Merge branch 'prep-release-3.0.13'

* prep-release-3.0.13: (242 commits)
  [prep-release-3.0.13] Bump version numbers for 3.0.13 release
  [prep-release-3.0.13] Highlight security relevant changes
  [develop-olympus] Add changelog for 3.0.13 release.
  [develop-olympus] Bump version numbers for 3.0.13-RC1 release.
  [develop-olympus] Bumping version numbers to final for 3.0.13 releases.
  [ticket/13531] Send 404 Not Found.
  [ticket/13531] Explicitly disallow trailing paths (e.g. PATH_INFO).
  [ticket/13527] Apply htmlspecialchars() to data from version server.
  [ticket/13527] Remove two unused variables.
  [ticket/13526] Correctly validate the ucp_pm_options form key.
  [ticket/13523] Install PHPUnit manually instead of from PEAR.
  [ticket/13519] Correctly validate imagick path as path and not string
  [ticket/11613] Allow cookies to work on netbios domains
  [ticket/13376] Revert unnecessary change for cookies called GLOBALS 92f554e3
  [ticket/10442] Adds <dd>&nbsp;</dd> to <dl> for xhtml correctness
  [ticket/13341] Change coverage to whitelist to prevent errors with temp files.
  [ticket/13331] Use docs target for this branch, add docs-all for dev branches.
  [ticket/13324] Update sami/sami and fabpot/goutte for new zipball location.
  [ticket/13234] Fix conditions and CS
  [ticket/13234] Never allow autologin/remember me to modify the userid
  ...

.gitignore

@@ -4,9 +4,7 @@
 /phpBB/cache/*.php
 /phpBB/cache/*.lock
 /phpBB/composer.phar
-/phpBB/config.php
-/phpBB/config_dev.php
-/phpBB/config_test.php
+/phpBB/config*.php
 /phpBB/ext/*
 /phpBB/files/*
 /phpBB/images/avatars/gallery/*
@@ -14,5 +12,5 @@
 /phpBB/store/*
 /phpBB/vendor
 /tests/phpbb_unit_tests.sqlite2
-/tests/test_config.php
+/tests/test_config*.php
 /tests/tmp/*

.travis.yml

@@ -5,27 +5,36 @@ php:
   - 5.3
   - 5.4
   - 5.5
+  - 5.6
+  - hhvm
 
 env:
   - DB=mysql
-  - DB=postgres
 
 before_script:
   - sh -c "if [ '$DB' = 'postgres' ]; then psql -c 'DROP DATABASE IF EXISTS phpbb_tests;' -U postgres; fi"
   - sh -c "if [ '$DB' = 'postgres' ]; then psql -c 'create database phpbb_tests;' -U postgres; fi"
-  - sh -c "if [ '$DB' = 'mysql' ]; then mysql -e 'create database IF NOT EXISTS phpbb_tests;'; fi"
-  - sh -c "if [ '$TRAVIS_PHP_VERSION' = '5.2' ]; then pear install --force phpunit/DbUnit; phpenv rehash; fi"
+  - sh -c "if [ '$DB' = 'mariadb' ]; then travis/setup-mariadb.sh; fi"
+  - sh -c "if [ '$TRAVIS_PHP_VERSION' = '5.3' -a '$DB' = 'mysql' ]; then mysql -e 'SET GLOBAL storage_engine=MyISAM;'; fi"
+  - sh -c "if [ '$DB' = 'mysql' -o '$DB' = 'mariadb' ]; then mysql -e 'create database IF NOT EXISTS phpbb_tests;'; fi"
+  - sh -c "if [ '$TRAVIS_PHP_VERSION' = '5.2' ]; then travis/install-phpunit-5-2.sh; fi"
   - cd phpBB
   - sh -c "if [ '$TRAVIS_PHP_VERSION' != '5.2' ]; then php ../composer.phar install --dev --no-interaction --prefer-source; fi"
   - cd ..
   - sh -c "if [ `php -r "echo (int) version_compare(PHP_VERSION, '5.3.19', '>=');"` = "1" ]; then travis/setup-webserver.sh; fi"
+  - sh -c "if [ '$TRAVIS_PHP_VERSION' = '5.3.3' -a '$DB' = 'mysql' ]; then sudo apt-get update; sudo apt-get install -y parallel libimage-exiftool-perl; fi"
 
 script:
-  - sh -c "if [ '$TRAVIS_PHP_VERSION' = '5.2' ]; then phpunit --configuration travis/phpunit-$DB-travis.xml; else phpBB/vendor/bin/phpunit --configuration travis/phpunit-$DB-travis.xml; fi"
-  
-notifications:
-  email:
-    recipients:
-      - dev-team@phpbb.com
-    on_success: change
-    on_failure: change
+  - sh -c "if [ '$TRAVIS_PHP_VERSION' = '5.2' ]; then php -d include_path='.:phpunit' phpunit/phpunit.php --configuration travis/phpunit-$DB-5-2-travis.xml; else phpBB/vendor/bin/phpunit --configuration travis/phpunit-$DB-travis.xml; fi"
+  - sh -c "if [ '$TRAVIS_PHP_VERSION' = '5.3.3' -a '$DB' = 'mysql' -a '$TRAVIS_PULL_REQUEST' != 'false' ]; then git-tools/commit-msg-hook-range.sh origin/$TRAVIS_BRANCH..FETCH_HEAD; fi"
+  - sh -c "if [ '$TRAVIS_PHP_VERSION' = '5.3.3' -a '$DB' = 'mysql' ]; then find . -type f -not -path './phpBB/vendor/*' -iregex '.*\.\(gif\|jpg\|jpeg\|png\)$' | parallel --gnu --keep-order 'phpBB/develop/strip_icc_profiles.sh {}' || exit 1; fi"
+
+matrix:
+  include:
+    - php: 5.4
+      env: DB=mariadb
+    - php: 5.4
+      env: DB=postgres
+  allow_failures:
+    - php: hhvm
+  fast_finish: true

README.md

@@ -17,9 +17,11 @@ Find support and lots more on [phpBB.com](http://www.phpbb.com)! Discuss the dev
 
 ## AUTOMATED TESTING
 
-We have unit and functional tests in order to prevent regressions. You can view the bamboo continuous integration [here](http://bamboo.phpbb.com) or check our travis build below.
-develop - [![Build Status](https://secure.travis-ci.org/phpbb/phpbb3.png?branch=develop)](http://travis-ci.org/phpbb/phpbb3)
-develop-olympus - [![Build Status](https://secure.travis-ci.org/phpbb/phpbb3.png?branch=develop-olympus)](http://travis-ci.org/phpbb/phpbb3)
+We have unit and functional tests in order to prevent regressions. You can view the bamboo continuous integration [here](http://bamboo.phpbb.com) or check our travis build below:
+
+* develop [![Build Status](https://secure.travis-ci.org/phpbb/phpbb.png?branch=develop)](http://travis-ci.org/phpbb/phpbb)
+* develop-ascraeus [![Build Status](https://secure.travis-ci.org/phpbb/phpbb.png?branch=develop-ascraeus)](http://travis-ci.org/phpbb/phpbb)
+* develop-olympus [![Build Status](https://secure.travis-ci.org/phpbb/phpbb.png?branch=develop-olympus)](http://travis-ci.org/phpbb/phpbb)
 
 ## LICENSE
 

build/build.xml

@@ -2,9 +2,9 @@
 
 <project name="phpBB" description="The phpBB forum software" default="all" basedir="../">
 	<!-- a few settings for the build -->
-	<property name="newversion" value="3.0.12-RC2" />
-	<property name="prevversion" value="3.0.11" />
-	<property name="olderversions" value="3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.0.7, 3.0.7-PL1, 3.0.8, 3.0.9, 3.0.10, 3.0.12-RC1" />
+	<property name="newversion" value="3.0.13" />
+	<property name="prevversion" value="3.0.13-RC1" />
+	<property name="olderversions" value="3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.0.7, 3.0.7-PL1, 3.0.8, 3.0.9, 3.0.10, 3.0.11, 3.0.12" />
 	<!-- no configuration should be needed beyond this point -->
 
 	<property name="oldversions" value="${olderversions}, ${prevversion}" />
@@ -67,22 +67,22 @@
 		<exec dir="."
 			command="phpBB/vendor/bin/phpunit
 			--log-junit build/logs/phpunit.xml
-			--configuration phpunit.xml.all
 			--group slow
 			--coverage-clover build/logs/clover-slow.xml
 			--coverage-html build/coverage-slow"
 			passthru="true" />
 	</target>
 
+	<!-- Builds docs for current branch into build/api/output/master -->
 	<target name="docs">
-		<!-- only works if you setup phpdoctor:
-                     git clone https://github.com/peej/phpdoctor.git
-                     and then create an executable phpdoctor in your path containing
-                     #!/bin/sh
-                     php -f /path/to/phpdoctor/phpdoc.php $@
-                -->
-		<exec dir="build"
-			command="phpdoctor phpdoc-phpbb.ini"
+		<exec dir="."
+			command="phpBB/vendor/bin/sami.php update build/sami-checkout.conf.php"
+			passthru="true" />
+	</target>
+	<!-- Builds docs for multiple branches/tags into build/api/output/$branch -->
+	<target name="docs-all">
+		<exec dir="."
+			command="phpBB/vendor/bin/sami.php update build/sami-all.conf.php"
 			passthru="true" />
 	</target>
 
@@ -105,7 +105,7 @@
 			<property name="dir" value="build/old_versions/release-${version}" />
 		</phingcall>
 
-		<exec dir="build/old_versions" command="diff -crNEBwd release-${version} release-${newversion} >
+		<exec dir="build/old_versions" command="LC_ALL=C diff -crNEBwd release-${version} release-${newversion} >
 			../new_version/patches/phpBB-${version}_to_${newversion}.patch" escape="false" />
 	</target>
 
@@ -131,24 +131,52 @@
 
 	<target name="package" depends="clean,prepare,prepare-new-version,old-version-diffs">
 		<exec dir="build" command="php -f package.php '${versions}' > logs/package.log" escape="false" />
-		<exec dir="build" command="php -f build_diff.php '${prevversion}' '${newversion}' > logs/build_diff.log" escape="false" />
-
 		<exec dir="build" escape="false"
 			command="diff -crNEBwd old_versions/release-${prevversion}/language new_version/phpBB3/language >
-				save/save_${prevversion}_to_${newversion}/language/phpbb-${prevversion}_to_${newversion}_language.patch" />
+				save/phpbb-${prevversion}_to_${newversion}_language.patch" />
 		<exec dir="build" escape="false"
 			command="diff -crNEBwd old_versions/release-${prevversion}/styles/prosilver new_version/phpBB3/styles/prosilver >
-				save/save_${prevversion}_to_${newversion}/prosilver/phpbb-${prevversion}_to_${newversion}_prosilver.patch" />
+				save/phpbb-${prevversion}_to_${newversion}_prosilver.patch" />
 		<exec dir="build" escape="false"
 			command="diff -crNEBwd old_versions/release-${prevversion}/styles/subsilver2 new_version/phpBB3/styles/subsilver2 >
-				save/save_${prevversion}_to_${newversion}/subsilver2/phpbb-${prevversion}_to_${newversion}_subsilver2.patch" />
+				save/phpbb-${prevversion}_to_${newversion}_subsilver2.patch" />
 
 		<exec dir="build" escape="false"
 			command="git shortlog --summary --numbered release-${prevversion}...HEAD >
-				save/save_${prevversion}_to_${newversion}/phpbb-${prevversion}_to_${newversion}_git_shortlog.txt" />
+				save/phpbb-${prevversion}_to_${newversion}_git_shortlog.txt" />
 		<exec dir="build" escape="false"
 			command="git diff --stat release-${prevversion}...HEAD >
-				save/save_${prevversion}_to_${newversion}/phpbb-${prevversion}_to_${newversion}_git_diffstat.txt" />
+				save/phpbb-${prevversion}_to_${newversion}_git_diffstat.txt" />
+
+		<phingcall target="checksum-dir">
+			<property name="dir" value="build/new_version/release_files" />
+		</phingcall>
+	</target>
+
+	<target name="checksum-dir">
+		<foreach param="filename" absparam="absfilename" target="checksum-file">
+			<fileset dir="${dir}">
+				<type type="file" />
+			</fileset>
+		</foreach>
+	</target>
+
+	<target name="checksum-file">
+		<echo msg="Creating checksum file for ${absfilename}" />
+		<php function="dirname" returnProperty="dir"><param value="${absfilename}"/></php>
+		<exec dir="${dir}" command="sha256sum ${filename} > ${filename}.sha256" />
+	</target>
+
+	<target name="announcement" depends="prepare">
+		<echo msg="Writing download links and checksums for email announcement to save/announcement_email_${newversion}.txt" />
+		<exec dir="build" escape="false"
+			command="php -f build_announcement.php email '${newversion}' 'new_version/release_files' sha256 >
+				save/announcement_email_${newversion}.txt"  />
+
+		<echo msg="Writing download links and checksums for bbcode announcement to save/announcement_bbcode_${newversion}.txt" />
+		<exec dir="build" escape="false"
+			command="php -f build_announcement.php bbcode '${newversion}' 'new_version/release_files' sha256 >
+				save/announcement_bbcode_${newversion}.txt"  />
 	</target>
 
 	<target name="changelog" depends="prepare">
@@ -170,8 +198,8 @@
 			checkreturn="true" />
 
 		<!-- Install composer dependencies, if there are any. -->
-		<exec dir="."
-			command='php -r "\$j = json_decode(file_get_contents("composer.json")); echo isset(\$j->require);"'
+		<exec dir="${dir}"
+			command='php -r "\$j = json_decode(file_get_contents(\"composer.json\")); echo isset(\$j->require);"'
 			checkreturn="true"
 			outputProperty='composer-has-dependencies' />
 		<if>
@@ -193,7 +221,7 @@
 							command="git archive ${revision} composer.phar | tar -xf - -C ${dir}"
 							checkreturn="true" />
 						<exec dir="${dir}"
-							command="php composer.phar install"
+							command="php composer.phar install --no-dev"
 							checkreturn="true"
 							passthru="true" />
 						<delete file="${dir}/composer.phar" />

build/build_announcement.php

@@ -0,0 +1,98 @@
+#!/usr/bin/env php
+<?php
+/**
+*
+* @package build
+* @copyright (c) 2013 phpBB Group
+* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2
+*
+*/
+
+if (php_sapi_name() !== 'cli' || $_SERVER['argc'] != 5)
+{
+	echo "Usage (CLI only): build_announcement.php email|bbcode new_version release_files_dir checksum_algorithm\n";
+	exit(1);
+}
+
+$mode = $_SERVER['argv'][1];
+$version = $_SERVER['argv'][2];
+$root = $_SERVER['argv'][3];
+$checksum_algorithm = $_SERVER['argv'][4];
+
+$series_version = substr($version, 0, 3);
+$base_url = "https://download.phpbb.com/pub/release/$series_version";
+
+if (strpos($version, 'RC') === false)
+{
+	// Final release
+	$install_url	= "$base_url/$version";
+	$update_url		= "$base_url/update/to_$version";
+}
+else
+{
+	$install_url	= "$base_url/release_candidates/$version";
+	$update_url		= "$base_url/release_candidates/update/other_to_$version";
+}
+
+if ($mode === 'bbcode')
+{
+	$template = "[url=%1\$s/%2\$s]%2\$s[/url]\n{$checksum_algorithm}sum: %3\$s\n";
+}
+else
+{
+	$template = "%s/%s\n{$checksum_algorithm}sum: %s\n";
+}
+
+function phpbb_rnatsort($array)
+{
+	$strrnatcmp = function($a, $b)
+	{
+		return strnatcmp($b, $a);
+	};
+	usort($array, $strrnatcmp);
+	return $array;
+}
+
+function phpbb_string_ends_with($haystack, $needle)
+{
+	return substr($haystack, -strlen($needle)) === $needle;
+}
+
+function phpbb_is_update_file($filename)
+{
+	return strpos($filename, '_to_') !== false;
+}
+
+function phpbb_get_checksum($checksum_file)
+{
+	return array_shift(explode(' ', file_get_contents($checksum_file)));
+}
+
+$install_files = $update_files = array();
+foreach (phpbb_rnatsort(array_diff(scandir($root), array('.', '..'))) as $filename)
+{
+	if (phpbb_string_ends_with($filename, $checksum_algorithm))
+	{
+		continue;
+	}
+	else if (phpbb_is_update_file($filename))
+	{
+		$update_files[] = $filename;
+	}
+	else
+	{
+		$install_files[] = $filename;
+	}
+}
+
+foreach ($install_files as $filename)
+{
+	printf($template, $install_url, $filename, phpbb_get_checksum("$root/$filename.$checksum_algorithm"));
+}
+
+echo "\n";
+
+foreach ($update_files as $filename)
+{
+	printf($template, $update_url, $filename, phpbb_get_checksum("$root/$filename.$checksum_algorithm"));
+}

