Merge branch 'prep-release-3.0.10'

* prep-release-3.0.10: (221 commits)
  [prep-release-3.0.10] Bumping version number for 3.0.10 final.
  [prep-release-3.0.10] Update Changelog for 3.0.10-RC3 release.
  [ticket/10531] Disallow deleting of the last style
  [ticket/8996] Revert initial fix to keep old behaviour on empty selection Part2
  [ticket/8996] Revert initial fix to keep old behaviour on empty selection
  [ticket/10319] Missing hidden fields in search form
  [ticket/10504] Revert the changes for widescreen optimisation PHPBB3-6632
  [ticket/10504] Revert the changes for widescreen optimisation PHPBB3-10408
  [ticket/10504] Revert the changes for widescreen optimisation PHPBB3-10485
  [prep-release-3.0.10] Bumping version number for 3.0.10-RC3.
  [ticket/10480] Add a build target for changelog building.
  [ticket/10480] Add a build script for exporting the changelog from tracker.
  [ticket/10502] Fix typo in changelog. 'red' should have been 'read'.
  [prep-release-3.0.10] Remove duplicate ticket PHPBB3-10490 from changelog.
  [ticket/10501] Fix description of table prefixes
  [ticket/10503] Debug error "Invalid arguments" when previewing edits
  [prep-release-3.0.10] Update Changelog for 3.0.10-RC2 release.
  [ticket/10497] Fix SQL error when guest visits forum with unread topic
  [prep-release-3.0.10] Bumping version number for 3.0.10-RC2.
  [ticket/10461] Add a comment explaining the logic here.
  ...

.gitignore

@@ -1,8 +1,12 @@
 *~
-phpBB/cache/*.php
-phpBB/config.php
-phpBB/files/*
-phpBB/images/avatars/upload/*
-phpBB/store/*
-tests/phpbb_unit_tests.sqlite2
-tests/test_config.php
+/phpunit.xml
+/phpBB/cache/*.php
+/phpBB/cache/queue.php.lock
+/phpBB/config.php
+/phpBB/files/*
+/phpBB/images/avatars/gallery/*
+/phpBB/images/avatars/upload/*
+/phpBB/store/*
+/tests/phpbb_unit_tests.sqlite2
+/tests/test_config.php
+/tests/tmp/*

README.md

@@ -0,0 +1,20 @@
+[![phpBB](http://www.phpbb.com/theme/images/logos/blue/160x52.png)](http://www.phpbb.com)
+
+## ABOUT
+
+phpBB is a free bulletin board written in PHP.
+
+## COMMUNITY
+
+Find support and lots more on [phpBB.com](http://www.phpbb.com)! Discuss the development on [area51](http://area51.phpbb.com/phpBB/index.php).
+
+## CONTRIBUTE
+
+1. [Create an account on phpBB.com](http://www.phpbb.com/community/ucp.php?mode=register)
+2. [Create a ticket (unless there already is one)](http://tracker.phpbb.com/secure/CreateIssue!default.jspa)
+3. [Read our Git Contribution Guidelines](http://wiki.phpbb.com/Git); if you're new to git, also read [the introduction guide](http://wiki.phpbb.com/display/DEV/Working+with+Git)
+4. Send us a pull request
+
+## LICENSE
+
+[GNU General Public License v2](http://opensource.org/licenses/gpl-2.0.php)

build/build.xml

@@ -2,9 +2,9 @@
 
 <project name="phpBB" description="The phpBB forum software" default="all" basedir="../">
 	<!-- a few settings for the build -->
-	<property name="newversion" value="3.0.8" />
-	<property name="prevversion" value="3.0.8-RC1" />
-	<property name="olderversions" value="3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.0.7-PL1" />
+	<property name="newversion" value="3.0.10" />
+	<property name="prevversion" value="3.0.9" />
+	<property name="olderversions" value="3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.0.7, 3.0.7-PL1, 3.0.8, 3.0.10-RC1, 3.0.10-RC2, 3.0.10-RC3" />
 	<!-- no configuration should be needed beyond this point -->
 
 	<property name="oldversions" value="${olderversions}, ${prevversion}" />
@@ -12,7 +12,8 @@
 
 	<!-- These are the main targets which you will probably want to use -->
 	<target name="package" depends="clean,prepare,create-package" />
-	<target name="all" depends="clean,prepare,test,create-package" />
+	<target name="all" depends="clean,prepare,test,docs,create-package" />
+	<target name="build" depends="clean,prepare,test,docs" />
 
 	<target name="prepare">
 		<mkdir dir="build/logs" />
@@ -42,26 +43,34 @@
 		<delete dir="build/save" />
 	</target>
 
-	<target name="test">
-		<exec dir="tests"
-			command="phpunit --log-junit ../build/logs/phpunit.xml
-			--coverage-clover ../build/logs/clover.xml
-			--coverage-html ../build/coverage
-			phpbb_all_tests all_tests.php"
+	<target name="test" depends="clean,prepare">
+		<exec dir="."
+			command="phpunit --log-junit build/logs/phpunit.xml
+			--coverage-clover build/logs/clover.xml
+			--coverage-html build/coverage"
 			passthru="true" />
+	</target>
 
+	<target name="test-slow" depends="clean,prepare">
+		<exec dir="."
+			command="phpunit --log-junit build/logs/phpunit.xml
+			--configuration phpunit.xml.all
+			--group slow
+			--coverage-clover build/logs/clover-slow.xml
+			--coverage-html build/coverage-slow"
+			passthru="true" />
+	</target>
 
-		<!-- Does not allow changing the working directory to tests/
-			 so this approach does not work for us unfortunately
-		<phpunit codecoverage="true" haltonfailure="true">
-			<formatter todir="build/logs" type="xml"/>
-			<batchtest>
-				<fileset dir="tests">
-					<include name="all_tests.php"/>
-				</fileset>
-			</batchtest>
-		</phpunit>
-		-->
+	<target name="docs">
+		<!-- only works if you setup phpdoctor:
+                     git clone https://github.com/peej/phpdoctor.git
+                     and then create an executable phpdoctor in your path containing
+                     #!/bin/sh
+                     php -f /path/to/phpdoctor/phpdoc.php $@
+                -->
+		<exec dir="build"
+			command="phpdoctor phpdoc-phpbb.ini"
+			passthru="true" />
 	</target>
 
 	<target name="old-version-diffs">
@@ -110,6 +119,29 @@
 	<target name="create-package" depends="prepare-new-version,old-version-diffs">
 		<exec dir="build" command="php -f package.php '${versions}' > logs/package.log" escape="false" />
 		<exec dir="build" command="php -f build_diff.php '${prevversion}' '${newversion}' > logs/build_diff.log" escape="false" />
+
+		<exec dir="build" escape="false"
+			command="diff -crNEBwd old_versions/release-${prevversion}/language new_version/phpBB3/language >
+				save/save_${prevversion}_to_${newversion}/language/phpbb-${prevversion}_to_${newversion}_language.patch" />
+		<exec dir="build" escape="false"
+			command="diff -crNEBwd old_versions/release-${prevversion}/styles/prosilver new_version/phpBB3/styles/prosilver >
+				save/save_${prevversion}_to_${newversion}/prosilver/phpbb-${prevversion}_to_${newversion}_prosilver.patch" />
+		<exec dir="build" escape="false"
+			command="diff -crNEBwd old_versions/release-${prevversion}/styles/subsilver2 new_version/phpBB3/styles/subsilver2 >
+				save/save_${prevversion}_to_${newversion}/subsilver2/phpbb-${prevversion}_to_${newversion}_subsilver2.patch" />
+
+		<exec dir="build" escape="false"
+			command="git shortlog --summary --numbered release-${prevversion}...HEAD >
+				save/save_${prevversion}_to_${newversion}/phpbb-${prevversion}_to_${newversion}_git_shortlog.txt" />
+		<exec dir="build" escape="false"
+			command="git diff --stat release-${prevversion}...HEAD >
+				save/save_${prevversion}_to_${newversion}/phpbb-${prevversion}_to_${newversion}_git_diffstat.txt" />
+	</target>
+
+	<target name="changelog" depends="prepare">
+		<exec dir="build" escape="false"
+			command="php -f build_changelog.php '${newversion}' >
+				save/changelog_${newversion}.html"  />
 	</target>
 
 	<!--
@@ -121,7 +153,7 @@
 	-->
 	<target name="export">
 		<exec dir="phpBB"
-			command="git archive ${revision} | tar -x -C ../${dir}"
+			command="git archive ${revision} | tar -xf - -C ../${dir}"
 			checkreturn="true" />
 		<delete file="${dir}/config.php" />
 		<delete dir="${dir}/develop" />
@@ -129,8 +161,8 @@
 
 		<echo msg="Setting permissions for checkout of ${revision} in ${dir}" />
 		<!-- set permissions of all files to 644, directories to 755 -->
-		<exec dir="${dir}" command="find -type f|xargs chmod 644" escape="false" />
-		<exec dir="${dir}" command="find -type d|xargs chmod 755" escape="false" />
+		<exec dir="${dir}" command="find . -type f|xargs chmod 644" escape="false" />
+		<exec dir="${dir}" command="find . -type d|xargs chmod 755" escape="false" />
 		<!-- set permissions of some directories to 777 -->
 		<chmod mode="0777" file="${dir}/cache" />
 		<chmod mode="0777" file="${dir}/store" />

build/build_changelog.php

@@ -0,0 +1,53 @@
+#!/usr/bin/env php
+<?php
+/**
+*
+* @package build
+* @copyright (c) 2011 phpBB Group
+* @license http://opensource.org/licenses/gpl-license.php GNU General Public License
+*
+*/
+
+if ($_SERVER['argc'] != 2)
+{
+	echo "Please specify the new version as argument (e.g. build_changelog.php '1.0.2').\n";
+	exit(1);
+}
+
+$fixVersion = $_SERVER['argv'][1];
+
+$query = 'project = PHPBB3
+	AND resolution = Fixed
+	AND fixVersion = "' . $fixVersion . '"
+	AND status IN ("Unverified Fix", Closed)';
+
+$url = 'http://tracker.phpbb.com/sr/jira.issueviews:searchrequest-xml/temp/SearchRequest.xml?jqlQuery=' . urlencode($query) . '&tempMax=1000';
+$xml = simplexml_load_string(file_get_contents($url));
+
+foreach ($xml->xpath('//item') as $item)
+{
+	$key = (string) $item->key;
+
+	$keyUrl = 'http://tracker.phpbb.com/browse/' . $key;
+	$keyLink = '<a href="' . $keyUrl . '">' . $key . '</a>';
+
+	$value = str_replace($key, $keyLink, htmlspecialchars($item->title));
+	$value = str_replace(']', '] -', $value);
+
+	$types[(string) $item->type][$key] = $value;
+}
+
+ksort($types);
+foreach ($types as $type => $tickets)
+{
+	echo "<h4>$type</h4>\n";
+	echo "<ul>\n";
+
+	uksort($tickets, 'strnatcasecmp');
+
+	foreach ($tickets as $ticket)
+	{
+		echo "<li>$ticket</li>\n";
+	}
+	echo "</ul>\n";
+}

build/build_helper.php

@@ -177,7 +177,7 @@ class build_package
 			}
 
 			// Is binary?
-			if (preg_match('/^Binary files ' . $package_name . '\/(.*) and [a-z0-9_-]+\/\1 differ/i', $line, $match))
+			if (preg_match('/^Binary files ' . $package_name . '\/(.*) and [a-z0-9._-]+\/\1 differ/i', $line, $match))
 			{
 				$binary[] = trim($match[1]);
 			}

build/phpdoc-phpbb.ini

@@ -0,0 +1,145 @@
+; Default configuration file for PHPDoctor
+
+; This config file will cause PHPDoctor to generate API documentation of
+; itself.
+
+
+; PHPDoctor settings
+; -----------------------------------------------------------------------------
+
+; Names of files to parse. This can be a single filename, or a comma separated
+; list of filenames. Wildcards are allowed.
+
+files = "*.php"
+
+; Names of files or directories to ignore. This can be a single filename, or a
+; comma separated list of filenames. Wildcards are NOT allowed.
+
+;ignore = "CVS, .svn, .git, _compiled"
+ignore = templates_c/,*HTML/default/*,spec/,*config.php*,*CVS/,test_chora.php,testupdate/,cache/,store/,*proSilver/,develop/,includes/utf/data/,includes/captcha/fonts/,install/update/,install/update.new/,files/,*phpinfo.php*,*update_script.php*,*upgrade.php*,*convert.php*,install/converter/,language/de/,script/,*swatch.php*,*test.php*,*test2.php*,*install.php*,*functions_diff.php*,*acp_update.php*,acm_xcache.php
+
+; The directory to look for files in, if not used the PHPDoctor will look in
+; the current directory (the directory it is run from).
+
+source_path = "../phpBB/"
+
+; If you do not want PHPDoctor to look in each sub directory for files
+; uncomment this line.
+
+;subdirs = off
+
+; Set how loud PHPDoctor is as it runs. Quiet mode suppresses all output other
+; than warnings and errors. Verbose mode outputs additional messages during
+; execution.
+
+quiet = on
+;verbose = on
+
+; Select the doclet to use for generating output.
+
+doclet = standard
+;doclet = debug
+
+; The directory to find the doclet in. Doclets control the HTML output of
+; phpDoctor and can be modified to suit your needs. They are expected to be 
+; in a directory named after themselves at the location given.
+
+;doclet_path = ./doclets
+
+; Select the formatter to use for generating output.
+
+;formatter = htmlStandardFormatter
+
+; The directory to find the formatter in. Formatters convert textual markup
+; for use by the doclet.
+
+;formatter_path = ./formatters
+
+; The directory to find taglets in. Taglets allow you to make PHPDoctor handle
+; new tags and to alter the behavour of existing tags and their output.
+
+;taglet_path = ./taglets
+
+; If the code you are parsing does not use package tags or not all elements
+; have package tags, use this setting to place unbound elements into a
+; particular package.
+
+default_package = "phpBB"
+
+use_class_path_as_package = off
+
+ignore_package_tags = off
+
+; Specifies the name of a HTML file containing text for the overview
+; documentation to be placed on the overview page. The path is relative to
+; "source_path" unless an absolute path is given.
+
+overview = ../README.md
+
+; Package comments will be looked for in a file named package.html in the same
+; directory as the first source file parsed in that package or in the directory
+; given below. If package comments are placed in the directory given below then
+; they should be named "<packageName>.html".
+
+package_comment_dir = ./
+
+; Parse out global variables and/or global constants?
+
+;globals = off
+;constants = off
+
+; Generate documentation for all class members
+
+;private = on
+
+; Generate documentation for public and protected class members
+
+;protected = on
+
+; Generate documentation for only public class members
+
+;public = on
+
+; Use the PEAR compatible handling of the docblock first sentence
+
+;pear_compat = on
+
+; Standard doclet settings
+; -----------------------------------------------------------------------------
+
+; The directory to place generated documentation in. If the given path is
+; relative to it will be relative to "source_path".
+
+d = "../build/api/"
+
+; Specifies the title to be placed in the HTML <title> tag.
+
+windowtitle = "phpBB3"
+
+; Specifies the title to be placed near the top of the overview summary file.
+
+doctitle = "phpBB3 Sourcecode Documentation"
+
+; Specifies the header text to be placed at the top of each output file. The
+; header will be placed to the right of the upper navigation bar. 
+
+header = "phpBB3"
+
+; Specifies the footer text to be placed at the bottom of each output file. The
+; footer will be placed to the right of the lower navigation bar.
+
+footer = "phpBB3"
+
+; Specifies the text to be placed at the bottom of each output file. The text
+; will be placed at the bottom of the page, below the lower navigation bar.
+
+;bottom = "This document was generated by <a href="http://peej.github.com/phpdoctor/">PHPDoctor: The PHP Documentation Creator</a>"
+
+; Create a class tree?
+
+;tree = off
+
+; Use GeSHi to include formatted source files in the documentation. PHPDoctor will look in the current doclet directory for a /geshi subdirectory. Unpack the GeSHi archive from http://qbnz.com/highlighter to get this directory - it will contain a php script and a subdirectory with formatting files.
+
+include_source = off
+

git-tools/hooks/commit-msg

@@ -55,12 +55,24 @@ quit()
 	fi
 }
 
-msg=$(grep -nE '.{81,}' "$1");
+# Check for empty commit message
+if ! grep -qv '^#' "$1"
+then
+	# Commit message is empty (or contains only comments).
+	# Let git handle this.
+	# It will abort with a message like so:
+	#
+	# Aborting commit due to empty commit message.
+	exit 0
+fi
+
+msg=$(grep -v '^#' "$1" |grep -nE '.{81,}')
 
 if [ $? -eq 0 ]
 then
-	echo "The following lines are greater than 80 characters long:\n" >&2;
-	echo $msg >&2;
+	echo "The following lines are greater than 80 characters long:" >&2;
+	echo >&2
+	echo "$msg" >&2;
 
 	quit $ERR_LENGTH;
 fi
@@ -107,7 +119,19 @@ do
 		case $expect in
 			"header")
 				err=$ERR_HEADER;
-				echo "$line" | grep -Eq "^\[(ticket/[0-9]+|feature/$branch_regex|task/$branch_regex)\] [A-Z].+$"
+				echo "$line" | grep -Eq "^\[(ticket/[0-9]+|feature/$branch_regex|task/$branch_regex)\] .+$"
+				result=$?
+				if ! echo "$line" | grep -Eq "^\[(ticket/[0-9]+|feature/$branch_regex|task/$branch_regex)\] [A-Z].+$"
+				then
+					# Don't be too strict.
+					# Commits may be temporary, intended to be squashed later.
+					# Just issue a warning here.
+					echo "Warning: heading should be a sentence beginning with a capital letter." 1>&2
+					echo "You entered:" 1>&2
+					echo "$line" 1>&2
+				fi
+				# restore exit code
+				(exit $result)
 			;;
 			"empty")
 				err=$ERR_EMPTY;
@@ -128,6 +152,10 @@ do
 				# Should not end up here
 				false
 			;;
+			"possibly-eof")
+				# Allow empty and/or comment lines at the end
+				! tail -n +"$i" "$1" |grep -qvE '^($|#)'
+			;;
 			"comment")
 				echo "$line" | grep -Eq "^#";
 			;;
@@ -188,7 +216,7 @@ do
 				in_description=1;
 			;;
 			"footer")
-				expecting="footer eof";
+				expecting="footer possibly-eof";
 				if [ "$tickets" = "" ]
 				then
 					tickets="$line";
@@ -199,6 +227,9 @@ do
 			"comment")
 				# Comments should expect the same thing again
 			;;
+			"possibly-eof")
+				expecting="eof";
+			;;
 			*)
 				echo "Unrecognised token $expect" >&2;
 				quit 254;

git-tools/hooks/prepare-commit-msg

@@ -35,8 +35,8 @@ then
 	# Branch is prefixed with 'ticket/', append ticket ID to message
 	if [ "$branch" != "${branch##ticket/}" ];
 	then
-		tail="\n\nPHPBB3-${branch##ticket/}";
+		tail="$(printf "\n\nPHPBB3-${branch##ticket/}")";
 	fi
 
-	echo "[$branch]$tail $(cat "$1")" > "$1"
+	echo "[$branch] $tail$(cat "$1")" > "$1"
 fi

git-tools/merge.php

@@ -0,0 +1,175 @@
+#!/usr/bin/env php
+<?php
+/**
+*
+* @package phpBB3
+* @copyright (c) 2011 phpBB Group
+* @license http://opensource.org/licenses/gpl-license.php GNU Public License
+*
+*/
+
+function show_usage()
+{
+	$filename = basename(__FILE__);
+
+	echo "$filename merges a github pull request.\n";
+	echo "\n";
+
+	echo "Usage: [php] $filename -p pull_request_id [OPTIONS]\n";
+	echo "\n";
+
+	echo "Options:\n";
+	echo " -p pull_request_id             The pull request id to be merged (mandatory)\n";
+	echo " -r remote                      Remote of upstream, defaults to 'upstream' (optional)\n";
+	echo " -d                             Outputs the commands instead of running them (optional)\n";
+	echo " -h                             This help text\n";
+
+	exit(2);
+}
+
+// Handle arguments
+$opts = getopt('p:r:dh');
+
+if (empty($opts) || isset($opts['h']))
+{
+	show_usage();
+}
+
+$pull_id	= get_arg($opts, 'p', '');
+$remote		= get_arg($opts, 'r', 'upstream');
+$dry_run	= !get_arg($opts, 'd', true);
+
+try
+{
+	exit(work($pull_id, $remote));
+}
+catch (RuntimeException $e)
+{
+	echo $e->getMessage();
+	exit($e->getCode());
+}
+
+function work($pull_id, $remote)
+{
+	// Get some basic data
+	$pull = get_pull('phpbb', 'phpbb3', $pull_id);
+
+	if (!$pull_id)
+	{
+		show_usage();
+	}
+
+	if ($pull['state'] != 'open')
+	{
+		throw new RuntimeException(sprintf("Error: pull request is closed\n",
+			$target_branch), 5);
+	}
+
+	$pull_user = $pull['head'][0];
+	$pull_branch = $pull['head'][1];
+	$target_branch = $pull['base'][1];
+
+	switch ($target_branch)
+	{
+		case 'develop-olympus':
+			run("git checkout develop-olympus");
+			run("git pull $remote develop-olympus");
+
+			add_remote($pull_user, 'phpbb3');
+			run("git fetch $pull_user");
+			run("git merge --no-ff $pull_user/$pull_branch");
+			run("phpunit");
+
+			run("git checkout develop");
+			run("git pull $remote develop");
+			run("git merge --no-ff develop-olympus");
+			run("phpunit");
+		break;
+
+		case 'develop':
+			run("git checkout develop");
+			run("git pull $remote develop");
+
+			add_remote($pull_user, 'phpbb3');
+			run("git fetch $pull_user");
+			run("git merge --no-ff $pull_user/$pull_branch");
+			run("phpunit");
+		break;
+
+		default:
+			throw new RuntimeException(sprintf("Error: pull request target branch '%s' is not a main branch\n",
+				$target_branch), 5);
+		break;
+	}
+}
+
+function add_remote($username, $repository, $pushable = false)
+{
+	$url = get_repository_url($username, $repository, false);
+	run("git remote add $username $url", true);
+
+	if ($pushable)
+	{
+		$ssh_url = get_repository_url($username, $repository, true);
+		run("git remote set-url --push $username $ssh_url");
+	}
+}
+
+function get_repository_url($username, $repository, $ssh = false)
+{
+	$url_base = ($ssh) ? 'git@github.com:' : 'git://github.com/';
+
+	return $url_base . $username . '/' . $repository . '.git';
+}
+
+function api_request($query)
+{
+	$contents = file_get_contents("http://github.com/api/v2/json/$query");
+
+	if ($contents === false)
+	{
+		throw new RuntimeException("Error: failed to retrieve pull request data\n", 4);
+	}
+
+	return json_decode($contents);
+}
+
+function get_pull($username, $repository, $pull_id)
+{
+	$request = api_request("pulls/$username/$repository/$pull_id");
+
+	$pull = $request->pull;
+
+	$pull_data = array(
+		'base'  => array($pull->base->user->login, $pull->base->ref),
+		'head'  => array($pull->head->user->login, $pull->head->ref),
+		'state' => $pull->state,
+	);
+
+	return $pull_data;
+}
+
+function get_arg($array, $index, $default)
+{
+	return isset($array[$index]) ? $array[$index] : $default;
+}
+
+function run($cmd, $ignore_fail = false)
+{
+	global $dry_run;
+
+	if (!empty($dry_run))
+	{
+		echo "$cmd\n";
+	}
+	else
+	{
+		passthru(escapeshellcmd($cmd), $status);
+
+		if ($status != 0 && !$ignore_fail)
+		{
+			throw new RuntimeException(sprintf("Error: command '%s' failed with status %s'\n",
+				$cmd, $status), 6);
+		}
+	}
+}

git-tools/setup_github_network.php

@@ -0,0 +1,248 @@
+#!/usr/bin/env php
+<?php
+/**
+*
+* @package phpBB3
+* @copyright (c) 2011 phpBB Group
+* @license http://opensource.org/licenses/gpl-license.php GNU Public License
+*
+*/
+
+function show_usage()
+{
+	$filename = basename(__FILE__);
+
+	echo "$filename adds repositories of a github network as remotes to a local git repository.\n";
+	echo "\n";
+
+	echo "Usage: [php] $filename -s collaborators|organisation|contributors|network [OPTIONS]\n";
+	echo "\n";
+
+	echo "Scopes:\n";
+	echo "  collaborators                 Repositories of people who have push access to the specified repository\n";
+	echo "  contributors                  Repositories of people who have contributed to the specified repository\n";
+	echo "  organisation                  Repositories of members of the organisation at github\n";
+	echo "  network                       All repositories of the whole github network\n";
+	echo "\n";
+
+	echo "Options:\n";
+	echo " -s scope                       See description above (mandatory)\n";
+	echo " -u github_username             Overwrites the github username (optional)\n";
+	echo " -r repository_name             Overwrites the repository name (optional)\n";
+	echo " -m your_github_username        Sets up ssh:// instead of git:// for pushable repositories (optional)\n";
+	echo " -d                             Outputs the commands instead of running them (optional)\n";
+	echo " -h                             This help text\n";
+
+	exit(1);
+}
+
+// Handle arguments
+$opts = getopt('s:u:r:m:dh');
+
+if (empty($opts) || isset($opts['h']))
+{
+	show_usage();
+}
+
+$scope			= get_arg($opts, 's', '');
+$username		= get_arg($opts, 'u', 'phpbb');
+$repository 	= get_arg($opts, 'r', 'phpbb3');
+$developer		= get_arg($opts, 'm', '');
+$dry_run		= !get_arg($opts, 'd', true);
+run(null, $dry_run);
+exit(work($scope, $username, $repository, $developer));
+
+function work($scope, $username, $repository, $developer)
+{
+	// Get some basic data
+	$network		= get_network($username, $repository);
+	$collaborators	= get_collaborators($username, $repository);
+
+	if ($network === false || $collaborators === false)
+	{
+		echo "Error: failed to retrieve network or collaborators\n";
+		return 1;
+	}
+
+	switch ($scope)
+	{
+		case 'collaborators':
+			$remotes = array_intersect_key($network, $collaborators);
+		break;
+
+		case 'organisation':
+			$remotes = array_intersect_key($network, get_organisation_members($username));
+		break;
+
+		case 'contributors':
+			$remotes = array_intersect_key($network, get_contributors($username, $repository));
+		break;
+
+		case 'network':
+			$remotes = $network;
+		break;
+
+		default:
+			show_usage();
+	}
+
+	if (file_exists('.git'))
+	{
+		add_remote($username, $repository, isset($collaborators[$developer]));
+	}
+	else
+	{
+		clone_repository($username, $repository, isset($collaborators[$developer]));
+	}
+
+	// Add private security repository for developers
+	if ($username == 'phpbb' && $repository == 'phpbb3' && isset($collaborators[$developer]))
+	{
+		run("git remote add $username-security " . get_repository_url($username, "$repository-security", true));
+	}
+
+	// Skip blessed repository.
+	unset($remotes[$username]);
+
+	foreach ($remotes as $remote)
+	{
+		add_remote($remote['username'], $remote['repository'], $remote['username'] == $developer);
+	}
+
+	run('git remote update');
+}
+
+function clone_repository($username, $repository, $pushable = false)
+{
+	$url = get_repository_url($username, $repository, false);
+	run("git clone $url ./ --origin $username");
+
+	if ($pushable)
+	{
+		$ssh_url = get_repository_url($username, $repository, true);
+		run("git remote set-url --push $username $ssh_url");
+	}
+}
+
+function add_remote($username, $repository, $pushable = false)
+{
+	$url = get_repository_url($username, $repository, false);
+	run("git remote add $username $url");
+
+	if ($pushable)
+	{
+		$ssh_url = get_repository_url($username, $repository, true);
+		run("git remote set-url --push $username $ssh_url");
+	}
+}
+
+function get_repository_url($username, $repository, $ssh = false)
+{
+	$url_base = ($ssh) ? 'git@github.com:' : 'git://github.com/';
+
+	return $url_base . $username . '/' . $repository . '.git';
+}
+
+function api_request($query)
+{
+	$contents = file_get_contents("http://github.com/api/v2/json/$query");
+	if ($contents === false)
+	{
+		return false;
+	}
+	return json_decode($contents);
+}
+
+function get_contributors($username, $repository)
+{
+	$request = api_request("repos/show/$username/$repository/contributors");
+	if ($request === false)
+	{
+		return false;
+	}
+
+	$usernames = array();
+	foreach ($request->contributors as $contributor)
+	{
+		$usernames[$contributor->login] = $contributor->login;
+	}
+
+	return $usernames;
+}
+
+function get_organisation_members($username)
+{
+	$request = api_request("organizations/$username/public_members");
+	if ($request === false)
+	{
+		return false;
+	}
+
+	$usernames = array();
+	foreach ($request->users as $member)
+	{
+		$usernames[$member->login] = $member->login;
+	}
+
+	return $usernames;
+}
+
+function get_collaborators($username, $repository)
+{
+	$request = api_request("repos/show/$username/$repository/collaborators");
+	if ($request === false)
+	{
+		return false;
+	}
+
+	$usernames = array();
+	foreach ($request->collaborators as $collaborator)
+	{
+		$usernames[$collaborator] = $collaborator;
+	}
+
+	return $usernames;
+}
+
+function get_network($username, $repository)
+{
+	$request = api_request("repos/show/$username/$repository/network");
+	if ($request === false)
+	{
+		return false;
+	}
+
+	$usernames = array();
+	foreach ($request->network as $network)
+	{
+		$usernames[$network->owner] = array(
+			'username'		=> $network->owner,
+			'repository'	=> $network->name,
+		);
+	}
+
+	return $usernames;
+}
+
+function get_arg($array, $index, $default)
+{
+	return isset($array[$index]) ? $array[$index] : $default;
+}
+
+function run($cmd, $dry = false)
+{
+	static $dry_run;
+
+	if (is_null($cmd))
+	{
+		$dry_run = $dry;
+	}
+	else if (!empty($dry_run))
+	{
+		echo "$cmd\n";
+	}
+	else
+	{
+		passthru(escapeshellcmd($cmd));
+	}
+}

phpBB/adm/index.php

@@ -237,7 +237,7 @@ function build_select($option_ary, $option_default = false)
 /**
 * Build radio fields in acp pages
 */
-function h_radio($name, &$input_ary, $input_default = false, $id = false, $key = false)
+function h_radio($name, $input_ary, $input_default = false, $id = false, $key = false, $separator = '')
 {
 	global $user;
 
@@ -246,7 +246,7 @@ function h_radio($name, &$input_ary, $input_default = false, $id = false, $key =
 	foreach ($input_ary as $value => $title)
 	{
 		$selected = ($input_default !== false && $value == $input_default) ? ' checked="checked"' : '';
-		$html .= '<label><input type="radio" name="' . $name . '"' . (($id && !$id_assigned) ? ' id="' . $id . '"' : '') . ' value="' . $value . '"' . $selected . (($key) ? ' accesskey="' . $key . '"' : '') . ' class="radio" /> ' . $user->lang[$title] . '</label>';
+		$html .= '<label><input type="radio" name="' . $name . '"' . (($id && !$id_assigned) ? ' id="' . $id . '"' : '') . ' value="' . $value . '"' . $selected . (($key) ? ' accesskey="' . $key . '"' : '') . ' class="radio" /> ' . $user->lang[$title] . '</label>' . $separator;
 		$id_assigned = true;
 	}
 
@@ -276,7 +276,7 @@ function build_cfg_template($tpl_type, $key, &$new, $config_key, $vars)
 			$size = (int) $tpl_type[1];
 			$maxlength = (int) $tpl_type[2];
 
-			$tpl = '<input id="' . $key . '" type="' . $tpl_type[0] . '"' . (($size) ? ' size="' . $size . '"' : '') . ' maxlength="' . (($maxlength) ? $maxlength : 255) . '" name="' . $name . '" value="' . $new[$config_key] . '" />';
+			$tpl = '<input id="' . $key . '" type="' . $tpl_type[0] . '"' . (($size) ? ' size="' . $size . '"' : '') . ' maxlength="' . (($maxlength) ? $maxlength : 255) . '" name="' . $name . '" value="' . $new[$config_key] . '"' . (($tpl_type[0] === 'password') ?  ' autocomplete="off"' : '') . ' />';
 		break;
 
 		case 'dimension':
@@ -402,7 +402,7 @@ function validate_config_vars($config_vars, &$cfg_array, &$error)
 		switch ($validator[$type])
 		{
 			case 'string':
-				$length = strlen($cfg_array[$config_name]);
+				$length = utf8_strlen($cfg_array[$config_name]);
 
 				// the column is a VARCHAR
 				$validator[$max] = (isset($validator[$max])) ? min(255, $validator[$max]) : 255;
@@ -573,7 +573,11 @@ function validate_range($value_ary, &$error)
 		'BOOL'	=> array('php_type' => 'int', 		'min' => 0, 				'max' => 1),
 		'USINT'	=> array('php_type' => 'int',		'min' => 0, 				'max' => 65535),
 		'UINT'	=> array('php_type' => 'int', 		'min' => 0, 				'max' => (int) 0x7fffffff),
-		'INT'	=> array('php_type' => 'int', 		'min' => (int) 0x80000000, 	'max' => (int) 0x7fffffff),
+		// Do not use (int) 0x80000000 - it evaluates to different
+		// values on 32-bit and 64-bit systems.
+		// Apparently -2147483648 is a float on 32-bit systems,
+		// despite fitting in an int, thus explicit cast is needed.
+		'INT'	=> array('php_type' => 'int', 		'min' => (int) -2147483648,	'max' => (int) 0x7fffffff),
 		'TINT'	=> array('php_type' => 'int',		'min' => -128,				'max' => 127),
 
 		'VCHAR'	=> array('php_type' => 'string', 	'min' => 0, 				'max' => 255),
@@ -596,7 +600,7 @@ function validate_range($value_ary, &$error)
 		{
 			case 'string' :
 				$max = (isset($column[1])) ? min($column[1],$type['max']) : $type['max'];
-				if (strlen($value['value']) > $max)
+				if (utf8_strlen($value['value']) > $max)
 				{
 					$error[] = sprintf($user->lang['SETTING_TOO_LONG'], $user->lang[$value['lang']], $max);
 				}

phpBB/adm/style/acp_ban.html

@@ -33,7 +33,7 @@
 	{
 		document.getElementById('acp_unban').unbangivereason.innerHTML = ban_give_reason[option];
 		document.getElementById('acp_unban').unbanreason.innerHTML = ban_reason[option];
-		document.getElementById('acp_unban').unbanlength.innerHTML = ban_length[option];
+		document.getElementById('acp_unban').unbanlength.value = ban_length[option];
 	}
 
 // ]]>

phpBB/adm/style/acp_email.html

@@ -38,6 +38,10 @@
 	<dt><label for="priority">{L_MAIL_PRIORITY}:</label></dt>
 	<dd><select id="priority" name="mail_priority_flag">{S_PRIORITY_OPTIONS}</select></dd>
 </dl>
+<dl>
+	<dt><label for="banned">{L_MAIL_BANNED}:</label><br /><span>{L_MAIL_BANNED_EXPLAIN}</span></dt>
+	<dd><input id="banned" name="mail_banned_flag" type="checkbox" class="radio" /></dd>
+</dl>
 <dl>
 	<dt><label for="send">{L_SEND_IMMEDIATELY}:</label></dt>
 	<dd><input id="send" type="checkbox" class="radio" name="send_immediately" checked="checked" /></dd>

phpBB/adm/style/acp_forums.html

@@ -58,7 +58,7 @@
 
 		/**
 		* Init the wanted display functionality if javascript is enabled.
-		* If javascript is not available, the user is still able to properly administrate.
+		* If javascript is not available, the user is still able to properly administer.
 		*/
 		onload = function()
 		{
@@ -140,6 +140,12 @@
 		<dt><label for="parent">{L_FORUM_PARENT}:</label></dt>
 		<dd><select id="parent" name="forum_parent_id"><option value="0"<!-- IF not S_FORUM_PARENT_ID --> selected="selected"<!-- ENDIF -->>{L_NO_PARENT}</option>{S_PARENT_OPTIONS}</select></dd>
 	</dl>
+	<!-- IF S_CAN_COPY_PERMISSIONS -->
+		<dl>
+			<dt><label for="forum_perm_from">{L_COPY_PERMISSIONS}:</label><br /><span>{L_COPY_PERMISSIONS_EXPLAIN}</span></dt>
+			<dd><select id="forum_perm_from" name="forum_perm_from"><option value="0">{L_NO_PERMISSIONS}</option>{S_FORUM_OPTIONS}</select></dd>
+		</dl>
+	<!-- ENDIF -->
 	<dl>
 		<dt><label for="forum_name">{L_FORUM_NAME}:</label></dt>
 		<dd><input class="text medium" type="text" id="forum_name" name="forum_name" value="{FORUM_NAME}" maxlength="255" /></dd>
@@ -160,11 +166,11 @@
 	</dl>
 	<dl>
 		<dt><label for="forum_password">{L_FORUM_PASSWORD}:</label><br /><span>{L_FORUM_PASSWORD_EXPLAIN}</span></dt>
-		<dd><input type="password" id="forum_password" name="forum_password" value="<!-- IF S_FORUM_PASSWORD_SET -->&#x20;&#x20;&#x20;&#x20;&#x20;&#x20;<!-- ENDIF -->" /></dd>
+		<dd><input type="password" id="forum_password" name="forum_password" value="<!-- IF S_FORUM_PASSWORD_SET -->&#x20;&#x20;&#x20;&#x20;&#x20;&#x20;<!-- ENDIF -->" autocomplete="off" /></dd>
 	</dl>
 	<dl>
 		<dt><label for="forum_password_confirm">{L_FORUM_PASSWORD_CONFIRM}:</label><br /><span>{L_FORUM_PASSWORD_CONFIRM_EXPLAIN}</span></dt>
-		<dd><input type="password" id="forum_password_confirm" name="forum_password_confirm" value="<!-- IF S_FORUM_PASSWORD_SET -->&#x20;&#x20;&#x20;&#x20;&#x20;&#x20;<!-- ENDIF -->" /></dd>
+		<dd><input type="password" id="forum_password_confirm" name="forum_password_confirm" value="<!-- IF S_FORUM_PASSWORD_SET -->&#x20;&#x20;&#x20;&#x20;&#x20;&#x20;<!-- ENDIF -->" autocomplete="off" /></dd>
 	</dl>
 	<!-- IF S_FORUM_PASSWORD_SET -->
 	<dl>
@@ -176,12 +182,6 @@
 		<dt><label for="forum_style">{L_FORUM_STYLE}:</label></dt>
 		<dd><select id="forum_style" name="forum_style"><option value="0">{L_DEFAULT_STYLE}</option>{S_STYLES_OPTIONS}</select></dd>
 	</dl>
-	<!-- IF S_CAN_COPY_PERMISSIONS -->
-		<dl>
-			<dt><label for="forum_perm_from">{L_COPY_PERMISSIONS}:</label><br /><span>{L_COPY_PERMISSIONS_EXPLAIN}</span></dt>
-			<dd><select id="forum_perm_from" name="forum_perm_from"><option value="0">{L_NO_PERMISSIONS}</option>{S_FORUM_OPTIONS}</select></dd>
-		</dl>
-	<!-- ENDIF -->
 	</fieldset>
 
 	<div id="forum_cat_options">

phpBB/adm/style/acp_icons.html

@@ -74,7 +74,7 @@
 	<fieldset class="tabulated">
 	<legend>{L_TITLE}</legend>
 
-	<table cellspacing="1">
+	<table cellspacing="1" id="smilies">
 	<thead>
 	<tr>
 		<th colspan="{COLSPAN}">{L_CONFIG}</th>
@@ -94,7 +94,7 @@
 		<td>{L_ORDER}</td>
 	<!-- ENDIF -->
 	<!-- IF S_ADD -->
-		<td>{L_ADD}</td>
+		<td>{L_ADD} <a href="#" onclick="marklist('smilies', 'add_img', true); return false;">({L_MARK_ALL})</a></td>
 	<!-- ENDIF -->
 	</tr>
 	</thead>

phpBB/adm/style/acp_main.html

@@ -34,6 +34,36 @@
 		</div>
 	<!-- ENDIF -->
 
+	<!-- IF S_MBSTRING_LOADED -->
+		<!-- IF S_MBSTRING_FUNC_OVERLOAD_FAIL -->
+			<div class="errorbox">
+				<h3>{L_ERROR_MBSTRING_FUNC_OVERLOAD}</h3>
+				<p>{L_ERROR_MBSTRING_FUNC_OVERLOAD_EXPLAIN}</p>
+			</div>
+		<!-- ENDIF -->
+
+		<!-- IF S_MBSTRING_ENCODING_TRANSLATION_FAIL -->
+			<div class="errorbox">
+				<h3>{L_ERROR_MBSTRING_ENCODING_TRANSLATION}</h3>
+				<p>{L_ERROR_MBSTRING_ENCODING_TRANSLATION_EXPLAIN}</p>
+			</div>
+		<!-- ENDIF -->
+
+		<!-- IF S_MBSTRING_HTTP_INPUT_FAIL -->
+			<div class="errorbox">
+				<h3>{L_ERROR_MBSTRING_HTTP_INPUT}</h3>
+				<p>{L_ERROR_MBSTRING_HTTP_INPUT_EXPLAIN}</p>
+			</div>
+		<!-- ENDIF -->
+
+		<!-- IF S_MBSTRING_HTTP_OUTPUT_FAIL -->
+			<div class="errorbox">
+				<h3>{L_ERROR_MBSTRING_HTTP_OUTPUT}</h3>
+				<p>{L_ERROR_MBSTRING_HTTP_OUTPUT_EXPLAIN}</p>
+			</div>
+		<!-- ENDIF -->
+	<!-- ENDIF -->
+
 	<!-- IF S_WRITABLE_CONFIG -->
 		<div class="errorbox notice">
 			<p>{L_WRITABLE_CONFIG}</p>

phpBB/adm/style/acp_ranks.html

@@ -35,8 +35,8 @@
 	</dl>
 	<dl>
 		<dt><label for="special_rank">{L_RANK_SPECIAL}:</label></dt>
-		<dd><label><input onchange="dE('posts', -1)" type="radio" class="radio" name="special_rank" value="1" id="special_rank"<!-- IF S_SPECIAL_RANK --> checked="checked"<!-- ENDIF --> />{L_YES}</label>
-			<label><input onchange="dE('posts', 1)" type="radio" class="radio" name="special_rank" value="0"<!-- IF not S_SPECIAL_RANK --> checked="checked"<!-- ENDIF --> /> {L_NO}</label></dd>
+		<dd><label><input onclick="dE('posts', -1)" type="radio" class="radio" name="special_rank" value="1" id="special_rank"<!-- IF S_SPECIAL_RANK --> checked="checked"<!-- ENDIF --> /> {L_YES}</label>
+			<label><input onclick="dE('posts', 1)" type="radio" class="radio" name="special_rank" value="0"<!-- IF not S_SPECIAL_RANK --> checked="checked"<!-- ENDIF --> /> {L_NO}</label></dd>
 	</dl>
 	<!-- IF S_SPECIAL_RANK --><div id="posts" style="display: none;"><!-- ELSE --><div id="posts"><!-- ENDIF -->
 	<dl>

phpBB/adm/style/acp_styles.html

@@ -22,6 +22,21 @@
 		<dt><label for="new_id">{L_REPLACE}:</label><br /><span>{L_REPLACE_EXPLAIN}</span></dt>
 		<dd><select id="new_id" name="new_id">{S_REPLACE_OPTIONS}</select></dd>
 	</dl>
+	<!-- IF S_DELETE_STYLE -->
+		<hr />
+		<dl>
+			<dt><label for="new_template_id">{L_DELETE_TEMPLATE}:</label><br /><span>{L_REPLACE_TEMPLATE_EXPLAIN}</span></dt>
+			<dd><select id="new_template_id" name="new_template_id">{S_REPLACE_TEMPLATE_OPTIONS}</select></dd>
+		</dl>
+		<dl>
+			<dt><label for="new_theme_id">{L_DELETE_THEME}:</label><br /><span>{L_REPLACE_THEME_EXPLAIN}</span></dt>
+			<dd><select id="new_theme_id" name="new_theme_id">{S_REPLACE_THEME_OPTIONS}</select></dd>
+		</dl>
+		<dl>
+			<dt><label for="new_imageset_id">{L_DELETE_IMAGESET}:</label><br /><span>{L_REPLACE_IMAGESET_EXPLAIN}</span></dt>
+			<dd><select id="new_imageset_id" name="new_imageset_id">{S_REPLACE_IMAGESET_OPTIONS}</select></dd>
+		</dl>
+	<!-- ENDIF -->
 
