container/services_ucp.yml

@@ -1,4 +1,15 @@
 services:
+    phpbb.ucp.controller.delete_cookies:
+        class: phpbb\ucp\controller\delete_cookies
+        arguments:
+            - '@config'
+            - '@dispatcher'
+            - '@language'
+            - '@request'
+            - '@user'
+            - '%core.root_path%'
+            - '%core.php_ext%'
+
     phpbb.ucp.controller.reset_password:
         class: phpbb\ucp\controller\reset_password
         arguments:

phpBB/config/default/routing/ucp.yml

@@ -1,3 +1,7 @@
+phpbb_ucp_delete_cookies_controller:
+    path: /delete_cookies
+    defaults: { _controller: phpbb.ucp.controller.delete_cookies:handle }
+
 phpbb_ucp_reset_password_controller:
     path: /reset_password
     defaults: { _controller: phpbb.ucp.controller.reset_password:reset }

phpBB/docs/CHANGELOG.html

@@ -50,6 +50,10 @@
 <ol>
 	<li><a href="#changelog">Changelog</a>
 	<ul>
+		<li><a href="#v3314rc1">Changes since 3.3.14-RC1</a></li>
+		<li><a href="#v3313">Changes since 3.3.13</a></li>
+		<li><a href="#v3313rc1">Changes since 3.3.13-RC1</a></li>
+		<li><a href="#v3312">Changes since 3.3.12</a></li>
 		<li><a href="#v3312rc1">Changes since 3.3.12-RC1</a></li>
 		<li><a href="#v3311">Changes since 3.3.11</a></li>
 		<li><a href="#v3310">Changes since 3.3.10</a></li>
@@ -169,6 +173,97 @@
 		<div class="inner">
 
 		<div class="content">
+			<a name="v3314rc1"></a><h3>Changes since 3.3.14-RC1</h3>
+			<h4>Improvement</h4>
+			<ul>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17421">PHPBB-17421</a>] - Rename section for not installed extensions to not installed</li>
+			</ul>
+
+			<a name="v3313"></a><h3>Changes since 3.3.13</h3>
+			<h4>Bug</h4>
+			<ul>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17181">PHPBB-17181</a>] - If statement to highlight Reported PMS on the view message page doesn't work.</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17383">PHPBB-17383</a>] - HELO/EHLO error while using gethostbyaddr()</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17384">PHPBB-17384</a>] - Passing E_USER_ERROR to trigger_error() is deprecated in PHP 8.4</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17385">PHPBB-17385</a>] - Version check without SSL flag for CDB extensions fails</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17386">PHPBB-17386</a>] - Incorrect trace result while tracing user-based permissions</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17387">PHPBB-17387</a>] - PHP warnings in search results</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17390">PHPBB-17390</a>] - Missing buttons for approval of new messages</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17391">PHPBB-17391</a>] - PHP warnings on attempt to create user group having name already in use</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17398">PHPBB-17398</a>] - Ajax error on deleting cookies</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17405">PHPBB-17405</a>] - Function phpbb_gmgetdate() returns incorrect result for edge cases</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17410">PHPBB-17410</a>] - UCP tabs do not work when testing out another user's permissions</li>
+			</ul>
+			<h4>Improvement</h4>
+			<ul>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-16852">PHPBB-16852</a>] - Addition of a new PHP event concerning bump topics</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17359">PHPBB-17359</a>] - Distinct disabled and not installed extensions in the list</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17376">PHPBB-17376</a>] - Link reference to quote post is a poor accessibility experience</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17382">PHPBB-17382</a>] - Incorrect grammar on FAQ page regarding searching for members</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17388">PHPBB-17388</a>] - Add php event to bump_topic_allowed function</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17394">PHPBB-17394</a>] - Check mergeability of PR on GitHub Actions</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17396">PHPBB-17396</a>] - Automatically handle merges of 3.3.x into master</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17397">PHPBB-17397</a>] - Add event for forum_data query in viewforum</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17402">PHPBB-17402</a>] - Add possibility to force reparsing BBCode via CLI</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17407">PHPBB-17407</a>] - Limit mergeability check to single comment</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17411">PHPBB-17411</a>] - Add core event to search.php</li>
+			</ul>
+
+			<a name="v3313rc1"></a><h3>Changes since 3.3.13-RC1</h3>
+			<h4>Bug</h4>
+			<ul>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17377">PHPBB-17377</a>] - MSSQL builds on GitHub actions broken</li>
+			</ul>
+
+			<a name="v3312"></a><h3>Changes since 3.3.12</h3>
+			<h4>Bug</h4>
+			<ul>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-13916">PHPBB-13916</a>] - Cancelling save draft removes previous notify setting on posting page</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-14454">PHPBB-14454</a>] - Accessing ACP modules while testing user permissions returns a General Error</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-15043">PHPBB-15043</a>] - Searching no longer working in 3.2.0</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-15576">PHPBB-15576</a>] - PM subject truncated to shorter length than maxlength</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-16213">PHPBB-16213</a>] - vendor and phpbb folders should have .htaccess files</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-16907">PHPBB-16907</a>] - &quot;phpbb&quot; value in &quot;hiddenSegments&quot; blocks client requests for extensions in IIS</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17109">PHPBB-17109</a>] - Users without the &quot;Can use signature&quot; permission should not see checkboxes for signature</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17175">PHPBB-17175</a>] - Breadcrumbs show wrong forum and topic when using 'email topic'</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17301">PHPBB-17301</a>] - Wrong length parameter for fread in phpbb/cache/driver/file.php can lead to unusable forum</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17327">PHPBB-17327</a>] - Fix linting issue in console user add command</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17332">PHPBB-17332</a>] - New permission copied from existing permission ignores permission set options</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17337">PHPBB-17337</a>] - Transaction begin is missing from mysqli driver </li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17338">PHPBB-17338</a>] - Incorrect members list sorting by user_last_visit</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17351">PHPBB-17351</a>] - phpBB2 password hashes incorrectly handled during rehash cron</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17352">PHPBB-17352</a>] - Long rank titles push other profile details below</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17353">PHPBB-17353</a>] - Gravatar avatar src is not image src</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17356">PHPBB-17356</a>] - Errors hidden by at are being displayed in PHP 8 or newer</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17358">PHPBB-17358</a>] - Redis cache never expires with the TTL of 0</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17362">PHPBB-17362</a>] - Missing declaration of property in extension manager</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17365">PHPBB-17365</a>] - Enforce the search word limit on queries containing operators without white space</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17366">PHPBB-17366</a>] - Captcha disappears on error message from registration &amp; posting</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17369">PHPBB-17369</a>] - Permanently deleting soft-deleted topics returns incorrect forum in redirect link</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17370">PHPBB-17370</a>] - Deleting Cookies on FAQ/other pages</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17374">PHPBB-17374</a>] - ACP - Maintenance - Logs: Deleting Error / Bug</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17375">PHPBB-17375</a>] - User lastvisit gets updated too often in session garbage collection</li>
+			</ul>
+			<h4>Improvement</h4>
+			<ul>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-16553">PHPBB-16553</a>] - Disapproving a reported post causes a &quot;Module not accessible&quot; error</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17308">PHPBB-17308</a>] - Rename tracker project key to PHPBB-</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17315">PHPBB-17315</a>] - Add new template events to group</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17316">PHPBB-17316</a>] - Add template events to ucp_groups_manage</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17317">PHPBB-17317</a>] - Update button text and make it more readable</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17325">PHPBB-17325</a>] - Show explicit message for &quot;Re-Check version&quot; if installed version is still up to date</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17340">PHPBB-17340</a>] - Update composer to 2.7.7</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17342">PHPBB-17342</a>] - Add PHP 8.4-dev tests to GitHub Actions</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17347">PHPBB-17347</a>] - Support deleting users by ID via console</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17350">PHPBB-17350</a>] - Add user IP address to log when installing extensions on fresh installs</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17355">PHPBB-17355</a>] - Update gravatar hash to sha256</li>
+			</ul>
+			<h4>Task</h4>
+			<ul>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-13933">PHPBB-13933</a>] - Update tokens' definitions in acp_bbcodes</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-16890">PHPBB-16890</a>] - Edit the config sample files and web.config to deny access to the &quot;config&quot; directory</li>
+			</ul>
+
 			<a name="v3312rc1"></a><h3>Changes since 3.3.12-RC1</h3>
 			<h4>Bug</h4>
 			<ul>

phpBB/docs/events.md

@@ -94,6 +94,20 @@ acp_ext_list_enabled_title_after
 * Since: 3.1.11-RC1
 * Purpose: Add text after enabled extensions section title.
 
+acp_ext_list_not_installed_name_after
+===
+* Location: adm/style/acp_ext_list.html
+* Since: 3.3.14-RC1
+* Changed: 3.3.14 Renamed from acp_ext_list_available_name_after
+* Purpose: Add content after the name of not installed extensions in the list
+
+acp_ext_list_not_installed_title_after
+===
+* Location: adm/style/acp_ext_list.html
+* Since: 3.3.14-RC1
+* Changed: 3.3.14 Renamed from acp_ext_list_available_title_after
+* Purpose: Add text after not installed extensions section title.
+
 acp_forums_custom_settings
 ===
 * Location: adm/style/acp_forums.html
@@ -184,6 +198,24 @@ acp_group_types_prepend
 * Since: 3.2.9-RC1
 * Purpose: Add additional group type options to group settings (prepend the list)
 
+acp_groups_add_user_options_after
+===
+* Location: adm/style/acp_groups.html
+* Since: 3.3.13-RC1
+* Purpose: Add content after options for adding user to group in the ACP
+
+acp_groups_add_user_options_before
+===
+* Location: adm/style/acp_groups.html
+* Since: 3.3.13-RC1
+* Purpose: Add content before options for adding user to group in the ACP
+
+acp_groups_add_user_usernames_before
+===
+* Location: adm/style/acp_groups.html
+* Since: 3.3.13-RC1
+* Purpose: Add content before usernames option for adding user to group in the ACP
+
 acp_groups_find_username_append
 ===
 * Location: adm/style/acp_groups.html
@@ -2535,6 +2567,20 @@ ucp_friend_list_before
 * Since: 3.1.0-a4
 * Purpose: Add optional elements before list of friends in UCP
 
+ucp_group_settings_after
+===
+* Locations:
+    + styles/prosilver/template/ucp_groups_manage.html
+* Since: 3.3.13-RC1
+* Purpose: Add content after options for managing a group in the UCP
+
+ucp_group_settings_before
+===
+* Locations:
+    + styles/prosilver/template/ucp_groups_manage.html
+* Since: 3.3.13-RC1
+* Purpose: Add content before options for managing a group in the UCP
+
 ucp_header_content_before
 ===
 * Locations:

phpBB/docs/lighttpd.sample.conf

@@ -1,7 +1,7 @@
 # Sample lighttpd configuration file for phpBB.
 # Global settings have been removed, copy them
 # from your system's lighttpd.conf.
-# Tested with lighttpd 1.4.35
+# Tested with lighttpd 1.4.36
 
 # If you want to use the X-Sendfile feature,
 # uncomment the 'allow-x-send-file' for the fastcgi
@@ -13,7 +13,7 @@
 # for the details on X-Sendfile.
 
 # Load moules
-server.modules += ( 
+server.modules += (
 	"mod_access",
 	"mod_fastcgi",
 	"mod_rewrite",
@@ -32,12 +32,12 @@ $HTTP["host"] == "www.myforums.com" {
 	server.name				= "www.myforums.com"
 	server.document-root	= "/path/to/phpbb"
 	server.dir-listing		= "disable"
-	
+
 	index-file.names		= ( "index.php", "index.htm", "index.html" )
 	accesslog.filename		= "/var/log/lighttpd/access-www.myforums.com.log"
-	
-	# Deny access to internal phpbb files.	
-	$HTTP["url"] =~ "^/(config\.php|common\.php|cache|files|images/avatars/upload|includes|phpbb|store|vendor)" {
+
+	# Deny access to internal phpbb files.
+	$HTTP["url"] =~ "^/(config|common\.php|cache|files|images/avatars/upload|includes|phpbb|store|vendor)" {
 		url.access-deny = ( "" )
 	}
 
@@ -45,27 +45,28 @@ $HTTP["host"] == "www.myforums.com" {
 	$HTTP["url"] =~ "/\.svn|/\.git" {
 		url.access-deny = ( "" )
 	}
-	
+
 	# Deny access to apache configuration files.
 	$HTTP["url"] =~ "/\.htaccess|/\.htpasswd|/\.htgroups" {
 		url.access-deny = ( "" )
 	}
-	
+
 	# The following 3 lines will rewrite URLs passed through the front controller
 	# to not require app.php in the actual URL. In other words, a controller is
 	# by default accessed at /app.php/my/controller, but can also be accessed at
 	# /my/controller
 	url.rewrite-if-not-file = (
-	   "^/(.*)$" => "/app.php/$1"
+		"^/install/(.*)$" => "/install/app.php/$1",
+		"^/(.*)$" => "/app.php/$1"
 	)
-	
-	fastcgi.server = ( ".php" => 
+
+	fastcgi.server = ( ".php" =>
 		((
 			"bin-path" => "/usr/bin/php-cgi",
 			"socket" => "/tmp/php.socket",
 			"max-procs" => 4,
 			"idle-timeout" => 30,
-			"bin-environment" => ( 
+			"bin-environment" => (
 				"PHP_FCGI_CHILDREN" => "10",
 				"PHP_FCGI_MAX_REQUESTS" => "10000"
 			),

phpBB/docs/nginx.sample.conf

@@ -63,7 +63,7 @@ server {
 		}
 
 		# Deny access to internal phpbb files.
-		location ~ /(config\.php|common\.php|cache|files|images/avatars/upload|includes|(?<!ext/)phpbb(?!\w+)|store|vendor) {
+		location ~ /(config|common\.php|cache|files|images/avatars/upload|includes|(?<!ext/)phpbb(?!\w+)|store|vendor) {
 			deny all;
 			# deny was ignored before 0.8.40 for connections over IPv6.
 			# Use internal directive to prohibit access on older versions.

phpBB/includes/acp/acp_bbcodes.php

@@ -110,6 +110,7 @@ class acp_bbcodes
 				);
 
 				$bbcode_tokens = array('TEXT', 'SIMPLETEXT', 'INTTEXT', 'IDENTIFIER', 'NUMBER', 'EMAIL', 'URL', 'LOCAL_URL', 'RELATIVE_URL', 'COLOR');
+				$bbcode_tokens = array_merge($bbcode_tokens, ['ALNUM', 'CHOICE', 'FLOAT', 'HASHMAP', 'INT', 'IP', 'IPPORT', 'IPV4', 'IPV6', 'MAP', 'RANGE', 'REGEXP', 'TIMESTAMP', 'UINT']);
 
 				/**
 				* Modify custom bbcode template data before we display the add/edit form

phpBB/includes/acp/acp_extensions.php

@@ -575,7 +575,7 @@ class acp_extensions
 			catch (exception_interface $e)
 			{
 				$message = call_user_func_array(array($this->user, 'lang'), array_merge(array($e->getMessage()), $e->get_parameters()));
-				$this->template->assign_block_vars('disabled', array(
+				$this->template->assign_block_vars('not_installed', array(
 					'META_DISPLAY_NAME'		=> $this->user->lang('EXTENSION_INVALID_LIST', $name, $message),
 					'S_VERSIONCHECK'		=> false,
 				));
@@ -589,9 +589,9 @@ class acp_extensions
 			$block_vars['NAME'] = $name;
 			$block_vars['U_DETAILS'] = $this->u_action . '&action=details&ext_name=' . urlencode($name);
 
-			$this->template->assign_block_vars('disabled', $block_vars);
+			$this->template->assign_block_vars('not_installed', $block_vars);
 
-			$this->output_actions('disabled', array(
+			$this->output_actions('not_installed', array(
 				'ENABLE'		=> $this->u_action . '&action=enable_pre&ext_name=' . urlencode($name),
 			));
 		}

phpBB/includes/acp/acp_groups.php

@@ -396,7 +396,7 @@ class acp_groups
 					$allow_desc_urls	= $request->variable('desc_parse_urls', false);
 					$allow_desc_smilies	= $request->variable('desc_parse_smilies', false);
 
-					$submit_ary = array(
+					$submit_ary = [
 						'colour'			=> $request->variable('group_colour', ''),
 						'rank'				=> $request->variable('group_rank', 0),
 						'receive_pm'		=> isset($_REQUEST['group_receive_pm']) ? 1 : 0,
@@ -406,7 +406,13 @@ class acp_groups
 						'max_recipients'	=> $request->variable('group_max_recipients', 0),
 						'founder_manage'	=> 0,
 						'skip_auth'			=> $request->variable('group_skip_auth', 0),
-					);
+
+						// Initialize avatar data
+						'avatar'			=> $avatar_data['avatar'] ?? '',
+						'avatar_type'		=> $avatar_data['avatar_type'] ?? '',
+						'avatar_height'		=> $avatar_data['avatar_height'] ?? 0,
+						'avatar_width'		=> $avatar_data['avatar_width'] ?? 0,
+					];
 
 					if ($user->data['user_type'] == USER_FOUNDER)
 					{

phpBB/includes/acp/acp_logs.php

@@ -51,7 +51,7 @@ class acp_logs
 		$pagination = $phpbb_container->get('pagination');
 