build/build_diff.php

@@ -1,414 +0,0 @@
-#!/usr/bin/env php
-<?php
-/**
-*
-* @package build
-* @copyright (c) 2010 phpBB Group
-* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2
-*
-*/
-
-if ($_SERVER['argc'] != 3)
-{
-	die("Please specify the previous and current version as arguments (e.g. build_diff.php '1.0.2' '1.0.3').");
-}
-
-$old_version = trim($_SERVER['argv'][1]);
-$new_version = trim($_SERVER['argv'][2]);
-
-$substitute_old = $old_version;
-$substitute_new = $new_version;
-$simple_name_old = 'release-' . $old_version;
-$simple_name_new = 'release-' . $new_version;
-$echo_changes = false;
-
-// DO NOT EVER USE THE FOLLOWING! Fix the script to generate proper changes,
-// do NOT manually create them.
-
-// Set this to true to just compress the changes and do not build them again
-// This should be used for building custom modified txt file. ;)
-$package_changed_files = false;
-
-//$debug_file = 'includes/functions_user.php'; //'styles/prosilver/style.cfg';
-$debug_file = false;
-
-if ($debug_file !== false)
-{
-	$echo_changes = false;
-}
-
-$s_name = 'save_' . $substitute_old . '_to_' . $substitute_new;
-
-$location = dirname(__FILE__);
-
-if (!$package_changed_files)
-{
-	if (!$echo_changes)
-	{
-		// Create directory...
-		run_command("mkdir $location/save/{$s_name}");
-		run_command("mkdir $location/save/{$s_name}/language");
-		run_command("mkdir $location/save/{$s_name}/prosilver");
-		run_command("mkdir $location/save/{$s_name}/subsilver2");
-	}
-}
-
-// Build code changes and place them into 'save'
-if (!$package_changed_files)
-{
-	build_code_changes('language');
-	build_code_changes('prosilver');
-	build_code_changes('subsilver2');
-}
-
-// Package code changes
-$code_changes_filename = 'phpBB-' . $substitute_old . '_to_' . $substitute_new . '-codechanges';
-
-if (!$echo_changes)
-{
-	// Now compress the files...
-	// Build Main phpBB Release
-	$compress_programs = array(
-//		'tar.gz'	=> 'tar -czf',
-		'tar.bz2'	=> 'tar -cjf',
-		'zip'		=> 'zip -r'
-	);
-
-	chdir($location . '/save/' . $s_name);
-	foreach ($compress_programs as $extension => $compress_command)
-	{
-		echo "Packaging code changes for $extension\n";
-		run_command("rm ./../../new_version/release_files/{$code_changes_filename}.{$extension}");
-		flush();
-
-		// Build Package
-		run_command("$compress_command ./../../new_version/release_files/{$code_changes_filename}.{$extension} *");
-
-		// Build MD5 Sum
-		run_command("md5sum ./../../new_version/release_files/{$code_changes_filename}.{$extension} > ./../../new_version/release_files/{$code_changes_filename}.{$extension}.md5");
-		flush();
-	}
-}
-
-/**
-* $output_format can be: language, prosilver and subsilver2
-*/
-function build_code_changes($output_format)
-{
-	global $substitute_new, $substitute_old, $simple_name_old, $simple_name_new, $echo_changes, $package_changed_files, $location, $debug_file, $s_name;
-
-	// Global array holding the data entries
-	$data = array(
-		'header'		=> array(),
-		'diff'			=> array(),
-	);
-
-	// Read diff file and prepare the output filedata...
-	//$patch_filename = '../new_version/patches/phpBB-' . $substitute_old . '_to_' . $substitute_new . '.patch';
-	$release_filename = 'phpbb-' . $substitute_old . '_to_' . $substitute_new . '_' . $output_format . '.txt';
-
-	if (!$package_changed_files)
-	{
-		if (!$echo_changes)
-		{
-			$fp = fopen('save/' . $s_name . '/' . $output_format . '/' . $release_filename, 'wb');
-
-			if (!$fp)
-			{
-				die('Unable to create ' . $release_filename);
-			}
-		}
-	}
-
-	include_once($location . '/build_helper.php');
-	$package = new build_package(array($substitute_old, $substitute_new), false);
-
-	$titles = array(
-		'language'		=> 'phpBB ' . $substitute_old . ' to phpBB ' . $substitute_new . ' Language Pack Changes',
-		'prosilver'		=> 'phpBB ' . $substitute_old . ' to phpBB ' . $substitute_new . ' prosilver Changes',
-		'subsilver2'	=> 'phpBB ' . $substitute_old . ' to phpBB ' . $substitute_new . ' subsilver2 Changes',
-	);
-
-	$data['header'] = array(
-		'title'		=> $titles[$output_format],
-		'intro'		=> '
-
-These are the ' . $titles[$output_format] . ' summed up into a little Mod. These changes are only partial and do not include any code changes, therefore not meant for updating phpBB.
-
-	',
-		'included_files'	=> array(),
-	);
-
-	// We collect the files we want to diff first (ironically we grab this from a diff file)
-	if (!$echo_changes)
-	{
-		echo "\n\nCollecting Filenames:";
-	}
-
-	// We re-create the patch file
-	foreach ($package->old_packages as $_package_name => $dest_package_filename)
-	{
-		chdir($package->locations['old_versions']);
-
-		if (!$echo_changes)
-		{
-			echo "\n\n" . 'Creating patch/diff files for phpBB-' . $dest_package_filename . $package->get('new_version_number');
-		}
-
-		$dest_package_filename = $location . '/save/' . $s_name . '/phpBB-' . $dest_package_filename . $package->get('new_version_number') . '.patch';
-		$package->run_command('diff ' . $package->diff_options . ' ' . $_package_name . ' ' . $package->get('simple_name') . ' > ' . $dest_package_filename);
-
-		// Parse this diff to determine file changes from the checked versions and save them
-		$result = $package->collect_diff_files($dest_package_filename, $_package_name);
-		$package->run_command('rm ' . $dest_package_filename);
-	}
-
-	chdir($location);
-
-	$filenames = array();
-	foreach ($result['files'] as $filename)
-	{
-		if ($debug_file !== false && $filename != $debug_file)
-		{
-			continue;
-		}
-
-		// Decide which files to compare...
-		switch ($output_format)
-		{
-			case 'language':
-				if (strpos($filename, 'language/en/') !== 0)
-				{
-					continue 2;
-				}
-			break;
-
-			case 'prosilver':
-				if (strpos($filename, 'styles/prosilver/') !== 0)
-				{
-					continue 2;
-				}
-			break;
-
-			case 'subsilver2':
-				if (strpos($filename, 'styles/subsilver2/') !== 0)
-				{
-					continue 2;
-				}
-			break;
-		}
-
-		if (!file_exists($location . '/old_versions/' . $simple_name_old . '/' . $filename))
-		{
-			// New file... include it
-			$data['header']['included_files'][] = array(
-				'old'				=> $location . '/old_versions/' . $simple_name_old . '/' . $filename,
-				'new'				=> $location . '/old_versions/' . $simple_name_new . '/' . $filename,
-				'phpbb_filename'	=> $filename,
-			);
-			continue;
-		}
-
-		$filenames[] = array(
-			'old'				=> $location . '/old_versions/' . $simple_name_old . '/' . $filename,
-			'new'				=> $location . '/old_versions/' . $simple_name_new . '/' . $filename,
-			'phpbb_filename'	=> $filename,
-		);
-	}
-
-	// Now let us go through the filenames list and create a more comprehensive diff
-	if (!$echo_changes)
-	{
-		fwrite($fp, build_header($output_format, $filenames, $data['header']));
-	}
-	else
-	{
-		//echo build_header('text', $filenames, $data['header']);
-	}
-
-	// Copy files...
-	$files_to_copy = array();
-
-	foreach ($data['header']['included_files'] as $filename)
-	{
-		$files_to_copy[] = $filename['phpbb_filename'];
-	}
-
-	// First step is to copy the new version over (clean structure)
-	if (!$echo_changes && sizeof($files_to_copy))
-	{
-		foreach ($files_to_copy as $file)
-		{
-			// Create directory?
-			$dirname = dirname($file);
-
-			if ($dirname)
-			{
-				$dirname = explode('/', $dirname);
-				$__dir = array();
-
-				foreach ($dirname as $i => $dir)
-				{
-					$__dir[] = $dir;
-					run_command("mkdir -p $location/save/" . $s_name . '/' . $output_format . '/' . implode('/', $__dir));
-				}
-			}
-
-			$source_file = $location . '/new_version/phpBB3/' . $file;
-			$dest_file = $location . '/save/' . $s_name . '/' . $output_format . '/';
-			$dest_file .= $file;
-
-			$command = "cp -p $source_file $dest_file";
-			$result = trim(`$command`);
-			echo "- Copied File: " . $source_file . " -> " . $dest_file . "\n";
-		}
-	}
-
-	include_once('diff_class.php');
-
-	if (!$echo_changes)
-	{
-		echo "\n\nDiffing Codebases:";
-	}
-
-	foreach ($filenames as $file_ary)
-	{
-		if (!file_exists($file_ary['old']))
-		{
-			$lines1 = array();
-		}
-		else
-		{
-			$lines1 = file($file_ary['old']);
-		}
-		$lines2 = file($file_ary['new']);
-
-		if (!sizeof($lines1))
-		{
-			// New File
-		}
-		else
-		{
-			$diff = new Diff($lines1, $lines2);
-			$fmt = new BBCodeDiffFormatter(false, 5, $debug_file);
-
-			if (!$echo_changes)
-			{
-				fwrite($fp, $fmt->format_open($file_ary['phpbb_filename']));
-				fwrite($fp, $fmt->format($diff, $lines1));
-				fwrite($fp, $fmt->format_close($file_ary['phpbb_filename']));
-			}
-			else
-			{
-				echo $fmt->format_open($file_ary['phpbb_filename']);
-				echo $fmt->format($diff, $lines1);
-				echo $fmt->format_close($file_ary['phpbb_filename']);
-			}
-
-			if ($debug_file !== false)
-			{
-				echo $fmt->format_open($file_ary['phpbb_filename']);
-				echo $fmt->format($diff, $lines1);
-				echo $fmt->format_close($file_ary['phpbb_filename']);
-				exit;
-			}
-		}
-	}
-
-	if (!$echo_changes)
-	{
-		fwrite($fp, build_footer($output_format));
-
-		// Close file
-		fclose($fp);
-
-		chmod('save/' . $s_name . '/' . $output_format . '/' . $release_filename, 0666);
-	}
-	else
-	{
-		echo build_footer($output_format);
-	}
-}
-
-/**
-* Build Footer
-*/
-function build_footer($mode)
-{
-	$html = '';
-
-	$html .= "# \n";
-	$html .= "#-----[ SAVE/CLOSE ALL FILES ]------------------------------------------ \n";
-	$html .= "# \n";
-	$html .= "# EoM";
-
-	return $html;
-}
-
-/**
-* Build Header
-*/
-function build_header($mode, $filenames, $header)
-{
-	global $substitute_old;
-
-	$html = '';
-
-	$html .= "############################################################## \n";
-	$html .= "## Title: " . $header['title'] . "\n";
-	$html .= "## Author: naderman < naderman@phpbb.com > (Nils Adermann) http://www.phpbb.com \n";
-	$html .= "## Description: \n";
-
-	$intr = explode("\n", $header['intro']);
-	$introduction = '';
-	foreach ($intr as $_line)
-	{
-		$introduction .= wordwrap($_line, 80) . "\n";
-	}
-	$intr = explode("\n", $introduction);
-
-	foreach ($intr as $_line)
-	{
-		$html .= "##		" . $_line . "\n";
-	}
-	$html .= "## \n";
-	$html .= "## Files To Edit: \n";
-
-	foreach ($filenames as $file_ary)
-	{
-		$html .= "##		" . $file_ary['phpbb_filename'] . "\n";
-	}
-	$html .= "##\n";
-	if (sizeof($header['included_files']))
-	{
-		$html .= "## Included Files: \n";
-		foreach ($header['included_files'] as $filename)
-		{
-			$html .= "##		{$filename['phpbb_filename']}\n";
-		}
-	}
-	$html .= "## License: http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2 \n";
-	$html .= "############################################################## \n";
-	$html .= "\n";
-
-	// COPY Statement?
-	if (sizeof($header['included_files']))
-	{
-		$html .= "#\n#-----[ COPY ]------------------------------------------\n#\n";
-		foreach ($header['included_files'] as $filename)
-		{
-			$html .= "copy {$filename['phpbb_filename']} to {$filename['phpbb_filename']}\n";
-		}
-		$html .= "\n";
-	}
-
-	return $html;
-}
-
-function run_command($command)
-{
-	$result = trim(`$command`);
-	echo "\n- Command Run: " . $command . "\n";
-}
-
-?>

build/package.php

@@ -285,9 +285,6 @@ if (sizeof($package->old_packages))
 
 		// Build Package
 		$package->run_command($compress_command . ' ../release_files/' . $package->get('release_filename') . '-patch.' . $extension . ' *');
-
-		// Build MD5 Sum
-		$package->run_command('md5sum ../release_files/' . $package->get('release_filename') . '-patch.' . $extension . ' > ../release_files/' . $package->get('release_filename') . '-patch.' . $extension . '.md5');
 	}
 
 	// Build Files Package
@@ -319,8 +316,6 @@ if (sizeof($package->old_packages))
 
 		chdir('./release');
 		$package->run_command("$compress_command ../../release_files/" . $package->get('release_filename') . '-files.' . $extension . ' *');
-		// Build MD5 Sum
-		$package->run_command('md5sum ../../release_files/' . $package->get('release_filename') . '-files.' . $extension . ' > ../../release_files/' . $package->get('release_filename') . '-files.' . $extension . '.md5');
 		chdir('..');
 
 		$package->run_command('rm -Rv ' . $package->get('files_directory') . '/release');
@@ -363,9 +358,6 @@ if (sizeof($package->old_packages))
 			// Copy last package over...
 			$package->run_command('rm -v ../release_files/phpBB-' . $last_version . ".$extension");
 			$package->run_command("$compress_command ../../release_files/phpBB-$last_version.$extension *");
-
-			// Build MD5 Sum
-			$package->run_command("md5sum ../../release_files/phpBB-$last_version.$extension > ../../release_files/phpBB-$last_version.$extension.md5");
 			chdir('..');
 		}
 
@@ -388,9 +380,6 @@ foreach ($compress_programs as $extension => $compress_command)
 
 	// Build Package
 	$package->run_command("$compress_command ./release_files/" . $package->get('release_filename') . '.' . $extension . ' ' . $package->get('package_name'));
-
-	// Build MD5 Sum
-	$package->run_command('md5sum ./release_files/' . $package->get('release_filename') . '.' . $extension . ' > ./release_files/' . $package->get('release_filename') . '.' . $extension . '.md5');
 }
 
 // Microsoft Web PI packaging
@@ -398,7 +387,6 @@ $package->begin_status('Packaging phpBB for Microsoft WebPI');
 $file = './release_files/' . $package->get('release_filename') . '.webpi.zip';
 $package->run_command('cp -p ./release_files/' . $package->get('release_filename') . ".zip $file");
 $package->run_command('cd ./../webpi && ' . $compress_programs['zip'] . " ./../new_version/$file *");
-$package->run_command("md5sum $file  > $file.md5");
 
 // verify results
 chdir($package->locations['root']);

build/phpdoc-phpbb.ini

@@ -1,145 +0,0 @@
-; Default configuration file for PHPDoctor
-
-; This config file will cause PHPDoctor to generate API documentation of
-; itself.
-
-
-; PHPDoctor settings
-; -----------------------------------------------------------------------------
-
-; Names of files to parse. This can be a single filename, or a comma separated
-; list of filenames. Wildcards are allowed.
-
-files = "*.php"
-
-; Names of files or directories to ignore. This can be a single filename, or a
-; comma separated list of filenames. Wildcards are NOT allowed.
-
-;ignore = "CVS, .svn, .git, _compiled"
-ignore = templates_c/,*HTML/default/*,spec/,*config.php*,*CVS/,test_chora.php,testupdate/,cache/,store/,*proSilver/,develop/,includes/utf/data/,includes/captcha/fonts/,install/update/,install/update.new/,files/,*phpinfo.php*,*update_script.php*,*upgrade.php*,*convert.php*,install/converter/,language/de/,script/,*swatch.php*,*test.php*,*test2.php*,*install.php*,*functions_diff.php*,*acp_update.php*,acm_xcache.php
-
-; The directory to look for files in, if not used the PHPDoctor will look in
-; the current directory (the directory it is run from).
-
-source_path = "../phpBB/"
-
-; If you do not want PHPDoctor to look in each sub directory for files
-; uncomment this line.
-
-;subdirs = off
-
-; Set how loud PHPDoctor is as it runs. Quiet mode suppresses all output other
-; than warnings and errors. Verbose mode outputs additional messages during
-; execution.
-
-quiet = on
-;verbose = on
-
-; Select the doclet to use for generating output.
-
-doclet = standard
-;doclet = debug
-
-; The directory to find the doclet in. Doclets control the HTML output of
-; phpDoctor and can be modified to suit your needs. They are expected to be 
-; in a directory named after themselves at the location given.
-
-;doclet_path = ./doclets
-
-; Select the formatter to use for generating output.
-
-;formatter = htmlStandardFormatter
-
-; The directory to find the formatter in. Formatters convert textual markup
-; for use by the doclet.
-
-;formatter_path = ./formatters
-
-; The directory to find taglets in. Taglets allow you to make PHPDoctor handle
-; new tags and to alter the behavour of existing tags and their output.
-
-;taglet_path = ./taglets
-
-; If the code you are parsing does not use package tags or not all elements
-; have package tags, use this setting to place unbound elements into a
-; particular package.
-
-default_package = "phpBB"
-
-use_class_path_as_package = off
-
-ignore_package_tags = off
-
-; Specifies the name of a HTML file containing text for the overview
-; documentation to be placed on the overview page. The path is relative to
-; "source_path" unless an absolute path is given.
-
-overview = ../README.md
-
-; Package comments will be looked for in a file named package.html in the same
-; directory as the first source file parsed in that package or in the directory
-; given below. If package comments are placed in the directory given below then
-; they should be named "<packageName>.html".
-
-package_comment_dir = ./
-
-; Parse out global variables and/or global constants?
-
-;globals = off
-;constants = off
-
-; Generate documentation for all class members
-
-;private = on
-
-; Generate documentation for public and protected class members
-
-;protected = on
-
-; Generate documentation for only public class members
-
-;public = on
-
-; Use the PEAR compatible handling of the docblock first sentence
-
-;pear_compat = on
-
-; Standard doclet settings
-; -----------------------------------------------------------------------------
-
-; The directory to place generated documentation in. If the given path is
-; relative to it will be relative to "source_path".
-
-d = "../build/api/"
-
-; Specifies the title to be placed in the HTML <title> tag.
-
-windowtitle = "phpBB3"
-
-; Specifies the title to be placed near the top of the overview summary file.
-
-doctitle = "phpBB3 Sourcecode Documentation"
-
-; Specifies the header text to be placed at the top of each output file. The
-; header will be placed to the right of the upper navigation bar. 
-
-header = "phpBB3"
-
-; Specifies the footer text to be placed at the bottom of each output file. The
-; footer will be placed to the right of the lower navigation bar.
-
-footer = "phpBB3"
-
-; Specifies the text to be placed at the bottom of each output file. The text
-; will be placed at the bottom of the page, below the lower navigation bar.
-
-;bottom = "This document was generated by <a href="http://peej.github.com/phpdoctor/">PHPDoctor: The PHP Documentation Creator</a>"
-
-; Create a class tree?
-
-;tree = off
-
-; Use GeSHi to include formatted source files in the documentation. PHPDoctor will look in the current doclet directory for a /geshi subdirectory. Unpack the GeSHi archive from http://qbnz.com/highlighter to get this directory - it will contain a php script and a subdirectory with formatting files.
-
-include_source = off
-

build/sami-all.conf.php

@@ -0,0 +1,30 @@
+<?php
+/**
+*
+* This file is part of the phpBB Forum Software package.
+*
+* @copyright (c) phpBB Limited <https://www.phpbb.com>
+* @license GNU General Public License, version 2 (GPL-2.0)
+*
+* For full copyright and license information, please see
+* the docs/CREDITS.txt file.
+*
+*/
+
+require __DIR__ . '/sami-checkout.conf.php';
+
+$config['versions'] = Sami\Version\GitVersionCollection::create(__DIR__ . '/../')
+	/*
+	This would be nice, but currently causes various problems that need
+	debugging.
+	->addFromTags('release-3.0.*')
+	->add('develop-olympus', '3.0-next (olympus)')
+	->addFromTags('release-3.1.*')
+	->add('develop-ascraeus', '3.1-next (ascraeus)')
+	->add('develop')
+	*/
+	->add('develop-olympus')
+	->add('develop-ascraeus')
+;
+
+return new Sami\Sami($iterator, $config);

build/sami-checkout.conf.php

@@ -0,0 +1,44 @@
+<?php
+/**
+*
+* This file is part of the phpBB Forum Software package.
+*
+* @copyright (c) phpBB Limited <https://www.phpbb.com>
+* @license GNU General Public License, version 2 (GPL-2.0)
+*
+* For full copyright and license information, please see
+* the docs/CREDITS.txt file.
+*
+*/
+
+// Prevent 'Class "acm" does not exist.' exception on removeClass().
+class PhpbbArrayStore extends Sami\Store\ArrayStore
+{
+	public function removeClass(Sami\Project $project, $name)
+	{
+		unset($this->classes[$name]);
+	}
+}
+
+$iterator = Symfony\Component\Finder\Finder::create()
+	->files()
+	->name('*.php')
+	->in(__DIR__ . '/../phpBB/')
+	->notPath('#^cache/#')
+	->notPath('#^develop/#')
+	->notPath('#^ext/#')
+	->notPath('#^vendor/#')
+	->notPath('data')
+;
+
+$config = array(
+	'theme'                => 'enhanced',
+	'title'                => 'phpBB API Documentation',
+	'build_dir'            => __DIR__.'/api/output/%version%',
+	'cache_dir'            => __DIR__.'/api/cache/%version%',
+	'default_opened_level' => 2,
+	// Do not use JsonStore. See https://github.com/fabpot/Sami/issues/79
+	'store'                => new PhpbbArrayStore,
+);
+
+return new Sami\Sami($iterator, $config);

git-tools/commit-msg-hook-range.sh

@@ -0,0 +1,51 @@
+#!/bin/bash
+#
+# @copyright (c) 2014 phpBB Group
+# @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2
+#
+# Calls the git commit-msg hook on all non-merge commits in a given commit range.
+#
+
+if [ "$#" -ne 1 ];
+then
+	echo "Expected one argument (commit range, e.g. phpbb/develop..ticket/12345)."
+	exit
+fi
+
+DIR=$(dirname "$0")
+COMMIT_RANGE="$1"
+COMMIT_MSG_HOOK_PATH="$DIR/hooks/commit-msg"
+COMMIT_MSG_HOOK_FATAL=$(git config --bool phpbb.hooks.commit-msg.fatal 2> /dev/null)
+git config phpbb.hooks.commit-msg.fatal true
+
+EXIT_STATUS=0
+for COMMIT_HASH in $(git rev-list --no-merges "$COMMIT_RANGE")
+do
+	echo "Inspecting commit message of commit $COMMIT_HASH"
+
+	# The git commit-msg hook takes a path to a file containing a commit
+	# message. So we have to extract the commit message into a file first,
+	# which then also needs to be deleted after our work is done.
+	COMMIT_MESSAGE_PATH="$DIR/commit_msg.$COMMIT_HASH"
+	git log -n 1 --pretty=format:%B "$COMMIT_HASH" > "$COMMIT_MESSAGE_PATH"
+
+	# Invoke hook on commit message file.
+	"$COMMIT_MSG_HOOK_PATH" "$COMMIT_MESSAGE_PATH"
+
+	# If any commit message hook complains with a non-zero exit status, we
+	# will send a non-zero exit status upstream.
+	if [ $? -ne 0 ]
+	then
+		EXIT_STATUS=1
+	fi
+
+	rm "$COMMIT_MESSAGE_PATH"
+done
+
+# Restore phpbb.hooks.commit-msg.fatal config
+if [ -n "$COMMIT_MSG_HOOK_FATAL" ]
+then
+	git config phpbb.hooks.commit-msg.fatal "$COMMIT_MSG_HOOK_FATAL"
+fi
+
+exit $EXIT_STATUS

git-tools/hooks/commit-msg

@@ -191,12 +191,12 @@ do
 				err=$ERR_HEADER;
 				echo "$line" | grep -Eq "^\[(ticket/[0-9]+|feature/$branch_regex|task/$branch_regex)\] .+$"
 				result=$?
-				if ! echo "$line" | grep -Eq "^\[(ticket/[0-9]+|feature/$branch_regex|task/$branch_regex)\] [A-Z].+$"
+				if ! echo "$line" | grep -Eq "^\[(ticket/[0-9]+|feature/$branch_regex|task/$branch_regex)\] [a-zA-Z].+$"
 				then
 					# Don't be too strict.
 					# Commits may be temporary, intended to be squashed later.
 					# Just issue a warning here.
-					complain "$severity: heading should be a sentence beginning with a capital letter." 1>&2
+					complain "$severity: heading should be a sentence beginning with a letter." 1>&2
 					complain "You entered:" 1>&2
 					complain "$line" 1>&2
 				fi

phpBB/.htaccess

@@ -8,12 +8,50 @@
 #RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]
 #</IfModule>
 