 	<p class="quick">
 		<input class="button1" type="submit" name="update" value="{L_DELETE}" />
@@ -77,7 +92,7 @@
 
 		/**
 		* Init the wanted display functionality if javascript is enabled.
-		* If javascript is not available, the user is still able to properly administrate.
+		* If javascript is not available, the user is still able to properly administer.
 		*/
 		onload = function()
 		{

phpBB/adm/style/acp_users.html

@@ -13,7 +13,7 @@
 	<fieldset>
 		<legend>{L_SELECT_USER}</legend>
 	<dl>
-		<dt><label for="username">{L_FIND_USERNAME}:</label></dt>
+		<dt><label for="username">{L_ENTER_USERNAME}:</label></dt>
 		<dd><input class="text medium" type="text" id="username" name="username" /></dd>
 		<dd>[ <a href="{U_FIND_USERNAME}" onclick="find_username(this.href); return false;">{L_FIND_USERNAME}</a> ]</dd>
 		<dd class="full" style="text-align: left;"><label><input type="checkbox" class="radio" id="anonymous" name="u" value="{ANONYMOUS_USER_ID}" /> {L_SELECT_ANONYMOUS}</label></dd>

phpBB/adm/style/acp_users_overview.html

@@ -43,19 +43,19 @@
 </dl>
 <dl>
 	<dt><label for="user_email">{L_EMAIL}:</label></dt>
-	<dd><input class="text medium" type="text" id="user_email" name="user_email" value="{USER_EMAIL}" /></dd>
+	<dd><input class="text medium" type="text" id="user_email" name="user_email" value="{USER_EMAIL}" autocomplete="off" /></dd>
 </dl>
 <dl>
 	<dt><label for="email_confirm">{L_CONFIRM_EMAIL}:</label><br /><span>{L_CONFIRM_EMAIL_EXPLAIN}</span></dt>
-	<dd><input class="text medium" type="text" id="email_confirm" name="email_confirm" value="" /></dd>
+	<dd><input class="text medium" type="text" id="email_confirm" name="email_confirm" value="" autocomplete="off" /></dd>
 </dl>
 <dl>
 	<dt><label for="new_password">{L_NEW_PASSWORD}:</label><br /><span>{L_CHANGE_PASSWORD_EXPLAIN}</span></dt>
-	<dd><input type="password" id="new_password" name="new_password" value="" /></dd>
+	<dd><input type="password" id="new_password" name="new_password" value="" autocomplete="off" /></dd>
 </dl>
 <dl>
 	<dt><label for="password_confirm">{L_CONFIRM_PASSWORD}:</label><br /><span>{L_CONFIRM_PASSWORD_EXPLAIN}</span></dt>
-	<dd><input type="password" id="password_confirm" name="password_confirm" value="" /></dd>
+	<dd><input type="password" id="password_confirm" name="password_confirm" value="" autocomplete="off" /></dd>
 </dl>
 
 <p class="quick">

phpBB/adm/style/acp_users_signature.html

@@ -22,9 +22,8 @@
 		w: '{LA_BBCODE_W_HELP}',
 		s: '{LA_BBCODE_S_HELP}',
 		f: '{LA_BBCODE_F_HELP}',
-		e: '{LA_BBCODE_E_HELP}',
+		y: '{LA_BBCODE_Y_HELP}',
 		d: '{LA_BBCODE_D_HELP}',
-		t: '{LA_BBCODE_T_HELP}',
 		tip: '{L_STYLES_TIP}'
 		<!-- BEGIN custom_tags -->
 			,cb_{custom_tags.BBCODE_ID}: '{custom_tags.A_BBCODE_HELPLINE}'
@@ -56,7 +55,7 @@
 			<input type="button" class="button2" accesskey="c" name="addbbcode8" value="Code" style="width: 40px" onclick="bbstyle(8)" onmouseover="helpline('c')" onmouseout="helpline('tip')" />
 			<input type="button" class="button2" accesskey="l" name="addbbcode10" value="List" style="width: 40px" onclick="bbstyle(10)" onmouseover="helpline('l')" onmouseout="helpline('tip')" />
 			<input type="button" class="button2" accesskey="o" name="addbbcode12" value="List=" style="width: 40px" onclick="bbstyle(12)" onmouseover="helpline('o')" onmouseout="helpline('tip')" />
-			<input type="button" class="button2" accesskey="y" name="addlitsitem" value="[*]" style="width: 40px" onclick="bbstyle(-1)" onmouseover="helpline('e')" onmouseout="helpline('tip')" />
+			<input type="button" class="button2" accesskey="y" name="addlistitem" value="[*]" style="width: 40px" onclick="bbstyle(-1)" onmouseover="helpline('y')" onmouseout="helpline('tip')" />
 			<!-- IF S_BBCODE_IMG -->
 				<input type="button" class="button2" accesskey="p" name="addbbcode14" value="Img" style="width: 40px" onclick="bbstyle(14)" onmouseover="helpline('p')" onmouseout="helpline('tip')" />
 			<!-- ENDIF -->

phpBB/adm/style/admin.css

@@ -899,12 +899,15 @@ html>body dd label input { vertical-align: text-bottom;}	/* Tweak for Moz to ali
 dd input {
 	font-size: 1.00em;
 	max-width: 100%;
+	margin: 2px 0;
 }
 
 dd select {
 	font-size: 100%;
+	font-size: 1em;
 	width: auto;
 	max-width: 100%;
+	margin: 2px 0;
 }
 
 dd textarea {
@@ -912,11 +915,6 @@ dd textarea {
 	width: 90%;
 }
 
-dd select {
-	width: auto;
-	font-size: 1.00em;
-}
-
 fieldset dl {
 	margin-bottom: 10px;
 	font-size: 0.85em;

phpBB/adm/style/captcha_recaptcha.html

@@ -5,7 +5,7 @@
 		// <![CDATA[
 		var RecaptchaOptions = {
 			lang : '{LA_RECAPTCHA_LANG}',
-			theme : 'clean',
+			theme : 'clean'
 		};
 		// ]]>
 		</script>

phpBB/adm/style/install_footer.html

@@ -6,20 +6,9 @@
 		</div>
 		</div>
 	</div>
-	
-	<!--
-		We request you retain the full copyright notice below including the link to www.phpbb.com.
-		This not only gives respect to the large amount of time given freely by the developers
-		but also helps build interest, traffic and use of phpBB. If you (honestly) cannot retain
-		the full copyright we ask you at least leave in place the "Powered by phpBB" line, with
-		"phpBB" linked to www.phpbb.com. If you refuse to include even this then support on our
-		forums may be affected.
-	
-		The phpBB Group : 2006
-	// -->
-	
+
 	<div id="page-footer">
-		Powered by phpBB &copy; 2000, 2002, 2005, 2007 <a href="http://www.phpbb.com/">phpBB Group</a>
+		Powered by <a href="http://www.phpbb.com/">phpBB</a>&reg; Forum Software &copy; phpBB Group
 	</div>
 </div>
 

phpBB/adm/style/overall_footer.html

@@ -6,21 +6,10 @@
 		</div>
 		</div>
 	</div>
-	
-	<!--
-		We request you retain the full copyright notice below including the link to www.phpbb.com.
-		This not only gives respect to the large amount of time given freely by the developers
-		but also helps build interest, traffic and use of phpBB. If you (honestly) cannot retain
-		the full copyright we ask you at least leave in place the "Powered by phpBB" line, with
-		"phpBB" linked to www.phpbb.com. If you refuse to include even this then support on our
-		forums may be affected.
-	
-		The phpBB Group : 2006
-	// -->
-	
+
 	<div id="page-footer">
 		<!-- IF S_COPYRIGHT_HTML -->
-			Powered by phpBB &copy; 2000, 2002, 2005, 2007 <a href="http://www.phpbb.com/">phpBB Group</a>
+			Powered by <a href="http://www.phpbb.com/">phpBB</a>&reg; Forum Software &copy; phpBB Group
 			<!-- IF TRANSLATION_INFO --><br />{TRANSLATION_INFO}<!-- ENDIF -->
 		<!-- ENDIF -->
 

phpBB/adm/style/simple_footer.html

@@ -2,21 +2,10 @@
 	<br /><br />
 </div>
 
-<!--
-	We request you retain the full copyright notice below including the link to www.phpbb.com.
-	This not only gives respect to the large amount of time given freely by the developers
-	but also helps build interest, traffic and use of phpBB. If you (honestly) cannot retain
-	the full copyright we ask you at least leave in place the "Powered by phpBB" line, with
-	"phpBB" linked to www.phpbb.com. If you refuse to include even this then support on our
-	forums may be affected.
-
-	The phpBB Group : 2006
-// -->
-
 <div id="page-footer">
 
 	<!-- IF S_COPYRIGHT_HTML -->
-		<br />Powered by phpBB &copy; 2000, 2002, 2005, 2007 <a href="http://www.phpbb.com/">phpBB Group</a>
+		<br />Powered by <a href="http://www.phpbb.com/">phpBB</a>&reg; Forum Software &copy; phpBB Group
 		<!-- IF TRANSLATION_INFO --><br />{TRANSLATION_INFO}<!-- ENDIF -->
 	<!-- ENDIF -->
 

phpBB/common.php

@@ -16,112 +16,7 @@ if (!defined('IN_PHPBB'))
 	exit;
 }
 
-$starttime = explode(' ', microtime());
-$starttime = $starttime[1] + $starttime[0];
-
-// Report all errors, except notices and deprecation messages
-if (!defined('E_DEPRECATED'))
-{
-	define('E_DEPRECATED', 8192);
-}
-error_reporting(E_ALL ^ E_NOTICE ^ E_DEPRECATED);
-
-/*
-* Remove variables created by register_globals from the global scope
-* Thanks to Matt Kavanagh
-*/
-function deregister_globals()
-{
-	$not_unset = array(
-		'GLOBALS'	=> true,
-		'_GET'		=> true,
-		'_POST'		=> true,
-		'_COOKIE'	=> true,
-		'_REQUEST'	=> true,
-		'_SERVER'	=> true,
-		'_SESSION'	=> true,
-		'_ENV'		=> true,
-		'_FILES'	=> true,
-		'phpEx'		=> true,
-		'phpbb_root_path'	=> true
-	);
-
-	// Not only will array_merge and array_keys give a warning if
-	// a parameter is not an array, array_merge will actually fail.
-	// So we check if _SESSION has been initialised.
-	if (!isset($_SESSION) || !is_array($_SESSION))
-	{
-		$_SESSION = array();
-	}
-
-	// Merge all into one extremely huge array; unset this later
-	$input = array_merge(
-		array_keys($_GET),
-		array_keys($_POST),
-		array_keys($_COOKIE),
-		array_keys($_SERVER),
-		array_keys($_SESSION),
-		array_keys($_ENV),
-		array_keys($_FILES)
-	);
-
-	foreach ($input as $varname)
-	{
-		if (isset($not_unset[$varname]))
-		{
-			// Hacking attempt. No point in continuing unless it's a COOKIE
-			if ($varname !== 'GLOBALS' || isset($_GET['GLOBALS']) || isset($_POST['GLOBALS']) || isset($_SERVER['GLOBALS']) || isset($_SESSION['GLOBALS']) || isset($_ENV['GLOBALS']) || isset($_FILES['GLOBALS']))
-			{
-				exit;
-			}
-			else
-			{
-				$cookie = &$_COOKIE;
-				while (isset($cookie['GLOBALS']))
-				{
-					foreach ($cookie['GLOBALS'] as $registered_var => $value)
-					{
-						if (!isset($not_unset[$registered_var]))
-						{
-							unset($GLOBALS[$registered_var]);
-						}
-					}
-					$cookie = &$cookie['GLOBALS'];
-				}
-			}
-		}
-
-		unset($GLOBALS[$varname]);
-	}
-
-	unset($input);
-}
-
-// If we are on PHP >= 6.0.0 we do not need some code
-if (version_compare(PHP_VERSION, '6.0.0-dev', '>='))
-{
-	/**
-	* @ignore
-	*/
-	define('STRIP', false);
-}
-else
-{
-	@set_magic_quotes_runtime(0);
-
-	// Be paranoid with passed vars
-	if (@ini_get('register_globals') == '1' || strtolower(@ini_get('register_globals')) == 'on' || !function_exists('ini_get'))
-	{
-		deregister_globals();
-	}
-
-	define('STRIP', (get_magic_quotes_gpc()) ? true : false);
-}
-
-if (defined('IN_CRON'))
-{
-	$phpbb_root_path = dirname(__FILE__) . DIRECTORY_SEPARATOR;
-}
+require($phpbb_root_path . 'includes/startup.' . $phpEx);
 
 if (file_exists($phpbb_root_path . 'config.' . $phpEx))
 {

phpBB/cron.php

@@ -21,7 +21,6 @@ $user->session_begin(false);
 $auth->acl($user->data);
 
 $cron_type = request_var('cron_type', '');
-$use_shutdown_function = (@function_exists('register_shutdown_function')) ? true : false;
 
 // Output transparent gif
 header('Cache-Control: no-cache');
@@ -30,10 +29,9 @@ header('Content-length: 43');
 
 echo base64_decode('R0lGODlhAQABAIAAAP///wAAACH5BAEAAAAALAAAAAABAAEAAAICRAEAOw==');
 
-// test without flush ;)
-// flush();
+// Flush here to prevent browser from showing the page as loading while running cron.
+flush();
 
-//
 if (!isset($config['cron_lock']))
 {
 	set_config('cron_lock', '0', true);
@@ -79,23 +77,10 @@ switch ($cron_type)
 			break;
 		}
 
-		// A user reported using the mail() function while using shutdown does not work. We do not want to risk that.
-		if ($use_shutdown_function && !$config['smtp_delivery'])
-		{
-			$use_shutdown_function = false;
-		}
-
 		include_once($phpbb_root_path . 'includes/functions_messenger.' . $phpEx);
 		$queue = new queue();
 
-		if ($use_shutdown_function)
-		{
-			register_shutdown_function(array(&$queue, 'process'));
-		}
-		else
-		{
-			$queue->process();
-		}
+		$queue->process();
 
 	break;
 
@@ -106,14 +91,7 @@ switch ($cron_type)
 			break;
 		}
 
-		if ($use_shutdown_function)
-		{
-			register_shutdown_function(array(&$cache, 'tidy'));
-		}
-		else
-		{
-			$cache->tidy();
-		}
+		$cache->tidy();
 
 	break;
 
@@ -138,14 +116,7 @@ switch ($cron_type)
 			break;
 		}
 
-		if ($use_shutdown_function)
-		{
-			register_shutdown_function(array(&$search, 'tidy'));
-		}
-		else
-		{
-			$search->tidy();
-		}
+		$search->tidy();
 
 	break;
 
@@ -158,14 +129,7 @@ switch ($cron_type)
 
 		include_once($phpbb_root_path . 'includes/functions_admin.' . $phpEx);
 
-		if ($use_shutdown_function)
-		{
-			register_shutdown_function('tidy_warnings');
-		}
-		else
-		{
-			tidy_warnings();
-		}
+		tidy_warnings();
 
 	break;
 
@@ -178,14 +142,7 @@ switch ($cron_type)
 
 		include_once($phpbb_root_path . 'includes/functions_admin.' . $phpEx);
 
-		if ($use_shutdown_function)
-		{
-			register_shutdown_function('tidy_database');
-		}
-		else
-		{
-			tidy_database();
-		}
+		tidy_database();
 
 	break;
 
@@ -196,14 +153,7 @@ switch ($cron_type)
 			break;
 		}
 
-		if ($use_shutdown_function)
-		{
-			register_shutdown_function(array(&$user, 'session_gc'));
-		}
-		else
-		{
-			$user->session_gc();
-		}
+		$user->session_gc();
 
 	break;
 
@@ -230,26 +180,12 @@ switch ($cron_type)
 
 			if ($row['prune_days'])
 			{
-				if ($use_shutdown_function)
-				{
-					register_shutdown_function('auto_prune', $row['forum_id'], 'posted', $row['forum_flags'], $row['prune_days'], $row['prune_freq']);
-				}
-				else
-				{
-					auto_prune($row['forum_id'], 'posted', $row['forum_flags'], $row['prune_days'], $row['prune_freq']);
-				}
+				auto_prune($row['forum_id'], 'posted', $row['forum_flags'], $row['prune_days'], $row['prune_freq']);
 			}
 
 			if ($row['prune_viewed'])
 			{
-				if ($use_shutdown_function)
-				{
-					register_shutdown_function('auto_prune', $row['forum_id'], 'viewed', $row['forum_flags'], $row['prune_viewed'], $row['prune_freq']);
-				}
-				else
-				{
-					auto_prune($row['forum_id'], 'viewed', $row['forum_flags'], $row['prune_viewed'], $row['prune_freq']);
-				}
+				auto_prune($row['forum_id'], 'viewed', $row['forum_flags'], $row['prune_viewed'], $row['prune_freq']);
 			}
 		}
 
@@ -257,16 +193,8 @@ switch ($cron_type)
 }
 
 // Unloading cache and closing db after having done the dirty work.
-if ($use_shutdown_function)
-{
-	register_shutdown_function('unlock_cron');
-	register_shutdown_function('garbage_collection');
-}
-else
-{
-	unlock_cron();
-	garbage_collection();
-}
+unlock_cron();
+garbage_collection();
 
 exit;
 

phpBB/develop/create_schema_files.php

@@ -12,11 +12,7 @@
 * If you overwrite the original schema files please make sure you save the file with UNIX linefeeds.
 */
 
-die("Please read the first lines of this script for instructions on how to enable it");
-
-@set_time_limit(0);
-
-$schema_path = './../install/schemas/';
+$schema_path = dirname(__FILE__) . '/../install/schemas/';
 
 if (!is_writable($schema_path))
 {
@@ -242,7 +238,7 @@ $supported_dbms = array('firebird', 'mssql', 'mysql_40', 'mysql_41', 'oracle', '
 
 foreach ($supported_dbms as $dbms)
 {
-	$fp = fopen($schema_path . '_' . $dbms . '_schema.sql', 'wt');
+	$fp = fopen($schema_path . $dbms . '_schema.sql', 'wt');
 
 	$line = '';
 
@@ -251,32 +247,43 @@ foreach ($supported_dbms as $dbms)
 	{
 		case 'mysql_40':
 		case 'mysql_41':
-			$line = "#\n# \$I" . "d: $\n#\n\n";
+		case 'firebird':
+		case 'sqlite':
+			fwrite($fp, "# DO NOT EDIT THIS FILE, IT IS GENERATED\n");
+			fwrite($fp, "#\n");
+			fwrite($fp, "# To change the contents of this file, edit\n");
+			fwrite($fp, "# phpBB/develop/create_schema_files.php and\n");
+			fwrite($fp, "# run it.\n");
 		break;
 
+		case 'mssql':
+		case 'oracle':
+		case 'postgres':
+			fwrite($fp, "/*\n");
+			fwrite($fp, " * DO NOT EDIT THIS FILE, IT IS GENERATED\n");
+			fwrite($fp, " *\n");
+			fwrite($fp, " * To change the contents of this file, edit\n");
+			fwrite($fp, " * phpBB/develop/create_schema_files.php and\n");
+			fwrite($fp, " * run it.\n");
+			fwrite($fp, " */\n\n");
+		break;
+	}
+
+	switch ($dbms)
+	{
 		case 'firebird':
-			$line = "#\n# \$I" . "d: $\n#\n\n";
 			$line .= custom_data('firebird') . "\n";
 		break;
 
 		case 'sqlite':
-			$line = "#\n# \$I" . "d: $\n#\n\n";
 			$line .= "BEGIN TRANSACTION;\n\n";
 		break;
 
-		case 'mssql':
-			$line = "/*\n\n \$I" . "d: $\n\n*/\n\n";
-			// no need to do this, no transaction support for schema changes
-			//$line .= "BEGIN TRANSACTION\nGO\n\n";
-		break;
-
 		case 'oracle':
-			$line = "/*\n\n \$I" . "d: $\n\n*/\n\n";
 			$line .= custom_data('oracle') . "\n";
 		break;
 
 		case 'postgres':
-			$line = "/*\n\n \$I" . "d: $\n\n*/\n\n";
 			$line .= "BEGIN;\n\n";
 			$line .= custom_data('postgres') . "\n";
 		break;
@@ -329,6 +336,15 @@ foreach ($supported_dbms as $dbms)
 		// Write columns one by one...
 		foreach ($table_data['COLUMNS'] as $column_name => $column_data)
 		{
+			if (strlen($column_name) > 30)
+			{
+				trigger_error("Column name '$column_name' on table '$table_name' is too long. The maximum is 30 characters.", E_USER_ERROR);
+			}
+			if (isset($column_data[2]) && $column_data[2] == 'auto_increment' && strlen($column_name) > 26) // "${column_name}_gen"
+			{
+				trigger_error("Index name '${column_name}_gen' on table '$table_name' is too long. The maximum is 30 characters.", E_USER_ERROR);
+			}
+
 			// Get type
 			if (strpos($column_data[0], ':') !== false)
 			{
@@ -632,6 +648,11 @@ foreach ($supported_dbms as $dbms)
 					$key_data[1] = array($key_data[1]);
 				}
 
+				if (strlen($table_name . $key_name) > 30)
+				{
+					trigger_error("Index name '${table_name}_$key_name' on table '$table_name' is too long. The maximum is 30 characters.", E_USER_ERROR);
+				}
+
 				switch ($dbms)
 				{
 					case 'mysql_40':
@@ -926,7 +947,7 @@ function get_schema_struct()
 
 	$schema_data['phpbb_bbcodes'] = array(
 		'COLUMNS'		=> array(
-			'bbcode_id'				=> array('TINT:3', 0),
+			'bbcode_id'				=> array('USINT', 0),
 			'bbcode_tag'			=> array('VCHAR:16', ''),
 			'bbcode_helpline'		=> array('VCHAR_UNI', ''),
 			'display_on_posting'	=> array('BOOL', 0),
@@ -1207,6 +1228,24 @@ function get_schema_struct()
 		),
 	);
 
+	$schema_data['phpbb_login_attempts'] = array(
+		'COLUMNS'		=> array(
+			'attempt_ip'			=> array('VCHAR:40', ''),
+			'attempt_browser'		=> array('VCHAR:150', ''),
+			'attempt_forwarded_for'	=> array('VCHAR:255', ''),
+			'attempt_time'			=> array('TIMESTAMP', 0),
+			'user_id'				=> array('UINT', 0),
+			'username'				=> array('VCHAR_UNI:255', 0),
+			'username_clean'		=> array('VCHAR_CI', 0),
+		),
+		'KEYS'			=> array(
+			'att_ip'				=> array('INDEX', array('attempt_ip', 'attempt_time')),
+			'att_for'		=> array('INDEX', array('attempt_forwarded_for', 'attempt_time')),
+			'att_time'				=> array('INDEX', array('attempt_time')),
+			'user_id'					=> array('INDEX', 'user_id'),
+		),
+	);
+
 	$schema_data['phpbb_moderator_cache'] = array(
 		'COLUMNS'		=> array(
 			'forum_id'				=> array('UINT', 0),
@@ -2047,4 +2086,3 @@ EOF;
 
 echo 'done';
 
-?>

phpBB/develop/create_variable_overview.php

@@ -83,7 +83,7 @@ $html_skeleton .= '<br><br><a name="ref"></a><b>References: </b>{SEE_FILES}';
 
 $html_skeleton .= '
 <br><br>
-<div class="copyright" align="center">Powered by phpBB 2.2 &copy; <a href="http://www.phpbb.com/" target="_phpbb" class="copyright">phpBB Group</a>, 2003</div>
+<div class="copyright" align="center">Powered by <a href="http://www.phpbb.com/">phpBB</a>&reg; Forum Software &copy; phpBB Group</div>
 
 		<br clear="all" /></td>
 	</tr>
@@ -405,7 +405,7 @@ $html_data .= '<br><li><a href="./lang_index.html" class="gen">Appendix A: Langu
 
 $html_data .= '
 </ol><br><br>
-<div class="copyright" align="center">Powered by phpBB 2.2 &copy; <a href="http://www.phpbb.com/" target="_phpbb" class="copyright">phpBB Group</a>, 2003</div>
+<div class="copyright" align="center">Powered by <a href="http://www.phpbb.com/">phpBB</a>&reg; Forum Software &copy; phpBB Group</div>
 
 		<br clear="all" /></td>
 	</tr>
@@ -528,7 +528,7 @@ foreach ($lang_fp as $filepointer)
 
 $html_data .= '
 <br><br>
-<div class="copyright" align="center">Powered by phpBB 2.2 &copy; <a href="http://www.phpbb.com/" target="_phpbb" class="copyright">phpBB Group</a>, 2003</div>
+<div class="copyright" align="center">Powered by <a href="http://www.phpbb.com/">phpBB</a>&reg; Forum Software &copy; phpBB Group</div>
 
 		<br clear="all" /></td>
 	</tr>

phpBB/develop/mysql_upgrader.php

@@ -21,6 +21,7 @@
 die("Please read the first lines of this script for instructions on how to enable it");
 
 define('IN_PHPBB', true);
+$phpbb_root_path = (defined('PHPBB_ROOT_PATH')) ? PHPBB_ROOT_PATH : './';
 $phpEx = substr(strrchr(__FILE__, '.'), 1);
 include($phpbb_root_path . 'common.' . $phpEx);
 
@@ -252,7 +253,7 @@ foreach ($schema_data as $table_name => $table_data)
 	// Do we now need to re-add the fulltext index? ;)
 	if ($table_name == ($prefix . 'posts') && $drop_index)
 	{
-		echo "ALTER TABLE $table_name ADD FULLTEXT (post_subject), ADD FULLTEXT (post_text), ADD FULLTEXT post_content (post_subject, post_text){$newline}";
+		echo "ALTER TABLE $table_name ADD FULLTEXT (post_subject), ADD FULLTEXT (post_text), ADD FULLTEXT post_content (post_subject, post_text);{$newline}";
 	}
 }
 
@@ -414,7 +415,7 @@ function get_schema_struct()
 
 	$schema_data['phpbb_bbcodes'] = array(
 		'COLUMNS'		=> array(
-			'bbcode_id'				=> array('TINT:3', 0),
+			'bbcode_id'				=> array('USINT', 0),
 			'bbcode_tag'			=> array('VCHAR:16', ''),
 			'bbcode_helpline'		=> array('VCHAR_UNI', ''),
 			'display_on_posting'	=> array('BOOL', 0),

phpBB/docs/AUTHORS

@@ -1,6 +1,6 @@
 /**
 *
-* phpBB3 © Copyright 2000, 2002, 2005, 2007 phpBB Group
+* phpBB3 © Copyright phpBB Group
 * http://www.phpbb.com
 *
 * This program is free software: you can redistribute it and/or modify
@@ -22,20 +22,17 @@ involved in phpBB.
 
 phpBB Lead Developer:  naderman (Nils Adermann)
 
-phpBB Developers:      A_Jelly_Doughnut (Josh Woody)
-                       Acyd Burn (Meik Sievertsen) [Lead 09/2005 - 01/2010]
-                       APTX (Marek A. R.)
+phpBB Developers:      Acyd Burn (Meik Sievertsen) [Lead 09/2005 - 01/2010]
                        bantu (Andreas Fischer)
-                       dhn (Dominik Dröscher)
+                       ckwalsh (Cullen Walsh)
                        igorw (Igor Wiedler)
                        kellanved (Henry Sudhof)
                        nickvergessen (Joas Schilling)
+                       Oleg (Oleg Pudeyev)
                        rxu (Ruslan Uzdenov)
-                       Terrafrost (Jim Wigginton)
                        ToonArmy (Chris Smith)
 
-Contributions by:      Brainy (Cullen Walsh)
-                       leviatan21 (Gabriel Vazquez)
+Contributions by:      leviatan21 (Gabriel Vazquez)
                        Raimon (Raimon Meuldijk)
                        Xore (Robert Hetzler)
 
@@ -47,11 +44,15 @@ phpBB Project Manager: theFinn (James Atkinson) [Founder - 04/2007]
 
 phpBB Lead Developer:  psoTFX (Paul S. Owen) [2001 - 09/2005]
 
-phpBB Developers:      Ashe (Ludovic Arnaud)       [10/2002 - 11/2003, 06/2006 - 10/2006]
-                       BartVB (Bart van Bragt)     [11/2000 - 03/2006]
-                       DavidMJ (David M.)          [12/2005 - 08/2009]
-                       GrahamJE (Graham Eames)     [09/2005 - 11/2006]
-                       Vic D'Elfant (Vic D'Elfant) [04/2007 - 04/2009]
+phpBB Developers:      A_Jelly_Doughnut (Josh Woody) [01/2010 - 11/2010]
+                       APTX (Marek A. Ruszczyński)   [12/2007 - 04/2011]
+                       Ashe (Ludovic Arnaud)         [10/2002 - 11/2003, 06/2006 - 10/2006]
+                       BartVB (Bart van Bragt)       [11/2000 - 03/2006]
+                       DavidMJ (David M.)            [12/2005 - 08/2009]
+                       dhn (Dominik Dröscher)        [05/2007 - 01/2011]
+                       GrahamJE (Graham Eames)       [09/2005 - 11/2006]
+                       TerraFrost (Jim Wigginton)    [04/2009 - 01/2011]
+                       Vic D'Elfant (Vic D'Elfant)   [04/2007 - 04/2009]
 
 -- Copyrights --
 

phpBB/docs/CHANGELOG.html

@@ -8,7 +8,7 @@
 <meta http-equiv="imagetoolbar" content="no" />
 <meta name="resource-type" content="document" />
 <meta name="distribution" content="global" />
-<meta name="copyright" content="2007 phpBB Group" />
+<meta name="copyright" content="phpBB Group" />
 <meta name="keywords" content="" />
 <meta name="description" content="phpBB 3.0.x Changelog" />
 <title>phpBB3 &bull; Changelog</title>
@@ -53,6 +53,8 @@
 <ol>
 	<li><a href="#changelog">Changelog</a>
 	<ol style="list-style-type: lower-roman;">
+		<li><a href="#v309">Changes since 3.0.9</a></li>
+		<li><a href="#v308">Changes since 3.0.8</a></li>
 		<li><a href="#v307-PL1">Changes since 3.0.7-PL1</a></li>
 		<li><a href="#v307">Changes since 3.0.7</a></li>
 		<li><a href="#v306">Changes since 3.0.6</a></li>
@@ -89,7 +91,511 @@
 
