[prep-release-3.3.15] Update changelog for 3.3.15-RC1

[ticket/17478] Add security policy file

SECURITY.md

@@ -0,0 +1,13 @@
+# Security Policy
+
+## Reporting a Vulnerability
+
+Please do not post potential security vulnerabilities publicly. Instead, report them to the phpBB team.
+We take security very seriously and will respond to reports about potential security vulnerabilities as quickly as possible.
+There are multiple ways a potential security vulnerability can be reported:
+
+- HackerOne: [phpBB | Vulnerability Disclosure Program | HackerOne](https://hackerone.com/phpbb)
+- Create a report in the security tracker: [Security Tracker](https://www.phpbb.com/security/)
+- Send an email: [security@phpbb.com](mailto:security@phpbb.com)
+
+Please provide as much detail as possible when reporting a vulnerability. You can expect to receive an update on your report within a few days. If the vulnerability is accepted, we will work on a fix and keep you informed of the progress. If the vulnerability is declined, we will provide an explanation.

build/build.xml

@@ -2,9 +2,9 @@
 
 <project name="phpBB" description="The phpBB forum software" default="all" basedir="../">
 	<!-- a few settings for the build -->
-	<property name="newversion" value="3.3.14" />
-	<property name="prevversion" value="3.3.13" />
-	<property name="olderversions" value="3.1.0, 3.1.1, 3.1.2, 3.1.3, 3.1.4, 3.1.5, 3.1.6, 3.1.7, 3.1.7-pl1, 3.1.8, 3.1.9, 3.1.10, 3.1.11, 3.1.12, 3.2.0, 3.2.1, 3.2.2, 3.2.3, 3.2.4, 3.2.5, 3.2.6, 3.2.7, 3.2.8, 3.2.9, 3.2.10, 3.2.11, 3.3.0, 3.3.1, 3.3.2, 3.3.3, 3.3.4, 3.3.5, 3.3.6, 3.3.7, 3.3.8, 3.3.9, 3.3.10, 3.3.11, 3.3.12, 3.3.14-RC1" />
+	<property name="newversion" value="3.3.15-RC1" />
+	<property name="prevversion" value="3.3.14" />
+	<property name="olderversions" value="3.1.0, 3.1.1, 3.1.2, 3.1.3, 3.1.4, 3.1.5, 3.1.6, 3.1.7, 3.1.7-pl1, 3.1.8, 3.1.9, 3.1.10, 3.1.11, 3.1.12, 3.2.0, 3.2.1, 3.2.2, 3.2.3, 3.2.4, 3.2.5, 3.2.6, 3.2.7, 3.2.8, 3.2.9, 3.2.10, 3.2.11, 3.3.0, 3.3.1, 3.3.2, 3.3.3, 3.3.4, 3.3.5, 3.3.6, 3.3.7, 3.3.8, 3.3.9, 3.3.10, 3.3.11, 3.3.12, 3.3.13" />
 	<!-- no configuration should be needed beyond this point -->
 
 	<property name="oldversions" value="${olderversions}, ${prevversion}" />

phpBB/docs/CHANGELOG.html

@@ -50,6 +50,7 @@
 <ol>
 	<li><a href="#changelog">Changelog</a>
 	<ul>
+		<li><a href="#v3314">Changes since 3.3.14</a></li>
 		<li><a href="#v3314rc1">Changes since 3.3.14-RC1</a></li>
 		<li><a href="#v3313">Changes since 3.3.13</a></li>
 		<li><a href="#v3313rc1">Changes since 3.3.13-RC1</a></li>
@@ -173,6 +174,32 @@
 		<div class="inner">
 
