Merge branch 'prep-release-3.0.9'

* prep-release-3.0.9: (359 commits)
  [prep-release-3.0.9] Bumping version number for 3.0.9 final.
  [prep-release-3.0.9] Update Changelog for 3.0.9-RC4 release.
  [prep-release-3.0.9] Decreasing version for an RC4 release.
  [ticket/9859] Changing all phpBB footers to match the new credit line
  [ticket/9859] New footer copyright line with registered symbol
  [ticket/10250] The site_logo hash is different depending on imageset & language
  [ticket/10250] Destroy cached md5 hash of site_logo on refreshing an imageset
  [ticket/10250] Overwrite the site_logo width&height when the phpbb logo is used
  [ticket/10247] Remove attempt_id as primary key from database_update.php
  [ticket/10250] Added the new phpBB Logo with the Registered Trademark Symbol
  [ticket/10247] Use COUNT(*) instead of COUNT(attempt_id)
  [prep-release-3.0.9] Update Changelog for 3.0.9 release.
  [prep-release-3.0.9] Bumping version number for the final 3.0.9 release.
  [ticket/10247] Removing attempt_id column from the 3.0.8 to 3.0.9-RC1 updater.
  [ticket/10247] Add a db_tools test for the removal of a primary key column.
  [ticket/10247] Add empty data section to database update for RC4
  [ticket/10247] Remove unecessary attempt_id primary key column
  [prep-release-3.0.9] Bump database version to RC3 too.
  [prep-release-3.0.9] Update Changelog for 3.0.9-RC3 release.
  [prep-release-3.0.9] Bumping version number for 3.0.9-RC3.
  ...

.gitignore

@@ -1,8 +1,12 @@
 *~
+phpunit.xml
 phpBB/cache/*.php
+phpBB/cache/queue.php.lock
 phpBB/config.php
 phpBB/files/*
+phpBB/images/avatars/gallery/*
 phpBB/images/avatars/upload/*
 phpBB/store/*
 tests/phpbb_unit_tests.sqlite2
 tests/test_config.php
+tests/utf/data/*.txt

README.md

@@ -0,0 +1,20 @@
+[![phpBB](http://www.phpbb.com/theme/images/logos/blue/160x52.png)](http://www.phpbb.com)
+
+## ABOUT
+
+phpBB is a free bulletin board written in PHP.
+
+## COMMUNITY
+
+Find support and lots more on [phpBB.com](http://www.phpbb.com)! Discuss the development on [area51](http://area51.phpbb.com/phpBB/index.php).
+
+## CONTRIBUTE
+
+1. [Create an account on phpBB.com](http://www.phpbb.com/community/ucp.php?mode=register)
+2. [Create a ticket (unless there already is one)](http://tracker.phpbb.com/secure/CreateIssue!default.jspa)
+3. [Read our Git Contribution Guidelines](http://wiki.phpbb.com/Git); if you're new to git, also read [the introduction guide](http://wiki.phpbb.com/display/DEV/Working+with+Git)
+4. Send us a pull request
+
+## LICENSE
+
+[GNU General Public License v2](http://opensource.org/licenses/gpl-2.0.php)

build/build.xml

@@ -2,9 +2,9 @@
 
 <project name="phpBB" description="The phpBB forum software" default="all" basedir="../">
 	<!-- a few settings for the build -->
-	<property name="newversion" value="3.0.8" />
-	<property name="prevversion" value="3.0.8-RC1" />
-	<property name="olderversions" value="3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.0.7-PL1" />
+	<property name="newversion" value="3.0.9" />
+	<property name="prevversion" value="3.0.8" />
+	<property name="olderversions" value="3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.0.7, 3.0.7-PL1, 3.0.9-RC1, 3.0.9-RC2, 3.0.9-RC3, 3.0.9-RC4" />
 	<!-- no configuration should be needed beyond this point -->
 
 	<property name="oldversions" value="${olderversions}, ${prevversion}" />
@@ -12,7 +12,8 @@
 
 	<!-- These are the main targets which you will probably want to use -->
 	<target name="package" depends="clean,prepare,create-package" />
-	<target name="all" depends="clean,prepare,test,create-package" />
+	<target name="all" depends="clean,prepare,test,docs,create-package" />
+	<target name="build" depends="clean,prepare,test,docs" />
 
 	<target name="prepare">
 		<mkdir dir="build/logs" />
@@ -42,12 +43,11 @@
 		<delete dir="build/save" />
 	</target>
 
-	<target name="test">
-		<exec dir="tests"
-			command="phpunit --log-junit ../build/logs/phpunit.xml
-			--coverage-clover ../build/logs/clover.xml
-			--coverage-html ../build/coverage
-			phpbb_all_tests all_tests.php"
+	<target name="test" depends="clean,prepare">
+		<exec dir="."
+			command="phpunit --log-junit build/logs/phpunit.xml
+			--coverage-clover build/logs/clover.xml
+			--coverage-html build/coverage"
 			passthru="true" />
 
 
@@ -64,6 +64,18 @@
 		-->
 	</target>
 
+	<target name="docs">
+		<!-- only works if you setup phpdoctor:
+                     git clone https://github.com/peej/phpdoctor.git
+                     and then create an executable phpdoctor in your path containing
+                     #!/bin/sh
+                     php -f /path/to/phpdoctor/phpdoc.php $@
+                -->
+		<exec dir="build"
+			command="phpdoctor phpdoc-phpbb.ini"
+			passthru="true" />
+	</target>
+
 	<target name="old-version-diffs">
 		<foreach list="${oldversions}" param="version" target="old-version-diff" />
 	</target>
@@ -121,7 +133,7 @@
 	-->
 	<target name="export">
 		<exec dir="phpBB"
-			command="git archive ${revision} | tar -x -C ../${dir}"
+			command="git archive ${revision} | tar -xf - -C ../${dir}"
 			checkreturn="true" />
 		<delete file="${dir}/config.php" />
 		<delete dir="${dir}/develop" />
@@ -129,8 +141,8 @@
 
 		<echo msg="Setting permissions for checkout of ${revision} in ${dir}" />
 		<!-- set permissions of all files to 644, directories to 755 -->
-		<exec dir="${dir}" command="find -type f|xargs chmod 644" escape="false" />
-		<exec dir="${dir}" command="find -type d|xargs chmod 755" escape="false" />
+		<exec dir="${dir}" command="find . -type f|xargs chmod 644" escape="false" />
+		<exec dir="${dir}" command="find . -type d|xargs chmod 755" escape="false" />
 		<!-- set permissions of some directories to 777 -->
 		<chmod mode="0777" file="${dir}/cache" />
 		<chmod mode="0777" file="${dir}/store" />

build/build_helper.php

@@ -177,7 +177,7 @@ class build_package
 			}
 
 			// Is binary?
-			if (preg_match('/^Binary files ' . $package_name . '\/(.*) and [a-z0-9_-]+\/\1 differ/i', $line, $match))
+			if (preg_match('/^Binary files ' . $package_name . '\/(.*) and [a-z0-9._-]+\/\1 differ/i', $line, $match))
 			{
 				$binary[] = trim($match[1]);
 			}

build/phpdoc-phpbb.ini

@@ -0,0 +1,145 @@
+; Default configuration file for PHPDoctor
+
+; This config file will cause PHPDoctor to generate API documentation of
+; itself.
+
+
+; PHPDoctor settings
+; -----------------------------------------------------------------------------
+
+; Names of files to parse. This can be a single filename, or a comma separated
+; list of filenames. Wildcards are allowed.
+
+files = "*.php"
+
+; Names of files or directories to ignore. This can be a single filename, or a
+; comma separated list of filenames. Wildcards are NOT allowed.
+
+;ignore = "CVS, .svn, .git, _compiled"
+ignore = templates_c/,*HTML/default/*,spec/,*config.php*,*CVS/,test_chora.php,testupdate/,cache/,store/,*proSilver/,develop/,includes/utf/data/,includes/captcha/fonts/,install/update/,install/update.new/,files/,*phpinfo.php*,*update_script.php*,*upgrade.php*,*convert.php*,install/converter/,language/de/,script/,*swatch.php*,*test.php*,*test2.php*,*install.php*,*functions_diff.php*,*acp_update.php*,acm_xcache.php
+
+; The directory to look for files in, if not used the PHPDoctor will look in
+; the current directory (the directory it is run from).
+
+source_path = "../phpBB/"
+
+; If you do not want PHPDoctor to look in each sub directory for files
+; uncomment this line.
+
+;subdirs = off
+
+; Set how loud PHPDoctor is as it runs. Quiet mode suppresses all output other
+; than warnings and errors. Verbose mode outputs additional messages during
+; execution.
+
+quiet = on
+;verbose = on
+
+; Select the doclet to use for generating output.
+
+doclet = standard
+;doclet = debug
+
+; The directory to find the doclet in. Doclets control the HTML output of
+; phpDoctor and can be modified to suit your needs. They are expected to be 
+; in a directory named after themselves at the location given.
+
+;doclet_path = ./doclets
+
+; Select the formatter to use for generating output.
+
+;formatter = htmlStandardFormatter
+
+; The directory to find the formatter in. Formatters convert textual markup
+; for use by the doclet.
+
+;formatter_path = ./formatters
+
+; The directory to find taglets in. Taglets allow you to make PHPDoctor handle
+; new tags and to alter the behavour of existing tags and their output.
+
+;taglet_path = ./taglets
+
+; If the code you are parsing does not use package tags or not all elements
+; have package tags, use this setting to place unbound elements into a
+; particular package.
+
+default_package = "phpBB"
+
+use_class_path_as_package = off
+
+ignore_package_tags = off
+
+; Specifies the name of a HTML file containing text for the overview
+; documentation to be placed on the overview page. The path is relative to
+; "source_path" unless an absolute path is given.
+
+overview = ../README.md
+
+; Package comments will be looked for in a file named package.html in the same
+; directory as the first source file parsed in that package or in the directory
+; given below. If package comments are placed in the directory given below then
+; they should be named "<packageName>.html".
+
+package_comment_dir = ./
+
+; Parse out global variables and/or global constants?
+
+;globals = off
+;constants = off
+
+; Generate documentation for all class members
+
+;private = on
+
+; Generate documentation for public and protected class members
+
+;protected = on
+
+; Generate documentation for only public class members
+
+;public = on
+
+; Use the PEAR compatible handling of the docblock first sentence
+
+;pear_compat = on
+
+; Standard doclet settings
+; -----------------------------------------------------------------------------
+
+; The directory to place generated documentation in. If the given path is
+; relative to it will be relative to "source_path".
+
+d = "../build/api/"
+
+; Specifies the title to be placed in the HTML <title> tag.
+
+windowtitle = "phpBB3"
+
+; Specifies the title to be placed near the top of the overview summary file.
+
+doctitle = "phpBB3 Sourcecode Documentation"
+
+; Specifies the header text to be placed at the top of each output file. The
+; header will be placed to the right of the upper navigation bar. 
+
+header = "phpBB3"
+
+; Specifies the footer text to be placed at the bottom of each output file. The
+; footer will be placed to the right of the lower navigation bar.
+
+footer = "phpBB3"
+
+; Specifies the text to be placed at the bottom of each output file. The text
+; will be placed at the bottom of the page, below the lower navigation bar.
+
+;bottom = "This document was generated by <a href="http://peej.github.com/phpdoctor/">PHPDoctor: The PHP Documentation Creator</a>"
+
+; Create a class tree?
+
+;tree = off
+
+; Use GeSHi to include formatted source files in the documentation. PHPDoctor will look in the current doclet directory for a /geshi subdirectory. Unpack the GeSHi archive from http://qbnz.com/highlighter to get this directory - it will contain a php script and a subdirectory with formatting files.
+
+include_source = off
+

git-tools/hooks/commit-msg

@@ -55,12 +55,24 @@ quit()
 	fi
 }
 
-msg=$(grep -nE '.{81,}' "$1");
+# Check for empty commit message
+if ! grep -qv '^#' "$1"
+then
+	# Commit message is empty (or contains only comments).
+	# Let git handle this.
+	# It will abort with a message like so:
+	#
+	# Aborting commit due to empty commit message.
+	exit 0
+fi
+
+msg=$(grep -v '^#' "$1" |grep -nE '.{81,}')
 
 if [ $? -eq 0 ]
 then
-	echo "The following lines are greater than 80 characters long:\n" >&2;
-	echo $msg >&2;
+	echo "The following lines are greater than 80 characters long:" >&2;
+	echo >&2
+	echo "$msg" >&2;
 
 	quit $ERR_LENGTH;
 fi
@@ -107,7 +119,19 @@ do
 		case $expect in
 			"header")
 				err=$ERR_HEADER;
-				echo "$line" | grep -Eq "^\[(ticket/[0-9]+|feature/$branch_regex|task/$branch_regex)\] [A-Z].+$"
+				echo "$line" | grep -Eq "^\[(ticket/[0-9]+|feature/$branch_regex|task/$branch_regex)\] .+$"
+				result=$?
+				if ! echo "$line" | grep -Eq "^\[(ticket/[0-9]+|feature/$branch_regex|task/$branch_regex)\] [A-Z].+$"
+				then
+					# Don't be too strict.
+					# Commits may be temporary, intended to be squashed later.
+					# Just issue a warning here.
+					echo "Warning: heading should be a sentence beginning with a capital letter." 1>&2
+					echo "You entered:" 1>&2
+					echo "$line" 1>&2
+				fi
+				# restore exit code
+				(exit $result)
 			;;
 			"empty")
 				err=$ERR_EMPTY;
@@ -128,6 +152,10 @@ do
 				# Should not end up here
 				false
 			;;
+			"possibly-eof")
+				# Allow empty and/or comment lines at the end
+				! tail -n +"$i" "$1" |grep -qvE '^($|#)'
+			;;
 			"comment")
 				echo "$line" | grep -Eq "^#";
 			;;
@@ -188,7 +216,7 @@ do
 				in_description=1;
 			;;
 			"footer")
-				expecting="footer eof";
+				expecting="footer possibly-eof";
 				if [ "$tickets" = "" ]
 				then
 					tickets="$line";
@@ -199,6 +227,9 @@ do
 			"comment")
 				# Comments should expect the same thing again
 			;;
+			"possibly-eof")
+				expecting="eof";
+			;;
 			*)
 				echo "Unrecognised token $expect" >&2;
 				quit 254;

git-tools/hooks/prepare-commit-msg

@@ -35,8 +35,8 @@ then
 	# Branch is prefixed with 'ticket/', append ticket ID to message
 	if [ "$branch" != "${branch##ticket/}" ];
 	then
-		tail="\n\nPHPBB3-${branch##ticket/}";
+		tail="$(printf "\n\nPHPBB3-${branch##ticket/}")";
 	fi
 
-	echo "[$branch]$tail $(cat "$1")" > "$1"
+	echo "[$branch] $tail$(cat "$1")" > "$1"
 fi

git-tools/merge.php

@@ -0,0 +1,175 @@
+#!/usr/bin/env php
+<?php
+/**
+*
+* @package phpBB3
+* @copyright (c) 2011 phpBB Group
+* @license http://opensource.org/licenses/gpl-license.php GNU Public License
+*
+*/
+
+function show_usage()
+{
+	$filename = basename(__FILE__);
+
+	echo "$filename merges a github pull request.\n";
+	echo "\n";
+
+	echo "Usage: [php] $filename -p pull_request_id [OPTIONS]\n";
+	echo "\n";
+
+	echo "Options:\n";
+	echo " -p pull_request_id             The pull request id to be merged (mandatory)\n";
+	echo " -r remote                      Remote of upstream, defaults to 'upstream' (optional)\n";
+	echo " -d                             Outputs the commands instead of running them (optional)\n";
+	echo " -h                             This help text\n";
+
+	exit(2);
+}
+
+// Handle arguments
+$opts = getopt('p:r:dh');
+
+if (empty($opts) || isset($opts['h']))
+{
+	show_usage();
+}
+
+$pull_id	= get_arg($opts, 'p', '');
+$remote		= get_arg($opts, 'r', 'upstream');
+$dry_run	= !get_arg($opts, 'd', true);
+
+try
+{
+	exit(work($pull_id, $remote));
+}
+catch (RuntimeException $e)
+{
+	echo $e->getMessage();
+	exit($e->getCode());
+}
+
+function work($pull_id, $remote)
+{
+	// Get some basic data
+	$pull = get_pull('phpbb', 'phpbb3', $pull_id);
+
+	if (!$pull_id)
+	{
+		show_usage();
+	}
+
+	if ($pull['state'] != 'open')
+	{
+		throw new RuntimeException(sprintf("Error: pull request is closed\n",
+			$target_branch), 5);
+	}
+
+	$pull_user = $pull['head'][0];
+	$pull_branch = $pull['head'][1];
+	$target_branch = $pull['base'][1];
+
+	switch ($target_branch)
+	{
+		case 'develop-olympus':
+			run("git checkout develop-olympus");
+			run("git pull $remote develop-olympus");
+
+			add_remote($pull_user, 'phpbb3');
+			run("git fetch $pull_user");
+			run("git merge --no-ff $pull_user/$pull_branch");
+			run("phpunit");
+
+			run("git checkout develop");
+			run("git pull $remote develop");
+			run("git merge --no-ff develop-olympus");
+			run("phpunit");
+		break;
+
+		case 'develop':
+			run("git checkout develop");
+			run("git pull $remote develop");
+
+			add_remote($pull_user, 'phpbb3');
+			run("git fetch $pull_user");
+			run("git merge --no-ff $pull_user/$pull_branch");
+			run("phpunit");
+		break;
+
+		default:
+			throw new RuntimeException(sprintf("Error: pull request target branch '%s' is not a main branch\n",
+				$target_branch), 5);
+		break;
+	}
+}
+
+function add_remote($username, $repository, $pushable = false)
+{
+	$url = get_repository_url($username, $repository, false);
+	run("git remote add $username $url", true);
+
+	if ($pushable)
+	{
+		$ssh_url = get_repository_url($username, $repository, true);
+		run("git remote set-url --push $username $ssh_url");
+	}
+}
+
+function get_repository_url($username, $repository, $ssh = false)
+{
+	$url_base = ($ssh) ? 'git@github.com:' : 'git://github.com/';
+
+	return $url_base . $username . '/' . $repository . '.git';
+}
+
+function api_request($query)
+{
+	$contents = file_get_contents("http://github.com/api/v2/json/$query");
+
+	if ($contents === false)
+	{
+		throw new RuntimeException("Error: failed to retrieve pull request data\n", 4);
+	}
+
+	return json_decode($contents);
+}
+
+function get_pull($username, $repository, $pull_id)
+{
+	$request = api_request("pulls/$username/$repository/$pull_id");
+
+	$pull = $request->pull;
+
+	$pull_data = array(
+		'base'  => array($pull->base->user->login, $pull->base->ref),
+		'head'  => array($pull->head->user->login, $pull->head->ref),
+		'state' => $pull->state,
+	);
+
+	return $pull_data;
+}
+
+function get_arg($array, $index, $default)
+{
+	return isset($array[$index]) ? $array[$index] : $default;
+}
+
+function run($cmd, $ignore_fail = false)
+{
+	global $dry_run;
+
+	if (!empty($dry_run))
+	{
+		echo "$cmd\n";
+	}
+	else
+	{
+		passthru(escapeshellcmd($cmd), $status);
+
+		if ($status != 0 && !$ignore_fail)
+		{
+			throw new RuntimeException(sprintf("Error: command '%s' failed with status %s'\n",
+				$cmd, $status), 6);
+		}
+	}
+}

git-tools/setup_github_network.php

@@ -0,0 +1,248 @@
+#!/usr/bin/env php
+<?php
+/**
+*
+* @package phpBB3
+* @copyright (c) 2011 phpBB Group
+* @license http://opensource.org/licenses/gpl-license.php GNU Public License
+*
+*/
+
+function show_usage()
+{
+	$filename = basename(__FILE__);
+
+	echo "$filename adds repositories of a github network as remotes to a local git repository.\n";
+	echo "\n";
+
+	echo "Usage: [php] $filename -s collaborators|organisation|contributors|network [OPTIONS]\n";
+	echo "\n";
+
+	echo "Scopes:\n";
+	echo "  collaborators                 Repositories of people who have push access to the specified repository\n";
+	echo "  contributors                  Repositories of people who have contributed to the specified repository\n";
+	echo "  organisation                  Repositories of members of the organisation at github\n";
+	echo "  network                       All repositories of the whole github network\n";
+	echo "\n";
+
+	echo "Options:\n";
+	echo " -s scope                       See description above (mandatory)\n";
+	echo " -u github_username             Overwrites the github username (optional)\n";
+	echo " -r repository_name             Overwrites the repository name (optional)\n";
+	echo " -m your_github_username        Sets up ssh:// instead of git:// for pushable repositories (optional)\n";
+	echo " -d                             Outputs the commands instead of running them (optional)\n";
+	echo " -h                             This help text\n";
+
+	exit(1);
+}
+
+// Handle arguments
+$opts = getopt('s:u:r:m:dh');
+
+if (empty($opts) || isset($opts['h']))
+{
+	show_usage();
+}
+
+$scope			= get_arg($opts, 's', '');
+$username		= get_arg($opts, 'u', 'phpbb');
+$repository 	= get_arg($opts, 'r', 'phpbb3');
+$developer		= get_arg($opts, 'm', '');
+$dry_run		= !get_arg($opts, 'd', true);
+run(null, $dry_run);
+exit(work($scope, $username, $repository, $developer));
+
+function work($scope, $username, $repository, $developer)
+{
+	// Get some basic data
+	$network		= get_network($username, $repository);
+	$collaborators	= get_collaborators($username, $repository);
+
+	if ($network === false || $collaborators === false)
+	{
+		echo "Error: failed to retrieve network or collaborators\n";
+		return 1;
+	}
+
+	switch ($scope)
+	{
+		case 'collaborators':
+			$remotes = array_intersect_key($network, $collaborators);
+		break;
+
+		case 'organisation':
+			$remotes = array_intersect_key($network, get_organisation_members($username));
+		break;
+
+		case 'contributors':
+			$remotes = array_intersect_key($network, get_contributors($username, $repository));
+		break;
+
+		case 'network':
+			$remotes = $network;
+		break;
+
+		default:
+			show_usage();
+	}
+
+	if (file_exists('.git'))
+	{
+		add_remote($username, $repository, isset($collaborators[$developer]));
+	}
+	else
+	{
+		clone_repository($username, $repository, isset($collaborators[$developer]));
+	}
+
+	// Add private security repository for developers
+	if ($username == 'phpbb' && $repository == 'phpbb3' && isset($collaborators[$developer]))
+	{
+		run("git remote add $username-security " . get_repository_url($username, "$repository-security", true));
+	}
+
+	// Skip blessed repository.
+	unset($remotes[$username]);
+
+	foreach ($remotes as $remote)
+	{
+		add_remote($remote['username'], $remote['repository'], $remote['username'] == $developer);
+	}
+
+	run('git remote update');
+}
+
+function clone_repository($username, $repository, $pushable = false)
+{
+	$url = get_repository_url($username, $repository, false);
+	run("git clone $url ./ --origin $username");
+
+	if ($pushable)
+	{
+		$ssh_url = get_repository_url($username, $repository, true);
+		run("git remote set-url --push $username $ssh_url");
+	}
+}
+
+function add_remote($username, $repository, $pushable = false)
+{
+	$url = get_repository_url($username, $repository, false);
+	run("git remote add $username $url");
+
+	if ($pushable)
+	{
+		$ssh_url = get_repository_url($username, $repository, true);
+		run("git remote set-url --push $username $ssh_url");
+	}
+}
+
+function get_repository_url($username, $repository, $ssh = false)
+{
+	$url_base = ($ssh) ? 'git@github.com:' : 'git://github.com/';
+
+	return $url_base . $username . '/' . $repository . '.git';
+}
+
+function api_request($query)
+{
+	$contents = file_get_contents("http://github.com/api/v2/json/$query");
+	if ($contents === false)
+	{
+		return false;
+	}
+	return json_decode($contents);
+}
+
+function get_contributors($username, $repository)
+{
+	$request = api_request("repos/show/$username/$repository/contributors");
+	if ($request === false)
+	{
+		return false;
+	}
+
+	$usernames = array();
+	foreach ($request->contributors as $contributor)
+	{
+		$usernames[$contributor->login] = $contributor->login;
+	}
+
+	return $usernames;
+}
+
+function get_organisation_members($username)
+{
+	$request = api_request("organizations/$username/public_members");
+	if ($request === false)
+	{
+		return false;
+	}
+
+	$usernames = array();
+	foreach ($request->users as $member)
+	{
+		$usernames[$member->login] = $member->login;
+	}
+
+	return $usernames;
+}
+
+function get_collaborators($username, $repository)
+{
+	$request = api_request("repos/show/$username/$repository/collaborators");
+	if ($request === false)
+	{
+		return false;
+	}
+
+	$usernames = array();
+	foreach ($request->collaborators as $collaborator)
+	{
+		$usernames[$collaborator] = $collaborator;
+	}
+
+	return $usernames;
+}
+
+function get_network($username, $repository)
+{
+	$request = api_request("repos/show/$username/$repository/network");
+	if ($request === false)
+	{
+		return false;
+	}
+
+	$usernames = array();
+	foreach ($request->network as $network)
+	{
+		$usernames[$network->owner] = array(
+			'username'		=> $network->owner,
+			'repository'	=> $network->name,
+		);
+	}
+
+	return $usernames;
+}
+
+function get_arg($array, $index, $default)
+{
+	return isset($array[$index]) ? $array[$index] : $default;
+}
+
+function run($cmd, $dry = false)
+{
+	static $dry_run;
+
+	if (is_null($cmd))
+	{
+		$dry_run = $dry;
+	}
+	else if (!empty($dry_run))
+	{
+		echo "$cmd\n";
+	}
+	else
+	{
+		passthru(escapeshellcmd($cmd));
+	}
+}

phpBB/adm/index.php

@@ -237,7 +237,7 @@ function build_select($option_ary, $option_default = false)
 /**
 * Build radio fields in acp pages
 */
-function h_radio($name, &$input_ary, $input_default = false, $id = false, $key = false)
+function h_radio($name, $input_ary, $input_default = false, $id = false, $key = false, $separator = '')
 {
 	global $user;
 
@@ -246,7 +246,7 @@ function h_radio($name, &$input_ary, $input_default = false, $id = false, $key =
 	foreach ($input_ary as $value => $title)
 	{
 		$selected = ($input_default !== false && $value == $input_default) ? ' checked="checked"' : '';
-		$html .= '<label><input type="radio" name="' . $name . '"' . (($id && !$id_assigned) ? ' id="' . $id . '"' : '') . ' value="' . $value . '"' . $selected . (($key) ? ' accesskey="' . $key . '"' : '') . ' class="radio" /> ' . $user->lang[$title] . '</label>';
+		$html .= '<label><input type="radio" name="' . $name . '"' . (($id && !$id_assigned) ? ' id="' . $id . '"' : '') . ' value="' . $value . '"' . $selected . (($key) ? ' accesskey="' . $key . '"' : '') . ' class="radio" /> ' . $user->lang[$title] . '</label>' . $separator;
 		$id_assigned = true;
 	}
 
@@ -276,7 +276,7 @@ function build_cfg_template($tpl_type, $key, &$new, $config_key, $vars)
 			$size = (int) $tpl_type[1];
 			$maxlength = (int) $tpl_type[2];
 
-			$tpl = '<input id="' . $key . '" type="' . $tpl_type[0] . '"' . (($size) ? ' size="' . $size . '"' : '') . ' maxlength="' . (($maxlength) ? $maxlength : 255) . '" name="' . $name . '" value="' . $new[$config_key] . '" />';
+			$tpl = '<input id="' . $key . '" type="' . $tpl_type[0] . '"' . (($size) ? ' size="' . $size . '"' : '') . ' maxlength="' . (($maxlength) ? $maxlength : 255) . '" name="' . $name . '" value="' . $new[$config_key] . '"' . (($tpl_type[0] === 'password') ?  ' autocomplete="off"' : '') . ' />';
 		break;
 
 		case 'dimension':
@@ -402,7 +402,7 @@ function validate_config_vars($config_vars, &$cfg_array, &$error)
 		switch ($validator[$type])
 		{
 			case 'string':
-				$length = strlen($cfg_array[$config_name]);
+				$length = utf8_strlen($cfg_array[$config_name]);
 
 				// the column is a VARCHAR
 				$validator[$max] = (isset($validator[$max])) ? min(255, $validator[$max]) : 255;
@@ -573,7 +573,11 @@ function validate_range($value_ary, &$error)
 		'BOOL'	=> array('php_type' => 'int', 		'min' => 0, 				'max' => 1),
 		'USINT'	=> array('php_type' => 'int',		'min' => 0, 				'max' => 65535),
 		'UINT'	=> array('php_type' => 'int', 		'min' => 0, 				'max' => (int) 0x7fffffff),
-		'INT'	=> array('php_type' => 'int', 		'min' => (int) 0x80000000, 	'max' => (int) 0x7fffffff),
+		// Do not use (int) 0x80000000 - it evaluates to different
+		// values on 32-bit and 64-bit systems.
+		// Apparently -2147483648 is a float on 32-bit systems,
+		// despite fitting in an int, thus explicit cast is needed.
+		'INT'	=> array('php_type' => 'int', 		'min' => (int) -2147483648,	'max' => (int) 0x7fffffff),
 		'TINT'	=> array('php_type' => 'int',		'min' => -128,				'max' => 127),
 
 		'VCHAR'	=> array('php_type' => 'string', 	'min' => 0, 				'max' => 255),
@@ -596,7 +600,7 @@ function validate_range($value_ary, &$error)
 		{
 			case 'string' :
 				$max = (isset($column[1])) ? min($column[1],$type['max']) : $type['max'];
-				if (strlen($value['value']) > $max)
+				if (utf8_strlen($value['value']) > $max)
 				{
 					$error[] = sprintf($user->lang['SETTING_TOO_LONG'], $user->lang[$value['lang']], $max);
 				}

phpBB/adm/style/acp_ban.html

@@ -33,7 +33,7 @@
 	{
 		document.getElementById('acp_unban').unbangivereason.innerHTML = ban_give_reason[option];
 		document.getElementById('acp_unban').unbanreason.innerHTML = ban_reason[option];
-		document.getElementById('acp_unban').unbanlength.innerHTML = ban_length[option];
+		document.getElementById('acp_unban').unbanlength.value = ban_length[option];
 	}
 