 		<div class="content">
 
-	<a name="v307-PL1"></a><h3>1.i. Changes since 3.0.7-PL1</h3>
+	<a name="v309"></a><h3>1.i. Changes since 3.0.9</h3>
+
+<h4>Bug</h4>
+<ul>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-5506">PHPBB3-5506</a>] - Deleting all items from last page results in empty list display</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-6458">PHPBB3-6458</a>] - Width of Topics and Posts columns in Board Index is causing problems with language packs</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-7138">PHPBB3-7138</a>] - Cannot display simple header/footer with trigger_error()</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-7291">PHPBB3-7291</a>] - Broken links of char selection in memberlist</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-7932">PHPBB3-7932</a>] - Fix font size in select boxes</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-8094">PHPBB3-8094</a>] - Text in the forums.php and install.php not matching</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-8173">PHPBB3-8173</a>] - Redundant BBCode helpline in JS</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-8177">PHPBB3-8177</a>] - February 29th birthdays not shown in non-leap year</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-8571">PHPBB3-8571</a>] - Users can make their age a negative number on memberlist</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-8691">PHPBB3-8691</a>] - Error creating log_time index</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-8937">PHPBB3-8937</a>] - Code tags - single space indent</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-9008">PHPBB3-9008</a>] - Incorrect unread topic tracking for unapproved topics</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-9066">PHPBB3-9066</a>] - Invalid Prefix Names Allowed</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-9416">PHPBB3-9416</a>] - HTML entities in poll titles and options incorrectly re-encoded</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-9525">PHPBB3-9525</a>] - Minimum characters per post/message should never be '0'</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-9645">PHPBB3-9645</a>] - XHTML error on phpinfo page in ACP</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-9776">PHPBB3-9776</a>] - When deleting and recreating a poll, old options aren't deleted and reappear with the new ones</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-9956">PHPBB3-9956</a>] - No error message displayed when disapprove reason is invalid or empty</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-9976">PHPBB3-9976</a>] - Direct post links open the wrong page of viewtopic when multiple posts are posted in the same second</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-9978">PHPBB3-9978</a>] - Missing semicolons in // &lt;![CDATA[ part of overall_header.html</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10087">PHPBB3-10087</a>] - Limited browser support for ban exclusion emphasis</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10157">PHPBB3-10157</a>] - Missing error handling when a custom profile field is not defined for current language</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10166">PHPBB3-10166</a>] - Post-admin activation email confusingly refers to username</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10187">PHPBB3-10187</a>] - XHTML error in ucp_groups_manage.html</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10190">PHPBB3-10190</a>] - Misleading information about permissions displayed after editing forum settings</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10212">PHPBB3-10212</a>] - Captcha not displayed when username not exists</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10216">PHPBB3-10216</a>] - Updater's failed query language grammatically incorrect</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10226">PHPBB3-10226</a>] - Mysqli dbal extension does not allow connection via pipes</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10227">PHPBB3-10227</a>] - Mysqli dbal extension does not allow persistent connection for PHP &gt;= 5.3.0</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10237">PHPBB3-10237</a>] - Unwatching a forum/topic does not check for correct hash parameter</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10240">PHPBB3-10240</a>] - Word filter evasion</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10253">PHPBB3-10253</a>] - IE9 Quote problem</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10255">PHPBB3-10255</a>] - gitignore ignores too much</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10257">PHPBB3-10257</a>] - AAAA record parsing fails on older versions of Windows</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10259">PHPBB3-10259</a>] - Incorrect email on joining Open group</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10265">PHPBB3-10265</a>] - Unit test tests/random/mt_rand.php is not run because of missing _test suffix.</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10266">PHPBB3-10266</a>] - Poor navigation links after reporting a post</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10267">PHPBB3-10267</a>] - Missing strlen() on $table_prefix in db tools index name length check</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10274">PHPBB3-10274</a>] - Hardcoded module ID in &quot;Re-check version&quot; link on ACP front page</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10275">PHPBB3-10275</a>] - Wrong information about sent passwords in FAQ</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10292">PHPBB3-10292</a>] - Whitespace inconsistency in acp_ranks</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10293">PHPBB3-10293</a>] - Jumpbox allows jumping to invalid forums in prosilver</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10294">PHPBB3-10294</a>] - sqlsrv_rows_affected non-functional in MSSQLNative.php</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10296">PHPBB3-10296</a>] - incorrect cross join in SQL Server</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10298">PHPBB3-10298</a>] - EMBED Tag Not Closed Properly In subSilver2 attachment.html</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10299">PHPBB3-10299</a>] - Typo in comment about $max_store_length in truncate_string() (in functions_content.php)</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10303">PHPBB3-10303</a>] - send_status_line() doesn't validate user input</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10304">PHPBB3-10304</a>] - Bad url in U_ICQ on /ucp_mp_viewmessage.php</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10307">PHPBB3-10307</a>] - Return value of $db-&gt;sql_fetchrow() on empty tables is not consistent</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10309">PHPBB3-10309</a>] - Utf tests download data into temporary locations deep in source tree</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10320">PHPBB3-10320</a>] - &quot;Most active topic&quot; can leak topic title of topics in password-protected forums</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10321">PHPBB3-10321</a>] - Link to page 1 of the Memberlist has a useless question mark at the end</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10324">PHPBB3-10324</a>] - XHTML error in Prosilver - MCP - User Notes</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10339">PHPBB3-10339</a>] - Typo in prosilver's mcp_front.html</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10341">PHPBB3-10341</a>] - Topic title of &quot;0&quot; does not show as &quot;Most active topic&quot;</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10351">PHPBB3-10351</a>] - Invalid syntax for Oracle's sql_column_remove()</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10352">PHPBB3-10352</a>] - Missing break for Oracle's sql_table_drop()</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10365">PHPBB3-10365</a>] - Moderators can view forbidden information</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10377">PHPBB3-10377</a>] - All moderators can change topic type</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10394">PHPBB3-10394</a>] - Tests use call-time pass by reference which results in Fatal error on PHP 5.4</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10397">PHPBB3-10397</a>] - Pagination code inconsistency </li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10400">PHPBB3-10400</a>] - '0' (zero) not allowed as forum name</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10413">PHPBB3-10413</a>] - Make create_schema_files usable</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10416">PHPBB3-10416</a>] - Use dbport in phpbb_database_test_connection_manager::connect()</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10420">PHPBB3-10420</a>] - Update startup to account for PHP 5.4</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10421">PHPBB3-10421</a>] - Interchanged parameters in includes/acp/acp_users.php</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10422">PHPBB3-10422</a>] - Unnecessary &lt;!-- IF --&gt; statement in viewtopic_body.html</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10435">PHPBB3-10435</a>] - Topic count mismatch on viewforum</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10437">PHPBB3-10437</a>] - Announcements on moderation queue are not hidden</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10446">PHPBB3-10446</a>] - Unencoded 8bit characters in email headers</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10452">PHPBB3-10452</a>] - XHTML error when printing a PM</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10461">PHPBB3-10461</a>] - MCP's recent actions list is empty</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10479">PHPBB3-10479</a>] - Remove PostgreSQL version numbers from driver's language string</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10485">PHPBB3-10485</a>] - XHTML error in Prosilver - index and viewforum</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10488">PHPBB3-10488</a>] - Database updater for 3.0.10-RC1 overwrites config variable email_max_chunk_size without checking for custom value</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10497">PHPBB3-10497</a>] - SQL error when guest visits forum with unread topic</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10319">PHPBB3-10319</a>] - Missing hidden fields in search form</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10501">PHPBB3-10501</a>] - Description of table prefix is wrong</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10502">PHPBB3-10502</a>] - CHANGELOG.html has a typo: 'red' should be 'read'.</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10503">PHPBB3-10503</a>] - Debug error when previewing edits</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10504">PHPBB3-10504</a>] - MCP Layout STILL broken in ProSilver when screen is resized to less 1200 pixels</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10531">PHPBB3-10531</a>] - Last remaining style can be uninstalled</li>
+</ul>
+<h4>Improvement</h4>
+<ul>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-8616">PHPBB3-8616</a>] - Add direct link to PM to notification message</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-9036">PHPBB3-9036</a>] - Forums that can be listed but not read expose forum information</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-9297">PHPBB3-9297</a>] - Add support for Extended Passive Mode (EPSV) in class ftp_fsock to better support IPv6 connections.</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-9307">PHPBB3-9307</a>] - Mass email $max_chunk_size</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-9361">PHPBB3-9361</a>] - Edit account settings - Improved clarification needed</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-9778">PHPBB3-9778</a>] - Member Search from the Admin Control Panel is not Intuitive</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-9898">PHPBB3-9898</a>] - Readme needs updating to reflect more opening for patches</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-9995">PHPBB3-9995</a>] - Unnecessary coding in display_forums() in functions_display.php</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10032">PHPBB3-10032</a>] - BBCode Add List Item Control Name Contains Typo</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10074">PHPBB3-10074</a>] - Change default value of 'Set as special rank' to No for Add new rank</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10185">PHPBB3-10185</a>] - Board startdate not being set</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10189">PHPBB3-10189</a>] - Add &quot;automatically generated&quot; comment into schema-files.</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10199">PHPBB3-10199</a>] - Performance: viewtopic has a useless join</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10222">PHPBB3-10222</a>] - Also build language and styles changes in diff/patch format</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10239">PHPBB3-10239</a>] - Add &quot;Are you sure&quot; confirmation to backup restore in ACP</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10243">PHPBB3-10243</a>] - Add gmgetdate() wrapper for getdate() which returns dates in UTC.</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10245">PHPBB3-10245</a>] - Messenger uses output buffering for error collection, should use error collector instead</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10246">PHPBB3-10246</a>] - Remove VCS section from docs/coding-guidelines.html</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10254">PHPBB3-10254</a>] - Remove style names from themes and fix some information on it</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10263">PHPBB3-10263</a>] - Add phpbb_version_compare() wrapper for version_compare()</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10278">PHPBB3-10278</a>] - Improve timeout handling in get_remote_file()</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10315">PHPBB3-10315</a>] - Radio Buttons in ACP are clipped in Safari - Fix suggested</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10327">PHPBB3-10327</a>] - Use &quot;ALTER TABLE ... ADD INDEX&quot; instead of &quot;CREATE INDEX&quot;</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10334">PHPBB3-10334</a>] - Birthday List display not dependent on user privileges</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10335">PHPBB3-10335</a>] - Responses to bots should have extra header to be used by reverse proxies</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10346">PHPBB3-10346</a>] - Add drop_tables key for database updater</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10354">PHPBB3-10354</a>] - When template tests are skipped because cache is not writable, print cache directory path</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10369">PHPBB3-10369</a>] - Change error collector to always report errfile and errline</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10370">PHPBB3-10370</a>] - Various improvements for get_backtrace()</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10402">PHPBB3-10402</a>] - Displaying report texts with linebreaks and clickable links</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10419">PHPBB3-10419</a>] - Add mbstring PHP ini parameters checks to ACP</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10430">PHPBB3-10430</a>] - Some typos and the like in docs/coding-guidelines.html</li>
+</ul>
+<h4>New Feature</h4>
+<ul>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-8240">PHPBB3-8240</a>] - Request: db_tools to have two additional functions, table list and column list</li>
+</ul>
+<h4>Task</h4>
+<ul>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-9689">PHPBB3-9689</a>] - Scripts and utilities</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10003">PHPBB3-10003</a>] - Resolve db_tools proliferation</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10313">PHPBB3-10313</a>] - Include slow unit tests when running build script</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10483">PHPBB3-10483</a>] - Test suite does not run with MySQL strict mode</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10486">PHPBB3-10486</a>] - Create git shortlog and git diff --stat in build script</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10480">PHPBB3-10480</a>] - Automate changelog building</li>
+</ul>
+
+	<a name="v308"></a><h3>1.ii. Changes since 3.0.8</h3>
+
+<h4>        Bug
+</h4>
+<ul>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-217'>PHPBB3-217</a>] -         Multiline [url] not Converted
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-6712'>PHPBB3-6712</a>] -         Topic bumping does not create new topic icon on index
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-7057'>PHPBB3-7057</a>] -         Quicksearch uses POST, thus the page expires!
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-7778'>PHPBB3-7778</a>] -         Increase limit of custom BBcodes
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-7834'>PHPBB3-7834</a>] -         Correctly update topic_time when deleting first post in topic
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-7888'>PHPBB3-7888</a>] -         URL of search results page does not always contain all keywords of the search query
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-7941'>PHPBB3-7941</a>] -         mistake in description of function generate_board_url
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-8138'>PHPBB3-8138</a>] -         Browser autocompleton fills wrong fields in ACP
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-8736'>PHPBB3-8736</a>] -         Honour ACP settings for min/max username length when posting as a guest.
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-8802'>PHPBB3-8802</a>] -         Wrong confirmation text when clicking &quot;mark forums read&quot; in a category
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-8904'>PHPBB3-8904</a>] -         Show numeric CPF default value when editing
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9166'>PHPBB3-9166</a>] -         Subsilver and prosilver CSS elements out of order.
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9348'>PHPBB3-9348</a>] -         Correctly encode default_dateformat when converting from phpBB2
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9575'>PHPBB3-9575</a>] -         The word &quot;administrate&quot; is not correct.
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9630'>PHPBB3-9630</a>] -         Naming inconsistency of Merging Posts / Topics in MCP
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9675'>PHPBB3-9675</a>] -         Add option to delete template/theme/imageset when deleting style.
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9685'>PHPBB3-9685</a>] -         Unable to create &quot;Fulltext native&quot; search index using the mssqlnative DBAL
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9751'>PHPBB3-9751</a>] -         Password requirement &quot;Must contain letters and numbers&quot; is not working properly
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9764'>PHPBB3-9764</a>] -         Empty value for CONFIG_TABLE config_name= &#39;mime_triggers&#39; causes functions_fileupload.php-&gt;fileupload-&gt;check_content() to be too restrictive
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9851'>PHPBB3-9851</a>] -         &quot;Search new posts&quot; should require login
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9872'>PHPBB3-9872</a>] -         Total topics isn&#39;t correct after I deleted a user
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9874'>PHPBB3-9874</a>] -         view_log() performs unneeded count query over all log entries.
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9892'>PHPBB3-9892</a>] -         Firebird index name length limit is not taken into account
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9905'>PHPBB3-9905</a>] -         DSN field should include SQLite
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9908'>PHPBB3-9908</a>] -         Send &quot;Moved Permanently&quot; before stripping off session ids for Bots.
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9910'>PHPBB3-9910</a>] -         Javascript bug in Subsilver2 PMs
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9911'>PHPBB3-9911</a>] -         Incorrect open/close field in Manage ranks ACP
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9913'>PHPBB3-9913</a>] -         currunt should be current
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9915'>PHPBB3-9915</a>] -         &quot;Length of ban:&quot; is not displayed in ACP
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9924'>PHPBB3-9924</a>] -         $template-&gt;display hook does not pass $template instance
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9925'>PHPBB3-9925</a>] -         prosilver logo margin bug in IE 6-7-8 
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9928'>PHPBB3-9928</a>] -         Do not link &quot;login to your board&quot; to the &quot;send statistics&quot; page after completed update.
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9930'>PHPBB3-9930</a>] -         Redirect fails with open_basedir enabled
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9932'>PHPBB3-9932</a>] -         The Bing bot is not added when converting.
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9933'>PHPBB3-9933</a>] -         Wrong handling of consecutive multiple asterisks in word censor 
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9934'>PHPBB3-9934</a>] -         Mass Mail missing under the system tab on a fresh install
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9939'>PHPBB3-9939</a>] -         JavaScript error in recaptcha ACP template
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9944'>PHPBB3-9944</a>] -         Extension groups naming don&#39;t use users&#39; language in ACP
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9946'>PHPBB3-9946</a>] -         $inserts empty in sql_query() for oracle
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9948'>PHPBB3-9948</a>] -         Inline quicktime files won&#39;t display
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9949'>PHPBB3-9949</a>] -         $user-&gt;lang() is not handling arguments as per documentation 
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9950'>PHPBB3-9950</a>] -         Problem with localized button images after uprading from 3.0.7-PL1 to 3.0.8
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9953'>PHPBB3-9953</a>] -         Set focus to password on re-authentication
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9954'>PHPBB3-9954</a>] -         u_masspm* permissions are forced to never for certain groups
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9961'>PHPBB3-9961</a>] -         Inconsistent activation logs
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9966'>PHPBB3-9966</a>] -         Language download in ACP creates index.html and misses captcha_*
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9970'>PHPBB3-9970</a>] -         user_lang input not checked during registration
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9981'>PHPBB3-9981</a>] -         Fix unit test dependencies on phpBB files
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9985'>PHPBB3-9985</a>] -         3D Wave CAPTCHA mt_rand() does not check order of min/max values
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9997'>PHPBB3-9997</a>] -         Inconsistent approve/disapprove button order in modcp
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9999'>PHPBB3-9999</a>] -         {forumrow.L_FORUM_FOLDER_ALT} and {SEARCH_IMG} only return a language key.
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10005'>PHPBB3-10005</a>] -         users can register without custom profile field correctly entered
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10011'>PHPBB3-10011</a>] -         __DIR__ in test suite renders it unusable on php &lt; 5.3
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10016'>PHPBB3-10016</a>] -         set_config_count() fails on PostreSQL 7
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10020'>PHPBB3-10020</a>] -         ACP function validate_range() fails partially on non-32-bit systems
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10021'>PHPBB3-10021</a>] -         &quot;Find a member&quot; generates SQL error when large dates are entered
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10029'>PHPBB3-10029</a>] -         No such thing as $_SERVER[&#39;HTTP_VERSION&#39;]
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10033'>PHPBB3-10033</a>] -         &quot;Disallow usernames&quot; does not check already disallowed names
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10035'>PHPBB3-10035</a>] -         ACP template edit feature allows to read any files on webserver and to upload/execute any script on it
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10036'>PHPBB3-10036</a>] -         Use image from configuration file for displaying online-status.
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10038'>PHPBB3-10038</a>] -         download/file.php uses $_GET value instead of function request_var()
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10039'>PHPBB3-10039</a>] -         2.x to 3.x conversion fails when using mssqlnative to connect to destination database
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10042'>PHPBB3-10042</a>] -         GD captcha has invalid mt_rand calls
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10047'>PHPBB3-10047</a>] -         Session ID always included in URL on posting.php
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10049'>PHPBB3-10049</a>] -         Session test files are misnamed, session tests are not run
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10052'>PHPBB3-10052</a>] -         Session tests are broken
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10056'>PHPBB3-10056</a>] -         Firebird misspelled in database updater
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10058'>PHPBB3-10058</a>] -         Root path is undefined in MySQL upgrader
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10059'>PHPBB3-10059</a>] -         Consistent is misspelled twice
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10060'>PHPBB3-10060</a>] -         Typo in tests database connection manager
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10068'>PHPBB3-10068</a>] -         Firefox4 restrictions to :visited
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10078'>PHPBB3-10078</a>] -         commit-msg hook prints \n on freebsd
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10081'>PHPBB3-10081</a>] -         Cleanup Template Tests
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10084'>PHPBB3-10084</a>] -         Add smilie errors out when image is missing
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10088'>PHPBB3-10088</a>] -         Cache mock does not unset database versions other than mysqli
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10090'>PHPBB3-10090</a>] -         cache/queue.php.lock isn&#39;t covered by .gitignore
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10092'>PHPBB3-10092</a>] -         commit-msg hook aborts on overlength comment lines
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10096'>PHPBB3-10096</a>] -         Wrong whitespace in functions.php
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10100'>PHPBB3-10100</a>] -         Race condition in unique_id() on heavily busy database.
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10102'>PHPBB3-10102</a>] -         member.S_PENDING_SET in styles/prosilver/template/ucp_groups_manage.html
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10104'>PHPBB3-10104</a>] -         missing one intval() along with others already being there
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10109'>PHPBB3-10109</a>] -         Errors while copying a topic
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10112'>PHPBB3-10112</a>] -         Use of count() in captcha_gd.php and mssqlnative.php
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10115'>PHPBB3-10115</a>] -         BBcodes not working if post contains about or more 55000 non-english symbols
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10117'>PHPBB3-10117</a>] -         Big posts becomes empty if they have smilies on specified places.
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10121'>PHPBB3-10121</a>] -         ICQ profile link leads to a webservice that is no longer active
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10123'>PHPBB3-10123</a>] -         Inconsistent use of smilie/smiley
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10128'>PHPBB3-10128</a>] -         Error message is on green background when trying to ban a nonexistent user
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10137'>PHPBB3-10137</a>] -         Deleting an unintended space at the end of PHP_URL_FOPEN_SUPPORT_EXPLAIN
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10146'>PHPBB3-10146</a>] -         Firebird cannot handle DECIMAL(255, 0)
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10147'>PHPBB3-10147</a>] -         Typo in code comment in functions_template.php
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10149'>PHPBB3-10149</a>] -         deregister_globals causes error when cookie called GLOBALS is set to scalar value
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10170'>PHPBB3-10170</a>] -         reCAPTCHA address has changed
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10171'>PHPBB3-10171</a>] -         Firefox4 displays grey pixels at PM message rows when message is neither marked nor replied
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10177'>PHPBB3-10177</a>] -         phpBB package cannot be built with bsdtar
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10178'>PHPBB3-10178</a>] -         build.xml does not specify path to find - breaks on FreeBSD
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10188'>PHPBB3-10188</a>] -         Broken compressed output when errors/warnings are handled by phpbb and output_buffering is set to 4096 and phpbb gzip is enabled
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10191'>PHPBB3-10191</a>] -         Duplicate output when output_handler is set in php.ini
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10192'>PHPBB3-10192</a>] -         Missing semicolon in MySQL Upgrader
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10195'>PHPBB3-10195</a>] -         Do not check DNS Blacklists if IPv6 address is passed to session::check_dnsbl().
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10198'>PHPBB3-10198</a>] -         Function validate_config_vars() improperly validates multibyte strings
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10203'>PHPBB3-10203</a>] -         Fix quotations and hyphen in language strings for PHPBB3-10067
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10204'>PHPBB3-10204</a>] -         Package build tool does not detect binary file changes
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10206'>PHPBB3-10206</a>] -         Normalization tests fail when unicode.org is not reachable
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10211'>PHPBB3-10211</a>] -         Missing space on the recent PHPBB3-9992 changes
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10213'>PHPBB3-10213</a>] -         IP limit index name too long on Oracle
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10214'>PHPBB3-10214</a>] -         Cannot configure Q&amp;A on Oracle
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10218'>PHPBB3-10218</a>] -         STRIP is not defined in style.php causing a notice to be thrown
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10219'>PHPBB3-10219</a>] -         Inappropriate character in web.config file
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10220'>PHPBB3-10220</a>] -         Logging in with Mobile Device triggers SQL error on *_login_attempts.
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10221'>PHPBB3-10221</a>] -         Inconsistent usage of &quot;Seconds&quot; in ACP Settings
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-7729'>PHPBB3-7729</a>] -         Prevent date/time functions from throwing E_WARNING on PHP 5.3 by setting a default timezone
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10188'>PHPBB3-10188</a>] -         Broken compressed output when errors/warnings are handled by phpbb and output_buffering is set to 4096 and phpbb gzip is enabled
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10223'>PHPBB3-10223</a>] -         Updater references startup.php from board path
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10228'>PHPBB3-10228</a>] -         Typo in 3.0.9-RC1 user registration settings
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10229'>PHPBB3-10229</a>] -         On languge/acp/styles.php &quot;%s&quot; should be &quot;%s&quot;
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10232'>PHPBB3-10232</a>] -         Search within topic/forum searches all posts
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10233'>PHPBB3-10233</a>] -         IE Emulation fix breaks posting layout when PMing
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10234'>PHPBB3-10234</a>] -         msg_handler() reports E_WARNING as &quot;PHP Notice: &quot;
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10247'>PHPBB3-10247</a>] -         mediumint(8) too small for phpbb_login_attempts.attempt_id
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10250'>PHPBB3-10250</a>] -         phpBB Logo needs the Registered Trademark Symbol
+</li>
+</ul>
+    
+<h4>        Improvement
+</h4>
+<ul>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9581'>PHPBB3-9581</a>] -         Banned users get mass emails.
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9802'>PHPBB3-9802</a>] -         Optimize session_begin REMOTE_ADDR validation
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9878'>PHPBB3-9878</a>] -         Get rid of Internet Explorer 7 emulation
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9897'>PHPBB3-9897</a>] -         Language typos in language/en/acp/board.php
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9922'>PHPBB3-9922</a>] -         Posting URL in subsilver 2
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9937'>PHPBB3-9937</a>] -         Feed Icon displays on Forum links
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9980'>PHPBB3-9980</a>] -         URLs to javascript should be T_SUPER_TEMPLATE_PATH instead of T_TEMPLATE_PATH
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9989'>PHPBB3-9989</a>] -         Skip PM popup in overall_header.html, if there are no new PMs.
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10007'>PHPBB3-10007</a>] -         Add directive &#39;internal&#39; to blocked folders in nginx example configuration.
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10009'>PHPBB3-10009</a>] -         Differentiate published/updated dates in Atom feed
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10014'>PHPBB3-10014</a>] -         Make the error message when cache is not writable clearer
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10024'>PHPBB3-10024</a>] -         Allow a Style to present Unread PM in different way than read PM
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10040'>PHPBB3-10040</a>] -         Continuous integration on PHP 5.2
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10041'>PHPBB3-10041</a>] -         download/file.php needs more use of send_status_line
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10044'>PHPBB3-10044</a>] -         Setup github network improvements
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10057'>PHPBB3-10057</a>] -         More informative reporting of errors when database connection fails for Firebird and PostgreSQL.
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10067'>PHPBB3-10067</a>] -         ACP options for account activation are confusing when emails are turned off board-wide
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10069'>PHPBB3-10069</a>] -         Improvements in sample nginx config file
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10072'>PHPBB3-10072</a>] -         Send the post number to the template as it relates to it&#39;s position in the topic
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10101'>PHPBB3-10101</a>] -         Compatibility with native phpass hashes
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10126'>PHPBB3-10126</a>] -         Replace ^ with &amp;~ in error_reporting calls
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10141'>PHPBB3-10141</a>] -         Performance improvement for $auth-&gt;_fill_acl()
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10145'>PHPBB3-10145</a>] -         Ability to force recompilation of all templates on every page load
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10154'>PHPBB3-10154</a>] -         Move &quot;copy permissions from&quot; to below &quot;parent&quot; in forum creation form
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10158'>PHPBB3-10158</a>] -         Return link not really useful after sending a Private Message
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10186'>PHPBB3-10186</a>] -         UCP signature panel displays when not authed for signatures
+</li>
+</ul>
+    
+<h4>        New Feature
+</h4>
+<ul>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9942'>PHPBB3-9942</a>] -         WinCache Caching Module
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9992'>PHPBB3-9992</a>] -         Limit amount of failed login attempts per IP
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10110'>PHPBB3-10110</a>] -         Redis caching module
+</li>
+</ul>
+    
+<h4>        Task
+</h4>
+<ul>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9788'>PHPBB3-9788</a>] -         Add README for GitHub
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9805'>PHPBB3-9805</a>] -         Add a script for setting up git remotes for a github network
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9806'>PHPBB3-9806</a>] -         Script for easy merging
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9824'>PHPBB3-9824</a>] -         Git hook quirks
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9859'>PHPBB3-9859</a>] -         Remove the years from visible copyright in the footer.
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9921'>PHPBB3-9921</a>] -         Add sample configuration for lighttpd webserver
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9943'>PHPBB3-9943</a>] -         Setup phpDocumentor API documentation generation
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9967'>PHPBB3-9967</a>] -         Use phpunit.xml for test suite
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9987'>PHPBB3-9987</a>] -         Enforce _test.php suffix for test files
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9990'>PHPBB3-9990</a>] -         Integrate utf normalizer tests into test suite
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10043'>PHPBB3-10043</a>] -         Refactor phpbb_database_test_case
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10046'>PHPBB3-10046</a>] -         Getting rid of register_shutdown_function() in cron.php to prevent path disclosure (reported by lacton)
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10075'>PHPBB3-10075</a>] -         Update docs/AUTHORS for 3.0.9-RC1 release
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10079'>PHPBB3-10079</a>] -         Add gallery avatars to .gitignore.
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10082'>PHPBB3-10082</a>] -         Fix Session Test Issues with CHAR vs. VARCHAR.
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10105'>PHPBB3-10105</a>] -         Update AIM express link and &quot;Download Application&quot; links
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10107'>PHPBB3-10107</a>] -         Improve docs for non-apache webserver configuration
+</li>
+</ul>
+    
+<h4>        Sub-task
+</h4>
+<ul>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9732'>PHPBB3-9732</a>] -         Cover session code extensively in tests
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9968'>PHPBB3-9968</a>] -         Create unit test for word censor regular expression
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9969'>PHPBB3-9969</a>] -         Move word censor regular expression creation into separate function definition in functions.php
+</li>
+</ul>
+
+
+	<a name="v307-PL1"></a><h3>1.iii. Changes since 3.0.7-PL1</h3>
 <h4>        Security
 </h4>
 <ul>
@@ -547,13 +1053,13 @@
 </ul>
 
 
-	<a name="v307"></a><h3>1.ii. Changes since 3.0.7</h3>
+	<a name="v307"></a><h3>1.iiv. Changes since 3.0.7</h3>
 
 	<ul>
 		<li>[Sec] Do not expose forum content of forums with ACL entries but no actual permission in ATOM Feeds. (Bug #58595)</li>
 	</ul>
 
-	<a name="v306"></a><h3>1.iii. Changes since 3.0.6</h3>
+	<a name="v306"></a><h3>1.v. Changes since 3.0.6</h3>
 
 	<ul>
 		<li>[Fix] Allow ban reason and length to be selected and copied in ACP and subsilver2 MCP. (Bug #51095)</li>
@@ -657,7 +1163,7 @@
 
 	</ul>
 
-	<a name="v305"></a><h3>1.iv. Changes since 3.0.5</h3>
+	<a name="v305"></a><h3>1.vi. Changes since 3.0.5</h3>
 
 	<ul>
 		<li>[Fix] Allow whitespaces in avatar gallery names. (Bug #44955)</li>
@@ -879,7 +1385,7 @@
 		<li>[Feature] Send anonymous statistical information to phpBB on installation and update (optional).</li>
 	</ul>
 
-	<a name="v304"></a><h3>1.v. Changes since 3.0.4</h3>
+	<a name="v304"></a><h3>1.vii. Changes since 3.0.4</h3>
 
 	<ul>
 		<li>[Fix] Delete user entry from ban list table upon user deletion (Bug #40015 - Patch by TerraFrost)</li>
@@ -968,7 +1474,7 @@
 		<li>[Sec] Only use forum id supplied for posting if global announcement detected. (Reported by nickvergessen)</li>
 	</ul>
 
-	<a name="v303"></a><h3>1.vi. Changes since 3.0.3</h3>
+	<a name="v303"></a><h3>1.viii. Changes since 3.0.3</h3>
 
 	<ul>
 		<li>[Fix] Allow mixed-case template directories to be inherited (Bug #36725)</li>
@@ -1000,7 +1506,7 @@
 		<li>[Sec] Ask for forum password if post within passworded forum quoted in private message. (Reported by nickvergessen)</li>
 	</ul>
 
-	<a name="v302"></a><h3>1.vii. Changes since 3.0.2</h3>
+	<a name="v302"></a><h3>1.ix. Changes since 3.0.2</h3>
 
 	<ul>
 		<li>[Fix] Correctly set topic starter if first post in topic removed (Bug #30575 - Patch by blueray2048)</li>
@@ -1099,7 +1605,7 @@
 		<li>[Sec Precaution] Stricter validation of the HTTP_HOST header (Thanks to Techie-Micheal et al for pointing out possible issues in derived code)</li>
 	</ul>
 
-	<a name="v301"></a><h3>1.viii. Changes since 3.0.1</h3>
+	<a name="v301"></a><h3>1.x. Changes since 3.0.1</h3>
 
 	<ul>
 		<li>[Fix] Ability to set permissions on non-mysql dbms (Bug #24955)</li>
@@ -1147,7 +1653,7 @@
 		<li>[Sec] Only allow urls gone through redirect() being used within login_box(). (thanks nookieman)</li>
 	</ul>
 
-	<a name="v300"></a><h3>1.ix Changes since 3.0.0</h3>
+	<a name="v300"></a><h3>1.xi Changes since 3.0.0</h3>
 
 	<ul>
 		<li>[Change] Validate birthdays (Bug #15004)</li>
@@ -1218,7 +1724,7 @@
 		<li>[Fix] Find and display colliding usernames correctly when converting from one database to another (Bug #23925)</li>
 	</ul>
 
-	<a name="v30rc8"></a><h3>1.x. Changes since 3.0.RC8</h3>
+	<a name="v30rc8"></a><h3>1.xii. Changes since 3.0.RC8</h3>
 
 	<ul>
 		<li>[Fix] Cleaned usernames contain only single spaces, so &quot;a_name&quot; and &quot;a__name&quot; are treated as the same name (Bug #15634)</li>
@@ -1227,7 +1733,7 @@
 		<li>[Fix] Call garbage_collection() within database updater to correctly close connections (affects Oracle for example)</li>
 	</ul>
 
-	<a name="v30rc7"></a><h3>1.xi. Changes since 3.0.RC7</h3>
+	<a name="v30rc7"></a><h3>1.xiii. Changes since 3.0.RC7</h3>
 
 	<ul>
 		<li>[Fix] Fixed MSSQL related bug in the update system</li>
@@ -1262,7 +1768,7 @@
 		<li>[Fix] No duplication of active topics (Bug #15474)</li>
 	</ul>
 
-	<a name="v30rc6"></a><h3>1.xii. Changes since 3.0.RC6</h3>
+	<a name="v30rc6"></a><h3>1.xiv. Changes since 3.0.RC6</h3>
 
 	<ul>
 		<li>[Fix] Submitting language changes using acp_language (Bug #14736)</li>
@@ -1272,7 +1778,7 @@
 		<li>[Fix] Able to request new password (Bug #14743)</li>
 	</ul>
 
-	<a name="v30rc5"></a><h3>1.xiii. Changes since 3.0.RC5</h3>
+	<a name="v30rc5"></a><h3>1.xv. Changes since 3.0.RC5</h3>
 
 	<ul>
 		<li>[Feature] Removing constant PHPBB_EMBEDDED in favor of using an exit_handler(); the constant was meant to achive this more or less.</li>
@@ -1335,7 +1841,7 @@
 		<li>[Sec] New password hashing mechanism for storing passwords (#i42)</li>
 	</ul>
 
-	<a name="v30rc4"></a><h3>1.xiv. Changes since 3.0.RC4</h3>
+	<a name="v30rc4"></a><h3>1.xvi. Changes since 3.0.RC4</h3>
 
 	<ul>
 		<li>[Fix] MySQL, PostgreSQL and SQLite related database fixes (Bug #13862)</li>
@@ -1386,7 +1892,7 @@
 		<li>[Fix] odbc_autocommit causing existing result sets to be dropped (Bug #14182)</li>
 	</ul>
 
-	<a name="v30rc3"></a><h3>1.xv. Changes since 3.0.RC3</h3>
+	<a name="v30rc3"></a><h3>1.xvii. Changes since 3.0.RC3</h3>
 
 	<ul>
 		<li>[Fix] Fixing some subsilver2 and prosilver style issues</li>
@@ -1495,7 +2001,7 @@
 
 	</ul>
 
-	<a name="v30rc2"></a><h3>1.xvi. Changes since 3.0.RC2</h3>
+	<a name="v30rc2"></a><h3>1.xviii. Changes since 3.0.RC2</h3>
 
 	<ul>
 		<li>[Fix] Re-allow searching within the memberlist</li>
@@ -1541,7 +2047,7 @@
 
 	</ul>
 
-	<a name="v30rc1"></a><h3>1.xvii. Changes since 3.0.RC1</h3>
+	<a name="v30rc1"></a><h3>1.xix. Changes since 3.0.RC1</h3>
 
 	<ul>
 		<li>[Fix] (X)HTML issues within the templates (Bug #11255, #11255)</li>
@@ -1676,7 +2182,7 @@
 
 		<div class="content">
 
-	<p>This application is opensource software released under the <a href="http://opensource.org/licenses/gpl-license.php">GPL</a>. Please see source code and the docs directory for more details. This package and its contents are Copyright (c) 2000, 2002, 2005, 2007 <a href="http://www.phpbb.com/">phpBB Group</a>, All Rights Reserved.</p>
+	<p>This application is opensource software released under the <a href="http://opensource.org/licenses/gpl-license.php">GPL</a>. Please see source code and the docs directory for more details. This package and its contents are Copyright (c) <a href="http://www.phpbb.com/">phpBB Group</a>, All Rights Reserved.</p>
 
 		</div>
 

phpBB/docs/FAQ.html

@@ -8,7 +8,7 @@
 <meta http-equiv="imagetoolbar" content="no" />
 <meta name="resource-type" content="document" />
 <meta name="distribution" content="global" />
-<meta name="copyright" content="2007 phpBB Group" />
+<meta name="copyright" content="phpBB Group" />
 <meta name="keywords" content="" />
 <meta name="description" content="phpBB 3.0.x frequently asked questions" />
 <title>phpBB3 &bull; FAQ</title>
@@ -328,7 +328,7 @@ I want to sue you because i think you host an illegal board!</h2>
 
 		<div class="content">
 
-	<p>This application is opensource software released under the <a href="http://opensource.org/licenses/gpl-license.php">GPL</a>. Please see source code and the docs directory for more details. This package and its contents are Copyright (c) 2000, 2002, 2005, 2007 <a href="http://www.phpbb.com/">phpBB Group</a>, All Rights Reserved.</p>
+	<p>This application is opensource software released under the <a href="http://opensource.org/licenses/gpl-license.php">GPL</a>. Please see source code and the docs directory for more details. This package and its contents are Copyright (c) <a href="http://www.phpbb.com/">phpBB Group</a>, All Rights Reserved.</p>
 
 		</div>
 

phpBB/docs/INSTALL.html

@@ -8,7 +8,7 @@
 <meta http-equiv="imagetoolbar" content="no" />
 <meta name="resource-type" content="document" />
 <meta name="distribution" content="global" />
-<meta name="copyright" content="2007 phpBB Group" />
+<meta name="copyright" content="phpBB Group" />
 <meta name="keywords" content="" />
 <meta name="description" content="phpBB 3.0.x Installation, updating and conversion informations" />
 <title>phpBB3 &bull; Install</title>
@@ -79,6 +79,7 @@
 	<li><a href="#postinstall">Important (security related) post-Install tasks for all installation methods</a>
 	<ol style="list-style-type: lower-roman;">
 		<li><a href="#avatars">Uploadable avatars</a></li>
+		<li><a href="#webserver_configuration">Webserver configuration</a></li>
 	</ol>
 	</li>
 	<li><a href="#disclaimer">Disclaimer</a></li>
@@ -273,7 +274,7 @@
 
 	<p>This package is meant for those wanting to only replace changed files from a previous version to the latest version. This package normally contains the changed files from up to five previous versions.</p>
 
-	<p>This package contains a number of archives, each contains the files changed from a given release to the latest version. You should select the appropriate archive for your current version, e.g. if you currently have <samp>3.0.7-PL1</samp> you should select the phpBB-3.0.7-PL1_to_3.0.8.zip/tar.gz file.</p>
+	<p>This package contains a number of archives, each contains the files changed from a given release to the latest version. You should select the appropriate archive for your current version, e.g. if you currently have <samp>3.0.9</samp> you should select the phpBB-3.0.9_to_3.0.10.zip/tar.gz file.</p>
 
 	<p>The directory structure has been preserved enabling you (if you wish) to simply upload the contents of the archive to the appropriate location on your server, i.e. simply overwrite the existing files with the new versions. Do not forget that if you have installed any MODs these files will overwrite the originals possibly destroying them in the process. You will need to re-add MODs to any affected file before uploading.</p>
 
@@ -285,7 +286,7 @@
 
 	<p>The patch file is one solution for those with many Modifications (MODs) or other changes who do not want to re-add them back to all the changed files if they use the method explained above. To use this you will need command line access to a standard UNIX type <strong>patch</strong> application. If you do not have access to such an application but still want to use this update approach, we strongly recommend the <a href="#update_auto">Automatic update package</a> explained below. It is also the recommended update method.</p>
 
-	<p>A number of patch files are provided to allow you to update from previous stable releases. Select the correct patch, e.g. if your current version is 3.0.5 you need the phpBB-3.0.7-PL1_to_3.0.8.patch file. Place the correct patch in the parent directory containing the phpBB3 core files (i.e. index.php, viewforum.php, etc.). With this done you should run the following command: <strong>patch -cl -d [PHPBB DIRECTORY] -p1 &lt; [PATCH NAME]</strong> (where PHPBB DIRECTORY is the directory name your phpBB Installation resides in, for example phpBB3, and where PATCH NAME is the relevant filename of the selected patch file). This should complete quickly, hopefully without any HUNK FAILED comments.</p>
+	<p>A number of patch files are provided to allow you to update from previous stable releases. Select the correct patch, e.g. if your current version is <samp>3.0.9</samp> you need the phpBB-3.0.9_to_3.0.10.patch file. Place the correct patch in the parent directory containing the phpBB3 core files (i.e. index.php, viewforum.php, etc.). With this done you should run the following command: <strong>patch -cl -d [PHPBB DIRECTORY] -p1 &lt; [PATCH NAME]</strong> (where PHPBB DIRECTORY is the directory name your phpBB Installation resides in, for example phpBB3, and where PATCH NAME is the relevant filename of the selected patch file). This should complete quickly, hopefully without any HUNK FAILED comments.</p>
 
 	<p>If you do get failures you should look at using the <a href="#update_files">Changed files only</a> package to replace the files which failed to patch, please note that you will need to manually re-add any Modifications (MODs) to these particular files. Alternatively if you know how you can examine the .rej files to determine what failed where and make manual adjustments to the relevant source.</p>
 
@@ -408,6 +409,12 @@
 
 	<p>Please be aware that setting a directories permissions to global write access is a potential security issue. While it is unlikely that anything nasty will occur (such as all the avatars being deleted) there are always people out there to cause trouble. Therefore you should monitor this directory and if possible make regular backups.</p>
 
+<a name="webserver_configuration"></a><h3>6.ii. Webserver configuration</h3>
+
+	<p>Depending on your web server you may have to configure your server to deny web access to the <code>cache/</code>, <code>files/</code>, <code>store/</code> and other directories. This is to prevent users from accessing sensitive files.</p>
+
+	<p>For <strong>apache</strong> there are <code>.htaccess</code> files already in place to do this for you. For other webservers you will have to adjust the configuration yourself. Sample files for <strong>nginx</strong> and <strong>lighttpd</strong> to help you get started may be found in docs directory.</p>
+
 		</div>
 
 		<div class="back2top"><a href="#wrap" class="top">Back to Top</a></div>
@@ -424,7 +431,7 @@
 
 		<div class="content">
 
-	<p>This application is opensource software released under the <a href="http://opensource.org/licenses/gpl-license.php">GPL</a>. Please see source code and the docs directory for more details. This package and its contents are Copyright (c) 2000, 2002, 2005, 2007 <a href="http://www.phpbb.com/">phpBB Group</a>, All Rights Reserved.</p>
+	<p>This application is opensource software released under the <a href="http://opensource.org/licenses/gpl-license.php">GPL</a>. Please see source code and the docs directory for more details. This package and its contents are Copyright (c) <a href="http://www.phpbb.com/">phpBB Group</a>, All Rights Reserved.</p>
 
 		</div>
 

phpBB/docs/README.html

@@ -8,7 +8,7 @@
 <meta http-equiv="imagetoolbar" content="no" />
 <meta name="resource-type" content="document" />
 <meta name="distribution" content="global" />
-<meta name="copyright" content="2007 phpBB Group" />
+<meta name="copyright" content="phpBB Group" />
 <meta name="keywords" content="" />
 <meta name="description" content="phpBB 3.0.x Readme" />
 <title>phpBB3 &bull; Readme</title>
@@ -263,7 +263,7 @@
 
 	<p>The relevant database type/version is listed within the administration control panel</p>
 
-	<p>Please also be as detailed as you can in your report, if possible list the steps required to duplicate the problem. If you have a fix which you are <strong>VERY SURE</strong> works (and is consistent with our <a href="coding-guidelines.html">coding guidelines</a>) and does not introduce further problems or incompatibilities please let us know. However only include it in the bug report if you really must, if we need it we'll ask you for it.</p>
+	<p>Please also be as detailed as you can in your report, if possible list the steps required to duplicate the problem. If you have a patch that fixes the issue, please attach it to the ticket or submit a pull request <a href="https://github.com/phpbb/phpbb3">on GitHub</a>.</p>
 
 	<p>Once a bug has been submitted you will be emailed any follow up comments added to it. <strong>Please</strong> if you are requested to supply additional information, do so! It is frustrating for us to receive bug reports, ask for additional information but get nothing. In these cases we have a policy of closing the bug, which may leave a very real problem in place. Obviously we would rather not have this situation arise.</p>
 
@@ -339,7 +339,7 @@
 
 		<div class="content">
 
-	<p>This application is opensource software released under the <a href="http://opensource.org/licenses/gpl-license.php">GPL</a>. Please see source code and the docs directory for more details. This package and its contents are Copyright (c) 2000, 2002, 2005, 2007 <a href="http://www.phpbb.com/">phpBB Group</a>, All Rights Reserved.</p>
+	<p>This application is opensource software released under the <a href="http://opensource.org/licenses/gpl-license.php">GPL</a>. Please see source code and the docs directory for more details. This package and its contents are Copyright (c) <a href="http://www.phpbb.com/">phpBB Group</a>, All Rights Reserved.</p>
 
 		</div>
 

phpBB/docs/auth_api.html

@@ -8,7 +8,7 @@
 <meta http-equiv="imagetoolbar" content="no" />
 <meta name="resource-type" content="document" />
 <meta name="distribution" content="global" />
-<meta name="copyright" content="2007 phpBB Group" />
+<meta name="copyright" content="phpBB Group" />
 <meta name="keywords" content="" />
 <meta name="description" content="This is an explanation of how to use the phpBB auth/acl API" />
 <title>phpBB3 &bull; Auth API</title>
@@ -275,7 +275,7 @@ $auth_admin = new auth_admin();
 
 		<div class="content">
 
-	<p>This application is opensource software released under the <a href="http://opensource.org/licenses/gpl-license.php">GPL</a>. Please see source code and the docs directory for more details. This package and its contents are Copyright (c) 2000, 2002, 2005, 2007 <a href="http://www.phpbb.com/">phpBB Group</a>, All Rights Reserved.</p>
+	<p>This application is opensource software released under the <a href="http://opensource.org/licenses/gpl-license.php">GPL</a>. Please see source code and the docs directory for more details. This package and its contents are Copyright (c) <a href="http://www.phpbb.com/">phpBB Group</a>, All Rights Reserved.</p>
 
 		</div>
 

phpBB/docs/coding-guidelines.html

@@ -8,7 +8,7 @@
 <meta http-equiv="imagetoolbar" content="no" />
 <meta name="resource-type" content="document" />
 <meta name="distribution" content="global" />
-<meta name="copyright" content="2007 phpBB Group" />
+<meta name="copyright" content="phpBB Group" />
 <meta name="keywords" content="" />
 <meta name="description" content="Olympus coding guidelines document" />
 <title>phpBB3 &bull; Coding Guidelines</title>
@@ -87,12 +87,6 @@
 		<li><a href="#writingstyle">Writing Style</a></li>
 	</ol>
 	</li>
-	<li><a href="#vcs">VCS Guidelines</a>
-	<ol style="list-style-type: lower-roman;">
-		<li><a href="#repostruct">Repository structure</a></li>
-		<li><a href="#commitmessage">Commit Messages and Repository Rules</a></li>
-	</ol>
-	</li>
 	<li><a href="#disclaimer">Copyright and disclaimer</a></li>
 </ol>
 
@@ -240,6 +234,11 @@ PHPBB_ACM_MEMCACHE_PORT     (overwrite memcached port, default is 11211)
 PHPBB_ACM_MEMCACHE_COMPRESS (overwrite memcached compress setting, default is disabled)
 PHPBB_ACM_MEMCACHE_HOST     (overwrite memcached host name, default is localhost)
 
+PHPBB_ACM_REDIS_HOST        (overwrite redis host name, default is localhost)
+PHPBB_ACM_REDIS_PORT        (overwrite redis port, default is 6379)
+PHPBB_ACM_REDIS_PASSWORD    (overwrite redis password, default is empty)
+PHPBB_ACM_REDIS_DB          (overwrite redis default database)
+
 PHPBB_QA                   (Set board to QA-Mode, which means the updater also checks for RC-releases)
 </pre></div>
 
@@ -463,12 +462,12 @@ do_stuff($str);
 $post_url = $phpbb_root_path . 'posting.' . $phpEx . '?mode=' . $mode . '&amp;amp;start=' . $start;
 	</pre></div>
 
-	<p class="good">// Double quotes are sometimes needed to not overcroud the line with concentinations</p>
+	<p class="good">// Double quotes are sometimes needed to not overcrowd the line with concatenations.</p>
 	<div class="codebox"><pre>
 $post_url = "{$phpbb_root_path}posting.$phpEx?mode=$mode&amp;amp;start=$start";
 	</pre></div>
 
-	<p>In SQL Statements mixing single and double quotes is partly allowed (following the guidelines listed here about SQL Formatting), else it should be tryed to only use one method - mostly single quotes.</p>
+	<p>In SQL statements mixing single and double quotes is partly allowed (following the guidelines listed here about SQL formatting), else one should try to only use one method - mostly single quotes.</p>
 
 	<h4>Associative array keys:</h4>
 	<p>In PHP, it's legal to use a literal string as a key to an associative array without quoting that string. We don't want to do this -- the string should always be quoted to avoid confusion. Note that this is only when we're using a literal, not when we're using a variable, examples:</p>
@@ -497,7 +496,7 @@ $foo = $assoc_array[$var];
 	<p>Each complex function should be preceded by a comment that tells a programmer everything they need to know to use that function. The meaning of every parameter, the expected input, and the output are required as a minimal comment. The function's behaviour in error conditions (and what those error conditions are) should also be present - but mostly included within the comment about the output.<br /><br />Especially important to document are any assumptions the code makes, or preconditions for its proper operation. Any one of the developers should be able to look at any part of the application and figure out what's going on in a reasonable amount of time.<br /><br />Avoid using <code>/* */</code> comment blocks for one-line comments, <code>//</code> should be used for one/two-liners.</p>
 
 	<h4>Magic numbers:</h4>
-	<p>Don't use them. Use named constants for any literal value other than obvious special cases. Basically, it's ok to check if an array has 0 elements by using the literal 0. It's not ok to assign some special meaning to a number and then use it everywhere as a literal. This hurts readability AND maintainability. The constants <code>true</code> and <code>false</code> should be used in place of the literals 1 and 0 -- even though they have the same values (but not type!), it's more obvious what the actual logic is when you use the named constants. Typecast variables where it is needed, do not rely on the correct variable type (PHP is currently very loose on typecasting which can lead to security problems if a developer does not have a very close eye to it).</p>
+	<p>Don't use them. Use named constants for any literal value other than obvious special cases. Basically, it's ok to check if an array has 0 elements by using the literal 0. It's not ok to assign some special meaning to a number and then use it everywhere as a literal. This hurts readability AND maintainability. The constants <code>true</code> and <code>false</code> should be used in place of the literals 1 and 0 -- even though they have the same values (but not type!), it's more obvious what the actual logic is when you use the named constants. Typecast variables where it is needed, do not rely on the correct variable type (PHP is currently very loose on typecasting which can lead to security problems if a developer does not keep a very close eye on it).</p>
 
 	<h4>Shortcut operators:</h4>
 	<p>The only shortcut operators that cause readability problems are the shortcut increment <code>$i++</code> and decrement <code>$j--</code> operators. These operators should not be used as part of an expression. They can, however, be used on their own line. Using them in expressions is just not worth the headaches when debugging, examples:</p>
@@ -666,7 +665,7 @@ $sql = 'SELECT *
 	</pre></div>
 
 	<h4>SQL Quotes: </h4>
-	<p>Double quotes where applicable (The variables in these examples are typecasted to integers before) ... examples: </p>
+	<p>Use double quotes where applicable. (The variables in these examples are typecasted to integers beforehand.) Examples: </p>
 
 	<p class="bad">// These are wrong.</p>
 	<div class="codebox"><pre>
@@ -827,7 +826,7 @@ SELECT FROM phpbb_forums WHERE forum_id <strong>&lt;&gt;</strong> 1
 
 	<h4>sql_build_query():</h4>
 
-	<p>The <code>$db-&gt;sql_build_query()</code> function is responsible for building sql statements for select and select distinct queries if you need to JOIN on more than one table or retrieving data from more than one table while doing a JOIN. This needs to be used to make sure the resulting statement is working on all supported db's. Instead of explaining every possible combination, i will give a short example:</p>
+	<p>The <code>$db-&gt;sql_build_query()</code> function is responsible for building sql statements for SELECT and SELECT DISTINCT queries if you need to JOIN on more than one table or retrieve data from more than one table while doing a JOIN. This needs to be used to make sure the resulting statement is working on all supported db's. Instead of explaining every possible combination, I will give a short example:</p>
 
 	<div class="codebox"><pre>
 $sql_array = array(
@@ -912,7 +911,7 @@ for ($i = 0, $size = sizeof($post_data); $i &lt; $size; $i++)
 	</pre></div>
 
 	<h4>Use of in_array(): </h4>
-	<p>Try to avoid using in_array() on huge arrays, and try to not place them into loops if the array to check consist of more than 20 entries. in_array() can be very time consuming and uses a lot of cpu processing time. For little checks it is not noticable, but if checked against a huge array within a loop those checks alone can be a bunch of seconds. If you need this functionality, try using isset() on the arrays keys instead, actually shifting the values into keys and vice versa. A call to <code>isset($array[$var])</code> is a lot faster than <code>in_array($var, array_keys($array))</code> for example.</p>
+	<p>Try to avoid using in_array() on huge arrays, and try to not place them into loops if the array to check consist of more than 20 entries. in_array() can be very time consuming and uses a lot of cpu processing time. For little checks it is not noticeable, but if checked against a huge array within a loop those checks alone can take several seconds. If you need this functionality, try using isset() on the arrays keys instead, actually shifting the values into keys and vice versa. A call to <code>isset($array[$var])</code> is a lot faster than <code>in_array($var, array_keys($array))</code> for example.</p>
 
 
 	<a name="general"></a><h3>2.v. General Guidelines</h3>
@@ -925,7 +924,7 @@ for ($i = 0, $size = sizeof($post_data); $i &lt; $size; $i++)
 	<p>No attempt should be made to remove any copyright information (either contained within the source or displayed interactively when the source is run/compiled), neither should the copyright information be altered in any way (it may be added to).</p>
 
 	<h4>Variables: </h4>
-	<p>Make use of the <code>request_var()</code> function for anything except for submit or single checking params. </p>
+	<p>Make use of the <code>request_var()</code> function for anything except for submit or single checking params.</p>
 	<p>The request_var function determines the type to set from the second parameter (which determines the default value too). If you need to get a scalar variable type, you need to tell this the request_var function explicitly. Examples:</p>
 
 	<p class="bad">// Old method, do not use it</p>
@@ -992,7 +991,7 @@ $user-&gt;setup();
 	<p>The <code>$user-&gt;setup()</code> call can be used to pass on additional language definition and a custom style (used in viewforum).</p>
 
 	<h4>Errors and messages: </h4>
-	<p>All messages/errors should be outputed by calling <code>trigger_error()</code> using the appropriate message type and language string. Example:</p>
+	<p>All messages/errors should be outputted by calling <code>trigger_error()</code> using the appropriate message type and language string. Example:</p>
 
 	<div class="codebox"><pre>
 trigger_error('NO_FORUM');
@@ -1010,7 +1009,7 @@ trigger_error('NO_MODE', E_USER_ERROR);
 
 	<p>All urls pointing to internal files need to be prepended by the <code>$phpbb_root_path</code> variable. Within the administration control panel all urls pointing to internal files need to be prepended by the <code>$phpbb_admin_path</code> variable. This makes sure the path is always correct and users being able to just rename the admin folder and the acp still working as intended (though some links will fail and the code need to be slightly adjusted).</p>
 