 		<div class="content">
+			<a name="v3314"></a><h3>Changes since 3.3.14</h3>
+			<h4>Bug</h4>
+			<ul>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17227">PHPBB-17227</a>] - Member list sorting bug - repeating users on several pages</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17381">PHPBB-17381</a>] - 'topic_views' column overflow blocks access to the topic</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17417">PHPBB-17417</a>] - Day selection not visible when no results</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17422">PHPBB-17422</a>] - Ascending posts pagination</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17436">PHPBB-17436</a>] - PHP fatal error while converting from phpBB 2.0 with Attachment MOD</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17455">PHPBB-17455</a>] - PHP warning on MySQLi connection failure</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17463">PHPBB-17463</a>] - Extra &amp; in unread posts search pagination </li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17468">PHPBB-17468</a>] - Reset password feature is not restricted to email</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17470">PHPBB-17470</a>] - Enable feeds setting not enforced</li>
+			</ul>
+			<h4>Improvement</h4>
+			<ul>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17429">PHPBB-17429</a>] - Adding event before users have been added to a group</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17431">PHPBB-17431</a>] - Add more vars to memberlist event</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17433">PHPBB-17433</a>] - Unclear instructions in ACP, Server settings</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17443">PHPBB-17443</a>] - Various Guzzle client issues for version checks</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17446">PHPBB-17446</a>] - Add acp_account_activation_edit_add event</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17461">PHPBB-17461</a>] - Add php events for ACP main actions</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17467">PHPBB-17467</a>] - Add TLS v.1.3 support to email messenger connection</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17471">PHPBB-17471</a>] - Forum feed link in forumlist_body does not return the correct URL</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB-17478">PHPBB-17478</a>] - Add security policy to repository</li>
+			</ul>
+
 			<a name="v3314rc1"></a><h3>Changes since 3.3.14-RC1</h3>
 			<h4>Improvement</h4>
 			<ul>

phpBB/includes/acp/acp_board.php

@@ -386,7 +386,7 @@ class acp_board
 					'vars'	=> array(
 						'legend1'				=> 'ACP_SERVER_SETTINGS',
 						'gzip_compress'			=> array('lang' => 'ENABLE_GZIP',		'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
-						'use_system_cron'		=> array('lang' => 'USE_SYSTEM_CRON',		'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
+						'use_system_cron'		=> array('lang' => 'USE_SYSTEM_CRON',		'validate' => 'bool',	'type' => 'radio:enabled_disabled', 'explain' => true),
 
 						'legend2'				=> 'PATH_SETTINGS',
 						'enable_mod_rewrite'	=> array('lang' => 'MOD_REWRITE_ENABLE',	'validate' => 'bool',	'type' => 'custom', 'method' => 'enable_mod_rewrite', 'explain' => true),
@@ -921,7 +921,7 @@ class acp_board
 	*/
 	function select_acc_activation($selected_value, $value)
 	{
-		global $user, $config;
+		global $user, $config, $phpbb_dispatcher;
 
 		$act_ary = array(
 			'ACC_DISABLE'	=> array(true, USER_ACTIVATION_DISABLE),
@@ -931,6 +931,18 @@ class acp_board
 		);
 
 		$act_options = '';
+
+		/**
+		 * Event to add and/or modify account activation configurations
+		 *
+		 * @event core.acp_account_activation_edit_add
+		 * @var	array	act_ary		Array of account activation methods
+		 * @var	string	act_options	Options available in the activation method
+		 * @since 3.3.15-RC1
+		 */
+		$vars = ['act_ary', 'act_options'];
+		extract($phpbb_dispatcher->trigger_event('core.acp_account_activation_edit_add', compact($vars)));
+
 		foreach ($act_ary as $key => $data)
 		{
 			list($available, $value) = $data;

phpBB/includes/acp/acp_main.php

@@ -100,6 +100,20 @@ class acp_main
 					default:
 						$confirm = true;
 						$confirm_lang = 'CONFIRM_OPERATION';
+
+						/**
+						 * Event to add confirm box for custom ACP quick actions
+						 *
+						 * @event core.acp_main_add_actions_confirm
+						 * @var	string	id				The module ID
+						 * @var	string	mode			The module mode
+						 * @var	string	action			Custom action type name
+						 * @var	boolean	confirm			Do we display the confirm box to run the custom action
+						 * @var	string	confirm_lang	Lang var name to display in confirm box
+						 * @since 3.3.15-RC1
+						 */
+						$vars = ['id', 'mode', 'action', 'confirm', 'confirm_lang'];
+						extract($phpbb_dispatcher->trigger_event('core.acp_main_add_actions_confirm', compact($vars)));
 				}
 
 				if ($confirm)
@@ -423,6 +437,19 @@ class acp_main
 							trigger_error('PURGE_SESSIONS_SUCCESS');
 						}
 					break;
+
+					default:
+						/**
+						 * Event to add custom ACP quick actions
+						 *
+						 * @event core.acp_main_add_actions
+						 * @var	string	id				The module ID
+						 * @var	string	mode			The module mode
+						 * @var	string	action			Custom action type name
+						 * @since 3.3.15-RC1
+						 */
+						$vars = ['id', 'mode', 'action'];
+						extract($phpbb_dispatcher->trigger_event('core.acp_main_add_actions', compact($vars)));
 				}
 			}
 		}

phpBB/includes/constants.php

@@ -28,7 +28,7 @@ if (!defined('IN_PHPBB'))
 */
 
 // phpBB Version
-@define('PHPBB_VERSION', '3.3.14');
+@define('PHPBB_VERSION', '3.3.15-RC1');
 