 // ]]>

phpBB/adm/style/acp_email.html

@@ -38,6 +38,10 @@
 	<dt><label for="priority">{L_MAIL_PRIORITY}:</label></dt>
 	<dd><select id="priority" name="mail_priority_flag">{S_PRIORITY_OPTIONS}</select></dd>
 </dl>
+<dl>
+	<dt><label for="banned">{L_MAIL_BANNED}:</label><br /><span>{L_MAIL_BANNED_EXPLAIN}</span></dt>
+	<dd><input id="banned" name="mail_banned_flag" type="checkbox" class="radio" /></dd>
+</dl>
 <dl>
 	<dt><label for="send">{L_SEND_IMMEDIATELY}:</label></dt>
 	<dd><input id="send" type="checkbox" class="radio" name="send_immediately" checked="checked" /></dd>

phpBB/adm/style/acp_forums.html

@@ -58,7 +58,7 @@
 
 		/**
 		* Init the wanted display functionality if javascript is enabled.
-		* If javascript is not available, the user is still able to properly administrate.
+		* If javascript is not available, the user is still able to properly administer.
 		*/
 		onload = function()
 		{
@@ -140,6 +140,12 @@
 		<dt><label for="parent">{L_FORUM_PARENT}:</label></dt>
 		<dd><select id="parent" name="forum_parent_id"><option value="0"<!-- IF not S_FORUM_PARENT_ID --> selected="selected"<!-- ENDIF -->>{L_NO_PARENT}</option>{S_PARENT_OPTIONS}</select></dd>
 	</dl>
+	<!-- IF S_CAN_COPY_PERMISSIONS -->
+		<dl>
+			<dt><label for="forum_perm_from">{L_COPY_PERMISSIONS}:</label><br /><span>{L_COPY_PERMISSIONS_EXPLAIN}</span></dt>
+			<dd><select id="forum_perm_from" name="forum_perm_from"><option value="0">{L_NO_PERMISSIONS}</option>{S_FORUM_OPTIONS}</select></dd>
+		</dl>
+	<!-- ENDIF -->
 	<dl>
 		<dt><label for="forum_name">{L_FORUM_NAME}:</label></dt>
 		<dd><input class="text medium" type="text" id="forum_name" name="forum_name" value="{FORUM_NAME}" maxlength="255" /></dd>
@@ -160,11 +166,11 @@
 	</dl>
 	<dl>
 		<dt><label for="forum_password">{L_FORUM_PASSWORD}:</label><br /><span>{L_FORUM_PASSWORD_EXPLAIN}</span></dt>
-		<dd><input type="password" id="forum_password" name="forum_password" value="<!-- IF S_FORUM_PASSWORD_SET -->&#x20;&#x20;&#x20;&#x20;&#x20;&#x20;<!-- ENDIF -->" /></dd>
+		<dd><input type="password" id="forum_password" name="forum_password" value="<!-- IF S_FORUM_PASSWORD_SET -->&#x20;&#x20;&#x20;&#x20;&#x20;&#x20;<!-- ENDIF -->" autocomplete="off" /></dd>
 	</dl>
 	<dl>
 		<dt><label for="forum_password_confirm">{L_FORUM_PASSWORD_CONFIRM}:</label><br /><span>{L_FORUM_PASSWORD_CONFIRM_EXPLAIN}</span></dt>
-		<dd><input type="password" id="forum_password_confirm" name="forum_password_confirm" value="<!-- IF S_FORUM_PASSWORD_SET -->&#x20;&#x20;&#x20;&#x20;&#x20;&#x20;<!-- ENDIF -->" /></dd>
+		<dd><input type="password" id="forum_password_confirm" name="forum_password_confirm" value="<!-- IF S_FORUM_PASSWORD_SET -->&#x20;&#x20;&#x20;&#x20;&#x20;&#x20;<!-- ENDIF -->" autocomplete="off" /></dd>
 	</dl>
 	<!-- IF S_FORUM_PASSWORD_SET -->
 	<dl>
@@ -176,12 +182,6 @@
 		<dt><label for="forum_style">{L_FORUM_STYLE}:</label></dt>
 		<dd><select id="forum_style" name="forum_style"><option value="0">{L_DEFAULT_STYLE}</option>{S_STYLES_OPTIONS}</select></dd>
 	</dl>
-	<!-- IF S_CAN_COPY_PERMISSIONS -->
-		<dl>
-			<dt><label for="forum_perm_from">{L_COPY_PERMISSIONS}:</label><br /><span>{L_COPY_PERMISSIONS_EXPLAIN}</span></dt>
-			<dd><select id="forum_perm_from" name="forum_perm_from"><option value="0">{L_NO_PERMISSIONS}</option>{S_FORUM_OPTIONS}</select></dd>
-		</dl>
-	<!-- ENDIF -->
 	</fieldset>
 
 	<div id="forum_cat_options">

phpBB/adm/style/acp_ranks.html

@@ -35,8 +35,8 @@
 	</dl>
 	<dl>
 		<dt><label for="special_rank">{L_RANK_SPECIAL}:</label></dt>
-		<dd><label><input onchange="dE('posts', -1)" type="radio" class="radio" name="special_rank" value="1" id="special_rank"<!-- IF S_SPECIAL_RANK --> checked="checked"<!-- ENDIF --> />{L_YES}</label>
-			<label><input onchange="dE('posts', 1)" type="radio" class="radio" name="special_rank" value="0"<!-- IF not S_SPECIAL_RANK --> checked="checked"<!-- ENDIF --> /> {L_NO}</label></dd>
+		<dd><label><input onclick="dE('posts', -1)" type="radio" class="radio" name="special_rank" value="1" id="special_rank"<!-- IF S_SPECIAL_RANK --> checked="checked"<!-- ENDIF --> />{L_YES}</label>
+			<label><input onclick="dE('posts', 1)" type="radio" class="radio" name="special_rank" value="0"<!-- IF not S_SPECIAL_RANK --> checked="checked"<!-- ENDIF --> /> {L_NO}</label></dd>
 	</dl>
 	<!-- IF S_SPECIAL_RANK --><div id="posts" style="display: none;"><!-- ELSE --><div id="posts"><!-- ENDIF -->
 	<dl>

phpBB/adm/style/acp_styles.html

@@ -22,6 +22,21 @@
 		<dt><label for="new_id">{L_REPLACE}:</label><br /><span>{L_REPLACE_EXPLAIN}</span></dt>
 		<dd><select id="new_id" name="new_id">{S_REPLACE_OPTIONS}</select></dd>
 	</dl>
+	<!-- IF S_DELETE_STYLE -->
+		<hr />
+		<dl>
+			<dt><label for="new_template_id">{L_DELETE_TEMPLATE}:</label><br /><span>{L_REPLACE_TEMPLATE_EXPLAIN}</span></dt>
+			<dd><select id="new_template_id" name="new_template_id">{S_REPLACE_TEMPLATE_OPTIONS}</select></dd>
+		</dl>
+		<dl>
+			<dt><label for="new_theme_id">{L_DELETE_THEME}:</label><br /><span>{L_REPLACE_THEME_EXPLAIN}</span></dt>
+			<dd><select id="new_theme_id" name="new_theme_id">{S_REPLACE_THEME_OPTIONS}</select></dd>
+		</dl>
+		<dl>
+			<dt><label for="new_imageset_id">{L_DELETE_IMAGESET}:</label><br /><span>{L_REPLACE_IMAGESET_EXPLAIN}</span></dt>
+			<dd><select id="new_imageset_id" name="new_imageset_id">{S_REPLACE_IMAGESET_OPTIONS}</select></dd>
+		</dl>
+	<!-- ENDIF -->
 
 	<p class="quick">
 		<input class="button1" type="submit" name="update" value="{L_DELETE}" />
@@ -77,7 +92,7 @@
 
 		/**
 		* Init the wanted display functionality if javascript is enabled.
-		* If javascript is not available, the user is still able to properly administrate.
+		* If javascript is not available, the user is still able to properly administer.
 		*/
 		onload = function()
 		{

phpBB/adm/style/acp_users_overview.html

@@ -43,19 +43,19 @@
 </dl>
 <dl>
 	<dt><label for="user_email">{L_EMAIL}:</label></dt>
-	<dd><input class="text medium" type="text" id="user_email" name="user_email" value="{USER_EMAIL}" /></dd>
+	<dd><input class="text medium" type="text" id="user_email" name="user_email" value="{USER_EMAIL}" autocomplete="off" /></dd>
 </dl>
 <dl>
 	<dt><label for="email_confirm">{L_CONFIRM_EMAIL}:</label><br /><span>{L_CONFIRM_EMAIL_EXPLAIN}</span></dt>
-	<dd><input class="text medium" type="text" id="email_confirm" name="email_confirm" value="" /></dd>
+	<dd><input class="text medium" type="text" id="email_confirm" name="email_confirm" value="" autocomplete="off" /></dd>
 </dl>
 <dl>
 	<dt><label for="new_password">{L_NEW_PASSWORD}:</label><br /><span>{L_CHANGE_PASSWORD_EXPLAIN}</span></dt>
-	<dd><input type="password" id="new_password" name="new_password" value="" /></dd>
+	<dd><input type="password" id="new_password" name="new_password" value="" autocomplete="off" /></dd>
 </dl>
 <dl>
 	<dt><label for="password_confirm">{L_CONFIRM_PASSWORD}:</label><br /><span>{L_CONFIRM_PASSWORD_EXPLAIN}</span></dt>
-	<dd><input type="password" id="password_confirm" name="password_confirm" value="" /></dd>
+	<dd><input type="password" id="password_confirm" name="password_confirm" value="" autocomplete="off" /></dd>
 </dl>
 
 <p class="quick">

phpBB/adm/style/captcha_recaptcha.html

@@ -5,7 +5,7 @@
 		// <![CDATA[
 		var RecaptchaOptions = {
 			lang : '{LA_RECAPTCHA_LANG}',
-			theme : 'clean',
+			theme : 'clean'
 		};
 		// ]]>
 		</script>

phpBB/adm/style/install_footer.html

@@ -6,20 +6,9 @@
 		</div>
 		</div>
 	</div>
-	
-	<!--
-		We request you retain the full copyright notice below including the link to www.phpbb.com.
-		This not only gives respect to the large amount of time given freely by the developers
-		but also helps build interest, traffic and use of phpBB. If you (honestly) cannot retain
-		the full copyright we ask you at least leave in place the "Powered by phpBB" line, with
-		"phpBB" linked to www.phpbb.com. If you refuse to include even this then support on our
-		forums may be affected.
-	
-		The phpBB Group : 2006
-	// -->
-	
+
 	<div id="page-footer">
-		Powered by phpBB &copy; 2000, 2002, 2005, 2007 <a href="http://www.phpbb.com/">phpBB Group</a>
+		Powered by <a href="http://www.phpbb.com/">phpBB</a>&reg; Forum Software &copy; phpBB Group
 	</div>
 </div>
 

phpBB/adm/style/overall_footer.html

@@ -6,21 +6,10 @@
 		</div>
 		</div>
 	</div>
-	
-	<!--
-		We request you retain the full copyright notice below including the link to www.phpbb.com.
-		This not only gives respect to the large amount of time given freely by the developers
-		but also helps build interest, traffic and use of phpBB. If you (honestly) cannot retain
-		the full copyright we ask you at least leave in place the "Powered by phpBB" line, with
-		"phpBB" linked to www.phpbb.com. If you refuse to include even this then support on our
-		forums may be affected.
-	
-		The phpBB Group : 2006
-	// -->
-	
+
 	<div id="page-footer">
 		<!-- IF S_COPYRIGHT_HTML -->
-			Powered by phpBB &copy; 2000, 2002, 2005, 2007 <a href="http://www.phpbb.com/">phpBB Group</a>
+			Powered by <a href="http://www.phpbb.com/">phpBB</a>&reg; Forum Software &copy; phpBB Group
 			<!-- IF TRANSLATION_INFO --><br />{TRANSLATION_INFO}<!-- ENDIF -->
 		<!-- ENDIF -->
 

phpBB/adm/style/simple_footer.html

@@ -2,21 +2,10 @@
 	<br /><br />
 </div>
 
-<!--
-	We request you retain the full copyright notice below including the link to www.phpbb.com.
-	This not only gives respect to the large amount of time given freely by the developers
-	but also helps build interest, traffic and use of phpBB. If you (honestly) cannot retain
-	the full copyright we ask you at least leave in place the "Powered by phpBB" line, with
-	"phpBB" linked to www.phpbb.com. If you refuse to include even this then support on our
-	forums may be affected.
-
-	The phpBB Group : 2006
-// -->
-
 <div id="page-footer">
 
 	<!-- IF S_COPYRIGHT_HTML -->
-		<br />Powered by phpBB &copy; 2000, 2002, 2005, 2007 <a href="http://www.phpbb.com/">phpBB Group</a>
+		<br />Powered by <a href="http://www.phpbb.com/">phpBB</a>&reg; Forum Software &copy; phpBB Group
 		<!-- IF TRANSLATION_INFO --><br />{TRANSLATION_INFO}<!-- ENDIF -->
 	<!-- ENDIF -->
 

phpBB/common.php

@@ -16,112 +16,7 @@ if (!defined('IN_PHPBB'))
 	exit;
 }
 
-$starttime = explode(' ', microtime());
-$starttime = $starttime[1] + $starttime[0];
-
-// Report all errors, except notices and deprecation messages
-if (!defined('E_DEPRECATED'))
-{
-	define('E_DEPRECATED', 8192);
-}
-error_reporting(E_ALL ^ E_NOTICE ^ E_DEPRECATED);
-
-/*
-* Remove variables created by register_globals from the global scope
-* Thanks to Matt Kavanagh
-*/
-function deregister_globals()
-{
-	$not_unset = array(
-		'GLOBALS'	=> true,
-		'_GET'		=> true,
-		'_POST'		=> true,
-		'_COOKIE'	=> true,
-		'_REQUEST'	=> true,
-		'_SERVER'	=> true,
-		'_SESSION'	=> true,
-		'_ENV'		=> true,
-		'_FILES'	=> true,
-		'phpEx'		=> true,
-		'phpbb_root_path'	=> true
-	);
-
-	// Not only will array_merge and array_keys give a warning if
-	// a parameter is not an array, array_merge will actually fail.
-	// So we check if _SESSION has been initialised.
-	if (!isset($_SESSION) || !is_array($_SESSION))
-	{
-		$_SESSION = array();
-	}
-
-	// Merge all into one extremely huge array; unset this later
-	$input = array_merge(
-		array_keys($_GET),
-		array_keys($_POST),
-		array_keys($_COOKIE),
-		array_keys($_SERVER),
-		array_keys($_SESSION),
-		array_keys($_ENV),
-		array_keys($_FILES)
-	);
-
-	foreach ($input as $varname)
-	{
-		if (isset($not_unset[$varname]))
-		{
-			// Hacking attempt. No point in continuing unless it's a COOKIE
-			if ($varname !== 'GLOBALS' || isset($_GET['GLOBALS']) || isset($_POST['GLOBALS']) || isset($_SERVER['GLOBALS']) || isset($_SESSION['GLOBALS']) || isset($_ENV['GLOBALS']) || isset($_FILES['GLOBALS']))
-			{
-				exit;
-			}
-			else
-			{
-				$cookie = &$_COOKIE;
-				while (isset($cookie['GLOBALS']))
-				{
-					foreach ($cookie['GLOBALS'] as $registered_var => $value)
-					{
-						if (!isset($not_unset[$registered_var]))
-						{
-							unset($GLOBALS[$registered_var]);
-						}
-					}
-					$cookie = &$cookie['GLOBALS'];
-				}
-			}
-		}
-
-		unset($GLOBALS[$varname]);
-	}
-
-	unset($input);
-}
-
-// If we are on PHP >= 6.0.0 we do not need some code
-if (version_compare(PHP_VERSION, '6.0.0-dev', '>='))
-{
-	/**
-	* @ignore
-	*/
-	define('STRIP', false);
-}
-else
-{
-	@set_magic_quotes_runtime(0);
-
-	// Be paranoid with passed vars
-	if (@ini_get('register_globals') == '1' || strtolower(@ini_get('register_globals')) == 'on' || !function_exists('ini_get'))
-	{
-		deregister_globals();
-	}
-
-	define('STRIP', (get_magic_quotes_gpc()) ? true : false);
-}
-
-if (defined('IN_CRON'))
-{
-	$phpbb_root_path = dirname(__FILE__) . DIRECTORY_SEPARATOR;
-}
+require($phpbb_root_path . 'includes/startup.' . $phpEx);
 
 if (file_exists($phpbb_root_path . 'config.' . $phpEx))
 {

phpBB/cron.php

@@ -21,7 +21,6 @@ $user->session_begin(false);
 $auth->acl($user->data);
 
 $cron_type = request_var('cron_type', '');
-$use_shutdown_function = (@function_exists('register_shutdown_function')) ? true : false;
 
 // Output transparent gif
 header('Cache-Control: no-cache');
@@ -30,10 +29,9 @@ header('Content-length: 43');
 
 echo base64_decode('R0lGODlhAQABAIAAAP///wAAACH5BAEAAAAALAAAAAABAAEAAAICRAEAOw==');
 
-// test without flush ;)
-// flush();
+// Flush here to prevent browser from showing the page as loading while running cron.
+flush();
 
-//
 if (!isset($config['cron_lock']))
 {
 	set_config('cron_lock', '0', true);
@@ -79,23 +77,10 @@ switch ($cron_type)
 			break;
 		}
 
-		// A user reported using the mail() function while using shutdown does not work. We do not want to risk that.
-		if ($use_shutdown_function && !$config['smtp_delivery'])
-		{
-			$use_shutdown_function = false;
-		}
-
 		include_once($phpbb_root_path . 'includes/functions_messenger.' . $phpEx);
 		$queue = new queue();
 
-		if ($use_shutdown_function)
-		{
-			register_shutdown_function(array(&$queue, 'process'));
-		}
-		else
-		{
-			$queue->process();
-		}
+		$queue->process();
 
 	break;
 
@@ -106,14 +91,7 @@ switch ($cron_type)
 			break;
 		}
 
-		if ($use_shutdown_function)
-		{
-			register_shutdown_function(array(&$cache, 'tidy'));
-		}
-		else
-		{
-			$cache->tidy();
-		}
+		$cache->tidy();
 
 	break;
 
@@ -138,14 +116,7 @@ switch ($cron_type)
 			break;
 		}
 
-		if ($use_shutdown_function)
-		{
-			register_shutdown_function(array(&$search, 'tidy'));
-		}
-		else
-		{
-			$search->tidy();
-		}
+		$search->tidy();
 
 	break;
 
@@ -158,14 +129,7 @@ switch ($cron_type)
 
 		include_once($phpbb_root_path . 'includes/functions_admin.' . $phpEx);
 
-		if ($use_shutdown_function)
-		{
-			register_shutdown_function('tidy_warnings');
-		}
-		else
-		{
-			tidy_warnings();
-		}
+		tidy_warnings();
 
 	break;
 
@@ -178,14 +142,7 @@ switch ($cron_type)
 
 		include_once($phpbb_root_path . 'includes/functions_admin.' . $phpEx);
 
-		if ($use_shutdown_function)
-		{
-			register_shutdown_function('tidy_database');
-		}
-		else
-		{
-			tidy_database();
-		}
+		tidy_database();
 
 	break;
 
@@ -196,14 +153,7 @@ switch ($cron_type)
 			break;
 		}
 
-		if ($use_shutdown_function)
-		{
-			register_shutdown_function(array(&$user, 'session_gc'));
-		}
-		else
-		{
-			$user->session_gc();
-		}
+		$user->session_gc();
 
 	break;
 
@@ -230,26 +180,12 @@ switch ($cron_type)
 
 			if ($row['prune_days'])
 			{
-				if ($use_shutdown_function)
-				{
-					register_shutdown_function('auto_prune', $row['forum_id'], 'posted', $row['forum_flags'], $row['prune_days'], $row['prune_freq']);
-				}
-				else
-				{
-					auto_prune($row['forum_id'], 'posted', $row['forum_flags'], $row['prune_days'], $row['prune_freq']);
-				}
+				auto_prune($row['forum_id'], 'posted', $row['forum_flags'], $row['prune_days'], $row['prune_freq']);
 			}
 
 			if ($row['prune_viewed'])
 			{
-				if ($use_shutdown_function)
-				{
-					register_shutdown_function('auto_prune', $row['forum_id'], 'viewed', $row['forum_flags'], $row['prune_viewed'], $row['prune_freq']);
-				}
-				else
-				{
-					auto_prune($row['forum_id'], 'viewed', $row['forum_flags'], $row['prune_viewed'], $row['prune_freq']);
-				}
+				auto_prune($row['forum_id'], 'viewed', $row['forum_flags'], $row['prune_viewed'], $row['prune_freq']);
 			}
 		}
 
@@ -257,16 +193,8 @@ switch ($cron_type)
 }
 
 // Unloading cache and closing db after having done the dirty work.
-if ($use_shutdown_function)
-{
-	register_shutdown_function('unlock_cron');
-	register_shutdown_function('garbage_collection');
-}
-else
-{
-	unlock_cron();
-	garbage_collection();
-}
+unlock_cron();
+garbage_collection();
 
 exit;
 

phpBB/develop/create_schema_files.php

@@ -329,6 +329,15 @@ foreach ($supported_dbms as $dbms)
 		// Write columns one by one...
 		foreach ($table_data['COLUMNS'] as $column_name => $column_data)
 		{
+			if (strlen($column_name) > 30)
+			{
+				trigger_error("Column name '$column_name' on table '$table_name' is too long. The maximum is 30 characters.", E_USER_ERROR);
+			}
+			if (isset($column_data[2]) && $column_data[2] == 'auto_increment' && strlen($column_name) > 26) // "${column_name}_gen"
+			{
+				trigger_error("Index name '${column_name}_gen' on table '$table_name' is too long. The maximum is 30 characters.", E_USER_ERROR);
+			}
+
 			// Get type
 			if (strpos($column_data[0], ':') !== false)
 			{
@@ -632,6 +641,11 @@ foreach ($supported_dbms as $dbms)
 					$key_data[1] = array($key_data[1]);
 				}
 
+				if (strlen($table_name . $key_name) > 30)
+				{
+					trigger_error("Index name '${table_name}_$key_name' on table '$table_name' is too long. The maximum is 30 characters.", E_USER_ERROR);
+				}
+
 				switch ($dbms)
 				{
 					case 'mysql_40':
@@ -926,7 +940,7 @@ function get_schema_struct()
 
 	$schema_data['phpbb_bbcodes'] = array(
 		'COLUMNS'		=> array(
-			'bbcode_id'				=> array('TINT:3', 0),
+			'bbcode_id'				=> array('USINT', 0),
 			'bbcode_tag'			=> array('VCHAR:16', ''),
 			'bbcode_helpline'		=> array('VCHAR_UNI', ''),
 			'display_on_posting'	=> array('BOOL', 0),
@@ -1207,6 +1221,24 @@ function get_schema_struct()
 		),
 	);
 
+	$schema_data['phpbb_login_attempts'] = array(
+		'COLUMNS'		=> array(
+			'attempt_ip'			=> array('VCHAR:40', ''),
+			'attempt_browser'		=> array('VCHAR:150', ''),
+			'attempt_forwarded_for'	=> array('VCHAR:255', ''),
+			'attempt_time'			=> array('TIMESTAMP', 0),
+			'user_id'				=> array('UINT', 0),
+			'username'				=> array('VCHAR_UNI:255', 0),
+			'username_clean'		=> array('VCHAR_CI', 0),
+		),
+		'KEYS'			=> array(
+			'att_ip'				=> array('INDEX', array('attempt_ip', 'attempt_time')),
+			'att_for'		=> array('INDEX', array('attempt_forwarded_for', 'attempt_time')),
+			'att_time'				=> array('INDEX', array('attempt_time')),
+			'user_id'					=> array('INDEX', 'user_id'),
+		),
+	);
+
 	$schema_data['phpbb_moderator_cache'] = array(
 		'COLUMNS'		=> array(
 			'forum_id'				=> array('UINT', 0),
@@ -2047,4 +2079,3 @@ EOF;
 
 echo 'done';
 
-?>

phpBB/develop/create_variable_overview.php

@@ -83,7 +83,7 @@ $html_skeleton .= '<br><br><a name="ref"></a><b>References: </b>{SEE_FILES}';
 
 $html_skeleton .= '
 <br><br>
-<div class="copyright" align="center">Powered by phpBB 2.2 &copy; <a href="http://www.phpbb.com/" target="_phpbb" class="copyright">phpBB Group</a>, 2003</div>
+<div class="copyright" align="center">Powered by <a href="http://www.phpbb.com/">phpBB</a>&reg; Forum Software &copy; phpBB Group</div>
 
 		<br clear="all" /></td>
 	</tr>
@@ -405,7 +405,7 @@ $html_data .= '<br><li><a href="./lang_index.html" class="gen">Appendix A: Langu
 
 $html_data .= '
 </ol><br><br>
-<div class="copyright" align="center">Powered by phpBB 2.2 &copy; <a href="http://www.phpbb.com/" target="_phpbb" class="copyright">phpBB Group</a>, 2003</div>
+<div class="copyright" align="center">Powered by <a href="http://www.phpbb.com/">phpBB</a>&reg; Forum Software &copy; phpBB Group</div>
 
 		<br clear="all" /></td>
 	</tr>
@@ -528,7 +528,7 @@ foreach ($lang_fp as $filepointer)
 
 $html_data .= '
 <br><br>
-<div class="copyright" align="center">Powered by phpBB 2.2 &copy; <a href="http://www.phpbb.com/" target="_phpbb" class="copyright">phpBB Group</a>, 2003</div>
+<div class="copyright" align="center">Powered by <a href="http://www.phpbb.com/">phpBB</a>&reg; Forum Software &copy; phpBB Group</div>
 
 		<br clear="all" /></td>
 	</tr>

phpBB/develop/mysql_upgrader.php

@@ -21,6 +21,7 @@
 die("Please read the first lines of this script for instructions on how to enable it");
 
 define('IN_PHPBB', true);
+$phpbb_root_path = (defined('PHPBB_ROOT_PATH')) ? PHPBB_ROOT_PATH : './';
 $phpEx = substr(strrchr(__FILE__, '.'), 1);
 include($phpbb_root_path . 'common.' . $phpEx);
 
@@ -252,7 +253,7 @@ foreach ($schema_data as $table_name => $table_data)
 	// Do we now need to re-add the fulltext index? ;)
 	if ($table_name == ($prefix . 'posts') && $drop_index)
 	{
-		echo "ALTER TABLE $table_name ADD FULLTEXT (post_subject), ADD FULLTEXT (post_text), ADD FULLTEXT post_content (post_subject, post_text){$newline}";
+		echo "ALTER TABLE $table_name ADD FULLTEXT (post_subject), ADD FULLTEXT (post_text), ADD FULLTEXT post_content (post_subject, post_text);{$newline}";
 	}
 }
 
@@ -414,7 +415,7 @@ function get_schema_struct()
 
 	$schema_data['phpbb_bbcodes'] = array(
 		'COLUMNS'		=> array(
-			'bbcode_id'				=> array('TINT:3', 0),
+			'bbcode_id'				=> array('USINT', 0),
 			'bbcode_tag'			=> array('VCHAR:16', ''),
 			'bbcode_helpline'		=> array('VCHAR_UNI', ''),
 			'display_on_posting'	=> array('BOOL', 0),

phpBB/docs/AUTHORS

@@ -1,6 +1,6 @@
 /**
 *
-* phpBB3 © Copyright 2000, 2002, 2005, 2007 phpBB Group
+* phpBB3 © Copyright phpBB Group
 * http://www.phpbb.com
 *
 * This program is free software: you can redistribute it and/or modify
@@ -22,20 +22,17 @@ involved in phpBB.
 
 phpBB Lead Developer:  naderman (Nils Adermann)
 
-phpBB Developers:      A_Jelly_Doughnut (Josh Woody)
-                       Acyd Burn (Meik Sievertsen) [Lead 09/2005 - 01/2010]
-                       APTX (Marek A. R.)
+phpBB Developers:      Acyd Burn (Meik Sievertsen) [Lead 09/2005 - 01/2010]
                        bantu (Andreas Fischer)
-                       dhn (Dominik Dröscher)
+                       ckwalsh (Cullen Walsh)
                        igorw (Igor Wiedler)
                        kellanved (Henry Sudhof)
                        nickvergessen (Joas Schilling)
+                       Oleg (Oleg Pudeyev)
                        rxu (Ruslan Uzdenov)
-                       Terrafrost (Jim Wigginton)
                        ToonArmy (Chris Smith)
 
-Contributions by:      Brainy (Cullen Walsh)
-                       leviatan21 (Gabriel Vazquez)
+Contributions by:      leviatan21 (Gabriel Vazquez)
                        Raimon (Raimon Meuldijk)
                        Xore (Robert Hetzler)
 
@@ -47,11 +44,15 @@ phpBB Project Manager: theFinn (James Atkinson) [Founder - 04/2007]
 
 phpBB Lead Developer:  psoTFX (Paul S. Owen) [2001 - 09/2005]
 
-phpBB Developers:      Ashe (Ludovic Arnaud)       [10/2002 - 11/2003, 06/2006 - 10/2006]
-                       BartVB (Bart van Bragt)     [11/2000 - 03/2006]
-                       DavidMJ (David M.)          [12/2005 - 08/2009]
-                       GrahamJE (Graham Eames)     [09/2005 - 11/2006]
-                       Vic D'Elfant (Vic D'Elfant) [04/2007 - 04/2009]
+phpBB Developers:      A_Jelly_Doughnut (Josh Woody) [01/2010 - 11/2010]
+                       APTX (Marek A. Ruszczyński)   [12/2007 - 04/2011]
+                       Ashe (Ludovic Arnaud)         [10/2002 - 11/2003, 06/2006 - 10/2006]
+                       BartVB (Bart van Bragt)       [11/2000 - 03/2006]
+                       DavidMJ (David M.)            [12/2005 - 08/2009]
+                       dhn (Dominik Dröscher)        [05/2007 - 01/2011]
+                       GrahamJE (Graham Eames)       [09/2005 - 11/2006]
+                       TerraFrost (Jim Wigginton)    [04/2009 - 01/2011]
+                       Vic D'Elfant (Vic D'Elfant)   [04/2007 - 04/2009]
 
 -- Copyrights --
 

phpBB/docs/CHANGELOG.html

@@ -8,7 +8,7 @@
 <meta http-equiv="imagetoolbar" content="no" />
 <meta name="resource-type" content="document" />
 <meta name="distribution" content="global" />
-<meta name="copyright" content="2007 phpBB Group" />
+<meta name="copyright" content="phpBB Group" />
 <meta name="keywords" content="" />
 <meta name="description" content="phpBB 3.0.x Changelog" />
 <title>phpBB3 &bull; Changelog</title>
@@ -53,6 +53,7 @@
 <ol>
 	<li><a href="#changelog">Changelog</a>
 	<ol style="list-style-type: lower-roman;">
+		<li><a href="#v308">Changes since 3.0.8</a></li>
 		<li><a href="#v307-PL1">Changes since 3.0.7-PL1</a></li>
 		<li><a href="#v307">Changes since 3.0.7</a></li>
 		<li><a href="#v306">Changes since 3.0.6</a></li>
@@ -89,7 +90,375 @@
 