-<Files "config.php">
-Order Allow,Deny
-Deny from All
-</Files>
-
-<Files "common.php">
-Order Allow,Deny
-Deny from All
-</Files>
+# With Apache 2.4 the "Order, Deny" syntax has been deprecated and moved from
+# module mod_authz_host to a new module called mod_access_compat (which may be
+# disabled) and a new "Require" syntax has been introduced to mod_authz_host.
+# We could just conditionally provide both versions, but unfortunately Apache
+# does not explicitly tell us its version if the module mod_version is not
+# available. In this case, we check for the availability of module
+# mod_authz_core (which should be on 2.4 or higher only) as a best guess.
+<IfModule mod_version.c>
+	<IfVersion < 2.4>
+		<Files "config.php">
+			Order Allow,Deny
+			Deny from All
+		</Files>
+		<Files "common.php">
+			Order Allow,Deny
+			Deny from All
+		</Files>
+	</IfVersion>
+	<IfVersion >= 2.4>
+		<Files "config.php">
+			Require all denied
+		</Files>
+		<Files "common.php">
+			Require all denied
+		</Files>
+	</IfVersion>
+</IfModule>
+<IfModule !mod_version.c>
+	<IfModule !mod_authz_core.c>
+		<Files "config.php">
+			Order Allow,Deny
+			Deny from All
+		</Files>
+		<Files "common.php">
+			Order Allow,Deny
+			Deny from All
+		</Files>
+	</IfModule>
+	<IfModule mod_authz_core.c>
+		<Files "config.php">
+			Require all denied
+		</Files>
+		<Files "common.php">
+			Require all denied
+		</Files>
+	</IfModule>
+</IfModule>

phpBB/adm/style/acp_inactive.html

@@ -53,7 +53,7 @@
 </table>
 
 <fieldset class="display-options">
-	{L_DISPLAY_LOG}: &nbsp;{S_LIMIT_DAYS}&nbsp;{L_SORT_BY}: {S_SORT_KEY} {S_SORT_DIR}<!-- IF PAGINATION -->&nbsp;Users per page: <input class="inputbox autowidth" type="text" name="users_per_page" id="users_per_page" size="3" value="{USERS_PER_PAGE}" /><!-- ENDIF -->
+	{L_DISPLAY_LOG}: &nbsp;{S_LIMIT_DAYS}&nbsp;{L_SORT_BY}: {S_SORT_KEY} {S_SORT_DIR}<!-- IF PAGINATION -->&nbsp;{L_USERS_PER_PAGE}: <input class="inputbox autowidth" type="text" name="users_per_page" id="users_per_page" size="3" value="{USERS_PER_PAGE}" /><!-- ENDIF -->
 	<input class="button2" type="submit" value="{L_GO}" name="sort" />
 </fieldset>
 

phpBB/adm/style/acp_users_overview.html

@@ -30,7 +30,7 @@
 </dl>
 <dl>
 	<dt><label>{L_POSTS}:</label></dt>
-	<dd><strong>{USER_POSTS}</strong><!-- IF POSTS_IN_QUEUE and U_MCP_QUEUE --> (<a href="{U_MCP_QUEUE}">{L_POSTS_IN_QUEUE}</a>)<!-- ELSEIF POSTS_IN_QUEUE --> ({L_POSTS_IN_QUEUE})<!-- ENDIF --></dd>
+	<dd><strong><!-- IF USER_HAS_POSTS and U_SEARCH_USER --><a href="{U_SEARCH_USER}">{USER_POSTS}</a><!-- ELSE -->{USER_POSTS}<!-- ENDIF --></strong><!-- IF POSTS_IN_QUEUE and U_MCP_QUEUE --> (<a href="{U_MCP_QUEUE}">{L_POSTS_IN_QUEUE}</a>)<!-- ELSEIF POSTS_IN_QUEUE --> ({L_POSTS_IN_QUEUE})<!-- ENDIF --></dd>
 </dl>
 <dl>
 	<dt><label>{L_WARNINGS}:</label></dt>

phpBB/adm/style/admin.css

@@ -731,6 +731,10 @@ optgroup, select {
 	color: #000;
 }
 
+select:focus {
+	outline-style: none;
+}
+
 optgroup {
 	font-size: 1.00em;
 	font-weight: bold;
@@ -976,6 +980,7 @@ input:focus, textarea:focus {
 	border: 1px solid #BC2A4D;
 	background-color: #E9E9E2;
 	color: #BC2A4D;
+	outline-style: none;
 }
 
 /* Submit button fieldset or paragraph
@@ -1070,6 +1075,11 @@ input.disabled {
 	color: #666666;
 }
 
+/* Focus states */
+input.button1:focus, input.button2:focus, input.button3:focus {
+	outline-style: none;
+}
+
 /* Pagination
 ---------------------------------------- */
 .pagination {

phpBB/adm/style/editor.js

@@ -292,7 +292,7 @@ function mozWrap(txtarea, open, close)
 */
 function storeCaret(textEl)
 {
-	if (textEl.createTextRange)
+	if (textEl.createTextRange && document.selection)
 	{
 		textEl.caretPos = document.selection.createRange().duplicate();
 	}

phpBB/composer.json

@@ -1,8 +1,9 @@
 {
 	"require-dev": {
-		"fabpot/goutte": "v0.1.0",
-		"phpunit/dbunit": "1.2.*",
-		"phpunit/phpunit": "3.7.*",
-		"phing/phing": "2.4.*"
+		"fabpot/goutte": "1.0.*",
+		"phpunit/dbunit": "1.3.*",
+		"phpunit/phpunit": "4.1.*",
+		"phing/phing": "2.4.*",
+		"sami/sami": "1.*"
 	}
 }

phpBB/develop/create_schema_files.php

@@ -237,6 +237,19 @@ $supported_dbms = array('firebird', 'mssql', 'mysql_40', 'mysql_41', 'oracle', '
 
 foreach ($supported_dbms as $dbms)
 {
+	$schema_data = get_schema_struct();
+	if ($dbms == 'mssql')
+	{
+		foreach ($schema_data as $table_name => $table_data)
+		{
+			if (!isset($table_data['PRIMARY_KEY']))
+			{
+				$schema_data[$table_name]['COLUMNS']['mssqlindex'] = array('UINT', NULL, 'auto_increment');
+				$schema_data[$table_name]['PRIMARY_KEY'] = 'mssqlindex';
+			}
+		}
+	}
+
 	$fp = fopen($schema_path . $dbms . '_schema.sql', 'wb');
 
 	$line = '';
@@ -552,7 +565,7 @@ foreach ($supported_dbms as $dbms)
 
 			case 'mssql':
 				$line = substr($line, 0, -2);
-				$line .= "\n) ON [PRIMARY]" . (($textimage) ? ' TEXTIMAGE_ON [PRIMARY]' : '') . "\n";
+				$line .= "\n)";// ON [PRIMARY]" . (($textimage) ? ' TEXTIMAGE_ON [PRIMARY]' : '') . "\n";
 				$line .= "GO\n\n";
 			break;
 		}
@@ -589,7 +602,7 @@ foreach ($supported_dbms as $dbms)
 					$line .= "\tCONSTRAINT [PK_{$table_name}] PRIMARY KEY  CLUSTERED \n";
 					$line .= "\t(\n";
 					$line .= "\t\t[" . implode("],\n\t\t[", $table_data['PRIMARY_KEY']) . "]\n";
-					$line .= "\t)  ON [PRIMARY] \n";
+					$line .= "\t)\n";
 					$line .= "GO\n\n";
 				break;
 
@@ -684,7 +697,7 @@ foreach ($supported_dbms as $dbms)
 					case 'mssql':
 						$line .= ($key_data[0] == 'INDEX') ? 'CREATE  INDEX' : '';
 						$line .= ($key_data[0] == 'UNIQUE') ? 'CREATE  UNIQUE  INDEX' : '';
-						$line .= " [{$key_name}] ON [{$table_name}]([" . implode('], [', $key_data[1]) . "]) ON [PRIMARY]\n";
+						$line .= " [{$key_name}] ON [{$table_name}]([" . implode('], [', $key_data[1]) . "])\n";
 						$line .= "GO\n\n";
 					break;
 

phpBB/develop/strip_icc_profiles.sh

@@ -0,0 +1,26 @@
+#!/bin/sh
+#
+# @copyright (c) 2014 phpBB Group
+# @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2
+#
+
+if [ "$#" -ne 1 ]
+then
+	SCRIPT=$(basename "$0")
+	echo "Description: Finds and strips ICC Profiles from given image file." >&2
+	echo "Usage: $SCRIPT /path/to/image/file" >&2
+	echo "Exit Status: 0 if no ICC profiles have been stripped, otherwise 1." >&2
+	echo "Requires: exiftool" >&2
+	exit 1
+fi
+
+FILE=$1
+HASH_OLD=$(md5sum "$FILE")
+exiftool -icc_profile"-<=" -overwrite_original_in_place "$FILE" > /dev/null 2>&1
+HASH_NEW=$(md5sum "$FILE")
+
+if [ "$HASH_OLD" != "$HASH_NEW" ]
+then
+	echo "Stripped ICC Profile from $FILE."
+	exit 1
+fi

phpBB/docs/AUTHORS

@@ -23,10 +23,11 @@ involved in phpBB.
 phpBB Lead Developer:  naderman (Nils Adermann)
 
 phpBB Developers:      bantu (Andreas Fischer)
-                       EXreaction (Nathan Guse)
                        dhruv.goel92 (Dhruv Goel)
-                       imkingdavid (David King)
+                       marc1706 (Marc Alexander)
                        nickvergessen (Joas Schilling)
+                       nicofuma (Tristan Darricau)
+                       prototech (Cesar Gallegos)
 
 Contributions by:      leviatan21 (Gabriel Vazquez)
                        Raimon (Raimon Meuldijk)
@@ -50,9 +51,11 @@ phpBB Developers:      A_Jelly_Doughnut (Josh Woody) [01/2010 - 11/2010]
                        ckwalsh (Cullen Walsh)        [01/2010 - 07/2011]
                        DavidMJ (David M.)            [12/2005 - 08/2009]
                        dhn (Dominik Dröscher)        [05/2007 - 01/2011]
+                       EXreaction (Nathan Guse)      [07/2012 - 05/2014]
                        GrahamJE (Graham Eames)       [09/2005 - 11/2006]
-                       kellanved (Henry Sudhof)      [04/2007 - 03/2011]
                        igorw (Igor Wiedler)          [08/2010 - 02/2013]
+                       imkingdavid (David King)      [11/2012 - 06/2014]
+                       kellanved (Henry Sudhof)      [04/2007 - 03/2011]
                        Oleg (Oleg Pudeyev)           [01/2011 - 05/2013]
                        rxu (Ruslan Uzdenov)          [04/2010 - 12/2012]
                        TerraFrost (Jim Wigginton)    [04/2009 - 01/2011]

phpBB/docs/CHANGELOG.html

@@ -53,6 +53,7 @@
 <ol>
 	<li><a href="#changelog">Changelog</a>
 	<ol style="list-style-type: lower-roman;">
+		<li><a href="#v3012">Changes since 3.0.12</a></li>
 		<li><a href="#v3011">Changes since 3.0.11</a></li>
 		<li><a href="#v3010">Changes since 3.0.10</a></li>
 		<li><a href="#v309">Changes since 3.0.9</a></li>
@@ -93,7 +94,143 @@
 
 		<div class="content">
 
-	<a name="v3011"></a><h3>1.i. Changes since 3.0.11</h3>
+	<a name="v3012"></a><h3>1.i. Changes since 3.0.12</h3>
+
+<h4>Security</h4>
+<ul>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13531">PHPBB3-13531</a>] - Disallow trailing paths (e.g. using the PATH_INFO feature) to prevent path-relative CSS injection</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13526">PHPBB3-13526</a>] - Correctly validate ucp_pm_options form key</li>
+</ul>
+<h4>Bug</h4>
+<ul>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-6703">PHPBB3-6703</a>] - Problem with russian letter while converting from 2.0.x</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-8960">PHPBB3-8960</a>] - Allow changing allow_avatar_remote when images/avatars/upload is not writable</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-9420">PHPBB3-9420</a>] - BBCode - Unable to use a proper URI token</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-9724">PHPBB3-9724</a>] - Wrong return &quot;Return to ACP&quot;</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-9725">PHPBB3-9725</a>] - MSSQL Schema is not azure compatible</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10023">PHPBB3-10023</a>] - Password change requirement notification in UCP is not noticable</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10423">PHPBB3-10423</a>] - Searching for the term &quot;test *&quot; will highlight nearly every word and displays htmlspecialchars as htmlentities.</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10442">PHPBB3-10442</a>] - XHTML is invalid when a forum link without redirect counter is present</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10687">PHPBB3-10687</a>] - UNABLE_GET_IMAGE_SIZE text misleading for remote avatars</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10729">PHPBB3-10729</a>] - Post editor information is not updated when user being deleted with posts</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10776">PHPBB3-10776</a>] - Grammar errors in docs/README.html</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10796">PHPBB3-10796</a>] - SQL Azure does not allow SELECT FROM sysfiles</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10851">PHPBB3-10851</a>] - HTML files containing certain tags being rejected as possible attack vectors with &quot;Check attachment file&quot; set to &quot;No&quot;</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10863">PHPBB3-10863</a>] - Permission mask does not accurately show some forum permissions if user has MOD parmissions</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10917">PHPBB3-10917</a>] - Updater notice &quot;Update files are out of date...&quot; when updating to unreleased version</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10985">PHPBB3-10985</a>] - Error bbcode.html not found when updating with custom style inheriting from prosilver</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11062">PHPBB3-11062</a>] - In Automatic Update, new language strings from install.php are only loaded from English</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11224">PHPBB3-11224</a>] - SQL cache destroy does not destroy queries to tables joined</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11288">PHPBB3-11288</a>] - &quot;Fulltext native&quot; search fooled by hyphens</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11480">PHPBB3-11480</a>] - Prevent Private Message system from returning &quot;Unknown folder&quot; when inbox folder is full</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11613">PHPBB3-11613</a>] - Cookies do not work for netbios domain</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11686">PHPBB3-11686</a>] - Not checking for phpBB Debug errors on functional tests</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11699">PHPBB3-11699</a>] - PHP Lint Test should exclude selected subdirectories of the build directory.</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11726">PHPBB3-11726</a>] - Don't run lint tests on Travis on postgres</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11762">PHPBB3-11762</a>] - generate_text_for_display() treats &quot;0&quot; as an empty string</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11789">PHPBB3-11789</a>] - Inline css with color value in subsilver2</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11794">PHPBB3-11794</a>] - Coding Guidelines document says to place a comma after every array element, but fails to do so itself</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11799">PHPBB3-11799</a>] - Anti Abuse Headers missing for sendpassword</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11811">PHPBB3-11811</a>] - Chrome 30 adds outline to focused elements</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11821">PHPBB3-11821</a>] - Wrong comma usage &quot;You are receiving this notification&quot;</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11823">PHPBB3-11823</a>] - Travis-CI webserver not matching PHP files with anything after the .php</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11829">PHPBB3-11829</a>] - Closed reports may seem open in detailed view</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11860">PHPBB3-11860</a>] - .htaccess not working for Apache 2.4</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11864">PHPBB3-11864</a>] - Do not call exit after display_progress_bar in acp_forums</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11879">PHPBB3-11879</a>] - Compatibility error in forum_fn.js: .live should be replaced with .on</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11968">PHPBB3-11968</a>] - Travis Image are broken due to repository rename</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12037">PHPBB3-12037</a>] - acp_inactive.html has hard-coded text</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12048">PHPBB3-12048</a>] - Custom BBCodes Fail to Render Language Strings with a Number</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12061">PHPBB3-12061</a>] - Keyboard shortcut alt+h doesn't work properly in firefox</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12072">PHPBB3-12072</a>] - Missing word &quot;send&quot; in comment in schema_data.sql</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12093">PHPBB3-12093</a>] - IE 11 javascript selection is no longer supported</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12118">PHPBB3-12118</a>] - Add noindex meta tag to subsilver2 pm/topic view-print template</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12119">PHPBB3-12119</a>] - Remove keywords and description meta tags from prosilver view-print templates</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12120">PHPBB3-12120</a>] - Update docs/AUTHORS for 3.0.13-RC1</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12140">PHPBB3-12140</a>] - Avoid endless loop in build script</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12161">PHPBB3-12161</a>] - build/save directories are no longer created</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12162">PHPBB3-12162</a>] - Binary files missing from update packages</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12176">PHPBB3-12176</a>] - No error shown when attempting to delete a founder</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12186">PHPBB3-12186</a>] - MCP should open &quot;Reported posts&quot; instead of PM Reports</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12188">PHPBB3-12188</a>] - Add php 5.6 to travis tests</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12202">PHPBB3-12202</a>] - Variables read from style.cfg etc. should be htmlspecialchared</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12205">PHPBB3-12205</a>] - Custom Profile Field display bug</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12210">PHPBB3-12210</a>] - dbtools::sql_create_table incorrectly throws error related to auto-increment length on non auto-increment fields</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12310">PHPBB3-12310</a>] - SMTP username and password should not autocomplete during install</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12316">PHPBB3-12316</a>] - develop-ascraeus build status missing from &quot;Automated Testing&quot; section in README.md</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12353">PHPBB3-12353</a>] - User attachments in ACP are not displaying every attachment</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12359">PHPBB3-12359</a>] - Day and Month of Birthday Misaligned When Editing</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12381">PHPBB3-12381</a>] - Broken error message when selecting invalid DB driver</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12397">PHPBB3-12397</a>] - db_tools::sql_unique_index_exists() has wrong doc block</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12429">PHPBB3-12429</a>] - Update phpunit to 3.8+</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12467">PHPBB3-12467</a>] - Add config_*.php  and tests_config_*.php to .gitignore</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12472">PHPBB3-12472</a>] - Set fast finish for .travis.yml</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12485">PHPBB3-12485</a>] - Broken tests due to absolute exclude</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12492">PHPBB3-12492</a>] - DB_TEST: Special chars are not supported.</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12540">PHPBB3-12540</a>] - WRONG_FILESIZE contains broken placeholders</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12660">PHPBB3-12660</a>] - Undefined offset error when phpinfo() disabled and debug enabled</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12695">PHPBB3-12695</a>] - Undefined index: MISSING_INLINE_ATTACHMENT notice given when viewing post details</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12720">PHPBB3-12720</a>] - Git commit hook should not require commit message to start with a capital letter</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12741">PHPBB3-12741</a>] - Functional tests on Travis fail since php update last night</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12755">PHPBB3-12755</a>] - Remote upload stuck in infinite loop if server sends keep-alive</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13086">PHPBB3-13086</a>] - Update ACP_MASS_EMAIL_EXPLAIN language key</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13096">PHPBB3-13096</a>] - ldap_escape() added to PHP 5.6.0</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13138">PHPBB3-13138</a>] - Banned users cause infinite recursion</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13168">PHPBB3-13168</a>] - Warning displayed in PHP 5.6 for mbstring.http_input</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13234">PHPBB3-13234</a>] - Remember me cookie gets unset by admin reauthentication</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13341">PHPBB3-13341</a>] - Tests fail when generating coverage report</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13376">PHPBB3-13376</a>] - deregister_globals() does not work correctly when $_COOKIE['GLOBALS'] - is specified</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13519">PHPBB3-13519</a>] - Correctly validate imagick path as path and not string</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13523">PHPBB3-13523</a>] - PHP 5.2 Unit Tests no longer work due to deprecated PHPUnit PEAR channel</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13527">PHPBB3-13527</a>] - Escape information received from version server</li>
+</ul>
+<h4>Improvement</h4>
+<ul>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10037">PHPBB3-10037</a>] - Add Smiley Buttons in Signature Editor</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10174">PHPBB3-10174</a>] - Rename &quot;Ban usernames&quot; to &quot;Ban users&quot; in ACP</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10549">PHPBB3-10549</a>] - Languages variables should be used, not hardcoded</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10555">PHPBB3-10555</a>] - Copyright notice in overall_header.html is not translatable</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10945">PHPBB3-10945</a>] - Show entered search query in the search box when no results are found.</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11254">PHPBB3-11254</a>] - Check CRLF line endings in the test suite</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11295">PHPBB3-11295</a>] - Drop tables for postgres in the test suite</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11297">PHPBB3-11297</a>] - Running tests doc should mention dbunit dependency</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11704">PHPBB3-11704</a>] - phing build script does not include vendor folder, even if there are dependencies</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11766">PHPBB3-11766</a>] - Remove Quote and Edit button when topic is lock</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11801">PHPBB3-11801</a>] - missing semi colons in css</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11814">PHPBB3-11814</a>] - Topic reply notification email text change</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12035">PHPBB3-12035</a>] - Add a link to user's posts in the ACP user overview page</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12106">PHPBB3-12106</a>] - Document exceptions to &quot;Disable Board&quot; in ACP.</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12146">PHPBB3-12146</a>] - Add color demo when editing a group from the UCP</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12247">PHPBB3-12247</a>] - include poster's username in email notifications of posts that get approved by moderators</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12259">PHPBB3-12259</a>] - Too many redundant tests are run on Travis</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12468">PHPBB3-12468</a>] - Allow mbstring.http_input='' besides 'pass' for PHP 5.6 compatibility</li>
+</ul>
+<h4>Task</h4>
+<ul>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10839">PHPBB3-10839</a>] - Remove phpunit.xml.functional and always include functional tests</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11509">PHPBB3-11509</a>] - Travis should check commit message format</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11876">PHPBB3-11876</a>] - Upgrade package checksums from MD5 to SHA256</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11877">PHPBB3-11877</a>] - Create package download links and checksums for announcement via script</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11920">PHPBB3-11920</a>] - Add MariaDB tests to Travis-CI</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11951">PHPBB3-11951</a>] - Add MariaDB to supported RDBMS list</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11970">PHPBB3-11970</a>] - Use 'set -x' in Travis CI setup scripts</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12046">PHPBB3-12046</a>] - Use PHP_BINARY environment variable in lint unit test</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12056">PHPBB3-12056</a>] - Make sure each unit test runs on its own</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12147">PHPBB3-12147</a>] - Remove Travis CI notification configuration</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12302">PHPBB3-12302</a>] - Upgrade composer.phar to 1.0.0-alpha8</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12318">PHPBB3-12318</a>] - Correctly setup HHVM functional tests on Travis CI</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12319">PHPBB3-12319</a>] - Backport Travis CI HHVM environment enabling to develop-olympus.</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12320">PHPBB3-12320</a>] - No longer allow Travis CI HHVM environment to fail</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12341">PHPBB3-12341</a>] - Add tests for get_username_string()</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12384">PHPBB3-12384</a>] - Run Travis CI HHVM tests against MySQLi instead of MySQL</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12417">PHPBB3-12417</a>] - hhvm-nightly 2014.04.16~precise breaks tests</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12495">PHPBB3-12495</a>] - Add Sami to composer dependencies and build script</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12582">PHPBB3-12582</a>] - Strip away copyrighted ICC profile from images</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12917">PHPBB3-12917</a>] - Move commit check and file executable checks to 5.3.3 build on travis</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13324">PHPBB3-13324</a>] - Composer no longer downloads sami/sami and fabpot/goutte</li>
+</ul>
+
+	<a name="v3011"></a><h3>1.ii. Changes since 3.0.11</h3>
 