 // QA-related
 // define('PHPBB_QA', 1);

phpBB/includes/functions_messenger.php

@@ -1615,12 +1615,10 @@ class smtp_class
 		$result = false;
 		$stream_meta = stream_get_meta_data($this->socket);
 
-		if (socket_set_blocking($this->socket, 1))
+		if (stream_set_blocking($this->socket, 1))
 		{
-			// https://secure.php.net/manual/en/function.stream-socket-enable-crypto.php#119122
-			$crypto = (phpbb_version_compare(PHP_VERSION, '5.6.7', '<')) ? STREAM_CRYPTO_METHOD_TLS_CLIENT : STREAM_CRYPTO_METHOD_SSLv23_CLIENT;
-			$result = stream_socket_enable_crypto($this->socket, true, $crypto);
-			socket_set_blocking($this->socket, (int) $stream_meta['blocked']);
+			$result = stream_socket_enable_crypto($this->socket, true, STREAM_CRYPTO_METHOD_TLS_CLIENT);
+			stream_set_blocking($this->socket, (int) $stream_meta['blocked']);
 		}
 
 		return $result;

phpBB/includes/functions_user.php

@@ -2759,6 +2759,28 @@ function group_user_add($group_id, $user_id_ary = false, $username_ary = false,
 		return 'GROUP_USERS_EXIST';
 	}
 
+	/**
+	 * Event before users are added to a group
+	 *
+	 * @event core.group_add_user_before
+	 * @var	int		group_id		ID of the group to which users are added
+	 * @var	string 	group_name		Name of the group
+	 * @var	array	user_id_ary		IDs of the users to be added
+	 * @var	array	username_ary	Names of the users to be added
+	 * @var	int		pending			Pending setting, 1 if user(s) added are pending
+	 * @var	array	add_id_ary		IDs of the users to be added who are not members yet
+	 * @since 3.3.15-RC1
+	 */
+	$vars = array(
+		'group_id',
+		'group_name',
+		'user_id_ary',
+		'username_ary',
+		'pending',
+		'add_id_ary',
+	);
+	extract($phpbb_dispatcher->trigger_event('core.group_add_user_before', compact($vars)));
+
 	$db->sql_transaction('begin');
 
 	// Insert the new users

phpBB/install/convertors/convert_phpbb20.php

@@ -38,7 +38,7 @@ $dbms = $phpbb_config_php_file->convert_30_dbms_to_31($dbms);
 $convertor_data = array(
 	'forum_name'	=> 'phpBB 2.0.x',
 	'version'		=> '1.0.3',
-	'phpbb_version'	=> '3.3.14',
+	'phpbb_version'	=> '3.3.15',
 	'author'		=> '<a href="https://www.phpbb.com/">phpBB Limited</a>',
 	'dbms'			=> $dbms,
 	'dbhost'		=> $dbhost,

phpBB/install/convertors/functions_phpbb20.php

@@ -1418,9 +1418,9 @@ function phpbb_attachment_extension_group_name()
 	$result = $db->sql_query($sql);
 
 	$extension_groups_updated = array();
-	while ($lang_dir = $db->sql_fetchfield('lang_dir'))
+	while ($row = $db->sql_fetchrow($result))
 	{
-		$lang_dir = basename($lang_dir);
+		$lang_dir = basename($row['lang_dir']);
 		$lang_file = $phpbb_root_path . 'language/' . $lang_dir . '/acp/attachments.' . $phpEx;
 
 		if (!file_exists($lang_file))

phpBB/install/phpbbcli.php

@@ -23,7 +23,7 @@ if (php_sapi_name() !== 'cli')
 define('IN_PHPBB', true);
 define('IN_INSTALL', true);
 define('PHPBB_ENVIRONMENT', 'production');
-define('PHPBB_VERSION', '3.3.14');
+define('PHPBB_VERSION', '3.3.15-RC1');
 $phpbb_root_path = __DIR__ . '/../';
 $phpEx = substr(strrchr(__FILE__, '.'), 1);
 