 		<div class="content">
 
-	<a name="v307-PL1"></a><h3>1.i. Changes since 3.0.7-PL1</h3>
+	<a name="v308"></a><h3>1.i. Changes since 3.0.8</h3>
+
+<h4>        Bug
+</h4>
+<ul>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-217'>PHPBB3-217</a>] -         Multiline [url] not Converted
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-6712'>PHPBB3-6712</a>] -         Topic bumping does not create new topic icon on index
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-7057'>PHPBB3-7057</a>] -         Quicksearch uses POST, thus the page expires!
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-7778'>PHPBB3-7778</a>] -         Increase limit of custom BBcodes
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-7834'>PHPBB3-7834</a>] -         Correctly update topic_time when deleting first post in topic
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-7888'>PHPBB3-7888</a>] -         URL of search results page does not always contain all keywords of the search query
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-7941'>PHPBB3-7941</a>] -         mistake in description of function generate_board_url
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-8138'>PHPBB3-8138</a>] -         Browser autocompleton fills wrong fields in ACP
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-8736'>PHPBB3-8736</a>] -         Honour ACP settings for min/max username length when posting as a guest.
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-8802'>PHPBB3-8802</a>] -         Wrong confirmation text when clicking &quot;mark forums read&quot; in a category
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-8904'>PHPBB3-8904</a>] -         Show numeric CPF default value when editing
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9166'>PHPBB3-9166</a>] -         Subsilver and prosilver CSS elements out of order.
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9348'>PHPBB3-9348</a>] -         Correctly encode default_dateformat when converting from phpBB2
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9575'>PHPBB3-9575</a>] -         The word &quot;administrate&quot; is not correct.
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9630'>PHPBB3-9630</a>] -         Naming inconsistency of Merging Posts / Topics in MCP
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9675'>PHPBB3-9675</a>] -         Add option to delete template/theme/imageset when deleting style.
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9685'>PHPBB3-9685</a>] -         Unable to create &quot;Fulltext native&quot; search index using the mssqlnative DBAL
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9751'>PHPBB3-9751</a>] -         Password requirement &quot;Must contain letters and numbers&quot; is not working properly
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9764'>PHPBB3-9764</a>] -         Empty value for CONFIG_TABLE config_name= &#39;mime_triggers&#39; causes functions_fileupload.php-&gt;fileupload-&gt;check_content() to be too restrictive
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9851'>PHPBB3-9851</a>] -         &quot;Search new posts&quot; should require login
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9872'>PHPBB3-9872</a>] -         Total topics isn&#39;t correct after I deleted a user
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9874'>PHPBB3-9874</a>] -         view_log() performs unneeded count query over all log entries.
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9892'>PHPBB3-9892</a>] -         Firebird index name length limit is not taken into account
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9905'>PHPBB3-9905</a>] -         DSN field should include SQLite
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9908'>PHPBB3-9908</a>] -         Send &quot;Moved Permanently&quot; before stripping off session ids for Bots.
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9910'>PHPBB3-9910</a>] -         Javascript bug in Subsilver2 PMs
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9911'>PHPBB3-9911</a>] -         Incorrect open/close field in Manage ranks ACP
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9913'>PHPBB3-9913</a>] -         currunt should be current
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9915'>PHPBB3-9915</a>] -         &quot;Length of ban:&quot; is not displayed in ACP
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9924'>PHPBB3-9924</a>] -         $template-&gt;display hook does not pass $template instance
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9925'>PHPBB3-9925</a>] -         prosilver logo margin bug in IE 6-7-8 
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9928'>PHPBB3-9928</a>] -         Do not link &quot;login to your board&quot; to the &quot;send statistics&quot; page after completed update.
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9930'>PHPBB3-9930</a>] -         Redirect fails with open_basedir enabled
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9932'>PHPBB3-9932</a>] -         The Bing bot is not added when converting.
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9933'>PHPBB3-9933</a>] -         Wrong handling of consecutive multiple asterisks in word censor 
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9934'>PHPBB3-9934</a>] -         Mass Mail missing under the system tab on a fresh install
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9939'>PHPBB3-9939</a>] -         JavaScript error in recaptcha ACP template
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9944'>PHPBB3-9944</a>] -         Extension groups naming don&#39;t use users&#39; language in ACP
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9946'>PHPBB3-9946</a>] -         $inserts empty in sql_query() for oracle
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9948'>PHPBB3-9948</a>] -         Inline quicktime files won&#39;t display
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9949'>PHPBB3-9949</a>] -         $user-&gt;lang() is not handling arguments as per documentation 
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9950'>PHPBB3-9950</a>] -         Problem with localized button images after uprading from 3.0.7-PL1 to 3.0.8
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9953'>PHPBB3-9953</a>] -         Set focus to password on re-authentication
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9954'>PHPBB3-9954</a>] -         u_masspm* permissions are forced to never for certain groups
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9961'>PHPBB3-9961</a>] -         Inconsistent activation logs
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9966'>PHPBB3-9966</a>] -         Language download in ACP creates index.html and misses captcha_*
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9970'>PHPBB3-9970</a>] -         user_lang input not checked during registration
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9981'>PHPBB3-9981</a>] -         Fix unit test dependencies on phpBB files
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9985'>PHPBB3-9985</a>] -         3D Wave CAPTCHA mt_rand() does not check order of min/max values
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9997'>PHPBB3-9997</a>] -         Inconsistent approve/disapprove button order in modcp
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9999'>PHPBB3-9999</a>] -         {forumrow.L_FORUM_FOLDER_ALT} and {SEARCH_IMG} only return a language key.
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10005'>PHPBB3-10005</a>] -         users can register without custom profile field correctly entered
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10011'>PHPBB3-10011</a>] -         __DIR__ in test suite renders it unusable on php &lt; 5.3
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10016'>PHPBB3-10016</a>] -         set_config_count() fails on PostreSQL 7
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10020'>PHPBB3-10020</a>] -         ACP function validate_range() fails partially on non-32-bit systems
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10021'>PHPBB3-10021</a>] -         &quot;Find a member&quot; generates SQL error when large dates are entered
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10029'>PHPBB3-10029</a>] -         No such thing as $_SERVER[&#39;HTTP_VERSION&#39;]
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10033'>PHPBB3-10033</a>] -         &quot;Disallow usernames&quot; does not check already disallowed names
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10035'>PHPBB3-10035</a>] -         ACP template edit feature allows to read any files on webserver and to upload/execute any script on it
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10036'>PHPBB3-10036</a>] -         Use image from configuration file for displaying online-status.
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10038'>PHPBB3-10038</a>] -         download/file.php uses $_GET value instead of function request_var()
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10039'>PHPBB3-10039</a>] -         2.x to 3.x conversion fails when using mssqlnative to connect to destination database
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10042'>PHPBB3-10042</a>] -         GD captcha has invalid mt_rand calls
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10047'>PHPBB3-10047</a>] -         Session ID always included in URL on posting.php
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10049'>PHPBB3-10049</a>] -         Session test files are misnamed, session tests are not run
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10052'>PHPBB3-10052</a>] -         Session tests are broken
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10056'>PHPBB3-10056</a>] -         Firebird misspelled in database updater
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10058'>PHPBB3-10058</a>] -         Root path is undefined in MySQL upgrader
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10059'>PHPBB3-10059</a>] -         Consistent is misspelled twice
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10060'>PHPBB3-10060</a>] -         Typo in tests database connection manager
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10068'>PHPBB3-10068</a>] -         Firefox4 restrictions to :visited
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10078'>PHPBB3-10078</a>] -         commit-msg hook prints \n on freebsd
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10081'>PHPBB3-10081</a>] -         Cleanup Template Tests
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10084'>PHPBB3-10084</a>] -         Add smilie errors out when image is missing
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10088'>PHPBB3-10088</a>] -         Cache mock does not unset database versions other than mysqli
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10090'>PHPBB3-10090</a>] -         cache/queue.php.lock isn&#39;t covered by .gitignore
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10092'>PHPBB3-10092</a>] -         commit-msg hook aborts on overlength comment lines
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10096'>PHPBB3-10096</a>] -         Wrong whitespace in functions.php
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10100'>PHPBB3-10100</a>] -         Race condition in unique_id() on heavily busy database.
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10102'>PHPBB3-10102</a>] -         member.S_PENDING_SET in styles/prosilver/template/ucp_groups_manage.html
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10104'>PHPBB3-10104</a>] -         missing one intval() along with others already being there
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10109'>PHPBB3-10109</a>] -         Errors while copying a topic
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10112'>PHPBB3-10112</a>] -         Use of count() in captcha_gd.php and mssqlnative.php
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10115'>PHPBB3-10115</a>] -         BBcodes not working if post contains about or more 55000 non-english symbols
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10117'>PHPBB3-10117</a>] -         Big posts becomes empty if they have smilies on specified places.
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10121'>PHPBB3-10121</a>] -         ICQ profile link leads to a webservice that is no longer active
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10123'>PHPBB3-10123</a>] -         Inconsistent use of smilie/smiley
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10128'>PHPBB3-10128</a>] -         Error message is on green background when trying to ban a nonexistent user
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10137'>PHPBB3-10137</a>] -         Deleting an unintended space at the end of PHP_URL_FOPEN_SUPPORT_EXPLAIN
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10146'>PHPBB3-10146</a>] -         Firebird cannot handle DECIMAL(255, 0)
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10147'>PHPBB3-10147</a>] -         Typo in code comment in functions_template.php
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10149'>PHPBB3-10149</a>] -         deregister_globals causes error when cookie called GLOBALS is set to scalar value
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10170'>PHPBB3-10170</a>] -         reCAPTCHA address has changed
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10171'>PHPBB3-10171</a>] -         Firefox4 displays grey pixels at PM message rows when message is neither marked nor replied
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10177'>PHPBB3-10177</a>] -         phpBB package cannot be built with bsdtar
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10178'>PHPBB3-10178</a>] -         build.xml does not specify path to find - breaks on FreeBSD
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10188'>PHPBB3-10188</a>] -         Broken compressed output when errors/warnings are handled by phpbb and output_buffering is set to 4096 and phpbb gzip is enabled
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10191'>PHPBB3-10191</a>] -         Duplicate output when output_handler is set in php.ini
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10192'>PHPBB3-10192</a>] -         Missing semicolon in MySQL Upgrader
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10195'>PHPBB3-10195</a>] -         Do not check DNS Blacklists if IPv6 address is passed to session::check_dnsbl().
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10198'>PHPBB3-10198</a>] -         Function validate_config_vars() improperly validates multibyte strings
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10203'>PHPBB3-10203</a>] -         Fix quotations and hyphen in language strings for PHPBB3-10067
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10204'>PHPBB3-10204</a>] -         Package build tool does not detect binary file changes
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10206'>PHPBB3-10206</a>] -         Normalization tests fail when unicode.org is not reachable
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10211'>PHPBB3-10211</a>] -         Missing space on the recent PHPBB3-9992 changes
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10213'>PHPBB3-10213</a>] -         IP limit index name too long on Oracle
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10214'>PHPBB3-10214</a>] -         Cannot configure Q&amp;A on Oracle
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10218'>PHPBB3-10218</a>] -         STRIP is not defined in style.php causing a notice to be thrown
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10219'>PHPBB3-10219</a>] -         Inappropriate character in web.config file
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10220'>PHPBB3-10220</a>] -         Logging in with Mobile Device triggers SQL error on *_login_attempts.
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10221'>PHPBB3-10221</a>] -         Inconsistent usage of &quot;Seconds&quot; in ACP Settings
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-7729'>PHPBB3-7729</a>] -         Prevent date/time functions from throwing E_WARNING on PHP 5.3 by setting a default timezone
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10188'>PHPBB3-10188</a>] -         Broken compressed output when errors/warnings are handled by phpbb and output_buffering is set to 4096 and phpbb gzip is enabled
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10223'>PHPBB3-10223</a>] -         Updater references startup.php from board path
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10228'>PHPBB3-10228</a>] -         Typo in 3.0.9-RC1 user registration settings
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10229'>PHPBB3-10229</a>] -         On languge/acp/styles.php &quot;%s&quot; should be &quot;%s&quot;
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10232'>PHPBB3-10232</a>] -         Search within topic/forum searches all posts
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10233'>PHPBB3-10233</a>] -         IE Emulation fix breaks posting layout when PMing
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10234'>PHPBB3-10234</a>] -         msg_handler() reports E_WARNING as &quot;PHP Notice: &quot;
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10247'>PHPBB3-10247</a>] -         mediumint(8) too small for phpbb_login_attempts.attempt_id
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10250'>PHPBB3-10250</a>] -         phpBB Logo needs the Registered Trademark Symbol
+</li>
+</ul>
+    
+<h4>        Improvement
+</h4>
+<ul>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9581'>PHPBB3-9581</a>] -         Banned users get mass emails.
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9802'>PHPBB3-9802</a>] -         Optimize session_begin REMOTE_ADDR validation
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9878'>PHPBB3-9878</a>] -         Get rid of Internet Explorer 7 emulation
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9897'>PHPBB3-9897</a>] -         Language typos in language/en/acp/board.php
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9922'>PHPBB3-9922</a>] -         Posting URL in subsilver 2
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9937'>PHPBB3-9937</a>] -         Feed Icon displays on Forum links
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9980'>PHPBB3-9980</a>] -         URLs to javascript should be T_SUPER_TEMPLATE_PATH instead of T_TEMPLATE_PATH
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9989'>PHPBB3-9989</a>] -         Skip PM popup in overall_header.html, if there are no new PMs.
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10007'>PHPBB3-10007</a>] -         Add directive &#39;internal&#39; to blocked folders in nginx example configuration.
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10009'>PHPBB3-10009</a>] -         Differentiate published/updated dates in Atom feed
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10014'>PHPBB3-10014</a>] -         Make the error message when cache is not writable clearer
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10024'>PHPBB3-10024</a>] -         Allow a Style to present Unread PM in different way than read PM
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10040'>PHPBB3-10040</a>] -         Continuous integration on PHP 5.2
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10041'>PHPBB3-10041</a>] -         download/file.php needs more use of send_status_line
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10044'>PHPBB3-10044</a>] -         Setup github network improvements
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10057'>PHPBB3-10057</a>] -         More informative reporting of errors when database connection fails for Firebird and PostgreSQL.
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10067'>PHPBB3-10067</a>] -         ACP options for account activation are confusing when emails are turned off board-wide
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10069'>PHPBB3-10069</a>] -         Improvements in sample nginx config file
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10072'>PHPBB3-10072</a>] -         Send the post number to the template as it relates to it&#39;s position in the topic
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10101'>PHPBB3-10101</a>] -         Compatibility with native phpass hashes
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10126'>PHPBB3-10126</a>] -         Replace ^ with &amp;~ in error_reporting calls
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10141'>PHPBB3-10141</a>] -         Performance improvement for $auth-&gt;_fill_acl()
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10145'>PHPBB3-10145</a>] -         Ability to force recompilation of all templates on every page load
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10154'>PHPBB3-10154</a>] -         Move &quot;copy permissions from&quot; to below &quot;parent&quot; in forum creation form
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10158'>PHPBB3-10158</a>] -         Return link not really useful after sending a Private Message
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10186'>PHPBB3-10186</a>] -         UCP signature panel displays when not authed for signatures
+</li>
+</ul>
+    
+<h4>        New Feature
+</h4>
+<ul>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9942'>PHPBB3-9942</a>] -         WinCache Caching Module
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9992'>PHPBB3-9992</a>] -         Limit amount of failed login attempts per IP
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10110'>PHPBB3-10110</a>] -         Redis caching module
+</li>
+</ul>
+    
+<h4>        Task
+</h4>
+<ul>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9788'>PHPBB3-9788</a>] -         Add README for GitHub
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9805'>PHPBB3-9805</a>] -         Add a script for setting up git remotes for a github network
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9806'>PHPBB3-9806</a>] -         Script for easy merging
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9824'>PHPBB3-9824</a>] -         Git hook quirks
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9859'>PHPBB3-9859</a>] -         Remove the years from visible copyright in the footer.
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9921'>PHPBB3-9921</a>] -         Add sample configuration for lighttpd webserver
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9943'>PHPBB3-9943</a>] -         Setup phpDocumentor API documentation generation
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9967'>PHPBB3-9967</a>] -         Use phpunit.xml for test suite
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9987'>PHPBB3-9987</a>] -         Enforce _test.php suffix for test files
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9990'>PHPBB3-9990</a>] -         Integrate utf normalizer tests into test suite
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10043'>PHPBB3-10043</a>] -         Refactor phpbb_database_test_case
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10046'>PHPBB3-10046</a>] -         Getting rid of register_shutdown_function() in cron.php to prevent path disclosure (reported by lacton)
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10075'>PHPBB3-10075</a>] -         Update docs/AUTHORS for 3.0.9-RC1 release
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10079'>PHPBB3-10079</a>] -         Add gallery avatars to .gitignore.
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10082'>PHPBB3-10082</a>] -         Fix Session Test Issues with CHAR vs. VARCHAR.
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10105'>PHPBB3-10105</a>] -         Update AIM express link and &quot;Download Application&quot; links
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10107'>PHPBB3-10107</a>] -         Improve docs for non-apache webserver configuration
+</li>
+</ul>
+    
+<h4>        Sub-task
+</h4>
+<ul>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9732'>PHPBB3-9732</a>] -         Cover session code extensively in tests
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9968'>PHPBB3-9968</a>] -         Create unit test for word censor regular expression
+</li>
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9969'>PHPBB3-9969</a>] -         Move word censor regular expression creation into separate function definition in functions.php
+</li>
+</ul>
+
+
+	<a name="v307-PL1"></a><h3>1.ii. Changes since 3.0.7-PL1</h3>
 <h4>        Security
 </h4>
 <ul>
@@ -547,13 +916,13 @@
 </ul>
 
 
-	<a name="v307"></a><h3>1.ii. Changes since 3.0.7</h3>
+	<a name="v307"></a><h3>1.iii. Changes since 3.0.7</h3>
 
 	<ul>
 		<li>[Sec] Do not expose forum content of forums with ACL entries but no actual permission in ATOM Feeds. (Bug #58595)</li>
 	</ul>
 
-	<a name="v306"></a><h3>1.iii. Changes since 3.0.6</h3>
+	<a name="v306"></a><h3>1.iv. Changes since 3.0.6</h3>
 
 	<ul>
 		<li>[Fix] Allow ban reason and length to be selected and copied in ACP and subsilver2 MCP. (Bug #51095)</li>
@@ -657,7 +1026,7 @@
 
 	</ul>
 
-	<a name="v305"></a><h3>1.iv. Changes since 3.0.5</h3>
+	<a name="v305"></a><h3>1.v. Changes since 3.0.5</h3>
 
 	<ul>
 		<li>[Fix] Allow whitespaces in avatar gallery names. (Bug #44955)</li>
@@ -879,7 +1248,7 @@
 		<li>[Feature] Send anonymous statistical information to phpBB on installation and update (optional).</li>
 	</ul>
 
-	<a name="v304"></a><h3>1.v. Changes since 3.0.4</h3>
+	<a name="v304"></a><h3>1.vi. Changes since 3.0.4</h3>
 
 	<ul>
 		<li>[Fix] Delete user entry from ban list table upon user deletion (Bug #40015 - Patch by TerraFrost)</li>
@@ -968,7 +1337,7 @@
 		<li>[Sec] Only use forum id supplied for posting if global announcement detected. (Reported by nickvergessen)</li>
 	</ul>
 
-	<a name="v303"></a><h3>1.vi. Changes since 3.0.3</h3>
+	<a name="v303"></a><h3>1.vii. Changes since 3.0.3</h3>
 
 	<ul>
 		<li>[Fix] Allow mixed-case template directories to be inherited (Bug #36725)</li>
@@ -1000,7 +1369,7 @@
 		<li>[Sec] Ask for forum password if post within passworded forum quoted in private message. (Reported by nickvergessen)</li>
 	</ul>
 
-	<a name="v302"></a><h3>1.vii. Changes since 3.0.2</h3>
+	<a name="v302"></a><h3>1.viii. Changes since 3.0.2</h3>
 
 	<ul>
 		<li>[Fix] Correctly set topic starter if first post in topic removed (Bug #30575 - Patch by blueray2048)</li>
@@ -1099,7 +1468,7 @@
 		<li>[Sec Precaution] Stricter validation of the HTTP_HOST header (Thanks to Techie-Micheal et al for pointing out possible issues in derived code)</li>
 	</ul>
 
-	<a name="v301"></a><h3>1.viii. Changes since 3.0.1</h3>
+	<a name="v301"></a><h3>1.ix. Changes since 3.0.1</h3>
 
 	<ul>
 		<li>[Fix] Ability to set permissions on non-mysql dbms (Bug #24955)</li>
@@ -1147,7 +1516,7 @@
 		<li>[Sec] Only allow urls gone through redirect() being used within login_box(). (thanks nookieman)</li>
 	</ul>
 
-	<a name="v300"></a><h3>1.ix Changes since 3.0.0</h3>
+	<a name="v300"></a><h3>1.x Changes since 3.0.0</h3>
 
 	<ul>
 		<li>[Change] Validate birthdays (Bug #15004)</li>
@@ -1218,7 +1587,7 @@
 		<li>[Fix] Find and display colliding usernames correctly when converting from one database to another (Bug #23925)</li>
 	</ul>
 
-	<a name="v30rc8"></a><h3>1.x. Changes since 3.0.RC8</h3>
+	<a name="v30rc8"></a><h3>1.xi. Changes since 3.0.RC8</h3>
 
 	<ul>
 		<li>[Fix] Cleaned usernames contain only single spaces, so &quot;a_name&quot; and &quot;a__name&quot; are treated as the same name (Bug #15634)</li>
@@ -1227,7 +1596,7 @@
 		<li>[Fix] Call garbage_collection() within database updater to correctly close connections (affects Oracle for example)</li>
 	</ul>
 
-	<a name="v30rc7"></a><h3>1.xi. Changes since 3.0.RC7</h3>
+	<a name="v30rc7"></a><h3>1.xii. Changes since 3.0.RC7</h3>
 
 	<ul>
 		<li>[Fix] Fixed MSSQL related bug in the update system</li>
@@ -1262,7 +1631,7 @@
 		<li>[Fix] No duplication of active topics (Bug #15474)</li>
 	</ul>
 
-	<a name="v30rc6"></a><h3>1.xii. Changes since 3.0.RC6</h3>
+	<a name="v30rc6"></a><h3>1.xiii. Changes since 3.0.RC6</h3>
 
 	<ul>
 		<li>[Fix] Submitting language changes using acp_language (Bug #14736)</li>
@@ -1272,7 +1641,7 @@
 		<li>[Fix] Able to request new password (Bug #14743)</li>
 	</ul>
 
-	<a name="v30rc5"></a><h3>1.xiii. Changes since 3.0.RC5</h3>
+	<a name="v30rc5"></a><h3>1.xiv. Changes since 3.0.RC5</h3>
 
 	<ul>
 		<li>[Feature] Removing constant PHPBB_EMBEDDED in favor of using an exit_handler(); the constant was meant to achive this more or less.</li>
@@ -1335,7 +1704,7 @@
 		<li>[Sec] New password hashing mechanism for storing passwords (#i42)</li>
 	</ul>
 
-	<a name="v30rc4"></a><h3>1.xiv. Changes since 3.0.RC4</h3>
+	<a name="v30rc4"></a><h3>1.xv. Changes since 3.0.RC4</h3>
 
 	<ul>
 		<li>[Fix] MySQL, PostgreSQL and SQLite related database fixes (Bug #13862)</li>
@@ -1386,7 +1755,7 @@
 		<li>[Fix] odbc_autocommit causing existing result sets to be dropped (Bug #14182)</li>
 	</ul>
 
-	<a name="v30rc3"></a><h3>1.xv. Changes since 3.0.RC3</h3>
+	<a name="v30rc3"></a><h3>1.xvi. Changes since 3.0.RC3</h3>
 
 	<ul>
 		<li>[Fix] Fixing some subsilver2 and prosilver style issues</li>
@@ -1495,7 +1864,7 @@
 
 	</ul>
 
-	<a name="v30rc2"></a><h3>1.xvi. Changes since 3.0.RC2</h3>
+	<a name="v30rc2"></a><h3>1.xvii. Changes since 3.0.RC2</h3>
 
 	<ul>
 		<li>[Fix] Re-allow searching within the memberlist</li>
@@ -1541,7 +1910,7 @@
 
 	</ul>
 
-	<a name="v30rc1"></a><h3>1.xvii. Changes since 3.0.RC1</h3>
+	<a name="v30rc1"></a><h3>1.xviii. Changes since 3.0.RC1</h3>
 
 	<ul>
 		<li>[Fix] (X)HTML issues within the templates (Bug #11255, #11255)</li>
@@ -1676,7 +2045,7 @@
 
 		<div class="content">
 
-	<p>This application is opensource software released under the <a href="http://opensource.org/licenses/gpl-license.php">GPL</a>. Please see source code and the docs directory for more details. This package and its contents are Copyright (c) 2000, 2002, 2005, 2007 <a href="http://www.phpbb.com/">phpBB Group</a>, All Rights Reserved.</p>
+	<p>This application is opensource software released under the <a href="http://opensource.org/licenses/gpl-license.php">GPL</a>. Please see source code and the docs directory for more details. This package and its contents are Copyright (c) <a href="http://www.phpbb.com/">phpBB Group</a>, All Rights Reserved.</p>
 
 		</div>
 

phpBB/docs/FAQ.html

@@ -8,7 +8,7 @@
 <meta http-equiv="imagetoolbar" content="no" />
 <meta name="resource-type" content="document" />
 <meta name="distribution" content="global" />
-<meta name="copyright" content="2007 phpBB Group" />
+<meta name="copyright" content="phpBB Group" />
 <meta name="keywords" content="" />
 <meta name="description" content="phpBB 3.0.x frequently asked questions" />
 <title>phpBB3 &bull; FAQ</title>
@@ -328,7 +328,7 @@ I want to sue you because i think you host an illegal board!</h2>
 
 		<div class="content">
 
-	<p>This application is opensource software released under the <a href="http://opensource.org/licenses/gpl-license.php">GPL</a>. Please see source code and the docs directory for more details. This package and its contents are Copyright (c) 2000, 2002, 2005, 2007 <a href="http://www.phpbb.com/">phpBB Group</a>, All Rights Reserved.</p>
+	<p>This application is opensource software released under the <a href="http://opensource.org/licenses/gpl-license.php">GPL</a>. Please see source code and the docs directory for more details. This package and its contents are Copyright (c) <a href="http://www.phpbb.com/">phpBB Group</a>, All Rights Reserved.</p>
 
 		</div>
 

phpBB/docs/INSTALL.html

@@ -8,7 +8,7 @@
 <meta http-equiv="imagetoolbar" content="no" />
 <meta name="resource-type" content="document" />
 <meta name="distribution" content="global" />
-<meta name="copyright" content="2007 phpBB Group" />
+<meta name="copyright" content="phpBB Group" />
 <meta name="keywords" content="" />
 <meta name="description" content="phpBB 3.0.x Installation, updating and conversion informations" />
 <title>phpBB3 &bull; Install</title>
@@ -79,6 +79,7 @@
 	<li><a href="#postinstall">Important (security related) post-Install tasks for all installation methods</a>
 	<ol style="list-style-type: lower-roman;">
 		<li><a href="#avatars">Uploadable avatars</a></li>
+		<li><a href="#webserver_configuration">Webserver configuration</a></li>
 	</ol>
 	</li>
 	<li><a href="#disclaimer">Disclaimer</a></li>
@@ -273,7 +274,7 @@
 
 	<p>This package is meant for those wanting to only replace changed files from a previous version to the latest version. This package normally contains the changed files from up to five previous versions.</p>
 
-	<p>This package contains a number of archives, each contains the files changed from a given release to the latest version. You should select the appropriate archive for your current version, e.g. if you currently have <samp>3.0.7-PL1</samp> you should select the phpBB-3.0.7-PL1_to_3.0.8.zip/tar.gz file.</p>
+	<p>This package contains a number of archives, each contains the files changed from a given release to the latest version. You should select the appropriate archive for your current version, e.g. if you currently have <samp>3.0.8</samp> you should select the phpBB-3.0.8_to_3.0.9.zip/tar.gz file.</p>
 
 	<p>The directory structure has been preserved enabling you (if you wish) to simply upload the contents of the archive to the appropriate location on your server, i.e. simply overwrite the existing files with the new versions. Do not forget that if you have installed any MODs these files will overwrite the originals possibly destroying them in the process. You will need to re-add MODs to any affected file before uploading.</p>
 
@@ -285,7 +286,7 @@
 
 	<p>The patch file is one solution for those with many Modifications (MODs) or other changes who do not want to re-add them back to all the changed files if they use the method explained above. To use this you will need command line access to a standard UNIX type <strong>patch</strong> application. If you do not have access to such an application but still want to use this update approach, we strongly recommend the <a href="#update_auto">Automatic update package</a> explained below. It is also the recommended update method.</p>
 
-	<p>A number of patch files are provided to allow you to update from previous stable releases. Select the correct patch, e.g. if your current version is 3.0.5 you need the phpBB-3.0.7-PL1_to_3.0.8.patch file. Place the correct patch in the parent directory containing the phpBB3 core files (i.e. index.php, viewforum.php, etc.). With this done you should run the following command: <strong>patch -cl -d [PHPBB DIRECTORY] -p1 &lt; [PATCH NAME]</strong> (where PHPBB DIRECTORY is the directory name your phpBB Installation resides in, for example phpBB3, and where PATCH NAME is the relevant filename of the selected patch file). This should complete quickly, hopefully without any HUNK FAILED comments.</p>
+	<p>A number of patch files are provided to allow you to update from previous stable releases. Select the correct patch, e.g. if your current version is <samp>3.0.8</samp> you need the phpBB-3.0.8_to_3.0.9.patch file. Place the correct patch in the parent directory containing the phpBB3 core files (i.e. index.php, viewforum.php, etc.). With this done you should run the following command: <strong>patch -cl -d [PHPBB DIRECTORY] -p1 &lt; [PATCH NAME]</strong> (where PHPBB DIRECTORY is the directory name your phpBB Installation resides in, for example phpBB3, and where PATCH NAME is the relevant filename of the selected patch file). This should complete quickly, hopefully without any HUNK FAILED comments.</p>
 
 	<p>If you do get failures you should look at using the <a href="#update_files">Changed files only</a> package to replace the files which failed to patch, please note that you will need to manually re-add any Modifications (MODs) to these particular files. Alternatively if you know how you can examine the .rej files to determine what failed where and make manual adjustments to the relevant source.</p>
 