 <h4>Bug</h4>
 <ul>
@@ -152,7 +289,6 @@
 <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11265">PHPBB3-11265</a>] - Functional tests do not assert that board installation succeeded</li>
 <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11269">PHPBB3-11269</a>] - Travis functional test case errors</li>
 <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11278">PHPBB3-11278</a>] - Firebird tables are not removed correctly on 3.0.9-rc1 update</li>
-<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11288">PHPBB3-11288</a>] - Search fooled by hyphens</li>
 <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11291">PHPBB3-11291</a>] - &quot;Could not open input file: ../composer.phar&quot; error during phing's create-package</li>
 <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11292">PHPBB3-11292</a>] - Newlines removed in display of PM reports, no clickable links in PM reports</li>
 <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11301">PHPBB3-11301</a>] - &quot;String offset cast occured&quot; error on PHP 5.4</li>
@@ -192,6 +328,9 @@
 <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11674">PHPBB3-11674</a>] - Do not include vendor folder if there are no dependencies.</li>
 <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11524">PHPBB3-11524</a>] - MySQL Upgrader throws warnings on PHP 5.4</li>
 <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11720">PHPBB3-11720</a>] - Reporting posts leads to white page error</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11769">PHPBB3-11769</a>] - Wrong poster in subscription email when poster is using the Quote button</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11775">PHPBB3-11775</a>] - Error while moving posts to a new topic</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11802">PHPBB3-11802</a>] - Undefined variable $browser in /download/file.php</li>
 </ul>
 <h4>Improvement</h4>
 <ul>
@@ -216,6 +355,7 @@
 <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11368">PHPBB3-11368</a>] - Latest pm reports row count</li>
 <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11583">PHPBB3-11583</a>] - InnoDB supports FULLTEXT index since MySQL 5.6.4.</li>
 <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11740">PHPBB3-11740</a>] - Update link in FAQ to Ideas Centre</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11873">PHPBB3-11873</a>] - Prevent expensive hash computation in phpbb_check_hash() by rejecting very long passwords</li>
 </ul>
 <h4>Sub-task</h4>
 <ul>
@@ -245,7 +385,7 @@
 <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11753">PHPBB3-11753</a>] - Upgrade mysql_upgrader.php schema data.</li>
 </ul>
 
-	<a name="v3010"></a><h3>1.ii. Changes since 3.0.10</h3>
+	<a name="v3010"></a><h3>1.iii. Changes since 3.0.10</h3>
 
 <h4>Bug</h4>
 <ul>
@@ -370,7 +510,7 @@
 <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10909">PHPBB3-10909</a>] - Update Travis Test Configuration: Travis no longer supports PHP 5.3.2</li>
 </ul>
 
-	<a name="v309"></a><h3>1.iii. Changes since 3.0.9</h3>
+	<a name="v309"></a><h3>1.iv. Changes since 3.0.9</h3>
 
 <h4>Bug</h4>
 <ul>
@@ -506,7 +646,7 @@
 <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10480">PHPBB3-10480</a>] - Automate changelog building</li>
 </ul>
 
-	<a name="v308"></a><h3>1.iv. Changes since 3.0.8</h3>
+	<a name="v308"></a><h3>1.v. Changes since 3.0.8</h3>
 
 <h4>        Bug
 </h4>
@@ -571,7 +711,7 @@
 </li>
 <li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9924'>PHPBB3-9924</a>] -         $template-&gt;display hook does not pass $template instance
 </li>
-<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9925'>PHPBB3-9925</a>] -         prosilver logo margin bug in IE 6-7-8 
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9925'>PHPBB3-9925</a>] -         prosilver logo margin bug in IE 6-7-8
 </li>
 <li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9928'>PHPBB3-9928</a>] -         Do not link &quot;login to your board&quot; to the &quot;send statistics&quot; page after completed update.
 </li>
@@ -579,7 +719,7 @@
 </li>
 <li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9932'>PHPBB3-9932</a>] -         The Bing bot is not added when converting.
 </li>
-<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9933'>PHPBB3-9933</a>] -         Wrong handling of consecutive multiple asterisks in word censor 
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9933'>PHPBB3-9933</a>] -         Wrong handling of consecutive multiple asterisks in word censor
 </li>
 <li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9934'>PHPBB3-9934</a>] -         Mass Mail missing under the system tab on a fresh install
 </li>
@@ -591,7 +731,7 @@
 </li>
 <li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9948'>PHPBB3-9948</a>] -         Inline quicktime files won&#39;t display
 </li>
-<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9949'>PHPBB3-9949</a>] -         $user-&gt;lang() is not handling arguments as per documentation 
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9949'>PHPBB3-9949</a>] -         $user-&gt;lang() is not handling arguments as per documentation
 </li>
 <li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9950'>PHPBB3-9950</a>] -         Problem with localized button images after uprading from 3.0.7-PL1 to 3.0.8
 </li>
@@ -754,7 +894,7 @@
 <li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10250'>PHPBB3-10250</a>] -         phpBB Logo needs the Registered Trademark Symbol
 </li>
 </ul>
-    
+
 <h4>        Improvement
 </h4>
 <ul>
@@ -811,7 +951,7 @@
 <li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10186'>PHPBB3-10186</a>] -         UCP signature panel displays when not authed for signatures
 </li>
 </ul>
-    
+
 <h4>        New Feature
 </h4>
 <ul>
@@ -822,7 +962,7 @@
 <li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10110'>PHPBB3-10110</a>] -         Redis caching module
 </li>
 </ul>
-    
+
 <h4>        Task
 </h4>
 <ul>
@@ -861,7 +1001,7 @@
 <li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10107'>PHPBB3-10107</a>] -         Improve docs for non-apache webserver configuration
 </li>
 </ul>
-    
+
 <h4>        Sub-task
 </h4>
 <ul>
@@ -874,7 +1014,7 @@
 </ul>
 
 
-	<a name="v307-PL1"></a><h3>1.v. Changes since 3.0.7-PL1</h3>
+	<a name="v307-PL1"></a><h3>1.vi. Changes since 3.0.7-PL1</h3>
 <h4>        Security
 </h4>
 <ul>
@@ -1332,13 +1472,13 @@
 </ul>
 
 
-	<a name="v307"></a><h3>1.vi. Changes since 3.0.7</h3>
+	<a name="v307"></a><h3>1.vii. Changes since 3.0.7</h3>
 
 	<ul>
 		<li>[Sec] Do not expose forum content of forums with ACL entries but no actual permission in ATOM Feeds. (Bug #58595)</li>
 	</ul>
 
-	<a name="v306"></a><h3>1.vii. Changes since 3.0.6</h3>
+	<a name="v306"></a><h3>1.viii. Changes since 3.0.6</h3>
 
 	<ul>
 		<li>[Fix] Allow ban reason and length to be selected and copied in ACP and subsilver2 MCP. (Bug #51095)</li>
@@ -1442,7 +1582,7 @@
 
 	</ul>
 
-	<a name="v305"></a><h3>1.viii. Changes since 3.0.5</h3>
+	<a name="v305"></a><h3>1.ix. Changes since 3.0.5</h3>
 
 	<ul>
 		<li>[Fix] Allow whitespaces in avatar gallery names. (Bug #44955)</li>
@@ -1664,7 +1804,7 @@
 		<li>[Feature] Send anonymous statistical information to phpBB on installation and update (optional).</li>
 	</ul>
 
-	<a name="v304"></a><h3>1.ix. Changes since 3.0.4</h3>
+	<a name="v304"></a><h3>1.x. Changes since 3.0.4</h3>
 
 	<ul>
 		<li>[Fix] Delete user entry from ban list table upon user deletion (Bug #40015 - Patch by TerraFrost)</li>
@@ -1753,7 +1893,7 @@
 		<li>[Sec] Only use forum id supplied for posting if global announcement detected. (Reported by nickvergessen)</li>
 	</ul>
 
-	<a name="v303"></a><h3>1.x. Changes since 3.0.3</h3>
+	<a name="v303"></a><h3>1.xi. Changes since 3.0.3</h3>
 
 	<ul>
 		<li>[Fix] Allow mixed-case template directories to be inherited (Bug #36725)</li>
@@ -1785,7 +1925,7 @@
 		<li>[Sec] Ask for forum password if post within passworded forum quoted in private message. (Reported by nickvergessen)</li>
 	</ul>
 
-	<a name="v302"></a><h3>1.xi. Changes since 3.0.2</h3>
+	<a name="v302"></a><h3>1.xii. Changes since 3.0.2</h3>
 
 	<ul>
 		<li>[Fix] Correctly set topic starter if first post in topic removed (Bug #30575 - Patch by blueray2048)</li>
@@ -1884,7 +2024,7 @@
 		<li>[Sec Precaution] Stricter validation of the HTTP_HOST header (Thanks to Techie-Micheal et al for pointing out possible issues in derived code)</li>
 	</ul>
 
-	<a name="v301"></a><h3>1.xii. Changes since 3.0.1</h3>
+	<a name="v301"></a><h3>1.xiii. Changes since 3.0.1</h3>
 
 	<ul>
 		<li>[Fix] Ability to set permissions on non-mysql dbms (Bug #24955)</li>
@@ -1932,7 +2072,7 @@
 		<li>[Sec] Only allow urls gone through redirect() being used within login_box(). (thanks nookieman)</li>
 	</ul>
 
-	<a name="v300"></a><h3>1.xiii Changes since 3.0.0</h3>
+	<a name="v300"></a><h3>1.xiv Changes since 3.0.0</h3>
 
 	<ul>
 		<li>[Change] Validate birthdays (Bug #15004)</li>
@@ -2003,7 +2143,7 @@
 		<li>[Fix] Find and display colliding usernames correctly when converting from one database to another (Bug #23925)</li>
 	</ul>
 
-	<a name="v30rc8"></a><h3>1.xiv. Changes since 3.0.RC8</h3>
+	<a name="v30rc8"></a><h3>1.xv. Changes since 3.0.RC8</h3>
 
 	<ul>
 		<li>[Fix] Cleaned usernames contain only single spaces, so &quot;a_name&quot; and &quot;a__name&quot; are treated as the same name (Bug #15634)</li>
@@ -2012,7 +2152,7 @@
 		<li>[Fix] Call garbage_collection() within database updater to correctly close connections (affects Oracle for example)</li>
 	</ul>
 
-	<a name="v30rc7"></a><h3>1.xv. Changes since 3.0.RC7</h3>
+	<a name="v30rc7"></a><h3>1.xvi. Changes since 3.0.RC7</h3>
 
 	<ul>
 		<li>[Fix] Fixed MSSQL related bug in the update system</li>
@@ -2047,7 +2187,7 @@
 		<li>[Fix] No duplication of active topics (Bug #15474)</li>
 	</ul>
 
-	<a name="v30rc6"></a><h3>1.xvi. Changes since 3.0.RC6</h3>
+	<a name="v30rc6"></a><h3>1.xvii. Changes since 3.0.RC6</h3>
 
 	<ul>
 		<li>[Fix] Submitting language changes using acp_language (Bug #14736)</li>
@@ -2057,7 +2197,7 @@
 		<li>[Fix] Able to request new password (Bug #14743)</li>
 	</ul>
 
-	<a name="v30rc5"></a><h3>1.xvii. Changes since 3.0.RC5</h3>
+	<a name="v30rc5"></a><h3>1.xviii. Changes since 3.0.RC5</h3>
 
 	<ul>
 		<li>[Feature] Removing constant PHPBB_EMBEDDED in favor of using an exit_handler(); the constant was meant to achive this more or less.</li>
@@ -2120,7 +2260,7 @@
 		<li>[Sec] New password hashing mechanism for storing passwords (#i42)</li>
 	</ul>
 
-	<a name="v30rc4"></a><h3>1.xviii. Changes since 3.0.RC4</h3>
+	<a name="v30rc4"></a><h3>1.xix. Changes since 3.0.RC4</h3>
 
 	<ul>
 		<li>[Fix] MySQL, PostgreSQL and SQLite related database fixes (Bug #13862)</li>
@@ -2171,7 +2311,7 @@
 		<li>[Fix] odbc_autocommit causing existing result sets to be dropped (Bug #14182)</li>
 	</ul>
 
-	<a name="v30rc3"></a><h3>1.xix. Changes since 3.0.RC3</h3>
+	<a name="v30rc3"></a><h3>1.xx. Changes since 3.0.RC3</h3>
 
 	<ul>
 		<li>[Fix] Fixing some subsilver2 and prosilver style issues</li>
@@ -2280,7 +2420,7 @@
 
 	</ul>
 
-	<a name="v30rc2"></a><h3>1.xx. Changes since 3.0.RC2</h3>
+	<a name="v30rc2"></a><h3>1.xxi. Changes since 3.0.RC2</h3>
 
 	<ul>
 		<li>[Fix] Re-allow searching within the memberlist</li>
@@ -2326,7 +2466,7 @@
 
 	</ul>
 
-	<a name="v30rc1"></a><h3>1.xxi. Changes since 3.0.RC1</h3>
+	<a name="v30rc1"></a><h3>1.xxii. Changes since 3.0.RC1</h3>
 
 	<ul>
 		<li>[Fix] (X)HTML issues within the templates (Bug #11255, #11255)</li>

phpBB/docs/INSTALL.html

@@ -139,6 +139,7 @@
 		<li>A SQL database system, <strong>one of</strong>:
 		<ul>
 			<li>MySQL 3.23 or above (MySQLi supported)</li>
+			<li>MariaDB 5.1 or above</li>
 			<li>PostgreSQL 7.3+</li>
 			<li>SQLite 2.8.2+ (SQLite 3 is not supported)</li>
 			<li>Firebird 2.1+</li>
@@ -275,7 +276,7 @@
 
 	<p>This package is meant for those wanting to only replace the files that were changed between a previous version and the latest version.</p>
 
-	<p>This package contains a number of archives, each contains the files changed from a given release to the latest version. You should select the appropriate archive for your current version, e.g. if you currently have <strong>3.0.11</strong> you should select the appropriate <code>phpBB-3.0.12-files.zip/tar.bz2</code> file.</p>
+	<p>This package contains a number of archives, each contains the files changed from a given release to the latest version. You should select the appropriate archive for your current version, e.g. if you currently have <strong>3.0.12</strong> you should select the appropriate <code>phpBB-3.0.13-files.zip/tar.bz2</code> file.</p>
 
 	<p>The directory structure has been preserved, enabling you (if you wish) to simply upload the uncompressed contents of the archive to the appropriate location on your server, i.e. simply overwrite the existing files with the new versions. Do not forget that if you have installed any modifications (MODs) these files will overwrite the originals, possibly destroying them in the process. You will need to re-add MODs to any affected file before uploading.</p>
 
@@ -287,7 +288,7 @@
 
 	<p>The patch file is one solution for those with many Modifications (MODs) or other changes and do not want to re-add them back to all the changed files. To use this you will need command line access to a standard UNIX type <strong>patch</strong> application. If you do not have access to such an application, but still want to use this update approach, we strongly recommend the <a href="#update_auto">Automatic update package</a> explained below. It is also the recommended update method.</p>
 
-	<p>A number of patch files are provided to allow you to update from previous stable releases. Select the correct patch, e.g. if your current version is <strong>3.0.11</strong>, you need the <code>phpBB-3.0.12-patch.zip/tar.bz2</code> file. Place the correct patch in the parent directory containing the phpBB core files (i.e. index.php, viewforum.php, etc.). With this done you should run the following command: <code>patch -cl -d [PHPBB DIRECTORY] -p1 &lt; [PATCH NAME]</code> (where PHPBB DIRECTORY is the directory name your phpBB Installation resides in, for example phpBB, and where PATCH NAME is the relevant filename of the selected patch file). This should complete quickly, hopefully without any HUNK FAILED comments.</p>
+	<p>A number of patch files are provided to allow you to update from previous stable releases. Select the correct patch, e.g. if your current version is <strong>3.0.12</strong>, you need the <code>phpBB-3.0.13-patch.zip/tar.bz2</code> file. Place the correct patch in the parent directory containing the phpBB core files (i.e. index.php, viewforum.php, etc.). With this done you should run the following command: <code>patch -cl -d [PHPBB DIRECTORY] -p1 &lt; [PATCH NAME]</code> (where PHPBB DIRECTORY is the directory name your phpBB Installation resides in, for example phpBB, and where PATCH NAME is the relevant filename of the selected patch file). This should complete quickly, hopefully without any HUNK FAILED comments.</p>
 
 	<p>If you do get failures, you should look at using the <a href="#update_files">Changed Files</a> package to replace the files which failed to patch. Please note that you will need to manually re-add any MODs to these particular files. Alternatively, if you know how, you can examine the .rej files to determine what failed where and make manual adjustments to the relevant source.</p>
 
@@ -297,7 +298,7 @@
 
 	<p>This update method is the recommended method for updating. This package detects changed files automatically and merges in changes if needed.</p>
 
-	<p>The automatic update package will update the board from a given version to the latest version. A number of automatic update files are available, and you should choose the one that corresponds to the version of the board that you are currently running. For example, if your current version is <strong>3.0.11</strong>, you need the <code>phpBB-3.0.11_to_3.0.12.zip/tar.bz2</code> file.</p>
+	<p>The automatic update package will update the board from a given version to the latest version. A number of automatic update files are available, and you should choose the one that corresponds to the version of the board that you are currently running. For example, if your current version is <strong>3.0.12</strong>, you need the <code>phpBB-3.0.12_to_3.0.13.zip/tar.bz2</code> file.</p>
 
 	<p>To perform the update, either follow the instructions from the <strong>Administration Control Panel-&gt;System</strong> Tab - this should point out that you are running an outdated version and will guide you through the update - or follow the instructions listed below.</p>
 

phpBB/docs/README.html

@@ -329,7 +329,7 @@
 
 	<p>Please remember that running any application on a development (unstable, e.g. a beta release) version of PHP can lead to strange/unexpected results which may appear to be bugs in the application. Therefore, we recommend you upgrade to the newest stable version of PHP before running phpBB3. If you are running a development version of PHP please check any bugs you find on a system running a stable release before submitting.</p>
 
-	<p>This board has been developed and tested under Linux and Windows (amongst others) running Apache using MySQL 3.23, 4.x, 5.x, MSSQL Server 2000, PostgreSQL 7.x, Oracle 8, SQLite 2 and Firebird. Versions of PHP used range from 4.3.3 to 5.4.x without problem. </p>
+	<p>This board has been developed and tested under Linux and Windows (amongst others) running Apache using MySQL 3.23, 4.x, 5.x, MariaDB 5.x, MSSQL Server 2000, PostgreSQL 7.x, Oracle 8, SQLite 2 and Firebird. Versions of PHP used range from 4.3.3 to 5.4.x without problem. </p>
 
 <a name="phpsec"></a><h3>7.i. Notice on PHP security issues</h3>
 

phpBB/docs/coding-guidelines.html

@@ -728,7 +728,7 @@ $sql = 'SELECT *
 $sql_ary = array(
 	'somedata'		=> $my_string,
 	'otherdata'		=> $an_int,
-	'moredata'		=> $another_int
+	'moredata'		=> $another_int,
 );
 
 $db->sql_query('INSERT INTO ' . SOME_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary));
@@ -740,7 +740,7 @@ $db->sql_query('INSERT INTO ' . SOME_TABLE . ' ' . $db->sql_build_array('I
 $sql_ary = array(
 	'somedata'		=> $my_string,
 	'otherdata'		=> $an_int,
-	'moredata'		=> $another_int
+	'moredata'		=> $another_int,
 );
 
 $sql = 'UPDATE ' . SOME_TABLE . '
@@ -833,20 +833,20 @@ $sql_array = array(
 
 	'FROM'		=> array(
 		FORUMS_WATCH_TABLE	=> 'fw',
-		FORUMS_TABLE		=> 'f'
+		FORUMS_TABLE		=> 'f',
 	),
 
 	'LEFT_JOIN'	=> array(
 		array(
 			'FROM'	=> array(FORUMS_TRACK_TABLE => 'ft'),
-			'ON'	=> 'ft.user_id = ' . $user->data['user_id'] . ' AND ft.forum_id = f.forum_id'
-		)
+			'ON'	=> 'ft.user_id = ' . $user->data['user_id'] . ' AND ft.forum_id = f.forum_id',
+		),
 	),
 
 	'WHERE'		=> 'fw.user_id = ' . $user->data['user_id'] . '
 		AND f.forum_id = fw.forum_id',
 
-	'ORDER_BY'	=> 'left_id'
+	'ORDER_BY'	=> 'left_id',
 );
 
 $sql = $db->sql_build_query('SELECT', $sql_array);
@@ -860,13 +860,13 @@ $sql_array = array(
 
 	'FROM'		=> array(
 		FORUMS_WATCH_TABLE	=> 'fw',
-		FORUMS_TABLE		=> 'f'
+		FORUMS_TABLE		=> 'f',
 	),
 
 	'WHERE'		=> 'fw.user_id = ' . $user->data['user_id'] . '
 		AND f.forum_id = fw.forum_id',
 
-	'ORDER_BY'	=> 'left_id'
+	'ORDER_BY'	=> 'left_id',
 );
 
 if ($config['load_db_lastread'])
@@ -874,8 +874,8 @@ if ($config['load_db_lastread'])
 	$sql_array['LEFT_JOIN'] = array(
 		array(
 			'FROM'	=> array(FORUMS_TRACK_TABLE => 'ft'),
-			'ON'	=> 'ft.user_id = ' . $user->data['user_id'] . ' AND ft.forum_id = f.forum_id'
-		)
+			'ON'	=> 'ft.user_id = ' . $user->data['user_id'] . ' AND ft.forum_id = f.forum_id',
+		),
 	);
 
 	$sql_array['SELECT'] .= ', ft.mark_time ';

phpBB/download/file.php

@@ -285,7 +285,7 @@ else if (($display_cat == ATTACHMENT_CATEGORY_NONE/* || $display_cat == ATTACHME
 	$db->sql_query($sql);
 }
 