 		// Delete entries if requested and able
-		if (($deletemark || $deleteall) && $auth->acl_get('a_clearlogs'))
+		if (($deleteall || ($deletemark && count($marked))) && $auth->acl_get('a_clearlogs'))
 		{
 			if (confirm_box(true))
 			{

phpBB/includes/acp/acp_main.php

@@ -454,6 +454,7 @@ class acp_main
 				$template->assign_vars(array(
 					'S_VERSION_UP_TO_DATE'		=> empty($updates_available),
 					'S_VERSION_UPGRADEABLE'		=> !empty($upgrades_available),
+					'S_VERSIONCHECK_FORCE'		=> (bool) $recheck,
 					'UPGRADE_INSTRUCTIONS'		=> !empty($upgrades_available) ? $user->lang('UPGRADE_INSTRUCTIONS', $upgrades_available['current'], $upgrades_available['announcement']) : false,
 				));
 			}

phpBB/includes/acp/acp_users.php

@@ -1088,7 +1088,7 @@ class acp_users
 					$s_action_options .= '<option value="' . $value . '">' . $user->lang['USER_ADMIN_' . $lang] . '</option>';
 				}
 
-				$last_active = (!empty($user_row['session_time'])) ? $user_row['session_time'] : $user_row['user_last_active'];
+				$last_active = $user_row['user_last_active'] ?: ($user_row['session_time'] ?? 0);
 
 				$inactive_reason = '';
 				if ($user_row['user_type'] == USER_INACTIVE)

phpBB/includes/constants.php

@@ -28,7 +28,7 @@ if (!defined('IN_PHPBB'))
 */
 
 // phpBB Version
-@define('PHPBB_VERSION', '3.3.12');
+@define('PHPBB_VERSION', '3.3.14');
 
 // QA-related
 // define('PHPBB_QA', 1);

phpBB/includes/functions.php

@@ -107,9 +107,17 @@ function phpbb_gmgetdate($time = false)
 	}
 
 	// getdate() interprets timestamps in local time.
-	// What follows uses the fact that getdate() and
-	// date('Z') balance each other out.
-	return getdate($time - date('Z'));
+	// So use UTC timezone temporarily to get UTC date info array.
+	$current_timezone = date_default_timezone_get();
+
+	// Set UTC timezone and get respective date info
+	date_default_timezone_set('UTC');
+	$date_info = getdate($time);
+
+	// Restore timezone back
+	date_default_timezone_set($current_timezone);
+
+	return $date_info;
 }
 
 /**
@@ -3028,8 +3036,16 @@ function msg_handler($errno, $msg_text, $errfile, $errline)
 	global $phpbb_root_path, $msg_title, $msg_long_text, $phpbb_log;
 	global $phpbb_container;
 
+	// https://www.php.net/manual/en/language.operators.errorcontrol.php
+	// error_reporting() return a different error code inside the error handler after php 8.0
+	$suppresed = E_ERROR | E_CORE_ERROR | E_COMPILE_ERROR | E_USER_ERROR | E_RECOVERABLE_ERROR | E_PARSE;
+	if (PHP_VERSION_ID < 80000)
+	{
+		$suppresed = 0;
+	}
+
 	// Do not display notices if we suppress them via @
-	if (error_reporting() == 0 && $errno != E_USER_ERROR && $errno != E_USER_WARNING && $errno != E_USER_NOTICE)
+	if (error_reporting() == $suppresed && $errno != E_USER_ERROR && $errno != E_USER_WARNING && $errno != E_USER_NOTICE)
 	{
 		return;
 	}
@@ -4053,7 +4069,7 @@ function page_header($page_title = '', $display_online_list = false, $item_id =
 		'U_SEARCH_UNANSWERED'	=> append_sid("{$phpbb_root_path}search.$phpEx", 'search_id=unanswered'),
 		'U_SEARCH_UNREAD'		=> append_sid("{$phpbb_root_path}search.$phpEx", 'search_id=unreadposts'),
 		'U_SEARCH_ACTIVE_TOPICS'=> append_sid("{$phpbb_root_path}search.$phpEx", 'search_id=active_topics'),
-		'U_DELETE_COOKIES'		=> append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=delete_cookies'),
+		'U_DELETE_COOKIES'		=> $controller_helper->route('phpbb_ucp_delete_cookies_controller'),
 		'U_CONTACT_US'			=> ($config['contact_admin_form_enable'] && $config['email_enable']) ? append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=contactadmin') : '',
 		'U_TEAM'				=> (!$auth->acl_get('u_viewprofile')) ? '' : append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=team'),
 		'U_TERMS_USE'			=> append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=terms'),

phpBB/includes/functions_content.php

@@ -289,7 +289,27 @@ function make_jumpbox($action, $forum_id = false, $select_all = false, $acl_list
 */
 function bump_topic_allowed($forum_id, $topic_bumped, $last_post_time, $topic_poster, $last_topic_poster)
 {
-	global $config, $auth, $user;
+	global $config, $auth, $user, $phpbb_dispatcher;
+
+	/**
+	 * Event to run code before the topic bump checks
+	 *
+	 * @event core.bump_topic_allowed_before
+	 * @var	int		forum_id			ID of the forum
+	 * @var	int		topic_bumped		Flag indicating if the topic was already bumped (0/1)
+	 * @var	int		last_post_time		The time of the topic last post
+	 * @var	int		topic_poster		User ID of the topic author
+	 * @var	int		last_topic_poster	User ID of the topic last post author
+	 * @since 3.3.14-RC1
+	 */
+	$vars = [
+		'forum_id',
+		'topic_bumped',
+		'last_post_time',
+		'topic_poster',
+		'last_topic_poster',
+	];
+	extract($phpbb_dispatcher->trigger_event('core.bump_topic_allowed_before', compact($vars)));
 
 	// Check permission and make sure the last post was not already bumped
 	if (!$auth->acl_get('f_bump', $forum_id) || $topic_bumped)
@@ -312,6 +332,28 @@ function bump_topic_allowed($forum_id, $topic_bumped, $last_post_time, $topic_po
 		return false;
 	}
 
+	/**
+	 * Event to run code after the topic bump checks
+	 *
+	 * @event core.bump_topic_allowed_after
+	 * @var	int		forum_id			ID of the forum
+	 * @var	int		topic_bumped		Flag indicating if the topic was already bumped (0/1)
+	 * @var	int		last_post_time		The time of the topic last post
+	 * @var	int		topic_poster		User ID of the topic author
+	 * @var	int		last_topic_poster	User ID of the topic last post author
+	 * @var	int		bump_time			Bump time range
+	 * @since 3.3.14-RC1
+	 */
+	$vars = [
+		'forum_id',
+		'topic_bumped',
+		'last_post_time',
+		'topic_poster',
+		'last_topic_poster',
+		'bump_time',
+	];
+	extract($phpbb_dispatcher->trigger_event('core.bump_topic_allowed_after', compact($vars)));
+
 	// A bump time of 0 will completely disable the bump feature... not intended but might be useful.
 	return $bump_time;
 }
@@ -325,119 +367,95 @@ function bump_topic_allowed($forum_id, $topic_bumped, $last_post_time, $topic_po
 *
 * @return	string			Context of the specified words separated by "..."
 */
-function get_context($text, $words, $length = 400)
+function get_context(string $text, array $words, int $length = 400): string
 {
-	// first replace all whitespaces with single spaces
-	$text = preg_replace('/ +/', ' ', strtr($text, "\t\n\r\x0C ", '     '));
-
-	// we need to turn the entities back into their original form, to not cut the message in between them
-	$entities = array('<', '>', '[', ']', '.', ':', ':');
-	$characters = array('<', '>', '[', ']', '.', ':', ':');
-	$text = str_replace($entities, $characters, $text);
-
-	$word_indizes = array();
-	if (count($words))
+	if ($length <= 0)
 	{
-		$match = '';
-		// find the starting indizes of all words
-		foreach ($words as $word)
-		{
-			if ($word)
-			{
-				if (preg_match('#(?:[^\w]|^)(' . $word . ')(?:[^\w]|$)#i', $text, $match))
-				{
-					if (empty($match[1]))
-					{
-						continue;
-					}
-
-					$pos = utf8_strpos($text, $match[1]);
-					if ($pos !== false)
-					{
-						$word_indizes[] = $pos;
-					}
-				}
-			}
-		}
-		unset($match);
-
-		if (count($word_indizes))
-		{
-			$word_indizes = array_unique($word_indizes);
-			sort($word_indizes);
-
-			$wordnum = count($word_indizes);
-			// number of characters on the right and left side of each word
-			$sequence_length = (int) ($length / (2 * $wordnum)) - 2;
-			$final_text = '';
-			$word = $j = 0;
-			$final_text_index = -1;
-
-			// cycle through every character in the original text
-			for ($i = $word_indizes[$word], $n = utf8_strlen($text); $i < $n; $i++)
-			{
-				// if the current position is the start of one of the words then append $sequence_length characters to the final text
-				if (isset($word_indizes[$word]) && ($i == $word_indizes[$word]))
-				{
-					if ($final_text_index < $i - $sequence_length - 1)
-					{
-						$final_text .= '... ' . preg_replace('#^([^ ]*)#', '', utf8_substr($text, $i - $sequence_length, $sequence_length));
-					}
-					else
-					{
-						// if the final text is already nearer to the current word than $sequence_length we only append the text
-						// from its current index on and distribute the unused length to all other sequenes
-						$sequence_length += (int) (($final_text_index - $i + $sequence_length + 1) / (2 * $wordnum));
-						$final_text .= utf8_substr($text, $final_text_index + 1, $i - $final_text_index - 1);
-					}
-					$final_text_index = $i - 1;
-
-					// add the following characters to the final text (see below)
-					$word++;
-					$j = 1;
-				}
-
-				if ($j > 0)
-				{
-					// add the character to the final text and increment the sequence counter
-					$final_text .= utf8_substr($text, $i, 1);
-					$final_text_index++;
-					$j++;
-
-					// if this is a whitespace then check whether we are done with this sequence
-					if (utf8_substr($text, $i, 1) == ' ')
-					{
-						// only check whether we have to exit the context generation completely if we haven't already reached the end anyway
-						if ($i + 4 < $n)
-						{
-							if (($j > $sequence_length && $word >= $wordnum) || utf8_strlen($final_text) > $length)
-							{
-								$final_text .= ' ...';
-								break;
-							}
-						}
-						else
-						{
-							// make sure the text really reaches the end
-							$j -= 4;
-						}
-
-						// stop context generation and wait for the next word
-						if ($j > $sequence_length)
-						{
-							$j = 0;
-						}
-					}
-				}
-			}
-			return str_replace($characters, $entities, $final_text);
-		}
+		return $text;
 	}
 
-	if (!count($words) || !count($word_indizes))
+	// We need to turn the entities back into their original form, to not cut the message in between them
+	$text = htmlspecialchars_decode($text);
+
+	// Replace all spaces/invisible characters with single spaces
+	$text = preg_replace("/[\p{Z}\h\v]+/u", ' ', $text);
+
+	$text_length = utf8_strlen($text);
+
+	// Get first occurrence of each word
+	$word_indexes = [];
+	foreach ($words as $word)
 	{
-		return str_replace($characters, $entities, ((utf8_strlen($text) >= $length + 3) ? utf8_substr($text, 0, $length) . '...' : $text));
+		$pos = utf8_stripos($text, $word);
+
+		if ($pos !== false)
+		{
+			$word_indexes[$pos] = $word;
+		}
 	}
+	if (!empty($word_indexes))
+	{
+		ksort($word_indexes);
+
+		// Size of the fragment of text per word
+		$num_indexes = count($word_indexes);
+		$characters_per_word = (int) ($length / $num_indexes) + 2; // 2 to leave one character of margin at the sides to don't cut words
+
+		// Get text fragment indexes
+		$fragments = [];
+		foreach ($word_indexes as $index => $word)
+		{
+			$word_length = utf8_strlen($word);
+			$start = max(0, min($text_length - 1 - $characters_per_word, (int) ($index + ($word_length / 2) - ($characters_per_word / 2))));
+			$end = $start + $characters_per_word;
+
+			// Check if we can merge this fragment into the previous fragment
+			if (!empty($fragments))
+			{
+				[$prev_start, $prev_end] = end($fragments);
+
+				if ($prev_end + $characters_per_word >= $index + $word_length)
+				{
+					array_pop($fragments);
+					$start = $prev_start;
+					$end = $prev_end + $characters_per_word;
+				}
+			}
+
+			$fragments[] = [$start, $end];
+		}
+	}
+	else
+	{
+		// There is no coincidences, so we just create a fragment with the first $length characters
+		$fragments[] = [0, $length];
+		$end = $length;
+	}
+
+	$output = [];
+	foreach ($fragments as [$start, $end])
+	{
+		$fragment = utf8_substr($text, $start, $end - $start + 1);
+
+		$fragment_start = 0;
+		$fragment_end = $end - $start + 1;
+
+		// Find the first valid alphanumeric character in the fragment to don't cut words
+		if ($start > 0 && preg_match('/[^\p{L}\p{N}][\p{L}\p{N}]/u', $fragment, $matches, PREG_OFFSET_CAPTURE))
+		{
+			$fragment_start = utf8_strlen(substr($fragment, 0, (int) $matches[0][1])) + 1;
+		}
+
+		// Find the last valid alphanumeric character in the fragment to don't cut words
+		if ($end < $text_length - 1 && preg_match_all('/[\p{L}\p{N}][^\p{L}\p{N}]/u', $fragment, $matches, PREG_OFFSET_CAPTURE))
+		{
+			$fragment_end = utf8_strlen(substr($fragment, 0, end($matches[0])[1]));
+		}
+
+		$output[] = utf8_substr($fragment, $fragment_start, $fragment_end - $fragment_start + 1);
+	}
+
+	return ($fragments[0][0] !== 0 ? '... ' : '') . utf8_htmlspecialchars(implode(' ... ', $output)) . ($end < $text_length - 1 ? ' ...' : '');
 }
 
 /**

phpBB/includes/functions_display.php

@@ -1603,7 +1603,7 @@ function phpbb_show_profile($data, $user_notes_enabled = false, $warn_user_enabl
 
 	if ($data['user_allow_viewonline'] || $auth->acl_get('u_viewonline'))
 	{
-		$last_active = (!empty($data['session_time'])) ? $data['session_time'] : $data['user_last_active'];
+		$last_active = $data['user_last_active'] ?: ($data['session_time'] ?? 0);
 	}
 	else
 	{

phpBB/includes/functions_messenger.php

@@ -1418,22 +1418,22 @@ class smtp_class
 		global $user;
 
 		// Here we try to determine the *real* hostname (reverse DNS entry preferrably)
-		$local_host = $user->host;
-
-		if (function_exists('php_uname'))
+		if (function_exists('php_uname') && !empty($local_host = php_uname('n')))
 		{
-			$local_host = php_uname('n');
-
 			// Able to resolve name to IP
 			if (($addr = @gethostbyname($local_host)) !== $local_host)
 			{
 				// Able to resolve IP back to name
-				if (($name = @gethostbyaddr($addr)) !== $addr)
+				if (!empty($name = @gethostbyaddr($addr)) && $name !== $addr)
 				{
 					$local_host = $name;
 				}
 			}
 		}
+		else
+		{
+			$local_host = $user->host;
+		}
 
 		// If we are authenticating through pop-before-smtp, we
 		// have to login ones before we get authenticated

phpBB/includes/functions_module.php

@@ -480,7 +480,7 @@ class p_master
 	*/
 	function set_active($id = false, $mode = false)
 	{
-		global $request;
+		global $auth, $request, $user;
 
 		$icat = false;
 		$this->active_module = false;
@@ -502,6 +502,14 @@ class p_master
 			$id = $this->p_class . '_' . $id;
 		}
 
+		// Fallback to acp main page for special test permission mode
+		if ($this->p_class === 'acp' && $user->data['user_perm_from'] && $auth->acl_get('a_switchperm'))
+		{
+			$id = '';
+			$mode = '';
+			$icat = false;
+		}
+
 		$category = false;
 		foreach ($this->module_ary as $row_id => $item_ary)
 		{

phpBB/includes/functions_privmsgs.php

@@ -1689,7 +1689,7 @@ function submit_pm($mode, $subject, &$data_ary, $put_in_outbox = true)
 	}
 
 	// First of all make sure the subject are having the correct length.
-	$subject = truncate_string($subject);
+	$subject = truncate_string($subject, $mode === 'post' ? 120 : 124);
 
 	$db->sql_transaction('begin');
 

phpBB/includes/mcp/mcp_post.php

@@ -222,6 +222,7 @@ function mcp_post_details($id, $mode, $action)
 		'U_POST_ACTION'			=> "$url&i=$id&mode=post_details", // Use this for action parameters
 		'U_APPROVE_ACTION'		=> append_sid("{$phpbb_root_path}mcp.$phpEx", "i=queue&p=$post_id"),
 