@@ -408,6 +409,12 @@
 
 	<p>Please be aware that setting a directories permissions to global write access is a potential security issue. While it is unlikely that anything nasty will occur (such as all the avatars being deleted) there are always people out there to cause trouble. Therefore you should monitor this directory and if possible make regular backups.</p>
 
+<a name="webserver_configuration"></a><h3>6.ii. Webserver configuration</h3>
+
+	<p>Depending on your web server you may have to configure your server to deny web access to the <code>cache/</code>, <code>files/</code>, <code>store/</code> and other directories. This is to prevent users from accessing sensitive files.</p>
+
+	<p>For <strong>apache</strong> there are <code>.htaccess</code> files already in place to do this for you. For other webservers you will have to adjust the configuration yourself. Sample files for <strong>nginx</strong> and <strong>lighttpd</strong> to help you get started may be found in docs directory.</p>
+
 		</div>
 
 		<div class="back2top"><a href="#wrap" class="top">Back to Top</a></div>
@@ -424,7 +431,7 @@
 
 		<div class="content">
 
-	<p>This application is opensource software released under the <a href="http://opensource.org/licenses/gpl-license.php">GPL</a>. Please see source code and the docs directory for more details. This package and its contents are Copyright (c) 2000, 2002, 2005, 2007 <a href="http://www.phpbb.com/">phpBB Group</a>, All Rights Reserved.</p>
+	<p>This application is opensource software released under the <a href="http://opensource.org/licenses/gpl-license.php">GPL</a>. Please see source code and the docs directory for more details. This package and its contents are Copyright (c) <a href="http://www.phpbb.com/">phpBB Group</a>, All Rights Reserved.</p>
 
 		</div>
 

phpBB/docs/README.html

@@ -8,7 +8,7 @@
 <meta http-equiv="imagetoolbar" content="no" />
 <meta name="resource-type" content="document" />
 <meta name="distribution" content="global" />
-<meta name="copyright" content="2007 phpBB Group" />
+<meta name="copyright" content="phpBB Group" />
 <meta name="keywords" content="" />
 <meta name="description" content="phpBB 3.0.x Readme" />
 <title>phpBB3 &bull; Readme</title>
@@ -339,7 +339,7 @@
 
 		<div class="content">
 
-	<p>This application is opensource software released under the <a href="http://opensource.org/licenses/gpl-license.php">GPL</a>. Please see source code and the docs directory for more details. This package and its contents are Copyright (c) 2000, 2002, 2005, 2007 <a href="http://www.phpbb.com/">phpBB Group</a>, All Rights Reserved.</p>
+	<p>This application is opensource software released under the <a href="http://opensource.org/licenses/gpl-license.php">GPL</a>. Please see source code and the docs directory for more details. This package and its contents are Copyright (c) <a href="http://www.phpbb.com/">phpBB Group</a>, All Rights Reserved.</p>
 
 		</div>
 

phpBB/docs/auth_api.html

@@ -8,7 +8,7 @@
 <meta http-equiv="imagetoolbar" content="no" />
 <meta name="resource-type" content="document" />
 <meta name="distribution" content="global" />
-<meta name="copyright" content="2007 phpBB Group" />
+<meta name="copyright" content="phpBB Group" />
 <meta name="keywords" content="" />
 <meta name="description" content="This is an explanation of how to use the phpBB auth/acl API" />
 <title>phpBB3 &bull; Auth API</title>
@@ -275,7 +275,7 @@ $auth_admin = new auth_admin();
 
 		<div class="content">
 
-	<p>This application is opensource software released under the <a href="http://opensource.org/licenses/gpl-license.php">GPL</a>. Please see source code and the docs directory for more details. This package and its contents are Copyright (c) 2000, 2002, 2005, 2007 <a href="http://www.phpbb.com/">phpBB Group</a>, All Rights Reserved.</p>
+	<p>This application is opensource software released under the <a href="http://opensource.org/licenses/gpl-license.php">GPL</a>. Please see source code and the docs directory for more details. This package and its contents are Copyright (c) <a href="http://www.phpbb.com/">phpBB Group</a>, All Rights Reserved.</p>
 
 		</div>
 

phpBB/docs/coding-guidelines.html

@@ -8,7 +8,7 @@
 <meta http-equiv="imagetoolbar" content="no" />
 <meta name="resource-type" content="document" />
 <meta name="distribution" content="global" />
-<meta name="copyright" content="2007 phpBB Group" />
+<meta name="copyright" content="phpBB Group" />
 <meta name="keywords" content="" />
 <meta name="description" content="Olympus coding guidelines document" />
 <title>phpBB3 &bull; Coding Guidelines</title>
@@ -240,6 +240,11 @@ PHPBB_ACM_MEMCACHE_PORT     (overwrite memcached port, default is 11211)
 PHPBB_ACM_MEMCACHE_COMPRESS (overwrite memcached compress setting, default is disabled)
 PHPBB_ACM_MEMCACHE_HOST     (overwrite memcached host name, default is localhost)
 
+PHPBB_ACM_REDIS_HOST        (overwrite redis host name, default is localhost)
+PHPBB_ACM_REDIS_PORT        (overwrite redis port, default is 6379)
+PHPBB_ACM_REDIS_PASSWORD    (overwrite redis password, default is empty)
+PHPBB_ACM_REDIS_DB          (overwrite redis default database)
+
 PHPBB_QA                   (Set board to QA-Mode, which means the updater also checks for RC-releases)
 </pre></div>
 
@@ -1018,7 +1023,7 @@ append_sid(&quot;{$phpbb_root_path}memberlist.$phpEx&quot;, 'mode=group&amp;amp;
 
 	<h4>General function usage: </h4>
 
-	<p>Some of these functions are only chosen over others because of personal preference and having no other benefit than to be consistant over the code.</p>
+	<p>Some of these functions are only chosen over others because of personal preference and having no other benefit than to be consistent over the code.</p>
 
 	<ul>
 		<li>
@@ -2369,7 +2374,7 @@ if (utf8_case_fold_nfc($string1) == utf8_case_fold_nfc($string2))
 
 		<div class="content">
 
-	<p>This application is opensource software released under the <a href="http://opensource.org/licenses/gpl-license.php">GPL</a>. Please see source code and the docs directory for more details. This package and its contents are Copyright (c) 2000, 2002, 2005, 2007 <a href="http://www.phpbb.com/">phpBB Group</a>, All Rights Reserved.</p>
+	<p>This application is opensource software released under the <a href="http://opensource.org/licenses/gpl-license.php">GPL</a>. Please see source code and the docs directory for more details. This package and its contents are Copyright (c) <a href="http://www.phpbb.com/">phpBB Group</a>, All Rights Reserved.</p>
 
 		</div>
 

phpBB/docs/hook_system.html

@@ -8,7 +8,7 @@
 <meta http-equiv="imagetoolbar" content="no" />
 <meta name="resource-type" content="document" />
 <meta name="distribution" content="global" />
-<meta name="copyright" content="2007 phpBB Group" />
+<meta name="copyright" content="phpBB Group" />
 <meta name="keywords" content="" />
 <meta name="description" content="Hook System explanation" />
 <title>phpBB3 &bull; Hook System</title>
@@ -380,6 +380,8 @@ a:active	{ color: #368AD2; }
 <code>$template-&gt;display($handle, $include_once = true);</code> which is called directly before outputting the (not-yet-compiled) template.<br />
 <code>exit_handler();</code> which is called at the very end of phpBB3's execution.</p>
 
+<p>Please note: The <code>$template-&gt;display</code> hook takes a third <code>$template</code> argument, which is the template instance being used, which should be used instead of the global.</p>
+
 <p>There are also valid external constants you may want to use if you embed phpBB3 into your application:</p>
 
 <div class="codebox"><pre>
@@ -865,7 +867,7 @@ function phpbb_hook_register(&amp;$hook)
 
 		<div class="content">
 
-	<p>This application is opensource software released under the <a href="http://opensource.org/licenses/gpl-license.php">GPL</a>. Please see source code and the docs directory for more details. This package and its contents are Copyright (c) 2000, 2002, 2005, 2007 <a href="http://www.phpbb.com/">phpBB Group</a>, All Rights Reserved.</p>
+	<p>This application is opensource software released under the <a href="http://opensource.org/licenses/gpl-license.php">GPL</a>. Please see source code and the docs directory for more details. This package and its contents are Copyright (c) <a href="http://www.phpbb.com/">phpBB Group</a>, All Rights Reserved.</p>
 
 		</div>
 

phpBB/docs/lighttpd.sample.conf

@@ -0,0 +1,60 @@
+# Sample lighttpd configuration file for phpBB.
+# Global settings have been removed, copy them
+# from your system's lighttpd.conf.
+# Tested with lighttpd 1.4.26
+
+# Load moules
+server.modules += ( 
+	"mod_access",
+	"mod_fastcgi",
+	"mod_accesslog"
+)
+
+# If you have domains with and without www prefix,
+# redirect one to the other.
+$HTTP["host"] =~ "^(myforums\.com)$" {
+	url.redirect = (
+		".*"	=> "http://www.%1$0"
+	)
+}
+
+$HTTP["host"] == "www.myforums.com" {
+	server.name				= "www.myforums.com"
+	server.document-root	= "/path/to/phpbb"
+	server.dir-listing		= "disable"
+	
+	index-file.names		= ( "index.php", "index.htm", "index.html" )
+	accesslog.filename		= "/var/log/lighttpd/access-www.myforums.com.log"
+	
+	# Deny access to internal phpbb files.	
+	$HTTP["url"] =~ "^/(config\.php|common\.php|includes|cache|files|store|images/avatars/upload)" {
+		url.access-deny = ( "" )
+	}
+
+	# Deny access to version control system directories.
+	$HTTP["url"] =~ "/\.svn|/\.git" {
+		url.access-deny = ( "" )
+	}
+	
+	# Deny access to apache configuration files.
+	$HTTP["url"] =~ "/\.htaccess|/\.htpasswd|/\.htgroups" {
+		url.access-deny = ( "" )
+	}
+
+	fastcgi.server = ( ".php" => 
+		((
+			"bin-path" => "/usr/bin/php-cgi",
+			"socket" => "/tmp/php.socket",
+			"max-procs" => 4,
+			"idle-timeout" => 30,
+			"bin-environment" => ( 
+				"PHP_FCGI_CHILDREN" => "10",
+				"PHP_FCGI_MAX_REQUESTS" => "10000"
+			),
+			"bin-copy-environment" => (
+				"PATH", "SHELL", "USER"
+			),
+			"broken-scriptfilename" => "enable"
+		))
+	)
+}

phpBB/docs/nginx.sample.conf

@@ -10,14 +10,23 @@ http {
     gzip_vary on;
     gzip_http_version 1.1;
     gzip_min_length 700;
+    
+    # Compression levels over 6 do not give an appreciable improvement
+    # in compression ratio, but take more resources.
     gzip_comp_level 6;
-    gzip_disable "MSIE [1-6]\.";
+    
+    # IE 6 and lower do not support gzip with Vary correctly.
+    gzip_disable "msie6";
+    # Before nginx 0.7.63:
+    #gzip_disable "MSIE [1-6]\.";
 
     # Catch-all server for requests to invalid hosts.
     # Also catches vulnerability scanners probing IP addresses.
-    # Should be first.
     server {
-        listen 80;
+        # default specifies that this block is to be used when
+        # no other block matches.
+        listen 80 default;
+
         server_name bogus;
         return 444;
         root /var/empty;
@@ -26,14 +35,20 @@ http {
     # If you have domains with and without www prefix,
     # redirect one to the other.
     server {
-        listen 80;
+        # Default port is 80.
+        #listen 80;
+
         server_name myforums.com;
-        rewrite ^(.*)$ http://www.myforums.com$1 permanent;
+
+        # A trick from http://wiki.nginx.org/Pitfalls#Taxing_Rewrites:
+        rewrite ^ http://www.myforums.com$request_uri permanent;
+        # Equivalent to:
+        #rewrite ^(.*)$ http://www.myforums.com$1 permanent;
     }
 
     # The actual board domain.
     server {
-        listen 80;
+        #listen 80;
         server_name www.myforums.com;
 
         root /path/to/phpbb;
@@ -46,6 +61,9 @@ http {
         # Deny access to internal phpbb files.
         location ~ /(config\.php|common\.php|includes|cache|files|store|images/avatars/upload) {
             deny all;
+            # deny was ignored before 0.8.40 for connections over IPv6.
+            # Use internal directive to prohibit access on older versions.
+            internal;
         }
 
         # Pass the php scripts to fastcgi server specified in upstream declaration.
@@ -60,6 +78,7 @@ http {
         # Deny access to version control system directories.
         location ~ /\.svn|/\.git {
             deny all;
+            internal;
         }
     }
 

phpBB/download/file.php

@@ -31,12 +31,7 @@ else if (isset($_SERVER['HTTP_USER_AGENT']) && strpos($_SERVER['HTTP_USER_AGENT'
 
 if (isset($_GET['avatar']))
 {
-	if (!defined('E_DEPRECATED'))
-	{
-		define('E_DEPRECATED', 8192);
-	}
-	error_reporting(E_ALL ^ E_NOTICE ^ E_DEPRECATED);
-
+	require($phpbb_root_path . 'includes/startup.' . $phpEx);
 	require($phpbb_root_path . 'config.' . $phpEx);
 
 	if (!defined('PHPBB_INSTALLED') || empty($dbms) || empty($acm_type))
@@ -64,7 +59,7 @@ if (isset($_GET['avatar']))
 	$browser = (!empty($_SERVER['HTTP_USER_AGENT'])) ? htmlspecialchars((string) $_SERVER['HTTP_USER_AGENT']) : 'msie 6.0';
 
 	$config = $cache->obtain_config();
-	$filename = $_GET['avatar'];
+	$filename = request_var('avatar', '');
 	$avatar_group = false;
 	$exit = false;
 
@@ -125,11 +120,13 @@ $user->setup('viewtopic');
 
 if (!$download_id)
 {
+	send_status_line(404, 'Not Found');
 	trigger_error('NO_ATTACHMENT_SELECTED');
 }
 
 if (!$config['allow_attachments'] && !$config['allow_pm_attach'])
 {
+	send_status_line(404, 'Not Found');
 	trigger_error('ATTACHMENT_FUNCTIONALITY_DISABLED');
 }
 
@@ -142,11 +139,13 @@ $db->sql_freeresult($result);
 
 if (!$attachment)
 {
+	send_status_line(404, 'Not Found');
 	trigger_error('ERROR_NO_ATTACHMENT');
 }
 
 if ((!$attachment['in_message'] && !$config['allow_attachments']) || ($attachment['in_message'] && !$config['allow_pm_attach']))
 {
+	send_status_line(404, 'Not Found');
 	trigger_error('ATTACHMENT_FUNCTIONALITY_DISABLED');
 }
 
@@ -159,6 +158,7 @@ if ($attachment['is_orphan'])
 
 	if (!$own_attachment || ($attachment['in_message'] && !$auth->acl_get('u_pm_download')) || (!$attachment['in_message'] && !$auth->acl_get('u_download')))
 	{
+		send_status_line(404, 'Not Found');
 		trigger_error('ERROR_NO_ATTACHMENT');
 	}
 
@@ -191,6 +191,7 @@ else
 		}
 		else
 		{
+			send_status_line(403, 'Forbidden');
 			trigger_error('SORRY_AUTH_VIEW_ATTACH');
 		}
 	}
@@ -231,6 +232,7 @@ else
 	$extensions = array();
 	if (!extension_allowed($row['forum_id'], $attachment['extension'], $extensions))
 	{
+		send_status_line(404, 'Forbidden');
 		trigger_error(sprintf($user->lang['EXTENSION_DISABLED_AFTER_POSTING'], $attachment['extension']));
 	}
 }
@@ -253,6 +255,7 @@ $db->sql_freeresult($result);
 
 if (!$attachment)
 {
+	send_status_line(404, 'Not Found');
 	trigger_error('ERROR_NO_ATTACHMENT');
 }
 
@@ -295,6 +298,7 @@ else
 		// This presenting method should no longer be used
 		if (!@is_dir($phpbb_root_path . $config['upload_path']))
 		{
+			send_status_line(500, 'Internal Server Error');
 			trigger_error($user->lang['PHYSICAL_DOWNLOAD_NOT_POSSIBLE']);
 		}
 
@@ -419,6 +423,7 @@ function send_file_to_browser($attachment, $upload_dir, $category)
 
 	if (!@file_exists($filename))
 	{
+		send_status_line(404, 'Not Found');
 		trigger_error($user->lang['ERROR_NO_ATTACHMENT'] . '<br /><br />' . sprintf($user->lang['FILE_NOT_FOUND_404'], $filename));
 	}
 
@@ -445,9 +450,11 @@ function send_file_to_browser($attachment, $upload_dir, $category)
 		// PHP track_errors setting On?
 		if (!empty($php_errormsg))
 		{
+			send_status_line(500, 'Internal Server Error');
 			trigger_error($user->lang['UNABLE_TO_DELIVER_FILE'] . '<br />' . sprintf($user->lang['TRACKED_PHP_ERROR'], $php_errormsg));
 		}
 
+		send_status_line(500, 'Internal Server Error');
 		trigger_error('UNABLE_TO_DELIVER_FILE');
 	}
 

phpBB/feed.php

@@ -95,11 +95,13 @@ while ($row = $feed->get_item())
 
 	$title = (isset($row[$feed->get('title')]) && $row[$feed->get('title')] !== '') ? $row[$feed->get('title')] : ((isset($row[$feed->get('title2')])) ? $row[$feed->get('title2')] : '');
 
-	$item_time = (int) $row[$feed->get('date')];
+	$published = ($feed->get('published') !== NULL) ? (int) $row[$feed->get('published')] : 0;
+	$updated = ($feed->get('updated') !== NULL) ? (int) $row[$feed->get('updated')] : 0;
 
 	$item_row = array(
 		'author'		=> ($feed->get('creator') !== NULL) ? $row[$feed->get('creator')] : '',
-		'pubdate'		=> feed_format_date($item_time),
+		'published'		=> ($published > 0) ? feed_format_date($published) : '',
+		'updated'		=> ($updated > 0) ? feed_format_date($updated) : '',
 		'link'			=> '',
 		'title'			=> censor_text($title),
 		'category'		=> ($config['feed_item_statistics'] && !empty($row['forum_id'])) ? $board_url . '/viewforum.' . $phpEx . '?f=' . $row['forum_id'] : '',
@@ -113,7 +115,7 @@ while ($row = $feed->get_item())
 
 	$item_vars[] = $item_row;
 
-	$feed_updated_time = max($feed_updated_time, $item_time);
+	$feed_updated_time = max($feed_updated_time, $published, $updated);
 }
 
 // If we do not have any items at all, sending the current time is better than sending no time.
@@ -192,7 +194,13 @@ foreach ($item_vars as $row)
 		echo '<author><name><![CDATA[' . $row['author'] . ']]></name></author>' . "\n";
 	}
 
-	echo '<updated>' . $row['pubdate'] . '</updated>' . "\n";
+	echo '<updated>' . ((!empty($row['updated'])) ? $row['updated'] : $row['published']) . '</updated>' . "\n";
+
+	if (!empty($row['published']))
+	{
+		echo '<published>' . $row['published'] . '</published>' . "\n";
+	}
+
 	echo '<id>' . $row['link'] . '</id>' . "\n";
 	echo '<link href="' . $row['link'] . '"/>' . "\n";
 	echo '<title type="html"><![CDATA[' . $row['title'] . ']]></title>' . "\n\n";
@@ -675,7 +683,8 @@ class phpbb_feed_post_base extends phpbb_feed_base
 
 		$this->set('author_id',	'user_id');
 		$this->set('creator',	'username');
-		$this->set('date',		'post_time');
+		$this->set('published',	'post_time');
+		$this->set('updated',	'post_edit_time');
 		$this->set('text',		'post_text');
 
 		$this->set('bitfield',	'bbcode_bitfield');
@@ -695,7 +704,7 @@ class phpbb_feed_post_base extends phpbb_feed_base
 		if ($config['feed_item_statistics'])
 		{
 			$item_row['statistics'] = $user->lang['POSTED'] . ' ' . $user->lang['POST_BY_AUTHOR'] . ' ' . $this->user_viewprofile($row)
-				. ' ' . $this->separator_stats . ' ' . $user->format_date($row['post_time'])
+				. ' ' . $this->separator_stats . ' ' . $user->format_date($row[$this->get('published')])
 				. (($this->is_moderator_approve_forum($row['forum_id']) && !$row['post_approved']) ? ' ' . $this->separator_stats . ' ' . $user->lang['POST_UNAPPROVED'] : '');
 		}
 	}
@@ -717,7 +726,8 @@ class phpbb_feed_topic_base extends phpbb_feed_base
 
 		$this->set('author_id',	'topic_poster');
 		$this->set('creator',	'topic_first_poster_name');
-		$this->set('date',		'topic_time');
+		$this->set('published',	'post_time');
+		$this->set('updated',	'post_edit_time');
 		$this->set('text',		'post_text');
 
 		$this->set('bitfield',	'bbcode_bitfield');
@@ -737,7 +747,7 @@ class phpbb_feed_topic_base extends phpbb_feed_base
 		if ($config['feed_item_statistics'])
 		{
 			$item_row['statistics'] = $user->lang['POSTED'] . ' ' . $user->lang['POST_BY_AUTHOR'] . ' ' . $this->user_viewprofile($row)
-				. ' ' . $this->separator_stats . ' ' . $user->format_date($row[$this->get('date')])
+				. ' ' . $this->separator_stats . ' ' . $user->format_date($row[$this->get('published')])
 				. ' ' . $this->separator_stats . ' ' . $user->lang['REPLIES'] . ' ' . (($this->is_moderator_approve_forum($row['forum_id'])) ? $row['topic_replies_real'] : $row['topic_replies'])
 				. ' ' . $this->separator_stats . ' ' . $user->lang['VIEWS'] . ' ' . $row['topic_views']
 				. (($this->is_moderator_approve_forum($row['forum_id']) && ($row['topic_replies_real'] != $row['topic_replies'])) ? ' ' . $this->separator_stats . ' ' . $user->lang['POSTS_UNAPPROVED'] : '');
@@ -800,7 +810,7 @@ class phpbb_feed_overall extends phpbb_feed_post_base
 		// Get the actual data
 		$this->sql = array(
 			'SELECT'	=>	'f.forum_id, f.forum_name, ' .
-							'p.post_id, p.topic_id, p.post_time, p.post_approved, p.post_subject, p.post_text, p.bbcode_bitfield, p.bbcode_uid, p.enable_bbcode, p.enable_smilies, p.enable_magic_url, ' .
+							'p.post_id, p.topic_id, p.post_time, p.post_edit_time, p.post_approved, p.post_subject, p.post_text, p.bbcode_bitfield, p.bbcode_uid, p.enable_bbcode, p.enable_smilies, p.enable_magic_url, ' .
 							'u.username, u.user_id',
 			'FROM'		=> array(
 				USERS_TABLE		=> 'u',
@@ -932,7 +942,7 @@ class phpbb_feed_forum extends phpbb_feed_post_base
 		}
 
 		$this->sql = array(
-			'SELECT'	=>	'p.post_id, p.topic_id, p.post_time, p.post_approved, p.post_subject, p.post_text, p.bbcode_bitfield, p.bbcode_uid, p.enable_bbcode, p.enable_smilies, p.enable_magic_url, ' .
+			'SELECT'	=>	'p.post_id, p.topic_id, p.post_time, p.post_edit_time, p.post_approved, p.post_subject, p.post_text, p.bbcode_bitfield, p.bbcode_uid, p.enable_bbcode, p.enable_smilies, p.enable_magic_url, ' .
 							'u.username, u.user_id',
 			'FROM'		=> array(
 				POSTS_TABLE		=> 'p',
@@ -1097,7 +1107,7 @@ class phpbb_feed_topic extends phpbb_feed_post_base
 		global $auth, $db;
 
 		$this->sql = array(
-			'SELECT'	=>	'p.post_id, p.post_time, p.post_approved, p.post_subject, p.post_text, p.bbcode_bitfield, p.bbcode_uid, p.enable_bbcode, p.enable_smilies, p.enable_magic_url, ' .
+			'SELECT'	=>	'p.post_id, p.post_time, p.post_edit_time, p.post_approved, p.post_subject, p.post_text, p.bbcode_bitfield, p.bbcode_uid, p.enable_bbcode, p.enable_smilies, p.enable_magic_url, ' .
 							'u.username, u.user_id',
 			'FROM'		=> array(
 				POSTS_TABLE		=> 'p',
@@ -1136,7 +1146,7 @@ class phpbb_feed_forums extends phpbb_feed_base
 		$this->set('text',		'forum_desc');
 		$this->set('bitfield',	'forum_desc_bitfield');
 		$this->set('bbcode_uid','forum_desc_uid');
-		$this->set('date',		'forum_last_post_time');
+		$this->set('updated',	'forum_last_post_time');
 		$this->set('options',	'forum_desc_options');
 	}
 
@@ -1261,8 +1271,8 @@ class phpbb_feed_news extends phpbb_feed_topic_base
 
 		$this->sql = array(
 			'SELECT'	=> 'f.forum_id, f.forum_name,
-							t.topic_id, t.topic_title, t.topic_poster, t.topic_first_poster_name, t.topic_replies, t.topic_replies_real, t.topic_views, t.topic_time,
-							p.post_id, p.post_time, p.post_text, p.bbcode_bitfield, p.bbcode_uid, p.enable_bbcode, p.enable_smilies, p.enable_magic_url',
+							t.topic_id, t.topic_title, t.topic_poster, t.topic_first_poster_name, t.topic_replies, t.topic_replies_real, t.topic_views, t.topic_time, t.topic_last_post_time,
+							p.post_id, p.post_time, p.post_edit_time, p.post_text, p.bbcode_bitfield, p.bbcode_uid, p.enable_bbcode, p.enable_smilies, p.enable_magic_url',
 			'FROM'		=> array(
 				TOPICS_TABLE	=> 't',
 				POSTS_TABLE		=> 'p',
@@ -1334,8 +1344,8 @@ class phpbb_feed_topics extends phpbb_feed_topic_base
 
 		$this->sql = array(
 			'SELECT'	=> 'f.forum_id, f.forum_name,
-							t.topic_id, t.topic_title, t.topic_poster, t.topic_first_poster_name, t.topic_replies, t.topic_replies_real, t.topic_views, t.topic_time,
-							p.post_id, p.post_time, p.post_text, p.bbcode_bitfield, p.bbcode_uid, p.enable_bbcode, p.enable_smilies, p.enable_magic_url',
+							t.topic_id, t.topic_title, t.topic_poster, t.topic_first_poster_name, t.topic_replies, t.topic_replies_real, t.topic_views, t.topic_time, t.topic_last_post_time,
+							p.post_id, p.post_time, p.post_edit_time, p.post_text, p.bbcode_bitfield, p.bbcode_uid, p.enable_bbcode, p.enable_smilies, p.enable_magic_url',
 			'FROM'		=> array(
 				TOPICS_TABLE	=> 't',
 				POSTS_TABLE		=> 'p',
@@ -1381,8 +1391,6 @@ class phpbb_feed_topics_active extends phpbb_feed_topic_base
 
 		$this->set('author_id',	'topic_last_poster_id');
 		$this->set('creator',	'topic_last_poster_name');
-		$this->set('date',		'topic_last_post_time');
-		$this->set('text',		'post_text');
 	}
 
 	function get_sql()
@@ -1434,7 +1442,7 @@ class phpbb_feed_topics_active extends phpbb_feed_topic_base
 			'SELECT'	=> 'f.forum_id, f.forum_name,
 							t.topic_id, t.topic_title, t.topic_replies, t.topic_replies_real, t.topic_views,
 							t.topic_last_poster_id, t.topic_last_poster_name, t.topic_last_post_time,
-							p.post_id, p.post_time, p.post_text, p.bbcode_bitfield, p.bbcode_uid, p.enable_bbcode, p.enable_smilies, p.enable_magic_url',
+							p.post_id, p.post_time, p.post_edit_time, p.post_text, p.bbcode_bitfield, p.bbcode_uid, p.enable_bbcode, p.enable_smilies, p.enable_magic_url',
 			'FROM'		=> array(
 				TOPICS_TABLE	=> 't',
 				POSTS_TABLE		=> 'p',

phpBB/includes/acm/acm_file.php

@@ -88,11 +88,11 @@ class acm
 			if (!phpbb_is_writable($this->cache_dir))
 			{
 				// We need to use die() here, because else we may encounter an infinite loop (the message handler calls $cache->unload())
-				die($this->cache_dir . ' is NOT writable.');
+				die('Fatal: ' . $this->cache_dir . ' is NOT writable.');
 				exit;
 			}
 