-if ($display_cat == ATTACHMENT_CATEGORY_IMAGE && $mode === 'view' && (strpos($attachment['mimetype'], 'image') === 0) && (strpos(strtolower($browser), 'msie') !== false) && !phpbb_is_greater_ie_version($user->browser, 7))
+if ($display_cat == ATTACHMENT_CATEGORY_IMAGE && $mode === 'view' && (strpos($attachment['mimetype'], 'image') === 0) && (strpos(strtolower($user->browser), 'msie') !== false) && !phpbb_is_greater_ie_version($user->browser, 7))
 {
 	wrap_img_in_html(append_sid($phpbb_root_path . 'download/file.' . $phpEx, 'id=' . $attachment['attach_id']), $attachment['real_filename']);
 	file_gc();

phpBB/includes/acm/acm_memory.php

@@ -292,12 +292,24 @@ class acm_memory
 		// determine which tables this query belongs to
 		// Some queries use backticks, namely the get_database_size() query
 		// don't check for conformity, the SQL would error and not reach here.
-		if (!preg_match('/FROM \\(?(`?\\w+`?(?: \\w+)?(?:, ?`?\\w+`?(?: \\w+)?)*)\\)?/', $query, $regs))
+		if (!preg_match_all('/(?:FROM \\(?(`?\\w+`?(?: \\w+)?(?:, ?`?\\w+`?(?: \\w+)?)*)\\)?)|(?:JOIN (`?\\w+`?(?: \\w+)?))/', $query, $regs, PREG_SET_ORDER))
 		{
 			// Bail out if the match fails.
 			return;
 		}
-		$tables = array_map('trim', explode(',', $regs[1]));
+
+		$tables = array();
+		foreach ($regs as $match)
+		{
+			if ($match[0][0] == 'F')
+			{
+				$tables = array_merge($tables, array_map('trim', explode(',', $match[1])));
+			}
+			else
+			{
+				$tables[] = $match[2];
+			}
+		}
 
 		foreach ($tables as $table_name)
 		{

phpBB/includes/acp/acp_attachments.php

@@ -127,7 +127,7 @@ class acp_attachments
 						'img_create_thumbnail'		=> array('lang' => 'CREATE_THUMBNAIL',		'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
 						'img_max_thumb_width'		=> array('lang' => 'MAX_THUMB_WIDTH',		'validate' => 'int',	'type' => 'text:7:15', 'explain' => true, 'append' => ' ' . $user->lang['PIXEL']),
 						'img_min_thumb_filesize'	=> array('lang' => 'MIN_THUMB_FILESIZE',	'validate' => 'int',	'type' => 'text:7:15', 'explain' => true, 'append' => ' ' . $user->lang['BYTES']),
-						'img_imagick'				=> array('lang' => 'IMAGICK_PATH',			'validate' => 'string',	'type' => 'text:20:200', 'explain' => true, 'append' => '&nbsp;&nbsp;<span>[ <a href="' . $this->u_action . '&amp;action=imgmagick">' . $user->lang['SEARCH_IMAGICK'] . '</a> ]</span>'),
+						'img_imagick'				=> array('lang' => 'IMAGICK_PATH',			'validate' => 'path',	'type' => 'text:20:200', 'explain' => true, 'append' => '&nbsp;&nbsp;<span>[ <a href="' . $this->u_action . '&amp;action=imgmagick">' . $user->lang['SEARCH_IMAGICK'] . '</a> ]</span>'),
 						'img_max'					=> array('lang' => 'MAX_IMAGE_SIZE',		'validate' => 'int',	'type' => 'dimension:3:4', 'explain' => true, 'append' => ' ' . $user->lang['PIXEL']),
 						'img_link'					=> array('lang' => 'IMAGE_LINK_SIZE',		'validate' => 'int',	'type' => 'dimension:3:4', 'explain' => true, 'append' => ' ' . $user->lang['PIXEL']),
 					)

phpBB/includes/acp/acp_board.php

@@ -123,7 +123,7 @@ class acp_board
 						'avatar_filesize'		=> array('lang' => 'MAX_FILESIZE',			'validate' => 'int:0',	'type' => 'text:4:10', 'explain' => true, 'append' => ' ' . $user->lang['BYTES']),
 						'avatar_min'			=> array('lang' => 'MIN_AVATAR_SIZE',		'validate' => 'int:0',	'type' => 'dimension:3:4', 'explain' => true, 'append' => ' ' . $user->lang['PIXEL']),
 						'avatar_max'			=> array('lang' => 'MAX_AVATAR_SIZE',		'validate' => 'int:0',	'type' => 'dimension:3:4', 'explain' => true, 'append' => ' ' . $user->lang['PIXEL']),
-						'avatar_path'			=> array('lang' => 'AVATAR_STORAGE_PATH',	'validate' => 'rwpath',	'type' => 'text:20:255', 'explain' => true),
+						'avatar_path'			=> array('lang' => 'AVATAR_STORAGE_PATH',	'validate' => 'rpath',	'type' => 'text:20:255', 'explain' => true),
 						'avatar_gallery_path'	=> array('lang' => 'AVATAR_GALLERY_PATH',	'validate' => 'rpath',	'type' => 'text:20:255', 'explain' => true)
 					)
 				);

phpBB/includes/acp/acp_forums.php

@@ -56,7 +56,6 @@ class acp_forums
 				$total = request_var('total', 0);
 
 				$this->display_progress_bar($start, $total);
-				exit;
 			break;
 
 			case 'delete':

phpBB/includes/acp/acp_main.php

@@ -606,8 +606,8 @@ class acp_main
 				'S_MBSTRING_LOADED'						=> true,
 				'S_MBSTRING_FUNC_OVERLOAD_FAIL'			=> (intval(@ini_get('mbstring.func_overload')) & (MB_OVERLOAD_MAIL | MB_OVERLOAD_STRING)),
 				'S_MBSTRING_ENCODING_TRANSLATION_FAIL'	=> (@ini_get('mbstring.encoding_translation') != 0),
-				'S_MBSTRING_HTTP_INPUT_FAIL'			=> (@ini_get('mbstring.http_input') != 'pass'),
-				'S_MBSTRING_HTTP_OUTPUT_FAIL'			=> (@ini_get('mbstring.http_output') != 'pass'),
+				'S_MBSTRING_HTTP_INPUT_FAIL'			=> !in_array(@ini_get('mbstring.http_input'), array('pass', '')),
+				'S_MBSTRING_HTTP_OUTPUT_FAIL'			=> !in_array(@ini_get('mbstring.http_output'), array('pass', '')),
 			));
 		}
 

phpBB/includes/acp/acp_php_info.php

@@ -47,7 +47,7 @@ class acp_php_info
 		// for this was nabbed from the PHP annotated manual
 		preg_match_all('#<body[^>]*>(.*)</body>#si', $phpinfo, $output);
 
-		if (empty($phpinfo) || empty($output))
+		if (empty($phpinfo) || empty($output[1][0]))
 		{
 			trigger_error('NO_PHPINFO_AVAILABLE', E_USER_WARNING);
 		}

phpBB/includes/acp/acp_update.php

@@ -34,10 +34,7 @@ class acp_update
 		$this->page_title = 'ACP_VERSION_CHECK';
 
 		// Get current and latest version
-		$errstr = '';
-		$errno = 0;
-
-		$info = obtain_latest_version_info(request_var('versioncheck_force', false));
+		$info = htmlspecialchars(obtain_latest_version_info(request_var('versioncheck_force', false)));
 
 		if (empty($info))
 		{

phpBB/includes/acp/acp_users.php

@@ -172,8 +172,7 @@ class acp_users
 
 				if ($submit)
 				{
-					// You can't delete the founder
-					if ($delete && $user_row['user_type'] != USER_FOUNDER)
+					if ($delete)
 					{
 						if (!$auth->acl_get('a_userdel'))
 						{
@@ -186,6 +185,12 @@ class acp_users
 							trigger_error($user->lang['CANNOT_REMOVE_ANONYMOUS'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
 						}
 
+						// Founders can not be deleted.
+						if ($user_row['user_type'] == USER_FOUNDER)
+						{
+							trigger_error($user->lang['CANNOT_REMOVE_FOUNDER'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
+						}
+
 						if ($user_id == $user->data['user_id'])
 						{
 							trigger_error($user->lang['CANNOT_REMOVE_YOURSELF'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
@@ -1032,6 +1037,7 @@ class acp_users
 					'U_SHOW_IP'		=> $this->u_action . "&u=$user_id&ip=" . (($ip == 'ip') ? 'hostname' : 'ip'),
 					'U_WHOIS'		=> $this->u_action . "&action=whois&user_ip={$user_row['user_ip']}",
 					'U_MCP_QUEUE'	=> ($auth->acl_getf_global('m_approve')) ? append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=queue', true, $user->session_id) : '',
+					'U_SEARCH_USER'	=> ($config['load_search'] && $auth->acl_get('u_search')) ? append_sid("{$phpbb_root_path}search.$phpEx", "author_id={$user_row['user_id']}&sr=posts") : '',
 
 					'U_SWITCH_PERMISSIONS'	=> ($auth->acl_get('a_switchperm') && $user->data['user_id'] != $user_row['user_id']) ? append_sid("{$phpbb_root_path}ucp.$phpEx", "mode=switch_perm&u={$user_row['user_id']}&hash=" . generate_link_hash('switchperm')) : '',
 
@@ -2009,7 +2015,7 @@ class acp_users
 					WHERE a.poster_id = ' . $user_id . "
 						AND a.is_orphan = 0
 					ORDER BY $order_by";
-				$result = $db->sql_query_limit($sql, $config['posts_per_page'], $start);
+				$result = $db->sql_query_limit($sql, $config['topics_per_page'], $start);
 
 				while ($row = $db->sql_fetchrow($result))
 				{

phpBB/includes/auth/auth_ldap.php

@@ -282,7 +282,7 @@ function ldap_user_filter($username)
 {
 	global $config;
 
-	$filter = '(' . $config['ldap_uid'] . '=' . ldap_escape(htmlspecialchars_decode($username)) . ')';
+	$filter = '(' . $config['ldap_uid'] . '=' . phpbb_ldap_escape(htmlspecialchars_decode($username)) . ')';
 	if ($config['ldap_user_filter'])
 	{
 		$_filter = ($config['ldap_user_filter'][0] == '(' && substr($config['ldap_user_filter'], -1) == ')') ? $config['ldap_user_filter'] : "({$config['ldap_user_filter']})";
@@ -294,7 +294,7 @@ function ldap_user_filter($username)
 /**
 * Escapes an LDAP AttributeValue
 */
-function ldap_escape($string)
+function phpbb_ldap_escape($string)
 {
 	return str_replace(array('*', '\\', '(', ')'), array('\\*', '\\\\', '\\(', '\\)'), $string);
 }

phpBB/includes/bbcode.php

@@ -135,6 +135,11 @@ class bbcode
 			$this->template_bitfield = new bitfield($user->theme['bbcode_bitfield']);
 			$this->template_filename = $phpbb_root_path . 'styles/' . $user->theme['template_path'] . '/template/bbcode.html';
 
+			if (empty($user->theme['template_inherits_id']) && !empty($template->orig_tpl_inherits_id))
+			{
+				$user->theme['template_inherits_id'] = $template->orig_tpl_inherits_id;
+			}
+
 			if (!@file_exists($this->template_filename))
 			{
 				if (isset($user->theme['template_inherits_id']) && $user->theme['template_inherits_id'])
@@ -376,7 +381,7 @@ class bbcode
 						}
 
 						// Replace {L_*} lang strings
-						$bbcode_tpl = preg_replace('/{L_([A-Z_]+)}/e', "(!empty(\$user->lang['\$1'])) ? \$user->lang['\$1'] : ucwords(strtolower(str_replace('_', ' ', '\$1')))", $bbcode_tpl);
+						$bbcode_tpl = preg_replace('/{L_([A-Z0-9_]+)}/e', "(!empty(\$user->lang['\$1'])) ? \$user->lang['\$1'] : ucwords(strtolower(str_replace('_', ' ', '\$1')))", $bbcode_tpl);
 
 						if (!empty($rowset[$bbcode_id]['second_pass_replace']))
 						{
@@ -480,7 +485,7 @@ class bbcode
 			'email'					=> array('{EMAIL}'		=> '$1', '{DESCRIPTION}'	=> '$2')
 		);
 
-		$tpl = preg_replace('/{L_([A-Z_]+)}/e', "(!empty(\$user->lang['\$1'])) ? \$user->lang['\$1'] : ucwords(strtolower(str_replace('_', ' ', '\$1')))", $tpl);
+		$tpl = preg_replace('/{L_([A-Z0-9_]+)}/e', "(!empty(\$user->lang['\$1'])) ? \$user->lang['\$1'] : ucwords(strtolower(str_replace('_', ' ', '\$1')))", $tpl);
 
 		if (!empty($replacements[$tpl_name]))
 		{

phpBB/includes/constants.php

@@ -25,7 +25,7 @@ if (!defined('IN_PHPBB'))
 */
 
 // phpBB Version
-define('PHPBB_VERSION', '3.0.12-RC2');
+define('PHPBB_VERSION', '3.0.13');
 
 // QA-related
 // define('PHPBB_QA', 1);

phpBB/includes/db/db_tools.php

@@ -452,9 +452,6 @@ class phpbb_db_tools
 		// Determine if we have created a PRIMARY KEY in the earliest
 		$primary_key_gen = false;
 
-		// Determine if the table must be created with TEXTIMAGE
-		$create_textimage = false;
-
 		// Determine if the table requires a sequence
 		$create_sequence = false;
 
@@ -471,13 +468,22 @@ class phpbb_db_tools
 			break;
 		}
 
+		if ($this->sql_layer == 'mssql' || $this->sql_layer == 'mssqlnative')
+		{
+			if (!isset($table_data['PRIMARY_KEY']))
+			{
+				$table_data['COLUMNS']['mssqlindex'] = array('UINT', null, 'auto_increment');
+				$table_data['PRIMARY_KEY'] = 'mssqlindex';
+			}
+		}
+
 		// Iterate through the columns to create a table
 		foreach ($table_data['COLUMNS'] as $column_name => $column_data)
 		{
 			// here lies an array, filled with information compiled on the column's data
 			$prepared_column = $this->sql_prepare_column_data($table_name, $column_name, $column_data);
 
-			if (isset($prepared_column['auto_increment']) && strlen($column_name) > 26) // "${column_name}_gen"
+			if (isset($prepared_column['auto_increment']) && $prepared_column['auto_increment'] && strlen($column_name) > 26) // "${column_name}_gen"
 			{
 				trigger_error("Index name '${column_name}_gen' on table '$table_name' is too long. The maximum auto increment column length is 26 characters.", E_USER_ERROR);
 			}
@@ -501,12 +507,6 @@ class phpbb_db_tools
 				$primary_key_gen = isset($prepared_column['primary_key_set']) && $prepared_column['primary_key_set'];
 			}
 
-			// create textimage DDL based off of the existance of certain column types
-			if (!$create_textimage)
-			{
-				$create_textimage = isset($prepared_column['textimage']) && $prepared_column['textimage'];
-			}
-
 			// create sequence DDL based off of the existance of auto incrementing columns
 			if (!$create_sequence && isset($prepared_column['auto_increment']) && $prepared_column['auto_increment'])
 			{
@@ -521,13 +521,9 @@ class phpbb_db_tools
 		switch ($this->sql_layer)
 		{
 			case 'firebird':
-				$table_sql .= "\n);";
-				$statements[] = $table_sql;
-			break;
-
 			case 'mssql':
 			case 'mssqlnative':
-				$table_sql .= "\n) ON [PRIMARY]" . (($create_textimage) ? ' TEXTIMAGE_ON [PRIMARY]' : '');
+				$table_sql .= "\n);";
 				$statements[] = $table_sql;
 			break;
 		}
@@ -879,7 +875,7 @@ class phpbb_db_tools
 			}
 		}
 
-		// Add unqiue indexes?
+		// Add unique indexes?
 		if (!empty($schema_changes['add_unique_index']))
 		{
 			foreach ($schema_changes['add_unique_index'] as $table => $index_array)
@@ -1290,7 +1286,7 @@ class phpbb_db_tools
 	}
 
 	/**
-	* Check if a specified index exists in table. Does not return PRIMARY KEY and UNIQUE indexes.
+	* Check if a specified index exists in table. Does not return PRIMARY KEY indexes.
 	*
 	* @param string	$table_name		Table to check the index at
 	* @param string	$index_name		The index name to check
@@ -1819,22 +1815,49 @@ class phpbb_db_tools
 
 			case 'mssql':
 			case 'mssqlnative':
-				// remove default cosntraints first
-				// http://msdn.microsoft.com/en-us/library/aa175912%28v=sql.80%29.aspx
-				$statements[] = "DECLARE @drop_default_name VARCHAR(100), @cmd VARCHAR(1000)
-					SET @drop_default_name =
-						(SELECT so.name FROM sysobjects so
-						JOIN sysconstraints sc ON so.id = sc.constid
-						WHERE object_name(so.parent_obj) = '{$table_name}'
-							AND so.xtype = 'D'
-							AND sc.colid = (SELECT colid FROM syscolumns
-								WHERE id = object_id('{$table_name}')
-									AND name = '{$column_name}'))
-					IF @drop_default_name <> ''
-					BEGIN
-						SET @cmd = 'ALTER TABLE [{$table_name}] DROP CONSTRAINT [' + @drop_default_name + ']'
-						EXEC(@cmd)
-					END";
+				$sql = "SELECT CAST(SERVERPROPERTY('productversion') AS VARCHAR(25)) AS mssql_version";
+				$result = $this->db->sql_query($sql);
+				$row = $this->db->sql_fetchrow($result);
+				$this->db->sql_freeresult($result);
+
+				// Remove default constraints
+				if ($row['mssql_version'][0] == '8')	// SQL Server 2000
+				{
+					// http://msdn.microsoft.com/en-us/library/aa175912%28v=sql.80%29.aspx
+					// Deprecated in SQL Server 2005
+					$statements[] = "DECLARE @drop_default_name VARCHAR(100), @cmd VARCHAR(1000)
+						SET @drop_default_name =
+							(SELECT so.name FROM sysobjects so
+							JOIN sysconstraints sc ON so.id = sc.constid
+							WHERE object_name(so.parent_obj) = '{$table_name}'
+								AND so.xtype = 'D'
+								AND sc.colid = (SELECT colid FROM syscolumns
+									WHERE id = object_id('{$table_name}')
+										AND name = '{$column_name}'))
+						IF @drop_default_name <> ''
+						BEGIN
+							SET @cmd = 'ALTER TABLE [{$table_name}] DROP CONSTRAINT [' + @drop_default_name + ']'
+							EXEC(@cmd)
+						END";
+				}
+				else
+				{
+					$sql = "SELECT dobj.name AS def_name
+					FROM sys.columns col 
+						LEFT OUTER JOIN sys.objects dobj ON (dobj.object_id = col.default_object_id AND dobj.type = 'D')
+					WHERE col.object_id = object_id('{$table_name}') 
+					AND col.name = '{$column_name}'
+					AND dobj.name IS NOT NULL";
+					$result = $this->db->sql_query($sql);
+					$row = $this->db->sql_fetchrow($result);
+					$this->db->sql_freeresult($result);
+
+					if ($row)
+					{
+						$statements[] = 'ALTER TABLE [' . $table_name . '] DROP CONSTRAINT [' . $row['def_name'] . ']';
+					}
+				}
+
 				$statements[] = 'ALTER TABLE [' . $table_name . '] DROP COLUMN [' . $column_name . ']';
 			break;
 
@@ -2038,7 +2061,7 @@ class phpbb_db_tools
 				$sql = "ALTER TABLE [{$table_name}] WITH NOCHECK ADD ";
 				$sql .= "CONSTRAINT [PK_{$table_name}] PRIMARY KEY  CLUSTERED (";
 				$sql .= '[' . implode("],\n\t\t[", $column) . ']';
-				$sql .= ') ON [PRIMARY]';
+				$sql .= ')';
 
 				$statements[] = $sql;
 			break;
@@ -2136,7 +2159,7 @@ class phpbb_db_tools
 
 			case 'mssql':
 			case 'mssqlnative':
-				$statements[] = 'CREATE UNIQUE INDEX ' . $index_name . ' ON ' . $table_name . '(' . implode(', ', $column) . ') ON [PRIMARY]';
+				$statements[] = 'CREATE UNIQUE INDEX ' . $index_name . ' ON ' . $table_name . '(' . implode(', ', $column) . ')';
 			break;
 		}
 
@@ -2189,7 +2212,7 @@ class phpbb_db_tools
 
 			case 'mssql':
 			case 'mssqlnative':
-				$statements[] = 'CREATE INDEX ' . $index_name . ' ON ' . $table_name . '(' . implode(', ', $column) . ') ON [PRIMARY]';
+				$statements[] = 'CREATE INDEX ' . $index_name . ' ON ' . $table_name . '(' . implode(', ', $column) . ')';
 			break;
 		}
 
@@ -2321,23 +2344,48 @@ class phpbb_db_tools
 
 				if (!empty($column_data['default']))
 				{
+					$sql = "SELECT CAST(SERVERPROPERTY('productversion') AS VARCHAR(25)) AS mssql_version";
+					$result = $this->db->sql_query($sql);
+					$row = $this->db->sql_fetchrow($result);
+					$this->db->sql_freeresult($result);
+
 					// Using TRANSACT-SQL for this statement because we do not want to have colliding data if statements are executed at a later stage
-					$statements[] = "DECLARE @drop_default_name VARCHAR(100), @cmd VARCHAR(1000)
-						SET @drop_default_name =
-							(SELECT so.name FROM sysobjects so
-							JOIN sysconstraints sc ON so.id = sc.constid
-							WHERE object_name(so.parent_obj) = '{$table_name}'
-								AND so.xtype = 'D'
-								AND sc.colid = (SELECT colid FROM syscolumns
-									WHERE id = object_id('{$table_name}')
-										AND name = '{$column_name}'))
-						IF @drop_default_name <> ''
-						BEGIN
-							SET @cmd = 'ALTER TABLE [{$table_name}] DROP CONSTRAINT [' + @drop_default_name + ']'
-							EXEC(@cmd)
-						END
-						SET @cmd = 'ALTER TABLE [{$table_name}] ADD CONSTRAINT [DF_{$table_name}_{$column_name}_1] {$column_data['default']} FOR [{$column_name}]'
-						EXEC(@cmd)";
+					if ($row['mssql_version'][0] == '8')	// SQL Server 2000
+					{
+						$statements[] = "DECLARE @drop_default_name VARCHAR(100), @cmd VARCHAR(1000)
+							SET @drop_default_name =
+								(SELECT so.name FROM sysobjects so
+								JOIN sysconstraints sc ON so.id = sc.constid
+								WHERE object_name(so.parent_obj) = '{$table_name}'
+									AND so.xtype = 'D'
+									AND sc.colid = (SELECT colid FROM syscolumns
+										WHERE id = object_id('{$table_name}')
+											AND name = '{$column_name}'))
+							IF @drop_default_name <> ''
+							BEGIN
+								SET @cmd = 'ALTER TABLE [{$table_name}] DROP CONSTRAINT [' + @drop_default_name + ']'
+								EXEC(@cmd)
+							END
+							SET @cmd = 'ALTER TABLE [{$table_name}] ADD CONSTRAINT [DF_{$table_name}_{$column_name}_1] {$column_data['default']} FOR [{$column_name}]'
+							EXEC(@cmd)";
+					}
+					else
+					{
+						$statements[] = "DECLARE @drop_default_name VARCHAR(100), @cmd VARCHAR(1000)
+							SET @drop_default_name =
+								(SELECT dobj.name FROM sys.columns col 
+									LEFT OUTER JOIN sys.objects dobj ON (dobj.object_id = col.default_object_id AND dobj.type = 'D')
+								WHERE col.object_id = object_id('{$table_name}') 
+								AND col.name = '{$column_name}'
+								AND dobj.name IS NOT NULL)
+							IF @drop_default_name <> ''
+							BEGIN
+								SET @cmd = 'ALTER TABLE [{$table_name}] DROP CONSTRAINT [' + @drop_default_name + ']'
+								EXEC(@cmd)
+							END
+							SET @cmd = 'ALTER TABLE [{$table_name}] ADD CONSTRAINT [DF_{$table_name}_{$column_name}_1] {$column_data['default']} FOR [{$column_name}]'
+							EXEC(@cmd)";
+					}
 				}
 			break;
 

phpBB/includes/functions.php

@@ -502,6 +502,13 @@ function phpbb_hash($password)
 */
 function phpbb_check_hash($password, $hash)
 {
+	if (strlen($password) > 4096)
+	{
+		// If the password is too huge, we will simply reject it
+		// and not let the server try to hash it.
+		return false;
+	}
+
 	$itoa64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz';
 	if (strlen($hash) == 34)
 	{
@@ -3360,7 +3367,7 @@ function parse_cfg_file($filename, $lines = false)
 		}
 