-	<p>The <code>append_sid()</code> function from 2.0.x is available too, though does not handle url alterations automatically. Please have a look at the code documentation if you want to get more details on how to use append_sid(). A sample call to append_sid() can look like this:</p>
+	<p>The <code>append_sid()</code> function from 2.0.x is available too, though it does not handle url alterations automatically. Please have a look at the code documentation if you want to get more details on how to use append_sid(). A sample call to append_sid() can look like this:</p>
 
 	<div class="codebox"><pre>
 append_sid(&quot;{$phpbb_root_path}memberlist.$phpEx&quot;, 'mode=group&amp;amp;g=' . $row['group_id'])
@@ -1018,7 +1017,7 @@ append_sid(&quot;{$phpbb_root_path}memberlist.$phpEx&quot;, 'mode=group&amp;amp;
 
 	<h4>General function usage: </h4>
 
-	<p>Some of these functions are only chosen over others because of personal preference and having no other benefit than to be consistant over the code.</p>
+	<p>Some of these functions are only chosen over others because of personal preference and have no benefit other than maintaining consistency throughout the code.</p>
 
 	<ul>
 		<li>
@@ -1068,7 +1067,7 @@ append_sid(&quot;{$phpbb_root_path}memberlist.$phpEx&quot;, 'mode=group&amp;amp;
         required_imageset = prosilver
 	</pre></div>
 	<a name="genstyling"></a><h3>3.2. General Styling Rules</h3>
-<p>Templates should be produced in a consistent manner. Where appropriate they should be based off an existing copy, e.g. index, viewforum or viewtopic (the combination of which implement a range of conditional and variable forms). Please also note that the intendation and coding guidelines also apply to templates where possible.</p>
+<p>Templates should be produced in a consistent manner. Where appropriate they should be based off an existing copy, e.g. index, viewforum or viewtopic (the combination of which implement a range of conditional and variable forms). Please also note that the indentation and coding guidelines also apply to templates where possible.</p>
 
 <p>The outer table class <code>forumline</code> has gone and is replaced with <code>tablebg</code>.</p>
 <p>When writing <code>&lt;table&gt;</code> the order <code>&lt;table class="" cellspacing="" cellpadding="" border="" align=""&gt;</code> creates consistency and allows everyone to easily see which table produces which "look". The same applies to most other tags for which additional parameters can be set, consistency is the major aim here.</p>
@@ -1088,7 +1087,7 @@ append_sid(&quot;{$phpbb_root_path}memberlist.$phpEx&quot;, 'mode=group&amp;amp;
 
 <p>Row colours/classes are now defined by the template, use an <code>IF S_ROW_COUNT</code> switch, see viewtopic or viewforum for an example.</p>
 
-<p>Remember block level ordering is important ... while not all pages validate as XHTML 1.0 Strict compliant it is something we're trying to work too.</p>
+<p>Remember block level ordering is important ... while not all pages validate as XHTML 1.0 Strict compliant it is something we're trying to work on.</p>
 
 <p>Use a standard cellpadding of 2 and cellspacing of 0 on outer tables. Inner tables can vary from 0 to 3 or even 4 depending on the need.</p>
 
@@ -1137,12 +1136,12 @@ append_sid(&quot;{$phpbb_root_path}memberlist.$phpEx&quot;, 'mode=group&amp;amp;
 	<a name="templates"></a><h3>4.i. General Templating</h3>
 
 <h4>File naming</h4>
-<p>Firstly templates now take the suffix &quot;.html&quot; rather than &quot;.tpl&quot;. This was done simply to make the lifes of some people easier wrt syntax highlighting, etc.</p>
+<p>Firstly templates now take the suffix &quot;.html&quot; rather than &quot;.tpl&quot;. This was done simply to make the lives of some people easier wrt syntax highlighting, etc.</p>
 
 <h4>Variables</h4>
 <p>All template variables should be named appropriately (using underscores for spaces), language entries should be prefixed with L_, system data with S_, urls with U_, javascript urls with UA_, language to be put in javascript statements with LA_, all other variables should be presented 'as is'.</p>
 
-<p>L_* template variables are automatically tried to be mapped to the corresponding language entry if the code does not set (and therefore overwrite) this variable specifically. For example <code>{L_USERNAME}</code> maps to <code>$user-&gt;lang['USERNAME']</code>. The LA_* template variables are handled within the same way, but properly escaped to be put in javascript code. This should reduce the need to assign loads of new lang vars in Modifications.
+<p>L_* template variables are automatically mapped to the corresponding language entry if the code does not set (and therefore overwrite) this variable specifically and if the language entry exists. For example <code>{L_USERNAME}</code> maps to <code>$user-&gt;lang['USERNAME']</code>. The LA_* template variables are handled within the same way, but properly escaped so they can be put in javascript code. This should reduce the need to assign loads of new language variables in MODifications.
 </p>
 
 <h4>Blocks/Loops</h4>
@@ -1425,9 +1424,9 @@ div
 <span class="comment">&lt;!-- END l_block1 --&gt;</span>
 </pre></div>
 
-<p>Here we open the loop l_block1 and doing some things if the value S_SELECTED within the current loop iteration is true, else we write the blocks link and title. Here, you see <code>{l_block1.L_TITLE}</code> referenced - you remember that L_* variables get automatically assigned the corresponding language entry? This is true, but not within loops. The L_TITLE variable within the loop l_block1 is assigned within the code itself.</p>
+<p>Here we open the loop l_block1 and do some things if the value S_SELECTED within the current loop iteration is true, else we write the blocks link and title. Here, you see <code>{l_block1.L_TITLE}</code> referenced - you remember that L_* variables get automatically assigned the corresponding language entry? This is true, but not within loops. The L_TITLE variable within the loop l_block1 is assigned within the code itself.</p>
 
-<p>Let's have a closer look to the markup:</p>
+<p>Let's have a closer look at the markup:</p>
 
 <div class="codebox"><pre>
 <span class="comment">&lt;!-- BEGIN l_block1 --&gt;</span>
@@ -1521,7 +1520,7 @@ div
 &lt;/ul&gt; <span class="comment">&lt;!-- written on third iteration --&gt;</span>
 </pre></div>
 
-<p>Just always remember that processing is taking place from up to down.</p>
+<p>Just always remember that processing is taking place from top to bottom.</p>
 
 	<h4>Forms</h4>
 		<p>If a form is used for a non-trivial operation (i.e. more than a jumpbox), then it should include the <code>{S_FORM_TOKEN}</code> template variable.</p>
@@ -1537,11 +1536,9 @@ div
 		</pre></div><br />
 
 	<a name="inheritance"></a><h3>4.ii. Template Inheritance</h3>
-		<p>When basing a new template on an existing one, it is not necessary to provide all template files. By declaring the template  to be &quot;<strong>inheriting</strong>&quot; in the template configuration file.</p>
+		<p>When basing a new style on an existing one, it is not necessary to provide all the template files. By declaring the base style name in the <strong>inherit_from</strong> field in the template configuration file, the style can be set to inherit template files from the base style. The limitation on this is that the base style has to be installed and complete, meaning that it is not itself inheriting.</p>
 
-		<p>The limitation on this is that the base style has to be installed and complete, meaning that it is not itself inheriting.</p>
-
-		<p>The effect of doing so is that the template engine will use the files in the new template where they exist, but fall back to files in the base template otherwise. Declaring a style to be inheriting also causes it to use some of the configuration settings of the base style, notably database storage.</p>
+		<p>The effect of doing so is that the template engine will use the template files in the new style where they exist, but fall back to files in the base style otherwise. Declaring a style to inherit from another also causes it to use some of the configuration settings of the base style, notably database storage.</p>
 
 		<p>We strongly encourage the use of inheritance for styles based on the bundled styles, as it will ease the update procedure.</p>
 
@@ -1668,7 +1665,7 @@ if (utf8_case_fold_nfc($string1) == utf8_case_fold_nfc($string2))
 
 	<h4>Encoding:</h4>
 
-	<p>With phpBB3, the output encoding for the forum in now UTF-8, a Universal Character Encoding by the Unicode Consortium that is by design a superset to US-ASCII and ISO-8859-1. By using one character set which simultaenously supports all scripts which previously would have required different encodings (eg: ISO-8859-1 to ISO-8859-15 (Latin, Greek, Cyrillic, Thai, Hebrew, Arabic); GB2312 (Simplified Chinese); Big5 (Traditional Chinese), EUC-JP (Japanese), EUC-KR (Korean), VISCII (Vietnamese); et cetera), this removes the need to convert between encodings and improves the accessibility of multilingual forums.</p>
+	<p>With phpBB3, the output encoding for the forum in now UTF-8, a Universal Character Encoding by the Unicode Consortium that is by design a superset to US-ASCII and ISO-8859-1. By using one character set which simultaenously supports all scripts which previously would have required different encodings (eg: ISO-8859-1 to ISO-8859-15 (Latin, Greek, Cyrillic, Thai, Hebrew, Arabic); GB2312 (Simplified Chinese); Big5 (Traditional Chinese), EUC-JP (Japanese), EUC-KR (Korean), VISCII (Vietnamese); et cetera), we remove the need to convert between encodings and improves the accessibility of multilingual forums.</p>
 
 	<p>The impact is that the language files for phpBB must now also be encoded as UTF-8, with a caveat that the files must <strong>not contain</strong> a <acronym title="Byte-Order-Mark">BOM</acronym> for compatibility reasons with non-Unicode aware versions of PHP. For those with forums using the Latin character set (ie: most European languages), this change is transparent since UTF-8 is superset to US-ASCII and ISO-8859-1.</p>
 
@@ -2318,58 +2315,14 @@ if (utf8_case_fold_nfc($string1) == utf8_case_fold_nfc($string2))
 
 	<hr />
 
-<a name="vcs"></a><h2>7. VCS Guidelines</h2>
+<a name="disclaimer"></a><h2>8. Copyright and disclaimer</h2>
 
 	<div class="paragraph">
 		<div class="inner"><span class="corners-top"><span></span></span>
 
 		<div class="content">
 
-	<p>The version control system for phpBB3 is git. The repository is available at <a href="http://github.com/phpbb/phpbb3" title="repository">http://github.com/phpbb/phpbb3</a>.</p>
-
-	<a name="repostruct"></a><h3>7.i. Repository Structure</h3>
-
-	<ul>
-		<li><strong>develop</strong><br />The latest unstable development version with new features etc.</li>
-		<li><strong>develop-*</strong><br />Development branches of stable phpBB releases. Branched off of <code>develop</code> at the time of feature freeze.
-			<ul>
-				<li><strong>phpBB3.0</strong><code>develop-olympus</code><br />Development branch of the stable 3.0 line. Bug fixes are applied here.</li>
-				<li><strong>phpBB3.1</strong><code>develop-ascraeus</code><br />Development branch of the stable 3.1 line. Bug fixes are applied here.</li>
-			</ul>
-		</li>
-		<li><strong>master</strong><br />A branch containing all stable phpBB3 release points</li>
-		<li><strong>tags</strong><br />Released versions. Stable ones get merged into the master branch.
-			<ul>
-				<li><code>release-3.Y-BX</code><br />Beta release X of the 3.Y line.</li>
-				<li><code>release-3.Y-RCX</code><br />Release candidate X of the 3.Y line.</li>
-				<li><code>release-3.Y.Z-RCX</code><br />Release candidate X of the stable 3.Y.Z release.</li>
-				<li><code>release-3.0.X</code><br />Stable <strong>3.0.X</strong> release.</li>
-				<li><code>release-2.0.X</code><br />Old stable 2.0.X release.</li>
-			</ul>
-		</li>
-	</ul>
-
-	<a name="commitmessage"></a><h3>7.ii. Commit Messages and Repository Rules</h3>
-
-	<p>Information on repository rules, such as commit messages can be found at <a href="http://wiki.phpbb.com/display/DEV/Git" title="phpBB Git Information">http://wiki.phpbb.com/display/DEV/Git</a>.</p>
-
-		</div>
-
-		<div class="back2top"><a href="#wrap" class="top">Back to Top</a></div>
-
-		<span class="corners-bottom"><span></span></span></div>
-	</div>
-
-	<hr />
-
-<a name="disclaimer"></a><h2>9. Copyright and disclaimer</h2>
-
-	<div class="paragraph">
-		<div class="inner"><span class="corners-top"><span></span></span>
-
-		<div class="content">
-
-	<p>This application is opensource software released under the <a href="http://opensource.org/licenses/gpl-license.php">GPL</a>. Please see source code and the docs directory for more details. This package and its contents are Copyright (c) 2000, 2002, 2005, 2007 <a href="http://www.phpbb.com/">phpBB Group</a>, All Rights Reserved.</p>
+	<p>This application is opensource software released under the <a href="http://opensource.org/licenses/gpl-license.php">GPL</a>. Please see source code and the docs directory for more details. This package and its contents are Copyright (c) <a href="http://www.phpbb.com/">phpBB Group</a>, All Rights Reserved.</p>
 
 		</div>
 

phpBB/docs/hook_system.html

@@ -8,7 +8,7 @@
 <meta http-equiv="imagetoolbar" content="no" />
 <meta name="resource-type" content="document" />
 <meta name="distribution" content="global" />
-<meta name="copyright" content="2007 phpBB Group" />
+<meta name="copyright" content="phpBB Group" />
 <meta name="keywords" content="" />
 <meta name="description" content="Hook System explanation" />
 <title>phpBB3 &bull; Hook System</title>
@@ -380,6 +380,8 @@ a:active	{ color: #368AD2; }
 <code>$template-&gt;display($handle, $include_once = true);</code> which is called directly before outputting the (not-yet-compiled) template.<br />
 <code>exit_handler();</code> which is called at the very end of phpBB3's execution.</p>
 
+<p>Please note: The <code>$template-&gt;display</code> hook takes a third <code>$template</code> argument, which is the template instance being used, which should be used instead of the global.</p>
+
 <p>There are also valid external constants you may want to use if you embed phpBB3 into your application:</p>
 
 <div class="codebox"><pre>
@@ -865,7 +867,7 @@ function phpbb_hook_register(&amp;$hook)
 
 		<div class="content">
 
-	<p>This application is opensource software released under the <a href="http://opensource.org/licenses/gpl-license.php">GPL</a>. Please see source code and the docs directory for more details. This package and its contents are Copyright (c) 2000, 2002, 2005, 2007 <a href="http://www.phpbb.com/">phpBB Group</a>, All Rights Reserved.</p>
+	<p>This application is opensource software released under the <a href="http://opensource.org/licenses/gpl-license.php">GPL</a>. Please see source code and the docs directory for more details. This package and its contents are Copyright (c) <a href="http://www.phpbb.com/">phpBB Group</a>, All Rights Reserved.</p>
 
 		</div>
 

phpBB/docs/lighttpd.sample.conf

@@ -0,0 +1,60 @@
+# Sample lighttpd configuration file for phpBB.
+# Global settings have been removed, copy them
+# from your system's lighttpd.conf.
+# Tested with lighttpd 1.4.26
+
+# Load moules
+server.modules += ( 
+	"mod_access",
+	"mod_fastcgi",
+	"mod_accesslog"
+)
+
+# If you have domains with and without www prefix,
+# redirect one to the other.
+$HTTP["host"] =~ "^(myforums\.com)$" {
+	url.redirect = (
+		".*"	=> "http://www.%1$0"
+	)
+}
+
+$HTTP["host"] == "www.myforums.com" {
+	server.name				= "www.myforums.com"
+	server.document-root	= "/path/to/phpbb"
+	server.dir-listing		= "disable"
+	
+	index-file.names		= ( "index.php", "index.htm", "index.html" )
+	accesslog.filename		= "/var/log/lighttpd/access-www.myforums.com.log"
+	
+	# Deny access to internal phpbb files.	
+	$HTTP["url"] =~ "^/(config\.php|common\.php|includes|cache|files|store|images/avatars/upload)" {
+		url.access-deny = ( "" )
+	}
+
+	# Deny access to version control system directories.
+	$HTTP["url"] =~ "/\.svn|/\.git" {
+		url.access-deny = ( "" )
+	}
+	
+	# Deny access to apache configuration files.
+	$HTTP["url"] =~ "/\.htaccess|/\.htpasswd|/\.htgroups" {
+		url.access-deny = ( "" )
+	}
+
+	fastcgi.server = ( ".php" => 
+		((
+			"bin-path" => "/usr/bin/php-cgi",
+			"socket" => "/tmp/php.socket",
+			"max-procs" => 4,
+			"idle-timeout" => 30,
+			"bin-environment" => ( 
+				"PHP_FCGI_CHILDREN" => "10",
+				"PHP_FCGI_MAX_REQUESTS" => "10000"
+			),
+			"bin-copy-environment" => (
+				"PATH", "SHELL", "USER"
+			),
+			"broken-scriptfilename" => "enable"
+		))
+	)
+}

phpBB/docs/nginx.sample.conf

@@ -10,14 +10,23 @@ http {
     gzip_vary on;
     gzip_http_version 1.1;
     gzip_min_length 700;
+    
+    # Compression levels over 6 do not give an appreciable improvement
+    # in compression ratio, but take more resources.
     gzip_comp_level 6;
-    gzip_disable "MSIE [1-6]\.";
+    
+    # IE 6 and lower do not support gzip with Vary correctly.
+    gzip_disable "msie6";
+    # Before nginx 0.7.63:
+    #gzip_disable "MSIE [1-6]\.";
 
     # Catch-all server for requests to invalid hosts.
     # Also catches vulnerability scanners probing IP addresses.
-    # Should be first.
     server {
-        listen 80;
+        # default specifies that this block is to be used when
+        # no other block matches.
+        listen 80 default;
+
         server_name bogus;
         return 444;
         root /var/empty;
@@ -26,14 +35,20 @@ http {
     # If you have domains with and without www prefix,
     # redirect one to the other.
     server {
-        listen 80;
+        # Default port is 80.
+        #listen 80;
+
         server_name myforums.com;
-        rewrite ^(.*)$ http://www.myforums.com$1 permanent;
+
+        # A trick from http://wiki.nginx.org/Pitfalls#Taxing_Rewrites:
+        rewrite ^ http://www.myforums.com$request_uri permanent;
+        # Equivalent to:
+        #rewrite ^(.*)$ http://www.myforums.com$1 permanent;
     }
 
     # The actual board domain.
     server {
-        listen 80;
+        #listen 80;
         server_name www.myforums.com;
 
         root /path/to/phpbb;
@@ -46,6 +61,9 @@ http {
         # Deny access to internal phpbb files.
         location ~ /(config\.php|common\.php|includes|cache|files|store|images/avatars/upload) {
             deny all;
+            # deny was ignored before 0.8.40 for connections over IPv6.
+            # Use internal directive to prohibit access on older versions.
+            internal;
         }
 
         # Pass the php scripts to fastcgi server specified in upstream declaration.
@@ -60,6 +78,7 @@ http {
         # Deny access to version control system directories.
         location ~ /\.svn|/\.git {
             deny all;
+            internal;
         }
     }
 

phpBB/download/file.php

@@ -31,12 +31,7 @@ else if (isset($_SERVER['HTTP_USER_AGENT']) && strpos($_SERVER['HTTP_USER_AGENT'
 
 if (isset($_GET['avatar']))
 {
-	if (!defined('E_DEPRECATED'))
-	{
-		define('E_DEPRECATED', 8192);
-	}
-	error_reporting(E_ALL ^ E_NOTICE ^ E_DEPRECATED);
-
+	require($phpbb_root_path . 'includes/startup.' . $phpEx);
 	require($phpbb_root_path . 'config.' . $phpEx);
 
 	if (!defined('PHPBB_INSTALLED') || empty($dbms) || empty($acm_type))
@@ -64,7 +59,7 @@ if (isset($_GET['avatar']))
 	$browser = (!empty($_SERVER['HTTP_USER_AGENT'])) ? htmlspecialchars((string) $_SERVER['HTTP_USER_AGENT']) : 'msie 6.0';
 
 	$config = $cache->obtain_config();
-	$filename = $_GET['avatar'];
+	$filename = request_var('avatar', '');
 	$avatar_group = false;
 	$exit = false;
 
@@ -125,11 +120,13 @@ $user->setup('viewtopic');
 
 if (!$download_id)
 {
+	send_status_line(404, 'Not Found');
 	trigger_error('NO_ATTACHMENT_SELECTED');
 }
 
 if (!$config['allow_attachments'] && !$config['allow_pm_attach'])
 {
+	send_status_line(404, 'Not Found');
 	trigger_error('ATTACHMENT_FUNCTIONALITY_DISABLED');
 }
 
@@ -142,11 +139,13 @@ $db->sql_freeresult($result);
 
 if (!$attachment)
 {
+	send_status_line(404, 'Not Found');
 	trigger_error('ERROR_NO_ATTACHMENT');
 }
 
 if ((!$attachment['in_message'] && !$config['allow_attachments']) || ($attachment['in_message'] && !$config['allow_pm_attach']))
 {
+	send_status_line(404, 'Not Found');
 	trigger_error('ATTACHMENT_FUNCTIONALITY_DISABLED');
 }
 
@@ -159,6 +158,7 @@ if ($attachment['is_orphan'])
 
 	if (!$own_attachment || ($attachment['in_message'] && !$auth->acl_get('u_pm_download')) || (!$attachment['in_message'] && !$auth->acl_get('u_download')))
 	{
+		send_status_line(404, 'Not Found');
 		trigger_error('ERROR_NO_ATTACHMENT');
 	}
 
@@ -191,6 +191,7 @@ else
 		}
 		else
 		{
+			send_status_line(403, 'Forbidden');
 			trigger_error('SORRY_AUTH_VIEW_ATTACH');
 		}
 	}
@@ -231,6 +232,7 @@ else
 	$extensions = array();
 	if (!extension_allowed($row['forum_id'], $attachment['extension'], $extensions))
 	{
+		send_status_line(404, 'Forbidden');
 		trigger_error(sprintf($user->lang['EXTENSION_DISABLED_AFTER_POSTING'], $attachment['extension']));
 	}
 }
@@ -253,6 +255,7 @@ $db->sql_freeresult($result);
 
 if (!$attachment)
 {
+	send_status_line(404, 'Not Found');
 	trigger_error('ERROR_NO_ATTACHMENT');
 }
 
@@ -295,6 +298,7 @@ else
 		// This presenting method should no longer be used
 		if (!@is_dir($phpbb_root_path . $config['upload_path']))
 		{
+			send_status_line(500, 'Internal Server Error');
 			trigger_error($user->lang['PHYSICAL_DOWNLOAD_NOT_POSSIBLE']);
 		}
 
@@ -419,6 +423,7 @@ function send_file_to_browser($attachment, $upload_dir, $category)
 
 	if (!@file_exists($filename))
 	{
+		send_status_line(404, 'Not Found');
 		trigger_error($user->lang['ERROR_NO_ATTACHMENT'] . '<br /><br />' . sprintf($user->lang['FILE_NOT_FOUND_404'], $filename));
 	}
 
@@ -445,9 +450,11 @@ function send_file_to_browser($attachment, $upload_dir, $category)
 		// PHP track_errors setting On?
 		if (!empty($php_errormsg))
 		{
+			send_status_line(500, 'Internal Server Error');
 			trigger_error($user->lang['UNABLE_TO_DELIVER_FILE'] . '<br />' . sprintf($user->lang['TRACKED_PHP_ERROR'], $php_errormsg));
 		}
 
+		send_status_line(500, 'Internal Server Error');
 		trigger_error('UNABLE_TO_DELIVER_FILE');
 	}
 

phpBB/feed.php

@@ -95,11 +95,13 @@ while ($row = $feed->get_item())
 
 	$title = (isset($row[$feed->get('title')]) && $row[$feed->get('title')] !== '') ? $row[$feed->get('title')] : ((isset($row[$feed->get('title2')])) ? $row[$feed->get('title2')] : '');
 
-	$item_time = (int) $row[$feed->get('date')];
+	$published = ($feed->get('published') !== NULL) ? (int) $row[$feed->get('published')] : 0;
+	$updated = ($feed->get('updated') !== NULL) ? (int) $row[$feed->get('updated')] : 0;
 
 	$item_row = array(
 		'author'		=> ($feed->get('creator') !== NULL) ? $row[$feed->get('creator')] : '',
-		'pubdate'		=> feed_format_date($item_time),
+		'published'		=> ($published > 0) ? feed_format_date($published) : '',
+		'updated'		=> ($updated > 0) ? feed_format_date($updated) : '',
 		'link'			=> '',
 		'title'			=> censor_text($title),
 		'category'		=> ($config['feed_item_statistics'] && !empty($row['forum_id'])) ? $board_url . '/viewforum.' . $phpEx . '?f=' . $row['forum_id'] : '',
@@ -113,7 +115,7 @@ while ($row = $feed->get_item())
 
 	$item_vars[] = $item_row;
 
-	$feed_updated_time = max($feed_updated_time, $item_time);
+	$feed_updated_time = max($feed_updated_time, $published, $updated);
 }
 
 // If we do not have any items at all, sending the current time is better than sending no time.
@@ -171,6 +173,12 @@ if (defined('DEBUG_EXTRA') && request_var('explain', 0) && $auth->acl_get('a_'))
 header("Content-Type: application/atom+xml; charset=UTF-8");
 header("Last-Modified: " . gmdate('D, d M Y H:i:s', $feed_updated_time) . ' GMT');
 
+if (!empty($user->data['is_bot']))
+{
+	// Let reverse proxies know we detected a bot.
+	header('X-PHPBB-IS-BOT: yes');
+}
+
 echo '<?xml version="1.0" encoding="UTF-8"?>' . "\n";
 echo '<feed xmlns="http://www.w3.org/2005/Atom" xml:lang="' . $global_vars['FEED_LANG'] . '">' . "\n";
 echo '<link rel="self" type="application/atom+xml" href="' . $global_vars['SELF_LINK'] . '" />' . "\n\n";
@@ -192,7 +200,13 @@ foreach ($item_vars as $row)
 		echo '<author><name><![CDATA[' . $row['author'] . ']]></name></author>' . "\n";
 	}
 
-	echo '<updated>' . $row['pubdate'] . '</updated>' . "\n";
+	echo '<updated>' . ((!empty($row['updated'])) ? $row['updated'] : $row['published']) . '</updated>' . "\n";
+
+	if (!empty($row['published']))
+	{
+		echo '<published>' . $row['published'] . '</published>' . "\n";
+	}
+
 	echo '<id>' . $row['link'] . '</id>' . "\n";
 	echo '<link href="' . $row['link'] . '"/>' . "\n";
 	echo '<title type="html"><![CDATA[' . $row['title'] . ']]></title>' . "\n\n";
@@ -596,30 +610,9 @@ class phpbb_feed_base
 
 	function get_passworded_forums()
 	{
-		global $db, $user;
+		global $user;
 
-		// Exclude passworded forums
-		$sql = 'SELECT f.forum_id, fa.user_id
-			FROM ' . FORUMS_TABLE . ' f
-			LEFT JOIN ' . FORUMS_ACCESS_TABLE . " fa
-				ON (fa.forum_id = f.forum_id
-					AND fa.session_id = '" . $db->sql_escape($user->session_id) . "')
-			WHERE f.forum_password <> ''";
-		$result = $db->sql_query($sql);
-
-		$forum_ids = array();
-		while ($row = $db->sql_fetchrow($result))
-		{
-			$forum_id = (int) $row['forum_id'];
-
-			if ($row['user_id'] != $user->data['user_id'])
-			{
-				$forum_ids[$forum_id] = $forum_id;
-			}
-		}
-		$db->sql_freeresult($result);
-
-		return $forum_ids;
+		return $user->get_passworded_forums();
 	}
 
 	function get_item()
@@ -675,7 +668,8 @@ class phpbb_feed_post_base extends phpbb_feed_base
 
 		$this->set('author_id',	'user_id');
 		$this->set('creator',	'username');
-		$this->set('date',		'post_time');
+		$this->set('published',	'post_time');
+		$this->set('updated',	'post_edit_time');
 		$this->set('text',		'post_text');
 
 		$this->set('bitfield',	'bbcode_bitfield');
@@ -695,7 +689,7 @@ class phpbb_feed_post_base extends phpbb_feed_base
 		if ($config['feed_item_statistics'])
 		{
 			$item_row['statistics'] = $user->lang['POSTED'] . ' ' . $user->lang['POST_BY_AUTHOR'] . ' ' . $this->user_viewprofile($row)
-				. ' ' . $this->separator_stats . ' ' . $user->format_date($row['post_time'])
+				. ' ' . $this->separator_stats . ' ' . $user->format_date($row[$this->get('published')])
 				. (($this->is_moderator_approve_forum($row['forum_id']) && !$row['post_approved']) ? ' ' . $this->separator_stats . ' ' . $user->lang['POST_UNAPPROVED'] : '');
 		}
 	}
@@ -717,7 +711,8 @@ class phpbb_feed_topic_base extends phpbb_feed_base
 
 		$this->set('author_id',	'topic_poster');
 		$this->set('creator',	'topic_first_poster_name');
-		$this->set('date',		'topic_time');
+		$this->set('published',	'post_time');
+		$this->set('updated',	'post_edit_time');
 		$this->set('text',		'post_text');
 
 		$this->set('bitfield',	'bbcode_bitfield');
@@ -737,7 +732,7 @@ class phpbb_feed_topic_base extends phpbb_feed_base
 		if ($config['feed_item_statistics'])
 		{
 			$item_row['statistics'] = $user->lang['POSTED'] . ' ' . $user->lang['POST_BY_AUTHOR'] . ' ' . $this->user_viewprofile($row)
-				. ' ' . $this->separator_stats . ' ' . $user->format_date($row[$this->get('date')])
+				. ' ' . $this->separator_stats . ' ' . $user->format_date($row[$this->get('published')])
 				. ' ' . $this->separator_stats . ' ' . $user->lang['REPLIES'] . ' ' . (($this->is_moderator_approve_forum($row['forum_id'])) ? $row['topic_replies_real'] : $row['topic_replies'])
 				. ' ' . $this->separator_stats . ' ' . $user->lang['VIEWS'] . ' ' . $row['topic_views']
 				. (($this->is_moderator_approve_forum($row['forum_id']) && ($row['topic_replies_real'] != $row['topic_replies'])) ? ' ' . $this->separator_stats . ' ' . $user->lang['POSTS_UNAPPROVED'] : '');
@@ -800,7 +795,7 @@ class phpbb_feed_overall extends phpbb_feed_post_base
 		// Get the actual data
 		$this->sql = array(
 			'SELECT'	=>	'f.forum_id, f.forum_name, ' .
-							'p.post_id, p.topic_id, p.post_time, p.post_approved, p.post_subject, p.post_text, p.bbcode_bitfield, p.bbcode_uid, p.enable_bbcode, p.enable_smilies, p.enable_magic_url, ' .
+							'p.post_id, p.topic_id, p.post_time, p.post_edit_time, p.post_approved, p.post_subject, p.post_text, p.bbcode_bitfield, p.bbcode_uid, p.enable_bbcode, p.enable_smilies, p.enable_magic_url, ' .
 							'u.username, u.user_id',
 			'FROM'		=> array(
 				USERS_TABLE		=> 'u',
@@ -932,7 +927,7 @@ class phpbb_feed_forum extends phpbb_feed_post_base
 		}
 
 		$this->sql = array(
-			'SELECT'	=>	'p.post_id, p.topic_id, p.post_time, p.post_approved, p.post_subject, p.post_text, p.bbcode_bitfield, p.bbcode_uid, p.enable_bbcode, p.enable_smilies, p.enable_magic_url, ' .
+			'SELECT'	=>	'p.post_id, p.topic_id, p.post_time, p.post_edit_time, p.post_approved, p.post_subject, p.post_text, p.bbcode_bitfield, p.bbcode_uid, p.enable_bbcode, p.enable_smilies, p.enable_magic_url, ' .
 							'u.username, u.user_id',
 			'FROM'		=> array(
 				POSTS_TABLE		=> 'p',
@@ -1097,7 +1092,7 @@ class phpbb_feed_topic extends phpbb_feed_post_base
 		global $auth, $db;
 
 		$this->sql = array(
-			'SELECT'	=>	'p.post_id, p.post_time, p.post_approved, p.post_subject, p.post_text, p.bbcode_bitfield, p.bbcode_uid, p.enable_bbcode, p.enable_smilies, p.enable_magic_url, ' .
+			'SELECT'	=>	'p.post_id, p.post_time, p.post_edit_time, p.post_approved, p.post_subject, p.post_text, p.bbcode_bitfield, p.bbcode_uid, p.enable_bbcode, p.enable_smilies, p.enable_magic_url, ' .
 							'u.username, u.user_id',
 			'FROM'		=> array(
 				POSTS_TABLE		=> 'p',
@@ -1136,7 +1131,7 @@ class phpbb_feed_forums extends phpbb_feed_base
 		$this->set('text',		'forum_desc');
 		$this->set('bitfield',	'forum_desc_bitfield');
 		$this->set('bbcode_uid','forum_desc_uid');
-		$this->set('date',		'forum_last_post_time');
+		$this->set('updated',	'forum_last_post_time');
 		$this->set('options',	'forum_desc_options');
 	}
 
@@ -1261,8 +1256,8 @@ class phpbb_feed_news extends phpbb_feed_topic_base
 
 		$this->sql = array(
 			'SELECT'	=> 'f.forum_id, f.forum_name,
-							t.topic_id, t.topic_title, t.topic_poster, t.topic_first_poster_name, t.topic_replies, t.topic_replies_real, t.topic_views, t.topic_time,
-							p.post_id, p.post_time, p.post_text, p.bbcode_bitfield, p.bbcode_uid, p.enable_bbcode, p.enable_smilies, p.enable_magic_url',
+							t.topic_id, t.topic_title, t.topic_poster, t.topic_first_poster_name, t.topic_replies, t.topic_replies_real, t.topic_views, t.topic_time, t.topic_last_post_time,
+							p.post_id, p.post_time, p.post_edit_time, p.post_text, p.bbcode_bitfield, p.bbcode_uid, p.enable_bbcode, p.enable_smilies, p.enable_magic_url',
 			'FROM'		=> array(
 				TOPICS_TABLE	=> 't',
 				POSTS_TABLE		=> 'p',
@@ -1334,8 +1329,8 @@ class phpbb_feed_topics extends phpbb_feed_topic_base
 
 		$this->sql = array(
 			'SELECT'	=> 'f.forum_id, f.forum_name,
-							t.topic_id, t.topic_title, t.topic_poster, t.topic_first_poster_name, t.topic_replies, t.topic_replies_real, t.topic_views, t.topic_time,
-							p.post_id, p.post_time, p.post_text, p.bbcode_bitfield, p.bbcode_uid, p.enable_bbcode, p.enable_smilies, p.enable_magic_url',
+							t.topic_id, t.topic_title, t.topic_poster, t.topic_first_poster_name, t.topic_replies, t.topic_replies_real, t.topic_views, t.topic_time, t.topic_last_post_time,
+							p.post_id, p.post_time, p.post_edit_time, p.post_text, p.bbcode_bitfield, p.bbcode_uid, p.enable_bbcode, p.enable_smilies, p.enable_magic_url',
 			'FROM'		=> array(
 				TOPICS_TABLE	=> 't',
 				POSTS_TABLE		=> 'p',
@@ -1381,8 +1376,6 @@ class phpbb_feed_topics_active extends phpbb_feed_topic_base
 
 		$this->set('author_id',	'topic_last_poster_id');
 		$this->set('creator',	'topic_last_poster_name');
-		$this->set('date',		'topic_last_post_time');
-		$this->set('text',		'post_text');
 	}
 
 	function get_sql()
@@ -1434,7 +1427,7 @@ class phpbb_feed_topics_active extends phpbb_feed_topic_base
 			'SELECT'	=> 'f.forum_id, f.forum_name,
 							t.topic_id, t.topic_title, t.topic_replies, t.topic_replies_real, t.topic_views,
 							t.topic_last_poster_id, t.topic_last_poster_name, t.topic_last_post_time,
-							p.post_id, p.post_time, p.post_text, p.bbcode_bitfield, p.bbcode_uid, p.enable_bbcode, p.enable_smilies, p.enable_magic_url',
+							p.post_id, p.post_time, p.post_edit_time, p.post_text, p.bbcode_bitfield, p.bbcode_uid, p.enable_bbcode, p.enable_smilies, p.enable_magic_url',
 			'FROM'		=> array(
 				TOPICS_TABLE	=> 't',
 				POSTS_TABLE		=> 'p',

phpBB/includes/acm/acm_file.php

@@ -88,11 +88,11 @@ class acm
 			if (!phpbb_is_writable($this->cache_dir))
 			{
 				// We need to use die() here, because else we may encounter an infinite loop (the message handler calls $cache->unload())
-				die($this->cache_dir . ' is NOT writable.');
+				die('Fatal: ' . $this->cache_dir . ' is NOT writable.');
 				exit;
 			}
 
-			die('Not able to open ' . $this->cache_dir . 'data_global.' . $phpEx);
+			die('Fatal: Not able to open ' . $this->cache_dir . 'data_global.' . $phpEx);
 			exit;
 		}
 

phpBB/includes/acm/acm_redis.php

@@ -0,0 +1,145 @@
+<?php
+/**
+*
+* @package acm
+* @copyright (c) 2011 phpBB Group
+* @license http://opensource.org/licenses/gpl-license.php GNU Public License
+*
+*/
+
+/**
+* @ignore
+*/
+if (!defined('IN_PHPBB'))
+{
+	exit;
+}
+
+// Include the abstract base
+if (!class_exists('acm_memory'))
+{
+	require("{$phpbb_root_path}includes/acm/acm_memory.$phpEx");
+}
+
+if (!defined('PHPBB_ACM_REDIS_PORT'))
+{
+	define('PHPBB_ACM_REDIS_PORT', 6379);
+}
+
+if (!defined('PHPBB_ACM_REDIS_HOST'))
+{
+	define('PHPBB_ACM_REDIS_HOST', 'localhost');
+}
+
+/**
+* ACM for Redis
+*
+* Compatible with the php extension phpredis available
+* at https://github.com/nicolasff/phpredis
+*
+* @package acm
+*/
+class acm extends acm_memory
+{
+	var $extension = 'redis';
+
+	var $redis;
+
+	function acm()
+	{
+		// Call the parent constructor
+		parent::acm_memory();
+
+		$this->redis = new Redis();
+		$this->redis->connect(PHPBB_ACM_REDIS_HOST, PHPBB_ACM_REDIS_PORT);
+
+		if (defined('PHPBB_ACM_REDIS_PASSWORD'))
+		{
+			if (!$this->redis->auth(PHPBB_ACM_REDIS_PASSWORD))
+			{
+				global $acm_type;
+
+				trigger_error("Incorrect password for the ACM module $acm_type.", E_USER_ERROR);
+			}
+		}
+
+		$this->redis->setOption(Redis::OPT_SERIALIZER, Redis::SERIALIZER_PHP);
+		$this->redis->setOption(Redis::OPT_PREFIX, $this->key_prefix);
+
+		if (defined('PHPBB_ACM_REDIS_DB'))
+		{
+			if (!$this->redis->select(PHPBB_ACM_REDIS_DB))
+			{
+				global $acm_type;
+
+				trigger_error("Incorrect database for the ACM module $acm_type.", E_USER_ERROR);
+			}
+		}
+	}
+
+	/**
+	* Unload the cache resources
+	*
+	* @return void
+	*/
+	function unload()
+	{
+		parent::unload();
+
+		$this->redis->close();
+	}
+
+	/**
+	* Purge cache data
+	*
+	* @return void
+	*/
+	function purge()
+	{
+		$this->redis->flushDB();
+
+		parent::purge();
+	}
+
+	/**
+	* Fetch an item from the cache
+	*
+	* @access protected
+	* @param string $var Cache key
+	* @return mixed Cached data
+	*/
+	function _read($var)
+	{
+		return $this->redis->get($var);
+	}
+
+	/**
+	* Store data in the cache
+	*
+	* @access protected
+	* @param string $var Cache key
+	* @param mixed $data Data to store
+	* @param int $ttl Time-to-live of cached data
+	* @return bool True if the operation succeeded
+	*/
+	function _write($var, $data, $ttl = 2592000)
+	{
+		return $this->redis->setex($var, $ttl, $data);
+	}
+
+	/**
+	* Remove an item from the cache
+	*
+	* @access protected
+	* @param string $var Cache key
+	* @return bool True if the operation succeeded
+	*/
+	function _delete($var)
+	{
+		if ($this->redis->delete($var) > 0)
+		{
+			return true;
+		}
+		return false;
+	}
+}

phpBB/includes/acm/acm_wincache.php

@@ -0,0 +1,84 @@
+<?php
+/**
+*
+* @package acm
+* @copyright (c) 2010 phpBB Group
+* @license http://opensource.org/licenses/gpl-license.php GNU Public License
+*
+*/
+
+/**
+* @ignore
+*/
+if (!defined('IN_PHPBB'))
+{
+	exit;
+}
+
+// Include the abstract base
+if (!class_exists('acm_memory'))
+{
+	require("{$phpbb_root_path}includes/acm/acm_memory.$phpEx");
+}
+
+/**
+* ACM for WinCache
+* @package acm
+*/
+class acm extends acm_memory
+{
+	var $extension = 'wincache';
+
+	/**
+	* Purge cache data
+	*
+	* @return void
+	*/
+	function purge()
+	{
+		wincache_ucache_clear();
+
+		parent::purge();
+	}
+
+	/**
+	* Fetch an item from the cache
+	*
+	* @access protected
+	* @param string $var Cache key
+	* @return mixed Cached data
+	*/
+	function _read($var)
+	{
+		$success = false;
+		$result = wincache_ucache_get($this->key_prefix . $var, $success);
+
+		return ($success) ? $result : false;
+	}
+
+	/**
+	* Store data in the cache
+	*
+	* @access protected
+	* @param string $var Cache key
+	* @param mixed $data Data to store
+	* @param int $ttl Time-to-live of cached data
+	* @return bool True if the operation succeeded
+	*/
+	function _write($var, $data, $ttl = 2592000)
+	{
+		return wincache_ucache_set($this->key_prefix . $var, $data, $ttl);
+	}
+
+	/**
+	* Remove an item from the cache
+	*
+	* @access protected
+	* @param string $var Cache key
+	* @return bool True if the operation succeeded
+	*/
+	function _delete($var)
+	{
+		return wincache_ucache_delete($this->key_prefix . $var);
+	}
+}

phpBB/includes/acp/acp_ban.php

@@ -175,12 +175,21 @@ class acp_ban
 		}
 		$result = $db->sql_query($sql);
 
-		$banned_options = '';
+		$banned_options = $excluded_options = array();
 		$ban_length = $ban_reasons = $ban_give_reasons = array();
 
 		while ($row = $db->sql_fetchrow($result))
 		{
-			$banned_options .= '<option' . (($row['ban_exclude']) ? ' class="sep"' : '') . ' value="' . $row['ban_id'] . '">' . $row[$field] . '</option>';
+			$option = '<option value="' . $row['ban_id'] . '">' . $row[$field] . '</option>';
+
+			if ($row['ban_exclude'])
+			{
+				$excluded_options[] = $option;
+			}
+			else
+			{
+				$banned_options[] = $option;
+			}
 
 			$time_length = ($row['ban_end']) ? ($row['ban_end'] - $row['ban_start']) / 60 : 0;
 
@@ -241,11 +250,26 @@ class acp_ban
 			}
 		}
 
+		$options = '';
+		if ($excluded_options)
+		{
+			$options .= '<optgroup label="' . $user->lang['OPTIONS_EXCLUDED'] . '">';
+			$options .= implode('', $excluded_options);
+			$options .= '</optgroup>';
+		}
+
+		if ($banned_options)
+		{
+			$options .= '<optgroup label="' . $user->lang['OPTIONS_BANNED'] . '">';
+			$options .= implode('', $banned_options);
+			$options .= '</optgroup>';
+		}
+
 		$template->assign_vars(array(
 			'S_BAN_END_OPTIONS'	=> $ban_end_options,
-			'S_BANNED_OPTIONS'	=> ($banned_options) ? true : false,
-			'BANNED_OPTIONS'	=> $banned_options)
-		);
+			'S_BANNED_OPTIONS'	=> ($banned_options || $excluded_options) ? true : false,
+			'BANNED_OPTIONS'	=> $options,
+		));
 	}
 }
 

phpBB/includes/acp/acp_bbcodes.php

@@ -213,7 +213,7 @@ class acp_bbcodes
 							$bbcode_id = NUM_CORE_BBCODES + 1;
 						}
 