-			die('Not able to open ' . $this->cache_dir . 'data_global.' . $phpEx);
+			die('Fatal: Not able to open ' . $this->cache_dir . 'data_global.' . $phpEx);
 			exit;
 		}
 

phpBB/includes/acm/acm_redis.php

@@ -0,0 +1,145 @@
+<?php
+/**
+*
+* @package acm
+* @copyright (c) 2011 phpBB Group
+* @license http://opensource.org/licenses/gpl-license.php GNU Public License
+*
+*/
+
+/**
+* @ignore
+*/
+if (!defined('IN_PHPBB'))
+{
+	exit;
+}
+
+// Include the abstract base
+if (!class_exists('acm_memory'))
+{
+	require("{$phpbb_root_path}includes/acm/acm_memory.$phpEx");
+}
+
+if (!defined('PHPBB_ACM_REDIS_PORT'))
+{
+	define('PHPBB_ACM_REDIS_PORT', 6379);
+}
+
+if (!defined('PHPBB_ACM_REDIS_HOST'))
+{
+	define('PHPBB_ACM_REDIS_HOST', 'localhost');
+}
+
+/**
+* ACM for Redis
+*
+* Compatible with the php extension phpredis available
+* at https://github.com/nicolasff/phpredis
+*
+* @package acm
+*/
+class acm extends acm_memory
+{
+	var $extension = 'redis';
+
+	var $redis;
+
+	function acm()
+	{
+		// Call the parent constructor
+		parent::acm_memory();
+
+		$this->redis = new Redis();
+		$this->redis->connect(PHPBB_ACM_REDIS_HOST, PHPBB_ACM_REDIS_PORT);
+
+		if (defined('PHPBB_ACM_REDIS_PASSWORD'))
+		{
+			if (!$this->redis->auth(PHPBB_ACM_REDIS_PASSWORD))
+			{
+				global $acm_type;
+
+				trigger_error("Incorrect password for the ACM module $acm_type.", E_USER_ERROR);
+			}
+		}
+
+		$this->redis->setOption(Redis::OPT_SERIALIZER, Redis::SERIALIZER_PHP);
+		$this->redis->setOption(Redis::OPT_PREFIX, $this->key_prefix);
+
+		if (defined('PHPBB_ACM_REDIS_DB'))
+		{
+			if (!$this->redis->select(PHPBB_ACM_REDIS_DB))
+			{
+				global $acm_type;
+
+				trigger_error("Incorrect database for the ACM module $acm_type.", E_USER_ERROR);
+			}
+		}
+	}
+
+	/**
+	* Unload the cache resources
+	*
+	* @return void
+	*/
+	function unload()
+	{
+		parent::unload();
+
+		$this->redis->close();
+	}
+
+	/**
+	* Purge cache data
+	*
+	* @return void
+	*/
+	function purge()
+	{
+		$this->redis->flushDB();
+
+		parent::purge();
+	}
+
+	/**
+	* Fetch an item from the cache
+	*
+	* @access protected
+	* @param string $var Cache key
+	* @return mixed Cached data
+	*/
+	function _read($var)
+	{
+		return $this->redis->get($var);
+	}
+
+	/**
+	* Store data in the cache
+	*
+	* @access protected
+	* @param string $var Cache key
+	* @param mixed $data Data to store
+	* @param int $ttl Time-to-live of cached data
+	* @return bool True if the operation succeeded
+	*/
+	function _write($var, $data, $ttl = 2592000)
+	{
+		return $this->redis->setex($var, $ttl, $data);
+	}
+
+	/**
+	* Remove an item from the cache
+	*
+	* @access protected
+	* @param string $var Cache key
+	* @return bool True if the operation succeeded
+	*/
+	function _delete($var)
+	{
+		if ($this->redis->delete($var) > 0)
+		{
+			return true;
+		}
+		return false;
+	}
+}

phpBB/includes/acm/acm_wincache.php

@@ -0,0 +1,84 @@
+<?php
+/**
+*
+* @package acm
+* @copyright (c) 2010 phpBB Group
+* @license http://opensource.org/licenses/gpl-license.php GNU Public License
+*
+*/
+
+/**
+* @ignore
+*/
+if (!defined('IN_PHPBB'))
+{
+	exit;
+}
+
+// Include the abstract base
+if (!class_exists('acm_memory'))
+{
+	require("{$phpbb_root_path}includes/acm/acm_memory.$phpEx");
+}
+
+/**
+* ACM for WinCache
+* @package acm
+*/
+class acm extends acm_memory
+{
+	var $extension = 'wincache';
+
+	/**
+	* Purge cache data
+	*
+	* @return void
+	*/
+	function purge()
+	{
+		wincache_ucache_clear();
+
+		parent::purge();
+	}
+
+	/**
+	* Fetch an item from the cache
+	*
+	* @access protected
+	* @param string $var Cache key
+	* @return mixed Cached data
+	*/
+	function _read($var)
+	{
+		$success = false;
+		$result = wincache_ucache_get($this->key_prefix . $var, $success);
+
+		return ($success) ? $result : false;
+	}
+
+	/**
+	* Store data in the cache
+	*
+	* @access protected
+	* @param string $var Cache key
+	* @param mixed $data Data to store
+	* @param int $ttl Time-to-live of cached data
+	* @return bool True if the operation succeeded
+	*/
+	function _write($var, $data, $ttl = 2592000)
+	{
+		return wincache_ucache_set($this->key_prefix . $var, $data, $ttl);
+	}
+
+	/**
+	* Remove an item from the cache
+	*
+	* @access protected
+	* @param string $var Cache key
+	* @return bool True if the operation succeeded
+	*/
+	function _delete($var)
+	{
+		return wincache_ucache_delete($this->key_prefix . $var);
+	}
+}

phpBB/includes/acp/acp_bbcodes.php

@@ -213,7 +213,7 @@ class acp_bbcodes
 							$bbcode_id = NUM_CORE_BBCODES + 1;
 						}
 
-						if ($bbcode_id > 1511)
+						if ($bbcode_id > BBCODE_LIMIT)
 						{
 							trigger_error($user->lang['TOO_MANY_BBCODES'] . adm_back_link($this->u_action), E_USER_WARNING);
 						}

phpBB/includes/acp/acp_board.php

@@ -386,6 +386,9 @@ class acp_board
 						'pass_complex'			=> array('lang' => 'PASSWORD_TYPE',			'validate' => 'string',	'type' => 'select', 'method' => 'select_password_chars', 'explain' => true),
 						'chg_passforce'			=> array('lang' => 'FORCE_PASS_CHANGE',		'validate' => 'int:0',	'type' => 'text:3:3', 'explain' => true, 'append' => ' ' . $user->lang['DAYS']),
 						'max_login_attempts'	=> array('lang' => 'MAX_LOGIN_ATTEMPTS',	'validate' => 'int:0',	'type' => 'text:3:3', 'explain' => true),
+						'ip_login_limit_max'	=> array('lang' => 'IP_LOGIN_LIMIT_MAX',	'validate' => 'int:0',	'type' => 'text:3:3', 'explain' => true),
+						'ip_login_limit_time'	=> array('lang' => 'IP_LOGIN_LIMIT_TIME',	'validate' => 'int:0',	'type' => 'text:5:5', 'explain' => true, 'append' => ' ' . $user->lang['SECONDS']),
+						'ip_login_limit_use_forwarded'	=> array('lang' => 'IP_LOGIN_LIMIT_USE_FORWARDED',	'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
 						'tpl_allow_php'			=> array('lang' => 'TPL_ALLOW_PHP',			'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
 						'form_token_lifetime'	=> array('lang' => 'FORM_TIME_MAX',			'validate' => 'int:-1',	'type' => 'text:5:5', 'explain' => true, 'append' => ' ' . $user->lang['SECONDS']),
 						'form_token_sid_guests'	=> array('lang' => 'FORM_SID_GUESTS',		'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
@@ -769,13 +772,20 @@ class acp_board
 	{
 		global $user, $config;
 
-		$radio_ary = array(USER_ACTIVATION_DISABLE => 'ACC_DISABLE', USER_ACTIVATION_NONE => 'ACC_NONE');
+		$radio_ary = array(
+			USER_ACTIVATION_DISABLE => 'ACC_DISABLE',
+			USER_ACTIVATION_NONE => 'ACC_NONE',
+		);
+
 		if ($config['email_enable'])
 		{
-			$radio_ary += array(USER_ACTIVATION_SELF => 'ACC_USER', USER_ACTIVATION_ADMIN => 'ACC_ADMIN');
+			$radio_ary[USER_ACTIVATION_SELF] = 'ACC_USER';
+			$radio_ary[USER_ACTIVATION_ADMIN] = 'ACC_ADMIN';
 		}
 
-		return h_radio('config[require_activation]', $radio_ary, $value, $key);
+		$radio_text = h_radio('config[require_activation]', $radio_ary, $value, 'require_activation', $key, '<br />');
+
+		return $radio_text;
 	}
 
 	/**

phpBB/includes/acp/acp_disallow.php

@@ -56,6 +56,18 @@ class acp_disallow
 				trigger_error($user->lang['NO_USERNAME_SPECIFIED'] . adm_back_link($this->u_action), E_USER_WARNING);
 			}
 
+			$sql = 'SELECT disallow_id
+				FROM ' . DISALLOW_TABLE . "
+				WHERE disallow_username = '" . $db->sql_escape($disallowed_user) . "'";
+			$result = $db->sql_query($sql);
+			$row = $db->sql_fetchrow($result);
+			$db->sql_freeresult($result);
+
+			if ($row)
+			{
+				trigger_error($user->lang['DISALLOWED_ALREADY'] . adm_back_link($this->u_action), E_USER_WARNING);
+			}
+
 			$sql = 'INSERT INTO ' . DISALLOW_TABLE . ' ' . $db->sql_build_array('INSERT', array('disallow_username' => $disallowed_user));
 			$db->sql_query($sql);
 

phpBB/includes/acp/acp_email.php

@@ -82,23 +82,48 @@ class acp_email
 				{
 					if ($group_id)
 					{
-						$sql = 'SELECT u.user_email, u.username, u.username_clean, u.user_lang, u.user_jabber, u.user_notify_type
-							FROM ' . USERS_TABLE . ' u, ' . USER_GROUP_TABLE . ' ug
-							WHERE ug.group_id = ' . $group_id . '
+						$sql_ary = array(
+							'SELECT'	=> 'u.user_email, u.username, u.username_clean, u.user_lang, u.user_jabber, u.user_notify_type',
+							'FROM'		=> array(
+								USERS_TABLE			=> 'u',
+								USER_GROUP_TABLE	=> 'ug',
+							),
+							'WHERE'		=> 'ug.group_id = ' . $group_id . '
 								AND ug.user_pending = 0
 								AND u.user_id = ug.user_id
 								AND u.user_allow_massemail = 1
-								AND u.user_type IN (' . USER_NORMAL . ', ' . USER_FOUNDER . ')
-							ORDER BY u.user_lang, u.user_notify_type';
+								AND u.user_type IN (' . USER_NORMAL . ', ' . USER_FOUNDER . ')',
+							'ORDER_BY'	=> 'u.user_lang, u.user_notify_type',
+						);
 					}
 					else
 					{
-						$sql = 'SELECT username, username_clean, user_email, user_jabber, user_notify_type, user_lang
-							FROM ' . USERS_TABLE . '
-							WHERE user_allow_massemail = 1
-								AND user_type IN (' . USER_NORMAL . ', ' . USER_FOUNDER . ')
-							ORDER BY user_lang, user_notify_type';
+						$sql_ary = array(
+							'SELECT'	=> 'u.username, u.username_clean, u.user_email, u.user_jabber, u.user_lang, u.user_notify_type',
+							'FROM'		=> array(
+								USERS_TABLE	=> 'u',
+							),
+							'WHERE'		=> 'u.user_allow_massemail = 1
+								AND u.user_type IN (' . USER_NORMAL . ', ' . USER_FOUNDER . ')',
+							'ORDER_BY'	=> 'u.user_lang, u.user_notify_type',
+						);
 					}
+
+					// Mail banned or not
+					if (!isset($_REQUEST['mail_banned_flag']))
+					{
+						$sql_ary['WHERE'] .= ' AND (b.ban_id IS NULL
+						        OR b.ban_exclude = 1)';
+						$sql_ary['LEFT_JOIN'] = array(
+							array(
+								'FROM'	=> array(
+									BANLIST_TABLE	=> 'b',
+								),
+								'ON'	=> 'u.user_id = b.ban_userid',
+							),
+						);
+					}
+					$sql = $db->sql_build_query('SELECT', $sql_ary);
 				}
 				$result = $db->sql_query($sql);
 				$row = $db->sql_fetchrow($result);

phpBB/includes/acp/acp_icons.php

@@ -394,6 +394,10 @@ class acp_icons
 					{
 						// skip images where add wasn't checked
 					}
+					else if (!file_exists($phpbb_root_path . $img_path . '/' . $image))
+					{
+						$errors[$image] = 'SMILIE_NO_FILE';
+					}
 					else
 					{
 						if ($image_width[$image] == 0 || $image_height[$image] == 0)

phpBB/includes/acp/acp_language.php

@@ -1055,14 +1055,14 @@ class acp_language
 				$iso_src .= htmlspecialchars_decode($row['lang_author']);
 				$compress->add_data($iso_src, 'language/' . $row['lang_iso'] . '/iso.txt');
 
-				// index.html files
-				$compress->add_data('', 'language/' . $row['lang_iso'] . '/index.html');
-				$compress->add_data('', 'language/' . $row['lang_iso'] . '/email/index.html');
-				$compress->add_data('', 'language/' . $row['lang_iso'] . '/acp/index.html');
+				// index.htm files
+				$compress->add_data('', 'language/' . $row['lang_iso'] . '/index.htm');
+				$compress->add_data('', 'language/' . $row['lang_iso'] . '/email/index.htm');
+				$compress->add_data('', 'language/' . $row['lang_iso'] . '/acp/index.htm');
 
 				if (sizeof($mod_files))
 				{
-					$compress->add_data('', 'language/' . $row['lang_iso'] . '/mods/index.html');
+					$compress->add_data('', 'language/' . $row['lang_iso'] . '/mods/index.htm');
 				}
 
 				$compress->close();
@@ -1217,7 +1217,7 @@ $lang = array_merge($lang, array(
 ';
 
 		// Language files in language root directory
-		$this->main_files = array("common.$phpEx", "groups.$phpEx", "install.$phpEx", "mcp.$phpEx", "memberlist.$phpEx", "posting.$phpEx", "search.$phpEx", "ucp.$phpEx", "viewforum.$phpEx", "viewtopic.$phpEx", "help_bbcode.$phpEx", "help_faq.$phpEx");
+		$this->main_files = array("captcha_qa.$phpEx", "captcha_recaptcha.$phpEx", "common.$phpEx", "groups.$phpEx", "install.$phpEx", "mcp.$phpEx", "memberlist.$phpEx", "posting.$phpEx", "search.$phpEx", "ucp.$phpEx", "viewforum.$phpEx", "viewtopic.$phpEx", "help_bbcode.$phpEx", "help_faq.$phpEx");
 	}
 
 	/**

phpBB/includes/acp/acp_main.php

@@ -529,7 +529,7 @@ class acp_main
 		);
 
 		$log_data = array();
-		$log_count = 0;
+		$log_count = false;
 
 		if ($auth->acl_get('a_viewlogs'))
 		{

phpBB/includes/acp/acp_profile.php

@@ -512,7 +512,7 @@ class acp_profile
 					else if ($field_type == FIELD_INT && $key == 'field_default_value')
 					{
 						// Permit an empty string
-						if (request_var('field_default_value', '') === '')
+						if ($action == 'create' && request_var('field_default_value', '') === '')
 						{
 							$var = '';
 						}

phpBB/includes/acp/acp_search.php

@@ -392,7 +392,18 @@ class acp_search
 									AND post_id <= ' . (int) ($post_counter + $this->batch_size);
 							$result = $db->sql_query($sql);
 
-							while ($row = $db->sql_fetchrow($result))
+							$buffer = $db->sql_buffer_nested_transactions();
+
+							if ($buffer)
+							{
+								$rows = $db->sql_fetchrowset($result);
+								$rows[] = false; // indicate end of array for while loop below
+
+								$db->sql_freeresult($result);
+							}
+
+							$i = 0;
+							while ($row = ($buffer ? $rows[$i++] : $db->sql_fetchrow($result)))
 							{
 								// Indexing enabled for this forum or global announcement?
 								// Global announcements get indexed by default.
@@ -402,7 +413,10 @@ class acp_search
 								}
 								$row_count++;
 							}
-							$db->sql_freeresult($result);
+							if (!$buffer)
+							{
+								$db->sql_freeresult($result);
+							}
 
 							$post_counter += $this->batch_size;
 						}

phpBB/includes/acp/acp_styles.php

@@ -510,6 +510,7 @@ parse_css_file = {PARSE_CSS_FILE}
 							$db->sql_transaction('commit');
 
 							$cache->destroy('sql', STYLES_IMAGESET_DATA_TABLE);
+							$cache->destroy('imageset_site_logo_md5');
 
 							add_log('admin', 'LOG_IMAGESET_REFRESHED', $imageset_row['imageset_name']);
 							trigger_error($user->lang['IMAGESET_REFRESHED'] . adm_back_link($this->u_action));
@@ -716,7 +717,7 @@ parse_css_file = {PARSE_CSS_FILE}
 		$save_changes	= (isset($_POST['save'])) ? true : false;
 
 		// make sure template_file path doesn't go upwards
-		$template_file = str_replace('..', '.', $template_file);
+		$template_file = preg_replace('#\.{2,}#', '.', $template_file);
 
 		// Retrieve some information about the template
 		$sql = 'SELECT template_storedb, template_path, template_name
@@ -1587,23 +1588,23 @@ parse_css_file = {PARSE_CSS_FILE}
 		{
 			case 'style':
 				$sql_from = STYLES_TABLE;
-				$sql_select = 'style_name';
+				$sql_select = 'style_id, style_name, template_id, theme_id, imageset_id';
 				$sql_where = 'AND style_active = 1';
 			break;
 
 			case 'template':
 				$sql_from = STYLES_TEMPLATE_TABLE;
-				$sql_select = 'template_name, template_path, template_storedb';
+				$sql_select = 'template_id, template_name, template_path, template_storedb';
 			break;
 
 			case 'theme':
 				$sql_from = STYLES_THEME_TABLE;
-				$sql_select = 'theme_name, theme_path, theme_storedb';
+				$sql_select = 'theme_id, theme_name, theme_path, theme_storedb';
 			break;
 
 			case 'imageset':
 				$sql_from = STYLES_IMAGESET_TABLE;
-				$sql_select = 'imageset_name, imageset_path';
+				$sql_select = 'imageset_id, imageset_name, imageset_path';
 			break;
 		}
 
@@ -1633,37 +1634,14 @@ parse_css_file = {PARSE_CSS_FILE}
 			trigger_error($user->lang['NO_' . $l_prefix] . adm_back_link($this->u_action), E_USER_WARNING);
 		}
 
-		$sql = "SELECT {$mode}_id, {$mode}_name
-			FROM $sql_from
-			WHERE {$mode}_id <> $style_id
-			$sql_where
-			ORDER BY {$mode}_name ASC";
-		$result = $db->sql_query($sql);
-
-		$s_options = '';
-
-		if ($row = $db->sql_fetchrow($result))
-		{
-			do
-			{
-				$s_options .= '<option value="' . $row[$mode . '_id'] . '">' . $row[$mode . '_name'] . '</option>';
-			}
-			while ($row = $db->sql_fetchrow($result));
-		}
-		else
-		{
-			trigger_error($user->lang['ONLY_' . $l_prefix] . adm_back_link($this->u_action), E_USER_WARNING);
-		}
-		$db->sql_freeresult($result);
-
 		if ($update)
 		{
-			$sql = "DELETE FROM $sql_from
-				WHERE {$mode}_id = $style_id";
-			$db->sql_query($sql);
-
 			if ($mode == 'style')
 			{
+				$sql = "DELETE FROM $sql_from
+					WHERE {$mode}_id = $style_id";
+				$db->sql_query($sql);
+
 				$sql = 'UPDATE ' . USERS_TABLE . "
 					SET user_style = $new_id
 					WHERE user_style = $style_id";
@@ -1678,19 +1656,19 @@ parse_css_file = {PARSE_CSS_FILE}
 				{
 					set_config('default_style', $new_id);
 				}
+
+				// Remove the components
+				$components = array('template', 'theme', 'imageset');
+				foreach ($components as $component)
+				{
+					$new_id = request_var('new_' . $component . '_id', 0);
+					$component_id = $style_row[$component . '_id'];
+					$this->remove_component($component, $component_id, $new_id, $style_id);
+				}
 			}
 			else
 			{
-				if ($mode == 'imageset')
-				{
-					$sql = 'DELETE FROM ' . STYLES_IMAGESET_DATA_TABLE . "
-						WHERE imageset_id = $style_id";
-					$db->sql_query($sql);
-				}
-				$sql = 'UPDATE ' . STYLES_TABLE . "
-					SET {$mode}_id = $new_id
-					WHERE {$mode}_id = $style_id";
-				$db->sql_query($sql);
+				$this->remove_component($mode, $style_id, $new_id);
 			}
 
 			$cache->destroy('sql', STYLES_TABLE);
@@ -1700,11 +1678,12 @@ parse_css_file = {PARSE_CSS_FILE}
 			trigger_error($user->lang[$message] . adm_back_link($this->u_action));
 		}
 
+		$this->display_component_options($mode, $style_row[$mode . '_id'], $style_row);
+
 		$this->page_title = 'DELETE_' . $l_prefix;
 
 		$template->assign_vars(array(
 			'S_DELETE'			=> true,
-			'S_REPLACE_OPTIONS'	=> $s_options,
 
 			'L_TITLE'			=> $user->lang[$this->page_title],
 			'L_EXPLAIN'			=> $user->lang[$this->page_title . '_EXPLAIN'],
@@ -1718,6 +1697,202 @@ parse_css_file = {PARSE_CSS_FILE}
 			'NAME'			=> $style_row[$mode . '_name'],
 			)
 		);
+
+		if ($mode == 'style')
+		{
+			$template->assign_vars(array(
+				'S_DELETE_STYLE'		=> true,
+			));
+		}
+	}
+
+	/**
+	* Remove template/theme/imageset entry from the database
+	*/
+	function remove_component($component, $component_id, $new_id, $style_id = false)
+	{
+		global $db;
+
+		if (($new_id == 0) || ($component === 'template' && ($conflicts = $this->check_inheritance($component, $component_id))))
+		{
+			// We can not delete the template, as the user wants to keep the component or an other template is inheriting from this one.
+			return;
+		}
+
+		$component_in_use = array();
+		if ($component != 'style')
+		{
+			$component_in_use = $this->component_in_use($component, $component_id, $style_id);
+		}
+
+		if (($new_id == -1) && !empty($component_in_use))
+		{
+			// We can not delete the component, as it is still in use
+			return;
+		}
+
+		if ($component == 'imageset')
+		{
+			$sql = 'DELETE FROM ' . STYLES_IMAGESET_DATA_TABLE . "
+				WHERE imageset_id = $component_id";
+			$db->sql_query($sql);
+		}
+
+		switch ($component)
+		{
+			case 'template':
+				$sql_from = STYLES_TEMPLATE_TABLE;
+			break;
+
+			case 'theme':
+				$sql_from = STYLES_THEME_TABLE;
+			break;
+
+			case 'imageset':
+				$sql_from = STYLES_IMAGESET_TABLE;;
+			break;
+		}
+
+		$sql = "DELETE FROM $sql_from
+			WHERE {$component}_id = $component_id";
+		$db->sql_query($sql);
+
+		$sql = 'UPDATE ' . STYLES_TABLE . "
+			SET {$component}_id = $new_id
+			WHERE {$component}_id = $component_id";
+		$db->sql_query($sql);
+	}
+
+	/**
+	* Display the options which can be used to replace a style/template/theme/imageset
+	*/
+	function display_component_options($component, $component_id, $style_row = false, $style_id = false)
+	{
+		global $db, $template, $user;
+
+		$component_in_use = array();
+		if ($component != 'style')
+		{
+			$component_in_use = $this->component_in_use($component, $component_id, $style_id);
+		}
+
+		$sql_where = '';
+		switch ($component)
+		{
+			case 'style':
+				$sql_from = STYLES_TABLE;
+				$sql_where = 'WHERE style_active = 1';
+			break;
+
+			case 'template':
+				$sql_from = STYLES_TEMPLATE_TABLE;
+				$sql_where = 'WHERE template_inherits_id <> ' . $component_id;
+			break;
+
+			case 'theme':
+				$sql_from = STYLES_THEME_TABLE;
+			break;
+
+			case 'imageset':
+				$sql_from = STYLES_IMAGESET_TABLE;
+			break;
+		}
+
+		$s_options = '';
+		if (($component != 'style') && empty($component_in_use))
+		{
+			$sql = "SELECT {$component}_id, {$component}_name
+				FROM $sql_from
+				WHERE {$component}_id = {$component_id}";
+			$result = $db->sql_query($sql);
+			$row = $db->sql_fetchrow($result);
+			$db->sql_freeresult($result);
+
+			$s_options .= '<option value="-1" selected="selected">' . $user->lang['DELETE_' . strtoupper($component)] . '</option>';
+			$s_options .= '<option value="0">' . sprintf($user->lang['KEEP_' . strtoupper($component)], $row[$component . '_name']) . '</option>';
+		}
+		else
+		{
+			$sql = "SELECT {$component}_id, {$component}_name
+				FROM $sql_from
+				$sql_where
+				ORDER BY {$component}_name ASC";
+			$result = $db->sql_query($sql);
+
+			$s_keep_option = $s_options = '';
+			while ($row = $db->sql_fetchrow($result))
+			{
+				if ($row[$component . '_id'] != $component_id)
+				{
+					$s_options .= '<option value="' . $row[$component . '_id'] . '">' . sprintf($user->lang['REPLACE_WITH_OPTION'], $row[$component . '_name']) . '</option>';
+				}
+				else if ($component != 'style')
+				{
+					$s_keep_option = '<option value="0" selected="selected">' . sprintf($user->lang['KEEP_' . strtoupper($component)], $row[$component . '_name']) . '</option>';
+				}
+			}
+			$db->sql_freeresult($result);
+			$s_options = $s_keep_option . $s_options;
+		}
+
+		if (!$style_row)
+		{
+			$template->assign_var('S_REPLACE_' . strtoupper($component) . '_OPTIONS', $s_options);
+		}
+		else
+		{
+			$template->assign_var('S_REPLACE_OPTIONS', $s_options);
+			if ($component == 'style')
+			{
+				$components = array('template', 'theme', 'imageset');
+				foreach ($components as $component)
+				{
+					$this->display_component_options($component, $style_row[$component . '_id'], false, $component_id, true);
+				}
+			}
+		}
+	}
+
+	/**
+	* Check whether the component is still used by another style or component
+	*/
+	function component_in_use($component, $component_id, $style_id = false)
+	{
+		global $db;
+
+		$component_in_use = array();
+
+		if ($style_id)
+		{
+			$sql = 'SELECT style_id, style_name
+				FROM ' . STYLES_TABLE . "
+				WHERE {$component}_id = {$component_id}
+					AND style_id <> {$style_id}
+				ORDER BY style_name ASC";
+		}
+		else
+		{
+			$sql = 'SELECT style_id, style_name
+				FROM ' . STYLES_TABLE . "
+				WHERE {$component}_id = {$component_id}
+				ORDER BY style_name ASC";
+		}
+		$result = $db->sql_query($sql);
+		while ($row = $db->sql_fetchrow($result))
+		{
+			$component_in_use[] = $row['style_name'];
+		}
+		$db->sql_freeresult($result);
+
+		if ($component === 'template' && ($conflicts = $this->check_inheritance($component, $component_id)))
+		{
+			foreach ($conflicts as $temp_id => $conflict_data)
+			{
+				$component_in_use[] = $conflict_data['template_name'];
+			}
+		}
+
+		return $component_in_use;
 	}
 
 	/**

phpBB/includes/acp/acp_words.php

@@ -95,6 +95,9 @@ class acp_words
 					trigger_error($user->lang['ENTER_WORD'] . adm_back_link($this->u_action), E_USER_WARNING);
 				}
 
+				// Replace multiple consecutive asterisks with single one as those are not needed
+				$word = preg_replace('#\*{2,}#', '*', $word);
+
 				$sql_ary = array(
 					'word'			=> $word,
 					'replacement'	=> $replacement

phpBB/includes/auth.php

@@ -109,6 +109,7 @@ class auth
 	*/
 	function _fill_acl($user_permissions)
 	{
+		$seq_cache = array();
 		$this->acl = array();
 		$user_permissions = explode("\n", $user_permissions);
 
@@ -125,8 +126,17 @@ class auth
 
 				while ($subseq = substr($seq, $i, 6))
 				{
+					if (isset($seq_cache[$subseq]))
+					{
+						$converted = $seq_cache[$subseq];
+					}
+					else
+					{
+						$converted = $seq_cache[$subseq] = str_pad(base_convert($subseq, 36, 2), 31, 0, STR_PAD_LEFT);
+					}
+
 					// We put the original bitstring into the acl array
-					$this->acl[$f] .= str_pad(base_convert($subseq, 36, 2), 31, 0, STR_PAD_LEFT);
+					$this->acl[$f] .= $converted;
 					$i += 6;
 				}
 			}
@@ -898,7 +908,7 @@ class auth
 		$method = 'login_' . $method;
 		if (function_exists($method))
 		{
-			$login = $method($username, $password);
+			$login = $method($username, $password, $user->ip, $user->browser, $user->forwarded_for);
 
 			// If the auth module wants us to create an empty profile do so and then treat the status as LOGIN_SUCCESS
 			if ($login['status'] == LOGIN_SUCCESS_CREATE_PROFILE)

phpBB/includes/auth/auth_db.php

@@ -23,8 +23,21 @@ if (!defined('IN_PHPBB'))
 
 /**
 * Login function
+*
+* @param string $username
+* @param string $password
+* @param string $ip			IP address the login is taking place from. Used to
+*							limit the number of login attempts per IP address.
+* @param string $browser	The user agent used to login
+* @param string $forwarded_for X_FORWARDED_FOR header sent with login request
+* @return array				A associative array of the format
+*							array(
+*								'status' => status constant
+*								'error_msg' => string
+*								'user_row' => array
+*							)
 */
-function login_db(&$username, &$password)
+function login_db($username, $password, $ip = '', $browser = '', $forwarded_for = '')
 {
 	global $db, $config;
 
@@ -47,13 +60,51 @@ function login_db(&$username, &$password)
 		);
 	}
 
+	$username_clean = utf8_clean_string($username);
+
 	$sql = 'SELECT user_id, username, user_password, user_passchg, user_pass_convert, user_email, user_type, user_login_attempts
 		FROM ' . USERS_TABLE . "
-		WHERE username_clean = '" . $db->sql_escape(utf8_clean_string($username)) . "'";
+		WHERE username_clean = '" . $db->sql_escape($username_clean) . "'";
 	$result = $db->sql_query($sql);
 	$row = $db->sql_fetchrow($result);
 	$db->sql_freeresult($result);
 
+	if (($ip && !$config['ip_login_limit_use_forwarded']) ||
+		($forwarded_for && $config['ip_login_limit_use_forwarded']))
+	{
+		$sql = 'SELECT COUNT(*) AS attempts
+			FROM ' . LOGIN_ATTEMPT_TABLE . '
+			WHERE attempt_time > ' . (time() - (int) $config['ip_login_limit_time']);
+		if ($config['ip_login_limit_use_forwarded'])
+		{
+			$sql .= " AND attempt_forwarded_for = '" . $db->sql_escape($forwarded_for) . "'";
+		}
+		else
+		{
+			$sql .= " AND attempt_ip = '" . $db->sql_escape($ip) . "' ";
+		}
+
+		$result = $db->sql_query($sql);
+		$attempts = (int) $db->sql_fetchfield('attempts');
+		$db->sql_freeresult($result);
+
+		$attempt_data = array(
+			'attempt_ip'			=> $ip,
+			'attempt_browser'		=> trim(substr($browser, 0, 149)),
+			'attempt_forwarded_for'	=> $forwarded_for,
+			'attempt_time'			=> time(),
+			'user_id'				=> ($row) ? (int) $row['user_id'] : 0,
+			'username'				=> $username,
+			'username_clean'		=> $username_clean,
+		);
+		$sql = 'INSERT INTO ' . LOGIN_ATTEMPT_TABLE . $db->sql_build_array('INSERT', $attempt_data);
+		$result = $db->sql_query($sql);
+	}
+	else
+	{
+		$attempts = 0;
+	}
+
 	if (!$row)
 	{
 		return array(
@@ -62,7 +113,9 @@ function login_db(&$username, &$password)
 			'user_row'	=> array('user_id' => ANONYMOUS),
 		);
 	}
-	$show_captcha = $config['max_login_attempts'] && $row['user_login_attempts'] >= $config['max_login_attempts'];
+
+	$show_captcha = ($config['max_login_attempts'] && $row['user_login_attempts'] >= $config['max_login_attempts']) ||
+		($config['ip_login_limit_max'] && $attempts >= $config['ip_login_limit_max']);
 