phpBB/install/schemas/schema_data.sql

@@ -316,7 +316,7 @@ INSERT INTO phpbb_config (config_name, config_value) VALUES ('update_hashes_lock
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('upload_icons_path', 'images/upload_icons');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('upload_path', 'files');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('use_system_cron', '0');
-INSERT INTO phpbb_config (config_name, config_value) VALUES ('version', '3.3.14');
+INSERT INTO phpbb_config (config_name, config_value) VALUES ('version', '3.3.15-RC1');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('warnings_expire_days', '90');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('warnings_gc', '14400');
 

phpBB/language/en/acp/board.php

@@ -493,8 +493,8 @@ $lang = array_merge($lang, array(
 	'SMILIES_PATH_EXPLAIN'		=> 'Path under your phpBB root directory, e.g. <samp>images/smilies</samp>.',
 	'UPLOAD_ICONS_PATH'			=> 'Extension group icons storage path',
 	'UPLOAD_ICONS_PATH_EXPLAIN'	=> 'Path under your phpBB root directory, e.g. <samp>images/upload_icons</samp>.',
-	'USE_SYSTEM_CRON'		=> 'Run periodic tasks from system cron',
-	'USE_SYSTEM_CRON_EXPLAIN'		=> 'When off, phpBB will arrange for periodic tasks to be run automatically. When on, phpBB will not schedule any periodic tasks by itself; a system administrator must arrange for <code>bin/phpbbcli.php cron:run</code> to be run by the system cron facility at regular intervals (e.g. every 5 minutes).',
+	'USE_SYSTEM_CRON'			=> 'Run periodic tasks from operating system cron',
+	'USE_SYSTEM_CRON_EXPLAIN'	=> 'When disabled, phpBB will arrange for periodic tasks to be run automatically. When enabled, phpBB will not schedule any periodic tasks by itself; a system administrator must arrange for <code>bin/phpbbcli.php cron:run</code> to be run by the operating system cron facility at regular intervals (e.g. every 5 minutes).',
 ));
 
 // Security Settings

phpBB/memberlist.php

@@ -816,11 +816,26 @@ switch ($mode)
 		* Modify user's template vars before we display the profile
 		*
 		* @event core.memberlist_modify_view_profile_template_vars
-		* @var	array	template_ary	Array with user's template vars
+		* @var	array	template_ary			Array with user's template vars
+		* @var	int		user_id					The user ID
+		* @var	bool	user_notes_enabled		Is the mcp user notes module enabled?
+		* @var	bool	warn_user_enabled		Is the mcp warnings module enabled?
+		* @var	bool	friends_enabled			Is the ucp friends module enabled?
+		* @var	bool	foes_enabled			Is the ucp foes module enabled?
+		* @var	bool    friend					Is the user friend?
+		* @var	bool	foe						Is the user foe?
 		* @since 3.2.6-RC1
+		* @changed 3.3.15-RC1 Added vars user_id, user_notes_enabled, warn_user_enabled, friend, friends_enabled, foe, foes_enabled
 		*/
 		$vars = array(
 			'template_ary',
+			'user_id',
+			'user_notes_enabled',
+			'warn_user_enabled',
+			'friend',
+			'friends_enabled',
+			'foe',
+			'foes_enabled',
 		);
 		extract($phpbb_dispatcher->trigger_event('core.memberlist_modify_view_profile_template_vars', compact($vars)));
 
@@ -1375,10 +1390,10 @@ switch ($mode)
 
 		$order_by .= $sort_key_sql[$sort_key] . ' ' . (($sort_dir == 'a') ? 'ASC' : 'DESC');
 
-		// Unfortunately we must do this here for sorting by rank, else the sort order is applied wrongly
-		if ($sort_key == 'm')
+		// For sorting by non-unique columns (rank, posts) add unique sort key to avoid duplicated rows in results
+		if ($sort_key == 'm' || $sort_key == 'd')
 		{
-			$order_by .= ', u.user_posts DESC';
+			$order_by .= ', u.user_id ASC';
 		}
 