+		'S_CAN_APPROVE'			=> $auth->acl_get('m_approve', $post_info['forum_id']),
 		'S_CAN_VIEWIP'			=> $auth->acl_get('m_info', $post_info['forum_id']),
 		'S_CAN_CHGPOSTER'		=> $auth->acl_get('m_chgposter', $post_info['forum_id']),
 		'S_CAN_LOCK_POST'		=> $auth->acl_get('m_lock', $post_info['forum_id']),

phpBB/includes/mcp/mcp_queue.php

@@ -284,6 +284,7 @@ class mcp_queue
 				$post_data = array(
 					'S_MCP_QUEUE'			=> true,
 					'U_APPROVE_ACTION'		=> append_sid("{$phpbb_root_path}mcp.$phpEx", "i=queue&p=$post_id"),
+					'S_CAN_APPROVE'			=> $auth->acl_get('m_approve', $post_info['forum_id']),
 					'S_CAN_DELETE_POST'		=> $auth->acl_get('m_delete', $post_info['forum_id']),
 					'S_CAN_VIEWIP'			=> $auth->acl_get('m_info', $post_info['forum_id']),
 					'S_POST_REPORTED'		=> $post_info['post_reported'],

phpBB/includes/mcp/mcp_reports.php

@@ -252,6 +252,7 @@ class mcp_reports
 				$report_template = array(
 					'S_MCP_REPORT'			=> true,
 					'S_CLOSE_ACTION'		=> append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=reports&mode=report_details&p=' . $post_id),
+					'S_CAN_APPROVE'			=> $auth->acl_get('m_approve', $post_info['forum_id']),
 					'S_CAN_VIEWIP'			=> $auth->acl_get('m_info', $post_info['forum_id']),
 					'S_POST_REPORTED'		=> $post_info['post_reported'],
 					'S_POST_UNAPPROVED'		=> $post_info['post_visibility'] == ITEM_UNAPPROVED || $post_info['post_visibility'] == ITEM_REAPPROVE,
@@ -260,6 +261,7 @@ class mcp_reports
 					'S_USER_NOTES'			=> true,
 
 					'U_EDIT'					=> ($auth->acl_get('m_edit', $post_info['forum_id'])) ? append_sid("{$phpbb_root_path}posting.$phpEx", "mode=edit&p={$post_info['post_id']}") : '',
+					'U_APPROVE_ACTION'			=> append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=queue&p=' . $post_id),
 					'U_MCP_APPROVE'				=> append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=queue&mode=approve_details&p=' . $post_id),
 					'U_MCP_REPORT'				=> append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=reports&mode=report_details&p=' . $post_id),
 					'U_MCP_REPORTER_NOTES'		=> append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=notes&mode=user_notes&u=' . $report['user_id']),

phpBB/includes/ucp/ucp_prefs.php

@@ -488,6 +488,8 @@ class ucp_prefs
 				}
 
 				$template->assign_vars(array(
+					'S_SIG_ALLOWED'	=> $config['allow_sig'] && $auth->acl_get('u_sig'),
+
 					'S_BBCODE'	=> $data['bbcode'],
 					'S_SMILIES'	=> $data['smilies'],
 					'S_SIG'		=> $data['sig'],

phpBB/includes/utf/utf_tools.php

@@ -72,6 +72,22 @@ function utf8_strpos($str, $needle, $offset = null)
 	}
 }
 
+/**
+* UTF-8 aware alternative to stripos
+* @ignore
+*/
+function utf8_stripos($str, $needle, $offset = null)
+{
+	if (is_null($offset))
+	{
+		return mb_stripos($str, $needle);
+	}
+	else
+	{
+		return mb_stripos($str, $needle, $offset);
+	}
+}
+
 /**
 * UTF-8 aware alternative to strtolower
 * @ignore

phpBB/install/convertors/convert_phpbb20.php

@@ -38,7 +38,7 @@ $dbms = $phpbb_config_php_file->convert_30_dbms_to_31($dbms);
 $convertor_data = array(
 	'forum_name'	=> 'phpBB 2.0.x',
 	'version'		=> '1.0.3',
-	'phpbb_version'	=> '3.3.12',
+	'phpbb_version'	=> '3.3.14',
 	'author'		=> '<a href="https://www.phpbb.com/">phpBB Limited</a>',
 	'dbms'			=> $dbms,
 	'dbhost'		=> $dbhost,

phpBB/install/phpbbcli.php

@@ -23,7 +23,7 @@ if (php_sapi_name() !== 'cli')
 define('IN_PHPBB', true);
 define('IN_INSTALL', true);
 define('PHPBB_ENVIRONMENT', 'production');
-define('PHPBB_VERSION', '3.3.12');
+define('PHPBB_VERSION', '3.3.14');
 $phpbb_root_path = __DIR__ . '/../';
 $phpEx = substr(strrchr(__FILE__, '.'), 1);
 

phpBB/install/schemas/schema_data.sql

@@ -316,7 +316,7 @@ INSERT INTO phpbb_config (config_name, config_value) VALUES ('update_hashes_lock
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('upload_icons_path', 'images/upload_icons');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('upload_path', 'files');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('use_system_cron', '0');
-INSERT INTO phpbb_config (config_name, config_value) VALUES ('version', '3.3.12');
+INSERT INTO phpbb_config (config_name, config_value) VALUES ('version', '3.3.14');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('warnings_expire_days', '90');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('warnings_gc', '14400');
 

phpBB/install/startup.php

@@ -51,7 +51,15 @@ function installer_msg_handler($errno, $msg_text, $errfile, $errline)
 {
 	global $phpbb_installer_container, $msg_long_text;
 
-	if (error_reporting() == 0)
+	// Acording to https://www.php.net/manual/en/language.operators.errorcontrol.php
+	// error_reporting() return a different error code inside the error handler after php 8.0
+	$suppresed = E_ERROR | E_CORE_ERROR | E_COMPILE_ERROR | E_USER_ERROR | E_RECOVERABLE_ERROR | E_PARSE;
+	if (PHP_VERSION_ID < 80000)
+	{
+		$suppresed = 0;
+	}
+
+	if (error_reporting() == $suppresed)
 	{
 		return true;
 	}

phpBB/language/en/acp/extensions.php

@@ -47,8 +47,9 @@ $lang = array_merge($lang, array(
 
 	'DETAILS'				=> 'Details',
 
-	'EXTENSIONS_DISABLED'	=> 'Disabled Extensions',
-	'EXTENSIONS_ENABLED'	=> 'Enabled Extensions',
+	'EXTENSIONS_NOT_INSTALLED'	=> 'Not installed Extensions',
+	'EXTENSIONS_DISABLED'		=> 'Disabled Extensions',
+	'EXTENSIONS_ENABLED'		=> 'Enabled Extensions',
 
 	'EXTENSION_DELETE_DATA'	=> 'Delete data',
 	'EXTENSION_DISABLE'		=> 'Disable',

phpBB/language/en/acp/posting.php

@@ -88,6 +88,20 @@ $lang = array_merge($lang, array(
 		'LOCAL_URL'		=> 'A local URL. The URL must be relative to the topic page and cannot contain a server name or protocol, as links are prefixed with “%s”',
 		'RELATIVE_URL'	=> 'A relative URL. You can use this to match parts of a URL, but be careful: a full URL is a valid relative URL. When you want to use relative URLs of your board, use the LOCAL_URL token.',
 		'COLOR'			=> 'A HTML colour, can be either in the numeric form <samp>#FF1234</samp> or a <a href="http://www.w3.org/TR/CSS21/syndata.html#value-def-color">CSS colour keyword</a> such as <samp>fuchsia</samp> or <samp>InactiveBorder</samp>',
+		'ALNUM'			=> 'Characters from the latin alphabet (A-Z) and numbers.',
+		'CHOICE'		=> 'A choice of specified values, e.g. <samp>{CHOICE=spades,hearts,diamonds,clubs}</samp>. The values are treated as case-insensitive by default and can be treated case-sensitive by specifying the <samp>caseSensitive</samp> option: <samp>{CHOICE=Spades,Hearts,Diamonds,Clubs;caseSensitive}</samp>',
+		'FLOAT'			=> 'A decimal value, e.g. <samp>0.5</samp>.',
+		'HASHMAP'		=> 'Maps strings to their replacement in the form <samp>{HASHMAP=string1:replacement1,string2:replacement2}</samp>. Case-sensitive. Preserves unknown values by default.',
+		'INT'			=> 'An integer value, e.g. <samp>2</samp>.',
+		'IP'			=> 'A valid IPv4 or IPv6 address.',
+		'IPPORT'		=> 'A valid IPv4 or IPv6 address with port number.',
+		'IPV4'			=> 'A valid IPv4 address.',
+		'IPV6'			=> 'A valid IPv6 address.',
+		'MAP'			=> 'Maps strings to their replacement in the form <samp>{MAP=string1:replacement1,string2:replacement2}</samp>. Case-insensitive. Preserves unknown values by default.',
+		'RANGE'			=> 'Accepts an integer in the given range, e.g. <samp>{RANGE=-10,42}</samp>.',
+		'REGEXP'		=> 'Validates its value against a given regexp, e.g. <samp>{REGEXP=/^foo\w+bar$/}</samp>.',
+		'TIMESTAMP'		=> 'A timestamp such as <samp>1h30m10s</samp> which will be converted to a number of seconds. Also accepts a number.',
+		'UINT'			=> 'An unsigned integer value. Same as <samp>{INT}</samp>, but rejects values less than 0.',
 	),
 ));
 

phpBB/language/en/cli.php

@@ -75,6 +75,7 @@ $lang = array_merge($lang, array(
 	'CLI_DESCRIPTION_REPARSER_REPARSE'					=> 'Reparses stored text with the current text_formatter services.',
 	'CLI_DESCRIPTION_REPARSER_REPARSE_ARG_1'			=> 'Type of text to reparse. Leave blank to reparse everything.',
 	'CLI_DESCRIPTION_REPARSER_REPARSE_OPT_DRY_RUN'		=> 'Do not save any changes; just print what would happen',
+	'CLI_DESCRIPTION_REPARSER_REPARSE_OPT_FORCE_BBCODE'	=> 'Re-parse all BBCodes without exception. Note that any previously disabled BBCodes will be reprocessed, enabled, and fully rendered.',
 	'CLI_DESCRIPTION_REPARSER_REPARSE_OPT_RANGE_MIN'	=> 'Lowest record ID to process',
 	'CLI_DESCRIPTION_REPARSER_REPARSE_OPT_RANGE_MAX'	=> 'Highest record ID to process',
 	'CLI_DESCRIPTION_REPARSER_REPARSE_OPT_RANGE_SIZE'	=> 'Approximate number of records to process at a time',
@@ -108,6 +109,8 @@ $lang = array_merge($lang, array(
 	'CLI_DESCRIPTION_USER_ADD_OPTION_NOTIFY'	=> 'Send account activation email to the new user (not sent by default)',
 	'CLI_DESCRIPTION_USER_DELETE'				=> 'Delete a user account.',
 	'CLI_DESCRIPTION_USER_DELETE_USERNAME'		=> 'Username of the user to delete',
+	'CLI_DESCRIPTION_USER_DELETE_ID'			=> 'Delete user accounts by ID.',
+	'CLI_DESCRIPTION_USER_DELETE_ID_OPTION_ID'	=> 'User IDs of the users to delete',
 	'CLI_DESCRIPTION_USER_DELETE_OPTION_POSTS'	=> 'Delete all posts by the user. Without this option, the user’s posts will be retained.',
 	'CLI_DESCRIPTION_USER_RECLEAN'				=> 'Re-clean usernames.',
 
@@ -155,10 +158,14 @@ $lang = array_merge($lang, array(
 	'CLI_THUMBNAIL_NOTHING_TO_GENERATE'	=> 'No thumbnails to generate.',
 	'CLI_THUMBNAIL_NOTHING_TO_DELETE'	=> 'No thumbnails to delete.',
 
-	'CLI_USER_ADD_SUCCESS'		=> 'Successfully added user %s.',
-	'CLI_USER_DELETE_CONFIRM'	=> 'Are you sure you want to delete ‘%s’? [y/N]',
-	'CLI_USER_RECLEAN_START'	=> 'Re-cleaning usernames',
-	'CLI_USER_RECLEAN_DONE'		=> [
+	'CLI_USER_ADD_SUCCESS'			=> 'Successfully added user %s.',
+	'CLI_USER_DELETE_CONFIRM'		=> 'Are you sure you want to delete ‘%s’? [y/N]',
+	'CLI_USER_DELETE_ID_CONFIRM'	=> 'Are you sure you want to delete the user IDs ‘%s’? [y/N]',
+	'CLI_USER_DELETE_ID_SUCCESS'	=> 'Successfully deleted user IDs.',
+	'CLI_USER_DELETE_ID_START'		=> 'Deleting users by ID',
+	'CLI_USER_DELETE_NONE'			=> 'No users were deleted by user ID.',
+	'CLI_USER_RECLEAN_START'		=> 'Re-cleaning usernames',
+	'CLI_USER_RECLEAN_DONE'			=> [
 		0	=> 'Re-cleaning complete. No usernames needed to be cleaned.',
 		1	=> 'Re-cleaning complete. %d username was cleaned.',
 		2	=> 'Re-cleaning complete. %d usernames were cleaned.',

phpBB/language/en/help/faq.php

@@ -158,7 +158,7 @@ $lang = array_merge($lang, array(
 	'HELP_FAQ_SEARCH_BLANK_QUESTION'	=> 'Why does my search return a blank page!?',
 	'HELP_FAQ_SEARCH_FORUM_ANSWER'	=> 'Enter a search term in the search box located on the index, forum or topic pages. Advanced search can be accessed by clicking the “Advance Search” link which is available on all pages on the forum. How to access the search may depend on the style used.',
 	'HELP_FAQ_SEARCH_FORUM_QUESTION'	=> 'How can I search a forum or forums?',
-	'HELP_FAQ_SEARCH_MEMBERS_ANSWER'	=> 'Visit to the “Members” page and click the “Find a member” link.',
+	'HELP_FAQ_SEARCH_MEMBERS_ANSWER'	=> 'Visit the memberlist and click the “Find a member” link.',
 	'HELP_FAQ_SEARCH_MEMBERS_QUESTION'	=> 'How do I search for members?',
 	'HELP_FAQ_SEARCH_NO_RESULT_ANSWER'	=> 'Your search was probably too vague and included many common terms which are not indexed by phpBB. Be more specific and use the options available within Advanced search.',
 	'HELP_FAQ_SEARCH_NO_RESULT_QUESTION'	=> 'Why does my search return no results?',

phpBB/language/en/viewtopic.php

@@ -112,6 +112,7 @@ $lang = array_merge($lang, array(
 	'VIEW_INFO'				=> 'Post details',
 	'VIEW_NEXT_TOPIC'		=> 'Next topic',
 	'VIEW_PREVIOUS_TOPIC'	=> 'Previous topic',
+	'VIEW_QUOTED_POST'		=> 'View quoted post',
 	'VIEW_RESULTS'			=> 'View results',
 	'VIEW_TOPIC_POSTS'		=> array(
 		1	=> '%d post',

phpBB/memberlist.php

@@ -941,10 +941,19 @@ switch ($mode)
 		}
 		else if ($topic_id)
 		{
-			$sql = 'SELECT f.parent_id, f.forum_parents, f.left_id, f.right_id, f.forum_type, f.forum_name, f.forum_id, f.forum_desc, f.forum_desc_uid, f.forum_desc_bitfield, f.forum_desc_options, f.forum_options, t.topic_title
-					FROM ' . FORUMS_TABLE . ' as f,
-						' . TOPICS_TABLE . ' as t
-					WHERE t.forum_id = f.forum_id';
+			// Generate the navlinks based on the selected topic
+			$navlinks_sql_array = [
+				'SELECT'    => 'f.parent_id, f.forum_parents, f.left_id, f.right_id, f.forum_type, f.forum_name, 
+					f.forum_id, f.forum_desc, f.forum_desc_uid, f.forum_desc_bitfield, f.forum_desc_options, 
+					f.forum_options, t.topic_title',
+				'FROM'      => [
+					FORUMS_TABLE  => 'f',
+					TOPICS_TABLE  => 't',
+				],
+				'WHERE'     => 't.forum_id = f.forum_id AND t.topic_id = ' . (int) $topic_id,
+			];
+
+			$sql = $db->sql_build_query('SELECT', $navlinks_sql_array);
 			$result = $db->sql_query($sql);
 			$topic_data = $db->sql_fetchrow($result);
 			$db->sql_freeresult($result);
@@ -1713,7 +1722,7 @@ switch ($mode)
 			{
 				$row['session_time'] = $session_ary[$row['user_id']]['session_time'] ?? 0;
 				$row['session_viewonline'] = $session_ary[$row['user_id']]['session_viewonline'] ?? 0;
-				$row['last_visit'] = (!empty($row['session_time'])) ? $row['session_time'] : $row['user_last_active'];
+				$row['last_visit'] = $row['user_last_active'] ?: $row['session_time'];
 