 	// If there are too much login attempts, we need to check for an confirm image
 	// Every auth module is able to define what to do by itself...
@@ -90,7 +143,7 @@ function login_db(&$username, &$password)
 		{
 			$captcha->reset();
 		}
-		
+
 	}
 
 	// If the password convert flag is set we need to convert it
@@ -165,6 +218,10 @@ function login_db(&$username, &$password)
 			$row['user_password'] = $hash;
 		}
 
+		$sql = 'DELETE FROM ' . LOGIN_ATTEMPT_TABLE . '
+			WHERE user_id = ' . $row['user_id'];
+		$db->sql_query($sql);
+
 		if ($row['user_login_attempts'] != 0)
 		{
 			// Successful, reset login attempts (the user passed all stages)

phpBB/includes/auth/auth_ldap.php

@@ -335,7 +335,7 @@ function acp_ldap(&$new)
 	</dl>
 	<dl>
 		<dt><label for="ldap_password">' . $user->lang['LDAP_PASSWORD'] . ':</label><br /><span>' . $user->lang['LDAP_PASSWORD_EXPLAIN'] . '</span></dt>
-		<dd><input type="password" id="ldap_password" size="40" name="config[ldap_password]" value="' . $new['ldap_password'] . '" /></dd>
+		<dd><input type="password" id="ldap_password" size="40" name="config[ldap_password]" value="' . $new['ldap_password'] . '" autocomplete="off" /></dd>
 	</dl>
 	';
 

phpBB/includes/cache.php

@@ -82,26 +82,9 @@ class cache extends acm
 			$result = $db->sql_query($sql);
 
 			$censors = array();
-			$unicode = ((version_compare(PHP_VERSION, '5.1.0', '>=') || (version_compare(PHP_VERSION, '5.0.0-dev', '<=') && version_compare(PHP_VERSION, '4.4.0', '>='))) && @preg_match('/\p{L}/u', 'a') !== false) ? true : false;
-
 			while ($row = $db->sql_fetchrow($result))
 			{
-				if ($unicode)
-				{
-					// Unescape the asterisk to simplify further conversions
-					$row['word'] = str_replace('\*', '*', preg_quote($row['word'], '#'));
-					
-					// Replace the asterisk inside the pattern, at the start and at the end of it with regexes
-					$row['word'] = preg_replace(array('#(?<=[\p{Nd}\p{L}_])\*(?=[\p{Nd}\p{L}_])#iu', '#^\*#', '#\*$#'), array('([\x20]*?|[\p{Nd}\p{L}_-]*?)', '[\p{Nd}\p{L}_-]*?', '[\p{Nd}\p{L}_-]*?'), $row['word']);
-
-					// Generate the final substitution
-					$censors['match'][] = '#(?<![\p{Nd}\p{L}_-])(' . $row['word'] . ')(?![\p{Nd}\p{L}_-])#iu';
-				}
-				else
-				{
-					$censors['match'][] = '#(?<!\S)(' . str_replace('\*', '\S*?', preg_quote($row['word'], '#')) . ')(?!\S)#iu';
-				}
-
+				$censors['match'][] = get_censor_preg_expression($row['word']);
 				$censors['replace'][] = $row['replacement'];
 			}
 			$db->sql_freeresult($result);

phpBB/includes/captcha/captcha_gd.php

@@ -77,7 +77,7 @@ class captcha
 		{
 			$denom = ($code_len - $i);
 			$denom = max(1.3, $denom);
-			$offset[$i] = mt_rand(0, (1.5 * $width_avail) / $denom);
+			$offset[$i] = phpbb_mt_rand(0, (int) round((1.5 * $width_avail) / $denom));
 			$width_avail -= $offset[$i];
 		}
 
@@ -112,7 +112,7 @@ class captcha
 			$noise_bitmaps = $this->captcha_noise_bg_bitmaps();
 			for ($i = 0; $i < $code_len; ++$i)
 			{
-				$noise[$i] = new char_cube3d($noise_bitmaps, mt_rand(1, count($noise_bitmaps['data'])));
+				$noise[$i] = new char_cube3d($noise_bitmaps, mt_rand(1, sizeof($noise_bitmaps['data'])));
 
 				list($min, $max) = $noise[$i]->range();
 				//$box = $noise[$i]->dimensions($sizes[$i]);
@@ -1669,32 +1669,32 @@ class captcha
 			'height'	=> 15,
 			'data'		=> array(
 
-			'A' =>	$chars['A'][mt_rand(0, min(count($chars['A']), $config['captcha_gd_fonts']) -1)],
-			'B' =>	$chars['B'][mt_rand(0, min(count($chars['B']), $config['captcha_gd_fonts']) -1)],
-			'C' =>	$chars['C'][mt_rand(0, min(count($chars['C']), $config['captcha_gd_fonts']) -1)],
-			'D' =>	$chars['D'][mt_rand(0, min(count($chars['D']), $config['captcha_gd_fonts']) -1)],
-			'E' =>	$chars['E'][mt_rand(0, min(count($chars['E']), $config['captcha_gd_fonts']) -1)],
-			'F' =>	$chars['F'][mt_rand(0, min(count($chars['F']), $config['captcha_gd_fonts']) -1)],
-			'G' =>	$chars['G'][mt_rand(0, min(count($chars['G']), $config['captcha_gd_fonts']) -1)],
-			'H' =>	$chars['H'][mt_rand(0, min(count($chars['H']), $config['captcha_gd_fonts']) -1)],
-			'I' =>	$chars['I'][mt_rand(0, min(count($chars['I']), $config['captcha_gd_fonts']) -1)],
-			'J' =>	$chars['J'][mt_rand(0, min(count($chars['J']), $config['captcha_gd_fonts']) -1)],
-			'K' =>	$chars['K'][mt_rand(0, min(count($chars['K']), $config['captcha_gd_fonts']) -1)],
-			'L' =>	$chars['L'][mt_rand(0, min(count($chars['L']), $config['captcha_gd_fonts']) -1)],
-			'M' =>	$chars['M'][mt_rand(0, min(count($chars['M']), $config['captcha_gd_fonts']) -1)],  
-			'N' =>	$chars['N'][mt_rand(0, min(count($chars['N']), $config['captcha_gd_fonts']) -1)],
-			'O' =>	$chars['O'][mt_rand(0, min(count($chars['O']), $config['captcha_gd_fonts']) -1)],
-			'P' =>	$chars['P'][mt_rand(0, min(count($chars['P']), $config['captcha_gd_fonts']) -1)],
-			'Q' =>	$chars['Q'][mt_rand(0, min(count($chars['Q']), $config['captcha_gd_fonts']) -1)],
-			'R' =>	$chars['R'][mt_rand(0, min(count($chars['R']), $config['captcha_gd_fonts']) -1)],
-			'S' =>	$chars['S'][mt_rand(0, min(count($chars['S']), $config['captcha_gd_fonts']) -1)],
-			'T' =>	$chars['T'][mt_rand(0, min(count($chars['T']), $config['captcha_gd_fonts']) -1)],
-			'U' =>	$chars['U'][mt_rand(0, min(count($chars['U']), $config['captcha_gd_fonts']) -1)],
-			'V' =>	$chars['V'][mt_rand(0, min(count($chars['V']), $config['captcha_gd_fonts']) -1)],
-			'W' =>	$chars['W'][mt_rand(0, min(count($chars['W']), $config['captcha_gd_fonts']) -1)],
-			'X' =>	$chars['X'][mt_rand(0, min(count($chars['X']), $config['captcha_gd_fonts']) -1)],
-			'Y' =>	$chars['Y'][mt_rand(0, min(count($chars['Y']), $config['captcha_gd_fonts']) -1)],
-			'Z' =>	$chars['Z'][mt_rand(0, min(count($chars['Z']), $config['captcha_gd_fonts']) -1)],
+			'A' =>	$chars['A'][mt_rand(0, min(sizeof($chars['A']), $config['captcha_gd_fonts']) -1)],
+			'B' =>	$chars['B'][mt_rand(0, min(sizeof($chars['B']), $config['captcha_gd_fonts']) -1)],
+			'C' =>	$chars['C'][mt_rand(0, min(sizeof($chars['C']), $config['captcha_gd_fonts']) -1)],
+			'D' =>	$chars['D'][mt_rand(0, min(sizeof($chars['D']), $config['captcha_gd_fonts']) -1)],
+			'E' =>	$chars['E'][mt_rand(0, min(sizeof($chars['E']), $config['captcha_gd_fonts']) -1)],
+			'F' =>	$chars['F'][mt_rand(0, min(sizeof($chars['F']), $config['captcha_gd_fonts']) -1)],
+			'G' =>	$chars['G'][mt_rand(0, min(sizeof($chars['G']), $config['captcha_gd_fonts']) -1)],
+			'H' =>	$chars['H'][mt_rand(0, min(sizeof($chars['H']), $config['captcha_gd_fonts']) -1)],
+			'I' =>	$chars['I'][mt_rand(0, min(sizeof($chars['I']), $config['captcha_gd_fonts']) -1)],
+			'J' =>	$chars['J'][mt_rand(0, min(sizeof($chars['J']), $config['captcha_gd_fonts']) -1)],
+			'K' =>	$chars['K'][mt_rand(0, min(sizeof($chars['K']), $config['captcha_gd_fonts']) -1)],
+			'L' =>	$chars['L'][mt_rand(0, min(sizeof($chars['L']), $config['captcha_gd_fonts']) -1)],
+			'M' =>	$chars['M'][mt_rand(0, min(sizeof($chars['M']), $config['captcha_gd_fonts']) -1)],  
+			'N' =>	$chars['N'][mt_rand(0, min(sizeof($chars['N']), $config['captcha_gd_fonts']) -1)],
+			'O' =>	$chars['O'][mt_rand(0, min(sizeof($chars['O']), $config['captcha_gd_fonts']) -1)],
+			'P' =>	$chars['P'][mt_rand(0, min(sizeof($chars['P']), $config['captcha_gd_fonts']) -1)],
+			'Q' =>	$chars['Q'][mt_rand(0, min(sizeof($chars['Q']), $config['captcha_gd_fonts']) -1)],
+			'R' =>	$chars['R'][mt_rand(0, min(sizeof($chars['R']), $config['captcha_gd_fonts']) -1)],
+			'S' =>	$chars['S'][mt_rand(0, min(sizeof($chars['S']), $config['captcha_gd_fonts']) -1)],
+			'T' =>	$chars['T'][mt_rand(0, min(sizeof($chars['T']), $config['captcha_gd_fonts']) -1)],
+			'U' =>	$chars['U'][mt_rand(0, min(sizeof($chars['U']), $config['captcha_gd_fonts']) -1)],
+			'V' =>	$chars['V'][mt_rand(0, min(sizeof($chars['V']), $config['captcha_gd_fonts']) -1)],
+			'W' =>	$chars['W'][mt_rand(0, min(sizeof($chars['W']), $config['captcha_gd_fonts']) -1)],
+			'X' =>	$chars['X'][mt_rand(0, min(sizeof($chars['X']), $config['captcha_gd_fonts']) -1)],
+			'Y' =>	$chars['Y'][mt_rand(0, min(sizeof($chars['Y']), $config['captcha_gd_fonts']) -1)],
+			'Z' =>	$chars['Z'][mt_rand(0, min(sizeof($chars['Z']), $config['captcha_gd_fonts']) -1)],
 
 			'1' => array(
 				array(0,0,0,1,1,0,0,0,0),

phpBB/includes/captcha/captcha_gd_wave.php

@@ -62,8 +62,8 @@ class captcha
 				'y' => mt_rand(10, 17)
 			),
 			'lower_left'	=> array(
-				'x' => mt_rand($img_x - 5, $img_x - 45),
-				'y' => mt_rand($img_y - 0, $img_y - 15)
+				'x' => mt_rand($img_x - 45, $img_x - 5),
+				'y' => mt_rand($img_y - 15, $img_y - 0),
 			),
 		);
 

phpBB/includes/captcha/plugins/phpbb_captcha_qa_plugin.php

@@ -319,7 +319,7 @@ class phpbb_captcha_qa
 					),
 					'PRIMARY_KEY'		=> 'question_id',
 					'KEYS'				=> array(
-						'lang_iso'			=> array('INDEX', 'lang_iso'),
+						'lang'			=> array('INDEX', 'lang_iso'),
 					),
 				),
 				CAPTCHA_ANSWERS_TABLE		=> array (
@@ -328,7 +328,7 @@ class phpbb_captcha_qa
 						'answer_text'	=> array('STEXT_UNI', ''),
 					),
 					'KEYS'				=> array(
-						'question_id'			=> array('INDEX', 'question_id'),
+						'qid'			=> array('INDEX', 'question_id'),
 					),
 				),
 				CAPTCHA_QA_CONFIRM_TABLE		=> array (

phpBB/includes/captcha/plugins/phpbb_recaptcha_plugin.php

@@ -27,9 +27,14 @@ if (!class_exists('phpbb_default_captcha'))
 */
 class phpbb_recaptcha extends phpbb_default_captcha
 {
-	var $recaptcha_server = 'http://api.recaptcha.net';
-	var $recaptcha_server_secure = 'https://api-secure.recaptcha.net'; // class constants :(
-	var $recaptcha_verify_server = 'api-verify.recaptcha.net';
+	var $recaptcha_server = 'http://www.google.com/recaptcha/api';
+	var $recaptcha_server_secure = 'https://www.google.com/recaptcha/api'; // class constants :(
+
+	// We are opening a socket to port 80 of this host and send
+	// the POST request asking for verification to the path specified here.
+	var $recaptcha_verify_server = 'www.google.com';
+	var $recaptcha_verify_path = '/recaptcha/api/verify';
+
 	var $challenge;
 	var $response;
 
@@ -296,7 +301,7 @@ class phpbb_recaptcha extends phpbb_default_captcha
 			return $user->lang['RECAPTCHA_INCORRECT'];
 		}
 
-		$response = $this->_recaptcha_http_post($this->recaptcha_verify_server, '/verify',
+		$response = $this->_recaptcha_http_post($this->recaptcha_verify_server, $this->recaptcha_verify_path,
 			array(
 				'privatekey'	=> $config['recaptcha_privkey'],
 				'remoteip'		=> $user->ip,

phpBB/includes/constants.php

@@ -25,7 +25,7 @@ if (!defined('IN_PHPBB'))
 */
 
 // phpBB Version
-define('PHPBB_VERSION', '3.0.8');
+define('PHPBB_VERSION', '3.0.9');
 
 // QA-related
 // define('PHPBB_QA', 1);
@@ -173,6 +173,9 @@ define('BBCODE_UID_LEN', 8);
 // Number of core BBCodes
 define('NUM_CORE_BBCODES', 12);
 
+// BBCode hard limit
+define('BBCODE_LIMIT', 1511);
+
 // Smiley hard limit
 define('SMILEY_LIMIT', 1000);
 
@@ -233,6 +236,7 @@ define('GROUPS_TABLE',				$table_prefix . 'groups');
 define('ICONS_TABLE',				$table_prefix . 'icons');
 define('LANG_TABLE',				$table_prefix . 'lang');
 define('LOG_TABLE',					$table_prefix . 'log');
+define('LOGIN_ATTEMPT_TABLE',		$table_prefix . 'login_attempts');
 define('MODERATOR_CACHE_TABLE',		$table_prefix . 'moderator_cache');
 define('MODULES_TABLE',				$table_prefix . 'modules');
 define('POLL_OPTIONS_TABLE',		$table_prefix . 'poll_options');
@@ -275,4 +279,4 @@ define('ZEBRA_TABLE',				$table_prefix . 'zebra');
 // Additional tables
 
 
-?>
+?>

phpBB/includes/db/db_tools.php

@@ -417,6 +417,11 @@ class phpbb_db_tools
 			// here lies an array, filled with information compiled on the column's data
 			$prepared_column = $this->sql_prepare_column_data($table_name, $column_name, $column_data);
 
+			if (isset($prepared_column['auto_increment']) && strlen($column_name) > 26) // "${column_name}_gen"
+			{
+				trigger_error("Index name '${column_name}_gen' on table '$table_name' is too long. The maximum auto increment column length is 26 characters.", E_USER_ERROR);
+			}
+
 			// here we add the definition of the new column to the list of columns
 			switch ($this->sql_layer)
 			{
@@ -538,7 +543,7 @@ class phpbb_db_tools
 			break;
 
 			case 'oracle':
-				$table_sql .= "\n);";
+				$table_sql .= "\n)";
 				$statements[] = $table_sql;
 
 				// do we need to add a sequence and a tigger for auto incrementing columns?
@@ -556,7 +561,7 @@ class phpbb_db_tools
 					$trigger .= "BEGIN\n";
 					$trigger .= "\tSELECT {$table_name}_seq.nextval\n";
 					$trigger .= "\tINTO :new.{$create_sequence}\n";
-					$trigger .= "\tFROM dual\n";
+					$trigger .= "\tFROM dual;\n";
 					$trigger .= "END;";
 
 					$statements[] = $trigger;
@@ -566,7 +571,13 @@ class phpbb_db_tools
 			case 'firebird':
 				if ($create_sequence)
 				{
-					$statements[] = "CREATE SEQUENCE {$table_name}_seq;";
+					$statements[] = "CREATE GENERATOR {$table_name}_gen;";
+					$statements[] = "SET GENERATOR {$table_name}_gen TO 0;";
+
+					$trigger = "CREATE TRIGGER t_$table_name FOR $table_name\n";
+					$trigger .= "BEFORE INSERT\nAS\nBEGIN\n";
+					$trigger .= "\tNEW.{$create_sequence} = GEN_ID({$table_name}_gen, 1);\nEND;";
+					$statements[] = $trigger;
 				}
 			break;
 		}
@@ -638,6 +649,19 @@ class phpbb_db_tools
 			$sqlite = true;
 		}
 
+		// Add tables?
+		if (!empty($schema_changes['add_tables']))
+		{
+			foreach ($schema_changes['add_tables'] as $table => $table_data)
+			{
+				$result = $this->sql_create_table($table, $table_data);
+				if ($this->return_statements)
+				{
+					$statements = array_merge($statements, $result);
+				}
+			}
+		}
+
 		// Change columns?
 		if (!empty($schema_changes['change_columns']))
 		{
@@ -681,10 +705,12 @@ class phpbb_db_tools
 			{
 				foreach ($columns as $column_name => $column_data)
 				{
-					// Only add the column if it does not exist yet, else change it (to be consistent)
+					// Only add the column if it does not exist yet
 					if ($column_exists = $this->sql_column_exists($table, $column_name))
 					{
-						$result = $this->sql_column_change($table, $column_name, $column_data, true);
+						continue;
+						// This is commented out here because it can take tremendous time on updates
+//						$result = $this->sql_column_change($table, $column_name, $column_data, true);
 					}
 					else
 					{
@@ -695,7 +721,8 @@ class phpbb_db_tools
 					{
 						if ($column_exists)
 						{
-							$sqlite_data[$table]['change_columns'][] = $result;
+							continue;
+//							$sqlite_data[$table]['change_columns'][] = $result;
 						}
 						else
 						{
@@ -717,6 +744,11 @@ class phpbb_db_tools
 			{
 				foreach ($indexes as $index_name)
 				{
+					if (!$this->sql_index_exists($table, $index_name))
+					{
+						continue;
+					}
+
 					$result = $this->sql_index_drop($table, $index_name);
 
 					if ($this->return_statements)
@@ -777,6 +809,11 @@ class phpbb_db_tools
 			{
 				foreach ($index_array as $index_name => $column)
 				{
+					if ($this->sql_unique_index_exists($table, $index_name))
+					{
+						continue;
+					}
+
 					$result = $this->sql_create_unique_index($table, $index_name, $column);
 
 					if ($this->return_statements)
@@ -794,6 +831,11 @@ class phpbb_db_tools
 			{
 				foreach ($index_array as $index_name => $column)
 				{
+					if ($this->sql_index_exists($table, $index_name))
+					{
+						continue;
+					}
+
 					$result = $this->sql_create_index($table, $index_name, $column);
 
 					if ($this->return_statements)
@@ -1102,6 +1144,236 @@ class phpbb_db_tools
 		}
 	}
 
+	/**
+	* Check if a specified index exists in table. Does not return PRIMARY KEY and UNIQUE indexes.
+	*
+	* @param string	$table_name		Table to check the index at
+	* @param string	$index_name		The index name to check
+	*
+	* @return bool True if index exists, else false
+	*/
+	function sql_index_exists($table_name, $index_name)
+	{
+		if ($this->sql_layer == 'mssql' || $this->sql_layer == 'mssqlnative')
+		{
+			$sql = "EXEC sp_statistics '$table_name'";
+			$result = $this->db->sql_query($sql);
+
+			while ($row = $this->db->sql_fetchrow($result))
+			{
+				if ($row['TYPE'] == 3)
+				{
+					if (strtolower($row['INDEX_NAME']) == strtolower($index_name))
+					{
+						$this->db->sql_freeresult($result);
+						return true;
+					}
+				}
+			}
+			$this->db->sql_freeresult($result);
+
+			return false;
+		}
+
+		switch ($this->sql_layer)
+		{
+			case 'firebird':
+				$sql = "SELECT LOWER(RDB\$INDEX_NAME) as index_name
+					FROM RDB\$INDICES
+					WHERE RDB\$RELATION_NAME = '" . strtoupper($table_name) . "'
+						AND RDB\$UNIQUE_FLAG IS NULL
+						AND RDB\$FOREIGN_KEY IS NULL";
+				$col = 'index_name';
+			break;
+
+			case 'postgres':
+				$sql = "SELECT ic.relname as index_name
+					FROM pg_class bc, pg_class ic, pg_index i
+					WHERE (bc.oid = i.indrelid)
+						AND (ic.oid = i.indexrelid)
+						AND (bc.relname = '" . $table_name . "')
+						AND (i.indisunique != 't')
+						AND (i.indisprimary != 't')";
+				$col = 'index_name';
+			break;
+
+			case 'mysql_40':
+			case 'mysql_41':
+				$sql = 'SHOW KEYS
+					FROM ' . $table_name;
+				$col = 'Key_name';
+			break;
+
+			case 'oracle':
+				$sql = "SELECT index_name
+					FROM user_indexes
+					WHERE table_name = '" . strtoupper($table_name) . "'
+						AND generated = 'N'
+						AND uniqueness = 'NONUNIQUE'";
+				$col = 'index_name';
+			break;
+
+			case 'sqlite':
+				$sql = "PRAGMA index_list('" . $table_name . "');";
+				$col = 'name';
+			break;
+		}
+
+		$result = $this->db->sql_query($sql);
+		while ($row = $this->db->sql_fetchrow($result))
+		{
+			if (($this->sql_layer == 'mysql_40' || $this->sql_layer == 'mysql_41') && !$row['Non_unique'])
+			{
+				continue;
+			}
+
+			// These DBMS prefix index name with the table name
+			switch ($this->sql_layer)
+			{
+				case 'firebird':
+				case 'oracle':
+				case 'postgres':
+				case 'sqlite':
+					$row[$col] = substr($row[$col], strlen($table_name) + 1);
+				break;
+			}
+
+			if (strtolower($row[$col]) == strtolower($index_name))
+			{
+				$this->db->sql_freeresult($result);
+				return true;
+			}
+		}
+		$this->db->sql_freeresult($result);
+
+		return false;
+	}
+
+	/**
+	* Check if a specified index exists in table. Does not return PRIMARY KEY and UNIQUE indexes.
+	*
+	* @param string	$table_name		Table to check the index at
+	* @param string	$index_name		The index name to check
+	*
+	* @return bool True if index exists, else false
+	*/
+	function sql_unique_index_exists($table_name, $index_name)
+	{
+		if ($this->sql_layer == 'mssql' || $this->sql_layer == 'mssqlnative')
+		{
+			$sql = "EXEC sp_statistics '$table_name'";
+			$result = $this->db->sql_query($sql);
+
+			while ($row = $this->db->sql_fetchrow($result))
+			{
+				// Usually NON_UNIQUE is the column we want to check, but we allow for both
+				if ($row['TYPE'] == 3)
+				{
+					if (strtolower($row['INDEX_NAME']) == strtolower($index_name))
+					{
+						$this->db->sql_freeresult($result);
+						return true;
+					}
+				}
+			}
+			$this->db->sql_freeresult($result);
+			return false;
+		}
+
+		switch ($this->sql_layer)
+		{
+			case 'firebird':
+				$sql = "SELECT LOWER(RDB\$INDEX_NAME) as index_name
+					FROM RDB\$INDICES
+					WHERE RDB\$RELATION_NAME = '" . strtoupper($table_name) . "'
+						AND RDB\$UNIQUE_FLAG IS NOT NULL
+						AND RDB\$FOREIGN_KEY IS NULL";
+				$col = 'index_name';
+			break;
+
+			case 'postgres':
+				$sql = "SELECT ic.relname as index_name, i.indisunique
+					FROM pg_class bc, pg_class ic, pg_index i
+					WHERE (bc.oid = i.indrelid)
+						AND (ic.oid = i.indexrelid)
+						AND (bc.relname = '" . $table_name . "')
+						AND (i.indisprimary != 't')";
+				$col = 'index_name';
+			break;
+
+			case 'mysql_40':
+			case 'mysql_41':
+				$sql = 'SHOW KEYS
+					FROM ' . $table_name;
+				$col = 'Key_name';
+			break;
+
+			case 'oracle':
+				$sql = "SELECT index_name, table_owner
+					FROM user_indexes
+					WHERE table_name = '" . strtoupper($table_name) . "'
+						AND generated = 'N'
+						AND uniqueness = 'UNIQUE'";
+				$col = 'index_name';
+			break;
+
+			case 'sqlite':
+				$sql = "PRAGMA index_list('" . $table_name . "');";
+				$col = 'name';
+			break;
+		}
+
+		$result = $this->db->sql_query($sql);
+		while ($row = $this->db->sql_fetchrow($result))
+		{
+			if (($this->sql_layer == 'mysql_40' || $this->sql_layer == 'mysql_41') && ($row['Non_unique'] || $row[$col] == 'PRIMARY'))
+			{
+				continue;
+			}
+
+			if ($this->sql_layer == 'sqlite' && !$row['unique'])
+			{
+				continue;
+			}
+
+			if ($this->sql_layer == 'postgres' && $row['indisunique'] != 't')
+			{
+				continue;
+			}
+
+			// These DBMS prefix index name with the table name
+			switch ($this->sql_layer)
+			{
+				case 'oracle':
+					// Two cases here... prefixed with U_[table_owner] and not prefixed with table_name
+					if (strpos($row[$col], 'U_') === 0)
+					{
+						$row[$col] = substr($row[$col], strlen('U_' . $row['table_owner']) + 1);
+					}
+					else if (strpos($row[$col], strtoupper($table_name)) === 0)
+					{
+						$row[$col] = substr($row[$col], strlen($table_name) + 1);
+					}
+				break;
+
+				case 'firebird':
+				case 'postgres':
+				case 'sqlite':
+					$row[$col] = substr($row[$col], strlen($table_name) + 1);
+				break;
+			}
+
+			if (strtolower($row[$col]) == strtolower($index_name))
+			{
+				$this->db->sql_freeresult($result);
+				return true;
+			}
+		}
+		$this->db->sql_freeresult($result);
+
+		return false;
+	}
+
 	/**
 	* Private method for performing sql statements (either execute them or return them)
 	* @access private
@@ -1139,6 +1411,11 @@ class phpbb_db_tools
 	*/
 	function sql_prepare_column_data($table_name, $column_name, $column_data)
 	{
+		if (strlen($column_name) > 30)
+		{
+			trigger_error("Column name '$column_name' on table '$table_name' is too long. The maximum is 30 characters.", E_USER_ERROR);
+		}
+
 		// Get type
 		if (strpos($column_data[0], ':') !== false)
 		{
@@ -1371,24 +1648,29 @@ class phpbb_db_tools
 		switch ($this->sql_layer)
 		{
 			case 'firebird':
+				// Does not support AFTER statement, only POSITION (and there you need the column position)
 				$statements[] = 'ALTER TABLE ' . $table_name . ' ADD "' . strtoupper($column_name) . '" ' . $column_data['column_type_sql'];
 			break;
 
 			case 'mssql':
 			case 'mssqlnative':
+				// Does not support AFTER, only through temporary table
 				$statements[] = 'ALTER TABLE [' . $table_name . '] ADD [' . $column_name . '] ' . $column_data['column_type_sql_default'];
 			break;
 
 			case 'mysql_40':
 			case 'mysql_41':
-				$statements[] = 'ALTER TABLE `' . $table_name . '` ADD COLUMN `' . $column_name . '` ' . $column_data['column_type_sql'];
+				$after = (!empty($column_data['after'])) ? ' AFTER ' . $column_data['after'] : '';
+				$statements[] = 'ALTER TABLE `' . $table_name . '` ADD COLUMN `' . $column_name . '` ' . $column_data['column_type_sql'] . $after;
 			break;
 
 			case 'oracle':
+				// Does not support AFTER, only through temporary table
 				$statements[] = 'ALTER TABLE ' . $table_name . ' ADD ' . $column_name . ' ' . $column_data['column_type_sql'];
 			break;
 
 			case 'postgres':
+				// Does not support AFTER, only through temporary table
 				if (version_compare($this->db->sql_server_info(true), '8.0', '>='))
 				{
 					$statements[] = 'ALTER TABLE ' . $table_name . ' ADD COLUMN "' . $column_name . '" ' . $column_data['column_type_sql'];
@@ -1774,6 +2056,13 @@ class phpbb_db_tools
 	{
 		$statements = array();
 
+		$table_prefix = substr(CONFIG_TABLE, 0, -6); // strlen(config)
+		if (strlen($table_name . $index_name) - strlen($table_prefix) > 24)
+		{
+			$max_length = $table_prefix + 24;
+			trigger_error("Index name '{$table_name}_$index_name' on table '$table_name' is too long. The maximum is $max_length characters.", E_USER_ERROR);
+		}
+
 		switch ($this->sql_layer)
 		{
 			case 'firebird':
@@ -1804,6 +2093,13 @@ class phpbb_db_tools
 	{
 		$statements = array();
 