 		/**

phpBB/phpbb/db/driver/mysqli.php

@@ -59,14 +59,17 @@ class mysqli extends \phpbb\db\driver\mysql_base
 			}
 		}
 
-		$this->db_connect_id = mysqli_init();
-
-		if (!@mysqli_real_connect($this->db_connect_id, $this->server, $this->user, $sqlpassword, $this->dbname, $port, $socket, MYSQLI_CLIENT_FOUND_ROWS))
+		if (!$this->db_connect_id = mysqli_init())
 		{
-			$this->db_connect_id = '';
+			$this->connect_error = 'Failed to initialize MySQLi object.';
+
+		}
+		else if (!@mysqli_real_connect($this->db_connect_id, $this->server, $this->user, $sqlpassword, $this->dbname, $port, $socket, MYSQLI_CLIENT_FOUND_ROWS))
+		{
+			$this->connect_error = 'Failed to establish a connection to the MySQL database engine. Please ensure MySQL server is running and the database configuration parameters are correct.';
 		}
 
-		if ($this->db_connect_id && $this->dbname != '')
+		if (!$this->connect_error && $this->db_connect_id && $this->dbname != '')
 		{
 			// Disable loading local files on client side
 			@mysqli_options($this->db_connect_id, MYSQLI_OPT_LOCAL_INFILE, false);
@@ -357,15 +360,8 @@ class mysqli extends \phpbb\db\driver\mysql_base
 		if ($this->db_connect_id)
 		{
 			$error = [
-				'message'	=> $this->db_connect_id->error,
-				'code'		=> $this->db_connect_id->errno,
-			];
-		}
-		else if (function_exists('mysqli_connect_error'))
-		{
-			$error = [
-				'message'	=> $this->db_connect_id->connect_error,
-				'code'		=> $this->db_connect_id->connect_errno,
+				'message'	=> $this->db_connect_id->connect_error ?: $this->db_connect_id->error,
+				'code'		=> $this->db_connect_id->connect_errno ?: $this->db_connect_id->errno,
 			];
 		}
 		else

phpBB/phpbb/db/migration/data/v33x/topic_views_update.php

@@ -0,0 +1,47 @@
+<?php
+/**
+*
+* This file is part of the phpBB Forum Software package.
+*
+* @copyright (c) phpBB Limited <https://www.phpbb.com>
+* @license GNU General Public License, version 2 (GPL-2.0)
+*
+* For full copyright and license information, please see
+* the docs/CREDITS.txt file.
+*
+*/
+
+namespace phpbb\db\migration\data\v33x;
+
+class topic_views_update extends \phpbb\db\migration\migration
+{
+	public static function depends_on()
+	{
+		return [
+			'\phpbb\db\migration\data\v33x\v3314',
+		];
+	}
+
+	public function update_schema(): array
+	{
+		// This extends the topic view count field so we can support much larger values.
+		return [
+			'change_columns' => [
+				$this->table_prefix . 'topics' => [
+					'topic_views'  => ['ULINT', 0],
+				],
+			]
+		];
+	}
+
+	public function revert_schema(): array
+	{
+		return [
+			'change_columns' => [
+				$this->table_prefix . 'topics' => [
+					'topic_views'  => ['UINT', 0],
+				],
+			]
+		];
+	}
+}

phpBB/phpbb/db/migration/data/v33x/v3315rc1.php

@@ -0,0 +1,36 @@
+<?php
+/**
+ *
+ * This file is part of the phpBB Forum Software package.
+ *
+ * @copyright (c) phpBB Limited <https://www.phpbb.com>
+ * @license GNU General Public License, version 2 (GPL-2.0)
+ *
+ * For full copyright and license information, please see
+ * the docs/CREDITS.txt file.
+ *
+ */
+
+namespace phpbb\db\migration\data\v33x;
+
+class v3315rc1 extends \phpbb\db\migration\migration
+{
+	public function effectively_installed()
+	{
+		return version_compare($this->config['version'], '3.3.15-RC1', '>=');
+	}
+
+	public static function depends_on()
+	{
+		return [
+			'\phpbb\db\migration\data\v33x\topic_views_update',
+		];
+	}
+
+	public function update_data()
+	{
+		return [
+			['config.update', ['version', '3.3.15-RC1']],
+		];
+	}
+}