 		// Determine first occurrence, since in values the equal sign is allowed
-		$key = strtolower(trim(substr($line, 0, $delim_pos)));
+		$key = htmlspecialchars(strtolower(trim(substr($line, 0, $delim_pos))));
 		$value = trim(substr($line, $delim_pos + 1));
 
 		if (in_array($value, array('off', 'false', '0')))
@@ -3377,7 +3384,11 @@ function parse_cfg_file($filename, $lines = false)
 		}
 		else if (($value[0] == "'" && $value[sizeof($value) - 1] == "'") || ($value[0] == '"' && $value[sizeof($value) - 1] == '"'))
 		{
-			$value = substr($value, 1, sizeof($value)-2);
+			$value = htmlspecialchars(substr($value, 1, sizeof($value)-2));
+		}
+		else
+		{
+			$value = htmlspecialchars($value);
 		}
 
 		$parsed_items[$key] = $value;

phpBB/includes/functions_admin.php

@@ -3057,8 +3057,24 @@ function get_database_size()
 		case 'mssql':
 		case 'mssql_odbc':
 		case 'mssqlnative':
+			$sql = 'SELECT @@VERSION AS mssql_version';
+			$result = $db->sql_query($sql);
+			$row = $db->sql_fetchrow($result);
+			$db->sql_freeresult($result);
+			
 			$sql = 'SELECT ((SUM(size) * 8.0) * 1024.0) as dbsize
 				FROM sysfiles';
+
+			if ($row)
+			{
+				// Azure stats are stored elsewhere
+				if (strpos($row['mssql_version'], 'SQL Azure') !== false)
+				{
+					$sql = 'SELECT ((SUM(reserved_page_count) * 8.0) * 1024.0) as dbsize 
+					FROM sys.dm_db_partition_stats';
+				}
+			}
+
 			$result = $db->sql_query($sql, 7200);
 			$database_size = ($row = $db->sql_fetchrow($result)) ? $row['dbsize'] : false;
 			$db->sql_freeresult($result);

phpBB/includes/functions_content.php

@@ -21,6 +21,7 @@ if (!defined('IN_PHPBB'))
 * make_jumpbox()
 * bump_topic_allowed()
 * get_context()
+* phpbb_clean_search_string()
 * decode_message()
 * strip_bbcode()
 * generate_text_for_display()
@@ -360,6 +361,23 @@ function get_context($text, $words, $length = 400)
 	}
 }
 
+/**
+* Cleans a search string by removing single wildcards from it and replacing multiple spaces with a single one.
+*
+* @param string $search_string The full search string which should be cleaned.
+*
+* @return string The cleaned search string without any wildcards and multiple spaces.
+*/
+function phpbb_clean_search_string($search_string)
+{
+	// This regular expressions matches every single wildcard.
+	// That means one after a whitespace or the beginning of the string or one before a whitespace or the end of the string.
+	$search_string = preg_replace('#(?<=^|\s)\*+(?=\s|$)#', '', $search_string);
+	$search_string = trim($search_string);
+	$search_string = preg_replace(array('#\s+#u', '#\*+#u'), array(' ', '*'), $search_string);
+	return $search_string;
+}
+
 /**
 * Decode text whereby text is coming from the db and expected to be pre-parsed content
 * We are placing this outside of the message parser because we are often in need of it...
@@ -413,7 +431,7 @@ function generate_text_for_display($text, $uid, $bitfield, $flags)
 {
 	static $bbcode;
 
-	if (!$text)
+	if ($text === '')
 	{
 		return '';
 	}
@@ -459,7 +477,7 @@ function generate_text_for_storage(&$text, &$uid, &$bitfield, &$flags, $allow_bb
 	$uid = $bitfield = '';
 	$flags = (($allow_bbcode) ? OPTION_FLAG_BBCODE : 0) + (($allow_smilies) ? OPTION_FLAG_SMILIES : 0) + (($allow_urls) ? OPTION_FLAG_LINKS : 0);
 
-	if (!$text)
+	if ($text === '')
 	{
 		return;
 	}

phpBB/includes/functions_install.php

@@ -309,7 +309,7 @@ function connect_check_db($error_connect, &$error, $dbms_details, $table_prefix,
 	if (is_array($db->sql_connect($dbhost, $dbuser, $dbpasswd, $dbname, $dbport, false, true)))
 	{
 		$db_error = $db->sql_error();
-		$error[] = $lang['INST_ERR_DB_CONNECT'] . '<br />' . (($db_error['message']) ? $db_error['message'] : $lang['INST_ERR_DB_NO_ERROR']);
+		$error[] = $lang['INST_ERR_DB_CONNECT'] . '<br />' . (($db_error['message']) ? utf8_convert_message($db_error['message']) : $lang['INST_ERR_DB_NO_ERROR']);
 	}
 	else
 	{

phpBB/includes/functions_module.php

@@ -436,21 +436,21 @@ class p_master
 
 		if ($this->active_module === false)
 		{
-			trigger_error('Module not accessible', E_USER_ERROR);
+			trigger_error('MODULE_NOT_ACCESS', E_USER_ERROR);
 		}
 
 		if (!class_exists("{$this->p_class}_$this->p_name"))
 		{
 			if (!file_exists("$module_path/{$this->p_class}_$this->p_name.$phpEx"))
 			{
-				trigger_error("Cannot find module $module_path/{$this->p_class}_$this->p_name.$phpEx", E_USER_ERROR);
+				trigger_error($user->lang('MODULE_NOT_FIND', "$module_path/{$this->p_class}_$this->p_name.$phpEx"), E_USER_ERROR);
 			}
 
 			include("$module_path/{$this->p_class}_$this->p_name.$phpEx");
 
 			if (!class_exists("{$this->p_class}_$this->p_name"))
 			{
-				trigger_error("Module file $module_path/{$this->p_class}_$this->p_name.$phpEx does not contain correct class [{$this->p_class}_$this->p_name]", E_USER_ERROR);
+				trigger_error($user->lang('MODULE_FILE_INCORRECT_CLASS', "$module_path/{$this->p_class}_$this->p_name.$phpEx", "{$this->p_class}_$this->p_name"), E_USER_ERROR);
 			}
 
 			if (!empty($mode))

phpBB/includes/functions_posting.php

@@ -394,6 +394,10 @@ function upload_attachment($form_name, $forum_id, $local = false, $local_storage
 	{
 		$upload->set_disallowed_content(explode('|', $config['mime_triggers']));
 	}
+	else if (!$config['check_attachment_content'])
+	{
+		$upload->set_disallowed_content(array());
+	}
 
 	if (!$local)
 	{
@@ -2604,7 +2608,10 @@ function submit_post($mode, $subject, $username, $topic_type, &$poll, &$data, $u
 	// Send Notifications
 	if (($mode == 'reply' || $mode == 'quote' || $mode == 'post') && $post_approval)
 	{
-		$username = ($username) ? $username : $user->data['username'];
+		// If a username was supplied or the poster is a guest, we will use the supplied username.
+		// Doing it this way we can use "...post by guest-username..." in notifications when
+		// "guest-username" is supplied or ommit the username if it is not.
+		$username = ($username !== '' || !$user->data['is_registered']) ? $username : $user->data['username'];
 		user_notification($mode, $subject, $data['topic_title'], $data['forum_name'], $data['forum_id'], $data['topic_id'], $data['post_id'], $username);
 	}
 

phpBB/includes/functions_privmsgs.php

@@ -208,7 +208,7 @@ function get_folder($user_id, $folder_id = false)
 		);
 	}
 
-	if ($folder_id !== false && !isset($folder[$folder_id]))
+	if ($folder_id !== false && $folder_id !== PRIVMSGS_HOLD_BOX && !isset($folder[$folder_id]))
 	{
 		trigger_error('UNKNOWN_FOLDER');
 	}

phpBB/includes/functions_profile_fields.php

@@ -532,7 +532,7 @@ class custom_profile
 		switch ($this->profile_types[$field_type])
 		{
 			case 'int':
-				if ($value === '' && !$ident_ary['data']['field_show_novalue'])
+				if (($value === '' || $value === null) && !$ident_ary['data']['field_show_novalue'])
 				{
 					return NULL;
 				}

phpBB/includes/functions_upload.php

@@ -466,6 +466,9 @@ class fileupload
 	var $max_height = 0;
 	var $error_prefix = '';
 
+	/** @var int Timeout for remote upload */
+	var $upload_timeout = 6;
+
 	/**
 	* Init file upload class.
 	*
@@ -795,13 +798,28 @@ class fileupload
 		fputs($fsock, "HOST: " . $host . "\r\n");
 		fputs($fsock, "Connection: close\r\n\r\n");
 
+		// Set a proper timeout for the socket
+		socket_set_timeout($fsock, $this->upload_timeout);
+
 		$get_info = false;
 		$data = '';
-		while (!@feof($fsock))
+		$length = false;
+		$timer_stop = time() + $this->upload_timeout;
+
+		while ((!$length || $filesize < $length) && !@feof($fsock))
 		{
 			if ($get_info)
 			{
-				$block = @fread($fsock, 1024);
+				if ($length)
+				{
+					// Don't attempt to read past end of file if server indicated length
+					$block = @fread($fsock, min($length - $filesize, 1024));
+				}
+				else
+				{
+					$block = @fread($fsock, 1024);
+				}
+
 				$filesize += strlen($block);
 
 				if ($remote_max_filesize && $filesize > $remote_max_filesize)
@@ -847,6 +865,15 @@ class fileupload
 					}
 				}
 			}
+
+			$stream_meta_data = stream_get_meta_data($fsock);
+
+			// Cancel upload if we exceed timeout
+			if (!empty($stream_meta_data['timed_out']) || time() >= $timer_stop)
+			{
+				$file = new fileerror($user->lang[$this->error_prefix . 'REMOTE_UPLOAD_TIMEOUT']);
+				return $file;
+			}
 		}
 		@fclose($fsock);
 

phpBB/includes/functions_user.php

@@ -329,11 +329,16 @@ function user_add($user_row, $cp_data = false)
 }
 
 /**
-* Remove User
-*/
+ * Remove User
+ *
+ * @param string	$mode		'retain' or 'remove'
+ * @param int		$user_id
+ * @param mixed		$post_username
+ * @return bool
+ */
 function user_delete($mode, $user_id, $post_username = false)
 {
-	global $cache, $config, $db, $user, $auth;
+	global $cache, $config, $db, $user;
 	global $phpbb_root_path, $phpEx;
 
 	$sql = 'SELECT *
@@ -439,11 +444,6 @@ function user_delete($mode, $user_id, $post_username = false)
 					WHERE poster_id = $user_id";
 				$db->sql_query($sql);
 
-				$sql = 'UPDATE ' . POSTS_TABLE . '
-					SET post_edit_user = ' . ANONYMOUS . "
-					WHERE post_edit_user = $user_id";
-				$db->sql_query($sql);
-
 				$sql = 'UPDATE ' . TOPICS_TABLE . '
 					SET topic_poster = ' . ANONYMOUS . ", topic_first_poster_name = '" . $db->sql_escape($post_username) . "', topic_first_poster_colour = ''
 					WHERE topic_poster = $user_id";
@@ -501,6 +501,18 @@ function user_delete($mode, $user_id, $post_username = false)
 
 	$cache->destroy('sql', MODERATOR_CACHE_TABLE);
 
+	// Change user_id to anonymous for posts edited by this user
+	$sql = 'UPDATE ' . POSTS_TABLE . '
+		SET post_edit_user = ' . ANONYMOUS . '
+		WHERE post_edit_user = ' . $user_id;
+	$db->sql_query($sql);
+
+	// Change user_id to anonymous for pms edited by this user
+	$sql = 'UPDATE ' . PRIVMSGS_TABLE . '
+		SET message_edit_user = ' . ANONYMOUS . '
+		WHERE message_edit_user = ' . $user_id;
+	$db->sql_query($sql);
+
 	// Delete user log entries about this user
 	$sql = 'DELETE FROM ' . LOG_TABLE . '
 		WHERE reportee_id = ' . $user_id;

phpBB/includes/mcp/info/mcp_pm_reports.php

@@ -20,7 +20,7 @@ class mcp_pm_reports_info
 			'title'		=> 'MCP_PM_REPORTS',
 			'version'	=> '1.0.0',
 			'modes'		=> array(
-				'pm_reports'			=> array('title' => 'MCP_PM_REPORTS_OPEN', 'auth' => 'aclf_m_report', 'cat' => array('MCP_REPORTS')),
+				'pm_reports'		=> array('title' => 'MCP_PM_REPORTS_OPEN', 'auth' => 'aclf_m_report', 'cat' => array('MCP_REPORTS')),
 				'pm_reports_closed'	=> array('title' => 'MCP_PM_REPORTS_CLOSED', 'auth' => 'aclf_m_report', 'cat' => array('MCP_REPORTS')),
 				'pm_report_details'	=> array('title' => 'MCP_PM_REPORT_DETAILS', 'auth' => 'aclf_m_report', 'cat' => array('MCP_REPORTS')),
 			),

phpBB/includes/mcp/mcp_pm_reports.php

@@ -166,6 +166,7 @@ class mcp_pm_reports
 					'S_CLOSE_ACTION'		=> append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=pm_reports&mode=pm_report_details&r=' . $report_id),
 					'S_CAN_VIEWIP'			=> $auth->acl_getf_global('m_info'),
 					'S_POST_REPORTED'		=> $pm_info['message_reported'],
+					'S_REPORT_CLOSED'		=> $report['report_closed'],
 					'S_USER_NOTES'			=> true,
 
 					'U_MCP_REPORT'				=> append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=pm_reports&mode=pm_report_details&r=' . $report_id),

phpBB/includes/mcp/mcp_post.php

@@ -157,6 +157,7 @@ function mcp_post_details($id, $mode, $action)
 
 		if (sizeof($attachments))
 		{
+			$user->add_lang('viewtopic');
 			$update_count = array();
 			parse_attachments($post_info['forum_id'], $message, $attachments, $update_count);
 		}

phpBB/includes/mcp/mcp_queue.php

@@ -660,15 +660,17 @@ function approve_post($post_id_list, $id, $mode)
 
 		foreach ($post_info as $post_id => $post_data)
 		{
+			$username = ($post_data['post_username']) ? $post_data['post_username'] : $post_data['username'];
+
 			if ($post_id == $post_data['topic_first_post_id'] && $post_id == $post_data['topic_last_post_id'])
 			{
 				// Forum Notifications
-				user_notification('post', $post_data['topic_title'], $post_data['topic_title'], $post_data['forum_name'], $post_data['forum_id'], $post_data['topic_id'], $post_id);
+				user_notification('post', $post_data['topic_title'], $post_data['topic_title'], $post_data['forum_name'], $post_data['forum_id'], $post_data['topic_id'], $post_id, $username);
 			}
 			else
 			{
 				// Topic Notifications
-				user_notification('reply', $post_data['post_subject'], $post_data['topic_title'], $post_data['forum_name'], $post_data['forum_id'], $post_data['topic_id'], $post_id);
+				user_notification('reply', $post_data['post_subject'], $post_data['topic_title'], $post_data['forum_name'], $post_data['forum_id'], $post_data['topic_id'], $post_id, $username);
 			}
 		}
 

phpBB/includes/mcp/mcp_reports.php

@@ -192,6 +192,7 @@ class mcp_reports
 					'S_POST_REPORTED'		=> $post_info['post_reported'],
 					'S_POST_UNAPPROVED'		=> !$post_info['post_approved'],
 					'S_POST_LOCKED'			=> $post_info['post_edit_locked'],
+					'S_REPORT_CLOSED'		=> $report['report_closed'],
 					'S_USER_NOTES'			=> true,
 
 					'U_EDIT'					=> ($auth->acl_get('m_edit', $post_info['forum_id'])) ? append_sid("{$phpbb_root_path}posting.$phpEx", "mode=edit&f={$post_info['forum_id']}&p={$post_info['post_id']}") : '',

phpBB/includes/mcp/mcp_topic.php

@@ -668,10 +668,10 @@ function merge_posts($topic_id, $to_topic_id)
 			}
 
 			// If the topic no longer exist, we will update the topic watch table.
-			phpbb_update_rows_avoiding_duplicates_notify_status($db, TOPICS_WATCH_TABLE, 'topic_id', $topic_ids, $to_topic_id);
+			phpbb_update_rows_avoiding_duplicates_notify_status($db, TOPICS_WATCH_TABLE, 'topic_id', array($topic_id), $to_topic_id);
 
 			// If the topic no longer exist, we will update the bookmarks table.
-			phpbb_update_rows_avoiding_duplicates($db, BOOKMARKS_TABLE, 'topic_id', $topic_id, $to_topic_id);
+			phpbb_update_rows_avoiding_duplicates($db, BOOKMARKS_TABLE, 'topic_id', array($topic_id), $to_topic_id);
 		}
 
 		// Link to the new topic

phpBB/includes/search/fulltext_native.php

@@ -231,7 +231,12 @@ class fulltext_native extends search_backend
 			}
 			$db->sql_freeresult($result);
 		}
-		unset($exact_words);
+
+		// Handle +, - without preceeding whitespace character
+		$match		= array('#(\S)\+#', '#(\S)-#');
+		$replace	= array('$1 +', '$1 +');
+
+		$keywords = preg_replace($match, $replace, $keywords);
 
 		// now analyse the search query, first split it using the spaces
 		$query = explode(' ', $keywords);
@@ -357,39 +362,21 @@ class fulltext_native extends search_backend
 					$this->{$mode . '_ids'}[] = $words[$word];
 				}
 			}
-			// throw an error if we shall not ignore unexistant words
-			else if (!$ignore_no_id)
+			else
 			{
 				if (!isset($common_ids[$word]))
 				{
 					$len = utf8_strlen($word);
-					if ($len >= $this->word_length['min'] && $len <= $this->word_length['max'])
-					{
-						trigger_error(sprintf($user->lang['WORD_IN_NO_POST'], $word));
-					}
-					else
+					if ($len < $this->word_length['min'] || $len > $this->word_length['max'])
 					{
 						$this->common_words[] = $word;
 					}
 				}
 			}
-			else
-			{
-				$len = utf8_strlen($word);
-				if ($len < $this->word_length['min'] || $len > $this->word_length['max'])
-				{
-					$this->common_words[] = $word;
-				}
-			}
 		}
 
-		// we can't search for negatives only
-		if (!sizeof($this->must_contain_ids))
-		{
-			return false;
-		}
-
-		if (!empty($this->search_query))
+		// Return true if all words are not common words
+		if (sizeof($exact_words) - sizeof($this->common_words) > 0)
 		{
 			return true;
 		}
@@ -428,6 +415,12 @@ class fulltext_native extends search_backend
 			return false;
 		}
 
+		// we can't search for negatives only
+		if (empty($this->must_contain_ids))
+		{
+			return false;
+		}
+
 		$must_contain_ids = $this->must_contain_ids;
 		$must_not_contain_ids = $this->must_not_contain_ids;
 		$must_exclude_one_ids = $this->must_exclude_one_ids;

phpBB/includes/session.php

@@ -556,7 +556,12 @@ class session
 		$method = 'autologin_' . $method;
 		if (function_exists($method))
 		{
-			$this->data = $method();
+			$user_data = $method();
+
+			if ($user_id === false || (isset($user_data['user_id']) && $user_id == $user_data['user_id']))
+			{
+				$this->data = $user_data;
+			}
 
 			if (sizeof($this->data))
 			{
@@ -576,11 +581,18 @@ class session
 					AND k.user_id = u.user_id
 					AND k.key_id = '" . $db->sql_escape(md5($this->cookie_data['k'])) . "'";
 			$result = $db->sql_query($sql);
-			$this->data = $db->sql_fetchrow($result);
+			$user_data = $db->sql_fetchrow($result);
+
+			if ($user_id === false || (isset($user_data['user_id']) && $user_id == $user_data['user_id']))
+			{
+				$this->data = $user_data;
+				$bot = false;
+			}
+
 			$db->sql_freeresult($result);
-			$bot = false;
 		}
-		else if ($user_id !== false && !sizeof($this->data))
+
+		if ($user_id !== false && !sizeof($this->data))
 		{
 			$this->cookie_data['k'] = '';
 			$this->cookie_data['u'] = $user_id;
@@ -1037,7 +1049,7 @@ class session
 