+		$table_prefix = substr(CONFIG_TABLE, 0, -6); // strlen(config)
+		if (strlen($table_name . $index_name) - strlen($table_prefix) > 24)
+		{
+			$max_length = $table_prefix + 24;
+			trigger_error("Index name '{$table_name}_$index_name' on table '$table_name' is too long. The maximum is $max_length characters.", E_USER_ERROR);
+		}
+
 		// remove index length unless MySQL4
 		if ('mysql_40' != $this->sql_layer)
 		{
@@ -1957,6 +2253,7 @@ class phpbb_db_tools
 				}
 				else
 				{
+					// TODO: try to change pkey without removing trigger, generator or constraints. ATM this query may fail.
 					$statements[] = 'ALTER TABLE ' . $table_name . ' ALTER COLUMN "' . strtoupper($column_name) . '" TYPE ' . ' ' . $column_data['column_type_sql_type'];
 				}
 			break;

phpBB/includes/db/dbal.php

@@ -241,6 +241,16 @@ class dbal
 		return $this->_sql_like_expression('LIKE \'' . $this->sql_escape($expression) . '\'');
 	}
 
+	/**
+	* Returns whether results of a query need to be buffered to run a transaction while iterating over them.
+	*
+	* @return bool Whether buffering is required.
+	*/
+	function sql_buffer_nested_transactions()
+	{
+		return false;
+	}
+
 	/**
 	* SQL Transaction
 	* @access private
@@ -767,7 +777,7 @@ class dbal
 							</div>
 						</div>
 						<div id="page-footer">
-							Powered by phpBB &copy; 2000, 2002, 2005, 2007 <a href="http://www.phpbb.com/">phpBB Group</a>
+							Powered by <a href="http://www.phpbb.com/">phpBB</a>&reg; Forum Software &copy; phpBB Group
 						</div>
 					</div>
 					</body>

phpBB/includes/db/firebird.php

@@ -28,6 +28,7 @@ class dbal_firebird extends dbal
 	var $last_query_text = '';
 	var $service_handle = false;
 	var $affected_rows = 0;
+	var $connect_error = '';
 
 	/**
 	* Connect to server
@@ -53,9 +54,35 @@ class dbal_firebird extends dbal
 			$use_database = $this->server . ':' . $this->dbname;
 		}
 
-		$this->db_connect_id = ($this->persistency) ? @ibase_pconnect($use_database, $this->user, $sqlpassword, false, false, 3) : @ibase_connect($use_database, $this->user, $sqlpassword, false, false, 3);
+		if ($this->persistency)
+		{
+			if (!function_exists('ibase_pconnect'))
+			{
+				$this->connect_error = 'ibase_pconnect function does not exist, is interbase extension installed?';
+				return $this->sql_error('');
+			}
+			$this->db_connect_id = @ibase_pconnect($use_database, $this->user, $sqlpassword, false, false, 3);
+		}
+		else
+		{
+			if (!function_exists('ibase_connect'))
+			{
+				$this->connect_error = 'ibase_connect function does not exist, is interbase extension installed?';
+				return $this->sql_error('');
+			}
+			$this->db_connect_id = @ibase_connect($use_database, $this->user, $sqlpassword, false, false, 3);
+		}
 
-		$this->service_handle = (function_exists('ibase_service_attach') && $this->server) ? @ibase_service_attach($this->server, $this->user, $sqlpassword) : false;
+		// Do not call ibase_service_attach if connection failed,
+		// otherwise error message from ibase_(p)connect call will be clobbered.
+		if ($this->db_connect_id && function_exists('ibase_service_attach') && $this->server)
+		{
+			$this->service_handle = @ibase_service_attach($this->server, $this->user, $sqlpassword);
+		}
+		else
+		{
+			$this->service_handle = false;
+		}
 
 		return ($this->db_connect_id) ? $this->db_connect_id : $this->sql_error('');
 	}
@@ -471,8 +498,24 @@ class dbal_firebird extends dbal
 	*/
 	function _sql_error()
 	{
+		// Need special handling here because ibase_errmsg returns
+		// connection errors, however if the interbase extension
+		// is not installed then ibase_errmsg does not exist and
+		// we cannot call it.
+		if (function_exists('ibase_errmsg'))
+		{
+			$msg = @ibase_errmsg();
+			if (!$msg)
+			{
+				$msg = $this->connect_error;
+			}
+		}
+		else
+		{
+			$msg = $this->connect_error;
+		}
 		return array(
-			'message'	=> @ibase_errmsg(),
+			'message'	=> $msg,
 			'code'		=> (@function_exists('ibase_errcode') ? @ibase_errcode() : '')
 		);
 	}

phpBB/includes/db/mssqlnative.php

@@ -50,7 +50,7 @@ class result_mssqlnative
 			}
 		}
 
-		$this->m_row_count = count($this->m_rows);
+		$this->m_row_count = sizeof($this->m_rows);
 	}
 
 	private function array_to_obj($array, &$obj)
@@ -258,6 +258,14 @@ class dbal_mssqlnative extends dbal
 		return ($this->sql_server_version) ? 'MSSQL<br />' . $this->sql_server_version : 'MSSQL';
 	}
 
+	/**
+	* {@inheritDoc}
+	*/
+	function sql_buffer_nested_transactions()
+	{
+		return true;
+	}
+
 	/**
 	* SQL Transaction
 	* @access private
@@ -628,7 +636,7 @@ class dbal_mssqlnative extends dbal
 			return false;
 		}
 	}
-	
+
 	/**
 	* Allows setting mssqlnative specific query options passed to sqlsrv_query as 4th parameter.
 	*/

phpBB/includes/db/oracle.php

@@ -269,11 +269,12 @@ class dbal_oracle extends dbal
 						{
 							$cols = explode(', ', $regs[2]);
 
+							preg_match_all('/\'(?:[^\']++|\'\')*+\'|[\d-.]+/', $regs[3], $vals, PREG_PATTERN_ORDER);
+
 /*						The code inside this comment block breaks clob handling, but does allow the
 						database restore script to work.  If you want to allow no posts longer than 4KB
 						and/or need the db restore script, uncomment this.
 
-							preg_match_all('/\'(?:[^\']++|\'\')*+\'|[\d-.]+/', $regs[3], $vals, PREG_PATTERN_ORDER);
 
 							if (sizeof($cols) !== sizeof($vals))
 							{

phpBB/includes/db/postgres.php

@@ -18,6 +18,11 @@ if (!defined('IN_PHPBB'))
 
 include_once($phpbb_root_path . 'includes/db/dbal.' . $phpEx);
 
+if (!class_exists('phpbb_error_collector'))
+{
+	include($phpbb_root_path . 'includes/error_collector.' . $phpEx);
+}
+
 /**
 * PostgreSQL Database Abstraction Layer
 * Minimum Requirement is Version 7.3+
@@ -26,6 +31,7 @@ include_once($phpbb_root_path . 'includes/db/dbal.' . $phpEx);
 class dbal_postgres extends dbal
 {
 	var $last_query_text = '';
+	var $connect_error = '';
 
 	/**
 	* Connect to server
@@ -81,13 +87,29 @@ class dbal_postgres extends dbal
 
 		if ($this->persistency)
 		{
+			if (!function_exists('pg_pconnect'))
+			{
+				$this->connect_error = 'pg_pconnect function does not exist, is pgsql extension installed?';
+				return $this->sql_error('');
+			}
+			$collector = new phpbb_error_collector;
+			$collector->install();
 			$this->db_connect_id = (!$new_link) ? @pg_pconnect($connect_string) : @pg_pconnect($connect_string, PGSQL_CONNECT_FORCE_NEW);
 		}
 		else
 		{
+			if (!function_exists('pg_connect'))
+			{
+				$this->connect_error = 'pg_connect function does not exist, is pgsql extension installed?';
+				return $this->sql_error('');
+			}
+			$collector = new phpbb_error_collector;
+			$collector->install();
 			$this->db_connect_id = (!$new_link) ? @pg_connect($connect_string) : @pg_connect($connect_string, PGSQL_CONNECT_FORCE_NEW);
 		}
 
+		$collector->uninstall();
+
 		if ($this->db_connect_id)
 		{
 			if (version_compare($this->sql_server_info(true), '8.2', '>='))
@@ -102,6 +124,7 @@ class dbal_postgres extends dbal
 			return $this->db_connect_id;
 		}
 
+		$this->connect_error = $collector->format_errors();
 		return $this->sql_error('');
 	}
 
@@ -371,8 +394,19 @@ class dbal_postgres extends dbal
 	*/
 	function _sql_error()
 	{
+		// pg_last_error only works when there is an established connection.
+		// Connection errors have to be tracked by us manually.
+		if ($this->db_connect_id)
+		{
+			$message = @pg_last_error($this->db_connect_id);
+		}
+		else
+		{
+			$message = $this->connect_error;
+		}
+
 		return array(
-			'message'	=> (!$this->db_connect_id) ? @pg_last_error() : @pg_last_error($this->db_connect_id),
+			'message'	=> $message,
 			'code'		=> ''
 		);
 	}

phpBB/includes/error_collector.php

@@ -0,0 +1,61 @@
+<?php
+/**
+*
+* @package phpBB
+* @version $Id$
+* @copyright (c) 2011 phpBB Group
+* @license http://opensource.org/licenses/gpl-license.php GNU Public License
+*
+*/
+
+/**
+* @ignore
+*/
+if (!defined('IN_PHPBB'))
+{
+	exit;
+}
+
+class phpbb_error_collector
+{
+	var $errors;
+
+	function phpbb_error_collector()
+	{
+		$this->errors = array();
+	}
+
+	function install()
+	{
+		set_error_handler(array(&$this, 'error_handler'));
+	}
+
+	function uninstall()
+	{
+		restore_error_handler();
+	}
+
+	function error_handler($errno, $msg_text, $errfile, $errline)
+	{
+		$this->errors[] = array($errno, $msg_text, $errfile, $errline);
+	}
+
+	function format_errors()
+	{
+		$text = '';
+		foreach ($this->errors as $error)
+		{
+			if (!empty($text))
+			{
+				$text .= "<br />\n";
+			}
+			list($errno, $msg_text, $errfile, $errline) = $error;
+			$text .= "Errno $errno: $msg_text";
+			if (defined('DEBUG_EXTRA') || defined('IN_INSTALL'))
+			{
+				$text .= " at $errfile line $errline";
+			}
+		}
+		return $text;
+	}
+}

phpBB/includes/functions.php

@@ -175,8 +175,13 @@ function set_config_count($config_name, $increment, $is_dynamic = false)
 	switch ($db->sql_layer)
 	{
 		case 'firebird':
+			// Precision must be from 1 to 18
+			$sql_update = 'CAST(CAST(config_value as DECIMAL(18, 0)) + ' . (int) $increment . ' as VARCHAR(255))';
+		break;
+
 		case 'postgres':
-			$sql_update = 'CAST(CAST(config_value as DECIMAL(255, 0)) + ' . (int) $increment . ' as VARCHAR(255))';
+			// Need to cast to text first for PostgreSQL 7.x
+			$sql_update = 'CAST(CAST(config_value::text as DECIMAL(255, 0)) + ' . (int) $increment . ' as VARCHAR(255))';
 		break;
 
 		// MySQL, SQlite, mssql, mssql_odbc, oracle
@@ -236,14 +241,30 @@ function unique_id($extra = 'c')
 
 	if ($dss_seeded !== true && ($config['rand_seed_last_update'] < time() - rand(1,10)))
 	{
-		set_config('rand_seed', $config['rand_seed'], true);
 		set_config('rand_seed_last_update', time(), true);
+		set_config('rand_seed', $config['rand_seed'], true);
 		$dss_seeded = true;
 	}
 
 	return substr($val, 4, 16);
 }
 
+/**
+* Wrapper for mt_rand() which allows swapping $min and $max parameters.
+*
+* PHP does not allow us to swap the order of the arguments for mt_rand() anymore.
+* (since PHP 5.3.4, see http://bugs.php.net/46587)
+*
+* @param int $min		Lowest value to be returned
+* @param int $max		Highest value to be returned
+*
+* @return int			Random integer between $min and $max (or $max and $min)
+*/
+function phpbb_mt_rand($min, $max)
+{
+	return ($min > $max) ? mt_rand($max, $min) : mt_rand($min, $max);
+}
+
 /**
 * Return formatted string for filesizes
 *
@@ -512,7 +533,7 @@ function _hash_crypt_private($password, $setting, &$itoa64)
 	$output = '*';
 
 	// Check for correct hash
-	if (substr($setting, 0, 3) != '$H$')
+	if (substr($setting, 0, 3) != '$H$' && substr($setting, 0, 3) != '$P$')
 	{
 		return $output;
 	}
@@ -1698,7 +1719,7 @@ function get_unread_topics($user_id = false, $sql_extra = '', $sql_sort = '', $s
 	if ($config['load_db_lastread'] && $user->data['is_registered'])
 	{
 		// Get list of the unread topics
-		$last_mark = $user->data['user_lastmark'];
+		$last_mark = (int) $user->data['user_lastmark'];
 
 		$sql_array = array(
 			'SELECT'		=> 't.topic_id, t.topic_last_post_time, tt.mark_time as topic_mark_time, ft.mark_time as forum_mark_time',
@@ -1717,10 +1738,11 @@ function get_unread_topics($user_id = false, $sql_extra = '', $sql_sort = '', $s
 			),
 
 			'WHERE'			=> "
+				 t.topic_last_post_time > $last_mark AND
 				(
 				(tt.mark_time IS NOT NULL AND t.topic_last_post_time > tt.mark_time) OR
 				(tt.mark_time IS NULL AND ft.mark_time IS NOT NULL AND t.topic_last_post_time > ft.mark_time) OR
-				(tt.mark_time IS NULL AND ft.mark_time IS NULL AND t.topic_last_post_time > $last_mark)
+				(tt.mark_time IS NULL AND ft.mark_time IS NULL)
 				)
 				$sql_extra
 				$sql_sort",
@@ -2248,7 +2270,10 @@ function append_sid($url, $params = false, $is_amp = true, $session_id = false)
 
 /**
 * Generate board url (example: http://www.example.com/phpBB)
+*
 * @param bool $without_script_path if set to true the script path gets not appended (example: http://www.example.com)
+*
+* @return string the generated board url
 */
 function generate_board_url($without_script_path = false)
 {
@@ -2353,12 +2378,12 @@ function redirect($url, $return = false, $disable_cd_check = false)
 		// Relative uri
 		$pathinfo = pathinfo($url);
 
-		if (!$disable_cd_check && !file_exists($pathinfo['dirname']))
+		if (!$disable_cd_check && !file_exists($pathinfo['dirname'] . '/'))
 		{
 			$url = str_replace('../', '', $url);
 			$pathinfo = pathinfo($url);
 
-			if (!file_exists($pathinfo['dirname']))
+			if (!file_exists($pathinfo['dirname'] . '/'))
 			{
 				// fallback to "last known user page"
 				// at least this way we know the user does not leave the phpBB root
@@ -2630,8 +2655,14 @@ function send_status_line($code, $message)
 	}
 	else
 	{
-		if (isset($_SERVER['HTTP_VERSION']))
+		if (!empty($_SERVER['SERVER_PROTOCOL']))
 		{
+			$version = $_SERVER['SERVER_PROTOCOL'];
+		}
+		else if (!empty($_SERVER['HTTP_VERSION']))
+		{
+			// I cannot remember where I got this from.
+			// This code path may never be reachable in reality.
 			$version = $_SERVER['HTTP_VERSION'];
 		}
 		else
@@ -3428,6 +3459,48 @@ function get_preg_expression($mode)
 	return '';
 }
 
+/**
+* Generate regexp for naughty words censoring
+* Depends on whether installed PHP version supports unicode properties
+*
+* @param string	$word			word template to be replaced
+* @param bool	$use_unicode	whether or not to take advantage of PCRE supporting unicode
+*
+* @return string $preg_expr		regex to use with word censor
+*/
+function get_censor_preg_expression($word, $use_unicode = true)
+{
+	static $unicode_support = null;
+
+	// Check whether PHP version supports unicode properties
+	if (is_null($unicode_support))
+	{
+		$unicode_support = ((version_compare(PHP_VERSION, '5.1.0', '>=') || (version_compare(PHP_VERSION, '5.0.0-dev', '<=') && version_compare(PHP_VERSION, '4.4.0', '>='))) && @preg_match('/\p{L}/u', 'a') !== false) ? true : false;
+	}
+
+	// Unescape the asterisk to simplify further conversions
+	$word = str_replace('\*', '*', preg_quote($word, '#'));
+
+	if ($use_unicode && $unicode_support)
+	{
+		// Replace asterisk(s) inside the pattern, at the start and at the end of it with regexes
+		$word = preg_replace(array('#(?<=[\p{Nd}\p{L}_])\*+(?=[\p{Nd}\p{L}_])#iu', '#^\*+#', '#\*+$#'), array('([\x20]*?|[\p{Nd}\p{L}_-]*?)', '[\p{Nd}\p{L}_-]*?', '[\p{Nd}\p{L}_-]*?'), $word);
+
+		// Generate the final substitution
+		$preg_expr = '#(?<![\p{Nd}\p{L}_-])(' . $word . ')(?![\p{Nd}\p{L}_-])#iu';
+	}
+	else
+	{
+		// Replace the asterisk inside the pattern, at the start and at the end of it with regexes
+		$word = preg_replace(array('#(?<=\S)\*+(?=\S)#iu', '#^\*+#', '#\*+$#'), array('(\x20*?\S*?)', '\S*?', '\S*?'), $word);
+
+		// Generate the final substitution
+		$preg_expr = '#(?<!\S)(' . $word . ')(?!\S)#iu';
+	}
+
+	return $preg_expr;
+}
+
 /**
 * Returns the first block of the specified IPv6 address and as many additional
 * ones as specified in the length paramater.
@@ -3501,7 +3574,7 @@ function phpbb_checkdnsrr($host, $type = 'MX')
 	// but until 5.3.3 it only works for MX records
 	// See: http://bugs.php.net/bug.php?id=51844
 
-	// Call checkdnsrr() if 
+	// Call checkdnsrr() if
 	// we're looking for an MX record or
 	// we're not on Windows or
 	// we're running a PHP version where #51844 has been fixed
@@ -3521,7 +3594,7 @@ function phpbb_checkdnsrr($host, $type = 'MX')
 	// dns_get_record() is available since PHP 5; since PHP 5.3 also on Windows,
 	// but on Windows it does not work reliable for AAAA records before PHP 5.3.1
 
-	// Call dns_get_record() if 
+	// Call dns_get_record() if
 	// we're not looking for an AAAA record or
 	// we're not on Windows or
 	// we're running a PHP version where AAAA lookups work reliable
@@ -3551,7 +3624,7 @@ function phpbb_checkdnsrr($host, $type = 'MX')
 		foreach ($resultset as $result)
 		{
 			if (
-				isset($result['host']) && $result['host'] == $host && 
+				isset($result['host']) && $result['host'] == $host &&
 				isset($result['type']) && $result['type'] == $type
 			)
 			{
@@ -3685,25 +3758,11 @@ function msg_handler($errno, $msg_text, $errfile, $errline)
 
 			if (strpos($errfile, 'cache') === false && strpos($errfile, 'template.') === false)
 			{
-				// flush the content, else we get a white page if output buffering is on
-				if ((int) @ini_get('output_buffering') === 1 || strtolower(@ini_get('output_buffering')) === 'on')
-				{
-					@ob_flush();
-				}
-
-				// Another quick fix for those having gzip compression enabled, but do not flush if the coder wants to catch "something". ;)
-				if (!empty($config['gzip_compress']))
-				{
-					if (@extension_loaded('zlib') && !headers_sent() && !ob_get_level())
-					{
-						@ob_flush();
-					}
-				}
-
 				// remove complete path to installation, with the risk of changing backslashes meant to be there
 				$errfile = str_replace(array(phpbb_realpath($phpbb_root_path), '\\'), array('', '/'), $errfile);
 				$msg_text = str_replace(array(phpbb_realpath($phpbb_root_path), '\\'), array('', '/'), $msg_text);
-				echo '<b>[phpBB Debug] PHP Notice</b>: in file <b>' . $errfile . '</b> on line <b>' . $errline . '</b>: <b>' . $msg_text . '</b><br />' . "\n";
+				$error_name = ($errno === E_WARNING) ? 'PHP Warning' : 'PHP Notice';
+				echo '<b>[phpBB Debug] ' . $error_name . '</b>: in file <b>' . $errfile . '</b> on line <b>' . $errline . '</b>: <b>' . $msg_text . '</b><br />' . "\n";
 
 				// we are writing an image - the user won't see the debug, so let's place it in the log
 				if (defined('IMAGE_OUTPUT') || defined('IN_CRON'))
@@ -3792,7 +3851,7 @@ function msg_handler($errno, $msg_text, $errfile, $errline)
 			echo '	</div>';
 			echo '	</div>';
 			echo '	<div id="page-footer">';
-			echo '		Powered by phpBB &copy; 2000, 2002, 2005, 2007 <a href="http://www.phpbb.com/">phpBB Group</a>';
+			echo '		Powered by <a href="http://www.phpbb.com/">phpBB</a>&reg; Forum Software &copy; phpBB Group';
 			echo '	</div>';
 			echo '</div>';
 			echo '</body>';
@@ -4208,7 +4267,7 @@ function phpbb_http_login($param)
 	if (!is_null($username) && is_null($password) && strpos($username, 'Basic ') === 0)
 	{
 		list($username, $password) = explode(':', base64_decode(substr($username, 6)), 2);
-    }
+	}
 
 	if (!is_null($username) && !is_null($password))
 	{
@@ -4258,7 +4317,21 @@ function page_header($page_title = '', $display_online_list = true, $item_id = 0
 	// gzip_compression
 	if ($config['gzip_compress'])
 	{
-		if (@extension_loaded('zlib') && !headers_sent())
+		// to avoid partially compressed output resulting in blank pages in
+		// the browser or error messages, compression is disabled in a few cases:
+		//
+		// 1) if headers have already been sent, this indicates plaintext output
+		//    has been started so further content must not be compressed
+		// 2) the length of the current output buffer is non-zero. This means
+		//    there is already some uncompressed content in this output buffer
+		//    so further output must not be compressed
+		// 3) if more than one level of output buffering is used because we
+		//    cannot test all output buffer level content lengths. One level
+		//    could be caused by php.ini output_buffering. Anything
+		//    beyond that is manual, so the code wrapping phpBB in output buffering
+		//    can easily compress the output itself.
+		//
+		if (@extension_loaded('zlib') && !headers_sent() && ob_get_level() <= 1 && ob_get_length() == 0)
 		{
 			ob_start('ob_gzhandler');
 		}
@@ -4379,6 +4452,12 @@ function page_header($page_title = '', $display_online_list = true, $item_id = 0
 		$user_lang = substr($user_lang, 0, strpos($user_lang, '-x-'));
 	}
 
+	$s_search_hidden_fields = array();
+	if ($_SID)
+	{
+		$s_search_hidden_fields['sid'] = $_SID;
+	}
+
 	// The following assigns all _common_ variables that may be used at any point in a template.
 	$template->assign_vars(array(
 		'SITENAME'						=> $config['sitename'],
@@ -4468,11 +4547,13 @@ function page_header($page_title = '', $display_online_list = true, $item_id = 0
 
 		'S_LOAD_UNREADS'			=> ($config['load_unreads_search'] && ($config['load_anon_lastread'] || $user->data['is_registered'])) ? true : false,
 
+		'S_SEARCH_HIDDEN_FIELDS'	=> build_hidden_fields($s_search_hidden_fields),
+
 		'T_THEME_PATH'			=> "{$web_path}styles/" . $user->theme['theme_path'] . '/theme',
 		'T_TEMPLATE_PATH'		=> "{$web_path}styles/" . $user->theme['template_path'] . '/template',
 		'T_SUPER_TEMPLATE_PATH'	=> (isset($user->theme['template_inherit_path']) && $user->theme['template_inherit_path']) ? "{$web_path}styles/" . $user->theme['template_inherit_path'] . '/template' : "{$web_path}styles/" . $user->theme['template_path'] . '/template',
 		'T_IMAGESET_PATH'		=> "{$web_path}styles/" . $user->theme['imageset_path'] . '/imageset',
-		'T_IMAGESET_LANG_PATH'	=> "{$web_path}styles/" . $user->theme['imageset_path'] . '/imageset/' . $user->data['user_lang'],
+		'T_IMAGESET_LANG_PATH'	=> "{$web_path}styles/" . $user->theme['imageset_path'] . '/imageset/' . $user->lang_name,
 		'T_IMAGES_PATH'			=> "{$web_path}images/",
 		'T_SMILIES_PATH'		=> "{$web_path}{$config['smilies_path']}/",
 		'T_AVATAR_PATH'			=> "{$web_path}{$config['avatar_path']}/",
@@ -4480,7 +4561,7 @@ function page_header($page_title = '', $display_online_list = true, $item_id = 0
 		'T_ICONS_PATH'			=> "{$web_path}{$config['icons_path']}/",
 		'T_RANKS_PATH'			=> "{$web_path}{$config['ranks_path']}/",
 		'T_UPLOAD_PATH'			=> "{$web_path}{$config['upload_path']}/",
-		'T_STYLESHEET_LINK'		=> (!$user->theme['theme_storedb']) ? "{$web_path}styles/" . $user->theme['theme_path'] . '/theme/stylesheet.css' : append_sid("{$phpbb_root_path}style.$phpEx", 'id=' . $user->theme['style_id'] . '&amp;lang=' . $user->data['user_lang']),
+		'T_STYLESHEET_LINK'		=> (!$user->theme['theme_storedb']) ? "{$web_path}styles/" . $user->theme['theme_path'] . '/theme/stylesheet.css' : append_sid("{$phpbb_root_path}style.$phpEx", 'id=' . $user->theme['style_id'] . '&amp;lang=' . $user->lang_name),
 		'T_STYLESHEET_NAME'		=> $user->theme['theme_name'],
 
 		'T_THEME_NAME'			=> $user->theme['theme_path'],
@@ -4558,7 +4639,7 @@ function page_footer($run_cron = true)
 
 	// Call cron-type script
 	$call_cron = false;
-	if (!defined('IN_CRON') && $run_cron && !$config['board_disable'])
+	if (!defined('IN_CRON') && $run_cron && !$config['board_disable'] && !$user->data['is_bot'])
 	{
 		$call_cron = true;
 		$time_now = (!empty($user->time_now) && is_int($user->time_now)) ? $user->time_now : time();
@@ -4662,7 +4743,7 @@ function exit_handler()
 	}
 
 	// As a pre-caution... some setups display a blank page if the flush() is not there.
-	(empty($config['gzip_compress'])) ? @flush() : @ob_flush();
+	(ob_get_level() > 0) ? @ob_flush() : @flush();
 
 	exit;
 }

phpBB/includes/functions_admin.php

@@ -2506,6 +2506,7 @@ function cache_moderators()
 
 /**
 * View log
+* If $log_count is set to false, we will skip counting all entries in the database.
 */
 function view_log($mode, &$log, &$log_count, $limit = 0, $offset = 0, $forum_id = 0, $topic_id = 0, $user_id = 0, $limit_days = 0, $sort_by = 'l.log_time DESC', $keywords = '')
 {
@@ -2761,16 +2762,19 @@ function view_log($mode, &$log, &$log_count, $limit = 0, $offset = 0, $forum_id
 		}
 	}
 
-	$sql = 'SELECT COUNT(l.log_id) AS total_entries
-		FROM ' . LOG_TABLE . ' l, ' . USERS_TABLE . " u
-		WHERE l.log_type = $log_type
-			AND l.user_id = u.user_id
-			AND l.log_time >= $limit_days
-			$sql_keywords
-			$sql_forum";
-	$result = $db->sql_query($sql);
-	$log_count = (int) $db->sql_fetchfield('total_entries');
-	$db->sql_freeresult($result);
+	if ($log_count !== false)
+	{
+		$sql = 'SELECT COUNT(l.log_id) AS total_entries
+			FROM ' . LOG_TABLE . ' l, ' . USERS_TABLE . " u
+			WHERE l.log_type = $log_type
+				AND l.user_id = u.user_id
+				AND l.log_time >= $limit_days
+				$sql_keywords
+				$sql_forum";
+		$result = $db->sql_query($sql);
+		$log_count = (int) $db->sql_fetchfield('total_entries');
+		$db->sql_freeresult($result);
+	}
 
 	return;
 }

phpBB/includes/functions_convert.php

@@ -1816,6 +1816,7 @@ function add_bots()
 		'Alta Vista [Bot]'			=> array('Scooter/', ''),
 		'Ask Jeeves [Bot]'			=> array('Ask Jeeves', ''),
 		'Baidu [Spider]'			=> array('Baiduspider+(', ''),
+		'Bing [Bot]'				=> array('bingbot/', ''),
 		'Exabot [Bot]'				=> array('Exabot/', ''),
 		'FAST Enterprise [Crawler]'	=> array('FAST Enterprise Crawler', ''),
 		'FAST WebCrawler [Crawler]'	=> array('FAST-WebCrawler/', ''),

phpBB/includes/functions_display.php

@@ -456,7 +456,7 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod
 			'S_LOCKED_FORUM'	=> ($row['forum_status'] == ITEM_LOCKED) ? true : false,
 			'S_LIST_SUBFORUMS'	=> ($row['display_subforum_list']) ? true : false,
 			'S_SUBFORUMS'		=> (sizeof($subforums_list)) ? true : false,
-			'S_FEED_ENABLED'	=> ($config['feed_forum'] && !phpbb_optionget(FORUM_OPTION_FEED_EXCLUDE, $row['forum_options'])) ? true : false,
+			'S_FEED_ENABLED'	=> ($config['feed_forum'] && !phpbb_optionget(FORUM_OPTION_FEED_EXCLUDE, $row['forum_options']) && $row['forum_type'] == FORUM_POST) ? true : false,
 
 			'FORUM_ID'				=> $row['forum_id'],
 			'FORUM_NAME'			=> $row['forum_name'],
@@ -477,7 +477,6 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod
 			'SUBFORUMS'				=> $s_subforums_list,
 
 			'L_SUBFORUM_STR'		=> $l_subforums,
-			'L_FORUM_FOLDER_ALT'	=> $folder_alt,
 			'L_MODERATOR_STR'		=> $l_moderator,
 
 			'U_UNAPPROVED_TOPICS'	=> ($row['forum_id_unapproved_topics']) ? append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=queue&mode=unapproved_topics&f=' . $row['forum_id_unapproved_topics']) : '',

phpBB/includes/functions_posting.php

@@ -388,7 +388,7 @@ function upload_attachment($form_name, $forum_id, $local = false, $local_storage
 	include_once($phpbb_root_path . 'includes/functions_upload.' . $phpEx);
 	$upload = new fileupload();
 