phpBB/phpbb/feed/controller/feed.php

@@ -134,6 +134,8 @@ class feed
 	 */
 	public function forums()
 	{
+		$this->check_enabled();
+
 		if (!$this->config['feed_overall_forums'])
 		{
 			$this->send_unavailable();
@@ -151,6 +153,8 @@ class feed
 	 */
 	public function news()
 	{
+		$this->check_enabled();
+
 		// Get at least one news forum
 		$sql = 'SELECT forum_id
 					FROM ' . FORUMS_TABLE . '
@@ -176,6 +180,8 @@ class feed
 	 */
 	public function topics()
 	{
+		$this->check_enabled();
+
 		if (!$this->config['feed_topics_new'])
 		{
 			$this->send_unavailable();
@@ -193,6 +199,8 @@ class feed
 	 */
 	public function topics_new()
 	{
+		$this->check_enabled();
+
 		return $this->topics();
 	}
 
@@ -205,6 +213,8 @@ class feed
 	 */
 	public function topics_active()
 	{
+		$this->check_enabled();
+
 		if (!$this->config['feed_topics_active'])
 		{
 			$this->send_unavailable();
@@ -224,6 +234,8 @@ class feed
 	 */
 	public function forum($forum_id)
 	{
+		$this->check_enabled();
+
 		if (!$this->config['feed_forum'])
 		{
 			$this->send_unavailable();
@@ -243,6 +255,8 @@ class feed
 	 */
 	public function topic($topic_id)
 	{
+		$this->check_enabled();
+
 		if (!$this->config['feed_topic'])
 		{
 			$this->send_unavailable();
@@ -260,6 +274,8 @@ class feed
 	 */
 	public function overall()
 	{
+		$this->check_enabled();
+
 		if (!$this->config['feed_overall'])
 		{
 			$this->send_unavailable();
@@ -407,6 +423,22 @@ class feed
 		return $response;
 	}
 
+	/**
+	 * Check if feeds are enabled in the configuration.
+	 *
+	 * @throws http_exception If feeds are disabled.
+	 *
+	 * @return void
+	 */
+	protected function check_enabled()
+	{
+		// Feeds are disabled, no need to continue
+		if (!$this->config['feed_enable'])
+		{
+			throw new http_exception(404, 'NO_FEED_ENABLED');
+		}
+	}
+
 	/**
 	 * Throw and exception saying that the feed isn't available
 	 *

phpBB/phpbb/file_downloader.php

@@ -51,6 +51,10 @@ class file_downloader
 		return new Client([
 			'base_uri' => $host,
 			'timeout'  => $timeout,
+			'headers' => [
+				'user-agent' => 'phpBB/' . PHPBB_VERSION,
+				'accept' => '*/*',
+			  ],
 		]);
 	}
 

phpBB/phpbb/search/base.php

@@ -76,17 +76,10 @@ class base
 				}
 			}
 
-			// change the start to the actual end of the current request if the sort direction differs
-			// from the dirction in the cache and reverse the ids later
+			// If the sort direction differs from the direction in the cache, then reverse the ids array
 			if ($reverse_ids)
 			{
-				$start = $result_count - $start - $per_page;
-
-				// the user requested a page past the last index
-				if ($start < 0)
-				{
-					return SEARCH_RESULT_NOT_IN_CACHE;
-				}
+				$stored_ids = array_reverse($stored_ids);
 			}
 
 			for ($i = $start, $n = $start + $per_page; ($i < $n) && ($i < $result_count); $i++)
@@ -102,11 +95,6 @@ class base
 			}
 			unset($stored_ids);
 
-			if ($reverse_ids)
-			{
-				$id_ary = array_reverse($id_ary);
-			}
-
 			if (!$complete)
 			{
 				return SEARCH_RESULT_INCOMPLETE;

phpBB/phpbb/ucp/controller/reset_password.php

@@ -272,7 +272,7 @@ class reset_password
 						], false)
 				]);
 
-				$messenger->send($user_row['user_notify_type']);
+				$messenger->send(NOTIFY_EMAIL);
 
 				return $this->helper->message($message);
 			}

phpBB/phpbb/version_helper.php

@@ -381,7 +381,7 @@ class version_helper
 		}
 		else if ($info === false || $force_update)
 		{
-			$info = $this->file_downloader->get($this->host, $this->path, $this->file, $this->use_ssl ? 443 : 80);
+			$info = $this->file_downloader->get($this->host, $this->path, $this->file, $this->use_ssl ? 443 : 80, 30);
 			$error_string = $this->file_downloader->get_error_string();
 
 			if (!empty($error_string))

phpBB/search.php

@@ -697,10 +697,10 @@ if ($keywords || $author || $author_id || $search_id || $submit)
 	$hilit = str_replace(' ', '|', $hilit);
 