 		$name_data = rawurlencode($config['cookie_name'] . '_' . $name) . '=' . rawurlencode($cookiedata);
 		$expire = gmdate('D, d-M-Y H:i:s \\G\\M\\T', $cookietime);
-		$domain = (!$config['cookie_domain'] || $config['cookie_domain'] == 'localhost' || $config['cookie_domain'] == '127.0.0.1') ? '' : '; domain=' . $config['cookie_domain'];
+		$domain = (!$config['cookie_domain'] || $config['cookie_domain'] == '127.0.0.1' || strpos($config['cookie_domain'], '.') === false) ? '' : '; domain=' . $config['cookie_domain'];
 
 		header('Set-Cookie: ' . $name_data . (($cookietime) ? '; expires=' . $expire : '') . '; path=' . $config['cookie_path'] . $domain . ((!$config['cookie_secure']) ? '' : '; secure') . '; HttpOnly', false);
 	}

phpBB/includes/startup.php

@@ -80,31 +80,13 @@ function deregister_globals()
 	{
 		if (isset($not_unset[$varname]))
 		{
-			// Hacking attempt. No point in continuing unless it's a COOKIE (so a cookie called GLOBALS doesn't lock users out completely)
-			if ($varname !== 'GLOBALS' || isset($_GET['GLOBALS']) || isset($_POST['GLOBALS']) || isset($_SERVER['GLOBALS']) || isset($_SESSION['GLOBALS']) || isset($_ENV['GLOBALS']) || isset($_FILES['GLOBALS']))
+			// Hacking attempt. No point in continuing.
+			if (isset($_COOKIE[$varname]))
 			{
-				exit;
-			}
-			else
-			{
-				$cookie = &$_COOKIE;
-				while (isset($cookie['GLOBALS']))
-				{
-					if (!is_array($cookie['GLOBALS']))
-					{
-						break;
-					}
-
-					foreach ($cookie['GLOBALS'] as $registered_var => $value)
-					{
-						if (!isset($not_unset[$registered_var]))
-						{
-							unset($GLOBALS[$registered_var]);
-						}
-					}
-					$cookie = &$cookie['GLOBALS'];
-				}
+				echo "Clear your cookies. ";
 			}
+			echo "Malicious variable name detected. Contact the administrator and ask them to disable register_globals.";
+			exit;
 		}
 
 		unset($GLOBALS[$varname]);
@@ -113,6 +95,54 @@ function deregister_globals()
 	unset($input);
 }
 
+/**
+ * Check if requested page uses a trailing path
+ *
+ * @param string $phpEx PHP extension
+ *
+ * @return bool True if trailing path is used, false if not
+ */
+function phpbb_has_trailing_path($phpEx)
+{
+	// Check if path_info is being used
+	if (!empty($_SERVER['PATH_INFO']) || !empty($_SERVER['ORIG_PATH_INFO']))
+	{
+		return true;
+	}
+
+	// Match any trailing path appended to a php script in the REQUEST_URI.
+	// It is assumed that only actual PHP scripts use names like foo.php. Due
+	// to this, any phpBB board inside a directory that has the php extension
+	// appended to its name will stop working, i.e. if the board is at
+	// example.com/phpBB/test.php/ or example.com/test.php/
+	if (preg_match('#^[^?]+\.' . preg_quote($phpEx, '#') . '/#', $_SERVER['REQUEST_URI']))
+	{
+		return true;
+	}
+
+	return false;
+}
+
+// Check if trailing path is used
+if (phpbb_has_trailing_path($phpEx))
+{
+	if (substr(strtolower(@php_sapi_name()), 0, 3) === 'cgi')
+	{
+		$prefix = 'Status:';
+	}
+	else if (!empty($_SERVER['SERVER_PROTOCOL']))
+	{
+		$prefix = $_SERVER['SERVER_PROTOCOL'];
+	}
+	else
+	{
+		$prefix = 'HTTP/1.0';
+	}
+	header("$prefix 404 Not Found", true, 404);
+	echo 'Trailing paths and PATH_INFO is not supported by phpBB 3.0';
+	exit;
+}
+
 // Register globals and magic quotes have been dropped in PHP 5.4
 if (version_compare(PHP_VERSION, '5.4.0-dev', '>='))
 {

phpBB/includes/ucp/ucp_pm_options.php

@@ -29,7 +29,11 @@ function message_options($id, $mode, $global_privmsgs_rules, $global_rule_condit
 	// Change "full folder" setting - what to do if folder is full
 	if (isset($_POST['fullfolder']))
 	{
-		check_form_key('ucp_pm_options', $config['form_token_lifetime'], $redirect_url);
+		if (!check_form_key('ucp_pm_options'))
+		{
+			trigger_error('FORM_INVALID');
+		}
+
 		$full_action = request_var('full_action', 0);
 
 		$set_folder_id = 0;

phpBB/includes/ucp/ucp_profile.php

@@ -548,6 +548,9 @@ class ucp_profile
 				// Build custom bbcodes array
 				display_custom_bbcodes();
 
+				// Generate smiley listing
+				generate_smilies('inline', 0);
+
 			break;
 
 			case 'avatar':

phpBB/includes/ucp/ucp_remind.php

@@ -98,6 +98,8 @@ class ucp_remind
 			$messenger->to($user_row['user_email'], $user_row['username']);
 			$messenger->im($user_row['user_jabber'], $user_row['username']);
 
+			$messenger->anti_abuse_headers($config, $user);
+
 			$messenger->assign_vars(array(
 				'USERNAME'		=> htmlspecialchars_decode($user_row['username']),
 				'PASSWORD'		=> htmlspecialchars_decode($user_password),

phpBB/install/convertors/convert_phpbb20.php

@@ -32,7 +32,7 @@ unset($dbpasswd);
 $convertor_data = array(
 	'forum_name'	=> 'phpBB 2.0.x',
 	'version'		=> '1.0.3',
-	'phpbb_version'	=> '3.0.12',
+	'phpbb_version'	=> '3.0.13',
 	'author'		=> '<a href="https://www.phpbb.com/">phpBB Group</a>',
 	'dbms'			=> $dbms,
 	'dbhost'		=> $dbhost,

phpBB/install/database_update.php

@@ -8,7 +8,7 @@
 *
 */
 
-define('UPDATES_TO_VERSION', '3.0.12-RC2');
+define('UPDATES_TO_VERSION', '3.0.13');
 
 // Enter any version to update from to test updates. The version within the db will not be updated.
 define('DEBUG_FROM_VERSION', false);
@@ -949,7 +949,7 @@ function database_update_info()
 						// this column was removed from the database updater
 						// after 3.0.9-RC3 was released. It might still exist
 						// in 3.0.9-RCX installations and has to be dropped in
-						// 3.0.13 after the db_tools class is capable of properly
+						// 3.0.14 after the db_tools class is capable of properly
 						// removing a primary key.
 						// 'attempt_id'			=> array('UINT', NULL, 'auto_increment'),
 						'attempt_ip'			=> array('VCHAR:40', ''),
@@ -1007,8 +1007,16 @@ function database_update_info()
 		'3.0.11'		=> array(),
 		// No changes from 3.0.12-RC1 to 3.0.12-RC2
 		'3.0.12-RC1'	=> array(),
+		// No changes from 3.0.12-RC2 to 3.0.12-RC3
+		'3.0.12-RC2'	=> array(),
+		// No changes from 3.0.12-RC3 to 3.0.12
+		'3.0.12-RC3'	=> array(),
+		// No changes from 3.0.12 to 3.0.13-RC1
+		'3.0.12'		=> array(),
+		// No changes from 3.0.13-RC1 to 3.0.13
+		'3.0.13-RC1'		=> array(),
 
-		/** @todo DROP LOGIN_ATTEMPT_TABLE.attempt_id in 3.0.13-RC1 */
+		/** @todo DROP LOGIN_ATTEMPT_TABLE.attempt_id in 3.0.14-RC1 */
 	);
 }
 
@@ -2242,6 +2250,22 @@ function change_database_data(&$no_updates, $version)
 		// No changes from 3.0.12-RC1 to 3.0.12-RC2
 		case '3.0.12-RC1':
 		break;
+
+		// No changes from 3.0.12-RC2 to 3.0.12-RC3
+		case '3.0.12-RC2':
+		break;
+
+		// No changes from 3.0.12-RC3 to 3.0.12
+		case '3.0.12-RC3':
+		break;
+
+		// No changes from 3.0.12 to 3.0.13-RC1
+		case '3.0.12':
+		break;
+
+		// No changes from 3.0.13-RC1 to 3.0.13
+		case '3.0.13-RC1':
+		break;
 	}
 }
 

phpBB/install/index.php

@@ -641,8 +641,9 @@ class module
 			case 'password':
 				$size = (int) $tpl_type[1];
 				$maxlength = (int) $tpl_type[2];
+				$autocomplete = (isset($options['autocomplete']) && $options['autocomplete'] == 'off') ? ' autocomplete="off"' : '';
 
-				$tpl = '<input id="' . $name . '" type="' . $tpl_type[0] . '"' . (($size) ? ' size="' . $size . '"' : '') . ' maxlength="' . (($maxlength) ? $maxlength : 255) . '" name="' . $name . '" value="' . $value . '" />';
+				$tpl = '<input id="' . $name . '" type="' . $tpl_type[0] . '"' . (($size) ? ' size="' . $size . '"' : '') . ' maxlength="' . (($maxlength) ? $maxlength : 255) . '" name="' . $name . '"' . $autocomplete . ' value="' . $value . '" />';
 			break;
 
 			case 'textarea':

phpBB/install/install_convert.php

@@ -417,7 +417,7 @@ class install_convert extends module
 
 			if (!isset($available_dbms[$src_dbms]) || !$available_dbms[$src_dbms]['AVAILABLE'])
 			{
-				$error['db'][] = $lang['INST_ERR_NO_DB'];
+				$error[] = $lang['INST_ERR_NO_DB'];
 				$connect_test = false;
 			}
 			else

phpBB/install/install_install.php

@@ -273,8 +273,8 @@ class install_install extends module
 			$checks = array(
 				array('func_overload', '&', MB_OVERLOAD_MAIL|MB_OVERLOAD_STRING),
 				array('encoding_translation', '!=', 0),
-				array('http_input', '!=', 'pass'),
-				array('http_output', '!=', 'pass')
+				array('http_input', '!=', array('pass', '')),
+				array('http_output', '!=', array('pass', ''))
 			);
 
 			foreach ($checks as $mb_checks)
@@ -295,7 +295,8 @@ class install_install extends module
 					break;
 
 					case '!=':
-						if ($ini_val != $mb_checks[2])
+						if (!is_array($mb_checks[2]) && $ini_val != $mb_checks[2] ||
+							is_array($mb_checks[2]) && !in_array($ini_val, $mb_checks[2]))
 						{
 							$result = '<strong style="color:red">' . $lang['NO'] . '</strong>';
 							$passed['mbstring'] = false;
@@ -1624,6 +1625,45 @@ class install_install extends module
 				$_module->move_module_by($row, 'move_up', 5);
 			}
 
+			if ($module_class == 'mcp')
+			{
+				// Move pm report details module 3 down...
+				$sql = 'SELECT *
+					FROM ' . MODULES_TABLE . "
+					WHERE module_basename = 'pm_reports'
+						AND module_class = 'mcp'
+						AND module_mode = 'pm_report_details'";
+				$result = $db->sql_query($sql);
+				$row = $db->sql_fetchrow($result);
+				$db->sql_freeresult($result);
+
+				$_module->move_module_by($row, 'move_down', 3);
+
+				// Move closed pm reports module 3 down...
+				$sql = 'SELECT *
+					FROM ' . MODULES_TABLE . "
+					WHERE module_basename = 'pm_reports'
+						AND module_class = 'mcp'
+						AND module_mode = 'pm_reports_closed'";
+				$result = $db->sql_query($sql);
+				$row = $db->sql_fetchrow($result);
+				$db->sql_freeresult($result);
+
+				$_module->move_module_by($row, 'move_down', 3);
+
+				// Move open pm reports module 3 down...
+				$sql = 'SELECT *
+					FROM ' . MODULES_TABLE . "
+					WHERE module_basename = 'pm_reports'
+						AND module_class = 'mcp'
+						AND module_mode = 'pm_reports'";
+				$result = $db->sql_query($sql);
+				$row = $db->sql_fetchrow($result);
+				$db->sql_freeresult($result);
+
+				$_module->move_module_by($row, 'move_down', 3);
+			}
+
 			if ($module_class == 'ucp')
 			{
 				// Move attachment module 4 down...
@@ -2045,8 +2085,8 @@ class install_install extends module
 		'smtp_delivery'			=> array('lang' => 'USE_SMTP',			'type' => 'radio:yes_no', 'explain' => true),
 		'smtp_host'				=> array('lang' => 'SMTP_SERVER',		'type' => 'text:25:50', 'explain' => false),
 		'smtp_auth'				=> array('lang' => 'SMTP_AUTH_METHOD',	'type' => 'select', 'options' => '$this->module->mail_auth_select(\'{VALUE}\')', 'explain' => true),
-		'smtp_user'				=> array('lang' => 'SMTP_USERNAME',		'type' => 'text:25:255', 'explain' => true),
-		'smtp_pass'				=> array('lang' => 'SMTP_PASSWORD',		'type' => 'password:25:255', 'explain' => true),
+		'smtp_user'				=> array('lang' => 'SMTP_USERNAME',		'type' => 'text:25:255', 'explain' => true, 'options' => array('autocomplete' => 'off')),
+		'smtp_pass'				=> array('lang' => 'SMTP_PASSWORD',		'type' => 'password:25:255', 'explain' => true, 'options' => array('autocomplete' => 'off')),
 
 		'legend2'				=> 'SERVER_URL_SETTINGS',
 		'cookie_secure'			=> array('lang' => 'COOKIE_SECURE',		'type' => 'radio:enabled_disabled', 'explain' => true),

phpBB/install/install_update.php

@@ -58,7 +58,6 @@ class install_update extends module
 	var $new_location;
 	var $latest_version;
 	var $current_version;
-	var $unequal_version;
 
 	var $update_to_version;
 
@@ -76,7 +75,6 @@ class install_update extends module
 
 		$this->tpl_name = 'install_update';
 		$this->page_title = 'UPDATE_INSTALLATION';
-		$this->unequal_version = false;
 
 		$this->old_location = $phpbb_root_path . 'install/update/old/';
 		$this->new_location = $phpbb_root_path . 'install/update/new/';
@@ -195,8 +193,6 @@ class install_update extends module
 		// Check if the update files are actually meant to update from the current version
 		if ($this->current_version != $this->update_info['version']['from'])
 		{
-			$this->unequal_version = true;
-
 			$template->assign_vars(array(
 				'S_ERROR'	=> true,
 				'ERROR_MSG'	=> sprintf($user->lang['INCOMPATIBLE_UPDATE_FILES'], $this->current_version, $this->update_info['version']['from'], $this->update_info['version']['to']),
@@ -204,10 +200,8 @@ class install_update extends module
 		}
 
 		// Check if the update files stored are for the latest version...
-		if ($this->latest_version != $this->update_info['version']['to'])
+		if (version_compare(strtolower($this->latest_version), strtolower($this->update_info['version']['to']), '>'))
 		{
-			$this->unequal_version = true;
-
 			$template->assign_vars(array(
 				'S_WARNING'		=> true,
 				'WARNING_MSG'	=> sprintf($user->lang['OLD_UPDATE_FILES'], $this->update_info['version']['from'], $this->update_info['version']['to'], $this->latest_version))
@@ -232,7 +226,14 @@ class install_update extends module
 			}
 
 			// What about the language file? Got it updated?
-			if (in_array('language/en/install.' . $phpEx, $this->update_info['files']))
+			if (in_array('language/' . $language . '/install.' . $phpEx, $this->update_info['files']))
+			{
+				$lang = array();
+				include($this->new_location . 'language/' . $language . '/install.' . $phpEx);
+				// this is the user's language.. just merge it
+				$user->lang = array_merge($user->lang, $lang);
+			}
+			if ($language != 'en' && in_array('language/en/install.' . $phpEx, $this->update_info['files']))
 			{
 				$lang = array();
 				include($this->new_location . 'language/en/install.' . $phpEx);
@@ -287,7 +288,7 @@ class install_update extends module
 				);
 
 				// Print out version the update package updates to
-				if ($this->unequal_version)
+				if ($this->latest_version != $this->update_info['version']['to'])
 				{
 					$template->assign_var('PACKAGE_VERSION', $this->update_info['version']['to']);
 				}

phpBB/install/schemas/schema_data.sql

@@ -246,7 +246,7 @@ INSERT INTO phpbb_config (config_name, config_value) VALUES ('topics_per_page',
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('tpl_allow_php', '0');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('upload_icons_path', 'images/upload_icons');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('upload_path', 'files');
-INSERT INTO phpbb_config (config_name, config_value) VALUES ('version', '3.0.12-RC2');
+INSERT INTO phpbb_config (config_name, config_value) VALUES ('version', '3.0.13');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('warnings_expire_days', '90');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('warnings_gc', '14400');
 
@@ -668,7 +668,7 @@ INSERT INTO phpbb_acl_groups (group_id, forum_id, auth_option_id, auth_role_id,
 # Bots having bot access
 INSERT INTO phpbb_acl_groups (group_id, forum_id, auth_option_id, auth_role_id, auth_setting) VALUES (6, 2, 0, 19, 0);
 
-# NEW MEMBERS aren't allowed to PM
+# NEW MEMBERS are not allowed to send private messages
 INSERT INTO phpbb_acl_groups (group_id, forum_id, auth_option_id, auth_role_id, auth_setting) VALUES (7, 0, 0, 23, 0);
 
 # NEW MEMBERS on the queue

phpBB/language/en/acp/ban.php

@@ -74,11 +74,11 @@ $lang = array_merge($lang, array(
 	'PERMANENT'		=> 'Permanent',
 
 	'UNTIL'						=> 'Until',
-	'USER_BAN'					=> 'Ban one or more usernames',
+	'USER_BAN'					=> 'Ban one or more users by username',
 	'USER_BAN_EXCLUDE_EXPLAIN'	=> 'Enable this to exclude the entered users from all current bans.',
 	'USER_BAN_EXPLAIN'			=> 'You can ban multiple users in one go by entering each name on a new line. Use the <span style="text-decoration: underline;">Find a member</span> facility to look up and add one or more users automatically.',
 	'USER_NO_BANNED'			=> 'No banned usernames',
-	'USER_UNBAN'				=> 'Un-ban or un-exclude usernames',
+	'USER_UNBAN'				=> 'Un-ban or un-exclude users by username',
 	'USER_UNBAN_EXPLAIN'		=> 'You can unban (or un-exclude) multiple users in one go using the appropriate combination of mouse and keyboard for your computer and browser. Excluded users are emphasised.',
 ));
 

phpBB/language/en/acp/board.php

@@ -44,7 +44,7 @@ $lang = array_merge($lang, array(
 	'DEFAULT_LANGUAGE'				=> 'Default language',
 	'DEFAULT_STYLE'					=> 'Default style',
 	'DISABLE_BOARD'					=> 'Disable board',
-	'DISABLE_BOARD_EXPLAIN'			=> 'This will make the board unavailable to users. You can also enter a short (255 character) message to display if you wish.',
+	'DISABLE_BOARD_EXPLAIN'			=> 'This will make the board unavailable to users who are neither administrators nor moderators. You can also enter a short (255 character) message to display if you wish.',
 	'OVERRIDE_STYLE'				=> 'Override user style',
 	'OVERRIDE_STYLE_EXPLAIN'		=> 'Replaces user’s style with the default.',
 	'SITE_DESC'						=> 'Site description',
@@ -104,7 +104,7 @@ $lang = array_merge($lang, array(
 	'AVATAR_GALLERY_PATH'			=> 'Avatar gallery path',
 	'AVATAR_GALLERY_PATH_EXPLAIN'	=> 'Path under your phpBB root directory for pre-loaded images, e.g. <samp>images/avatars/gallery</samp>.',
 	'AVATAR_STORAGE_PATH'			=> 'Avatar storage path',
-	'AVATAR_STORAGE_PATH_EXPLAIN'	=> 'Path under your phpBB root directory, e.g. <samp>images/avatars/upload</samp>.',
+	'AVATAR_STORAGE_PATH_EXPLAIN'	=> 'Path under your phpBB root directory, e.g. <samp>images/avatars/upload</samp>.<br />Avatar uploading <strong>will not be available</strong> if this path is not writable.',
 	'MAX_AVATAR_SIZE'				=> 'Maximum avatar dimensions',
 	'MAX_AVATAR_SIZE_EXPLAIN'		=> 'Width x Height in pixels.',
 	'MAX_FILESIZE'					=> 'Maximum avatar file size',

phpBB/language/en/acp/common.php

@@ -50,7 +50,7 @@ $lang = array_merge($lang, array(
 	'ACP_BAN'					=> 'Banning',
 	'ACP_BAN_EMAILS'			=> 'Ban e-mails',
 	'ACP_BAN_IPS'				=> 'Ban IPs',
-	'ACP_BAN_USERNAMES'			=> 'Ban usernames',
+	'ACP_BAN_USERNAMES'			=> 'Ban users',
 	'ACP_BBCODES'				=> 'BBCodes',
 	'ACP_BOARD_CONFIGURATION'	=> 'Board configuration',
 	'ACP_BOARD_FEATURES'		=> 'Board features',

phpBB/language/en/acp/email.php

@@ -37,7 +37,7 @@ if (empty($lang) || !is_array($lang))
 
 // Email settings
 $lang = array_merge($lang, array(
-	'ACP_MASS_EMAIL_EXPLAIN'		=> 'Here you can e-mail a message to either all of your users or all users of a specific group <strong>having the option to receive mass e-mails enabled</strong>. To achieve this an e-mail will be sent out to the administrative e-mail address supplied, with a blind carbon copy sent to all recipients. The default setting is to only include 50 recipients in such an e-mail, for more recipients more e-mails will be sent. If you are emailing a large group of people please be patient after submitting and do not stop the page halfway through. It is normal for a mass emailing to take a long time, you will be notified when the script has completed.',
+	'ACP_MASS_EMAIL_EXPLAIN'		=> 'Here you can e-mail a message to either all of your users or all users of a specific group <strong>having the option to receive mass e-mails enabled</strong>. To achieve this an e-mail will be sent out to the administrative e-mail address supplied, with a blind carbon copy sent to all recipients. The default setting is to only include 20 recipients in such an e-mail, for more recipients more e-mails will be sent. If you are emailing a large group of people please be patient after submitting and do not stop the page halfway through. It is normal for a mass emailing to take a long time, you will be notified when the script has completed.',
 	'ALL_USERS'						=> 'All users',
 