 				$id_cache[$row['user_id']] = $row;
 			}

phpBB/phpbb/.htaccess

@@ -0,0 +1,25 @@
+# With Apache 2.4 the "Order, Deny" syntax has been deprecated and moved from
+# module mod_authz_host to a new module called mod_access_compat (which may be
+# disabled) and a new "Require" syntax has been introduced to mod_authz_core.
+# We could just conditionally provide both versions, but unfortunately Apache
+# does not explicitly tell us its version if the module mod_version is not
+# available. In this case, we check for the availability of module
+# mod_authz_core (which should be on 2.4 or higher only) as a best guess.
+<IfModule mod_version.c>
+	<IfVersion < 2.4>
+		Order Allow,Deny
+		Deny from All
+	</IfVersion>
+	<IfVersion >= 2.4>
+		Require all denied
+	</IfVersion>
+</IfModule>
+<IfModule !mod_version.c>
+	<IfModule !mod_authz_core.c>
+		Order Allow,Deny
+		Deny from All
+	</IfModule>
+	<IfModule mod_authz_core.c>
+		Require all denied
+	</IfModule>
+</IfModule>

phpBB/phpbb/auth/auth.php

@@ -776,7 +776,7 @@ class auth
 
 		$sql_group = ($group_id !== false) ? ((!is_array($group_id)) ? 'group_id = ' . (int) $group_id : $db->sql_in_set('group_id', array_map('intval', $group_id))) : '';
 		$sql_forum = ($forum_id !== false) ? ((!is_array($forum_id)) ? 'AND a.forum_id = ' . (int) $forum_id : 'AND ' . $db->sql_in_set('a.forum_id', array_map('intval', $forum_id))) : '';
-		$sql_is_local = $forum_id !== false ? 'AND ao.is_local <> 0' : '';
+		$sql_is_local = !empty($forum_id) ? 'AND ao.is_local <> 0' : '';
 
 		$sql_opts = '';
 		$hold_ary = $sql_ary = array();

phpBB/phpbb/avatar/driver/gravatar.php

@@ -21,7 +21,7 @@ class gravatar extends \phpbb\avatar\driver\driver
 	/**
 	* The URL for the gravatar service
 	*/
-	const GRAVATAR_URL = '//secure.gravatar.com/avatar/';
+	const GRAVATAR_URL = '//gravatar.com/avatar/';
 
 	/**
 	* {@inheritdoc}
@@ -29,7 +29,7 @@ class gravatar extends \phpbb\avatar\driver\driver
 	public function get_data($row)
 	{
 		return array(
-			'src' => $row['avatar'],
+			'src' => $this->get_gravatar_url($row),
 			'width' => $row['avatar_width'],
 			'height' => $row['avatar_height'],
 		);
@@ -53,7 +53,7 @@ class gravatar extends \phpbb\avatar\driver\driver
 	{
 		$template->assign_vars(array(
 			'AVATAR_GRAVATAR_WIDTH' => (($row['avatar_type'] == $this->get_name() || $row['avatar_type'] == 'gravatar') && $row['avatar_width']) ? $row['avatar_width'] : $request->variable('avatar_gravatar_width', ''),
-			'AVATAR_GRAVATAR_HEIGHT' => (($row['avatar_type'] == $this->get_name() || $row['avatar_type'] == 'gravatar') && $row['avatar_height']) ? $row['avatar_height'] : $request->variable('avatar_gravatar_width', ''),
+			'AVATAR_GRAVATAR_HEIGHT' => (($row['avatar_type'] == $this->get_name() || $row['avatar_type'] == 'gravatar') && $row['avatar_height']) ? $row['avatar_height'] : $request->variable('avatar_gravatar_height', ''),
 			'AVATAR_GRAVATAR_EMAIL' => (($row['avatar_type'] == $this->get_name() || $row['avatar_type'] == 'gravatar') && $row['avatar']) ? $row['avatar'] : '',
 		));
 
@@ -175,7 +175,7 @@ class gravatar extends \phpbb\avatar\driver\driver
 		global $phpbb_dispatcher;
 
 		$url = self::GRAVATAR_URL;
-		$url .=  md5(strtolower(trim($row['avatar'])));
+		$url .= hash('sha256', strtolower(trim($row['avatar'])));
 
 		if ($row['avatar_width'] || $row['avatar_height'])
 		{

phpBB/phpbb/cache/driver/file.php

@@ -330,6 +330,27 @@ class file extends \phpbb\cache\driver\base
 		return $query_result;
 	}
 
+	/**
+	 * Cleanup when loading invalid data global file
+	 *
+	 * @param string $file Filename
+	 * @param resource $handle
+	 *
+	 * @return void
+	 */
+	private function cleanup_invalid_data_global(string $file, $handle): void
+	{
+		if (is_resource($handle))
+		{
+			fclose($handle);
+		}
+
+		$this->vars = $this->var_expires = [];
+		$this->is_modified = false;
+
+		$this->remove_file($file);
+	}
+
 	/**
 	* Read cached data from a specified file
 	*
@@ -372,14 +393,7 @@ class file extends \phpbb\cache\driver\base
 
 				if (!is_numeric($bytes) || ($bytes = (int) $bytes) === 0)
 				{
-					// We cannot process the file without a valid number of bytes
-					// so we discard it
-					fclose($handle);
-
-					$this->vars = $this->var_expires = array();
-					$this->is_modified = false;
-
-					$this->remove_file($file);
+					$this->cleanup_invalid_data_global($file, $handle);
 
 					return false;
 				}
@@ -392,9 +406,17 @@ class file extends \phpbb\cache\driver\base
 				}
 
 				$var_name = substr(fgets($handle), 0, -1);
+				$data_length = $bytes - strlen($var_name);
+
+				if ($data_length <= 0)
+				{
+					$this->cleanup_invalid_data_global($file, $handle);
+
+					return false;
+				}
 
 				// Read the length of bytes that consists of data.
-				$data = fread($handle, $bytes - strlen($var_name));
+				$data = fread($handle, $data_length);
 				$data = @unserialize($data);
 
 				// Don't use the data if it was invalid

phpBB/phpbb/cache/driver/redis.php

@@ -129,6 +129,10 @@ class redis extends \phpbb\cache\driver\memory
 	/**
 	* Store data in the cache
 	*
+	* For the info, see https://phpredis.github.io/phpredis/Redis.html#method_set,
+	* https://redis.io/docs/latest/commands/set/
+	* and https://redis.io/docs/latest/commands/expire/#appendix-redis-expires
+	*
 	* @access protected
 	* @param string $var Cache key
 	* @param mixed $data Data to store
@@ -137,11 +141,7 @@ class redis extends \phpbb\cache\driver\memory
 	*/
 	function _write($var, $data, $ttl = 2592000)
 	{
-		if ($ttl == 0)
-		{
-			return $this->redis->set($var, $data);
-		}
-		return $this->redis->setex($var, $ttl, $data);
+		return $this->redis->set($var, $data, ['EXAT' => time() + $ttl]);
 	}
 
 	/**

phpBB/phpbb/captcha/plugins/recaptcha_v3.php

@@ -359,6 +359,7 @@ class recaptcha_v3 extends captcha_abstract
 		if ($result->isSuccess())
 		{
 			$this->solved = true;
+			$this->confirm_code = $this->code;
 
 			return false;
 		}

phpBB/phpbb/console/command/fixup/update_hashes.php

@@ -100,7 +100,15 @@ class update_hashes extends \phpbb\console\command\command
 		while ($row = $this->db->sql_fetchrow($result))
 		{
 			$old_hash = preg_replace('/^\$CP\$/', '', $row['user_password']);
-			$new_hash = $this->passwords_manager->hash($old_hash, array($this->default_type));
+
+			// If stored hash type is unknown then it's md5 hash with no prefix
+			// First rehash it using $H$ as hash type identifier (salted_md5)
+			if (!$this->passwords_manager->detect_algorithm($old_hash))
+			{
+				$old_hash = $this->passwords_manager->hash($old_hash, '$H$');
+			}
+
+			$new_hash = $this->passwords_manager->hash($old_hash, [$this->default_type]);
 
 			$sql = 'UPDATE ' . USERS_TABLE . "
 					SET user_password = '" . $this->db->sql_escape($new_hash) . "'

phpBB/phpbb/console/command/reparser/reparse.php

@@ -92,6 +92,12 @@ class reparse extends \phpbb\console\command\command
 				InputOption::VALUE_NONE,
 				$this->user->lang('CLI_DESCRIPTION_REPARSER_REPARSE_OPT_DRY_RUN')
 			)
+			->addOption(
+				'force-bbcode-reparsing',
+				null,
+				InputOption::VALUE_NONE,
+				$this->user->lang('CLI_DESCRIPTION_REPARSER_REPARSE_OPT_FORCE_BBCODE')
+			)
 			->addOption(
 				'resume',
 				null,
@@ -222,13 +228,15 @@ class reparse extends \phpbb\console\command\command
 
 		// Start from $max and decrement $current by $size until we reach $min
 		$current = $max;
+
+		$force_bbcode_reparsing = (bool) $this->get_option('force-bbcode-reparsing');
 		while ($current >= $min)
 		{
 			$start = max($min, $current + 1 - $size);
 			$end   = max($min, $current);
 
 			$progress->setMessage($this->user->lang('CLI_REPARSER_REPARSE_REPARSING', $reparser->get_name(), $start, $end));
-			$reparser->reparse_range($start, $end);
+			$reparser->reparse_range($start, $end, $force_bbcode_reparsing);
 
 			$current = $start - 1;
 			$progress->setProgress($max + 1 - $start);

phpBB/phpbb/console/command/user/add.php

@@ -337,7 +337,7 @@ class add extends command
 
 			$sql_ary = [
 				'user_actkey'				=> $user_actkey,
-				'user_actkey_expiration'	=> \phpbb\user::get_token_expiration(),
+				'user_actkey_expiration'	=> user::get_token_expiration(),
 			];
 
 			$sql = 'UPDATE ' . USERS_TABLE . '

phpBB/phpbb/console/command/user/delete_id.php

@@ -0,0 +1,227 @@
+<?php
+/**
+ *
+ * This file is part of the phpBB Forum Software package.
+ *
+ * @copyright (c) phpBB Limited <https://www.phpbb.com>
+ * @license GNU General Public License, version 2 (GPL-2.0)
+ *
+ * For full copyright and license information, please see
+ * the docs/CREDITS.txt file.
+ *
+ */
+
+namespace phpbb\console\command\user;
+
+use phpbb\console\command\command;
+use phpbb\db\driver\driver_interface;
+use phpbb\language\language;
+use phpbb\log\log_interface;
+use phpbb\user;
+use phpbb\user_loader;
+use Symfony\Component\Console\Input\InputArgument;
+use Symfony\Component\Console\Input\InputInterface;
+use Symfony\Component\Console\Input\InputOption;
+use Symfony\Component\Console\Output\OutputInterface;
+use Symfony\Component\Console\Question\ConfirmationQuestion;
+use Symfony\Component\Console\Style\SymfonyStyle;
+
+class delete_id extends command
+{
+	/** @var driver_interface */
+	protected $db;
+
+	/** @var language */
+	protected $language;
+
+	/** @var log_interface */
+	protected $log;
+
+	/** @var user_loader */
+	protected $user_loader;
+
+	/** @var string Bots table */
+	protected $bots_table;
+
+	/** @var string User group table */
+	protected $user_group_table;
+
+	/** @var string Users table */
+	protected $users_table;
+
+	/** @var string phpBB root path */
+	protected $phpbb_root_path;
+
+	/** @var string PHP extension */
+	protected $php_ext;
+
+	/**
+	 * Construct method
+	 *
+	 * @param driver_interface $db
+	 * @param language         $language
+	 * @param log_interface    $log
+	 * @param user             $user
+	 * @param user_loader      $user_loader
+	 * @param string           $bots_table
+	 * @param string           $user_group_table
+	 * @param string           $users_table
+	 * @param string           $phpbb_root_path
+	 * @param string           $php_ext
+	 */
+	public function __construct(driver_interface $db, language $language, log_interface $log, user $user, user_loader $user_loader,
+								string $bots_table, string $user_group_table, string $users_table, string $phpbb_root_path, string $php_ext)
+	{
+		$this->db = $db;
+		$this->language = $language;
+		$this->log = $log;
+		$this->user_loader = $user_loader;
+		$this->bots_table = $bots_table;
+		$this->user_group_table = $user_group_table;
+		$this->users_table = $users_table;
+		$this->phpbb_root_path = $phpbb_root_path;
+		$this->php_ext = $php_ext;
+
+		$this->language->add_lang('acp/users');
+		parent::__construct($user);
+	}
+
+	/**
+	 * Sets the command name and description
+	 *
+	 * @return void
+	 */
+	protected function configure(): void
+	{
+		$this
+			->setName('user:delete_id')
+			->setDescription($this->language->lang('CLI_DESCRIPTION_USER_DELETE_ID'))
+			->addArgument(
+				'user_ids',
+				InputArgument::REQUIRED | InputArgument::IS_ARRAY,
+				$this->language->lang('CLI_DESCRIPTION_USER_DELETE_ID_OPTION_ID')
+			)
+			->addOption(
+				'delete-posts',
+				null,
+				InputOption::VALUE_NONE,
+				$this->language->lang('CLI_DESCRIPTION_USER_DELETE_OPTION_POSTS')
+			)
+		;
+	}
+
+	/**
+	 * Executes the command user:delete_ids
+	 *
+	 * Deletes a list of user ids from the database. An option to delete the users' posts
+	 * is available, by default posts will be retained.
+	 *
+	 * @param InputInterface  $input  The input stream used to get the options
+	 * @param OutputInterface $output The output stream, used to print messages
+	 *
+	 * @return int 0 if all is well, 1 if any errors occurred
+	 */
+	protected function execute(InputInterface $input, OutputInterface $output): int
+	{
+		$user_ids = $input->getArgument('user_ids');
+		$mode = ($input->getOption('delete-posts')) ? 'remove' : 'retain';
+		$deleted_users = 0;
+		$io = new SymfonyStyle($input, $output);
+
+		if (count($user_ids) > 0)
+		{
+			$this->user_loader->load_users($user_ids);
+
+			$progress = $this->create_progress_bar(count($user_ids), $io, $output);
+			$progress->setMessage($this->language->lang('CLI_USER_DELETE_ID_START'));
+			$progress->start();
+
+			foreach ($user_ids as $user_id)
+			{
+				$user_row = $this->user_loader->get_user($user_id);
+
+				// Skip anonymous user
+				if ($user_row['user_id'] == ANONYMOUS)
+				{
+					$progress->advance();
+					continue;
+				}
+				else if ($user_row['user_type'] == USER_IGNORE)
+				{
+					$this->delete_bot_user($user_row);
+				}
+				else
+				{
+					if (!function_exists('user_delete'))
+					{
+						require($this->phpbb_root_path . 'includes/functions_user.' . $this->php_ext);
+					}
+
+					user_delete($mode, $user_row['user_id'], $user_row['username']);
+
+					$this->log->add('admin', ANONYMOUS, '', 'LOG_USER_DELETED', false, array($user_row['username']));
+				}
+
+				$progress->advance();
+				$deleted_users++;
+			}
+
+			$progress->finish();
+
+			if ($deleted_users > 0)
+			{
+				$io->success($this->language->lang('CLI_USER_DELETE_ID_SUCCESS'));
+			}
+		}
+
+		if (!$deleted_users)
+		{
+			$io->note($this->language->lang('CLI_USER_DELETE_NONE'));
+		}
+
+		return 0;
+	}
+
+	/**
+	 * Interacts with the user.
+	 * Confirm they really want to delete the account...last chance!
+	 *
+	 * @param InputInterface  $input  An InputInterface instance
+	 * @param OutputInterface $output An OutputInterface instance
+	 */
+	protected function interact(InputInterface $input, OutputInterface $output): void
+	{
+		$helper = $this->getHelper('question');
+
+		$user_ids = $input->getArgument('user_ids');
+		if (count($user_ids) > 0)
+		{
+			$question = new ConfirmationQuestion(
+				$this->language->lang('CLI_USER_DELETE_ID_CONFIRM', implode(',', $user_ids)),
+				false
+			);
+
+			if (!$helper->ask($input, $output, $question))
+			{
+				$input->setArgument('user_ids', []);
+			}
+		}
+	}
+
+	/**
+	 * Deletes a bot user
+	 *
+	 * @param array $user_row
+	 * @return void
+	 */
+	protected function delete_bot_user(array $user_row): void
+	{
+		$delete_tables = [$this->bots_table, $this->user_group_table, $this->users_table];
+		foreach ($delete_tables as $table)
+		{
+			$sql = "DELETE FROM $table
+				WHERE user_id = " . (int) $user_row['user_id'];
+			$this->db->sql_query($sql);
+		}
+	}
+}

phpBB/phpbb/cron/task/core/update_hashes.php

@@ -107,7 +107,15 @@ class update_hashes extends \phpbb\cron\task\base
 			while ($row = $this->db->sql_fetchrow($result))
 			{
 				$old_hash = preg_replace('/^\$CP\$/', '', $row['user_password']);
-				$new_hash = $this->passwords_manager->hash($old_hash, array($this->default_type));
+
+				// If stored hash type is unknown then it's md5 hash with no prefix
+				// First rehash it using $H$ as hash type identifier (salted_md5)
+				if (!$this->passwords_manager->detect_algorithm($old_hash))
+				{
+					$old_hash = $this->passwords_manager->hash($old_hash, '$H$');
+				}
+
+				$new_hash = $this->passwords_manager->hash($old_hash, [$this->default_type]);
 