-						if ($bbcode_id > 1511)
+						if ($bbcode_id > BBCODE_LIMIT)
 						{
 							trigger_error($user->lang['TOO_MANY_BBCODES'] . adm_back_link($this->u_action), E_USER_WARNING);
 						}

phpBB/includes/acp/acp_board.php

@@ -188,7 +188,7 @@ class acp_board
 						'hot_threshold'			=> array('lang' => 'HOT_THRESHOLD',			'validate' => 'int:0',		'type' => 'text:3:4', 'explain' => true),
 						'max_poll_options'		=> array('lang' => 'MAX_POLL_OPTIONS',		'validate' => 'int:2:127',	'type' => 'text:4:4', 'explain' => false),
 						'max_post_chars'		=> array('lang' => 'CHAR_LIMIT',			'validate' => 'int:0',		'type' => 'text:4:6', 'explain' => true),
-						'min_post_chars'		=> array('lang' => 'MIN_CHAR_LIMIT',		'validate' => 'int:0',		'type' => 'text:4:6', 'explain' => true),
+						'min_post_chars'		=> array('lang' => 'MIN_CHAR_LIMIT',		'validate' => 'int:1',		'type' => 'text:4:6', 'explain' => true),
 						'max_post_smilies'		=> array('lang' => 'SMILIES_LIMIT',			'validate' => 'int:0',		'type' => 'text:4:4', 'explain' => true),
 						'max_post_urls'			=> array('lang' => 'MAX_POST_URLS',			'validate' => 'int:0',		'type' => 'text:5:4', 'explain' => true),
 						'max_post_font_size'	=> array('lang' => 'MAX_POST_FONT_SIZE',	'validate' => 'int:0',		'type' => 'text:5:4', 'explain' => true, 'append' => ' %'),
@@ -386,6 +386,9 @@ class acp_board
 						'pass_complex'			=> array('lang' => 'PASSWORD_TYPE',			'validate' => 'string',	'type' => 'select', 'method' => 'select_password_chars', 'explain' => true),
 						'chg_passforce'			=> array('lang' => 'FORCE_PASS_CHANGE',		'validate' => 'int:0',	'type' => 'text:3:3', 'explain' => true, 'append' => ' ' . $user->lang['DAYS']),
 						'max_login_attempts'	=> array('lang' => 'MAX_LOGIN_ATTEMPTS',	'validate' => 'int:0',	'type' => 'text:3:3', 'explain' => true),
+						'ip_login_limit_max'	=> array('lang' => 'IP_LOGIN_LIMIT_MAX',	'validate' => 'int:0',	'type' => 'text:3:3', 'explain' => true),
+						'ip_login_limit_time'	=> array('lang' => 'IP_LOGIN_LIMIT_TIME',	'validate' => 'int:0',	'type' => 'text:5:5', 'explain' => true, 'append' => ' ' . $user->lang['SECONDS']),
+						'ip_login_limit_use_forwarded'	=> array('lang' => 'IP_LOGIN_LIMIT_USE_FORWARDED',	'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
 						'tpl_allow_php'			=> array('lang' => 'TPL_ALLOW_PHP',			'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
 						'form_token_lifetime'	=> array('lang' => 'FORM_TIME_MAX',			'validate' => 'int:-1',	'type' => 'text:5:5', 'explain' => true, 'append' => ' ' . $user->lang['SECONDS']),
 						'form_token_sid_guests'	=> array('lang' => 'FORM_SID_GUESTS',		'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
@@ -769,13 +772,20 @@ class acp_board
 	{
 		global $user, $config;
 
-		$radio_ary = array(USER_ACTIVATION_DISABLE => 'ACC_DISABLE', USER_ACTIVATION_NONE => 'ACC_NONE');
+		$radio_ary = array(
+			USER_ACTIVATION_DISABLE => 'ACC_DISABLE',
+			USER_ACTIVATION_NONE => 'ACC_NONE',
+		);
+
 		if ($config['email_enable'])
 		{
-			$radio_ary += array(USER_ACTIVATION_SELF => 'ACC_USER', USER_ACTIVATION_ADMIN => 'ACC_ADMIN');
+			$radio_ary[USER_ACTIVATION_SELF] = 'ACC_USER';
+			$radio_ary[USER_ACTIVATION_ADMIN] = 'ACC_ADMIN';
 		}
 
-		return h_radio('config[require_activation]', $radio_ary, $value, $key);
+		$radio_text = h_radio('config[require_activation]', $radio_ary, $value, 'require_activation', $key, '<br />');
+
+		return $radio_text;
 	}
 
 	/**

phpBB/includes/acp/acp_database.php

@@ -221,6 +221,7 @@ class acp_database
 					case 'submit':
 						$delete = request_var('delete', '');
 						$file = request_var('file', '');
+						$download = request_var('download', '');
 
 						if (!preg_match('#^backup_\d{10,}_[a-z\d]{16}\.(sql(?:\.(?:gz|bz2))?)$#', $file, $matches))
 						{
@@ -247,10 +248,8 @@ class acp_database
 								confirm_box(false, $user->lang['DELETE_SELECTED_BACKUP'], build_hidden_fields(array('delete' => $delete, 'file' => $file)));
 							}
 						}
-						else
+						else if ($download || confirm_box(true))
 						{
-							$download = request_var('download', '');
-
 							if ($download)
 							{
 								$name = $matches[0];
@@ -411,6 +410,10 @@ class acp_database
 							trigger_error($user->lang['RESTORE_SUCCESS'] . adm_back_link($this->u_action));
 							break;
 						}
+						else if (!$download)
+						{
+							confirm_box(false, $user->lang['RESTORE_SELECTED_BACKUP'], build_hidden_fields(array('file' => $file)));
+						}
 
 					default:
 						$methods = array('sql');

phpBB/includes/acp/acp_disallow.php

@@ -56,6 +56,18 @@ class acp_disallow
 				trigger_error($user->lang['NO_USERNAME_SPECIFIED'] . adm_back_link($this->u_action), E_USER_WARNING);
 			}
 
+			$sql = 'SELECT disallow_id
+				FROM ' . DISALLOW_TABLE . "
+				WHERE disallow_username = '" . $db->sql_escape($disallowed_user) . "'";
+			$result = $db->sql_query($sql);
+			$row = $db->sql_fetchrow($result);
+			$db->sql_freeresult($result);
+
+			if ($row)
+			{
+				trigger_error($user->lang['DISALLOWED_ALREADY'] . adm_back_link($this->u_action), E_USER_WARNING);
+			}
+
 			$sql = 'INSERT INTO ' . DISALLOW_TABLE . ' ' . $db->sql_build_array('INSERT', array('disallow_username' => $disallowed_user));
 			$db->sql_query($sql);
 

phpBB/includes/acp/acp_email.php

@@ -82,23 +82,48 @@ class acp_email
 				{
 					if ($group_id)
 					{
-						$sql = 'SELECT u.user_email, u.username, u.username_clean, u.user_lang, u.user_jabber, u.user_notify_type
-							FROM ' . USERS_TABLE . ' u, ' . USER_GROUP_TABLE . ' ug
-							WHERE ug.group_id = ' . $group_id . '
+						$sql_ary = array(
+							'SELECT'	=> 'u.user_email, u.username, u.username_clean, u.user_lang, u.user_jabber, u.user_notify_type',
+							'FROM'		=> array(
+								USERS_TABLE			=> 'u',
+								USER_GROUP_TABLE	=> 'ug',
+							),
+							'WHERE'		=> 'ug.group_id = ' . $group_id . '
 								AND ug.user_pending = 0
 								AND u.user_id = ug.user_id
 								AND u.user_allow_massemail = 1
-								AND u.user_type IN (' . USER_NORMAL . ', ' . USER_FOUNDER . ')
-							ORDER BY u.user_lang, u.user_notify_type';
+								AND u.user_type IN (' . USER_NORMAL . ', ' . USER_FOUNDER . ')',
+							'ORDER_BY'	=> 'u.user_lang, u.user_notify_type',
+						);
 					}
 					else
 					{
-						$sql = 'SELECT username, username_clean, user_email, user_jabber, user_notify_type, user_lang
-							FROM ' . USERS_TABLE . '
-							WHERE user_allow_massemail = 1
-								AND user_type IN (' . USER_NORMAL . ', ' . USER_FOUNDER . ')
-							ORDER BY user_lang, user_notify_type';
+						$sql_ary = array(
+							'SELECT'	=> 'u.username, u.username_clean, u.user_email, u.user_jabber, u.user_lang, u.user_notify_type',
+							'FROM'		=> array(
+								USERS_TABLE	=> 'u',
+							),
+							'WHERE'		=> 'u.user_allow_massemail = 1
+								AND u.user_type IN (' . USER_NORMAL . ', ' . USER_FOUNDER . ')',
+							'ORDER_BY'	=> 'u.user_lang, u.user_notify_type',
+						);
 					}
+
+					// Mail banned or not
+					if (!isset($_REQUEST['mail_banned_flag']))
+					{
+						$sql_ary['WHERE'] .= ' AND (b.ban_id IS NULL
+						        OR b.ban_exclude = 1)';
+						$sql_ary['LEFT_JOIN'] = array(
+							array(
+								'FROM'	=> array(
+									BANLIST_TABLE	=> 'b',
+								),
+								'ON'	=> 'u.user_id = b.ban_userid',
+							),
+						);
+					}
+					$sql = $db->sql_build_query('SELECT', $sql_ary);
 				}
 				$result = $db->sql_query($sql);
 				$row = $db->sql_fetchrow($result);
@@ -111,8 +136,9 @@ class acp_email
 
 				$i = $j = 0;
 
-				// Send with BCC, no more than 50 recipients for one mail (to not exceed the limit)
-				$max_chunk_size = 50;
+				// Send with BCC
+				// Maximum number of bcc recipients
+				$max_chunk_size = (int) $config['email_max_chunk_size'];
 				$email_list = array();
 				$old_lang = $row['user_lang'];
 				$old_notify_type = $row['user_notify_type'];
@@ -169,10 +195,7 @@ class acp_email
 
 					$messenger->template('admin_send_email', $used_lang);
 
-					$messenger->headers('X-AntiAbuse: Board servername - ' . $config['server_name']);
-					$messenger->headers('X-AntiAbuse: User_id - ' . $user->data['user_id']);
-					$messenger->headers('X-AntiAbuse: Username - ' . $user->data['username']);
-					$messenger->headers('X-AntiAbuse: User IP - ' . $user->ip);
+					$messenger->anti_abuse_headers($config, $user);
 
 					$messenger->subject(htmlspecialchars_decode($subject));
 					$messenger->set_mail_priority($priority);

phpBB/includes/acp/acp_forums.php

@@ -212,15 +212,11 @@ class acp_forums
 
 						$message = ($action == 'add') ? $user->lang['FORUM_CREATED'] : $user->lang['FORUM_UPDATED'];
 
-						// Redirect to permissions
-						if ($auth->acl_get('a_fauth') && !$copied_permissions)
-						{
-							$message .= '<br /><br />' . sprintf($user->lang['REDIRECT_ACL'], '<a href="' . append_sid("{$phpbb_admin_path}index.$phpEx", 'i=permissions' . $acl_url) . '">', '</a>');
-						}
-
 						// redirect directly to permission settings screen if authed
 						if ($action == 'add' && !$copied_permissions && $auth->acl_get('a_fauth'))
 						{
+							$message .= '<br /><br />' . sprintf($user->lang['REDIRECT_ACL'], '<a href="' . append_sid("{$phpbb_admin_path}index.$phpEx", 'i=permissions' . $acl_url) . '">', '</a>');
+
 							meta_refresh(4, append_sid("{$phpbb_admin_path}index.$phpEx", 'i=permissions' . $acl_url));
 						}
 
@@ -875,7 +871,7 @@ class acp_forums
 
 		$errors = array();
 
-		if (!$forum_data['forum_name'])
+		if ($forum_data['forum_name'] == '')
 		{
 			$errors[] = $user->lang['FORUM_NAME_EMPTY'];
 		}

phpBB/includes/acp/acp_icons.php

@@ -394,6 +394,10 @@ class acp_icons
 					{
 						// skip images where add wasn't checked
 					}
+					else if (!file_exists($phpbb_root_path . $img_path . '/' . $image))
+					{
+						$errors[$image] = 'SMILIE_NO_FILE';
+					}
 					else
 					{
 						if ($image_width[$image] == 0 || $image_height[$image] == 0)

phpBB/includes/acp/acp_inactive.php

@@ -118,10 +118,7 @@ class acp_inactive
 
 								$messenger->to($row['user_email'], $row['username']);
 
-								$messenger->headers('X-AntiAbuse: Board servername - ' . $config['server_name']);
-								$messenger->headers('X-AntiAbuse: User_id - ' . $user->data['user_id']);
-								$messenger->headers('X-AntiAbuse: Username - ' . $user->data['username']);
-								$messenger->headers('X-AntiAbuse: User IP - ' . $user->ip);
+								$messenger->anti_abuse_headers($config, $user);
 
 								$messenger->assign_vars(array(
 									'USERNAME'	=> htmlspecialchars_decode($row['username']))
@@ -209,10 +206,7 @@ class acp_inactive
 							$messenger->to($row['user_email'], $row['username']);
 							$messenger->im($row['user_jabber'], $row['username']);
 
-							$messenger->headers('X-AntiAbuse: Board servername - ' . $config['server_name']);
-							$messenger->headers('X-AntiAbuse: User_id - ' . $user->data['user_id']);
-							$messenger->headers('X-AntiAbuse: Username - ' . $user->data['username']);
-							$messenger->headers('X-AntiAbuse: User IP - ' . $user->ip);
+							$messenger->anti_abuse_headers($config, $user);
 
 							$messenger->assign_vars(array(
 								'USERNAME'		=> htmlspecialchars_decode($row['username']),
@@ -301,7 +295,7 @@ class acp_inactive
 			'PAGINATION'	=> generate_pagination($this->u_action . "&$u_sort_param&users_per_page=$per_page", $inactive_count, $per_page, $start, true),
 			'USERS_PER_PAGE'	=> $per_page,
 
-			'U_ACTION'		=> $this->u_action . '&start=' . $start,
+			'U_ACTION'		=> $this->u_action . "&$u_sort_param&users_per_page=$per_page&start=$start",
 		));
 
 		$this->tpl_name = 'acp_inactive';

phpBB/includes/acp/acp_language.php

@@ -919,6 +919,9 @@ class acp_language
 				$default_lang_id = (int) $db->sql_fetchfield('lang_id');
 				$db->sql_freeresult($result);
 
+				// We want to notify the admin that custom profile fields need to be updated for the new language.
+				$notify_cpf_update = false;
+
 				// From the mysql documentation:
 				// Prior to MySQL 4.0.14, the target table of the INSERT statement cannot appear in the FROM clause of the SELECT part of the query. This limitation is lifted in 4.0.14.
 				// Due to this we stay on the safe side if we do the insertion "the manual way"
@@ -932,6 +935,7 @@ class acp_language
 				{
 					$row['lang_id'] = $lang_id;
 					$db->sql_query('INSERT INTO ' . PROFILE_LANG_TABLE . ' ' . $db->sql_build_array('INSERT', $row));
+					$notify_cpf_update = true;
 				}
 				$db->sql_freeresult($result);
 
@@ -944,12 +948,15 @@ class acp_language
 				{
 					$row['lang_id'] = $lang_id;
 					$db->sql_query('INSERT INTO ' . PROFILE_FIELDS_LANG_TABLE . ' ' . $db->sql_build_array('INSERT', $row));
+					$notify_cpf_update = true;
 				}
 				$db->sql_freeresult($result);
 
 				add_log('admin', 'LOG_LANGUAGE_PACK_INSTALLED', $lang_pack['name']);
 
-				trigger_error(sprintf($user->lang['LANGUAGE_PACK_INSTALLED'], $lang_pack['name']) . adm_back_link($this->u_action));
+				$message = sprintf($user->lang['LANGUAGE_PACK_INSTALLED'], $lang_pack['name']);
+				$message .= ($notify_cpf_update) ? '<br /><br />' . $user->lang['LANGUAGE_PACK_CPF_UPDATE'] : '';
+				trigger_error($message . adm_back_link($this->u_action));
 
 			break;
 
@@ -1055,14 +1062,14 @@ class acp_language
 				$iso_src .= htmlspecialchars_decode($row['lang_author']);
 				$compress->add_data($iso_src, 'language/' . $row['lang_iso'] . '/iso.txt');
 
-				// index.html files
-				$compress->add_data('', 'language/' . $row['lang_iso'] . '/index.html');
-				$compress->add_data('', 'language/' . $row['lang_iso'] . '/email/index.html');
-				$compress->add_data('', 'language/' . $row['lang_iso'] . '/acp/index.html');
+				// index.htm files
+				$compress->add_data('', 'language/' . $row['lang_iso'] . '/index.htm');
+				$compress->add_data('', 'language/' . $row['lang_iso'] . '/email/index.htm');
+				$compress->add_data('', 'language/' . $row['lang_iso'] . '/acp/index.htm');
 
 				if (sizeof($mod_files))
 				{
-					$compress->add_data('', 'language/' . $row['lang_iso'] . '/mods/index.html');
+					$compress->add_data('', 'language/' . $row['lang_iso'] . '/mods/index.htm');
 				}
 
 				$compress->close();
@@ -1217,7 +1224,7 @@ $lang = array_merge($lang, array(
 ';
 
 		// Language files in language root directory
-		$this->main_files = array("common.$phpEx", "groups.$phpEx", "install.$phpEx", "mcp.$phpEx", "memberlist.$phpEx", "posting.$phpEx", "search.$phpEx", "ucp.$phpEx", "viewforum.$phpEx", "viewtopic.$phpEx", "help_bbcode.$phpEx", "help_faq.$phpEx");
+		$this->main_files = array("captcha_qa.$phpEx", "captcha_recaptcha.$phpEx", "common.$phpEx", "groups.$phpEx", "install.$phpEx", "mcp.$phpEx", "memberlist.$phpEx", "posting.$phpEx", "search.$phpEx", "ucp.$phpEx", "viewforum.$phpEx", "viewtopic.$phpEx", "help_bbcode.$phpEx", "help_faq.$phpEx");
 	}
 
 	/**

phpBB/includes/acp/acp_logs.php

@@ -127,12 +127,12 @@ class acp_logs
 		// Grab log data
 		$log_data = array();
 		$log_count = 0;
-		view_log($mode, $log_data, $log_count, $config['topics_per_page'], $start, $forum_id, 0, 0, $sql_where, $sql_sort, $keywords);
+		$start = view_log($mode, $log_data, $log_count, $config['topics_per_page'], $start, $forum_id, 0, 0, $sql_where, $sql_sort, $keywords);
 
 		$template->assign_vars(array(
 			'L_TITLE'		=> $l_title,
 			'L_EXPLAIN'		=> $l_title_explain,
-			'U_ACTION'		=> $this->u_action,
+			'U_ACTION'		=> $this->u_action . "&$u_sort_param$keywords_param&start=$start",
 
 			'S_ON_PAGE'		=> on_page($log_count, $config['topics_per_page'], $start),
 			'PAGINATION'	=> generate_pagination($this->u_action . "&$u_sort_param$keywords_param", $log_count, $config['topics_per_page'], $start, true),

phpBB/includes/acp/acp_main.php

@@ -415,11 +415,8 @@ class acp_main
 		{
 			$latest_version_info = explode("\n", $latest_version_info);
 
-			$latest_version = str_replace('rc', 'RC', strtolower(trim($latest_version_info[0])));
-			$current_version = str_replace('rc', 'RC', strtolower($config['version']));
-
 			$template->assign_vars(array(
-				'S_VERSION_UP_TO_DATE'	=> version_compare($current_version, $latest_version, '<') ? false : true,
+				'S_VERSION_UP_TO_DATE'	=> phpbb_version_compare(trim($latest_version_info[0]), $config['version'], '<='),
 			));
 		}
 
@@ -521,7 +518,7 @@ class acp_main
 			'U_ADMIN_LOG'		=> append_sid("{$phpbb_admin_path}index.$phpEx", 'i=logs&amp;mode=admin'),
 			'U_INACTIVE_USERS'	=> append_sid("{$phpbb_admin_path}index.$phpEx", 'i=inactive&amp;mode=list'),
 			'U_VERSIONCHECK'	=> append_sid("{$phpbb_admin_path}index.$phpEx", 'i=update&amp;mode=version_check'),
-			'U_VERSIONCHECK_FORCE'	=> append_sid("{$phpbb_admin_path}index.$phpEx", 'i=1&amp;versioncheck_force=1'),
+			'U_VERSIONCHECK_FORCE'	=> append_sid("{$phpbb_admin_path}index.$phpEx", 'versioncheck_force=1'),
 
 			'S_ACTION_OPTIONS'	=> ($auth->acl_get('a_board')) ? true : false,
 			'S_FOUNDER'			=> ($user->data['user_type'] == USER_FOUNDER) ? true : false,
@@ -529,7 +526,7 @@ class acp_main
 		);
 
 		$log_data = array();
-		$log_count = 0;
+		$log_count = false;
 
 		if ($auth->acl_get('a_viewlogs'))
 		{
@@ -603,6 +600,17 @@ class acp_main
 			$template->assign_var('S_WRITABLE_CONFIG', (bool) (@fileperms($phpbb_root_path . 'config.' . $phpEx) & 0x0002));
 		}
 
+		if (extension_loaded('mbstring'))
+		{
+			$template->assign_vars(array(
+				'S_MBSTRING_LOADED'						=> true,
+				'S_MBSTRING_FUNC_OVERLOAD_FAIL'			=> (intval(@ini_get('mbstring.func_overload')) & (MB_OVERLOAD_MAIL | MB_OVERLOAD_STRING)),
+				'S_MBSTRING_ENCODING_TRANSLATION_FAIL'	=> (@ini_get('mbstring.encoding_translation') != 0),
+				'S_MBSTRING_HTTP_INPUT_FAIL'			=> (@ini_get('mbstring.http_input') != 'pass'),
+				'S_MBSTRING_HTTP_OUTPUT_FAIL'			=> (@ini_get('mbstring.http_output') != 'pass'),
+			));
+		}
+
 		// Fill dbms version if not yet filled
 		if (empty($config['dbms_version']))
 		{

phpBB/includes/acp/acp_php_info.php

@@ -67,6 +67,9 @@ class acp_php_info
 		$output = preg_replace('#<img border="0"#i', '<img', $output);
 		$output = str_replace(array('class="e"', 'class="v"', 'class="h"', '<hr />', '<font', '</font>'), array('class="row1"', 'class="row2"', '', '', '<span', '</span>'), $output);
 
+		// Fix invalid anchor names (eg "module_Zend Optimizer")
+		$output = preg_replace_callback('#<a name="([^"]+)">#', array($this, 'remove_spaces'), $output);
+
 		if (empty($output))
 		{
 			trigger_error('NO_PHPINFO_AVAILABLE', E_USER_WARNING);
@@ -79,6 +82,11 @@ class acp_php_info
 
 		$template->assign_var('PHPINFO', $output);
 	}
+	
+	function remove_spaces($matches)
+	{
+		return '<a name="' . str_replace(' ', '_', $matches[1]) . '">';
+	}
 }
 
 ?>

phpBB/includes/acp/acp_profile.php

@@ -512,7 +512,7 @@ class acp_profile
 					else if ($field_type == FIELD_INT && $key == 'field_default_value')
 					{
 						// Permit an empty string
-						if (request_var('field_default_value', '') === '')
+						if ($action == 'create' && request_var('field_default_value', '') === '')
 						{
 							$var = '';
 						}

phpBB/includes/acp/acp_ranks.php

@@ -199,7 +199,7 @@ class acp_ranks
 					'RANK_TITLE'		=> (isset($ranks['rank_title'])) ? $ranks['rank_title'] : '',
 					'S_FILENAME_LIST'	=> $filename_list,
 					'RANK_IMAGE'		=> ($edit_img) ? $phpbb_root_path . $config['ranks_path'] . '/' . $edit_img : $phpbb_admin_path . 'images/spacer.gif',
-					'S_SPECIAL_RANK'	=> (!isset($ranks['rank_special']) || $ranks['rank_special']) ? true : false,
+					'S_SPECIAL_RANK'	=> (isset($ranks['rank_special']) && $ranks['rank_special']) ? true : false,
 					'MIN_POSTS'			=> (isset($ranks['rank_min']) && !$ranks['rank_special']) ? $ranks['rank_min'] : 0)
 				);
 						

phpBB/includes/acp/acp_search.php

@@ -392,7 +392,18 @@ class acp_search
 									AND post_id <= ' . (int) ($post_counter + $this->batch_size);
 							$result = $db->sql_query($sql);
 
-							while ($row = $db->sql_fetchrow($result))
+							$buffer = $db->sql_buffer_nested_transactions();
+
+							if ($buffer)
+							{
+								$rows = $db->sql_fetchrowset($result);
+								$rows[] = false; // indicate end of array for while loop below
+
+								$db->sql_freeresult($result);
+							}
+
+							$i = 0;
+							while ($row = ($buffer ? $rows[$i++] : $db->sql_fetchrow($result)))
 							{
 								// Indexing enabled for this forum or global announcement?
 								// Global announcements get indexed by default.
@@ -402,7 +413,10 @@ class acp_search
 								}
 								$row_count++;
 							}
-							$db->sql_freeresult($result);
+							if (!$buffer)
+							{
+								$db->sql_freeresult($result);
+							}
 
 							$post_counter += $this->batch_size;
 						}

phpBB/includes/acp/acp_styles.php

@@ -510,6 +510,7 @@ parse_css_file = {PARSE_CSS_FILE}
 							$db->sql_transaction('commit');
 
 							$cache->destroy('sql', STYLES_IMAGESET_DATA_TABLE);
+							$cache->destroy('imageset_site_logo_md5');
 
 							add_log('admin', 'LOG_IMAGESET_REFRESHED', $imageset_row['imageset_name']);
 							trigger_error($user->lang['IMAGESET_REFRESHED'] . adm_back_link($this->u_action));
@@ -716,7 +717,7 @@ parse_css_file = {PARSE_CSS_FILE}
 		$save_changes	= (isset($_POST['save'])) ? true : false;
 
 		// make sure template_file path doesn't go upwards
-		$template_file = str_replace('..', '.', $template_file);
+		$template_file = preg_replace('#\.{2,}#', '.', $template_file);
 
 		// Retrieve some information about the template
 		$sql = 'SELECT template_storedb, template_path, template_name
@@ -1587,23 +1588,23 @@ parse_css_file = {PARSE_CSS_FILE}
 		{
 			case 'style':
 				$sql_from = STYLES_TABLE;
-				$sql_select = 'style_name';
+				$sql_select = 'style_id, style_name, template_id, theme_id, imageset_id';
 				$sql_where = 'AND style_active = 1';
 			break;
 
 			case 'template':
 				$sql_from = STYLES_TEMPLATE_TABLE;
-				$sql_select = 'template_name, template_path, template_storedb';
+				$sql_select = 'template_id, template_name, template_path, template_storedb';
 			break;
 
 			case 'theme':
 				$sql_from = STYLES_THEME_TABLE;
-				$sql_select = 'theme_name, theme_path, theme_storedb';
+				$sql_select = 'theme_id, theme_name, theme_path, theme_storedb';
 			break;
 
 			case 'imageset':
 				$sql_from = STYLES_IMAGESET_TABLE;
-				$sql_select = 'imageset_name, imageset_path';
+				$sql_select = 'imageset_id, imageset_name, imageset_path';
 			break;
 		}
 
@@ -1633,37 +1634,21 @@ parse_css_file = {PARSE_CSS_FILE}
 			trigger_error($user->lang['NO_' . $l_prefix] . adm_back_link($this->u_action), E_USER_WARNING);
 		}
 
-		$sql = "SELECT {$mode}_id, {$mode}_name
-			FROM $sql_from
-			WHERE {$mode}_id <> $style_id
-			$sql_where
-			ORDER BY {$mode}_name ASC";
-		$result = $db->sql_query($sql);
+		$s_only_component = $this->display_component_options($mode, $style_row[$mode . '_id'], $style_row);
 
-		$s_options = '';
-
-		if ($row = $db->sql_fetchrow($result))
-		{
-			do
-			{
-				$s_options .= '<option value="' . $row[$mode . '_id'] . '">' . $row[$mode . '_name'] . '</option>';
-			}
-			while ($row = $db->sql_fetchrow($result));
-		}
-		else
+		if ($s_only_component)
 		{
 			trigger_error($user->lang['ONLY_' . $l_prefix] . adm_back_link($this->u_action), E_USER_WARNING);
 		}
-		$db->sql_freeresult($result);
 
 		if ($update)
 		{
-			$sql = "DELETE FROM $sql_from
-				WHERE {$mode}_id = $style_id";
-			$db->sql_query($sql);
-
 			if ($mode == 'style')
 			{
+				$sql = "DELETE FROM $sql_from
+					WHERE {$mode}_id = $style_id";
+				$db->sql_query($sql);
+
 				$sql = 'UPDATE ' . USERS_TABLE . "
 					SET user_style = $new_id
 					WHERE user_style = $style_id";
@@ -1678,19 +1663,19 @@ parse_css_file = {PARSE_CSS_FILE}
 				{
 					set_config('default_style', $new_id);
 				}
+
+				// Remove the components
+				$components = array('template', 'theme', 'imageset');
+				foreach ($components as $component)
+				{
+					$new_id = request_var('new_' . $component . '_id', 0);
+					$component_id = $style_row[$component . '_id'];
+					$this->remove_component($component, $component_id, $new_id, $style_id);
+				}
 			}
 			else
 			{
-				if ($mode == 'imageset')
-				{
-					$sql = 'DELETE FROM ' . STYLES_IMAGESET_DATA_TABLE . "
-						WHERE imageset_id = $style_id";
-					$db->sql_query($sql);
-				}
-				$sql = 'UPDATE ' . STYLES_TABLE . "
-					SET {$mode}_id = $new_id
-					WHERE {$mode}_id = $style_id";
-				$db->sql_query($sql);
+				$this->remove_component($mode, $style_id, $new_id);
 			}
 
 			$cache->destroy('sql', STYLES_TABLE);
@@ -1704,7 +1689,6 @@ parse_css_file = {PARSE_CSS_FILE}
 
 		$template->assign_vars(array(
 			'S_DELETE'			=> true,
-			'S_REPLACE_OPTIONS'	=> $s_options,
 
 			'L_TITLE'			=> $user->lang[$this->page_title],
 			'L_EXPLAIN'			=> $user->lang[$this->page_title . '_EXPLAIN'],
@@ -1718,6 +1702,211 @@ parse_css_file = {PARSE_CSS_FILE}
 			'NAME'			=> $style_row[$mode . '_name'],
 			)
 		);
+
+		if ($mode == 'style')
+		{
+			$template->assign_vars(array(
+				'S_DELETE_STYLE'		=> true,
+			));
+		}
+	}
+
+	/**
+	* Remove template/theme/imageset entry from the database
+	*/
+	function remove_component($component, $component_id, $new_id, $style_id = false)
+	{
+		global $db;
+
+		if (($new_id == 0) || ($component === 'template' && ($conflicts = $this->check_inheritance($component, $component_id))))
+		{
+			// We can not delete the template, as the user wants to keep the component or an other template is inheriting from this one.
+			return;
+		}
+
+		$component_in_use = array();
+		if ($component != 'style')
+		{
+			$component_in_use = $this->component_in_use($component, $component_id, $style_id);
+		}
+
+		if (($new_id == -1) && !empty($component_in_use))
+		{
+			// We can not delete the component, as it is still in use
+			return;
+		}
+
+		if ($component == 'imageset')
+		{
+			$sql = 'DELETE FROM ' . STYLES_IMAGESET_DATA_TABLE . "
+				WHERE imageset_id = $component_id";
+			$db->sql_query($sql);
+		}
+
+		switch ($component)
+		{
+			case 'template':
+				$sql_from = STYLES_TEMPLATE_TABLE;
+			break;
+
+			case 'theme':
+				$sql_from = STYLES_THEME_TABLE;
+			break;
+
+			case 'imageset':
+				$sql_from = STYLES_IMAGESET_TABLE;;
+			break;
+		}
+
+		$sql = "DELETE FROM $sql_from
+			WHERE {$component}_id = $component_id";
+		$db->sql_query($sql);
+
+		$sql = 'UPDATE ' . STYLES_TABLE . "
+			SET {$component}_id = $new_id
+			WHERE {$component}_id = $component_id";
+		$db->sql_query($sql);
+	}
+
+	/**
+	* Display the options which can be used to replace a style/template/theme/imageset
+	*
+	* @return boolean Returns true if the component is the only component and can not be deleted.
+	*/
+	function display_component_options($component, $component_id, $style_row = false, $style_id = false)
+	{
+		global $db, $template, $user;
+
+		$is_only_component = true;
+		$component_in_use = array();
+		if ($component != 'style')
+		{
+			$component_in_use = $this->component_in_use($component, $component_id, $style_id);
+		}
+
+		$sql_where = '';
+		switch ($component)
+		{
+			case 'style':
+				$sql_from = STYLES_TABLE;
+				$sql_where = 'WHERE style_active = 1';
+			break;
+
+			case 'template':
+				$sql_from = STYLES_TEMPLATE_TABLE;
+				$sql_where = 'WHERE template_inherits_id <> ' . $component_id;
+			break;
+
+			case 'theme':
+				$sql_from = STYLES_THEME_TABLE;
+			break;
+
+			case 'imageset':
+				$sql_from = STYLES_IMAGESET_TABLE;
+			break;
+		}
+
+		$s_options = '';
+		if (($component != 'style') && empty($component_in_use))
+		{
+			// If it is not in use, there must be another component
+			$is_only_component = false;
+
+			$sql = "SELECT {$component}_id, {$component}_name
+				FROM $sql_from
+				WHERE {$component}_id = {$component_id}";
+			$result = $db->sql_query($sql);
+			$row = $db->sql_fetchrow($result);
+			$db->sql_freeresult($result);
+
+			$s_options .= '<option value="-1" selected="selected">' . $user->lang['DELETE_' . strtoupper($component)] . '</option>';
+			$s_options .= '<option value="0">' . sprintf($user->lang['KEEP_' . strtoupper($component)], $row[$component . '_name']) . '</option>';
+		}
+		else
+		{
+			$sql = "SELECT {$component}_id, {$component}_name
+				FROM $sql_from
+				$sql_where
+				ORDER BY {$component}_name ASC";
+			$result = $db->sql_query($sql);
+
+			$s_keep_option = $s_options = '';
+			while ($row = $db->sql_fetchrow($result))
+			{
+				if ($row[$component . '_id'] != $component_id)
+				{
+					$is_only_component = false;
+					$s_options .= '<option value="' . $row[$component . '_id'] . '">' . sprintf($user->lang['REPLACE_WITH_OPTION'], $row[$component . '_name']) . '</option>';
+				}
+				else if ($component != 'style')
+				{
+					$s_keep_option = '<option value="0" selected="selected">' . sprintf($user->lang['KEEP_' . strtoupper($component)], $row[$component . '_name']) . '</option>';
+				}
+			}
+			$db->sql_freeresult($result);
+			$s_options = $s_keep_option . $s_options;
+		}
+
+		if (!$style_row)
+		{
+			$template->assign_var('S_REPLACE_' . strtoupper($component) . '_OPTIONS', $s_options);
+		}
+		else
+		{
+			$template->assign_var('S_REPLACE_OPTIONS', $s_options);
+			if ($component == 'style')
+			{
+				$components = array('template', 'theme', 'imageset');
+				foreach ($components as $component)
+				{
+					$this->display_component_options($component, $style_row[$component . '_id'], false, $component_id, true);
+				}
+			}
+		}
+
+		return $is_only_component;
+	}
+
+	/**
+	* Check whether the component is still used by another style or component
+	*/
+	function component_in_use($component, $component_id, $style_id = false)
+	{
+		global $db;
+
+		$component_in_use = array();
+
+		if ($style_id)
+		{
+			$sql = 'SELECT style_id, style_name
+				FROM ' . STYLES_TABLE . "
+				WHERE {$component}_id = {$component_id}
+					AND style_id <> {$style_id}
+				ORDER BY style_name ASC";
+		}
+		else
+		{
+			$sql = 'SELECT style_id, style_name
+				FROM ' . STYLES_TABLE . "
+				WHERE {$component}_id = {$component_id}
+				ORDER BY style_name ASC";
+		}
+		$result = $db->sql_query($sql);
+		while ($row = $db->sql_fetchrow($result))
+		{
+			$component_in_use[] = $row['style_name'];
+		}
+		$db->sql_freeresult($result);
+
+		if ($component === 'template' && ($conflicts = $this->check_inheritance($component, $component_id)))
+		{
+			foreach ($conflicts as $temp_id => $conflict_data)
+			{
+				$component_in_use[] = $conflict_data['template_name'];
+			}
+		}
+
+		return $component_in_use;
 	}
 
 	/**

phpBB/includes/acp/acp_update.php

@@ -37,7 +37,7 @@ class acp_update
 		$errstr = '';
 		$errno = 0;
 
-		$info = obtain_latest_version_info(request_var('versioncheck_force', false), true);
+		$info = obtain_latest_version_info(request_var('versioncheck_force', false));
 
 		if ($info === false)
 		{
@@ -69,12 +69,9 @@ class acp_update
 
 		$current_version = (!empty($version_update_from)) ? $version_update_from : $config['version'];
 
-		$up_to_date_automatic = (version_compare(str_replace('rc', 'RC', strtolower($current_version)), str_replace('rc', 'RC', strtolower($latest_version)), '<')) ? false : true;
-		$up_to_date = (version_compare(str_replace('rc', 'RC', strtolower($config['version'])), str_replace('rc', 'RC', strtolower($latest_version)), '<')) ? false : true;
-
 		$template->assign_vars(array(
-			'S_UP_TO_DATE'		=> $up_to_date,
-			'S_UP_TO_DATE_AUTO'	=> $up_to_date_automatic,
+			'S_UP_TO_DATE'		=> phpbb_version_compare($latest_version, $config['version'], '<='),
+			'S_UP_TO_DATE_AUTO'	=> phpbb_version_compare($latest_version, $current_version, '<='),
 			'S_VERSION_CHECK'	=> true,
 			'U_ACTION'			=> $this->u_action,
 			'U_VERSIONCHECK_FORCE' => append_sid($this->u_action . '&amp;versioncheck_force=1'),

phpBB/includes/acp/acp_users.php

@@ -348,10 +348,7 @@ class acp_users
 
 								$messenger->to($user_row['user_email'], $user_row['username']);
 
-								$messenger->headers('X-AntiAbuse: Board servername - ' . $config['server_name']);
-								$messenger->headers('X-AntiAbuse: User_id - ' . $user->data['user_id']);
-								$messenger->headers('X-AntiAbuse: Username - ' . $user->data['username']);
-								$messenger->headers('X-AntiAbuse: User IP - ' . $user->ip);
+								$messenger->anti_abuse_headers($config, $user);
 
 								$messenger->assign_vars(array(
 									'WELCOME_MSG'	=> htmlspecialchars_decode(sprintf($user->lang['WELCOME_SUBJECT'], $config['sitename'])),
@@ -406,10 +403,7 @@ class acp_users
 
 									$messenger->to($user_row['user_email'], $user_row['username']);
 
-									$messenger->headers('X-AntiAbuse: Board servername - ' . $config['server_name']);
-									$messenger->headers('X-AntiAbuse: User_id - ' . $user->data['user_id']);
-									$messenger->headers('X-AntiAbuse: Username - ' . $user->data['username']);
-									$messenger->headers('X-AntiAbuse: User IP - ' . $user->ip);
+									$messenger->anti_abuse_headers($config, $user);
 
 									$messenger->assign_vars(array(
 										'USERNAME'	=> htmlspecialchars_decode($user_row['username']))
@@ -818,7 +812,7 @@ class acp_users
 
 					// Which updates do we need to do?
 					$update_username = ($user_row['username'] != $data['username']) ? $data['username'] : false;
-					$update_password = ($data['new_password'] && !phpbb_check_hash($user_row['user_password'], $data['new_password'])) ? true : false;
+					$update_password = ($data['new_password'] && !phpbb_check_hash($data['new_password'], $user_row['user_password'])) ? true : false;
 					$update_email = ($data['email'] != $user_row['user_email']) ? $data['email'] : false;
 
 					if (!sizeof($error))
@@ -1124,7 +1118,7 @@ class acp_users
 				// Grab log data
 				$log_data = array();
 				$log_count = 0;
-				view_log('user', $log_data, $log_count, $config['topics_per_page'], $start, 0, 0, $user_id, $sql_where, $sql_sort);
+				$start = view_log('user', $log_data, $log_count, $config['topics_per_page'], $start, 0, 0, $user_id, $sql_where, $sql_sort);
 
 				$template->assign_vars(array(
 					'S_FEEDBACK'	=> true,

phpBB/includes/acp/acp_words.php

@@ -95,6 +95,9 @@ class acp_words
 					trigger_error($user->lang['ENTER_WORD'] . adm_back_link($this->u_action), E_USER_WARNING);
 				}
 
+				// Replace multiple consecutive asterisks with single one as those are not needed
+				$word = preg_replace('#\*{2,}#', '*', $word);
+
 				$sql_ary = array(
 					'word'			=> $word,
 					'replacement'	=> $replacement

phpBB/includes/auth.php

@@ -109,6 +109,7 @@ class auth
 	*/
 	function _fill_acl($user_permissions)
 	{
+		$seq_cache = array();
 		$this->acl = array();
 		$user_permissions = explode("\n", $user_permissions);
 
@@ -125,8 +126,17 @@ class auth
 
 				while ($subseq = substr($seq, $i, 6))
 				{
+					if (isset($seq_cache[$subseq]))
+					{
+						$converted = $seq_cache[$subseq];
+					}
+					else
+					{
+						$converted = $seq_cache[$subseq] = str_pad(base_convert($subseq, 36, 2), 31, 0, STR_PAD_LEFT);
+					}
+
 					// We put the original bitstring into the acl array
-					$this->acl[$f] .= str_pad(base_convert($subseq, 36, 2), 31, 0, STR_PAD_LEFT);
+					$this->acl[$f] .= $converted;
 					$i += 6;
 				}
 			}
@@ -339,6 +349,14 @@ class auth
 
 	/**
 	* Get permission listing based on user_id/options/forum_ids
+	*
+	* Be careful when using this function with permissions a_, m_, u_ and f_ !
+	* It may not work correctly. When a user group grants an a_* permission,
+	* e.g. a_foo, but the user's a_foo permission is set to "Never", then
+	* the user does not in fact have the a_ permission.
+	* But the user will still be listed as having the a_ permission.
+	*
+	* For more information see: http://tracker.phpbb.com/browse/PHPBB3-10252
 	*/
 	function acl_get_list($user_id = false, $opts = false, $forum_id = false)
 	{
@@ -898,7 +916,7 @@ class auth
 		$method = 'login_' . $method;
 		if (function_exists($method))
 		{
-			$login = $method($username, $password);
+			$login = $method($username, $password, $user->ip, $user->browser, $user->forwarded_for);
 
 			// If the auth module wants us to create an empty profile do so and then treat the status as LOGIN_SUCCESS
 			if ($login['status'] == LOGIN_SUCCESS_CREATE_PROFILE)

phpBB/includes/auth/auth_db.php

@@ -23,8 +23,21 @@ if (!defined('IN_PHPBB'))
 