 	'COMPOSE'				=> 'Compose',

phpBB/language/en/acp/users.php

@@ -52,6 +52,7 @@ $lang = array_merge($lang, array(
 	'CANNOT_FORCE_REACT_FOUNDER'	=> 'You are not allowed to force reactivation on founder accounts.',
 	'CANNOT_FORCE_REACT_YOURSELF'	=> 'You are not allowed to force reactivation of your own account.',
 	'CANNOT_REMOVE_ANONYMOUS'		=> 'You are not able to remove the guest user account.',
+	'CANNOT_REMOVE_FOUNDER'			=> 'You are not allowed to remove founder accounts.',
 	'CANNOT_REMOVE_YOURSELF'		=> 'You are not allowed to remove your own user account.',
 	'CANNOT_SET_FOUNDER_IGNORED'	=> 'You are not able to promote ignored users to be founders.',
 	'CANNOT_SET_FOUNDER_INACTIVE'	=> 'You need to activate users before you promote them to founders, only activated users are able to be promoted.',

phpBB/language/en/common.php

@@ -88,9 +88,10 @@ $lang = array_merge($lang, array(
 	'AVATAR_PARTIAL_UPLOAD'			=> 'The specified file was only partially uploaded.',
 	'AVATAR_PHP_SIZE_NA'			=> 'The avatar’s filesize is too large.<br />The maximum allowed filesize set in php.ini could not be determined.',
 	'AVATAR_PHP_SIZE_OVERRUN'		=> 'The avatar’s filesize is too large. The maximum allowed upload size is %1$d %2$s.<br />Please note this is set in php.ini and cannot be overridden.',
+	'AVATAR_REMOTE_UPLOAD_TIMEOUT'		=> 'The specified avatar could not be uploaded because the request timed out.',
 	'AVATAR_URL_INVALID'			=> 'The URL you specified is invalid.',
 	'AVATAR_URL_NOT_FOUND'			=> 'The file specified could not be found.',
-	'AVATAR_WRONG_FILESIZE'			=> 'The avatar’s filesize must be between 0 and %1d %2s.',
+	'AVATAR_WRONG_FILESIZE'			=> 'The avatar’s filesize must be between 0 and %1$d %2$s.',
 	'AVATAR_WRONG_SIZE'				=> 'The submitted avatar is %5$d pixels wide and %6$d pixels high. Avatars must be at least %1$d pixels wide and %2$d pixels high, but no larger than %3$d pixels wide and %4$d pixels high.',
 
 	'BACK_TO_TOP'			=> 'Top',
@@ -341,6 +342,9 @@ $lang = array_merge($lang, array(
 	'MODERATE'				=> 'Moderate',
 	'MODERATOR'				=> 'Moderator',
 	'MODERATORS'			=> 'Moderators',
+	'MODULE_NOT_ACCESS'		=> 'Module not accessible',
+	'MODULE_NOT_FIND'		=> 'Cannot find module %s',
+	'MODULE_FILE_INCORRECT_CLASS'	=> 'Module file %s does not contain correct class [%s]',
 	'MONTH'					=> 'Month',
 	'MOVE'					=> 'Move',
 	'MSNM'					=> 'MSNM/WLM',
@@ -651,7 +655,7 @@ $lang = array_merge($lang, array(
 	'TOTAL_USERS_ZERO'	=> 'Total members <strong>0</strong>',
 	'TRACKED_PHP_ERROR'	=> 'Tracked PHP errors: %s',
 
-	'UNABLE_GET_IMAGE_SIZE'	=> 'It was not possible to determine the dimensions of the image.',
+	'UNABLE_GET_IMAGE_SIZE'	=> 'It was not possible to determine the dimensions of the image. Please verify that the URL you entered is correct.',
 	'UNABLE_TO_DELIVER_FILE'=> 'Unable to deliver file.',
 	'UNKNOWN_BROWSER'		=> 'Unknown browser',
 	'UNMARK_ALL'			=> 'Unmark all',

phpBB/language/en/email/forum_notify.txt

@@ -2,7 +2,7 @@ Subject: Forum post notification - "{FORUM_NAME}"
 
 Hello {USERNAME},
 
-You are receiving this notification because you are watching the forum, "{FORUM_NAME}" at "{SITENAME}". This forum has received a new reply to the topic "{TOPIC_TITLE}"<!-- IF AUTHOR_NAME --> by {AUTHOR_NAME}<!-- ENDIF --> since your last visit. You can use the following link to view the last unread reply, no more notifications will be sent until you visit the topic.
+You are receiving this notification because you are watching the forum "{FORUM_NAME}" at "{SITENAME}". This forum has received a new reply to the topic "{TOPIC_TITLE}"<!-- IF AUTHOR_NAME !== '' --> by {AUTHOR_NAME}<!-- ENDIF --> since your last visit. You can use the following link to view the last unread reply, no more notifications will be sent until you visit the topic.
 
 {U_NEWEST_POST}
 

phpBB/language/en/email/newtopic_notify.txt

@@ -2,7 +2,7 @@ Subject: New topic notification - "{FORUM_NAME}"
 
 Hello {USERNAME},
 
-You are receiving this notification because you are watching the forum, "{FORUM_NAME}" at "{SITENAME}". This forum has received a new topic<!-- IF AUTHOR_NAME --> by {AUTHOR_NAME}<!-- ENDIF --> since your last visit, "{TOPIC_TITLE}". You can use the following link to view the forum, no more notifications will be sent until you visit the forum.
+You are receiving this notification because you are watching the forum "{FORUM_NAME}" at "{SITENAME}". This forum has received a new topic<!-- IF AUTHOR_NAME !== '' --> by {AUTHOR_NAME}<!-- ENDIF --> since your last visit, "{TOPIC_TITLE}". You can use the following link to view the forum, no more notifications will be sent until you visit the forum.
 
 {U_FORUM}
 

phpBB/language/en/email/topic_notify.txt

@@ -2,7 +2,7 @@ Subject: Topic reply notification - "{TOPIC_TITLE}"
 
 Hello {USERNAME},
 
-You are receiving this notification because you are watching the topic, "{TOPIC_TITLE}" at "{SITENAME}". This topic has received a reply<!-- IF AUTHOR_NAME --> by {AUTHOR_NAME}<!-- ENDIF --> since your last visit. You can use the following link to view the replies made, no more notifications will be sent until you visit the topic.
+You are receiving this notification because you are watching the topic "{TOPIC_TITLE}" at "{SITENAME}". This topic has received a reply<!-- IF AUTHOR_NAME !== '' --> by {AUTHOR_NAME}<!-- ENDIF --> since your last visit. No more notifications will be sent until you visit the topic.
 
 If you want to view the newest post made since your last visit, click the following link:
 {U_NEWEST_POST}
@@ -14,7 +14,6 @@ If you want to view the forum, click the following link:
 {U_FORUM}
 
 If you no longer wish to watch this topic you can either click the "Unsubscribe topic" link found at the bottom of the topic above, or by clicking the following link:
-
 {U_STOP_WATCHING_TOPIC}
 
 {EMAIL_SIG}

phpBB/language/en/memberlist.php

@@ -138,6 +138,7 @@ $lang = array_merge($lang, array(
 	),
 	'USER_ONLINE'			=> 'Online',
 	'USER_PRESENCE'			=> 'Board presence',
+	'USERS_PER_PAGE'		=> 'Users per page',
 
 	'VIEWING_PROFILE'		=> 'Viewing profile - %s',
 	'VISITED'				=> 'Last visited',

phpBB/language/en/posting.php

@@ -178,6 +178,7 @@ $lang = array_merge($lang, array(
 
 	'QUOTE_DEPTH_EXCEEDED'		=> 'You may embed only %1$d quotes within each other.',
 
+	'REMOTE_UPLOAD_TIMEOUT'		=> 'The specified file could not be uploaded because the request timed out.',
 	'SAVE'						=> 'Save',
 	'SAVE_DATE'					=> 'Saved at',
 	'SAVE_DRAFT'				=> 'Save draft',
@@ -219,7 +220,7 @@ $lang = array_merge($lang, array(
 	'VIEW_MESSAGE'				=> '%sView your submitted message%s',
 	'VIEW_PRIVATE_MESSAGE'		=> '%sView your submitted private message%s',
 
-	'WRONG_FILESIZE'			=> 'The file is too big, maximum allowed size is %1d %2s.',
+	'WRONG_FILESIZE'			=> 'The file is too big, maximum allowed size is %1$d %2$s.',
 	'WRONG_SIZE'				=> 'The image must be at least %1$d pixels wide, %2$d pixels high and at most %3$d pixels wide and %4$d pixels high. The submitted image is %5$d pixels wide and %6$d pixels high.',
 ));
 

phpBB/language/en/ucp.php

@@ -266,7 +266,7 @@ $lang = array_merge($lang, array(
 	'MOVE_DELETED_MESSAGES_TO'		=> 'Move messages from removed folder to',
 	'MOVE_DOWN'						=> 'Move down',
 	'MOVE_MARKED_TO_FOLDER'			=> 'Move marked to %s',
-	'MOVE_PM_ERROR'					=> 'An error occurred while moving the messages to the new folder, only %1d from %2d messages were moved.',
+	'MOVE_PM_ERROR'					=> 'An error occurred while moving the messages to the new folder, only %1$d from %2$d messages were moved.',
 	'MOVE_TO_FOLDER'				=> 'Move to folder',
 	'MOVE_UP'						=> 'Move up',
 

phpBB/posting.php

@@ -1131,8 +1131,14 @@ if ($submit || $preview || $refresh)
 				$data['topic_replies'] = $post_data['topic_replies'];
 			}
 
+			// Only return the username when it is either a guest posting or we are editing a post and
+			// the username was supplied; otherwise post_data might hold the data of the post that is
+			// being quoted (which could result in the username being returned being that of the quoted
+			// post's poster, not the poster of the current post). See: PHPBB3-11769 for more information.
+			$post_author_name = ((!$user->data['is_registered'] || $mode == 'edit') && $post_data['username'] !== '') ? $post_data['username'] : '';
+
 			// The last parameter tells submit_post if search indexer has to be run
-			$redirect_url = submit_post($mode, $post_data['post_subject'], $post_data['username'], $post_data['topic_type'], $poll, $data, $update_message, ($update_message || $update_subject) ? true : false);
+			$redirect_url = submit_post($mode, $post_data['post_subject'], $post_author_name, $post_data['topic_type'], $poll, $data, $update_message, ($update_message || $update_subject) ? true : false);
 
 			if ($config['enable_post_confirm'] && !$user->data['is_registered'] && (isset($captcha) && $captcha->is_solved() === true) && ($mode == 'post' || $mode == 'reply' || $mode == 'quote'))
 			{

phpBB/search.php

@@ -540,12 +540,6 @@ if ($keywords || $author || $author_id || $search_id || $submit)
 		$total_match_count = $search->author_search($show_results, $firstpost_only, $sort_by_sql, $sort_key, $sort_dir, $sort_days, $ex_fid_ary, $m_approve_fid_ary, $topic_id, $author_id_ary, $sql_author_match, $id_ary, $start, $per_page);
 	}
 
-	// For some searches we need to print out the "no results" page directly to allow re-sorting/refining the search options.
-	if (!sizeof($id_ary) && !$search_id)
-	{
-		trigger_error('NO_SEARCH_RESULTS');
-	}
-
 	$sql_where = '';
 
 	if (sizeof($id_ary))
@@ -580,9 +574,9 @@ if ($keywords || $author || $author_id || $search_id || $submit)
 	}
 
 	// define some vars for urls
-	$hilit = implode('|', explode(' ', preg_replace('#\s+#u', ' ', str_replace(array('+', '-', '|', '(', ')', '"'), ' ', $keywords))));
-	// Do not allow *only* wildcard being used for hilight
-	$hilit = (strspn($hilit, '*') === strlen($hilit)) ? '' : $hilit;
+	// A single wildcard will make the search results look ugly
+	$hilit = phpbb_clean_search_string(str_replace(array('+', '-', '|', '(', ')', '"'), ' ', $keywords));
+	$hilit = str_replace(' ', '|', $hilit);
 
 	$u_hilit = urlencode(htmlspecialchars_decode(str_replace('|', ' ', $hilit)));
 	$u_show_results = '&sr=' . $show_results;
@@ -846,7 +840,8 @@ if ($keywords || $author || $author_id || $search_id || $submit)
 			$hilit_array = array_filter(explode('|', $hilit), 'strlen');
 			foreach ($hilit_array as $key => $value)
 			{
-				$hilit_array[$key] = str_replace('\*', '\w*?', preg_quote($value, '#'));
+				$hilit_array[$key] = phpbb_clean_search_string($value);
+				$hilit_array[$key] = str_replace('\*', '\w*?', preg_quote($hilit_array[$key], '#'));
 				$hilit_array[$key] = preg_replace('#(^|\s)\\\\w\*\?(\s|$)#', '$1\w+?$2', $hilit_array[$key]);
 			}
 			$hilit = implode('|', $hilit_array);

phpBB/styles/prosilver/imageset/imageset.cfg

@@ -19,7 +19,7 @@
 # General Information about this style
 name = prosilver
 copyright = © phpBB Group, 2007
-version = 3.0.12
+version = 3.0.13
 
 # Images
 img_site_logo = site_logo.gif*52*139

phpBB/styles/prosilver/style.cfg

@@ -18,5 +18,5 @@
 
 # General Information about this style
 name = prosilver
-copyright = © phpBB Group, 2007
-version = 3.0.12
+copyright = © phpBB Group, 2007
+version = 3.0.13

phpBB/styles/prosilver/template/editor.js

@@ -347,7 +347,7 @@ function mozWrap(txtarea, open, close)
 */
 function storeCaret(textEl)
 {
-	if (textEl.createTextRange)
+	if (textEl.createTextRange && document.selection)
 	{
 		textEl.caretPos = document.selection.createRange().duplicate();
 	}

phpBB/styles/prosilver/template/forum_fn.js

@@ -403,7 +403,7 @@ function apply_onkeypress_event()
 	// jQuery code in case jQuery is used
 	if (jquery_present)
 	{
-		jQuery('form input[type=text], form input[type=password]').live('keypress', function (e)
+		jQuery('form input[type=text], form input[type=password]').on('keypress', function (e)
 		{
 			var default_button = jQuery(this).parents('form').find('input[type=submit].default-submit-action');
 			

phpBB/styles/prosilver/template/forumlist_body.html

@@ -47,6 +47,8 @@
 						<!-- IF forumrow.LAST_POST_TIME --><dfn>{L_LAST_POST}</dfn> {L_POST_BY_AUTHOR} {forumrow.LAST_POSTER_FULL}
 						<!-- IF not S_IS_BOT --><a href="{forumrow.U_LAST_POST}">{LAST_POST_IMG}</a> <!-- ENDIF --><br />{forumrow.LAST_POST_TIME}<!-- ELSE -->{L_NO_POSTS}<br />&nbsp;<!-- ENDIF --></span>
 					</dd>
+				<!-- ELSE -->
+					<dd>&nbsp;</dd>
 				<!-- ENDIF -->
 			</dl>
 		</li>

phpBB/styles/prosilver/template/mcp_post.html

@@ -13,7 +13,7 @@
 		<div class="postbody">
 			<h3>{L_REPORT_REASON}: {REPORT_REASON_TITLE}</h3>
 			<p class="author">{L_REPORTED} {L_POST_BY_AUTHOR} {REPORTER_FULL} &laquo; {REPORT_DATE}</p>
-		<!-- IF not S_POST_REPORTED -->
+		<!-- IF S_REPORT_CLOSED -->
 			<p class="rules">{L_REPORT_CLOSED}</p>
 		<!-- ENDIF -->
 			<div class="content">
@@ -31,7 +31,7 @@
 	<form method="post" id="mcp_report" action="{S_CLOSE_ACTION}">
 
 	<fieldset class="submit-buttons">
-		<!-- IF S_POST_REPORTED -->
+		<!-- IF not S_REPORT_CLOSED -->
 			<input class="button1" type="submit" value="{L_CLOSE_REPORT}" name="action[close]" /> &nbsp;
 		<!-- ENDIF -->
 		<input class="button2" type="submit" value="{L_DELETE_REPORT}" name="action[delete]" />

phpBB/styles/prosilver/template/overall_footer.html

@@ -6,7 +6,7 @@
 		<div class="inner"><span class="corners-top"><span></span></span>
 
 		<ul class="linklist">
-			<li class="icon-home"><a href="{U_INDEX}" accesskey="h">{L_INDEX}</a></li>
+			<li class="icon-home"><a href="{U_INDEX}">{L_INDEX}</a></li>
 				<!-- IF not S_IS_BOT -->
 					<!-- IF S_WATCH_FORUM_LINK --><li <!-- IF S_WATCHING_FORUM -->class="icon-unsubscribe"<!-- ELSE -->class="icon-subscribe"<!-- ENDIF -->><a href="{S_WATCH_FORUM_LINK}" title="{S_WATCH_FORUM_TITLE}">{S_WATCH_FORUM_TITLE}</a></li><!-- ENDIF -->
 					<!-- IF U_WATCH_TOPIC --><li <!-- IF S_WATCHING_TOPIC -->class="icon-unsubscribe"<!-- ELSE -->class="icon-subscribe"<!-- ENDIF -->><a href="{U_WATCH_TOPIC}" title="{L_WATCH_TOPIC}">{L_WATCH_TOPIC}</a></li><!-- ENDIF -->

phpBB/styles/prosilver/template/posting_smilies.html

@@ -2,8 +2,8 @@
 
 <script type="text/javascript">
 // <![CDATA[
-	var form_name = 'postform';
-	var text_name = 'message';
+	var form_name = opener.form_name;
+	var text_name = opener.text_name;
 // ]]>
 </script>
 <script type="text/javascript" src="{T_SUPER_TEMPLATE_PATH}/editor.js"></script>

phpBB/styles/prosilver/template/template.cfg

@@ -19,7 +19,7 @@
 # General Information about this template
 name = prosilver
 copyright = © phpBB Group, 2007
-version = 3.0.12
+version = 3.0.13
 
 # Defining a different template bitfield
 template_bitfield = lNg=

phpBB/styles/prosilver/template/ucp_groups_manage.html

@@ -54,7 +54,7 @@
 	<fieldset>
 	<dl>
 		<dt><label for="group_colour">{L_GROUP_COLOR}:</label><br /><span>{L_GROUP_COLOR_EXPLAIN}</span></dt>
-		<dd><input name="group_colour" type="text" id="group_colour" value="{GROUP_COLOUR}" size="6" maxlength="6" class="inputbox narrow" /> <span style="background-color: {GROUP_COLOUR};">&nbsp;&nbsp;&nbsp;</span> [ <a href="{U_SWATCH}" onclick="popup(this.href, 636, 150, '_swatch'); return false;">{L_COLOUR_SWATCH}</a> ]</dd>
+		<dd><input name="group_colour" type="text" id="group_colour" value="{GROUP_COLOUR}" size="6" maxlength="6" class="inputbox narrow" /> <span style="background-color: #{GROUP_COLOUR};">&nbsp;&nbsp;&nbsp;</span> [ <a href="{U_SWATCH}" onclick="popup(this.href, 636, 150, '_swatch'); return false;">{L_COLOUR_SWATCH}</a> ]</dd>
 	</dl>
 	<dl>
 		<dt><label for="group_rank">{L_GROUP_RANK}:</label></dt>

phpBB/styles/prosilver/template/ucp_pm_viewmessage_print.html

@@ -8,8 +8,6 @@
 <meta http-equiv="imagetoolbar" content="no" />
 <meta name="resource-type" content="document" />
 <meta name="distribution" content="global" />
-<meta name="keywords" content="" />
-<meta name="description" content="" />
 <meta name="robots" content="noindex" />
 {META}
 <title>{SITENAME} &bull; {PAGE_TITLE}</title>

phpBB/styles/prosilver/template/ucp_profile_profile_info.html

@@ -50,9 +50,9 @@
 		<dl>
 			<dt><label for="bday_day">{L_BIRTHDAY}:</label><br /><span>{L_BIRTHDAY_EXPLAIN}</span></dt>
 			<dd>
-				<label for="bday_day">{L_DAY}: <select name="bday_day" id="bday_day" style="width: 4em;">{S_BIRTHDAY_DAY_OPTIONS}</select></label> 
-				<label for="bday_month">{L_MONTH}: <select name="bday_month" id="bday_month" style="width: 4em;">{S_BIRTHDAY_MONTH_OPTIONS}</select></label> 
-				<label for="bday_year">{L_YEAR}: <select name="bday_year" id="bday_year" style="width: 6em;">{S_BIRTHDAY_YEAR_OPTIONS}</select></label>
+				<label for="bday_day">{L_DAY}: <select name="bday_day" id="bday_day">{S_BIRTHDAY_DAY_OPTIONS}</select></label> 
+				<label for="bday_month">{L_MONTH}: <select name="bday_month" id="bday_month">{S_BIRTHDAY_MONTH_OPTIONS}</select></label> 
+				<label for="bday_year">{L_YEAR}: <select name="bday_year" id="bday_year">{S_BIRTHDAY_YEAR_OPTIONS}</select></label>
 			</dd>
 		</dl>
 	<!-- ENDIF -->

phpBB/styles/prosilver/template/ucp_profile_reg_details.html

@@ -7,7 +7,7 @@
 	<div class="inner"><span class="corners-top"><span></span></span>
 
 	<!-- IF S_FORCE_PASSWORD -->
-		<p>{L_FORCE_PASSWORD_EXPLAIN}</p>
+		<p class="error">{L_FORCE_PASSWORD_EXPLAIN}</p>
 	<!-- ENDIF -->
 
 	<fieldset>
@@ -60,4 +60,4 @@
 </fieldset>
 </form>
 
-<!-- INCLUDE ucp_footer.html -->
+<!-- INCLUDE ucp_footer.html -->

phpBB/styles/prosilver/template/viewtopic_print.html

@@ -8,8 +8,6 @@
 <meta http-equiv="imagetoolbar" content="no" />
 <meta name="resource-type" content="document" />
 <meta name="distribution" content="global" />
-<meta name="keywords" content="" />
-<meta name="description" content="" />
 <meta name="robots" content="noindex" />
 {META}
 <title>{SITENAME} &bull; {PAGE_TITLE}</title>