 				// Increase number so we know that users were selected from the database
 				$affected_rows++;

phpBB/phpbb/db/driver/mysqli.php

@@ -155,7 +155,9 @@ class mysqli extends \phpbb\db\driver\mysql_base
 		switch ($status)
 		{
 			case 'begin':
-				return @mysqli_autocommit($this->db_connect_id, false);
+				@mysqli_autocommit($this->db_connect_id, false);
+				$result = @mysqli_begin_transaction($this->db_connect_id);
+				return $result;
 			break;
 
 			case 'commit':

phpBB/phpbb/db/migration/data/v33x/v3313.php

@@ -0,0 +1,36 @@
+<?php
+/**
+ *
+ * This file is part of the phpBB Forum Software package.
+ *
+ * @copyright (c) phpBB Limited <https://www.phpbb.com>
+ * @license GNU General Public License, version 2 (GPL-2.0)
+ *
+ * For full copyright and license information, please see
+ * the docs/CREDITS.txt file.
+ *
+ */
+
+namespace phpbb\db\migration\data\v33x;
+
+class v3313 extends \phpbb\db\migration\migration
+{
+	public function effectively_installed()
+	{
+		return version_compare($this->config['version'], '3.3.13', '>=');
+	}
+
+	public static function depends_on()
+	{
+		return [
+			'\phpbb\db\migration\data\v33x\v3313rc1',
+		];
+	}
+
+	public function update_data()
+	{
+		return [
+			['config.update', ['version', '3.3.13']],
+		];
+	}
+}

phpBB/phpbb/db/migration/data/v33x/v3313rc1.php

@@ -0,0 +1,36 @@
+<?php
+/**
+ *
+ * This file is part of the phpBB Forum Software package.
+ *
+ * @copyright (c) phpBB Limited <https://www.phpbb.com>
+ * @license GNU General Public License, version 2 (GPL-2.0)
+ *
+ * For full copyright and license information, please see
+ * the docs/CREDITS.txt file.
+ *
+ */
+
+namespace phpbb\db\migration\data\v33x;
+
+class v3313rc1 extends \phpbb\db\migration\migration
+{
+	public function effectively_installed()
+	{
+		return version_compare($this->config['version'], '3.3.13-RC1', '>=');
+	}
+
+	public static function depends_on()
+	{
+		return [
+			'\phpbb\db\migration\data\v33x\v3312',
+		];
+	}
+
+	public function update_data()
+	{
+		return [
+			['config.update', ['version', '3.3.13-RC1']],
+		];
+	}
+}

phpBB/phpbb/db/migration/data/v33x/v3314.php

@@ -0,0 +1,36 @@
+<?php
+/**
+ *
+ * This file is part of the phpBB Forum Software package.
+ *
+ * @copyright (c) phpBB Limited <https://www.phpbb.com>
+ * @license GNU General Public License, version 2 (GPL-2.0)
+ *
+ * For full copyright and license information, please see
+ * the docs/CREDITS.txt file.
+ *
+ */
+
+namespace phpbb\db\migration\data\v33x;
+
+class v3314 extends \phpbb\db\migration\migration
+{
+	public function effectively_installed()
+	{
+		return version_compare($this->config['version'], '3.3.14', '>=');
+	}
+
+	public static function depends_on()
+	{
+		return [
+			'\phpbb\db\migration\data\v33x\v3314rc1',
+		];
+	}
+
+	public function update_data()
+	{
+		return [
+			['config.update', ['version', '3.3.14']],
+		];
+	}
+}

phpBB/phpbb/db/migration/data/v33x/v3314rc1.php

@@ -0,0 +1,36 @@
+<?php
+/**
+ *
+ * This file is part of the phpBB Forum Software package.
+ *
+ * @copyright (c) phpBB Limited <https://www.phpbb.com>
+ * @license GNU General Public License, version 2 (GPL-2.0)
+ *
+ * For full copyright and license information, please see
+ * the docs/CREDITS.txt file.
+ *
+ */
+
+namespace phpbb\db\migration\data\v33x;
+
+class v3314rc1 extends \phpbb\db\migration\migration
+{
+	public function effectively_installed()
+	{
+		return version_compare($this->config['version'], '3.3.14-RC1', '>=');
+	}
+
+	public static function depends_on()
+	{
+		return [
+			'\phpbb\db\migration\data\v33x\v3313',
+		];
+	}
+
+	public function update_data()
+	{
+		return [
+			['config.update', ['version', '3.3.14-RC1']],
+		];
+	}
+}

phpBB/phpbb/db/migration/tool/permission.php

@@ -435,15 +435,14 @@ class permission implements \phpbb\db\migration\tool\tool_interface
 		}
 		$this->db->sql_freeresult($result);
 
-		if (empty($new_auth))
+		$type = (string) $type; // Prevent PHP bug.
+		if (empty($new_auth) || !in_array($type, ['role','group']))
 		{
 			return;
 		}
 
 		$current_auth = array();
 
-		$type = (string) $type; // Prevent PHP bug.
-
 		switch ($type)
 		{
 			case 'role':
@@ -525,40 +524,32 @@ class permission implements \phpbb\db\migration\tool\tool_interface
 			break;
 		}
 
-		$sql_ary = array();
-		switch ($type)
+		$sql_ary = $auth_update_list = [];
+		$table = $type == 'role' ? ACL_ROLES_DATA_TABLE : ACL_GROUPS_TABLE;
+		foreach ($new_auth as $auth_option_id)
 		{
-			case 'role':
-				foreach ($new_auth as $auth_option_id)
-				{
-					if (!isset($current_auth[$auth_option_id]))
-					{
-						$sql_ary[] = array(
-							'role_id'			=> $role_id,
-							'auth_option_id'	=> $auth_option_id,
-							'auth_setting'		=> $has_permission,
-						);
-					}
-				}
+			if (!isset($current_auth[$auth_option_id]))
+			{
+				$sql_ary[] = [
+					$type . '_id'		=> ${$type . '_id'},
+					'auth_option_id'	=> $auth_option_id,
+					'auth_setting'		=> (int) $has_permission,
+				];
+			}
+			else
+			{
+				$auth_update_list[] = $auth_option_id;
+			}
+		}
+		$this->db->sql_multi_insert($table, $sql_ary);
 
-				$this->db->sql_multi_insert(ACL_ROLES_DATA_TABLE, $sql_ary);
-			break;
-
-			case 'group':
-				foreach ($new_auth as $auth_option_id)
-				{
-					if (!isset($current_auth[$auth_option_id]))
-					{
-						$sql_ary[] = array(
-							'group_id'			=> $group_id,
-							'auth_option_id'	=> $auth_option_id,
-							'auth_setting'		=> $has_permission,
-						);
-					}
-				}
-
-				$this->db->sql_multi_insert(ACL_GROUPS_TABLE, $sql_ary);
-			break;
+		if (count($auth_update_list))
+		{
+			$sql = 'UPDATE ' . $table . '
+				SET auth_setting = ' . (int) $has_permission . '
+				WHERE ' . $this->db->sql_in_set('auth_option_id', $auth_update_list) . '
+					AND ' . $type . '_id = ' .  (int) ${$type . '_id'};
+			$this->db->sql_query($sql);
 		}
 
 		$this->auth->acl_clear_prefetch();

phpBB/phpbb/extension/manager.php

@@ -31,6 +31,7 @@ class manager
 	protected $php_ext;
 	protected $extensions;
 	protected $extension_table;
+	protected $filesystem;
 	protected $phpbb_root_path;
 	protected $cache_name;
 

phpBB/phpbb/file_downloader.php

@@ -13,91 +13,116 @@
 
 namespace phpbb;
 
+use GuzzleHttp\Client;
+use GuzzleHttp\Exception\RequestException;
+use phpbb\exception\runtime_exception;
+
 class file_downloader
 {
+	const OK = 200;
+	const NOT_FOUND = 404;
+	const REQUEST_TIMEOUT = 408;
+
 	/** @var string Error string */
 	protected $error_string = '';
 
 	/** @var int Error number */
 	protected $error_number = 0;
 
+	/**
+	 * Create new guzzle client
+	 *
+	 * @param string $host
+	 * @param int $port
+	 * @param int $timeout
+	 *
+	 * @return Client
+	 */
+	protected function create_client(string $host, int $port = 443, int $timeout = 6): Client
+	{
+		// Only set URL scheme if not specified in URL
+		$url_parts = parse_url($host);
+		if (!isset($url_parts['scheme']))
+		{
+			$host = (($port === 443) ? 'https://' : 'http://') . $host;
+		}
+
+		// Initialize Guzzle client
+		return new Client([
+			'base_uri' => $host,
+			'timeout'  => $timeout,
+		]);
+	}
+
 	/**
 	 * Retrieve contents from remotely stored file
 	 *
-	 * @param string	$host			File host
-	 * @param string	$directory		Directory file is in
-	 * @param string	$filename		Filename of file to retrieve
-	 * @param int		$port			Port to connect to; default: 80
-	 * @param int		$timeout		Connection timeout in seconds; default: 6
+	 * @param string    $host            File host
+	 * @param string    $directory       Directory file is in
+	 * @param string    $filename        Filename of file to retrieve
+	 * @param int       $port            Port to connect to; default: 443
+	 * @param int       $timeout         Connection timeout in seconds; default: 6
 	 *
-	 * @return mixed File data as string if file can be read and there is no
-	 *			timeout, false if there were errors or the connection timed out
+	 * @return false|string File data as string if file can be read and there is no
+	 *         timeout, false if there were errors or the connection timed out
 	 *
-	 * @throws \phpbb\exception\runtime_exception If data can't be retrieved and no error
-	 *		message is returned
+	 * @throws runtime_exception If data can't be retrieved and no error
+	 *         message is returned
 	 */
-	public function get($host, $directory, $filename, $port = 80, $timeout = 6)
+	public function get(string $host, string $directory, string $filename, int $port = 443, int $timeout = 6)
 	{
+		// Initialize Guzzle client
+		$client = $this->create_client($host, $port, $timeout);
+
 		// Set default values for error variables
 		$this->error_number = 0;
 		$this->error_string = '';
 
-		if (function_exists('fsockopen') &&
-			$socket = @fsockopen(($port == 443 ? 'ssl://' : '') . $host, $port, $this->error_number, $this->error_string, $timeout)
-		)
+		try
 		{
-			@fputs($socket, "GET $directory/$filename HTTP/1.0\r\n");
-			@fputs($socket, "HOST: $host\r\n");
-			@fputs($socket, "Connection: close\r\n\r\n");
+			$response = $client->request('GET', "$directory/$filename");
 
-			$timer_stop = time() + $timeout;
-			stream_set_timeout($socket, $timeout);
-
-			$file_info = '';
-			$get_info = false;
-
-			while (!@feof($socket))
+			// Check if the response status code is 200 (OK)
+			if ($response->getStatusCode() == self::OK)
 			{
-				if ($get_info)
-				{
-					$file_info .= @fread($socket, 1024);
-				}
-				else
-				{
-					$line = @fgets($socket, 1024);
-					if ($line == "\r\n")
-					{
-						$get_info = true;
-					}
-					else if (stripos($line, '404 not found') !== false)
-					{
-						throw new \phpbb\exception\runtime_exception('FILE_NOT_FOUND', array($filename));
-					}
-				}
-
-				$stream_meta_data = stream_get_meta_data($socket);
-
-				if (!empty($stream_meta_data['timed_out']) || time() >= $timer_stop)
-				{
-					throw new \phpbb\exception\runtime_exception('FSOCK_TIMEOUT');
-				}
-			}
-			@fclose($socket);
-		}
-		else
-		{
-			if ($this->error_string)
-			{
-				$this->error_string = utf8_convert_message($this->error_string);
-				return false;
+				return $response->getBody()->getContents();
 			}
 			else
 			{
-				throw new \phpbb\exception\runtime_exception('FSOCK_DISABLED');
+				$this->error_number = $response->getStatusCode();
+				throw new runtime_exception('FILE_NOT_FOUND', [$filename]);
 			}
 		}
+		catch (RequestException $exception)
+		{
+			if ($exception->hasResponse())
+			{
+				$this->error_number = $exception->getResponse()->getStatusCode();
 
-		return $file_info;
+				if ($this->error_number == self::NOT_FOUND)
+				{
+					throw new runtime_exception('FILE_NOT_FOUND', [$filename]);
+				}
+			}
+			else
+			{
+				$this->error_number = self::REQUEST_TIMEOUT;
+				throw new runtime_exception('FSOCK_TIMEOUT');
+			}
+
+			$this->error_string = utf8_convert_message($exception->getMessage());
+			return false;
+		}
+		catch (runtime_exception $exception)
+		{
+			// Rethrow runtime_exceptions, only handle unknown cases below
+			throw $exception;
+		}
+		catch (\Throwable $exception)
+		{
+			$this->error_string = utf8_convert_message($exception->getMessage());
+			throw new runtime_exception('FSOCK_DISABLED');
+		}
 	}
 
 	/**
@@ -105,7 +130,7 @@ class file_downloader
 	 *
 	 * @return string Error string
 	 */
-	public function get_error_string()
+	public function get_error_string(): string
 	{
 		return $this->error_string;
 	}
@@ -115,7 +140,7 @@ class file_downloader
 	 *
 	 * @return int Error number
 	 */
-	public function get_error_number()
+	public function get_error_number(): int
 	{
 		return $this->error_number;
 	}

phpBB/phpbb/install/module/install_finish/task/install_extensions.php

@@ -144,7 +144,7 @@ class install_extensions extends \phpbb\install\task_base
 				if (isset($extensions[$ext_name]) && $extensions[$ext_name]['ext_active'])
 				{
 					// Create log
-					$this->log->add('admin', ANONYMOUS, '', 'LOG_EXT_ENABLE', time(), array($ext_name));
+					$this->log->add('admin', ANONYMOUS, $this->user->ip, 'LOG_EXT_ENABLE', time(), array($ext_name));
 					$this->iohandler->add_success_message(array('CLI_EXTENSION_ENABLE_SUCCESS', $ext_name));
 				}
 				else

phpBB/phpbb/install/module/update_database/task/update_extensions.php

@@ -174,7 +174,7 @@ class update_extensions extends task_base
 						if (isset($extensions[$ext_name]) && $extensions[$ext_name]['ext_active'])
 						{
 							// Create log
-							$this->log->add('admin', ANONYMOUS, '', 'LOG_EXT_UPDATE', time(), array($ext_name));
+							$this->log->add('admin', ANONYMOUS, $this->user->ip, 'LOG_EXT_UPDATE', time(), array($ext_name));
 							$this->iohandler->add_success_message(array('CLI_EXTENSION_UPDATE_SUCCESS', $ext_name));
 						}
 						else

phpBB/phpbb/path_helper.php

@@ -223,13 +223,13 @@ class path_helper
 		*
 		* The referer must be specified as a parameter in the query.
 		*/
-		if ($this->request->is_ajax() && $this->symfony_request->get('_referer'))
+		if ($this->request->is_ajax() && $this->request->header('Referer'))
 		{
 			// We need to escape $absolute_board_url because it can be partially concatenated to the result.
 			$absolute_board_url = $this->request->escape($this->symfony_request->getSchemeAndHttpHost() . $this->symfony_request->getBasePath(), true);
 
 			$referer_web_root_path = $this->get_web_root_path_from_ajax_referer(
-				$this->symfony_request->get('_referer'),
+				$this->request->header('Referer'),
 				$absolute_board_url
 			);
 			return $this->web_root_path = $referer_web_root_path;

phpBB/phpbb/search/fulltext_native.php

@@ -299,7 +299,11 @@ class fulltext_native extends \phpbb\search\base
 		);
 
 		$keywords = preg_replace($match, $replace, $keywords);
-		$num_keywords = count(explode(' ', $keywords));
+
+		// Ensure a space exists before +, - and | to make the split and count work correctly
+		$countable_keywords = preg_replace('/(?<!\s)(\+|\-|\|)/', ' $1', $keywords);
+
+		$num_keywords = count(explode(' ', $countable_keywords));
 
 		// We limit the number of allowed keywords to minimize load on the database
 		if ($this->config['max_num_search_keywords'] && $num_keywords > $this->config['max_num_search_keywords'])

phpBB/phpbb/session.php

@@ -441,7 +441,7 @@ class session
 						$this->check_ban_for_current_session($config);
 
 						// Update user last active time accordingly, but in a minute or so
-						if ((int) $this->data['session_time'] - (int) $this->data['user_last_active'] > 60)
+						if ($this->time_now - (int) $this->data['user_last_active'] > 60)
 						{
 							$this->update_last_active_time();
 						}
@@ -819,7 +819,7 @@ class session
 				// Update the form key
 				$sql = 'UPDATE ' . USERS_TABLE . '
 					SET user_form_salt = \'' . $db->sql_escape($this->data['user_form_salt']) . '\',
-						user_last_active = ' . (int) $this->data['session_time'] . '
+						user_last_active = ' . (int) $this->time_now . '
 					WHERE user_id = ' . (int) $this->data['user_id'];
 				$db->sql_query($sql);
 			}
@@ -964,8 +964,8 @@ class session
 		}
 