 /**
 * Login function
+*
+* @param string $username
+* @param string $password
+* @param string $ip			IP address the login is taking place from. Used to
+*							limit the number of login attempts per IP address.
+* @param string $browser	The user agent used to login
+* @param string $forwarded_for X_FORWARDED_FOR header sent with login request
+* @return array				A associative array of the format
+*							array(
+*								'status' => status constant
+*								'error_msg' => string
+*								'user_row' => array
+*							)
 */
-function login_db(&$username, &$password)
+function login_db($username, $password, $ip = '', $browser = '', $forwarded_for = '')
 {
 	global $db, $config;
 
@@ -47,22 +60,71 @@ function login_db(&$username, &$password)
 		);
 	}
 
+	$username_clean = utf8_clean_string($username);
+
 	$sql = 'SELECT user_id, username, user_password, user_passchg, user_pass_convert, user_email, user_type, user_login_attempts
 		FROM ' . USERS_TABLE . "
-		WHERE username_clean = '" . $db->sql_escape(utf8_clean_string($username)) . "'";
+		WHERE username_clean = '" . $db->sql_escape($username_clean) . "'";
 	$result = $db->sql_query($sql);
 	$row = $db->sql_fetchrow($result);
 	$db->sql_freeresult($result);
 
+	if (($ip && !$config['ip_login_limit_use_forwarded']) ||
+		($forwarded_for && $config['ip_login_limit_use_forwarded']))
+	{
+		$sql = 'SELECT COUNT(*) AS attempts
+			FROM ' . LOGIN_ATTEMPT_TABLE . '
+			WHERE attempt_time > ' . (time() - (int) $config['ip_login_limit_time']);
+		if ($config['ip_login_limit_use_forwarded'])
+		{
+			$sql .= " AND attempt_forwarded_for = '" . $db->sql_escape($forwarded_for) . "'";
+		}
+		else
+		{
+			$sql .= " AND attempt_ip = '" . $db->sql_escape($ip) . "' ";
+		}
+
+		$result = $db->sql_query($sql);
+		$attempts = (int) $db->sql_fetchfield('attempts');
+		$db->sql_freeresult($result);
+
+		$attempt_data = array(
+			'attempt_ip'			=> $ip,
+			'attempt_browser'		=> trim(substr($browser, 0, 149)),
+			'attempt_forwarded_for'	=> $forwarded_for,
+			'attempt_time'			=> time(),
+			'user_id'				=> ($row) ? (int) $row['user_id'] : 0,
+			'username'				=> $username,
+			'username_clean'		=> $username_clean,
+		);
+		$sql = 'INSERT INTO ' . LOGIN_ATTEMPT_TABLE . $db->sql_build_array('INSERT', $attempt_data);
+		$result = $db->sql_query($sql);
+	}
+	else
+	{
+		$attempts = 0;
+	}
+
 	if (!$row)
 	{
+		if ($config['ip_login_limit_max'] && $attempts >= $config['ip_login_limit_max'])
+		{
+			return array(
+				'status'		=> LOGIN_ERROR_ATTEMPTS,
+				'error_msg'		=> 'LOGIN_ERROR_ATTEMPTS',
+				'user_row'		=> array('user_id' => ANONYMOUS),
+			);
+		}
+
 		return array(
 			'status'	=> LOGIN_ERROR_USERNAME,
 			'error_msg'	=> 'LOGIN_ERROR_USERNAME',
 			'user_row'	=> array('user_id' => ANONYMOUS),
 		);
 	}
-	$show_captcha = $config['max_login_attempts'] && $row['user_login_attempts'] >= $config['max_login_attempts'];
+
+	$show_captcha = ($config['max_login_attempts'] && $row['user_login_attempts'] >= $config['max_login_attempts']) ||
+		($config['ip_login_limit_max'] && $attempts >= $config['ip_login_limit_max']);
 
 	// If there are too much login attempts, we need to check for an confirm image
 	// Every auth module is able to define what to do by itself...
@@ -90,7 +152,7 @@ function login_db(&$username, &$password)
 		{
 			$captcha->reset();
 		}
-		
+
 	}
 
 	// If the password convert flag is set we need to convert it
@@ -165,6 +227,10 @@ function login_db(&$username, &$password)
 			$row['user_password'] = $hash;
 		}
 
+		$sql = 'DELETE FROM ' . LOGIN_ATTEMPT_TABLE . '
+			WHERE user_id = ' . $row['user_id'];
+		$db->sql_query($sql);
+
 		if ($row['user_login_attempts'] != 0)
 		{
 			// Successful, reset login attempts (the user passed all stages)
@@ -207,4 +273,4 @@ function login_db(&$username, &$password)
 	);
 }
 
-?>
+?>

phpBB/includes/auth/auth_ldap.php

@@ -335,7 +335,7 @@ function acp_ldap(&$new)
 	</dl>
 	<dl>
 		<dt><label for="ldap_password">' . $user->lang['LDAP_PASSWORD'] . ':</label><br /><span>' . $user->lang['LDAP_PASSWORD_EXPLAIN'] . '</span></dt>
-		<dd><input type="password" id="ldap_password" size="40" name="config[ldap_password]" value="' . $new['ldap_password'] . '" /></dd>
+		<dd><input type="password" id="ldap_password" size="40" name="config[ldap_password]" value="' . $new['ldap_password'] . '" autocomplete="off" /></dd>
 	</dl>
 	';
 

phpBB/includes/bbcode.php

@@ -584,6 +584,13 @@ class bbcode
 				$code = str_replace("\t", '   ', $code);
 				$code = str_replace('  ', '  ', $code);
 				$code = str_replace('  ', '  ', $code);
+				$code = str_replace("\n ", "\n ", $code);
+
+				// keep space at the beginning
+				if (!empty($code) && $code[0] == ' ')
+				{
+					$code = ' ' . substr($code, 1);
+				}
 
 				// remove newline at the beginning
 				if (!empty($code) && $code[0] == "\n")

phpBB/includes/cache.php

@@ -82,26 +82,9 @@ class cache extends acm
 			$result = $db->sql_query($sql);
 
 			$censors = array();
-			$unicode = ((version_compare(PHP_VERSION, '5.1.0', '>=') || (version_compare(PHP_VERSION, '5.0.0-dev', '<=') && version_compare(PHP_VERSION, '4.4.0', '>='))) && @preg_match('/\p{L}/u', 'a') !== false) ? true : false;
-
 			while ($row = $db->sql_fetchrow($result))
 			{
-				if ($unicode)
-				{
-					// Unescape the asterisk to simplify further conversions
-					$row['word'] = str_replace('\*', '*', preg_quote($row['word'], '#'));
-					
-					// Replace the asterisk inside the pattern, at the start and at the end of it with regexes
-					$row['word'] = preg_replace(array('#(?<=[\p{Nd}\p{L}_])\*(?=[\p{Nd}\p{L}_])#iu', '#^\*#', '#\*$#'), array('([\x20]*?|[\p{Nd}\p{L}_-]*?)', '[\p{Nd}\p{L}_-]*?', '[\p{Nd}\p{L}_-]*?'), $row['word']);
-
-					// Generate the final substitution
-					$censors['match'][] = '#(?<![\p{Nd}\p{L}_-])(' . $row['word'] . ')(?![\p{Nd}\p{L}_-])#iu';
-				}
-				else
-				{
-					$censors['match'][] = '#(?<!\S)(' . str_replace('\*', '\S*?', preg_quote($row['word'], '#')) . ')(?!\S)#iu';
-				}
-
+				$censors['match'][] = get_censor_preg_expression($row['word']);
 				$censors['replace'][] = $row['replacement'];
 			}
 			$db->sql_freeresult($result);

phpBB/includes/captcha/captcha_gd.php

@@ -77,7 +77,7 @@ class captcha
 		{
 			$denom = ($code_len - $i);
 			$denom = max(1.3, $denom);
-			$offset[$i] = mt_rand(0, (1.5 * $width_avail) / $denom);
+			$offset[$i] = phpbb_mt_rand(0, (int) round((1.5 * $width_avail) / $denom));
 			$width_avail -= $offset[$i];
 		}
 
@@ -112,7 +112,7 @@ class captcha
 			$noise_bitmaps = $this->captcha_noise_bg_bitmaps();
 			for ($i = 0; $i < $code_len; ++$i)
 			{
-				$noise[$i] = new char_cube3d($noise_bitmaps, mt_rand(1, count($noise_bitmaps['data'])));
+				$noise[$i] = new char_cube3d($noise_bitmaps, mt_rand(1, sizeof($noise_bitmaps['data'])));
 
 				list($min, $max) = $noise[$i]->range();
 				//$box = $noise[$i]->dimensions($sizes[$i]);
@@ -1669,32 +1669,32 @@ class captcha
 			'height'	=> 15,
 			'data'		=> array(
 
-			'A' =>	$chars['A'][mt_rand(0, min(count($chars['A']), $config['captcha_gd_fonts']) -1)],
-			'B' =>	$chars['B'][mt_rand(0, min(count($chars['B']), $config['captcha_gd_fonts']) -1)],
-			'C' =>	$chars['C'][mt_rand(0, min(count($chars['C']), $config['captcha_gd_fonts']) -1)],
-			'D' =>	$chars['D'][mt_rand(0, min(count($chars['D']), $config['captcha_gd_fonts']) -1)],
-			'E' =>	$chars['E'][mt_rand(0, min(count($chars['E']), $config['captcha_gd_fonts']) -1)],
-			'F' =>	$chars['F'][mt_rand(0, min(count($chars['F']), $config['captcha_gd_fonts']) -1)],
-			'G' =>	$chars['G'][mt_rand(0, min(count($chars['G']), $config['captcha_gd_fonts']) -1)],
-			'H' =>	$chars['H'][mt_rand(0, min(count($chars['H']), $config['captcha_gd_fonts']) -1)],
-			'I' =>	$chars['I'][mt_rand(0, min(count($chars['I']), $config['captcha_gd_fonts']) -1)],
-			'J' =>	$chars['J'][mt_rand(0, min(count($chars['J']), $config['captcha_gd_fonts']) -1)],
-			'K' =>	$chars['K'][mt_rand(0, min(count($chars['K']), $config['captcha_gd_fonts']) -1)],
-			'L' =>	$chars['L'][mt_rand(0, min(count($chars['L']), $config['captcha_gd_fonts']) -1)],
-			'M' =>	$chars['M'][mt_rand(0, min(count($chars['M']), $config['captcha_gd_fonts']) -1)],  
-			'N' =>	$chars['N'][mt_rand(0, min(count($chars['N']), $config['captcha_gd_fonts']) -1)],
-			'O' =>	$chars['O'][mt_rand(0, min(count($chars['O']), $config['captcha_gd_fonts']) -1)],
-			'P' =>	$chars['P'][mt_rand(0, min(count($chars['P']), $config['captcha_gd_fonts']) -1)],
-			'Q' =>	$chars['Q'][mt_rand(0, min(count($chars['Q']), $config['captcha_gd_fonts']) -1)],
-			'R' =>	$chars['R'][mt_rand(0, min(count($chars['R']), $config['captcha_gd_fonts']) -1)],
-			'S' =>	$chars['S'][mt_rand(0, min(count($chars['S']), $config['captcha_gd_fonts']) -1)],
-			'T' =>	$chars['T'][mt_rand(0, min(count($chars['T']), $config['captcha_gd_fonts']) -1)],
-			'U' =>	$chars['U'][mt_rand(0, min(count($chars['U']), $config['captcha_gd_fonts']) -1)],
-			'V' =>	$chars['V'][mt_rand(0, min(count($chars['V']), $config['captcha_gd_fonts']) -1)],
-			'W' =>	$chars['W'][mt_rand(0, min(count($chars['W']), $config['captcha_gd_fonts']) -1)],
-			'X' =>	$chars['X'][mt_rand(0, min(count($chars['X']), $config['captcha_gd_fonts']) -1)],
-			'Y' =>	$chars['Y'][mt_rand(0, min(count($chars['Y']), $config['captcha_gd_fonts']) -1)],
-			'Z' =>	$chars['Z'][mt_rand(0, min(count($chars['Z']), $config['captcha_gd_fonts']) -1)],
+			'A' =>	$chars['A'][mt_rand(0, min(sizeof($chars['A']), $config['captcha_gd_fonts']) -1)],
+			'B' =>	$chars['B'][mt_rand(0, min(sizeof($chars['B']), $config['captcha_gd_fonts']) -1)],
+			'C' =>	$chars['C'][mt_rand(0, min(sizeof($chars['C']), $config['captcha_gd_fonts']) -1)],
+			'D' =>	$chars['D'][mt_rand(0, min(sizeof($chars['D']), $config['captcha_gd_fonts']) -1)],
+			'E' =>	$chars['E'][mt_rand(0, min(sizeof($chars['E']), $config['captcha_gd_fonts']) -1)],
+			'F' =>	$chars['F'][mt_rand(0, min(sizeof($chars['F']), $config['captcha_gd_fonts']) -1)],
+			'G' =>	$chars['G'][mt_rand(0, min(sizeof($chars['G']), $config['captcha_gd_fonts']) -1)],
+			'H' =>	$chars['H'][mt_rand(0, min(sizeof($chars['H']), $config['captcha_gd_fonts']) -1)],
+			'I' =>	$chars['I'][mt_rand(0, min(sizeof($chars['I']), $config['captcha_gd_fonts']) -1)],
+			'J' =>	$chars['J'][mt_rand(0, min(sizeof($chars['J']), $config['captcha_gd_fonts']) -1)],
+			'K' =>	$chars['K'][mt_rand(0, min(sizeof($chars['K']), $config['captcha_gd_fonts']) -1)],
+			'L' =>	$chars['L'][mt_rand(0, min(sizeof($chars['L']), $config['captcha_gd_fonts']) -1)],
+			'M' =>	$chars['M'][mt_rand(0, min(sizeof($chars['M']), $config['captcha_gd_fonts']) -1)],  
+			'N' =>	$chars['N'][mt_rand(0, min(sizeof($chars['N']), $config['captcha_gd_fonts']) -1)],
+			'O' =>	$chars['O'][mt_rand(0, min(sizeof($chars['O']), $config['captcha_gd_fonts']) -1)],
+			'P' =>	$chars['P'][mt_rand(0, min(sizeof($chars['P']), $config['captcha_gd_fonts']) -1)],
+			'Q' =>	$chars['Q'][mt_rand(0, min(sizeof($chars['Q']), $config['captcha_gd_fonts']) -1)],
+			'R' =>	$chars['R'][mt_rand(0, min(sizeof($chars['R']), $config['captcha_gd_fonts']) -1)],
+			'S' =>	$chars['S'][mt_rand(0, min(sizeof($chars['S']), $config['captcha_gd_fonts']) -1)],
+			'T' =>	$chars['T'][mt_rand(0, min(sizeof($chars['T']), $config['captcha_gd_fonts']) -1)],
+			'U' =>	$chars['U'][mt_rand(0, min(sizeof($chars['U']), $config['captcha_gd_fonts']) -1)],
+			'V' =>	$chars['V'][mt_rand(0, min(sizeof($chars['V']), $config['captcha_gd_fonts']) -1)],
+			'W' =>	$chars['W'][mt_rand(0, min(sizeof($chars['W']), $config['captcha_gd_fonts']) -1)],
+			'X' =>	$chars['X'][mt_rand(0, min(sizeof($chars['X']), $config['captcha_gd_fonts']) -1)],
+			'Y' =>	$chars['Y'][mt_rand(0, min(sizeof($chars['Y']), $config['captcha_gd_fonts']) -1)],
+			'Z' =>	$chars['Z'][mt_rand(0, min(sizeof($chars['Z']), $config['captcha_gd_fonts']) -1)],
 
 			'1' => array(
 				array(0,0,0,1,1,0,0,0,0),

phpBB/includes/captcha/captcha_gd_wave.php

@@ -62,8 +62,8 @@ class captcha
 				'y' => mt_rand(10, 17)
 			),
 			'lower_left'	=> array(
-				'x' => mt_rand($img_x - 5, $img_x - 45),
-				'y' => mt_rand($img_y - 0, $img_y - 15)
+				'x' => mt_rand($img_x - 45, $img_x - 5),
+				'y' => mt_rand($img_y - 15, $img_y - 0),
 			),
 		);
 

phpBB/includes/captcha/plugins/phpbb_captcha_qa_plugin.php

@@ -319,7 +319,7 @@ class phpbb_captcha_qa
 					),
 					'PRIMARY_KEY'		=> 'question_id',
 					'KEYS'				=> array(
-						'lang_iso'			=> array('INDEX', 'lang_iso'),
+						'lang'			=> array('INDEX', 'lang_iso'),
 					),
 				),
 				CAPTCHA_ANSWERS_TABLE		=> array (
@@ -328,7 +328,7 @@ class phpbb_captcha_qa
 						'answer_text'	=> array('STEXT_UNI', ''),
 					),
 					'KEYS'				=> array(
-						'question_id'			=> array('INDEX', 'question_id'),
+						'qid'			=> array('INDEX', 'question_id'),
 					),
 				),
 				CAPTCHA_QA_CONFIRM_TABLE		=> array (

phpBB/includes/captcha/plugins/phpbb_recaptcha_plugin.php

@@ -27,9 +27,14 @@ if (!class_exists('phpbb_default_captcha'))
 */
 class phpbb_recaptcha extends phpbb_default_captcha
 {
-	var $recaptcha_server = 'http://api.recaptcha.net';
-	var $recaptcha_server_secure = 'https://api-secure.recaptcha.net'; // class constants :(
-	var $recaptcha_verify_server = 'api-verify.recaptcha.net';
+	var $recaptcha_server = 'http://www.google.com/recaptcha/api';
+	var $recaptcha_server_secure = 'https://www.google.com/recaptcha/api'; // class constants :(
+
+	// We are opening a socket to port 80 of this host and send
+	// the POST request asking for verification to the path specified here.
+	var $recaptcha_verify_server = 'www.google.com';
+	var $recaptcha_verify_path = '/recaptcha/api/verify';
+
 	var $challenge;
 	var $response;
 
@@ -296,7 +301,7 @@ class phpbb_recaptcha extends phpbb_default_captcha
 			return $user->lang['RECAPTCHA_INCORRECT'];
 		}
 
-		$response = $this->_recaptcha_http_post($this->recaptcha_verify_server, '/verify',
+		$response = $this->_recaptcha_http_post($this->recaptcha_verify_server, $this->recaptcha_verify_path,
 			array(
 				'privatekey'	=> $config['recaptcha_privkey'],
 				'remoteip'		=> $user->ip,

phpBB/includes/constants.php

@@ -25,7 +25,7 @@ if (!defined('IN_PHPBB'))
 */
 
 // phpBB Version
-define('PHPBB_VERSION', '3.0.8');
+define('PHPBB_VERSION', '3.0.10');
 
 // QA-related
 // define('PHPBB_QA', 1);
@@ -173,6 +173,9 @@ define('BBCODE_UID_LEN', 8);
 // Number of core BBCodes
 define('NUM_CORE_BBCODES', 12);
 
+// BBCode hard limit
+define('BBCODE_LIMIT', 1511);
+
 // Smiley hard limit
 define('SMILEY_LIMIT', 1000);
 
@@ -233,6 +236,7 @@ define('GROUPS_TABLE',				$table_prefix . 'groups');
 define('ICONS_TABLE',				$table_prefix . 'icons');
 define('LANG_TABLE',				$table_prefix . 'lang');
 define('LOG_TABLE',					$table_prefix . 'log');
+define('LOGIN_ATTEMPT_TABLE',		$table_prefix . 'login_attempts');
 define('MODERATOR_CACHE_TABLE',		$table_prefix . 'moderator_cache');
 define('MODULES_TABLE',				$table_prefix . 'modules');
 define('POLL_OPTIONS_TABLE',		$table_prefix . 'poll_options');
@@ -275,4 +279,4 @@ define('ZEBRA_TABLE',				$table_prefix . 'zebra');
 // Additional tables
 
 
-?>
+?>

phpBB/includes/db/db_tools.php

@@ -347,6 +347,66 @@ class phpbb_db_tools
 		}
 	}
 
+	/**
+	* Gets a list of tables in the database.
+	*
+	* @return array		Array of table names  (all lower case)
+	*/
+	function sql_list_tables()
+	{
+		switch ($this->db->sql_layer)
+		{
+			case 'mysql':
+			case 'mysql4':
+			case 'mysqli':
+				$sql = 'SHOW TABLES';
+			break;
+
+			case 'sqlite':
+				$sql = 'SELECT name
+					FROM sqlite_master
+					WHERE type = "table"';
+			break;
+
+			case 'mssql':
+			case 'mssql_odbc':
+			case 'mssqlnative':
+				$sql = "SELECT name
+					FROM sysobjects
+					WHERE type='U'";
+			break;
+
+			case 'postgres':
+				$sql = 'SELECT relname
+					FROM pg_stat_user_tables';
+			break;
+
+			case 'firebird':
+				$sql = 'SELECT rdb$relation_name
+					FROM rdb$relations
+					WHERE rdb$view_source is null
+						AND rdb$system_flag = 0';
+			break;
+
+			case 'oracle':
+				$sql = 'SELECT table_name
+					FROM USER_TABLES';
+			break;
+		}
+
+		$result = $this->db->sql_query($sql);
+
+		$tables = array();
+		while ($row = $this->db->sql_fetchrow($result))
+		{
+			$name = current($row);
+			$tables[$name] = $name;
+		}
+		$this->db->sql_freeresult($result);
+
+		return $tables;
+	}
+
 	/**
 	* Check if table exists
 	*
@@ -417,6 +477,11 @@ class phpbb_db_tools
 			// here lies an array, filled with information compiled on the column's data
 			$prepared_column = $this->sql_prepare_column_data($table_name, $column_name, $column_data);
 
+			if (isset($prepared_column['auto_increment']) && strlen($column_name) > 26) // "${column_name}_gen"
+			{
+				trigger_error("Index name '${column_name}_gen' on table '$table_name' is too long. The maximum auto increment column length is 26 characters.", E_USER_ERROR);
+			}
+
 			// here we add the definition of the new column to the list of columns
 			switch ($this->sql_layer)
 			{
@@ -538,7 +603,7 @@ class phpbb_db_tools
 			break;
 
 			case 'oracle':
-				$table_sql .= "\n);";
+				$table_sql .= "\n)";
 				$statements[] = $table_sql;
 
 				// do we need to add a sequence and a tigger for auto incrementing columns?
@@ -556,7 +621,7 @@ class phpbb_db_tools
 					$trigger .= "BEGIN\n";
 					$trigger .= "\tSELECT {$table_name}_seq.nextval\n";
 					$trigger .= "\tINTO :new.{$create_sequence}\n";
-					$trigger .= "\tFROM dual\n";
+					$trigger .= "\tFROM dual;\n";
 					$trigger .= "END;";
 
 					$statements[] = $trigger;
@@ -566,7 +631,13 @@ class phpbb_db_tools
 			case 'firebird':
 				if ($create_sequence)
 				{
-					$statements[] = "CREATE SEQUENCE {$table_name}_seq;";
+					$statements[] = "CREATE GENERATOR {$table_name}_gen;";
+					$statements[] = "SET GENERATOR {$table_name}_gen TO 0;";
+
+					$trigger = "CREATE TRIGGER t_$table_name FOR $table_name\n";
+					$trigger .= "BEFORE INSERT\nAS\nBEGIN\n";
+					$trigger .= "\tNEW.{$create_sequence} = GEN_ID({$table_name}_gen, 1);\nEND;";
+					$statements[] = $trigger;
 				}
 			break;
 		}
@@ -638,6 +709,36 @@ class phpbb_db_tools
 			$sqlite = true;
 		}
 
+		// Drop tables?
+		if (!empty($schema_changes['drop_tables']))
+		{
+			foreach ($schema_changes['drop_tables'] as $table)
+			{
+				// only drop table if it exists
+				if ($this->sql_table_exists($table))
+				{
+					$result = $this->sql_table_drop($table);
+					if ($this->return_statements)
+					{
+						$statements = array_merge($statements, $result);
+					}
+				}
+			}
+		}
+
+		// Add tables?
+		if (!empty($schema_changes['add_tables']))
+		{
+			foreach ($schema_changes['add_tables'] as $table => $table_data)
+			{
+				$result = $this->sql_create_table($table, $table_data);
+				if ($this->return_statements)
+				{
+					$statements = array_merge($statements, $result);
+				}
+			}
+		}
+
 		// Change columns?
 		if (!empty($schema_changes['change_columns']))
 		{
@@ -681,10 +782,12 @@ class phpbb_db_tools
 			{
 				foreach ($columns as $column_name => $column_data)
 				{
-					// Only add the column if it does not exist yet, else change it (to be consistent)
+					// Only add the column if it does not exist yet
 					if ($column_exists = $this->sql_column_exists($table, $column_name))
 					{
-						$result = $this->sql_column_change($table, $column_name, $column_data, true);
+						continue;
+						// This is commented out here because it can take tremendous time on updates
+//						$result = $this->sql_column_change($table, $column_name, $column_data, true);
 					}
 					else
 					{
@@ -695,7 +798,8 @@ class phpbb_db_tools
 					{
 						if ($column_exists)
 						{
-							$sqlite_data[$table]['change_columns'][] = $result;
+							continue;
+//							$sqlite_data[$table]['change_columns'][] = $result;
 						}
 						else
 						{
@@ -717,6 +821,11 @@ class phpbb_db_tools
 			{
 				foreach ($indexes as $index_name)
 				{
+					if (!$this->sql_index_exists($table, $index_name))
+					{
+						continue;
+					}
+
 					$result = $this->sql_index_drop($table, $index_name);
 
 					if ($this->return_statements)
@@ -777,6 +886,11 @@ class phpbb_db_tools
 			{
 				foreach ($index_array as $index_name => $column)
 				{
+					if ($this->sql_unique_index_exists($table, $index_name))
+					{
+						continue;
+					}
+
 					$result = $this->sql_create_unique_index($table, $index_name, $column);
 
 					if ($this->return_statements)
@@ -794,6 +908,11 @@ class phpbb_db_tools
 			{
 				foreach ($index_array as $index_name => $column)
 				{
+					if ($this->sql_index_exists($table, $index_name))
+					{
+						continue;
+					}
+
 					$result = $this->sql_create_index($table, $index_name, $column);
 
 					if ($this->return_statements)
@@ -952,34 +1071,21 @@ class phpbb_db_tools
 	}
 
 	/**
-	* Check if a specified column exist
+	* Gets a list of columns of a table.
 	*
-	* @param string	$table			Table to check the column at
-	* @param string	$column_name	The column to check
+	* @param string $table		Table name
 	*
-	* @return bool True if column exists, else false
+	* @return array				Array of column names (all lower case)
 	*/
-	function sql_column_exists($table, $column_name)
+	function sql_list_columns($table)
 	{
+		$columns = array();
+
 		switch ($this->sql_layer)
 		{
 			case 'mysql_40':
 			case 'mysql_41':
-
 				$sql = "SHOW COLUMNS FROM $table";
-				$result = $this->db->sql_query($sql);
-
-				while ($row = $this->db->sql_fetchrow($result))
-				{
-					// lower case just in case
-					if (strtolower($row['Field']) == $column_name)
-					{
-						$this->db->sql_freeresult($result);
-						return true;
-					}
-				}
-				$this->db->sql_freeresult($result);
-				return false;
 			break;
 
 			// PostgreSQL has a way of doing this in a much simpler way but would
@@ -990,19 +1096,6 @@ class phpbb_db_tools
 					WHERE c.relname = '{$table}'
 						AND a.attnum > 0
 						AND a.attrelid = c.oid";
-				$result = $this->db->sql_query($sql);
-				while ($row = $this->db->sql_fetchrow($result))
-				{
-					// lower case just in case
-					if (strtolower($row['attname']) == $column_name)
-					{
-						$this->db->sql_freeresult($result);
-						return true;
-					}
-				}
-				$this->db->sql_freeresult($result);
-
-				return false;
 			break;
 
 			// same deal with PostgreSQL, we must perform more complex operations than
@@ -1013,62 +1106,26 @@ class phpbb_db_tools
 					FROM syscolumns c
 					LEFT JOIN sysobjects o ON c.id = o.id
 					WHERE o.name = '{$table}'";
-				$result = $this->db->sql_query($sql);
-				while ($row = $this->db->sql_fetchrow($result))
-				{
-					// lower case just in case
-					if (strtolower($row['name']) == $column_name)
-					{
-						$this->db->sql_freeresult($result);
-						return true;
-					}
-				}
-				$this->db->sql_freeresult($result);
-				return false;
 			break;
 
 			case 'oracle':
 				$sql = "SELECT column_name
 					FROM user_tab_columns
 					WHERE LOWER(table_name) = '" . strtolower($table) . "'";
-				$result = $this->db->sql_query($sql);
-				while ($row = $this->db->sql_fetchrow($result))
-				{
-					// lower case just in case
-					if (strtolower($row['column_name']) == $column_name)
-					{
-						$this->db->sql_freeresult($result);
-						return true;
-					}
-				}
-				$this->db->sql_freeresult($result);
-				return false;
 			break;
 
 			case 'firebird':
 				$sql = "SELECT RDB\$FIELD_NAME as FNAME
 					FROM RDB\$RELATION_FIELDS
 					WHERE RDB\$RELATION_NAME = '" . strtoupper($table) . "'";
-				$result = $this->db->sql_query($sql);
-				while ($row = $this->db->sql_fetchrow($result))
-				{
-					// lower case just in case
-					if (strtolower($row['fname']) == $column_name)
-					{
-						$this->db->sql_freeresult($result);
-						return true;
-					}
-				}
-				$this->db->sql_freeresult($result);
-				return false;
 			break;
 
-			// ugh, SQLite
 			case 'sqlite':
 				$sql = "SELECT sql
 					FROM sqlite_master
 					WHERE type = 'table'
 						AND name = '{$table}'";
+
 				$result = $this->db->sql_query($sql);
 
 				if (!$result)
@@ -1092,14 +1149,269 @@ class phpbb_db_tools
 						continue;
 					}
 
-					if (strtolower($entities[0]) == $column_name)
+					$column = strtolower($entities[0]);
+					$columns[$column] = $column;
+				}
+
+				return $columns;
+			break;
+		}
+
+		$result = $this->db->sql_query($sql);
+
+		while ($row = $this->db->sql_fetchrow($result))
+		{
+			$column = strtolower(current($row));
+			$columns[$column] = $column;
+		}
+		$this->db->sql_freeresult($result);
+
+		return $columns;
+	}
+
+	/**
+	* Check whether a specified column exist in a table
+	*
+	* @param string	$table			Table to check
+	* @param string	$column_name	Column to check
+	*
+	* @return bool		True if column exists, false otherwise
+	*/
+	function sql_column_exists($table, $column_name)
+	{
+		$columns = $this->sql_list_columns($table);
+
+		return isset($columns[$column_name]);
+	}
+
+	/**
+	* Check if a specified index exists in table. Does not return PRIMARY KEY and UNIQUE indexes.
+	*
+	* @param string	$table_name		Table to check the index at
+	* @param string	$index_name		The index name to check
+	*
+	* @return bool True if index exists, else false
+	*/
+	function sql_index_exists($table_name, $index_name)
+	{
+		if ($this->sql_layer == 'mssql' || $this->sql_layer == 'mssqlnative')
+		{
+			$sql = "EXEC sp_statistics '$table_name'";
+			$result = $this->db->sql_query($sql);
+
+			while ($row = $this->db->sql_fetchrow($result))
+			{
+				if ($row['TYPE'] == 3)
+				{
+					if (strtolower($row['INDEX_NAME']) == strtolower($index_name))
 					{
+						$this->db->sql_freeresult($result);
 						return true;
 					}
 				}
-				return false;
+			}
+			$this->db->sql_freeresult($result);
+
+			return false;
+		}
+
+		switch ($this->sql_layer)
+		{
+			case 'firebird':
+				$sql = "SELECT LOWER(RDB\$INDEX_NAME) as index_name
+					FROM RDB\$INDICES
+					WHERE RDB\$RELATION_NAME = '" . strtoupper($table_name) . "'
+						AND RDB\$UNIQUE_FLAG IS NULL
+						AND RDB\$FOREIGN_KEY IS NULL";
+				$col = 'index_name';
+			break;
+
+			case 'postgres':
+				$sql = "SELECT ic.relname as index_name
+					FROM pg_class bc, pg_class ic, pg_index i
+					WHERE (bc.oid = i.indrelid)
+						AND (ic.oid = i.indexrelid)
+						AND (bc.relname = '" . $table_name . "')
+						AND (i.indisunique != 't')
+						AND (i.indisprimary != 't')";
+				$col = 'index_name';
+			break;
+
+			case 'mysql_40':
+			case 'mysql_41':
+				$sql = 'SHOW KEYS
+					FROM ' . $table_name;
+				$col = 'Key_name';
+			break;
+
+			case 'oracle':
+				$sql = "SELECT index_name
+					FROM user_indexes
+					WHERE table_name = '" . strtoupper($table_name) . "'
+						AND generated = 'N'
+						AND uniqueness = 'NONUNIQUE'";
+				$col = 'index_name';
+			break;
+
+			case 'sqlite':
+				$sql = "PRAGMA index_list('" . $table_name . "');";
+				$col = 'name';
 			break;
 		}
+
+		$result = $this->db->sql_query($sql);
+		while ($row = $this->db->sql_fetchrow($result))
+		{
+			if (($this->sql_layer == 'mysql_40' || $this->sql_layer == 'mysql_41') && !$row['Non_unique'])
+			{
+				continue;
+			}
+
+			// These DBMS prefix index name with the table name
+			switch ($this->sql_layer)
+			{
+				case 'firebird':
+				case 'oracle':
+				case 'postgres':
+				case 'sqlite':
+					$row[$col] = substr($row[$col], strlen($table_name) + 1);
+				break;
+			}
+
+			if (strtolower($row[$col]) == strtolower($index_name))
+			{
+				$this->db->sql_freeresult($result);
+				return true;
+			}
+		}
+		$this->db->sql_freeresult($result);
+
+		return false;
+	}
+
+	/**
+	* Check if a specified index exists in table. Does not return PRIMARY KEY and UNIQUE indexes.
+	*
+	* @param string	$table_name		Table to check the index at
+	* @param string	$index_name		The index name to check
+	*
+	* @return bool True if index exists, else false
+	*/
+	function sql_unique_index_exists($table_name, $index_name)
+	{
+		if ($this->sql_layer == 'mssql' || $this->sql_layer == 'mssqlnative')
+		{
+			$sql = "EXEC sp_statistics '$table_name'";
+			$result = $this->db->sql_query($sql);
+
+			while ($row = $this->db->sql_fetchrow($result))
+			{
+				// Usually NON_UNIQUE is the column we want to check, but we allow for both
+				if ($row['TYPE'] == 3)
+				{
+					if (strtolower($row['INDEX_NAME']) == strtolower($index_name))
+					{
+						$this->db->sql_freeresult($result);
+						return true;
+					}
+				}
+			}
+			$this->db->sql_freeresult($result);
+			return false;
+		}
+
+		switch ($this->sql_layer)
+		{
+			case 'firebird':
+				$sql = "SELECT LOWER(RDB\$INDEX_NAME) as index_name
+					FROM RDB\$INDICES
+					WHERE RDB\$RELATION_NAME = '" . strtoupper($table_name) . "'
+						AND RDB\$UNIQUE_FLAG IS NOT NULL
+						AND RDB\$FOREIGN_KEY IS NULL";
+				$col = 'index_name';
+			break;
+
+			case 'postgres':
+				$sql = "SELECT ic.relname as index_name, i.indisunique
+					FROM pg_class bc, pg_class ic, pg_index i
+					WHERE (bc.oid = i.indrelid)
+						AND (ic.oid = i.indexrelid)
+						AND (bc.relname = '" . $table_name . "')
+						AND (i.indisprimary != 't')";
+				$col = 'index_name';
+			break;
+
+			case 'mysql_40':
+			case 'mysql_41':
+				$sql = 'SHOW KEYS
+					FROM ' . $table_name;
+				$col = 'Key_name';
+			break;
+
+			case 'oracle':
+				$sql = "SELECT index_name, table_owner
+					FROM user_indexes
+					WHERE table_name = '" . strtoupper($table_name) . "'
+						AND generated = 'N'
+						AND uniqueness = 'UNIQUE'";
+				$col = 'index_name';
+			break;
+
+			case 'sqlite':
+				$sql = "PRAGMA index_list('" . $table_name . "');";
+				$col = 'name';
+			break;
+		}
+
+		$result = $this->db->sql_query($sql);
+		while ($row = $this->db->sql_fetchrow($result))
+		{
+			if (($this->sql_layer == 'mysql_40' || $this->sql_layer == 'mysql_41') && ($row['Non_unique'] || $row[$col] == 'PRIMARY'))
+			{
+				continue;
+			}
+
+			if ($this->sql_layer == 'sqlite' && !$row['unique'])
+			{
+				continue;
+			}
+
+			if ($this->sql_layer == 'postgres' && $row['indisunique'] != 't')
+			{
+				continue;
+			}
+
+			// These DBMS prefix index name with the table name
+			switch ($this->sql_layer)
+			{
+				case 'oracle':
+					// Two cases here... prefixed with U_[table_owner] and not prefixed with table_name
+					if (strpos($row[$col], 'U_') === 0)
+					{
+						$row[$col] = substr($row[$col], strlen('U_' . $row['table_owner']) + 1);
+					}
+					else if (strpos($row[$col], strtoupper($table_name)) === 0)
+					{
+						$row[$col] = substr($row[$col], strlen($table_name) + 1);
+					}
+				break;
+
+				case 'firebird':
+				case 'postgres':
+				case 'sqlite':
+					$row[$col] = substr($row[$col], strlen($table_name) + 1);
+				break;
+			}
+
+			if (strtolower($row[$col]) == strtolower($index_name))
+			{
+				$this->db->sql_freeresult($result);
+				return true;
+			}
+		}
+		$this->db->sql_freeresult($result);
+
+		return false;
 	}
 
 	/**
@@ -1139,6 +1451,11 @@ class phpbb_db_tools
 	*/
 	function sql_prepare_column_data($table_name, $column_name, $column_data)
 	{
+		if (strlen($column_name) > 30)
+		{
+			trigger_error("Column name '$column_name' on table '$table_name' is too long. The maximum is 30 characters.", E_USER_ERROR);
+		}
+
 		// Get type
 		if (strpos($column_data[0], ':') !== false)
 		{
@@ -1371,24 +1688,29 @@ class phpbb_db_tools
 		switch ($this->sql_layer)
 		{
 			case 'firebird':
+				// Does not support AFTER statement, only POSITION (and there you need the column position)
 				$statements[] = 'ALTER TABLE ' . $table_name . ' ADD "' . strtoupper($column_name) . '" ' . $column_data['column_type_sql'];
 			break;
 
 			case 'mssql':
 			case 'mssqlnative':
+				// Does not support AFTER, only through temporary table
 				$statements[] = 'ALTER TABLE [' . $table_name . '] ADD [' . $column_name . '] ' . $column_data['column_type_sql_default'];
 			break;
 
 			case 'mysql_40':
 			case 'mysql_41':
-				$statements[] = 'ALTER TABLE `' . $table_name . '` ADD COLUMN `' . $column_name . '` ' . $column_data['column_type_sql'];
+				$after = (!empty($column_data['after'])) ? ' AFTER ' . $column_data['after'] : '';
+				$statements[] = 'ALTER TABLE `' . $table_name . '` ADD COLUMN `' . $column_name . '` ' . $column_data['column_type_sql'] . $after;
 			break;
 
 			case 'oracle':
+				// Does not support AFTER, only through temporary table
 				$statements[] = 'ALTER TABLE ' . $table_name . ' ADD ' . $column_name . ' ' . $column_data['column_type_sql'];
 			break;
 
 			case 'postgres':
+				// Does not support AFTER, only through temporary table
 				if (version_compare($this->db->sql_server_info(true), '8.0', '>='))
 				{
 					$statements[] = 'ALTER TABLE ' . $table_name . ' ADD COLUMN "' . $column_name . '" ' . $column_data['column_type_sql'];
@@ -1506,7 +1828,7 @@ class phpbb_db_tools
 			break;
 
 			case 'oracle':
-				$statements[] = 'ALTER TABLE ' . $table_name . ' DROP ' . $column_name;
+				$statements[] = 'ALTER TABLE ' . $table_name . ' DROP COLUMN ' . $column_name;
 			break;
 
 			case 'postgres':
@@ -1657,6 +1979,7 @@ class phpbb_db_tools
 					$statements[] = "DROP SEQUENCE {$row['referenced_name']}";
 				}
 				$this->db->sql_freeresult($result);
+			break;
 
 			case 'postgres':
 				// PGSQL does not "tightly" bind sequences and tables, we must guess...
@@ -1774,6 +2097,13 @@ class phpbb_db_tools
 	{
 		$statements = array();
 
+		$table_prefix = substr(CONFIG_TABLE, 0, -6); // strlen(config)
+		if (strlen($table_name . $index_name) - strlen($table_prefix) > 24)
+		{
+			$max_length = strlen($table_prefix) + 24;
+			trigger_error("Index name '{$table_name}_$index_name' on table '$table_name' is too long. The maximum is $max_length characters.", E_USER_ERROR);
+		}
+
 		switch ($this->sql_layer)
 		{
 			case 'firebird':
@@ -1785,7 +2115,7 @@ class phpbb_db_tools
 
 			case 'mysql_40':
 			case 'mysql_41':
-				$statements[] = 'CREATE UNIQUE INDEX ' . $index_name . ' ON ' . $table_name . '(' . implode(', ', $column) . ')';
+				$statements[] = 'ALTER TABLE ' . $table_name . ' ADD UNIQUE INDEX (' . implode(', ', $column) . ')';
 			break;
 
 			case 'mssql':
@@ -1804,6 +2134,13 @@ class phpbb_db_tools
 	{
 		$statements = array();
 
+		$table_prefix = substr(CONFIG_TABLE, 0, -6); // strlen(config)
+		if (strlen($table_name . $index_name) - strlen($table_prefix) > 24)
+		{
+			$max_length = strlen($table_prefix) + 24;
+			trigger_error("Index name '{$table_name}_$index_name' on table '$table_name' is too long. The maximum is $max_length characters.", E_USER_ERROR);
+		}
+
 		// remove index length unless MySQL4
 		if ('mysql_40' != $this->sql_layer)
 		{
@@ -1831,7 +2168,7 @@ class phpbb_db_tools
 				}
 			// no break
 			case 'mysql_41':
-				$statements[] = 'CREATE INDEX ' . $index_name . ' ON ' . $table_name . '(' . implode(', ', $column) . ')';
+				$statements[] = 'ALTER TABLE ' . $table_name . ' ADD INDEX ' . $index_name . '(' . implode(', ', $column) . ')';
 			break;
 
 			case 'mssql':
@@ -1957,6 +2294,7 @@ class phpbb_db_tools
 				}
 				else
 				{
+					// TODO: try to change pkey without removing trigger, generator or constraints. ATM this query may fail.
 					$statements[] = 'ALTER TABLE ' . $table_name . ' ALTER COLUMN "' . strtoupper($column_name) . '" TYPE ' . ' ' . $column_data['column_type_sql_type'];
 				}
 			break;

phpBB/includes/db/dbal.php

@@ -241,6 +241,16 @@ class dbal
 		return $this->_sql_like_expression('LIKE \'' . $this->sql_escape($expression) . '\'');
 	}
 
+	/**
+	* Returns whether results of a query need to be buffered to run a transaction while iterating over them.
+	*
+	* @return bool Whether buffering is required.
+	*/
+	function sql_buffer_nested_transactions()
+	{
+		return false;
+	}
+
 	/**
 	* SQL Transaction
 	* @access private
@@ -599,7 +609,7 @@ class dbal
 					}
 				}
 