 	$u_hilit = urlencode(html_entity_decode(str_replace('|', ' ', $hilit), ENT_COMPAT));
-	$u_show_results = '&sr=' . $show_results;
+	$u_show_results = 'sr=' . $show_results;
 	$u_search_forum = implode('&fid%5B%5D=', $search_forum);
 
-	$u_search = append_sid("{$phpbb_root_path}search.$phpEx", $u_sort_param . $u_show_results);
+	$u_search = append_sid("{$phpbb_root_path}search.$phpEx", (($u_sort_param) ? $u_sort_param . '&' : '') . $u_show_results);
 	$u_search .= ($search_id) ? '&search_id=' . $search_id : '';
 	$u_search .= ($u_hilit) ? '&keywords=' . urlencode(html_entity_decode($keywords, ENT_COMPAT)) : '';
 	$u_search .= ($search_terms != 'all') ? '&terms=' . $search_terms : '';

phpBB/styles/prosilver/style.cfg

@@ -21,8 +21,8 @@
 # General Information about this style
 name = prosilver
 copyright = © phpBB Limited, 2007
-style_version = 3.3.14
-phpbb_version = 3.3.14
+style_version = 3.3.15
+phpbb_version = 3.3.15
 
 # Defining a different template bitfield
 # template_bitfield = //g=

phpBB/styles/prosilver/template/forumlist_body.html

@@ -37,7 +37,7 @@
 					<div class="list-inner">
 						<!-- IF S_ENABLE_FEEDS and forumrow.S_FEED_ENABLED -->
 							<!--
-								<a class="feed-icon-forum" title="{L_FEED} - {forumrow.FORUM_NAME}" href="{U_FEED}?f={forumrow.FORUM_ID}">
+								<a class="feed-icon-forum" title="{L_FEED} - {forumrow.FORUM_NAME}" href="{{ path('phpbb_feed_forum', { forum_id : forumrow.FORUM_ID } ) }}">
 									<i class="icon fa-rss-square fa-fw icon-orange" aria-hidden="true"></i><span class="sr-only">{L_FEED} - {forumrow.FORUM_NAME}</span>
 								</a>
 							-->

phpBB/styles/prosilver/template/search_results.html

@@ -226,7 +226,7 @@
 <!-- ENDIF -->
 
 <div class="action-bar bottom">
-	<!-- IF .searchresults and (S_SELECT_SORT_DAYS or S_SELECT_SORT_KEY) -->
+	<!-- IF S_SELECT_SORT_DAYS or S_SELECT_SORT_KEY -->
 	<form method="post" action="{S_SEARCH_ACTION}">
 		<!-- INCLUDE display_options.html -->
 	</form>

tests/functional/feed_test.php

@@ -261,6 +261,29 @@ class phpbb_functional_feed_test extends phpbb_functional_test_case
 		$this->data['topics']['Feeds #exclude - Topic #1'] = (int) $post['topic_id'];
 	}
 
+	public function test_feeds_disabled()
+	{
+		$this->login();
+		$this->admin_login();
+
+		// Disable feeds in ACP
+		$crawler = self::request('GET', "adm/index.php?sid={$this->sid}&i=acp_board&mode=feed");
+		$form = $crawler->selectButton('Submit')->form();
+		$crawler = self::submit($form, ['config[feed_enable]' => 0]);
+		self::assertContainsLang('CONFIG_UPDATED', $crawler->filter('.successbox')->text());
+
+		// Assert that feeds aren't available
+		$crawler = self::request('GET', 'app.php/feed/overall', array(), false);
+		self::assert_response_status_code(404);
+		$this->assertContainsLang('NO_FEED_ENABLED', $crawler->text());
+
+		// Enable feeds again in ACP
+		$crawler = self::request('GET', "adm/index.php?sid={$this->sid}&i=acp_board&mode=feed");
+		$form = $crawler->selectButton('Submit')->form();
+		$crawler = self::submit($form, ['config[feed_enable]' => 1]);
+		self::assertContainsLang('CONFIG_UPDATED', $crawler->filter('.successbox')->text());
+	}
+
 	public function test_feeds_exclude()
 	{
 		$this->load_ids(array(

tests/functional/search/base.php

@@ -49,6 +49,30 @@ abstract class phpbb_functional_search_base extends phpbb_functional_test_case
 		$this->assertStringContainsString("Search found $topics_found match", $crawler->filter('.searchresults-title')->text(), $this->search_backend);
 	}
 