 		/**
-		 * Get most recent session for each registered user to sync user last visit with it
-		 * Inner SELECT gets most recent sessions for each unique session_user_id
+		 * Get expired sessions for registered users, only most recent for each user
+		 * Inner SELECT gets most recent expired sessions for unique session_user_id
 		 * Outer SELECT gets data for them
 		 */
 		$sql_select = 'SELECT s1.session_page, s1.session_user_id, s1.session_time AS recent_time
@@ -973,7 +973,8 @@ class session
 			INNER JOIN (
 				SELECT session_user_id, MAX(session_time) AS recent_time
 				FROM ' . SESSIONS_TABLE . '
-				WHERE session_user_id <> ' . ANONYMOUS . '
+				WHERE session_time < ' . ($this->time_now - (int) $config['session_length']) . '
+					AND session_user_id <> ' . ANONYMOUS . '
 				GROUP BY session_user_id
 			) AS s2
 			ON s1.session_user_id = s2.session_user_id
@@ -1812,7 +1813,7 @@ class session
 		{
 			$sql = 'UPDATE ' . USERS_TABLE . '
 				SET user_lastvisit = ' . (int) $this->data['session_time'] . ',
-					user_last_active = ' . (int) $this->data['session_time'] . '
+					user_last_active = ' . $this->time_now . '
 				WHERE user_id = ' . (int) $this->data['user_id'];
 			$db->sql_query($sql);
 		}
@@ -1827,10 +1828,10 @@ class session
 	{
 		global $db;
 
-		if (isset($this->data['session_time'], $this->data['user_id']))
+		if (isset($this->time_now, $this->data['user_id']))
 		{
 			$sql = 'UPDATE ' . USERS_TABLE . '
-				SET user_last_active = ' . (int) $this->data['session_time'] . '
+				SET user_last_active = ' . $this->time_now . '
 				WHERE user_id = ' . (int) $this->data['user_id'];
 			$db->sql_query($sql);
 		}

phpBB/phpbb/textreparser/base.php

@@ -216,11 +216,11 @@ abstract class base implements reparser_interface
 	/**
 	* {@inheritdoc}
 	*/
-	public function reparse_range($min_id, $max_id)
+	public function reparse_range($min_id, $max_id, bool $force_bbcode_reparsing = false)
 	{
 		foreach ($this->get_records_by_range($min_id, $max_id) as $record)
 		{
-			$this->reparse_record($record);
+			$this->reparse_record($record, $force_bbcode_reparsing);
 		}
 	}
 
@@ -228,16 +228,17 @@ abstract class base implements reparser_interface
 	* Reparse given record
 	*
 	* @param array $record Associative array containing the record's data
+	* @param bool $force_bbcode_reparsing Flag indicating if BBCode should be reparsed unconditionally
 	*/
-	protected function reparse_record(array $record)
+	protected function reparse_record(array $record, bool $force_bbcode_reparsing = false)
 	{
 		// Guess magic URL state based on actual record content before adding fields
 		$record['enable_magic_url'] = $this->guess_magic_url($record);
 		$record = $this->add_missing_fields($record);
 
-		$flags = ($record['enable_bbcode']) ? OPTION_FLAG_BBCODE : 0;
-		$flags |= ($record['enable_smilies']) ? OPTION_FLAG_SMILIES : 0;
-		$flags |= ($record['enable_magic_url']) ? OPTION_FLAG_LINKS : 0;
+		$flags = ($record['enable_bbcode'] || $force_bbcode_reparsing) ? OPTION_FLAG_BBCODE : 0;
+		$flags |= ($record['enable_smilies'] || $force_bbcode_reparsing) ? OPTION_FLAG_SMILIES : 0;
+		$flags |= ($record['enable_magic_url'] || $force_bbcode_reparsing) ? OPTION_FLAG_LINKS : 0;
 		$unparsed = array_merge(
 			$record,
 			generate_text_for_edit($record['text'], $record['bbcode_uid'], $flags)
@@ -252,13 +253,13 @@ abstract class base implements reparser_interface
 			$unparsed['bbcode_uid'],
 			$bitfield,
 			$flags,
-			$unparsed['enable_bbcode'],
-			$unparsed['enable_magic_url'],
-			$unparsed['enable_smilies'],
-			$unparsed['enable_img_bbcode'],
+			$unparsed['enable_bbcode'] || $force_bbcode_reparsing,
+			$unparsed['enable_magic_url'] || $force_bbcode_reparsing,
+			$unparsed['enable_smilies'] || $force_bbcode_reparsing,
+			$unparsed['enable_img_bbcode'] || $force_bbcode_reparsing,
 			$unparsed['enable_flash_bbcode'],
-			$unparsed['enable_quote_bbcode'],
-			$unparsed['enable_url_bbcode'],
+			$unparsed['enable_quote_bbcode'] || $force_bbcode_reparsing,
+			$unparsed['enable_url_bbcode'] || $force_bbcode_reparsing,
 			'text_reparser.' . $this->get_name()
 		);
 

phpBB/phpbb/textreparser/reparser_interface.php

@@ -41,6 +41,7 @@ interface reparser_interface
 	*
 	* @param integer $min_id Lower bound
 	* @param integer $max_id Upper bound
+	* @param bool $force_bbcode_reparsing Flag indicating if BBCode should be reparsed unconditionally
 	*/
-	public function reparse_range($min_id, $max_id);
+	public function reparse_range($min_id, $max_id, bool $force_bbcode_reparsing = false);
 }

phpBB/phpbb/ucp/controller/delete_cookies.php

@@ -0,0 +1,134 @@
+<?php
+/**
+ *
+ * This file is part of the phpBB Forum Software package.
+ *
+ * @copyright (c) phpBB Limited <https://www.phpbb.com>
+ * @license GNU General Public License, version 2 (GPL-2.0)
+ *
+ * For full copyright and license information, please see
+ * the docs/CREDITS.txt file.
+ *
+ */
+
+namespace phpbb\ucp\controller;
+
+use phpbb\config\config;
+use phpbb\event\dispatcher_interface;
+use phpbb\language\language;
+use phpbb\request\request_interface;
+use phpbb\user;
+
+class delete_cookies
+{
+	/** @var config */
+	private $config;
+
+	/** @var dispatcher_interface */
+	private $dispatcher;
+
+	/** @var language */
+	private $language;
+
+	/** @var request_interface */
+	private $request;
+
+	/** @var user */
+	private $user;
+
+	/** @var string phpBB root path */
+	private $phpbb_root_path;
+
+	/** @var string PHP extension */
+	private $php_ext;
+
+	/**
+	 * Constructor for delete_cookies controller
+	 *
+	 * @param config $config
+	 * @param dispatcher_interface $dispatcher
+	 * @param language $language
+	 * @param request_interface $request
+	 * @param user $user
+	 */
+	public function __construct(config $config, dispatcher_interface $dispatcher, language $language, request_interface $request, user $user, string $phpbb_root_path, string $php_ext)
+	{
+		$this->config = $config;
+		$this->dispatcher = $dispatcher;
+		$this->language = $language;
+		$this->request = $request;
+		$this->user = $user;
+		$this->phpbb_root_path = $phpbb_root_path;
+		$this->php_ext = $php_ext;
+	}
+
+	/**
+	 * Handle delete cookies requests
+	 *
+	 * @return void
+	 */
+	public function handle()
+	{
+		$this->language->add_lang(['ucp']);
+
+		// Delete Cookies with dynamic names (do NOT delete poll cookies)
+		if (confirm_box(true))
+		{
+			$set_time = time() - 31536000;
+
+			foreach ($this->request->variable_names(request_interface::COOKIE) as $cookie_name)
+			{
+				// Only delete board cookies
+				if (strpos($cookie_name, $this->config['cookie_name'] . '_') !== 0)
+				{
+					continue;
+				}
+
+				$cookie_name = str_replace($this->config['cookie_name'] . '_', '', $cookie_name);
+
+				/**
+				 * Event to save custom cookies from deletion
+				 *
+				 * @event core.ucp_delete_cookies
+				 * @var	string	cookie_name		Cookie name to checking
+				 * @var	bool	retain_cookie	Do we retain our cookie or not, true if retain
+				 * @since 3.1.3-RC1
+				 * @changed 3.3.13-RC1 Moved to new delete_cookies controller
+				 */
+				$retain_cookie = false;
+				$vars = ['cookie_name', 'retain_cookie'];
+				extract($this->dispatcher->trigger_event('core.ucp_delete_cookies', compact($vars)));
+				if ($retain_cookie)
+				{
+					continue;
+				}
+
+				// Polls are stored as {cookie_name}_poll_{topic_id}, cookie_name_ got removed, therefore checking for poll_
+				if (strpos($cookie_name, 'poll_') !== 0)
+				{
+					$this->user->set_cookie($cookie_name, '', $set_time);
+				}
+			}
+
+			$this->user->set_cookie('track', '', $set_time);
+			$this->user->set_cookie('u', '', $set_time);
+			$this->user->set_cookie('k', '', $set_time);
+			$this->user->set_cookie('sid', '', $set_time);
+
+			// We destroy the session here, the user will be logged out nevertheless
+			$this->user->session_kill();
+			$this->user->session_begin();
+
+			meta_refresh(3, append_sid("{$this->phpbb_root_path}index.$this->php_ext"));
+
+			$message = $this->language->lang('COOKIES_DELETED') . '<br><br>' . $this->language->lang('RETURN_INDEX', '<a href="' . append_sid("{$this->phpbb_root_path}index.$this->php_ext") . '">', '</a>');
+			trigger_error($message);
+		}
+		else
+		{
+			confirm_box(false, 'DELETE_COOKIES', '');
+		}
+
+		redirect(append_sid("{$this->phpbb_root_path}index.$this->php_ext"));
+	}
+}

phpBB/posting.php

@@ -848,6 +848,7 @@ if ($save && $user->data['is_registered'] && $auth->acl_get('u_savedrafts') && (
 				'disable_smilies'	=> false,
 				'disable_magic_url'	=> false,
 				'attach_sig'		=> true,
+				'notify'			=> false,
 				'lock_topic'		=> false,
 
 				'topic_type'		=> POST_NORMAL,
@@ -1966,7 +1967,7 @@ $page_data = array(
 	'S_BBCODE_CHECKED'			=> ($bbcode_checked) ? ' checked="checked"' : '',
 	'S_SMILIES_ALLOWED'			=> $smilies_status,
 	'S_SMILIES_CHECKED'			=> ($smilies_checked) ? ' checked="checked"' : '',
-	'S_SIG_ALLOWED'				=> ($auth->acl_get('f_sigs', $forum_id) && $config['allow_sig'] && $user->data['is_registered']) ? true : false,
+	'S_SIG_ALLOWED'				=> ($user->data['is_registered'] && $config['allow_sig'] && $auth->acl_get('f_sigs', $forum_id) && $auth->acl_get('u_sig')) ? true : false,
 	'S_SIGNATURE_CHECKED'		=> ($sig_checked) ? ' checked="checked"' : '',
 	'S_NOTIFY_ALLOWED'			=> (!$user->data['is_registered'] || ($mode == 'edit' && $user->data['user_id'] != $post_data['poster_id']) || !$config['allow_topic_notify'] || !$config['email_enable']) ? false : true,
 	'S_NOTIFY_CHECKED'			=> ($notify_checked) ? ' checked="checked"' : '',

phpBB/search.php

@@ -90,8 +90,21 @@ switch ($search_id)
 	break;
 }
 
+$search_auth_check_override = false;
+/**
+* This event allows you to override search auth checks
+*
+* @event core.search_auth_check_override
+* @var	bool	search_auth_check_override	Whether or not the search auth check overridden
+* @since 3.3.14-RC1
+*/
+$vars = [
+	'search_auth_check_override',
+];
+extract($phpbb_dispatcher->trigger_event('core.search_auth_check_override', compact($vars)));
+
 // Is user able to search? Has search been disabled?
-if (!$auth->acl_get('u_search') || !$auth->acl_getf_global('f_search') || !$config['load_search'])
+if (!$search_auth_check_override && (!$auth->acl_get('u_search') || !$auth->acl_getf_global('f_search') || !$config['load_search']))
 {
 	$template->assign_var('S_NO_SEARCH', true);
 	trigger_error('NO_SEARCH');

phpBB/styles/prosilver/style.cfg

@@ -21,8 +21,8 @@
 # General Information about this style
 name = prosilver
 copyright = © phpBB Limited, 2007
-style_version = 3.3.12
-phpbb_version = 3.3.12
+style_version = 3.3.14
+phpbb_version = 3.3.14
 
 # Defining a different template bitfield
 # template_bitfield = //g=

phpBB/styles/prosilver/template/ajax.js

@@ -337,30 +337,6 @@ $('[data-ajax]').each(function() {
 	}
 });
 
-// Prevent accidental double submission of form
-$('[data-prevent-flood] input[type=submit]').click(function(event) {
-	const $submitButton = $(this); // Store the button element
-	const $form = $submitButton.closest('form');
-
-	// Always add the disabled class for visual feedback
-	$submitButton.addClass('disabled');
-
-	// Submit form if it hasn't been submitted yet
-	if (!$form.prop('data-form-submitted')) {
-		$form.prop('data-form-submitted', true);
-
-		return;
-	}
-
-	// Prevent default submission for subsequent clicks within 5 seconds
-	event.preventDefault();
-
-	setTimeout(() => {
-		$form.prop('removeProp', 'data-form-submitted');
-		$submitButton.removeClass('disabled'); // Re-enable after 5 seconds
-	}, 5000);
-});
-
 /**
  * This simply appends #preview to the action of the
  * QR action when you click the Full Editor & Preview button

phpBB/styles/prosilver/template/bbcode.html

@@ -38,11 +38,11 @@
 				<xsl:value-of select="$L_COLON"/>
 				<xsl:if test="@post_url">
 					<xsl:text> </xsl:text>
-					<a href="{@post_url}" data-post-id="{@post_id}" onclick="if(document.getElementById(hash.substr(1)))href=hash">&#8593;</a>
+					<a href="{@post_url}" aria-label="{L_VIEW_QUOTED_POST}" data-post-id="{@post_id}" onclick="if(document.getElementById(hash.substr(1)))href=hash"><i class="icon fa-arrow-circle-up fa-fw" aria-hidden="true"></i></a>
 				</xsl:if>
 				<xsl:if test="@msg_url">
 					<xsl:text> </xsl:text>
-					<a href="{@msg_url}" data-msg-id="{@msg_id}">&#8593;</a>
+					<a href="{@msg_url}" aria-label="{L_VIEW_QUOTED_POST}" data-msg-id="{@msg_id}"><i class="icon fa-arrow-circle-up fa-fw" aria-hidden="true"></i></a>
 				</xsl:if>
 				<xsl:if test="@date">
 					<span class="responsive-hide"><xsl:value-of select="@date"/></span>

phpBB/styles/prosilver/template/forum_fn.js

@@ -329,17 +329,6 @@ function parseDocument($container) {
 		}, 100);
 	});
 
-	/**
-	* Adjust HTML code for IE8 and older versions
-	*/
-	// if (oldBrowser) {
-	// 	// Fix .linklist.bulletin lists
-	// 	$container
-	// 		.find('ul.linklist.bulletin > li')
-	// 		.filter(':first-child, .rightside:last-child')
-	// 		.addClass('no-bulletin');
-	// }
-
 	/**
 	* Resize navigation (breadcrumbs) block to keep all links on same line
 	*/

phpBB/styles/prosilver/template/mcp_post.html

@@ -78,6 +78,7 @@
 		<p class="author"><span><i class="icon fa-file fa-fw icon-lightgray icon-md" aria-hidden="true"></i><span class="sr-only">{MINI_POST_IMG}</span></span> {L_POSTED} {L_POST_BY_AUTHOR} {POST_AUTHOR_FULL} &raquo; {POST_DATE}</p>
 		<!-- ENDIF -->
 
+		{% if S_CAN_APPROVE %}
 		<!-- IF S_POST_UNAPPROVED -->
 			<form method="post" id="mcp_approve" action="{U_APPROVE_ACTION}">
 