-				$sql .= $this->_sql_custom_build('FROM', implode(', ', $table_array));
+				$sql .= $this->_sql_custom_build('FROM', implode(' CROSS JOIN ', $table_array));
 
 				if (!empty($array['LEFT_JOIN']))
 				{
@@ -767,7 +777,7 @@ class dbal
 							</div>
 						</div>
 						<div id="page-footer">
-							Powered by phpBB &copy; 2000, 2002, 2005, 2007 <a href="http://www.phpbb.com/">phpBB Group</a>
+							Powered by <a href="http://www.phpbb.com/">phpBB</a>&reg; Forum Software &copy; phpBB Group
 						</div>
 					</div>
 					</body>

phpBB/includes/db/firebird.php

@@ -28,6 +28,7 @@ class dbal_firebird extends dbal
 	var $last_query_text = '';
 	var $service_handle = false;
 	var $affected_rows = 0;
+	var $connect_error = '';
 
 	/**
 	* Connect to server
@@ -53,9 +54,35 @@ class dbal_firebird extends dbal
 			$use_database = $this->server . ':' . $this->dbname;
 		}
 
-		$this->db_connect_id = ($this->persistency) ? @ibase_pconnect($use_database, $this->user, $sqlpassword, false, false, 3) : @ibase_connect($use_database, $this->user, $sqlpassword, false, false, 3);
+		if ($this->persistency)
+		{
+			if (!function_exists('ibase_pconnect'))
+			{
+				$this->connect_error = 'ibase_pconnect function does not exist, is interbase extension installed?';
+				return $this->sql_error('');
+			}
+			$this->db_connect_id = @ibase_pconnect($use_database, $this->user, $sqlpassword, false, false, 3);
+		}
+		else
+		{
+			if (!function_exists('ibase_connect'))
+			{
+				$this->connect_error = 'ibase_connect function does not exist, is interbase extension installed?';
+				return $this->sql_error('');
+			}
+			$this->db_connect_id = @ibase_connect($use_database, $this->user, $sqlpassword, false, false, 3);
+		}
 
-		$this->service_handle = (function_exists('ibase_service_attach') && $this->server) ? @ibase_service_attach($this->server, $this->user, $sqlpassword) : false;
+		// Do not call ibase_service_attach if connection failed,
+		// otherwise error message from ibase_(p)connect call will be clobbered.
+		if ($this->db_connect_id && function_exists('ibase_service_attach') && $this->server)
+		{
+			$this->service_handle = @ibase_service_attach($this->server, $this->user, $sqlpassword);
+		}
+		else
+		{
+			$this->service_handle = false;
+		}
 
 		return ($this->db_connect_id) ? $this->db_connect_id : $this->sql_error('');
 	}
@@ -471,8 +498,24 @@ class dbal_firebird extends dbal
 	*/
 	function _sql_error()
 	{
+		// Need special handling here because ibase_errmsg returns
+		// connection errors, however if the interbase extension
+		// is not installed then ibase_errmsg does not exist and
+		// we cannot call it.
+		if (function_exists('ibase_errmsg'))
+		{
+			$msg = @ibase_errmsg();
+			if (!$msg)
+			{
+				$msg = $this->connect_error;
+			}
+		}
+		else
+		{
+			$msg = $this->connect_error;
+		}
 		return array(
-			'message'	=> @ibase_errmsg(),
+			'message'	=> $msg,
 			'code'		=> (@function_exists('ibase_errcode') ? @ibase_errcode() : '')
 		);
 	}

phpBB/includes/db/mssqlnative.php

@@ -50,7 +50,7 @@ class result_mssqlnative
 			}
 		}
 
-		$this->m_row_count = count($this->m_rows);
+		$this->m_row_count = sizeof($this->m_rows);
 	}
 
 	private function array_to_obj($array, &$obj)
@@ -258,6 +258,14 @@ class dbal_mssqlnative extends dbal
 		return ($this->sql_server_version) ? 'MSSQL<br />' . $this->sql_server_version : 'MSSQL';
 	}
 
+	/**
+	* {@inheritDoc}
+	*/
+	function sql_buffer_nested_transactions()
+	{
+		return true;
+	}
+
 	/**
 	* SQL Transaction
 	* @access private
@@ -388,7 +396,7 @@ class dbal_mssqlnative extends dbal
 	*/
 	function sql_affectedrows()
 	{
-		return ($this->db_connect_id) ? @sqlsrv_rows_affected($this->db_connect_id) : false;
+		return (!empty($this->query_result)) ? @sqlsrv_rows_affected($this->query_result) : false;
 	}
 
 	/**
@@ -628,7 +636,7 @@ class dbal_mssqlnative extends dbal
 			return false;
 		}
 	}
-	
+
 	/**
 	* Allows setting mssqlnative specific query options passed to sqlsrv_query as 4th parameter.
 	*/

phpBB/includes/db/mysqli.php

@@ -33,14 +33,33 @@ class dbal_mysqli extends dbal
 	*/
 	function sql_connect($sqlserver, $sqluser, $sqlpassword, $database, $port = false, $persistency = false , $new_link = false)
 	{
-		$this->persistency = $persistency;
+		// Mysqli extension supports persistent connection since PHP 5.3.0
+		$this->persistency = (version_compare(PHP_VERSION, '5.3.0', '>=')) ? $persistency : false;
 		$this->user = $sqluser;
-		$this->server = $sqlserver;
+
+		// If persistent connection, set dbhost to localhost when empty and prepend it with 'p:' prefix
+		$this->server = ($this->persistency) ? 'p:' . (($sqlserver) ? $sqlserver : 'localhost') : $sqlserver;
+
 		$this->dbname = $database;
 		$port = (!$port) ? NULL : $port;
 
-		// Persistant connections not supported by the mysqli extension?
-		$this->db_connect_id = @mysqli_connect($this->server, $this->user, $sqlpassword, $this->dbname, $port);
+		// If port is set and it is not numeric, most likely mysqli socket is set.
+		// Try to map it to the $socket parameter.
+		$socket = NULL;
+		if ($port)
+		{
+			if (is_numeric($port))
+			{
+				$port = (int) $port;
+			}
+			else
+			{
+				$socket = $port;
+				$port = NULL;
+			}
+		}
+
+		$this->db_connect_id = @mysqli_connect($this->server, $this->user, $sqlpassword, $this->dbname, $port, $socket);
 
 		if ($this->db_connect_id && $this->dbname != '')
 		{
@@ -230,7 +249,13 @@ class dbal_mysqli extends dbal
 			return $cache->sql_fetchrow($query_id);
 		}
 
-		return ($query_id !== false) ? @mysqli_fetch_assoc($query_id) : false;
+		if ($query_id !== false)
+		{
+			$result = @mysqli_fetch_assoc($query_id);
+			return $result !== null ? $result : false;
+		}
+
+		return false;
 	}
 
 	/**

phpBB/includes/db/oracle.php

@@ -269,11 +269,12 @@ class dbal_oracle extends dbal
 						{
 							$cols = explode(', ', $regs[2]);
 
+							preg_match_all('/\'(?:[^\']++|\'\')*+\'|[\d-.]+/', $regs[3], $vals, PREG_PATTERN_ORDER);
+
 /*						The code inside this comment block breaks clob handling, but does allow the
 						database restore script to work.  If you want to allow no posts longer than 4KB
 						and/or need the db restore script, uncomment this.
 
-							preg_match_all('/\'(?:[^\']++|\'\')*+\'|[\d-.]+/', $regs[3], $vals, PREG_PATTERN_ORDER);
 
 							if (sizeof($cols) !== sizeof($vals))
 							{

phpBB/includes/db/postgres.php

@@ -18,6 +18,11 @@ if (!defined('IN_PHPBB'))
 
 include_once($phpbb_root_path . 'includes/db/dbal.' . $phpEx);
 
+if (!class_exists('phpbb_error_collector'))
+{
+	include($phpbb_root_path . 'includes/error_collector.' . $phpEx);
+}
+
 /**
 * PostgreSQL Database Abstraction Layer
 * Minimum Requirement is Version 7.3+
@@ -26,6 +31,7 @@ include_once($phpbb_root_path . 'includes/db/dbal.' . $phpEx);
 class dbal_postgres extends dbal
 {
 	var $last_query_text = '';
+	var $connect_error = '';
 
 	/**
 	* Connect to server
@@ -81,13 +87,29 @@ class dbal_postgres extends dbal
 
 		if ($this->persistency)
 		{
+			if (!function_exists('pg_pconnect'))
+			{
+				$this->connect_error = 'pg_pconnect function does not exist, is pgsql extension installed?';
+				return $this->sql_error('');
+			}
+			$collector = new phpbb_error_collector;
+			$collector->install();
 			$this->db_connect_id = (!$new_link) ? @pg_pconnect($connect_string) : @pg_pconnect($connect_string, PGSQL_CONNECT_FORCE_NEW);
 		}
 		else
 		{
+			if (!function_exists('pg_connect'))
+			{
+				$this->connect_error = 'pg_connect function does not exist, is pgsql extension installed?';
+				return $this->sql_error('');
+			}
+			$collector = new phpbb_error_collector;
+			$collector->install();
 			$this->db_connect_id = (!$new_link) ? @pg_connect($connect_string) : @pg_connect($connect_string, PGSQL_CONNECT_FORCE_NEW);
 		}
 
+		$collector->uninstall();
+
 		if ($this->db_connect_id)
 		{
 			if (version_compare($this->sql_server_info(true), '8.2', '>='))
@@ -102,6 +124,7 @@ class dbal_postgres extends dbal
 			return $this->db_connect_id;
 		}
 
+		$this->connect_error = $collector->format_errors();
 		return $this->sql_error('');
 	}
 
@@ -371,8 +394,19 @@ class dbal_postgres extends dbal
 	*/
 	function _sql_error()
 	{
+		// pg_last_error only works when there is an established connection.
+		// Connection errors have to be tracked by us manually.
+		if ($this->db_connect_id)
+		{
+			$message = @pg_last_error($this->db_connect_id);
+		}
+		else
+		{
+			$message = $this->connect_error;
+		}
+
 		return array(
-			'message'	=> (!$this->db_connect_id) ? @pg_last_error() : @pg_last_error($this->db_connect_id),
+			'message'	=> $message,
 			'code'		=> ''
 		);
 	}

phpBB/includes/error_collector.php

@@ -0,0 +1,63 @@
+<?php
+/**
+*
+* @package phpBB
+* @version $Id$
+* @copyright (c) 2011 phpBB Group
+* @license http://opensource.org/licenses/gpl-license.php GNU Public License
+*
+*/
+
+/**
+* @ignore
+*/
+if (!defined('IN_PHPBB'))
+{
+	exit;
+}
+
+class phpbb_error_collector
+{
+	var $errors;
+
+	function phpbb_error_collector()
+	{
+		$this->errors = array();
+	}
+
+	function install()
+	{
+		set_error_handler(array(&$this, 'error_handler'));
+	}
+
+	function uninstall()
+	{
+		restore_error_handler();
+	}
+
+	function error_handler($errno, $msg_text, $errfile, $errline)
+	{
+		$this->errors[] = array($errno, $msg_text, $errfile, $errline);
+	}
+
+	function format_errors()
+	{
+		$text = '';
+		foreach ($this->errors as $error)
+		{
+			if (!empty($text))
+			{
+				$text .= "<br />\n";
+			}
+
+			list($errno, $msg_text, $errfile, $errline) = $error;
+
+			// Prevent leakage of local path to phpBB install
+			$errfile = phpbb_filter_root_path($errfile);
+
+			$text .= "Errno $errno: $msg_text at $errfile line $errline";
+		}
+
+		return $text;
+	}
+}

phpBB/includes/functions.php

@@ -175,8 +175,13 @@ function set_config_count($config_name, $increment, $is_dynamic = false)
 	switch ($db->sql_layer)
 	{
 		case 'firebird':
+			// Precision must be from 1 to 18
+			$sql_update = 'CAST(CAST(config_value as DECIMAL(18, 0)) + ' . (int) $increment . ' as VARCHAR(255))';
+		break;
+
 		case 'postgres':
-			$sql_update = 'CAST(CAST(config_value as DECIMAL(255, 0)) + ' . (int) $increment . ' as VARCHAR(255))';
+			// Need to cast to text first for PostgreSQL 7.x
+			$sql_update = 'CAST(CAST(config_value::text as DECIMAL(255, 0)) + ' . (int) $increment . ' as VARCHAR(255))';
 		break;
 
 		// MySQL, SQlite, mssql, mssql_odbc, oracle
@@ -236,14 +241,51 @@ function unique_id($extra = 'c')
 
 	if ($dss_seeded !== true && ($config['rand_seed_last_update'] < time() - rand(1,10)))
 	{
-		set_config('rand_seed', $config['rand_seed'], true);
 		set_config('rand_seed_last_update', time(), true);
+		set_config('rand_seed', $config['rand_seed'], true);
 		$dss_seeded = true;
 	}
 
 	return substr($val, 4, 16);
 }
 
+/**
+* Wrapper for mt_rand() which allows swapping $min and $max parameters.
+*
+* PHP does not allow us to swap the order of the arguments for mt_rand() anymore.
+* (since PHP 5.3.4, see http://bugs.php.net/46587)
+*
+* @param int $min		Lowest value to be returned
+* @param int $max		Highest value to be returned
+*
+* @return int			Random integer between $min and $max (or $max and $min)
+*/
+function phpbb_mt_rand($min, $max)
+{
+	return ($min > $max) ? mt_rand($max, $min) : mt_rand($min, $max);
+}
+
+/**
+* Wrapper for getdate() which returns the equivalent array for UTC timestamps.
+*
+* @param int $time		Unix timestamp (optional)
+*
+* @return array			Returns an associative array of information related to the timestamp.
+*						See http://www.php.net/manual/en/function.getdate.php
+*/
+function phpbb_gmgetdate($time = false)
+{
+	if ($time === false)
+	{
+		$time = time();
+	}
+
+	// getdate() interprets timestamps in local time.
+	// What follows uses the fact that getdate() and
+	// date('Z') balance each other out.
+	return getdate($time - date('Z'));
+}
+
 /**
 * Return formatted string for filesizes
 *
@@ -512,7 +554,7 @@ function _hash_crypt_private($password, $setting, &$itoa64)
 	$output = '*';
 
 	// Check for correct hash
-	if (substr($setting, 0, 3) != '$H$')
+	if (substr($setting, 0, 3) != '$H$' && substr($setting, 0, 3) != '$P$')
 	{
 		return $output;
 	}
@@ -577,6 +619,34 @@ function phpbb_email_hash($email)
 	return sprintf('%u', crc32(strtolower($email))) . strlen($email);
 }
 
+/**
+* Wrapper for version_compare() that allows using uppercase A and B
+* for alpha and beta releases.
+*
+* See http://www.php.net/manual/en/function.version-compare.php
+*
+* @param string $version1		First version number
+* @param string $version2		Second version number
+* @param string $operator		Comparison operator (optional)
+*
+* @return mixed					Boolean (true, false) if comparison operator is specified.
+*								Integer (-1, 0, 1) otherwise.
+*/
+function phpbb_version_compare($version1, $version2, $operator = null)
+{
+	$version1 = strtolower($version1);
+	$version2 = strtolower($version2);
+
+	if (is_null($operator))
+	{
+		return version_compare($version1, $version2);
+	}
+	else
+	{
+		return version_compare($version1, $version2, $operator);
+	}
+}
+
 /**
 * Global function for chmodding directories and files for internal use
 *
@@ -1698,7 +1768,7 @@ function get_unread_topics($user_id = false, $sql_extra = '', $sql_sort = '', $s
 	if ($config['load_db_lastread'] && $user->data['is_registered'])
 	{
 		// Get list of the unread topics
-		$last_mark = $user->data['user_lastmark'];
+		$last_mark = (int) $user->data['user_lastmark'];
 
 		$sql_array = array(
 			'SELECT'		=> 't.topic_id, t.topic_last_post_time, tt.mark_time as topic_mark_time, ft.mark_time as forum_mark_time',
@@ -1717,10 +1787,11 @@ function get_unread_topics($user_id = false, $sql_extra = '', $sql_sort = '', $s
 			),
 
 			'WHERE'			=> "
+				 t.topic_last_post_time > $last_mark AND
 				(
 				(tt.mark_time IS NOT NULL AND t.topic_last_post_time > tt.mark_time) OR
 				(tt.mark_time IS NULL AND ft.mark_time IS NOT NULL AND t.topic_last_post_time > ft.mark_time) OR
-				(tt.mark_time IS NULL AND ft.mark_time IS NULL AND t.topic_last_post_time > $last_mark)
+				(tt.mark_time IS NULL AND ft.mark_time IS NULL)
 				)
 				$sql_extra
 				$sql_sort",
@@ -1809,7 +1880,7 @@ function get_unread_topics($user_id = false, $sql_extra = '', $sql_sort = '', $s
 */
 function update_forum_tracking_info($forum_id, $forum_last_post_time, $f_mark_time = false, $mark_time_forum = false)
 {
-	global $db, $tracking_topics, $user, $config;
+	global $db, $tracking_topics, $user, $config, $auth;
 
 	// Determine the users last forum mark time if not given.
 	if ($mark_time_forum === false)
@@ -1832,6 +1903,10 @@ function update_forum_tracking_info($forum_id, $forum_last_post_time, $f_mark_ti
 		}
 	}
 
+	// Handle update of unapproved topics info.
+	// Only update for moderators having m_approve permission for the forum.
+	$sql_update_unapproved = ($auth->acl_get('m_approve', $forum_id)) ? '': 'AND t.topic_approved = 1';
+
 	// Check the forum for any left unread topics.
 	// If there are none, we mark the forum as read.
 	if ($config['load_db_lastread'] && $user->data['is_registered'])
@@ -1847,7 +1922,8 @@ function update_forum_tracking_info($forum_id, $forum_last_post_time, $f_mark_ti
 				LEFT JOIN ' . TOPICS_TRACK_TABLE . ' tt ON (tt.topic_id = t.topic_id AND tt.user_id = ' . $user->data['user_id'] . ')
 				WHERE t.forum_id = ' . $forum_id . '
 					AND t.topic_last_post_time > ' . $mark_time_forum . '
-					AND t.topic_moved_id = 0
+					AND t.topic_moved_id = 0 ' .
+					$sql_update_unapproved . '
 					AND (tt.topic_id IS NULL OR tt.mark_time < t.topic_last_post_time)
 				GROUP BY t.forum_id';
 			$result = $db->sql_query_limit($sql, 1);
@@ -1867,11 +1943,12 @@ function update_forum_tracking_info($forum_id, $forum_last_post_time, $f_mark_ti
 		}
 		else
 		{
-			$sql = 'SELECT topic_id
-				FROM ' . TOPICS_TABLE . '
-				WHERE forum_id = ' . $forum_id . '
-					AND topic_last_post_time > ' . $mark_time_forum . '
-					AND topic_moved_id = 0';
+			$sql = 'SELECT t.topic_id
+				FROM ' . TOPICS_TABLE . ' t
+				WHERE t.forum_id = ' . $forum_id . '
+					AND t.topic_last_post_time > ' . $mark_time_forum . '
+					AND t.topic_moved_id = 0 ' .
+					$sql_update_unapproved;
 			$result = $db->sql_query($sql);
 
 			$check_forum = $tracking_topics['tf'][$forum_id];
@@ -2056,7 +2133,7 @@ function generate_pagination($base_url, $num_items, $per_page, $start_item, $add
 		$start_cnt = min(max(1, $on_page - 4), $total_pages - 5);
 		$end_cnt = max(min($total_pages, $on_page + 4), 6);
 
-		$page_string .= ($start_cnt > 1) ? ' ... ' : $seperator;
+		$page_string .= ($start_cnt > 1) ? '<span class="page-dots"> ... </span>' : $seperator;
 
 		for ($i = $start_cnt + 1; $i < $end_cnt; $i++)
 		{
@@ -2067,7 +2144,7 @@ function generate_pagination($base_url, $num_items, $per_page, $start_item, $add
 			}
 		}
 
-		$page_string .= ($end_cnt < $total_pages) ? ' ... ' : $seperator;
+		$page_string .= ($end_cnt < $total_pages) ? '<span class="page-dots"> ... </span>' : $seperator;
 	}
 	else
 	{
@@ -2154,6 +2231,12 @@ function append_sid($url, $params = false, $is_amp = true, $session_id = false)
 {
 	global $_SID, $_EXTRA_URL, $phpbb_hook;
 
+	if ($params === '' || (is_array($params) && empty($params)))
+	{
+		// Do not append the ? if the param-list is empty anyway.
+		$params = false;
+	}
+
 	// Developers using the hook function need to globalise the $_SID and $_EXTRA_URL on their own and also handle it appropriately.
 	// They could mimic most of what is within this function
 	if (!empty($phpbb_hook) && $phpbb_hook->call_hook(__FUNCTION__, $url, $params, $is_amp, $session_id))
@@ -2248,7 +2331,10 @@ function append_sid($url, $params = false, $is_amp = true, $session_id = false)
 
 /**
 * Generate board url (example: http://www.example.com/phpBB)
+*
 * @param bool $without_script_path if set to true the script path gets not appended (example: http://www.example.com)
+*
+* @return string the generated board url
 */
 function generate_board_url($without_script_path = false)
 {
@@ -2353,12 +2439,12 @@ function redirect($url, $return = false, $disable_cd_check = false)
 		// Relative uri
 		$pathinfo = pathinfo($url);
 
-		if (!$disable_cd_check && !file_exists($pathinfo['dirname']))
+		if (!$disable_cd_check && !file_exists($pathinfo['dirname'] . '/'))
 		{
 			$url = str_replace('../', '', $url);
 			$pathinfo = pathinfo($url);
 
-			if (!file_exists($pathinfo['dirname']))
+			if (!file_exists($pathinfo['dirname'] . '/'))
 			{
 				// fallback to "last known user page"
 				// at least this way we know the user does not leave the phpBB root
@@ -2630,9 +2716,9 @@ function send_status_line($code, $message)
 	}
 	else
 	{
-		if (isset($_SERVER['HTTP_VERSION']))
+		if (!empty($_SERVER['SERVER_PROTOCOL']))
 		{
-			$version = $_SERVER['HTTP_VERSION'];
+			$version = $_SERVER['SERVER_PROTOCOL'];
 		}
 		else
 		{
@@ -3307,61 +3393,44 @@ function add_log()
 }
 
 /**
-* Return a nicely formatted backtrace (parts from the php manual by diz at ysagoon dot com)
+* Return a nicely formatted backtrace.
+*
+* Turns the array returned by debug_backtrace() into HTML markup.
+* Also filters out absolute paths to phpBB root.
+*
+* @return string	HTML markup
 */
 function get_backtrace()
 {
-	global $phpbb_root_path;
-
 	$output = '<div style="font-family: monospace;">';
 	$backtrace = debug_backtrace();
-	$path = phpbb_realpath($phpbb_root_path);
 
-	foreach ($backtrace as $number => $trace)
+	// We skip the first one, because it only shows this file/function
+	unset($backtrace[0]);
+
+	foreach ($backtrace as $trace)
 	{
-		// We skip the first one, because it only shows this file/function
-		if ($number == 0)
-		{
-			continue;
-		}
-
 		// Strip the current directory from path
-		if (empty($trace['file']))
-		{
-			$trace['file'] = '';
-		}
-		else
-		{
-			$trace['file'] = str_replace(array($path, '\\'), array('', '/'), $trace['file']);
-			$trace['file'] = substr($trace['file'], 1);
-		}
-		$args = array();
+		$trace['file'] = (empty($trace['file'])) ? '(not given by php)' : htmlspecialchars(phpbb_filter_root_path($trace['file']));
+		$trace['line'] = (empty($trace['line'])) ? '(not given by php)' : $trace['line'];
 
-		// If include/require/include_once is not called, do not show arguments - they may contain sensible information
-		if (!in_array($trace['function'], array('include', 'require', 'include_once')))
+		// Only show function arguments for include etc.
+		// Other parameters may contain sensible information
+		$argument = '';
+		if (!empty($trace['args'][0]) && in_array($trace['function'], array('include', 'require', 'include_once', 'require_once')))
 		{
-			unset($trace['args']);
-		}
-		else
-		{
-			// Path...
-			if (!empty($trace['args'][0]))
-			{
-				$argument = htmlspecialchars($trace['args'][0]);
-				$argument = str_replace(array($path, '\\'), array('', '/'), $argument);
-				$argument = substr($argument, 1);
-				$args[] = "'{$argument}'";
-			}
+			$argument = htmlspecialchars(phpbb_filter_root_path($trace['args'][0]));
 		}
 
 		$trace['class'] = (!isset($trace['class'])) ? '' : $trace['class'];
 		$trace['type'] = (!isset($trace['type'])) ? '' : $trace['type'];
 
 		$output .= '<br />';
-		$output .= '<b>FILE:</b> ' . htmlspecialchars($trace['file']) . '<br />';
+		$output .= '<b>FILE:</b> ' . $trace['file'] . '<br />';
 		$output .= '<b>LINE:</b> ' . ((!empty($trace['line'])) ? $trace['line'] : '') . '<br />';
 
-		$output .= '<b>CALL:</b> ' . htmlspecialchars($trace['class'] . $trace['type'] . $trace['function']) . '(' . ((sizeof($args)) ? implode(', ', $args) : '') . ')<br />';
+		$output .= '<b>CALL:</b> ' . htmlspecialchars($trace['class'] . $trace['type'] . $trace['function']);
+		$output .= '(' . (($argument !== '') ? "'$argument'" : '') . ')<br />';
 	}
 	$output .= '</div>';
 	return $output;
@@ -3423,11 +3492,57 @@ function get_preg_expression($mode)
 			$inline = ($mode == 'relative_url') ? ')' : '';
 			return "(?:[a-z0-9\-._~!$&'($inline*+,;=:@|]+|%[\dA-F]{2})*(?:/(?:[a-z0-9\-._~!$&'($inline*+,;=:@|]+|%[\dA-F]{2})*)*(?:\?(?:[a-z0-9\-._~!$&'($inline*+,;=:@/?|]+|%[\dA-F]{2})*)?(?:\#(?:[a-z0-9\-._~!$&'($inline*+,;=:@/?|]+|%[\dA-F]{2})*)?";
 		break;
+
+		case 'table_prefix':
+			return '#^[a-zA-Z][a-zA-Z0-9_]*$#';
+		break;
 	}
 
 	return '';
 }
 
+/**
+* Generate regexp for naughty words censoring
+* Depends on whether installed PHP version supports unicode properties
+*
+* @param string	$word			word template to be replaced
+* @param bool	$use_unicode	whether or not to take advantage of PCRE supporting unicode
+*
+* @return string $preg_expr		regex to use with word censor
+*/
+function get_censor_preg_expression($word, $use_unicode = true)
+{
+	static $unicode_support = null;
+
+	// Check whether PHP version supports unicode properties
+	if (is_null($unicode_support))
+	{
+		$unicode_support = ((version_compare(PHP_VERSION, '5.1.0', '>=') || (version_compare(PHP_VERSION, '5.0.0-dev', '<=') && version_compare(PHP_VERSION, '4.4.0', '>='))) && @preg_match('/\p{L}/u', 'a') !== false) ? true : false;
+	}
+
+	// Unescape the asterisk to simplify further conversions
+	$word = str_replace('\*', '*', preg_quote($word, '#'));
+
+	if ($use_unicode && $unicode_support)
+	{
+		// Replace asterisk(s) inside the pattern, at the start and at the end of it with regexes
+		$word = preg_replace(array('#(?<=[\p{Nd}\p{L}_])\*+(?=[\p{Nd}\p{L}_])#iu', '#^\*+#', '#\*+$#'), array('([\x20]*?|[\p{Nd}\p{L}_-]*?)', '[\p{Nd}\p{L}_-]*?', '[\p{Nd}\p{L}_-]*?'), $word);
+
+		// Generate the final substitution
+		$preg_expr = '#(?<![\p{Nd}\p{L}_-])(' . $word . ')(?![\p{Nd}\p{L}_-])#iu';
+	}
+	else
+	{
+		// Replace the asterisk inside the pattern, at the start and at the end of it with regexes
+		$word = preg_replace(array('#(?<=\S)\*+(?=\S)#iu', '#^\*+#', '#\*+$#'), array('(\x20*?\S*?)', '\S*?', '\S*?'), $word);
+
+		// Generate the final substitution
+		$preg_expr = '#(?<!\S)(' . $word . ')(?!\S)#iu';
+	}
+
+	return $preg_expr;
+}
+
 /**
 * Returns the first block of the specified IPv6 address and as many additional
 * ones as specified in the length paramater.
@@ -3501,7 +3616,7 @@ function phpbb_checkdnsrr($host, $type = 'MX')
 	// but until 5.3.3 it only works for MX records
 	// See: http://bugs.php.net/bug.php?id=51844
 
-	// Call checkdnsrr() if 
+	// Call checkdnsrr() if
 	// we're looking for an MX record or
 	// we're not on Windows or
 	// we're running a PHP version where #51844 has been fixed
@@ -3521,7 +3636,7 @@ function phpbb_checkdnsrr($host, $type = 'MX')
 	// dns_get_record() is available since PHP 5; since PHP 5.3 also on Windows,
 	// but on Windows it does not work reliable for AAAA records before PHP 5.3.1
 
-	// Call dns_get_record() if 
+	// Call dns_get_record() if
 	// we're not looking for an AAAA record or
 	// we're not on Windows or
 	// we're running a PHP version where AAAA lookups work reliable
@@ -3551,7 +3666,7 @@ function phpbb_checkdnsrr($host, $type = 'MX')
 		foreach ($resultset as $result)
 		{
 			if (
-				isset($result['host']) && $result['host'] == $host && 
+				isset($result['host']) && $result['host'] == $host &&
 				isset($result['type']) && $result['type'] == $type
 			)
 			{
@@ -3613,10 +3728,19 @@ function phpbb_checkdnsrr($host, $type = 'MX')
 					{
 						return true;
 					}
+				break;
 
 				default:
-				case 'A':
 				case 'AAAA':
+					// AAAA records returned by nslookup on Windows XP/2003 have this format.
+					// Later Windows versions use the A record format below for AAAA records.
+					if (stripos($line, "$host AAAA IPv6 address") === 0)
+					{
+						return true;
+					}
+				// No break
+
+				case 'A':
 					if (!empty($host_matches))
 					{
 						// Second line
@@ -3685,25 +3809,10 @@ function msg_handler($errno, $msg_text, $errfile, $errline)
 
 			if (strpos($errfile, 'cache') === false && strpos($errfile, 'template.') === false)
 			{
-				// flush the content, else we get a white page if output buffering is on
-				if ((int) @ini_get('output_buffering') === 1 || strtolower(@ini_get('output_buffering')) === 'on')
-				{
-					@ob_flush();
-				}
-
-				// Another quick fix for those having gzip compression enabled, but do not flush if the coder wants to catch "something". ;)
-				if (!empty($config['gzip_compress']))
-				{
-					if (@extension_loaded('zlib') && !headers_sent() && !ob_get_level())
-					{
-						@ob_flush();
-					}
-				}
-
-				// remove complete path to installation, with the risk of changing backslashes meant to be there
-				$errfile = str_replace(array(phpbb_realpath($phpbb_root_path), '\\'), array('', '/'), $errfile);
-				$msg_text = str_replace(array(phpbb_realpath($phpbb_root_path), '\\'), array('', '/'), $msg_text);
-				echo '<b>[phpBB Debug] PHP Notice</b>: in file <b>' . $errfile . '</b> on line <b>' . $errline . '</b>: <b>' . $msg_text . '</b><br />' . "\n";
+				$errfile = phpbb_filter_root_path($errfile);
+				$msg_text = phpbb_filter_root_path($msg_text);
+				$error_name = ($errno === E_WARNING) ? 'PHP Warning' : 'PHP Notice';
+				echo '<b>[phpBB Debug] ' . $error_name . '</b>: in file <b>' . $errfile . '</b> on line <b>' . $errline . '</b>: <b>' . $msg_text . '</b><br />' . "\n";
 
 				// we are writing an image - the user won't see the debug, so let's place it in the log
 				if (defined('IMAGE_OUTPUT') || defined('IN_CRON'))
@@ -3792,7 +3901,7 @@ function msg_handler($errno, $msg_text, $errfile, $errline)
 			echo '	</div>';
 			echo '	</div>';
 			echo '	<div id="page-footer">';
-			echo '		Powered by phpBB &copy; 2000, 2002, 2005, 2007 <a href="http://www.phpbb.com/">phpBB Group</a>';
+			echo '		Powered by <a href="http://www.phpbb.com/">phpBB</a>&reg; Forum Software &copy; phpBB Group';
 			echo '	</div>';
 			echo '</div>';
 			echo '</body>';
@@ -3879,6 +3988,29 @@ function msg_handler($errno, $msg_text, $errfile, $errline)
 	return false;
 }
 
+/**
+* Removes absolute path to phpBB root directory from error messages
+* and converts backslashes to forward slashes.
+*
+* @param string $errfile	Absolute file path
+*							(e.g. /var/www/phpbb3/phpBB/includes/functions.php)
+*							Please note that if $errfile is outside of the phpBB root,
+*							the root path will not be found and can not be filtered.
+* @return string			Relative file path
+*							(e.g. /includes/functions.php)
+*/
+function phpbb_filter_root_path($errfile)
+{
+	static $root_path;
+
+	if (empty($root_path))
+	{
+		$root_path = phpbb_realpath(dirname(__FILE__) . '/../');
+	}
+
+	return str_replace(array($root_path, '\\'), array('[ROOT]', '/'), $errfile);
+}
+
 /**
 * Queries the session table to get information about online guests
 * @param int $item_id Limits the search to the item with this id
@@ -4208,7 +4340,7 @@ function phpbb_http_login($param)
 	if (!is_null($username) && is_null($password) && strpos($username, 'Basic ') === 0)
 	{
 		list($username, $password) = explode(':', base64_decode(substr($username, 6)), 2);
-    }
+	}
 
 	if (!is_null($username) && !is_null($password))
 	{
@@ -4246,7 +4378,7 @@ function phpbb_http_login($param)
 */
 function page_header($page_title = '', $display_online_list = true, $item_id = 0, $item = 'forum')
 {
-	global $db, $config, $template, $SID, $_SID, $user, $auth, $phpEx, $phpbb_root_path;
+	global $db, $config, $template, $SID, $_SID, $_EXTRA_URL, $user, $auth, $phpEx, $phpbb_root_path;
 
 	if (defined('HEADER_INC'))
 	{
@@ -4258,7 +4390,21 @@ function page_header($page_title = '', $display_online_list = true, $item_id = 0
 	// gzip_compression
 	if ($config['gzip_compress'])
 	{
-		if (@extension_loaded('zlib') && !headers_sent())
+		// to avoid partially compressed output resulting in blank pages in
+		// the browser or error messages, compression is disabled in a few cases:
+		//
+		// 1) if headers have already been sent, this indicates plaintext output
+		//    has been started so further content must not be compressed
+		// 2) the length of the current output buffer is non-zero. This means
+		//    there is already some uncompressed content in this output buffer
+		//    so further output must not be compressed
+		// 3) if more than one level of output buffering is used because we
+		//    cannot test all output buffer level content lengths. One level
+		//    could be caused by php.ini output_buffering. Anything
+		//    beyond that is manual, so the code wrapping phpBB in output buffering
+		//    can easily compress the output itself.
+		//
+		if (@extension_loaded('zlib') && !headers_sent() && ob_get_level() <= 1 && ob_get_length() == 0)
 		{
 			ob_start('ob_gzhandler');
 		}
@@ -4379,6 +4525,21 @@ function page_header($page_title = '', $display_online_list = true, $item_id = 0
 		$user_lang = substr($user_lang, 0, strpos($user_lang, '-x-'));
 	}
 
+	$s_search_hidden_fields = array();
+	if ($_SID)
+	{
+		$s_search_hidden_fields['sid'] = $_SID;
+	}
+
+	if (!empty($_EXTRA_URL))
+	{
+		foreach ($_EXTRA_URL as $url_param)
+		{
+			$url_param = explode('=', $url_param, 2);
+			$s_hidden_fields[$url_param[0]] = $url_param[1];
+		}
+	}
+
 	// The following assigns all _common_ variables that may be used at any point in a template.
 	$template->assign_vars(array(
 		'SITENAME'						=> $config['sitename'],
@@ -4468,11 +4629,13 @@ function page_header($page_title = '', $display_online_list = true, $item_id = 0
 
 		'S_LOAD_UNREADS'			=> ($config['load_unreads_search'] && ($config['load_anon_lastread'] || $user->data['is_registered'])) ? true : false,
 
+		'S_SEARCH_HIDDEN_FIELDS'	=> build_hidden_fields($s_search_hidden_fields),
+
 		'T_THEME_PATH'			=> "{$web_path}styles/" . $user->theme['theme_path'] . '/theme',
 		'T_TEMPLATE_PATH'		=> "{$web_path}styles/" . $user->theme['template_path'] . '/template',
 		'T_SUPER_TEMPLATE_PATH'	=> (isset($user->theme['template_inherit_path']) && $user->theme['template_inherit_path']) ? "{$web_path}styles/" . $user->theme['template_inherit_path'] . '/template' : "{$web_path}styles/" . $user->theme['template_path'] . '/template',
 		'T_IMAGESET_PATH'		=> "{$web_path}styles/" . $user->theme['imageset_path'] . '/imageset',
-		'T_IMAGESET_LANG_PATH'	=> "{$web_path}styles/" . $user->theme['imageset_path'] . '/imageset/' . $user->data['user_lang'],
+		'T_IMAGESET_LANG_PATH'	=> "{$web_path}styles/" . $user->theme['imageset_path'] . '/imageset/' . $user->lang_name,
 		'T_IMAGES_PATH'			=> "{$web_path}images/",
 		'T_SMILIES_PATH'		=> "{$web_path}{$config['smilies_path']}/",
 		'T_AVATAR_PATH'			=> "{$web_path}{$config['avatar_path']}/",
@@ -4480,7 +4643,7 @@ function page_header($page_title = '', $display_online_list = true, $item_id = 0
 		'T_ICONS_PATH'			=> "{$web_path}{$config['icons_path']}/",
 		'T_RANKS_PATH'			=> "{$web_path}{$config['ranks_path']}/",
 		'T_UPLOAD_PATH'			=> "{$web_path}{$config['upload_path']}/",
-		'T_STYLESHEET_LINK'		=> (!$user->theme['theme_storedb']) ? "{$web_path}styles/" . $user->theme['theme_path'] . '/theme/stylesheet.css' : append_sid("{$phpbb_root_path}style.$phpEx", 'id=' . $user->theme['style_id'] . '&amp;lang=' . $user->data['user_lang']),
+		'T_STYLESHEET_LINK'		=> (!$user->theme['theme_storedb']) ? "{$web_path}styles/" . $user->theme['theme_path'] . '/theme/stylesheet.css' : append_sid("{$phpbb_root_path}style.$phpEx", 'id=' . $user->theme['style_id'] . '&amp;lang=' . $user->lang_name),
 		'T_STYLESHEET_NAME'		=> $user->theme['theme_name'],
 
 		'T_THEME_NAME'			=> $user->theme['theme_path'],
@@ -4508,6 +4671,12 @@ function page_header($page_title = '', $display_online_list = true, $item_id = 0
 	header('Expires: 0');
 	header('Pragma: no-cache');
 
+	if (!empty($user->data['is_bot']))
+	{
+		// Let reverse proxies know we detected a bot.
+		header('X-PHPBB-IS-BOT: yes');
+	}
+
 	return;
 }
 
@@ -4558,7 +4727,7 @@ function page_footer($run_cron = true)
 
 	// Call cron-type script
 	$call_cron = false;
-	if (!defined('IN_CRON') && $run_cron && !$config['board_disable'])
+	if (!defined('IN_CRON') && $run_cron && !$config['board_disable'] && !$user->data['is_bot'])
 	{
 		$call_cron = true;
 		$time_now = (!empty($user->time_now) && is_int($user->time_now)) ? $user->time_now : time();
@@ -4662,7 +4831,7 @@ function exit_handler()
 	}
 
 	// As a pre-caution... some setups display a blank page if the flush() is not there.
-	(empty($config['gzip_compress'])) ? @flush() : @ob_flush();
+	(ob_get_level() > 0) ? @ob_flush() : @flush();
 
 	exit;
 }

phpBB/includes/functions_admin.php

@@ -2506,6 +2506,7 @@ function cache_moderators()
 
 /**
 * View log
+* If $log_count is set to false, we will skip counting all entries in the database.
 */
 function view_log($mode, &$log, &$log_count, $limit = 0, $offset = 0, $forum_id = 0, $topic_id = 0, $user_id = 0, $limit_days = 0, $sort_by = 'l.log_time DESC', $keywords = '')
 {
@@ -2594,6 +2595,35 @@ function view_log($mode, &$log, &$log_count, $limit = 0, $offset = 0, $forum_id
 		$sql_keywords .= 'LOWER(l.log_data) ' . implode(' OR LOWER(l.log_data) ', $keywords) . ')';
 	}
 
+	if ($log_count !== false)
+	{
+		$sql = 'SELECT COUNT(l.log_id) AS total_entries
+			FROM ' . LOG_TABLE . ' l, ' . USERS_TABLE . " u
+			WHERE l.log_type = $log_type
+				AND l.user_id = u.user_id
+				AND l.log_time >= $limit_days
+				$sql_keywords
+				$sql_forum";
+		$result = $db->sql_query($sql);
+		$log_count = (int) $db->sql_fetchfield('total_entries');
+		$db->sql_freeresult($result);
+	}
+
+	// $log_count may be false here if false was passed in for it,
+	// because in this case we did not run the COUNT() query above.
+	// If we ran the COUNT() query and it returned zero rows, return;
+	// otherwise query for logs below.
+	if ($log_count === 0)
+	{
+		// Save the queries, because there are no logs to display
+		return 0;
+	}
+
+	if ($offset >= $log_count)
+	{
+		$offset = ($offset - $limit < 0) ? 0 : $offset - $limit;
+	}
+
 	$sql = "SELECT l.*, u.username, u.username_clean, u.user_colour
 		FROM " . LOG_TABLE . " l, " . USERS_TABLE . " u
 		WHERE l.log_type = $log_type
@@ -2761,18 +2791,7 @@ function view_log($mode, &$log, &$log_count, $limit = 0, $offset = 0, $forum_id
 		}
 	}
 
-	$sql = 'SELECT COUNT(l.log_id) AS total_entries
-		FROM ' . LOG_TABLE . ' l, ' . USERS_TABLE . " u
-		WHERE l.log_type = $log_type
-			AND l.user_id = u.user_id
-			AND l.log_time >= $limit_days
-			$sql_keywords
-			$sql_forum";
-	$result = $db->sql_query($sql);
-	$log_count = (int) $db->sql_fetchfield('total_entries');
-	$db->sql_freeresult($result);
-
-	return;
+	return $offset;
 }
 
 /**
@@ -2904,6 +2923,12 @@ function view_inactive_users(&$users, &$user_count, $limit = 0, $offset = 0, $li
 	$user_count = (int) $db->sql_fetchfield('user_count');
 	$db->sql_freeresult($result);
 
+	if ($user_count == 0)
+	{
+		// Save the queries, because there are no users to display
+		return 0;
+	}
+
 	if ($offset >= $user_count)
 	{
 		$offset = ($offset - $limit < 0) ? 0 : $offset - $limit;
@@ -3109,7 +3134,7 @@ function get_database_size()
 /**
 * Retrieve contents from remotely stored file
 */
-function get_remote_file($host, $directory, $filename, &$errstr, &$errno, $port = 80, $timeout = 10)
+function get_remote_file($host, $directory, $filename, &$errstr, &$errno, $port = 80, $timeout = 6)
 {
 	global $user;
 
@@ -3119,6 +3144,9 @@ function get_remote_file($host, $directory, $filename, &$errstr, &$errno, $port
 		@fputs($fsock, "HOST: $host\r\n");
 		@fputs($fsock, "Connection: close\r\n\r\n");
 
+		$timer_stop = time() + $timeout;
+		stream_set_timeout($fsock, $timeout);
+
 		$file_info = '';
 		$get_info = false;
 