+	protected function assert_search_posts_by_author_id($author_id, $posts_found, $sort_key = '', $sort_dir = '')
+	{
+		// Test obtaining data from cache if sorting direction is set
+		if (!$sort_dir)
+		{
+			$this->purge_cache();
+		}
+		$crawler = self::request('GET', 'search.php?author_id=' . $author_id . ($sort_key ? "&sk=$sort_key" : '') . ($sort_dir ? "&sk=$sort_dir" : ''));
+		$this->assertEquals($posts_found, $crawler->filter('.postbody')->count(), $this->search_backend);
+		$this->assertStringContainsString("Search found $posts_found match", $crawler->filter('.searchresults-title')->text(), $this->search_backend);
+	}
+
+	protected function assert_search_topics_by_author_id($author_id, $topics_found, $sort_key = '', $sort_dir = '')
+	{
+		// Test obtaining data from cache if sorting direction is set
+		if (!$sort_dir)
+		{
+			$this->purge_cache();
+		}
+		$crawler = self::request('GET', 'search.php?sr=topics&author_id=' . $author_id . ($sort_key ? "&sk=$sort_key" : '') . ($sort_dir ? "&sk=$sort_dir" : ''));
+		$this->assertEquals($topics_found, $crawler->filter('.row')->count(), $this->search_backend);
+		$this->assertStringContainsString("Search found $topics_found match", $crawler->filter('.searchresults-title')->text(), $this->search_backend);
+	}
+
 	protected function assert_search_in_topic($topic_id, $keywords, $posts_found, $sort_key = '')
 	{
 		$this->purge_cache();
@@ -93,10 +117,14 @@ abstract class phpbb_functional_search_base extends phpbb_functional_test_case
 		$this->add_lang('common');
 
 		// Create a new standard user if needed, topic and post to test searh for author
-		if (!$this->user_exists('searchforauthoruser'))
+		if (!$searchforauthoruser_id = $this->user_exists('searchforauthoruser'))
 		{
 			$searchforauthoruser_id = $this->create_user('searchforauthoruser');
 		}
+		else
+		{
+			$searchforauthoruser_id = key($searchforauthoruser_id);
+		}
 		$this->remove_user_group('NEWLY_REGISTERED', ['searchforauthoruser']);
 		$this->set_flood_interval(0);
 		$this->login('searchforauthoruser');
@@ -161,6 +189,11 @@ abstract class phpbb_functional_search_base extends phpbb_functional_test_case
 
 			$this->assert_search_posts_by_author('searchforauthoruser', 2, $sort_key);
 			$this->assert_search_topics_by_author('searchforauthoruser', 1, $sort_key);
+
+			$this->assert_search_posts_by_author_id($searchforauthoruser_id, 2, $sort_key);
+			$this->assert_search_topics_by_author_id($searchforauthoruser_id, 1, $sort_key);
+			$this->assert_search_posts_by_author_id($searchforauthoruser_id, 2, $sort_key, 'a'); //search asc order
+			$this->assert_search_topics_by_author_id($searchforauthoruser_id, 1, $sort_key, 'a'); // search asc order
 		}
 
 		$this->assert_search_not_found('loremipsumdedo');

tests/test_framework/phpbb_functional_test_case.php

@@ -1523,9 +1523,9 @@ class phpbb_functional_test_case extends phpbb_test_case
 	* @param string $username The username to check or empty if user_id is used
 	* @param int $user_id The user id to check or empty if username is used
 	*
-	* @return bool Returns true if a user exists, false otherwise
+	* @return array Returns user_id => username array or empty array if user does not exist
 	*/
-	protected function user_exists($username, $user_id = null)
+	protected function user_exists($username = '', $user_id = '')
 	{
 		global $db;
 
@@ -1540,6 +1540,8 @@ class phpbb_functional_test_case extends phpbb_test_case
 			require_once(__DIR__ . '/../../phpBB/includes/functions_user.php');
 		}
 
-		return user_get_id_name($user_id, $username) ? false : true;
+		user_get_id_name($user_id, $username, false, true);
+
+		return $username;
 	}
 }