@@ -101,6 +102,7 @@
 			</p>
 			</form>
 		<!-- ENDIF -->
+		{% endif %}
 
 		{% if S_POST_REPORTED and not S_MCP_REPORT %}
 			<p class="post-notice reported">

phpBB/styles/prosilver/template/memberlist_view.html

@@ -9,7 +9,7 @@
 	<div class="inner">
 
 	<!-- IF AVATAR_IMG -->
-		<dl class="left-box">
+		<dl class="left-box avatar-rank-container">
 			<dt class="profile-avatar">{AVATAR_IMG}</dt>
 			<!-- EVENT memberlist_view_rank_avatar_before -->
 			<!-- IF RANK_TITLE --><dd style="text-align: center;">{RANK_TITLE}</dd><!-- ENDIF -->

phpBB/styles/prosilver/template/posting_editor.html

@@ -100,7 +100,7 @@
 	<!-- IF not S_SHOW_DRAFTS and not $SIG_EDIT eq 1 -->
 	<div class="panel bg2">
 		<div class="inner">
-		<fieldset class="submit-buttons" data-prevent-flood>
+		<fieldset class="submit-buttons">
 			{S_HIDDEN_ADDRESS_FIELD}
 			{S_HIDDEN_FIELDS}
 			<!-- EVENT posting_editor_submit_buttons -->

phpBB/styles/prosilver/template/posting_pm_header.html

@@ -31,7 +31,11 @@
 					<ul class="recipients">
 						<!-- BEGIN to_recipient -->
 						<li>
-							<!-- IF not S_EDIT_POST --><input type="submit" name="remove_{to_recipient.TYPE}[{to_recipient.UG_ID}]" value="x" class="button2" /><!-- ENDIF -->
+							<!-- IF not S_EDIT_POST -->
+								<button type="submit" name="remove_{to_recipient.TYPE}[{to_recipient.UG_ID}]">
+									<i class="icon fa-times icon-red" aria-hidden="true"></i><span class="sr-only">{L_REMOVE}</span>
+								</button>
+							<!-- ENDIF -->
 							<!-- IF to_recipient.IS_GROUP --><a href="{to_recipient.U_VIEW}" style="color: {{ to_recipient.COLOUR }}"><strong>{to_recipient.NAME}</strong></a><!-- ELSE -->{to_recipient.NAME_FULL}<!-- ENDIF -->
 						</li>
 						<!-- END to_recipient -->
@@ -48,7 +52,11 @@
 					<ul class="recipients">
 						<!-- BEGIN bcc_recipient -->
 						<li>
-							<!-- IF not S_EDIT_POST --><input type="submit" name="remove_{bcc_recipient.TYPE}[{bcc_recipient.UG_ID}]" value="x" class="button2" /><!-- ENDIF -->
+							<!-- IF not S_EDIT_POST -->
+								<button type="submit" name="remove_{bcc_recipient.TYPE}[{bcc_recipient.UG_ID}]">
+									<i class="icon fa-times icon-red" aria-hidden="true"></i><span class="sr-only">{L_REMOVE}</span>
+								</button>
+							<!-- ENDIF -->
 							<!-- IF bcc_recipient.IS_GROUP --><a href="{bcc_recipient.U_VIEW}" style="color: {{ bcc_recipient.COLOUR }}"><strong>{bcc_recipient.NAME}</strong></a><!-- ELSE -->{bcc_recipient.NAME_FULL}<!-- ENDIF -->
 						</li>
 						<!-- END bcc_recipient -->
@@ -69,8 +77,12 @@
 						<ul class="recipients">
 							<!-- BEGIN to_recipient -->
 							<li>
-								<!-- IF to_recipient.IS_GROUP --><a href="{to_recipient.U_VIEW}"><strong>{to_recipient.NAME}</strong></a><!-- ELSE -->{to_recipient.NAME_FULL}<!-- ENDIF -->&nbsp;
-								<!-- IF not S_EDIT_POST --><input type="submit" name="remove_{to_recipient.TYPE}[{to_recipient.UG_ID}]" value="x" class="button2" /><!-- ENDIF -->
+								<!-- IF not S_EDIT_POST -->
+									<button type="submit" name="remove_{to_recipient.TYPE}[{to_recipient.UG_ID}]">
+										<i class="icon fa-times icon-red" aria-hidden="true"></i><span class="sr-only">{L_REMOVE}</span>
+									</button>
+								<!-- ENDIF -->
+								<!-- IF to_recipient.IS_GROUP --><a href="{to_recipient.U_VIEW}"><strong>{to_recipient.NAME}</strong></a><!-- ELSE -->{to_recipient.NAME_FULL}<!-- ENDIF -->
 							</li>
 							<!-- END to_recipient -->
 						</ul>

phpBB/styles/prosilver/template/ucp_groups_manage.html

@@ -52,6 +52,7 @@
 	<h3>{L_GROUP_SETTINGS_SAVE}</h3>
 
 	<fieldset>
+	<!-- EVENT ucp_group_settings_before -->
 	<dl>
 		<dt><label for="group_colour">{L_GROUP_COLOR}{L_COLON}</label><br /><span>{L_GROUP_COLOR_EXPLAIN}</span></dt>
 		<dd>
@@ -65,6 +66,7 @@
 		<dt><label for="group_rank">{L_GROUP_RANK}{L_COLON}</label></dt>
 		<dd><select name="group_rank" id="group_rank">{S_RANK_OPTIONS}</select></dd>
 	</dl>
+	<!-- EVENT ucp_group_settings_after -->
 	</fieldset>
 
 	</div>

phpBB/styles/prosilver/template/ucp_pm_viewmessage.html

@@ -22,7 +22,7 @@
 <!-- ENDIF -->
 
 
-<div id="post-{MESSAGE_ID}" class="post pm has-profile<!-- IF S_POST_UNAPPROVED or S_POST_REPORTED --> reported<!-- ENDIF --><!-- IF S_ONLINE --> online<!-- ENDIF -->">
+<div id="post-{MESSAGE_ID}" class="post pm has-profile<!-- IF S_ONLINE --> online<!-- ENDIF -->">
 <div class="inner">
 
 	<dl class="postprofile" id="profile{MESSAGE_ID}">

phpBB/styles/prosilver/template/ucp_prefs_post.html

@@ -23,6 +23,7 @@
 			<label for="smilies0"><input type="radio" name="smilies" id="smilies0" value="0"<!-- IF not S_SMILIES --> checked="checked"<!-- ENDIF --> /> {L_NO}</label>
 		</dd>
 	</dl>
+	{% if S_SIG_ALLOWED %}
 	<dl>
 		<dt><label for="sig1">{L_DEFAULT_ADD_SIG}{L_COLON}</label></dt>
 		<dd>
@@ -30,6 +31,7 @@
 			<label for="sig0"><input type="radio" name="sig" id="sig0" value="0"<!-- IF not S_SIG --> checked="checked"<!-- ENDIF --> /> {L_NO}</label>
 		</dd>
 	</dl>
+	{% endif %}
 	<dl>
 		<dt><label for="notify1">{L_DEFAULT_NOTIFY}{L_COLON}</label></dt>
 		<dd>

phpBB/styles/prosilver/theme/common.css

@@ -731,6 +731,10 @@ table.info tbody th {
 	max-width: 100%;
 }
 
+.avatar-rank-container {
+	max-width: 20%;
+}
+
 .left-box.profile-details {
 	width: 80%;
 }
@@ -780,12 +784,6 @@ fieldset.fields1 dd.recipients {
 	margin-left: 1em;
 }
 
-fieldset.fields1 ul.recipients  input.button2 {
-	font-size: 0.8em;
-	margin-right: 0;
-	padding: 0;
-}
-
 fieldset.fields1 dl.pmlist > dt {
 	width: auto !important;
 }

phpBB/styles/prosilver/theme/responsive.css

@@ -412,6 +412,10 @@
 		clear: both;
 	}
 
+	.avatar-rank-container {
+		max-width: 100%;
+	}
+
 	/* Polls
 	----------------------------------------*/
 	fieldset.polls dt {

phpBB/styles/prosilver/theme/stylesheet.css

@@ -10,7 +10,7 @@
 @import url("normalize.css?hash=48eb3f89");
 @import url("base.css?hash=7c5543be");
 @import url("utilities.css?hash=d8f72c42");
-@import url("common.css?hash=a9741ba1");
+@import url("common.css?hash=843d5d5f");
 @import url("links.css?hash=18286e16");
 @import url("content.css?hash=d0e24377");
 @import url("buttons.css?hash=56f0d25f");
@@ -18,4 +18,4 @@
 @import url("forms.css?hash=9016b55c");
 @import url("icons.css?hash=64da33ce");
 @import url("colours.css?hash=fcb2f289");
-@import url("responsive.css?hash=91525545");
+@import url("responsive.css?hash=c9d32cba");

phpBB/ucp.php

@@ -154,68 +154,11 @@ switch ($mode)
 	break;
 
 	case 'delete_cookies':
+		/** @var \phpbb\controller\helper $controller_helper */
+		$controller_helper = $phpbb_container->get('controller.helper');
 
-		// Delete Cookies with dynamic names (do NOT delete poll cookies)
-		if (confirm_box(true))
-		{
-			$set_time = time() - 31536000;
-
-			foreach ($request->variable_names(\phpbb\request\request_interface::COOKIE) as $cookie_name)
-			{
-				$cookie_data = $request->variable($cookie_name, '', true, \phpbb\request\request_interface::COOKIE);
-
-				// Only delete board cookies, no other ones...
-				if (strpos($cookie_name, $config['cookie_name'] . '_') !== 0)
-				{
-					continue;
-				}
-
-				$cookie_name = str_replace($config['cookie_name'] . '_', '', $cookie_name);
-
-				/**
-				* Event to save custom cookies from deletion
-				*
-				* @event core.ucp_delete_cookies
-				* @var	string	cookie_name		Cookie name to checking
-				* @var	bool	retain_cookie	Do we retain our cookie or not, true if retain
-				* @since 3.1.3-RC1
-				*/
-				$retain_cookie = false;
-				$vars = array('cookie_name', 'retain_cookie');
-				extract($phpbb_dispatcher->trigger_event('core.ucp_delete_cookies', compact($vars)));
-				if ($retain_cookie)
-				{
-					continue;
-				}
-
-				// Polls are stored as {cookie_name}_poll_{topic_id}, cookie_name_ got removed, therefore checking for poll_
-				if (strpos($cookie_name, 'poll_') !== 0)
-				{
-					$user->set_cookie($cookie_name, '', $set_time);
-				}
-			}
-
-			$user->set_cookie('track', '', $set_time);
-			$user->set_cookie('u', '', $set_time);
-			$user->set_cookie('k', '', $set_time);
-			$user->set_cookie('sid', '', $set_time);
-
-			// We destroy the session here, the user will be logged out nevertheless
-			$user->session_kill();
-			$user->session_begin();
-
-			meta_refresh(3, append_sid("{$phpbb_root_path}index.$phpEx"));
-
-			$message = $user->lang['COOKIES_DELETED'] . '<br /><br />' . sprintf($user->lang['RETURN_INDEX'], '<a href="' . append_sid("{$phpbb_root_path}index.$phpEx") . '">', '</a>');
-			trigger_error($message);
-		}
-		else
-		{
-			confirm_box(false, 'DELETE_COOKIES', '');
-		}
-
-		redirect(append_sid("{$phpbb_root_path}index.$phpEx"));
-
+		// Redirect to controller
+		redirect($controller_helper->route('phpbb_ucp_delete_cookies_controller'));
 	break;
 
 	case 'switch_perm':

phpBB/viewforum.php

@@ -47,27 +47,45 @@ if (!$forum_id)
 	trigger_error('NO_FORUM');
 }
 
-$sql_from = FORUMS_TABLE . ' f';
+$sql_ary = [
+	'SELECT'	=> 'f.*',
+	'FROM'		=> [
+		FORUMS_TABLE		=> 'f',
+	],
+	'WHERE'		=> 'f.forum_id = ' . $forum_id,
+];
+
 $lastread_select = '';
 
 // Grab appropriate forum data
 if ($config['load_db_lastread'] && $user->data['is_registered'])
 {
-	$sql_from .= ' LEFT JOIN ' . FORUMS_TRACK_TABLE . ' ft ON (ft.user_id = ' . $user->data['user_id'] . '
-		AND ft.forum_id = f.forum_id)';
-	$lastread_select .= ', ft.mark_time';
+	$sql_ary['LEFT_JOIN'][] = [
+		'FROM' => [FORUMS_TRACK_TABLE => 'ft'],
+		'ON' => 'ft.user_id = ' . $user->data['user_id'] . ' AND ft.forum_id = f.forum_id',
+	];
+	$sql_ary['SELECT'] .= ', ft.mark_time';
 }
 
 if ($user->data['is_registered'])
 {
-	$sql_from .= ' LEFT JOIN ' . FORUMS_WATCH_TABLE . ' fw ON (fw.forum_id = f.forum_id AND fw.user_id = ' . $user->data['user_id'] . ')';
-	$lastread_select .= ', fw.notify_status';
+	$sql_ary['LEFT_JOIN'][] = [
+		'FROM' => [FORUMS_WATCH_TABLE => 'fw'],
+		'ON' => 'fw.forum_id = f.forum_id AND fw.user_id = ' . $user->data['user_id'],
+	];
+	$sql_ary['SELECT'] .= ', fw.notify_status';
 }
 
-$sql = "SELECT f.* $lastread_select
-	FROM $sql_from
-	WHERE f.forum_id = $forum_id";
-$result = $db->sql_query($sql);
+/**
+ * You can use this event to modify the sql that selects the forum on the viewforum page.
+ *
+ * @event core.viewforum_modify_sql
+ * @var array	sql_ary		The SQL array to get the data for a forum
+ * @since 3.3.14-RC1
+ */
+$vars = ['sql_ary'];
+extract($phpbb_dispatcher->trigger_event('core.viewforum_modify_sql', compact($vars)));
+$result = $db->sql_query($db->sql_build_query('SELECT', $sql_ary));
 $forum_data = $db->sql_fetchrow($result);
 $db->sql_freeresult($result);
 

phpBB/viewtopic.php

@@ -2071,7 +2071,7 @@ for ($i = 0, $end = count($post_list); $i < $end; ++$i)
 		'U_EMAIL'		=> $user_cache[$poster_id]['email'],
 		'U_JABBER'		=> $user_cache[$poster_id]['jabber'],
 
-		'U_APPROVE_ACTION'		=> append_sid("{$phpbb_root_path}mcp.$phpEx", "i=queue&amp;p={$row['post_id']}&amp;redirect=" . urlencode(str_replace('&amp;', '&', $viewtopic_url . '&amp;p=' . $row['post_id'] . '#p' . $row['post_id']))),
+		'U_APPROVE_ACTION'	=> append_sid("{$phpbb_root_path}mcp.$phpEx", "i=queue&amp;p={$row['post_id']}&amp;f={$row['forum_id']}&amp;redirect=" . urlencode(str_replace('&amp;', '&', $viewtopic_url . '&amp;p=' . $row['post_id'] . '#p' . $row['post_id']))),
 		'U_REPORT'			=> ($auth->acl_get('f_report', $forum_id)) ? $phpbb_container->get('controller.helper')->route('phpbb_report_post_controller', array('id' => $row['post_id'])) : '',
 		'U_MCP_REPORT'		=> ($auth->acl_get('m_report', $forum_id)) ? append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=reports&amp;mode=report_details&amp;p=' . $row['post_id'], true, $user->session_id) : '',
 		'U_MCP_APPROVE'		=> ($auth->acl_get('m_approve', $forum_id)) ? append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=queue&amp;mode=approve_details&amp;p=' . $row['post_id'], true, $user->session_id) : '',

phpBB/web.config

@@ -28,6 +28,33 @@
 			</requestFiltering>
 		</security>
 	</system.webServer>
+	<location path="config">
+		<system.webServer>
+			<security>
+				<requestFiltering>
+					<hiddenSegments>
+						<add segment="default" />
+						<add segment="development" />
+						<add segment="installer" />
+						<add segment="production" />
+						<add segment="test" />
+						<add segment=".htaccess" />
+					</hiddenSegments>
+				</requestFiltering>
+			</security>
+		</system.webServer>
+	</location>
+	<location path="ext">
+		<system.webServer>
+			<security>
+				<requestFiltering>
+					<hiddenSegments>
+						<remove segment="phpbb" />
+					</hiddenSegments>
+				</requestFiltering>
+			</security>
+		</system.webServer>
+	</location>
 	<location path="images/avatars">
 		<system.webServer>
 			<security>