@@ -3141,6 +3169,14 @@ function get_remote_file($host, $directory, $filename, &$errstr, &$errno, $port
 					return false;
 				}
 			}
+
+			$stream_meta_data = stream_get_meta_data($fsock);
+
+			if (!empty($stream_meta_data['timed_out']) || time() >= $timer_stop)
+			{
+				$errstr = $user->lang['FSOCK_TIMEOUT'];
+				return false;
+			}
 		}
 		@fclose($fsock);
 	}

phpBB/includes/functions_content.php

@@ -1107,7 +1107,7 @@ function extension_allowed($forum_id, $extension, &$extensions)
 * @param int $max_length Maximum length of string (multibyte character count as 1 char / Html entity count as 1 char)
 * @param int $max_store_length Maximum character length of string (multibyte character count as 1 char / Html entity count as entity chars).
 * @param bool $allow_reply Allow Re: in front of string 
-* 	NOTE: This parameter can cause undesired behavior (returning strings longer than $max_store_legnth) and is deprecated. 
+* 	NOTE: This parameter can cause undesired behavior (returning strings longer than $max_store_length) and is deprecated. 
 * @param string $append String to be appended
 */
 function truncate_string($string, $max_length = 60, $max_store_length = 255, $allow_reply = false, $append = '')

phpBB/includes/functions_convert.php

@@ -1816,6 +1816,7 @@ function add_bots()
 		'Alta Vista [Bot]'			=> array('Scooter/', ''),
 		'Ask Jeeves [Bot]'			=> array('Ask Jeeves', ''),
 		'Baidu [Spider]'			=> array('Baiduspider+(', ''),
+		'Bing [Bot]'				=> array('bingbot/', ''),
 		'Exabot [Bot]'				=> array('Exabot/', ''),
 		'FAST Enterprise [Crawler]'	=> array('FAST Enterprise Crawler', ''),
 		'FAST WebCrawler [Crawler]'	=> array('FAST-WebCrawler/', ''),

phpBB/includes/functions_display.php

@@ -51,6 +51,27 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod
 		$sql_where = 'left_id > ' . $root_data['left_id'] . ' AND left_id < ' . $root_data['right_id'];
 	}
 
+	// Handle marking everything read
+	if ($mark_read == 'all')
+	{
+		$redirect = build_url(array('mark', 'hash'));
+		meta_refresh(3, $redirect);
+
+		if (check_link_hash(request_var('hash', ''), 'global'))
+		{
+			markread('all');
+
+			trigger_error(
+				$user->lang['FORUMS_MARKED'] . '<br /><br />' .
+				sprintf($user->lang['RETURN_INDEX'], '<a href="' . $redirect . '">', '</a>')
+			);
+		}
+		else
+		{
+			trigger_error(sprintf($user->lang['RETURN_PAGE'], '<a href="' . $redirect . '">', '</a>'));
+		}
+	}
+
 	// Display list of active topics for this category?
 	$show_active = (isset($root_data['forum_flags']) && ($root_data['forum_flags'] & FORUM_FLAG_ACTIVE_TOPICS)) ? true : false;
 
@@ -120,13 +141,14 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod
 		$forum_id = $row['forum_id'];
 
 		// Mark forums read?
-		if ($mark_read == 'forums' || $mark_read == 'all')
+		if ($mark_read == 'forums')
 		{
 			if ($auth->acl_get('f_list', $forum_id))
 			{
 				$forum_ids[] = $forum_id;
-				continue;
 			}
+
+			continue;
 		}
 
 		// Category with no members
@@ -152,8 +174,6 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod
 			continue;
 		}
 
-		$forum_ids[] = $forum_id;
-
 		if ($config['load_db_lastread'] && $user->data['is_registered'])
 		{
 			$forum_tracking_info[$forum_id] = (!empty($row['mark_time'])) ? $row['mark_time'] : $user->data['user_lastmark'];
@@ -255,24 +275,16 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod
 	$db->sql_freeresult($result);
 
 	// Handle marking posts
-	if ($mark_read == 'forums' || $mark_read == 'all')
+	if ($mark_read == 'forums')
 	{
 		$redirect = build_url(array('mark', 'hash'));
 		$token = request_var('hash', '');
 		if (check_link_hash($token, 'global'))
 		{
-			if ($mark_read == 'all')
-			{
-				markread('all');
-				$message = sprintf($user->lang['RETURN_INDEX'], '<a href="' . $redirect . '">', '</a>');
-			}
-			else
-			{
-				// Add 0 to forums array to mark global announcements correctly
-				$forum_ids[] = 0;
-				markread('topics', $forum_ids);
-				$message = sprintf($user->lang['RETURN_FORUM'], '<a href="' . $redirect . '">', '</a>');
-			}
+			// Add 0 to forums array to mark global announcements correctly
+			$forum_ids[] = 0;
+			markread('topics', $forum_ids);
+			$message = sprintf($user->lang['RETURN_FORUM'], '<a href="' . $redirect . '">', '</a>');
 			meta_refresh(3, $redirect);
 			trigger_error($user->lang['FORUMS_MARKED'] . '<br /><br />' . $message);
 		}
@@ -453,10 +465,11 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod
 			'S_NO_CAT'			=> $catless && !$last_catless,
 			'S_IS_LINK'			=> ($row['forum_type'] == FORUM_LINK) ? true : false,
 			'S_UNREAD_FORUM'	=> $forum_unread,
+			'S_AUTH_READ'		=> $auth->acl_get('f_read', $row['forum_id']),
 			'S_LOCKED_FORUM'	=> ($row['forum_status'] == ITEM_LOCKED) ? true : false,
 			'S_LIST_SUBFORUMS'	=> ($row['display_subforum_list']) ? true : false,
 			'S_SUBFORUMS'		=> (sizeof($subforums_list)) ? true : false,
-			'S_FEED_ENABLED'	=> ($config['feed_forum'] && !phpbb_optionget(FORUM_OPTION_FEED_EXCLUDE, $row['forum_options'])) ? true : false,
+			'S_FEED_ENABLED'	=> ($config['feed_forum'] && !phpbb_optionget(FORUM_OPTION_FEED_EXCLUDE, $row['forum_options']) && $row['forum_type'] == FORUM_POST) ? true : false,
 
 			'FORUM_ID'				=> $row['forum_id'],
 			'FORUM_NAME'			=> $row['forum_name'],
@@ -477,7 +490,6 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod
 			'SUBFORUMS'				=> $s_subforums_list,
 
 			'L_SUBFORUM_STR'		=> $l_subforums,
-			'L_FORUM_FOLDER_ALT'	=> $folder_alt,
 			'L_MODERATOR_STR'		=> $l_moderator,
 
 			'U_UNAPPROVED_TOPICS'	=> ($row['forum_id_unapproved_topics']) ? append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=queue&amp;mode=unapproved_topics&amp;f=' . $row['forum_id_unapproved_topics']) : '',
@@ -663,7 +675,7 @@ function topic_generate_pagination($replies, $url)
 			$pagination .= '<a href="' . $url . ($j == 0 ? '' : '&amp;start=' . $j) . '">' . $times . '</a>';
 			if ($times == 1 && $total_pages > 5)
 			{
-				$pagination .= ' ... ';
+				$pagination .= '<span class="page-dots"> ... </span>';
 
 				// Display the last three pages
 				$times = $total_pages - 3;
@@ -997,13 +1009,17 @@ function display_user_activity(&$userdata)
 	}
 
 	// Obtain active topic
+	// We need to exclude passworded forums here so we do not leak the topic title
+	$forum_ary_topic = array_unique(array_merge($forum_ary, $user->get_passworded_forums()));
+	$forum_sql_topic = (!empty($forum_ary_topic)) ? 'AND ' . $db->sql_in_set('forum_id', $forum_ary_topic, true) : '';
+
 	$sql = 'SELECT topic_id, COUNT(post_id) AS num_posts
 		FROM ' . POSTS_TABLE . '
 		WHERE poster_id = ' . $userdata['user_id'] . "
 			AND post_postcount = 1
 			AND (post_approved = 1
 				$sql_m_approve)
-			$forum_sql
+			$forum_sql_topic
 		GROUP BY topic_id
 		ORDER BY num_posts DESC";
 	$result = $db->sql_query_limit($sql, 1);
@@ -1059,7 +1075,7 @@ function display_user_activity(&$userdata)
 /**
 * Topic and forum watching common code
 */
-function watch_topic_forum($mode, &$s_watching, $user_id, $forum_id, $topic_id, $notify_status = 'unset', $start = 0)
+function watch_topic_forum($mode, &$s_watching, $user_id, $forum_id, $topic_id, $notify_status = 'unset', $start = 0, $item_title = '')
 {
 	global $template, $db, $user, $phpEx, $start, $phpbb_root_path;
 
@@ -1068,6 +1084,7 @@ function watch_topic_forum($mode, &$s_watching, $user_id, $forum_id, $topic_id,
 	$match_id = ($mode == 'forum') ? $forum_id : $topic_id;
 	$u_url = "uid={$user->data['user_id']}";
 	$u_url .= ($mode == 'forum') ? '&amp;f' : '&amp;f=' . $forum_id . '&amp;t';
+	$is_watching = 0;
 
 	// Is user watching this thread?
 	if ($user_id != ANONYMOUS)
@@ -1092,28 +1109,51 @@ function watch_topic_forum($mode, &$s_watching, $user_id, $forum_id, $topic_id,
 			if (isset($_GET['unwatch']))
 			{
 				$uid = request_var('uid', 0);
-				if ($uid != $user_id)
+				$token = request_var('hash', '');
+
+				if ($token && check_link_hash($token, "{$mode}_$match_id") || confirm_box(true))
 				{
-					$redirect_url = append_sid("{$phpbb_root_path}view$mode.$phpEx", "$u_url=$match_id&amp;start=$start");
-					$message = $user->lang['ERR_UNWATCHING'] . '<br /><br />' . sprintf($user->lang['RETURN_' . strtoupper($mode)], '<a href="' . $redirect_url . '">', '</a>');
-					trigger_error($message);
-				}
-				if ($_GET['unwatch'] == $mode)
-				{
-					$is_watching = 0;
+					if ($uid != $user_id || $_GET['unwatch'] != $mode)
+					{
+						$redirect_url = append_sid("{$phpbb_root_path}view$mode.$phpEx", "$u_url=$match_id&amp;start=$start");
+						$message = $user->lang['ERR_UNWATCHING'] . '<br /><br />' . sprintf($user->lang['RETURN_' . strtoupper($mode)], '<a href="' . $redirect_url . '">', '</a>');
+						trigger_error($message);
+					}
 
 					$sql = 'DELETE FROM ' . $table_sql . "
 						WHERE $where_sql = $match_id
 							AND user_id = $user_id";
 					$db->sql_query($sql);
+
+					$redirect_url = append_sid("{$phpbb_root_path}view$mode.$phpEx", "$u_url=$match_id&amp;start=$start");
+					$message = $user->lang['NOT_WATCHING_' . strtoupper($mode)] . '<br /><br />';
+					$message .= sprintf($user->lang['RETURN_' . strtoupper($mode)], '<a href="' . $redirect_url . '">', '</a>');
+					meta_refresh(3, $redirect_url);
+					trigger_error($message);
 				}
+				else
+				{
+					$s_hidden_fields = array(
+						'uid'		=> $user->data['user_id'],
+						'unwatch'	=> $mode,
+						'start'		=> $start,
+						'f'			=> $forum_id,
+					);
+					if ($mode != 'forum')
+					{
+						$s_hidden_fields['t'] = $topic_id;
+					}
 
-				$redirect_url = append_sid("{$phpbb_root_path}view$mode.$phpEx", "$u_url=$match_id&amp;start=$start");
-
-				meta_refresh(3, $redirect_url);
-
-				$message = $user->lang['NOT_WATCHING_' . strtoupper($mode)] . '<br /><br />' . sprintf($user->lang['RETURN_' . strtoupper($mode)], '<a href="' . $redirect_url . '">', '</a>');
-				trigger_error($message);
+					if ($item_title == '')
+					{
+						$confirm_box_message = 'UNWATCH_' . strtoupper($mode);
+					}
+					else
+					{
+						$confirm_box_message = $user->lang('UNWATCH_' . strtoupper($mode) . '_DETAILED', $item_title);
+					}
+					confirm_box(false, $confirm_box_message, build_hidden_fields($s_hidden_fields));
+				}
 			}
 			else
 			{
@@ -1133,26 +1173,45 @@ function watch_topic_forum($mode, &$s_watching, $user_id, $forum_id, $topic_id,
 		{
 			if (isset($_GET['watch']))
 			{
+				$uid = request_var('uid', 0);
 				$token = request_var('hash', '');
-				$redirect_url = append_sid("{$phpbb_root_path}view$mode.$phpEx", "$u_url=$match_id&amp;start=$start");
 
-				if ($_GET['watch'] == $mode && check_link_hash($token, "{$mode}_$match_id"))
+				if ($token && check_link_hash($token, "{$mode}_$match_id") || confirm_box(true))
 				{
+					if ($uid != $user_id || $_GET['watch'] != $mode)
+					{
+						$redirect_url = append_sid("{$phpbb_root_path}view$mode.$phpEx", "$u_url=$match_id&amp;start=$start");
+						$message = $user->lang['ERR_WATCHING'] . '<br /><br />' . sprintf($user->lang['RETURN_' . strtoupper($mode)], '<a href="' . $redirect_url . '">', '</a>');
+						trigger_error($message);
+					}
+
 					$is_watching = true;
 
 					$sql = 'INSERT INTO ' . $table_sql . " (user_id, $where_sql, notify_status)
 						VALUES ($user_id, $match_id, " . NOTIFY_YES . ')';
 					$db->sql_query($sql);
+
+					$redirect_url = append_sid("{$phpbb_root_path}view$mode.$phpEx", "$u_url=$match_id&amp;start=$start");
 					$message = $user->lang['ARE_WATCHING_' . strtoupper($mode)] . '<br /><br />' . sprintf($user->lang['RETURN_' . strtoupper($mode)], '<a href="' . $redirect_url . '">', '</a>');
+					meta_refresh(3, $redirect_url);
+					trigger_error($message);
 				}
 				else
 				{
-					$message = $user->lang['ERR_WATCHING'] . '<br /><br />' . sprintf($user->lang['RETURN_' . strtoupper($mode)], '<a href="' . $redirect_url . '">', '</a>');
+					$s_hidden_fields = array(
+						'uid'		=> $user->data['user_id'],
+						'watch'		=> $mode,
+						'start'		=> $start,
+						'f'			=> $forum_id,
+					);
+					if ($mode != 'forum')
+					{
+						$s_hidden_fields['t'] = $topic_id;
+					}
+
+					$confirm_box_message = (($item_title == '') ? 'WATCH_' . strtoupper($mode) : $user->lang('WATCH_' . strtoupper($mode) . '_DETAILED', $item_title));
+					confirm_box(false, $confirm_box_message, build_hidden_fields($s_hidden_fields));
 				}
-
-				meta_refresh(3, $redirect_url);
-
-				trigger_error($message);
 			}
 			else
 			{
@@ -1162,7 +1221,7 @@ function watch_topic_forum($mode, &$s_watching, $user_id, $forum_id, $topic_id,
 	}
 	else
 	{
-		if (isset($_GET['unwatch']) && $_GET['unwatch'] == $mode)
+		if ((isset($_GET['unwatch']) && $_GET['unwatch'] == $mode) || (isset($_GET['watch']) && $_GET['watch'] == $mode))
 		{
 			login_box();
 		}

phpBB/includes/functions_install.php

@@ -211,61 +211,20 @@ function dbms_select($default = '', $only_20x_options = false)
 
 /**
 * Get tables of a database
+*
+* @deprecated
 */
-function get_tables($db)
+function get_tables(&$db)
 {
-	switch ($db->sql_layer)
+	if (!class_exists('phpbb_db_tools'))
 	{
-		case 'mysql':
-		case 'mysql4':
-		case 'mysqli':
-			$sql = 'SHOW TABLES';
-		break;
-
-		case 'sqlite':
-			$sql = 'SELECT name
-				FROM sqlite_master
-				WHERE type = "table"';
-		break;
-
-		case 'mssql':
-		case 'mssql_odbc':
-		case 'mssqlnative':
-			$sql = "SELECT name
-				FROM sysobjects
-				WHERE type='U'";
-		break;
-
-		case 'postgres':
-			$sql = 'SELECT relname
-				FROM pg_stat_user_tables';
-		break;
-
-		case 'firebird':
-			$sql = 'SELECT rdb$relation_name
-				FROM rdb$relations
-				WHERE rdb$view_source is null
-					AND rdb$system_flag = 0';
-		break;
-
-		case 'oracle':
-			$sql = 'SELECT table_name
-				FROM USER_TABLES';
-		break;
+		global $phpbb_root_path, $phpEx;
+		require($phpbb_root_path . 'includes/db/db_tools.' . $phpEx);
 	}
 
-	$result = $db->sql_query($sql);
+	$db_tools = new phpbb_db_tools($db);
 
-	$tables = array();
-
-	while ($row = $db->sql_fetchrow($result))
-	{
-		$tables[] = current($row);
-	}
-
-	$db->sql_freeresult($result);
-
-	return $tables;
+	return $db_tools->sql_list_tables();
 }
 
 /**

phpBB/includes/functions_messenger.php

@@ -162,6 +162,22 @@ class messenger
 		$this->extra_headers[] = trim($headers);
 	}
 
+	/**
+	* Adds X-AntiAbuse headers
+	*
+	* @param array $config		Configuration array
+	* @param user $user			A user object
+	*
+	* @return null
+	*/
+	function anti_abuse_headers($config, $user)
+	{
+		$this->headers('X-AntiAbuse: Board servername - ' . mail_encode($config['server_name']));
+		$this->headers('X-AntiAbuse: User_id - ' . $user->data['user_id']);
+		$this->headers('X-AntiAbuse: Username - ' . mail_encode($user->data['username']));
+		$this->headers('X-AntiAbuse: User IP - ' . $user->ip);
+	}
+
 	/**
 	* Set the email priority
 	*/
@@ -975,9 +991,16 @@ function smtpmail($addresses, $subject, $message, &$err_msg, $headers = false)
 	$smtp->add_backtrace('Connecting to ' . $config['smtp_host'] . ':' . $config['smtp_port']);
 
 	// Ok we have error checked as much as we can to this point let's get on it already.
-	ob_start();
+	if (!class_exists('phpbb_error_collector'))
+	{
+		global $phpbb_root_path, $phpEx;
+		include($phpbb_root_path . 'includes/error_collector.' . $phpEx);
+	}
+	$collector = new phpbb_error_collector;
+	$collector->install();
 	$smtp->socket = fsockopen($config['smtp_host'], $config['smtp_port'], $errno, $errstr, 20);
-	$error_contents = ob_get_clean();
+	$collector->uninstall();
+	$error_contents = $collector->format_errors();
 
 	if (!$smtp->socket)
 	{
@@ -1608,18 +1631,27 @@ function mail_encode($str, $eol = "\r\n")
 */
 function phpbb_mail($to, $subject, $msg, $headers, $eol, &$err_msg)
 {
-	global $config;
+	global $config, $phpbb_root_path, $phpEx;
 
 	// We use the EOL character for the OS here because the PHP mail function does not correctly transform line endings. On Windows SMTP is used (SMTP is \r\n), on UNIX a command is used...
 	// Reference: http://bugs.php.net/bug.php?id=15841
 	$headers = implode($eol, $headers);
 
-	ob_start();
+	if (!class_exists('phpbb_error_collector'))
+	{
+		include($phpbb_root_path . 'includes/error_collector.' . $phpEx);
+	}
+
+	$collector = new phpbb_error_collector;
+	$collector->install();
+
 	// On some PHP Versions mail() *may* fail if there are newlines within the subject.
 	// Newlines are used as a delimiter for lines in mail_encode() according to RFC 2045 section 6.8.
 	// Because PHP can't decide what is wanted we revert back to the non-RFC-compliant way of separating by one space (Use '' as parameter to mail_encode() results in SPACE used)
 	$result = $config['email_function_name']($to, mail_encode($subject, ''), wordwrap(utf8_wordwrap($msg), 997, "\n", true), $headers);
-	$err_msg = ob_get_clean();
+
+	$collector->uninstall();
+	$err_msg = $collector->format_errors();
 
 	return $result;
 }

phpBB/includes/functions_posting.php

@@ -388,7 +388,7 @@ function upload_attachment($form_name, $forum_id, $local = false, $local_storage
 	include_once($phpbb_root_path . 'includes/functions_upload.' . $phpEx);
 	$upload = new fileupload();
 
-	if ($config['check_attachment_content'])
+	if ($config['check_attachment_content'] && isset($config['mime_triggers']))
 	{
 		$upload->set_disallowed_content(explode('|', $config['mime_triggers']));
 	}
@@ -1479,7 +1479,7 @@ function delete_post($forum_id, $topic_id, $post_id, &$data)
 		break;
 
 		case 'delete_first_post':
-			$sql = 'SELECT p.post_id, p.poster_id, p.post_username, u.username, u.user_colour
+			$sql = 'SELECT p.post_id, p.poster_id, p.post_time, p.post_username, u.username, u.user_colour
 				FROM ' . POSTS_TABLE . ' p, ' . USERS_TABLE . " u
 				WHERE p.topic_id = $topic_id
 					AND p.poster_id = u.user_id
@@ -1493,7 +1493,7 @@ function delete_post($forum_id, $topic_id, $post_id, &$data)
 				$sql_data[FORUMS_TABLE] = ($data['post_approved']) ? 'forum_posts = forum_posts - 1' : '';
 			}
 
-			$sql_data[TOPICS_TABLE] = 'topic_poster = ' . intval($row['poster_id']) . ', topic_first_post_id = ' . intval($row['post_id']) . ", topic_first_poster_colour = '" . $db->sql_escape($row['user_colour']) . "', topic_first_poster_name = '" . (($row['poster_id'] == ANONYMOUS) ? $db->sql_escape($row['post_username']) : $db->sql_escape($row['username'])) . "'";
+			$sql_data[TOPICS_TABLE] = 'topic_poster = ' . intval($row['poster_id']) . ', topic_first_post_id = ' . intval($row['post_id']) . ", topic_first_poster_colour = '" . $db->sql_escape($row['user_colour']) . "', topic_first_poster_name = '" . (($row['poster_id'] == ANONYMOUS) ? $db->sql_escape($row['post_username']) : $db->sql_escape($row['username'])) . "', topic_time = " . (int) $row['post_time'];
 
 			// Decrementing topic_replies here is fine because this case only happens if there is more than one post within the topic - basically removing one "reply"
 			$sql_data[TOPICS_TABLE] .= ', topic_replies_real = topic_replies_real - 1' . (($data['post_approved']) ? ', topic_replies = topic_replies - 1' : '');
@@ -1870,9 +1870,9 @@ function submit_post($mode, $subject, $username, $topic_type, &$poll, &$data, $u
 
 		case 'edit_topic':
 		case 'edit_first_post':
-			if (isset($poll['poll_options']) && !empty($poll['poll_options']))
+			if (isset($poll['poll_options']))
 			{
-				$poll_start = ($poll['poll_start']) ? $poll['poll_start'] : $current_time;
+				$poll_start = ($poll['poll_start'] || empty($poll['poll_options'])) ? $poll['poll_start'] : $current_time;
 				$poll_length = $poll['poll_length'] * 86400;
 				if ($poll_length < 0)
 				{
@@ -2075,11 +2075,11 @@ function submit_post($mode, $subject, $username, $topic_type, &$poll, &$data, $u
 	}
 
 	// Update Poll Tables
-	if (isset($poll['poll_options']) && !empty($poll['poll_options']))
+	if (isset($poll['poll_options']))
 	{
 		$cur_poll_options = array();
 
-		if ($poll['poll_start'] && $mode == 'edit')
+		if ($mode == 'edit')
 		{
 			$sql = 'SELECT *
 				FROM ' . POLL_OPTIONS_TABLE . '
@@ -2611,4 +2611,106 @@ function submit_post($mode, $subject, $username, $topic_type, &$poll, &$data, $u
 	return $url;
 }
 
+/**
+* Handle topic bumping
+* @param int $forum_id The ID of the forum the topic is being bumped belongs to
+* @param int $topic_id The ID of the topic is being bumping
+* @param array $post_data Passes some topic parameters:
+*				- 'topic_title'
+*				- 'topic_last_post_id'
+*				- 'topic_last_poster_id'
+*				- 'topic_last_post_subject'
+*				- 'topic_last_poster_name'
+*				- 'topic_last_poster_colour'
+* @param int $bump_time The time at which topic was bumped, usually it is a current time as obtained via time(). 
+* @return string An URL to the bumped topic, example: ./viewtopic.php?forum_id=1&amptopic_id=2&ampp=3#p3
+*/
+function phpbb_bump_topic($forum_id, $topic_id, $post_data, $bump_time = false)
+{
+	global $config, $db, $user, $phpEx, $phpbb_root_path;
+
+	if ($bump_time === false)
+	{
+		$bump_time = time();
+	}
+
+	// Begin bumping
+	$db->sql_transaction('begin');
+
+	// Update the topic's last post post_time
+	$sql = 'UPDATE ' . POSTS_TABLE . "
+		SET post_time = $bump_time
+		WHERE post_id = {$post_data['topic_last_post_id']}
+			AND topic_id = $topic_id";
+	$db->sql_query($sql);
+
+	// Sync the topic's last post time, the rest of the topic's last post data isn't changed
+	$sql = 'UPDATE ' . TOPICS_TABLE . "
+		SET topic_last_post_time = $bump_time,
+			topic_bumped = 1,
+			topic_bumper = " . $user->data['user_id'] . "
+		WHERE topic_id = $topic_id";
+	$db->sql_query($sql);
+
+	// Update the forum's last post info
+	$sql = 'UPDATE ' . FORUMS_TABLE . "
+		SET forum_last_post_id = " . $post_data['topic_last_post_id'] . ",
+			forum_last_poster_id = " . $post_data['topic_last_poster_id'] . ",
+			forum_last_post_subject = '" . $db->sql_escape($post_data['topic_last_post_subject']) . "',
+			forum_last_post_time = $bump_time,
+			forum_last_poster_name = '" . $db->sql_escape($post_data['topic_last_poster_name']) . "',
+			forum_last_poster_colour = '" . $db->sql_escape($post_data['topic_last_poster_colour']) . "'
+		WHERE forum_id = $forum_id";
+	$db->sql_query($sql);
+
+	// Update bumper's time of the last posting to prevent flood
+	$sql = 'UPDATE ' . USERS_TABLE . "
+		SET user_lastpost_time = $bump_time
+		WHERE user_id = " . $user->data['user_id'];
+	$db->sql_query($sql);
+
+	$db->sql_transaction('commit');
+
+	// Mark this topic as posted to
+	markread('post', $forum_id, $topic_id, $bump_time);
+
+	// Mark this topic as read
+	markread('topic', $forum_id, $topic_id, $bump_time);
+
+	// Update forum tracking info
+	if ($config['load_db_lastread'] && $user->data['is_registered'])
+	{
+		$sql = 'SELECT mark_time
+			FROM ' . FORUMS_TRACK_TABLE . '
+			WHERE user_id = ' . $user->data['user_id'] . '
+				AND forum_id = ' . $forum_id;
+		$result = $db->sql_query($sql);
+		$f_mark_time = (int) $db->sql_fetchfield('mark_time');
+		$db->sql_freeresult($result);
+	}
+	else if ($config['load_anon_lastread'] || $user->data['is_registered'])
+	{
+		$f_mark_time = false;
+	}
+
+	if (($config['load_db_lastread'] && $user->data['is_registered']) || $config['load_anon_lastread'] || $user->data['is_registered'])
+	{
+		// Update forum info
+		$sql = 'SELECT forum_last_post_time
+			FROM ' . FORUMS_TABLE . '
+			WHERE forum_id = ' . $forum_id;
+		$result = $db->sql_query($sql);
+		$forum_last_post_time = (int) $db->sql_fetchfield('forum_last_post_time');
+		$db->sql_freeresult($result);
+
+		update_forum_tracking_info($forum_id, $forum_last_post_time, $f_mark_time, false);
+	}
+
+	add_log('mod', $forum_id, $topic_id, 'LOG_BUMP_TOPIC', $post_data['topic_title']);
+
+	$url = append_sid("{$phpbb_root_path}viewtopic.$phpEx", "f=$forum_id&amp;t=$topic_id&amp;p={$post_data['topic_last_post_id']}") . "#p{$post_data['topic_last_post_id']}";
+
+	return $url;
+}
+
 ?>

phpBB/includes/functions_privmsgs.php

@@ -1607,7 +1607,7 @@ function submit_pm($mode, $subject, &$data, $put_in_outbox = true)
 	// Send Notifications
 	if ($mode != 'edit')
 	{
-		pm_notification($mode, $data['from_username'], $recipients, $subject, $data['message']);
+		pm_notification($mode, $data['from_username'], $recipients, $subject, $data['message'], $data['msg_id']);
 	}
 
 	return $data['msg_id'];
@@ -1616,7 +1616,7 @@ function submit_pm($mode, $subject, &$data, $put_in_outbox = true)
 /**
 * PM Notification
 */
-function pm_notification($mode, $author, $recipients, $subject, $message)
+function pm_notification($mode, $author, $recipients, $subject, $message, $msg_id)
 {
 	global $db, $user, $config, $phpbb_root_path, $phpEx, $auth;
 
@@ -1688,8 +1688,9 @@ function pm_notification($mode, $author, $recipients, $subject, $message)
 			'AUTHOR_NAME'	=> htmlspecialchars_decode($author),
 			'USERNAME'		=> htmlspecialchars_decode($addr['name']),
 
-			'U_INBOX'		=> generate_board_url() . "/ucp.$phpEx?i=pm&folder=inbox")
-		);
+			'U_INBOX'			=> generate_board_url() . "/ucp.$phpEx?i=pm&folder=inbox",
+			'U_VIEW_MESSAGE'	=> generate_board_url() . "/ucp.$phpEx?i=pm&mode=view&p=$msg_id",
+		));
 
 		$messenger->send($addr['method']);
 	}

phpBB/includes/functions_profile_fields.php

@@ -149,7 +149,18 @@ class custom_profile
 
 			case FIELD_DROPDOWN:
 				$field_value = (int) $field_value;
-			
+
+				// retrieve option lang data if necessary
+				if (!isset($this->options_lang[$field_data['field_id']]) || !isset($this->options_lang[$field_data['field_id']][$field_data['lang_id']]) || !sizeof($this->options_lang[$file_data['field_id']][$field_data['lang_id']]))
+				{
+					$this->get_option_lang($field_data['field_id'], $field_data['lang_id'], FIELD_DROPDOWN, false);
+				}
+
+				if (!isset($this->options_lang[$field_data['field_id']][$field_data['lang_id']][$field_value]))
+				{
+					return 'FIELD_INVALID_VALUE';
+				}
+
 				if ($field_value == $field_data['field_novalue'] && $field_data['field_required'])
 				{
 					return 'FIELD_REQUIRED';
@@ -302,6 +313,7 @@ class custom_profile
 				switch ($cp_result)
 				{
 					case 'FIELD_INVALID_DATE':
+					case 'FIELD_INVALID_VALUE':
 					case 'FIELD_REQUIRED':
 						$error = sprintf($user->lang[$cp_result], $row['lang_name']);
 					break;

phpBB/includes/functions_template.php

@@ -322,7 +322,7 @@ class template_compile
 		// Is the designer wanting to call another loop in a loop?
 		if (strpos($tag_args, '!') === 0)
 		{
-			// Count the number if ! occurrences (not allowed in vars)
+			// Count the number of ! occurrences (not allowed in vars)
 			$no_nesting = substr_count($tag_args, '!');
 			$tag_args = substr($tag_args, $no_nesting);
 		}

phpBB/includes/functions_transfer.php

@@ -808,23 +808,56 @@ class ftp_fsock extends transfer
 	*/
 	function _open_data_connection()
 	{
-		$this->_send_command('PASV', '', false);
-
-		if (!$ip_port = $this->_check_command(true))
+		// Try to find out whether we have a IPv4 or IPv6 (control) connection
+		if (function_exists('stream_socket_get_name'))
 		{
-			return false;
+			$socket_name = stream_socket_get_name($this->connection, true);
+			$server_ip = substr($socket_name, 0, strrpos($socket_name, ':'));
 		}
 
-		// open the connection to start sending the file
-		if (!preg_match('#[0-9]{1,3},[0-9]{1,3},[0-9]{1,3},[0-9]{1,3},[0-9]+,[0-9]+#', $ip_port, $temp))
+		if (!isset($server_ip) || preg_match(get_preg_expression('ipv4'), $server_ip))
 		{
-			// bad ip and port
-			return false;
+			// Passive mode
+			$this->_send_command('PASV', '', false);
+
+			if (!$ip_port = $this->_check_command(true))
+			{
+				return false;
+			}
+
+			// open the connection to start sending the file
+			if (!preg_match('#[0-9]{1,3},[0-9]{1,3},[0-9]{1,3},[0-9]{1,3},[0-9]+,[0-9]+#', $ip_port, $temp))
+			{
+				// bad ip and port
+				return false;
+			}
+
+			$temp = explode(',', $temp[0]);
+			$server_ip = $temp[0] . '.' . $temp[1] . '.' . $temp[2] . '.' . $temp[3];
+			$server_port = $temp[4] * 256 + $temp[5];
+		}
+		else
+		{
+			// Extended Passive Mode - RFC2428
+			$this->_send_command('EPSV', '', false);
+
+			if (!$epsv_response = $this->_check_command(true))
+			{
+				return false;
+			}
+
+			// Response looks like "229 Entering Extended Passive Mode (|||12345|)"
+			// where 12345 is the tcp port for the data connection
+			if (!preg_match('#\(\|\|\|([0-9]+)\|\)#', $epsv_response, $match))
+			{
+				return false;
+			}
+			$server_port = (int) $match[1];
+
+			// fsockopen expects IPv6 address in square brackets
+			$server_ip = "[$server_ip]";
 		}
 
-		$temp = explode(',', $temp[0]);
-		$server_ip = $temp[0] . '.' . $temp[1] . '.' . $temp[2] . '.' . $temp[3];
-		$server_port = $temp[4] * 256 + $temp[5];
 		$errno = 0;
 		$errstr = '';
 

phpBB/includes/functions_upload.php

@@ -458,7 +458,7 @@ class fileerror extends filespec
 class fileupload
 {
 	var $allowed_extensions = array();
-	var $disallowed_content = array();
+	var $disallowed_content = array('body', 'head', 'html', 'img', 'plaintext', 'a href', 'pre', 'script', 'table', 'title'); 
 	var $max_filesize = 0;
 	var $min_width = 0;
 	var $min_height = 0;
@@ -539,7 +539,7 @@ class fileupload
 	{
 		if ($disallowed_content !== false && is_array($disallowed_content))
 		{
-			$this->disallowed_content = $disallowed_content;
+			$this->disallowed_content = array_diff($disallowed_content, array(''));
 		}
 	}
 

phpBB/includes/functions_user.php

@@ -482,44 +482,6 @@ function user_delete($mode, $user_id, $post_username = false)
 				include($phpbb_root_path . 'includes/functions_admin.' . $phpEx);
 			}
 
-			$sql = 'SELECT topic_id, COUNT(post_id) AS total_posts
-				FROM ' . POSTS_TABLE . "
-				WHERE poster_id = $user_id
-				GROUP BY topic_id";
-			$result = $db->sql_query($sql);
-
-			$topic_id_ary = array();
-			while ($row = $db->sql_fetchrow($result))
-			{
-				$topic_id_ary[$row['topic_id']] = $row['total_posts'];
-			}
-			$db->sql_freeresult($result);
-
-			if (sizeof($topic_id_ary))
-			{
-				$sql = 'SELECT topic_id, topic_replies, topic_replies_real
-					FROM ' . TOPICS_TABLE . '
-					WHERE ' . $db->sql_in_set('topic_id', array_keys($topic_id_ary));
-				$result = $db->sql_query($sql);
-
-				$del_topic_ary = array();
-				while ($row = $db->sql_fetchrow($result))
-				{
-					if (max($row['topic_replies'], $row['topic_replies_real']) + 1 == $topic_id_ary[$row['topic_id']])
-					{
-						$del_topic_ary[] = $row['topic_id'];
-					}
-				}
-				$db->sql_freeresult($result);
-
-				if (sizeof($del_topic_ary))
-				{
-					$sql = 'DELETE FROM ' . TOPICS_TABLE . '
-						WHERE ' . $db->sql_in_set('topic_id', $del_topic_ary);
-					$db->sql_query($sql);
-				}
-			}
-
 			// Delete posts, attachments, etc.
 			delete_posts('poster_id', $user_id);
 
@@ -771,7 +733,7 @@ function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reas
 			}
 			else
 			{
-				trigger_error('LENGTH_BAN_INVALID');
+				trigger_error('LENGTH_BAN_INVALID', E_USER_WARNING);
 			}
 		}
 	}
@@ -831,7 +793,7 @@ function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reas
 			// Make sure we have been given someone to ban
 			if (!sizeof($sql_usernames))
 			{
-				trigger_error('NO_USER_SPECIFIED');
+				trigger_error('NO_USER_SPECIFIED', E_USER_WARNING);
 			}
 
 			$sql = 'SELECT user_id
@@ -862,7 +824,7 @@ function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reas
 			else
 			{
 				$db->sql_freeresult($result);
-				trigger_error('NO_USERS');
+				trigger_error('NO_USERS', E_USER_WARNING);
 			}
 			$db->sql_freeresult($result);
 		break;
@@ -964,7 +926,7 @@ function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reas
 
 				if (empty($banlist_ary))
 				{
-					trigger_error('NO_IPS_DEFINED');
+					trigger_error('NO_IPS_DEFINED', E_USER_WARNING);
 				}
 			}
 		break;
@@ -992,12 +954,12 @@ function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reas
 
 			if (sizeof($ban_list) == 0)
 			{
-				trigger_error('NO_EMAILS_DEFINED');
+				trigger_error('NO_EMAILS_DEFINED', E_USER_WARNING);
 			}
 		break;
 
 		default:
-			trigger_error('NO_MODE');
+			trigger_error('NO_MODE', E_USER_WARNING);
 		break;
 	}
 
@@ -1459,6 +1421,31 @@ function validate_match($string, $optional = false, $match = '')
 	return false;
 }
 
+/**
+* Validate Language Pack ISO Name
+*
+* Tests whether a language name is valid and installed
+*
+* @param string $lang_iso	The language string to test
+*
+* @return bool|string		Either false if validation succeeded or
+*							a string which will be used as the error message
+*							(with the variable name appended)
+*/
+function validate_language_iso_name($lang_iso)
+{
+	global $db;
+
+	$sql = 'SELECT lang_id
+		FROM ' . LANG_TABLE . "
+		WHERE lang_iso = '" . $db->sql_escape($lang_iso) . "'";
+	$result = $db->sql_query($sql);
+	$lang_id = (int) $db->sql_fetchfield('lang_id');
+	$db->sql_freeresult($result);
+
+	return ($lang_id) ? false : 'WRONG_DATA';
+}
+
 /**
 * Check to see if the username has been taken, or if it is disallowed.
 * Also checks if it includes the " character, which we don't allow in usernames.
@@ -1618,8 +1605,9 @@ function validate_password($password)
 {
 	global $config, $db, $user;
 
-	if (!$password)
+	if ($password === '' || $config['pass_complex'] === 'PASS_TYPE_ANY')
 	{
+		// Password empty or no password complexity required.
 		return false;
 	}
 
@@ -1630,7 +1618,6 @@ function validate_password($password)
 	{
 		$upp = '\p{Lu}';
 		$low = '\p{Ll}';
-		$let = '\p{L}';
 		$num = '\p{N}';
 		$sym = '[^\p{Lu}\p{Ll}\p{N}]';
 		$pcre = true;
@@ -1640,7 +1627,6 @@ function validate_password($password)
 		mb_regex_encoding('UTF-8');
 		$upp = '[[:upper:]]';
 		$low = '[[:lower:]]';
-		$let = '[[:lower:][:upper:]]';
 		$num = '[[:digit:]]';
 		$sym = '[^[:upper:][:lower:][:digit:]]';
 		$mbstring = true;
@@ -1649,7 +1635,6 @@ function validate_password($password)
 	{
 		$upp = '[A-Z]';
 		$low = '[a-z]';
-		$let = '[a-zA-Z]';
 		$num = '[0-9]';
 		$sym = '[^A-Za-z0-9]';
 		$pcre = true;
@@ -1659,22 +1644,22 @@ function validate_password($password)
 
 	switch ($config['pass_complex'])
 	{
+		// No break statements below ...
+		// We require strong passwords in case pass_complex is not set or is invalid
+		default:
+
+		// Require mixed case letters, numbers and symbols
+		case 'PASS_TYPE_SYMBOL':
+			$chars[] = $sym;
+
+		// Require mixed case letters and numbers
+		case 'PASS_TYPE_ALPHA':
+			$chars[] = $num;
+
+		// Require mixed case letters
 		case 'PASS_TYPE_CASE':
 			$chars[] = $low;
 			$chars[] = $upp;
-		break;
-
-		case 'PASS_TYPE_ALPHA':
-			$chars[] = $let;
-			$chars[] = $num;
-		break;
-
-		case 'PASS_TYPE_SYMBOL':
-			$chars[] = $low;
-			$chars[] = $upp;
-			$chars[] = $num;
-			$chars[] = $sym;
-		break;
 	}
 
 	if ($pcre)
@@ -2080,7 +2065,7 @@ function avatar_upload($data, &$error)
 
 	// Init upload class
 	include_once($phpbb_root_path . 'includes/functions_upload.' . $phpEx);
-	$upload = new fileupload('AVATAR_', array('jpg', 'jpeg', 'gif', 'png'), $config['avatar_filesize'], $config['avatar_min_width'], $config['avatar_min_height'], $config['avatar_max_width'], $config['avatar_max_height'], explode('|', $config['mime_triggers']));
+	$upload = new fileupload('AVATAR_', array('jpg', 'jpeg', 'gif', 'png'), $config['avatar_filesize'], $config['avatar_min_width'], $config['avatar_min_height'], $config['avatar_max_width'], $config['avatar_max_height'], (isset($config['mime_triggers']) ? explode('|', $config['mime_triggers']) : false));
 
 	if (!empty($_FILES['uploadfile']['name']))
 	{

phpBB/includes/mcp/mcp_front.php

@@ -350,7 +350,7 @@ function mcp_front_view($id, $mode, $action)
 			// Add forum_id 0 for global announcements
 			$forum_list[] = 0;
 
-			$log_count = 0;
+			$log_count = false;
 			$log = array();
 			view_log('mod', $log, $log_count, 5, 0, $forum_list);
 

phpBB/includes/mcp/mcp_logs.php

@@ -170,7 +170,7 @@ class mcp_logs
 		// Grab log data
 		$log_data = array();
 		$log_count = 0;
-		view_log('mod', $log_data, $log_count, $config['topics_per_page'], $start, $forum_list, $topic_id, 0, $sql_where, $sql_sort, $keywords);
+		$start = view_log('mod', $log_data, $log_count, $config['topics_per_page'], $start, $forum_list, $topic_id, 0, $sql_where, $sql_sort, $keywords);
 
 		$template->assign_vars(array(
 			'PAGE_NUMBER'		=> on_page($log_count, $config['topics_per_page'], $start),
@@ -179,7 +179,7 @@ class mcp_logs
 
 			'L_TITLE'			=> $user->lang['MCP_LOGS'],
 
-			'U_POST_ACTION'			=> $this->u_action,
+			'U_POST_ACTION'			=> $this->u_action . "&$u_sort_param$keywords_param&start=$start",
 			'S_CLEAR_ALLOWED'		=> ($auth->acl_get('a_clearlogs')) ? true : false,
 			'S_SELECT_SORT_DIR'		=> $s_sort_dir,
 			'S_SELECT_SORT_KEY'		=> $s_sort_key,