tests/avatar/driver_gravatar_test.php

@@ -0,0 +1,217 @@
+<?php
+
+use phpbb\avatar\driver\gravatar;
+use phpbb\request\request;
+use phpbb\request\request_interface;
+
+/**
+ *
+ * This file is part of the phpBB Forum Software package.
+ *
+ * @copyright (c) phpBB Limited <https://www.phpbb.com>
+ * @license GNU General Public License, version 2 (GPL-2.0)
+ *
+ * For full copyright and license information, please see
+ * the docs/CREDITS.txt file.
+ *
+ */
+
+class phpbb_avatar_driver_gravatar_test extends \phpbb_database_test_case
+{
+
+	/** @var \phpbb\config\config */
+	private $config;
+
+	/** @var gravatar */
+	private $gravatar;
+
+	/** @var request_interface */
+	private $request;
+
+	/** @var \phpbb\template\template */
+	private $template;
+
+	/** @var \phpbb\user */
+	private $user;
+
+	private $template_data = [];
+
+	public function getDataSet()
+	{
+		return $this->createXMLDataSet(__DIR__ . '/fixtures/users.xml');
+	}
+
+	protected function setUp(): void
+	{
+		global $phpbb_root_path, $phpEx;
+
+		$this->config = new \phpbb\config\config(array());
+		$this->request = $this->getMockBuilder(request::class)
+			->disableOriginalConstructor()
+			->setMethods(['get_super_global'])
+			->getMock();
+		$this->request->method('get_super_global')
+			->willReturn([]);
+		$this->template = $this->getMockBuilder(\phpbb\template\twig\twig::class)
+			->disableOriginalConstructor()
+			->setMethods(['assign_vars'])
+			->getMock();
+		$this->template->method('assign_vars')
+			->will($this->returnCallback([$this, 'template_assign_vars']));
+		$this->user = $this->getMockBuilder(\phpbb\user::class)
+			->disableOriginalConstructor()
+			->getMock();
+		$filesystem = new \phpbb\filesystem\filesystem();
+		$imagesize = new \FastImageSize\FastImageSize();
+		$cache = $this->createMock('\phpbb\cache\driver\driver_interface');
+		$path_helper =  new \phpbb\path_helper(
+			new \phpbb\symfony_request(
+				$this->request
+			),
+			$filesystem,
+			$this->request,
+			$phpbb_root_path,
+			$phpEx
+		);
+
+		global $phpbb_dispatcher;
+		$phpbb_dispatcher = $this->getMockBuilder(\phpbb\event\dispatcher::class)
+			->disableOriginalConstructor()
+			->setMethods(['trigger_event'])
+			->getMock();
+		$phpbb_dispatcher->method('trigger_event')
+			->willReturnArgument(1);
+
+		$this->gravatar = new gravatar($this->config, $imagesize, $phpbb_root_path, $phpEx, $path_helper, $cache);
+		$this->gravatar->set_name('avatar.driver.gravatar');
+	}
+
+	public function template_assign_vars($data)
+	{
+		$this->template_data = array_merge($this->template_data, $data);
+	}
+
+	public function data_prepare_form(): array
+	{
+		return [
+			[
+				// Only default empty values, no request data
+				[
+					'AVATAR_GRAVATAR_WIDTH'		=> '',
+					'AVATAR_GRAVATAR_HEIGHT'	=> '',
+					'AVATAR_GRAVATAR_EMAIL'		=> '',
+				],
+				[],
+				[
+					'avatar_type'			=> '',
+					'avatar_width'			=> '',
+					'avatar_height'			=> '',
+				]
+			],
+			[
+				// Only default empty values, request data set
+				[
+					'AVATAR_GRAVATAR_WIDTH'		=> '80',
+					'AVATAR_GRAVATAR_HEIGHT'	=> '90',
+					'AVATAR_GRAVATAR_EMAIL'		=> '',
+				],
+				[
+					request_interface::POST => [
+						'avatar_type'				=> 'avatar.driver.gravatar',
+						'avatar_gravatar_width'		=> '80',
+						'avatar_gravatar_height'	=> '90',
+					],
+				],
+				[
+					'avatar_type'			=> '',
+					'avatar_width'			=> '80',
+					'avatar_height'			=> '90',
+				]
+			],
+			[
+				// Only default empty values, request data set
+				[
+					'AVATAR_GRAVATAR_WIDTH'		=> '70',
+					'AVATAR_GRAVATAR_HEIGHT'	=> '60',
+					'AVATAR_GRAVATAR_EMAIL'		=> 'bar@foo.com',
+				],
+				[
+					request_interface::POST => [
+						'avatar_type'				=> 'avatar.driver.gravatar',
+						'avatar_gravatar_width'		=> '80',
+						'avatar_gravatar_height'	=> '90',
+					],
+				],
+				[
+					'avatar_type'			=> 'avatar.driver.gravatar',
+					'avatar'				=> 'bar@foo.com',
+					'avatar_width'			=> '70',
+					'avatar_height'			=> '60',
+				]
+			],
+		];
+	}
+
+	/**
+	 * @dataProvider data_prepare_form
+	 */
+	public function test_prepare_form($expected_vars, $request_data, $row)
+	{
+		$error = [];
+		$this->template_data = [];
+
+		$request = $this->getMockBuilder(request::class)
+			->disableOriginalConstructor()
+			->setMethods(['get_super_global'])
+			->getMock();
+		$request->method('get_super_global')
+			->willReturn([]);
+
+		$requestInputReflection = new \ReflectionProperty($request, 'input');
+		$requestInputReflection->setAccessible(true);
+		$request_data[request_interface::GET] = $request_data[request_interface::GET] ?? [];
+		$request_data[request_interface::POST] = $request_data[request_interface::POST] ?? [];
+		$request_data[request_interface::REQUEST] = $request_data[request_interface::GET] + $request_data[request_interface::POST];
+		$requestInputReflection->setValue($request, $request_data);
+		$requestTypeCastHelperReflection = new \ReflectionProperty($request, 'type_cast_helper');
+		$requestTypeCastHelperReflection->setAccessible(true);
+		$requestTypeCastHelperReflection->setValue($request, new \phpbb\request\type_cast_helper());
+
+		$this->gravatar->prepare_form($request, $this->template, $this->user, $row, $error);
+
+		// Error not touched by gravatar
+		$this->assertEquals([], $error);
+
+		$this->assertEquals($expected_vars, $this->template_data);
+	}
+
+	public function test_gravatar_misc(): void
+	{
+		$this->assertEquals('ucp_avatar_options_gravatar.html', $this->gravatar->get_template_name());
+		$this->assertEquals('acp_avatar_options_gravatar.html', $this->gravatar->get_acp_template_name());
+
+		$row = [
+			'avatar_type'			=> 'avatar.driver.gravatar',
+			'avatar'				=> 'bar@foo.com',
+			'avatar_width'			=> '70',
+			'avatar_height'			=> '60',
+		];
+		$this->assertEquals('<img src="//gravatar.com/avatar/e0ee9d02824d4320a999507150c5b8a371c635c41f645ba3a7205f36384dc199?s=70" width="70" height="60" alt="" />', $this->gravatar->get_custom_html($this->user, $row));
+	}
+
+	public function test_get_data(): void
+	{
+		$row = [
+			'avatar_type'			=> 'avatar.driver.gravatar',
+			'avatar'				=> 'bar@foo.com',
+			'avatar_width'			=> '70',
+			'avatar_height'			=> '60',
+		];
+
+		$this->assertEquals([
+			'src'		=> '//gravatar.com/avatar/e0ee9d02824d4320a999507150c5b8a371c635c41f645ba3a7205f36384dc199?s=70',
+			'width'		=> '70',
+			'height'	=> '60',
+		], $this->gravatar->get_data($row));
+	}
+}

tests/cache/file_driver_test.php

@@ -17,6 +17,9 @@ class phpbb_cache_file_driver_test extends phpbb_cache_common_test_case
 {
 	private $cache_dir;
 
+	/** @var \phpbb\cache\driver\file */
+	private  $cache_file;
+
 	public function getDataSet()
 	{
 		return $this->createXMLDataSet(__DIR__ . '/fixtures/config.xml');
@@ -36,7 +39,8 @@ class phpbb_cache_file_driver_test extends phpbb_cache_common_test_case
 		}
 		$this->create_cache_dir();
 
-		$this->driver = new \phpbb\cache\driver\file($this->cache_dir);
+		$this->cache_file = new \phpbb\cache\driver\file($this->cache_dir);
+		$this->driver = $this->cache_file;
 	}
 
 	protected function tearDown(): void
@@ -49,6 +53,145 @@ class phpbb_cache_file_driver_test extends phpbb_cache_common_test_case
 		parent::tearDown();
 	}
 
+	public function test_read_not_readable()
+	{
+		if (strtolower(substr(PHP_OS, 0, 3)) === 'win')
+		{
+			$this->markTestSkipped('Unable to test unreadable files on Windows');
+		}
+
+		global $phpEx;
+
+		// Create file that is not readable
+		$this->assertTrue($this->cache_file->_write('unreadable', 'foo', time() + 86400));
+
+		$filename = "{$this->cache_dir}unreadable.$phpEx";
+		@chmod($filename, 0000);
+		$this->assertFalse($this->cache_file->_read('unreadable'));
+		@chmod($filename, 0600);
+		$this->assertNotFalse($this->cache_file->_read('unreadable'));
+	}
+
+	public function test_read_data_global_invalid()
+	{
+		global $phpEx;
+
+		$reflectionCacheVars = new \ReflectionProperty($this->cache_file, 'vars');
+		$reflectionCacheVars->setAccessible(true);
+		$reflectionCacheVars->setValue($this->cache_file, ['foo' => 'bar']);
+
+		$reflectionCacheVarExpires = new \ReflectionProperty($this->cache_file, 'var_expires');
+		$reflectionCacheVarExpires->setAccessible(true);
+		$reflectionCacheVarExpires->setValue($this->cache_file, ['foo' => time() + 86400]);
+
+		// Create file in invalid format
+		$this->assertTrue($this->cache_file->_write('data_global'));
+		$filename = "{$this->cache_dir}data_global.$phpEx";
+		$cache_data = file_get_contents($filename);
+		// Force negative read when retrieving data_global
+		$cache_data = str_replace("\n13\n", "\n1\n", $cache_data);
+		file_put_contents($filename, $cache_data);
+
+		$this->assertFalse($this->cache_file->_read('data_global'));
+	}
+
+	public function test_read_data_global_zero_bytes()
+	{
+		global $phpEx;
+
+		$reflectionCacheVars = new \ReflectionProperty($this->cache_file, 'vars');
+		$reflectionCacheVars->setAccessible(true);
+		$reflectionCacheVars->setValue($this->cache_file, ['foo' => 'bar']);
+
+		$reflectionCacheVarExpires = new \ReflectionProperty($this->cache_file, 'var_expires');
+		$reflectionCacheVarExpires->setAccessible(true);
+		$reflectionCacheVarExpires->setValue($this->cache_file, ['foo' => time() + 86400]);
+
+		// Create file in invalid format
+		$this->assertTrue($this->cache_file->_write('data_global'));
+		$filename = "{$this->cache_dir}data_global.$phpEx";
+		$cache_data = file_get_contents($filename);
+		// Force negative read when retrieving data_global
+		$cache_data = str_replace("\n13\n", "\n0\n", $cache_data);
+		file_put_contents($filename, $cache_data);
+
+		$this->assertFalse($this->cache_file->_read('data_global'));
+	}
+
+	public function test_read_data_global_hex_bytes()
+	{
+		global $phpEx;
+
+		$reflectionCacheVars = new \ReflectionProperty($this->cache_file, 'vars');
+		$reflectionCacheVars->setAccessible(true);
+		$reflectionCacheVars->setValue($this->cache_file, ['foo' => 'bar']);
+
+		$reflectionCacheVarExpires = new \ReflectionProperty($this->cache_file, 'var_expires');
+		$reflectionCacheVarExpires->setAccessible(true);
+		$reflectionCacheVarExpires->setValue($this->cache_file, ['foo' => time() + 86400]);
+
+		// Create file in invalid format
+		$this->assertTrue($this->cache_file->_write('data_global'));
+		$filename = "{$this->cache_dir}data_global.$phpEx";
+		$cache_data = file_get_contents($filename);
+		// Force negative read when retrieving data_global
+		$cache_data = str_replace("\n13\n", "\nA\n", $cache_data);
+		file_put_contents($filename, $cache_data);
+
+		$this->assertFalse($this->cache_file->_read('data_global'));
+	}
+
+	public function test_read_data_global_expired()
+	{
+		$reflectionCacheVars = new \ReflectionProperty($this->cache_file, 'vars');
+		$reflectionCacheVars->setAccessible(true);
+		$reflectionCacheVars->setValue($this->cache_file, ['foo' => 'bar']);
+
+		$reflectionCacheVarExpires = new \ReflectionProperty($this->cache_file, 'var_expires');
+		$reflectionCacheVarExpires->setAccessible(true);
+		$reflectionCacheVarExpires->setValue($this->cache_file, ['foo' => time() - 86400]);
+
+		// Create file in invalid format
+		$this->assertTrue($this->cache_file->_write('data_global'));
+
+		// Clear data
+		$reflectionCacheVars->setValue($this->cache_file, []);
+		$reflectionCacheVarExpires->setValue($this->cache_file, []);
+
+		$this->assertTrue($this->cache_file->_read('data_global'));
+
+		// Check data, should be empty
+		$this->assertEquals([], $reflectionCacheVars->getValue($this->cache_file));
+	}
+
+	public function test_read_data_global()
+	{
+		$reflectionCacheVars = new \ReflectionProperty($this->cache_file, 'vars');
+		$reflectionCacheVars->setAccessible(true);
+		$expectedVars = ['foo' => 'bar'];
+		$reflectionCacheVars->setValue($this->cache_file, $expectedVars);
+
+		$reflectionCacheVarExpires = new \ReflectionProperty($this->cache_file, 'var_expires');
+		$reflectionCacheVarExpires->setAccessible(true);
+		$expectedVarExpires = ['foo' => time() + 86400];
+		$reflectionCacheVarExpires->setValue($this->cache_file, $expectedVarExpires);
+
+		// Create file in invalid format
+		$this->assertTrue($this->cache_file->_write('data_global'));
+
+		// Clear data
+		$reflectionCacheVars->setValue($this->cache_file, []);
+		$reflectionCacheVarExpires->setValue($this->cache_file, []);
+		$this->assertEquals([], $reflectionCacheVars->getValue($this->cache_file));
+		$this->assertEquals([], $reflectionCacheVarExpires->getValue($this->cache_file));
+
+		$this->assertTrue($this->cache_file->_read('data_global'));
+
+		// Check data, should be empty
+		$this->assertEquals($expectedVars, $reflectionCacheVars->getValue($this->cache_file));
+		$this->assertEquals($expectedVarExpires, $reflectionCacheVarExpires->getValue($this->cache_file));
+	}
+
 	private function create_cache_dir()
 	{
 		$this->get_test_case_helpers()->makedirs($this->cache_dir);

tests/console/user/delete_id_test.php

@@ -0,0 +1,129 @@
+<?php
+/**
+*
+* This file is part of the phpBB Forum Software package.
+*
+* @copyright (c) phpBB Limited <https://www.phpbb.com>
+* @license GNU General Public License, version 2 (GPL-2.0)
+*
+* For full copyright and license information, please see
+* the docs/CREDITS.txt file.
+*
+*/
+
+use Symfony\Component\Console\Application;
+use Symfony\Component\Console\Tester\CommandTester;
+use phpbb\console\command\user\delete_id;
+
+require_once __DIR__ . '/base.php';
+
+class phpbb_console_user_delete_ids_test extends phpbb_console_user_base
+{
+	public function get_command_tester()
+	{
+		$application = new Application();
+		$application->add(new delete_id(
+			$this->db,
+			$this->language,
+			$this->log,
+			$this->user,
+			$this->user_loader,
+			BOTS_TABLE,
+			USER_GROUP_TABLE,
+			USERS_TABLE,
+			$this->phpbb_root_path,
+			$this->php_ext
+		));
+
+		$command = $application->find('user:delete_id');
+		$this->command_name = $command->getName();
+		$this->question = $command->getHelper('question');
+
+		return new CommandTester($command);
+	}
+
+	public function test_delete()
+	{
+		$command_tester = $this->get_command_tester();
+
+		$command_tester->setInputs(['yes', '']);
+
+		$command_tester->execute(array(
+			'command'			=> $this->command_name,
+			'user_ids'			=> [3, 4],
+			'--delete-posts'	=> false,
+		));
+
+		$this->assertNull($this->get_user_id('Test'));
+		$this->assertNull($this->get_user_id('Test 2'));
+		$this->assertStringContainsString('CLI_USER_DELETE_ID_SUCCESS', $command_tester->getDisplay());
+	}
+
+	public function test_delete_one()
+	{
+		$command_tester = $this->get_command_tester();
+
+		$command_tester->setInputs(['yes', '']);
+
+		$command_tester->execute(array(
+			'command'			=> $this->command_name,
+			'user_ids'			=> [3],
+			'--delete-posts'	=> false,
+		));
+
+		$this->assertNull($this->get_user_id('Test'));
+		$this->assertNotNull($this->get_user_id('Test 2'));
+		$this->assertStringContainsString('CLI_USER_DELETE_ID_SUCCESS', $command_tester->getDisplay());
+	}
+
+	public function test_delete_bot()
+	{
+		$command_tester = $this->get_command_tester();
+
+		$this->assertNotNull($this->get_user_id('Test Bot'));
+
+		$command_tester->setInputs(['yes', '']);
+
+		$command_tester->execute(array(
+			'command'			=> $this->command_name,
+			'user_ids'			=> [6],
+			'--delete-posts'	=> false,
+		));
+
+		$this->assertNull($this->get_user_id('Test Bot'));
+		$this->assertStringContainsString('CLI_USER_DELETE_ID_SUCCESS', $command_tester->getDisplay());
+	}
+
+	public function test_delete_non_user()
+	{
+		$command_tester = $this->get_command_tester();
+
+		$command_tester->setInputs(['yes', '']);
+
+		$command_tester->execute(array(
+			'command'			=> $this->command_name,
+			'user_ids'			=> [999],
+			'--delete-posts'	=> false,
+		));
+
+		$this->assertStringContainsString('CLI_USER_DELETE_NONE', $command_tester->getDisplay());
+	}
+
+	public function test_delete_cancel()
+	{
+		$command_tester = $this->get_command_tester();
+
+		$this->assertEquals(3, $this->get_user_id('Test'));
+
+		$command_tester->setInputs(['no', '']);
+
+		$command_tester->execute(array(
+			'command'			=> $this->command_name,
+			'user_ids'			=> [3, 4],
+			'--delete-posts'	=> false,
+		));
+
+		$this->assertNotNull($this->get_user_id('Test'));
+		$this->assertNotNull($this->get_user_id('Test 2'));
+	}
+}