-	if ($config['check_attachment_content'])
+	if ($config['check_attachment_content'] && isset($config['mime_triggers']))
 	{
 		$upload->set_disallowed_content(explode('|', $config['mime_triggers']));
 	}
@@ -1479,7 +1479,7 @@ function delete_post($forum_id, $topic_id, $post_id, &$data)
 		break;
 
 		case 'delete_first_post':
-			$sql = 'SELECT p.post_id, p.poster_id, p.post_username, u.username, u.user_colour
+			$sql = 'SELECT p.post_id, p.poster_id, p.post_time, p.post_username, u.username, u.user_colour
 				FROM ' . POSTS_TABLE . ' p, ' . USERS_TABLE . " u
 				WHERE p.topic_id = $topic_id
 					AND p.poster_id = u.user_id
@@ -1493,7 +1493,7 @@ function delete_post($forum_id, $topic_id, $post_id, &$data)
 				$sql_data[FORUMS_TABLE] = ($data['post_approved']) ? 'forum_posts = forum_posts - 1' : '';
 			}
 
-			$sql_data[TOPICS_TABLE] = 'topic_poster = ' . intval($row['poster_id']) . ', topic_first_post_id = ' . intval($row['post_id']) . ", topic_first_poster_colour = '" . $db->sql_escape($row['user_colour']) . "', topic_first_poster_name = '" . (($row['poster_id'] == ANONYMOUS) ? $db->sql_escape($row['post_username']) : $db->sql_escape($row['username'])) . "'";
+			$sql_data[TOPICS_TABLE] = 'topic_poster = ' . intval($row['poster_id']) . ', topic_first_post_id = ' . intval($row['post_id']) . ", topic_first_poster_colour = '" . $db->sql_escape($row['user_colour']) . "', topic_first_poster_name = '" . (($row['poster_id'] == ANONYMOUS) ? $db->sql_escape($row['post_username']) : $db->sql_escape($row['username'])) . "', topic_time = " . (int) $row['post_time'];
 
 			// Decrementing topic_replies here is fine because this case only happens if there is more than one post within the topic - basically removing one "reply"
 			$sql_data[TOPICS_TABLE] .= ', topic_replies_real = topic_replies_real - 1' . (($data['post_approved']) ? ', topic_replies = topic_replies - 1' : '');
@@ -2611,4 +2611,106 @@ function submit_post($mode, $subject, $username, $topic_type, &$poll, &$data, $u
 	return $url;
 }
 
+/**
+* Handle topic bumping
+* @param int $forum_id The ID of the forum the topic is being bumped belongs to
+* @param int $topic_id The ID of the topic is being bumping
+* @param array $post_data Passes some topic parameters:
+*				- 'topic_title'
+*				- 'topic_last_post_id'
+*				- 'topic_last_poster_id'
+*				- 'topic_last_post_subject'
+*				- 'topic_last_poster_name'
+*				- 'topic_last_poster_colour'
+* @param int $bump_time The time at which topic was bumped, usually it is a current time as obtained via time(). 
+* @return string An URL to the bumped topic, example: ./viewtopic.php?forum_id=1&amptopic_id=2&ampp=3#p3
+*/
+function phpbb_bump_topic($forum_id, $topic_id, $post_data, $bump_time = false)
+{
+	global $config, $db, $user, $phpEx, $phpbb_root_path;
+
+	if ($bump_time === false)
+	{
+		$bump_time = time();
+	}
+
+	// Begin bumping
+	$db->sql_transaction('begin');
+
+	// Update the topic's last post post_time
+	$sql = 'UPDATE ' . POSTS_TABLE . "
+		SET post_time = $bump_time
+		WHERE post_id = {$post_data['topic_last_post_id']}
+			AND topic_id = $topic_id";
+	$db->sql_query($sql);
+
+	// Sync the topic's last post time, the rest of the topic's last post data isn't changed
+	$sql = 'UPDATE ' . TOPICS_TABLE . "
+		SET topic_last_post_time = $bump_time,
+			topic_bumped = 1,
+			topic_bumper = " . $user->data['user_id'] . "
+		WHERE topic_id = $topic_id";
+	$db->sql_query($sql);
+
+	// Update the forum's last post info
+	$sql = 'UPDATE ' . FORUMS_TABLE . "
+		SET forum_last_post_id = " . $post_data['topic_last_post_id'] . ",
+			forum_last_poster_id = " . $post_data['topic_last_poster_id'] . ",
+			forum_last_post_subject = '" . $db->sql_escape($post_data['topic_last_post_subject']) . "',
+			forum_last_post_time = $bump_time,
+			forum_last_poster_name = '" . $db->sql_escape($post_data['topic_last_poster_name']) . "',
+			forum_last_poster_colour = '" . $db->sql_escape($post_data['topic_last_poster_colour']) . "'
+		WHERE forum_id = $forum_id";
+	$db->sql_query($sql);
+
+	// Update bumper's time of the last posting to prevent flood
+	$sql = 'UPDATE ' . USERS_TABLE . "
+		SET user_lastpost_time = $bump_time
+		WHERE user_id = " . $user->data['user_id'];
+	$db->sql_query($sql);
+
+	$db->sql_transaction('commit');
+
+	// Mark this topic as posted to
+	markread('post', $forum_id, $topic_id, $bump_time);
+
+	// Mark this topic as read
+	markread('topic', $forum_id, $topic_id, $bump_time);
+
+	// Update forum tracking info
+	if ($config['load_db_lastread'] && $user->data['is_registered'])
+	{
+		$sql = 'SELECT mark_time
+			FROM ' . FORUMS_TRACK_TABLE . '
+			WHERE user_id = ' . $user->data['user_id'] . '
+				AND forum_id = ' . $forum_id;
+		$result = $db->sql_query($sql);
+		$f_mark_time = (int) $db->sql_fetchfield('mark_time');
+		$db->sql_freeresult($result);
+	}
+	else if ($config['load_anon_lastread'] || $user->data['is_registered'])
+	{
+		$f_mark_time = false;
+	}
+
+	if (($config['load_db_lastread'] && $user->data['is_registered']) || $config['load_anon_lastread'] || $user->data['is_registered'])
+	{
+		// Update forum info
+		$sql = 'SELECT forum_last_post_time
+			FROM ' . FORUMS_TABLE . '
+			WHERE forum_id = ' . $forum_id;
+		$result = $db->sql_query($sql);
+		$forum_last_post_time = (int) $db->sql_fetchfield('forum_last_post_time');
+		$db->sql_freeresult($result);
+
+		update_forum_tracking_info($forum_id, $forum_last_post_time, $f_mark_time, false);
+	}
+
+	add_log('mod', $forum_id, $topic_id, 'LOG_BUMP_TOPIC', $post_data['topic_title']);
+
+	$url = append_sid("{$phpbb_root_path}viewtopic.$phpEx", "f=$forum_id&t=$topic_id&p={$post_data['topic_last_post_id']}") . "#p{$post_data['topic_last_post_id']}";
+
+	return $url;
+}
+
 ?>

phpBB/includes/functions_profile_fields.php

@@ -149,7 +149,18 @@ class custom_profile
 
 			case FIELD_DROPDOWN:
 				$field_value = (int) $field_value;
-			
+
+				// retrieve option lang data if necessary
+				if (!isset($this->options_lang[$field_data['field_id']]) || !isset($this->options_lang[$field_data['field_id']][$field_data['lang_id']]) || !sizeof($this->options_lang[$file_data['field_id']][$field_data['lang_id']]))
+				{
+					$this->get_option_lang($field_data['field_id'], $field_data['lang_id'], FIELD_DROPDOWN, false);
+				}
+
+				if (!isset($this->options_lang[$field_data['field_id']][$field_data['lang_id']][$field_value]))
+				{
+					return 'FIELD_INVALID_VALUE';
+				}
+
 				if ($field_value == $field_data['field_novalue'] && $field_data['field_required'])
 				{
 					return 'FIELD_REQUIRED';
@@ -302,6 +313,7 @@ class custom_profile
 				switch ($cp_result)
 				{
 					case 'FIELD_INVALID_DATE':
+					case 'FIELD_INVALID_VALUE':
 					case 'FIELD_REQUIRED':
 						$error = sprintf($user->lang[$cp_result], $row['lang_name']);
 					break;

phpBB/includes/functions_template.php

@@ -322,7 +322,7 @@ class template_compile
 		// Is the designer wanting to call another loop in a loop?
 		if (strpos($tag_args, '!') === 0)
 		{
-			// Count the number if ! occurrences (not allowed in vars)
+			// Count the number of ! occurrences (not allowed in vars)
 			$no_nesting = substr_count($tag_args, '!');
 			$tag_args = substr($tag_args, $no_nesting);
 		}

phpBB/includes/functions_upload.php

@@ -458,7 +458,7 @@ class fileerror extends filespec
 class fileupload
 {
 	var $allowed_extensions = array();
-	var $disallowed_content = array();
+	var $disallowed_content = array('body', 'head', 'html', 'img', 'plaintext', 'a href', 'pre', 'script', 'table', 'title'); 
 	var $max_filesize = 0;
 	var $min_width = 0;
 	var $min_height = 0;
@@ -539,7 +539,7 @@ class fileupload
 	{
 		if ($disallowed_content !== false && is_array($disallowed_content))
 		{
-			$this->disallowed_content = $disallowed_content;
+			$this->disallowed_content = array_diff($disallowed_content, array(''));
 		}
 	}
 

phpBB/includes/functions_user.php

@@ -482,44 +482,6 @@ function user_delete($mode, $user_id, $post_username = false)
 				include($phpbb_root_path . 'includes/functions_admin.' . $phpEx);
 			}
 
-			$sql = 'SELECT topic_id, COUNT(post_id) AS total_posts
-				FROM ' . POSTS_TABLE . "
-				WHERE poster_id = $user_id
-				GROUP BY topic_id";
-			$result = $db->sql_query($sql);
-
-			$topic_id_ary = array();
-			while ($row = $db->sql_fetchrow($result))
-			{
-				$topic_id_ary[$row['topic_id']] = $row['total_posts'];
-			}
-			$db->sql_freeresult($result);
-
-			if (sizeof($topic_id_ary))
-			{
-				$sql = 'SELECT topic_id, topic_replies, topic_replies_real
-					FROM ' . TOPICS_TABLE . '
-					WHERE ' . $db->sql_in_set('topic_id', array_keys($topic_id_ary));
-				$result = $db->sql_query($sql);
-
-				$del_topic_ary = array();
-				while ($row = $db->sql_fetchrow($result))
-				{
-					if (max($row['topic_replies'], $row['topic_replies_real']) + 1 == $topic_id_ary[$row['topic_id']])
-					{
-						$del_topic_ary[] = $row['topic_id'];
-					}
-				}
-				$db->sql_freeresult($result);
-
-				if (sizeof($del_topic_ary))
-				{
-					$sql = 'DELETE FROM ' . TOPICS_TABLE . '
-						WHERE ' . $db->sql_in_set('topic_id', $del_topic_ary);
-					$db->sql_query($sql);
-				}
-			}
-
 			// Delete posts, attachments, etc.
 			delete_posts('poster_id', $user_id);
 
@@ -771,7 +733,7 @@ function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reas
 			}
 			else
 			{
-				trigger_error('LENGTH_BAN_INVALID');
+				trigger_error('LENGTH_BAN_INVALID', E_USER_WARNING);
 			}
 		}
 	}
@@ -831,7 +793,7 @@ function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reas
 			// Make sure we have been given someone to ban
 			if (!sizeof($sql_usernames))
 			{
-				trigger_error('NO_USER_SPECIFIED');
+				trigger_error('NO_USER_SPECIFIED', E_USER_WARNING);
 			}
 
 			$sql = 'SELECT user_id
@@ -862,7 +824,7 @@ function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reas
 			else
 			{
 				$db->sql_freeresult($result);
-				trigger_error('NO_USERS');
+				trigger_error('NO_USERS', E_USER_WARNING);
 			}
 			$db->sql_freeresult($result);
 		break;
@@ -964,7 +926,7 @@ function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reas
 
 				if (empty($banlist_ary))
 				{
-					trigger_error('NO_IPS_DEFINED');
+					trigger_error('NO_IPS_DEFINED', E_USER_WARNING);
 				}
 			}
 		break;
@@ -992,12 +954,12 @@ function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reas
 
 			if (sizeof($ban_list) == 0)
 			{
-				trigger_error('NO_EMAILS_DEFINED');
+				trigger_error('NO_EMAILS_DEFINED', E_USER_WARNING);
 			}
 		break;
 
 		default:
-			trigger_error('NO_MODE');
+			trigger_error('NO_MODE', E_USER_WARNING);
 		break;
 	}
 
@@ -1459,6 +1421,31 @@ function validate_match($string, $optional = false, $match = '')
 	return false;
 }
 
+/**
+* Validate Language Pack ISO Name
+*
+* Tests whether a language name is valid and installed
+*
+* @param string $lang_iso	The language string to test
+*
+* @return bool|string		Either false if validation succeeded or
+*							a string which will be used as the error message
+*							(with the variable name appended)
+*/
+function validate_language_iso_name($lang_iso)
+{
+	global $db;
+
+	$sql = 'SELECT lang_id
+		FROM ' . LANG_TABLE . "
+		WHERE lang_iso = '" . $db->sql_escape($lang_iso) . "'";
+	$result = $db->sql_query($sql);
+	$lang_id = (int) $db->sql_fetchfield('lang_id');
+	$db->sql_freeresult($result);
+
+	return ($lang_id) ? false : 'WRONG_DATA';
+}
+
 /**
 * Check to see if the username has been taken, or if it is disallowed.
 * Also checks if it includes the " character, which we don't allow in usernames.
@@ -1618,8 +1605,9 @@ function validate_password($password)
 {
 	global $config, $db, $user;
 
-	if (!$password)
+	if ($password === '' || $config['pass_complex'] === 'PASS_TYPE_ANY')
 	{
+		// Password empty or no password complexity required.
 		return false;
 	}
 
@@ -1630,7 +1618,6 @@ function validate_password($password)
 	{
 		$upp = '\p{Lu}';
 		$low = '\p{Ll}';
-		$let = '\p{L}';
 		$num = '\p{N}';
 		$sym = '[^\p{Lu}\p{Ll}\p{N}]';
 		$pcre = true;
@@ -1640,7 +1627,6 @@ function validate_password($password)
 		mb_regex_encoding('UTF-8');
 		$upp = '[[:upper:]]';
 		$low = '[[:lower:]]';
-		$let = '[[:lower:][:upper:]]';
 		$num = '[[:digit:]]';
 		$sym = '[^[:upper:][:lower:][:digit:]]';
 		$mbstring = true;
@@ -1649,7 +1635,6 @@ function validate_password($password)
 	{
 		$upp = '[A-Z]';
 		$low = '[a-z]';
-		$let = '[a-zA-Z]';
 		$num = '[0-9]';
 		$sym = '[^A-Za-z0-9]';
 		$pcre = true;
@@ -1659,22 +1644,22 @@ function validate_password($password)
 
 	switch ($config['pass_complex'])
 	{
+		// No break statements below ...
+		// We require strong passwords in case pass_complex is not set or is invalid
+		default:
+
+		// Require mixed case letters, numbers and symbols
+		case 'PASS_TYPE_SYMBOL':
+			$chars[] = $sym;
+
+		// Require mixed case letters and numbers
+		case 'PASS_TYPE_ALPHA':
+			$chars[] = $num;
+
+		// Require mixed case letters
 		case 'PASS_TYPE_CASE':
 			$chars[] = $low;
 			$chars[] = $upp;
-		break;
-
-		case 'PASS_TYPE_ALPHA':
-			$chars[] = $let;
-			$chars[] = $num;
-		break;
-
-		case 'PASS_TYPE_SYMBOL':
-			$chars[] = $low;
-			$chars[] = $upp;
-			$chars[] = $num;
-			$chars[] = $sym;
-		break;
 	}
 
 	if ($pcre)
@@ -2080,7 +2065,7 @@ function avatar_upload($data, &$error)
 
 	// Init upload class
 	include_once($phpbb_root_path . 'includes/functions_upload.' . $phpEx);
-	$upload = new fileupload('AVATAR_', array('jpg', 'jpeg', 'gif', 'png'), $config['avatar_filesize'], $config['avatar_min_width'], $config['avatar_min_height'], $config['avatar_max_width'], $config['avatar_max_height'], explode('|', $config['mime_triggers']));
+	$upload = new fileupload('AVATAR_', array('jpg', 'jpeg', 'gif', 'png'), $config['avatar_filesize'], $config['avatar_min_width'], $config['avatar_min_height'], $config['avatar_max_width'], $config['avatar_max_height'], (isset($config['mime_triggers']) ? explode('|', $config['mime_triggers']) : false));
 
 	if (!empty($_FILES['uploadfile']['name']))
 	{

phpBB/includes/mcp/mcp_front.php

@@ -350,7 +350,7 @@ function mcp_front_view($id, $mode, $action)
 			// Add forum_id 0 for global announcements
 			$forum_list[] = 0;
 
-			$log_count = 0;
+			$log_count = false;
 			$log = array();
 			view_log('mod', $log, $log_count, 5, 0, $forum_list);
 

phpBB/includes/mcp/mcp_main.php

@@ -1048,37 +1048,38 @@ function mcp_fork_topic($topic_ids)
 		$total_posts = 0;
 		$new_topic_id_list = array();
 
-		if ($topic_data['enable_indexing'])
-		{
-			// Select the search method and do some additional checks to ensure it can actually be utilised
-			$search_type = basename($config['search_type']);
-
-			if (!file_exists($phpbb_root_path . 'includes/search/' . $search_type . '.' . $phpEx))
-			{
-				trigger_error('NO_SUCH_SEARCH_MODULE');
-			}
-
-			if (!class_exists($search_type))
-			{
-				include("{$phpbb_root_path}includes/search/$search_type.$phpEx");
-			}
-
-			$error = false;
-			$search = new $search_type($error);
-			$search_mode = 'post';
-
-			if ($error)
-			{
-				trigger_error($error);
-			}
-		}
-		else
-		{
-			$search_type = false;
-		}
 
 		foreach ($topic_data as $topic_id => $topic_row)
 		{
+			if (!isset($search_type) && $topic_row['enable_indexing'])
+			{
+				// Select the search method and do some additional checks to ensure it can actually be utilised
+				$search_type = basename($config['search_type']);
+
+				if (!file_exists($phpbb_root_path . 'includes/search/' . $search_type . '.' . $phpEx))
+				{
+					trigger_error('NO_SUCH_SEARCH_MODULE');
+				}
+
+				if (!class_exists($search_type))
+				{
+					include("{$phpbb_root_path}includes/search/$search_type.$phpEx");
+				}
+
+				$error = false;
+				$search = new $search_type($error);
+				$search_mode = 'post';
+
+				if ($error)
+				{
+					trigger_error($error);
+				}
+			}
+			else if (!isset($search_type) && !$topic_row['enable_indexing'])
+			{
+				$search_type = false;
+			}
+
 			$sql_ary = array(
 				'forum_id'					=> (int) $to_forum_id,
 				'icon_id'					=> (int) $topic_row['icon_id'],
@@ -1187,9 +1188,9 @@ function mcp_fork_topic($topic_ids)
 				// Copy whether the topic is dotted
 				markread('post', $to_forum_id, $new_topic_id, 0, $row['poster_id']);
 
-				if ($search_type)
+				if (!empty($search_type))
 				{
-					$search->index($search_mode, $sql_ary['post_id'], $sql_ary['post_text'], $sql_ary['post_subject'], $sql_ary['poster_id'], ($topic_row['topic_type'] == POST_GLOBAL) ? 0 : $to_forum_id);
+					$search->index($search_mode, $new_post_id, $sql_ary['post_text'], $sql_ary['post_subject'], $sql_ary['poster_id'], ($topic_row['topic_type'] == POST_GLOBAL) ? 0 : $to_forum_id);
 					$search_mode = 'reply'; // After one we index replies
 				}
 

phpBB/includes/mcp/mcp_post.php

@@ -227,10 +227,10 @@ function mcp_post_details($id, $mode, $action)
 
 	// Get User Notes
 	$log_data = array();
-	$log_count = 0;
+	$log_count = false;
 	view_log('user', $log_data, $log_count, $config['posts_per_page'], 0, 0, 0, $post_info['user_id']);
 
-	if ($log_count)
+	if (!empty($log_data))
 	{
 		$template->assign_var('S_USER_NOTES', true);
 

phpBB/includes/message_parser.php

@@ -102,27 +102,29 @@ class bbcode_firstpass extends bbcode
 	/**
 	* Init bbcode data for later parsing
 	*/
-	function bbcode_init()
+	function bbcode_init($allow_custom_bbcode = true)
 	{
 		static $rowset;
 
 		// This array holds all bbcode data. BBCodes will be processed in this
 		// order, so it is important to keep [code] in first position and
 		// [quote] in second position.
+		// To parse multiline URL we enable dotall option setting only for URL text
+		// but not for link itself, thus [url][/url] is not affected.
 		$this->bbcodes = array(
-			'code'			=> array('bbcode_id' => 8,	'regexp' => array('#\[code(?:=([a-z]+))?\](.+\[/code\])#ise' => "\$this->bbcode_code('\$1', '\$2')")),
-			'quote'			=> array('bbcode_id' => 0,	'regexp' => array('#\[quote(?:="(.*?)")?\](.+)\[/quote\]#ise' => "\$this->bbcode_quote('\$0')")),
-			'attachment'	=> array('bbcode_id' => 12,	'regexp' => array('#\[attachment=([0-9]+)\](.*?)\[/attachment\]#ise' => "\$this->bbcode_attachment('\$1', '\$2')")),
-			'b'				=> array('bbcode_id' => 1,	'regexp' => array('#\[b\](.*?)\[/b\]#ise' => "\$this->bbcode_strong('\$1')")),
-			'i'				=> array('bbcode_id' => 2,	'regexp' => array('#\[i\](.*?)\[/i\]#ise' => "\$this->bbcode_italic('\$1')")),
-			'url'			=> array('bbcode_id' => 3,	'regexp' => array('#\[url(=(.*))?\](.*)\[/url\]#iUe' => "\$this->validate_url('\$2', '\$3')")),
-			'img'			=> array('bbcode_id' => 4,	'regexp' => array('#\[img\](.*)\[/img\]#iUe' => "\$this->bbcode_img('\$1')")),
-			'size'			=> array('bbcode_id' => 5,	'regexp' => array('#\[size=([\-\+]?\d+)\](.*?)\[/size\]#ise' => "\$this->bbcode_size('\$1', '\$2')")),
-			'color'			=> array('bbcode_id' => 6,	'regexp' => array('!\[color=(#[0-9a-f]{3}|#[0-9a-f]{6}|[a-z\-]+)\](.*?)\[/color\]!ise' => "\$this->bbcode_color('\$1', '\$2')")),
-			'u'				=> array('bbcode_id' => 7,	'regexp' => array('#\[u\](.*?)\[/u\]#ise' => "\$this->bbcode_underline('\$1')")),
-			'list'			=> array('bbcode_id' => 9,	'regexp' => array('#\[list(?:=(?:[a-z0-9]|disc|circle|square))?].*\[/list]#ise' => "\$this->bbcode_parse_list('\$0')")),
-			'email'			=> array('bbcode_id' => 10,	'regexp' => array('#\[email=?(.*?)?\](.*?)\[/email\]#ise' => "\$this->validate_email('\$1', '\$2')")),
-			'flash'			=> array('bbcode_id' => 11,	'regexp' => array('#\[flash=([0-9]+),([0-9]+)\](.*?)\[/flash\]#ie' => "\$this->bbcode_flash('\$1', '\$2', '\$3')"))
+			'code'			=> array('bbcode_id' => 8,	'regexp' => array('#\[code(?:=([a-z]+))?\](.+\[/code\])#uise' => "\$this->bbcode_code('\$1', '\$2')")),
+			'quote'			=> array('bbcode_id' => 0,	'regexp' => array('#\[quote(?:="(.*?)")?\](.+)\[/quote\]#uise' => "\$this->bbcode_quote('\$0')")),
+			'attachment'	=> array('bbcode_id' => 12,	'regexp' => array('#\[attachment=([0-9]+)\](.*?)\[/attachment\]#uise' => "\$this->bbcode_attachment('\$1', '\$2')")),
+			'b'				=> array('bbcode_id' => 1,	'regexp' => array('#\[b\](.*?)\[/b\]#uise' => "\$this->bbcode_strong('\$1')")),
+			'i'				=> array('bbcode_id' => 2,	'regexp' => array('#\[i\](.*?)\[/i\]#uise' => "\$this->bbcode_italic('\$1')")),
+			'url'			=> array('bbcode_id' => 3,	'regexp' => array('#\[url(=(.*))?\](?(1)((?s).*(?-s))|(.*))\[/url\]#uiUe' => "\$this->validate_url('\$2', ('\$3') ? '\$3' : '\$4')")),
+			'img'			=> array('bbcode_id' => 4,	'regexp' => array('#\[img\](.*)\[/img\]#uiUe' => "\$this->bbcode_img('\$1')")),
+			'size'			=> array('bbcode_id' => 5,	'regexp' => array('#\[size=([\-\+]?\d+)\](.*?)\[/size\]#uise' => "\$this->bbcode_size('\$1', '\$2')")),
+			'color'			=> array('bbcode_id' => 6,	'regexp' => array('!\[color=(#[0-9a-f]{3}|#[0-9a-f]{6}|[a-z\-]+)\](.*?)\[/color\]!uise' => "\$this->bbcode_color('\$1', '\$2')")),
+			'u'				=> array('bbcode_id' => 7,	'regexp' => array('#\[u\](.*?)\[/u\]#uise' => "\$this->bbcode_underline('\$1')")),
+			'list'			=> array('bbcode_id' => 9,	'regexp' => array('#\[list(?:=(?:[a-z0-9]|disc|circle|square))?].*\[/list]#uise' => "\$this->bbcode_parse_list('\$0')")),
+			'email'			=> array('bbcode_id' => 10,	'regexp' => array('#\[email=?(.*?)?\](.*?)\[/email\]#uise' => "\$this->validate_email('\$1', '\$2')")),
+			'flash'			=> array('bbcode_id' => 11,	'regexp' => array('#\[flash=([0-9]+),([0-9]+)\](.*?)\[/flash\]#uie' => "\$this->bbcode_flash('\$1', '\$2', '\$3')"))
 		);
 
 		// Zero the parsed items array
@@ -133,6 +135,11 @@ class bbcode_firstpass extends bbcode
 			$this->parsed_items[$tag] = 0;
 		}
 
+		if (!$allow_custom_bbcode)
+		{
+			return;
+		}
+
 		if (!is_array($rowset))
 		{
 			global $db;
@@ -1332,7 +1339,9 @@ class parse_message extends bbcode_firstpass
 		{
 			if ($max_smilies)
 			{
-				$num_matches = preg_match_all('#(?<=^|[\n .])(?:' . implode('|', $match) . ')(?![^<>]*>)#', $this->message, $matches);
+				// 'u' modifier has been added to correctly parse smilies within unicode strings
+				// For details: http://tracker.phpbb.com/browse/PHPBB3-10117
+				$num_matches = preg_match_all('#(?<=^|[\n .])(?:' . implode('|', $match) . ')(?![^<>]*>)#u', $this->message, $matches);
 				unset($matches);
 
 				if ($num_matches !== false && $num_matches > $max_smilies)
@@ -1343,7 +1352,10 @@ class parse_message extends bbcode_firstpass
 			}
 
 			// Make sure the delimiter # is added in front and at the end of every element within $match
-			$this->message = trim(preg_replace(explode(chr(0), '#(?<=^|[\n .])' . implode('(?![^<>]*>)#' . chr(0) . '#(?<=^|[\n .])', $match) . '(?![^<>]*>)#'), $replace, $this->message));
+			// 'u' modifier has been added to correctly parse smilies within unicode strings
+			// For details: http://tracker.phpbb.com/browse/PHPBB3-10117
+
+			$this->message = trim(preg_replace(explode(chr(0), '#(?<=^|[\n .])' . implode('(?![^<>]*>)#u' . chr(0) . '#(?<=^|[\n .])', $match) . '(?![^<>]*>)#u'), $replace, $this->message));
 		}
 	}
 

phpBB/includes/session.php

@@ -221,7 +221,7 @@ class session
 		// if the forwarded for header shall be checked we have to validate its contents
 		if ($config['forwarded_for_check'])
 		{
-			$this->forwarded_for = preg_replace('#[ ]{2,}#', ' ', str_replace(array(',', ' '), ' ', $this->forwarded_for));
+			$this->forwarded_for = preg_replace('# {2,}#', ' ', str_replace(',', ' ', $this->forwarded_for));
 
 			// split the list of IPs
 			$ips = explode(' ', $this->forwarded_for);
@@ -267,37 +267,42 @@ class session
 
 		// Why no forwarded_for et al? Well, too easily spoofed. With the results of my recent requests
 		// it's pretty clear that in the majority of cases you'll at least be left with a proxy/cache ip.
-		$this->ip = (!empty($_SERVER['REMOTE_ADDR'])) ? htmlspecialchars((string) $_SERVER['REMOTE_ADDR']) : '';
-		$this->ip = preg_replace('#[ ]{2,}#', ' ', str_replace(array(',', ' '), ' ', $this->ip));
+		$this->ip = (!empty($_SERVER['REMOTE_ADDR'])) ? (string) $_SERVER['REMOTE_ADDR'] : '';
+		$this->ip = preg_replace('# {2,}#', ' ', str_replace(',', ' ', $this->ip));
 
 		// split the list of IPs
-		$ips = explode(' ', $this->ip);
+		$ips = explode(' ', trim($this->ip));
 
 		// Default IP if REMOTE_ADDR is invalid
 		$this->ip = '127.0.0.1';
 
 		foreach ($ips as $ip)
 		{
-			// check IPv4 first, the IPv6 is hopefully only going to be used very seldomly
-			if (!empty($ip) && !preg_match(get_preg_expression('ipv4'), $ip) && !preg_match(get_preg_expression('ipv6'), $ip))
+			if (preg_match(get_preg_expression('ipv4'), $ip))
 			{
-				// Just break
+				$this->ip = $ip;
+			}
+			else if (preg_match(get_preg_expression('ipv6'), $ip))
+			{
+				// Quick check for IPv4-mapped address in IPv6
+				if (stripos($ip, '::ffff:') === 0)
+				{
+					$ipv4 = substr($ip, 7);
+
+					if (preg_match(get_preg_expression('ipv4'), $ipv4))
+					{
+						$ip = $ipv4;
+					}
+				}
+
+				$this->ip = $ip;
+			}
+			else
+			{
+				// We want to use the last valid address in the chain
+				// Leave foreach loop when address is invalid
 				break;
 			}
-
-			// Quick check for IPv4-mapped address in IPv6
-			if (stripos($ip, '::ffff:') === 0)
-			{
-				$ipv4 = substr($ip, 7);
-
-				if (preg_match(get_preg_expression('ipv4'), $ipv4))
-				{
-					$ip = $ipv4;
-				}
-			}
-
-			// Use the last in chain
-			$this->ip = $ip;
 		}
 
 		$this->load = false;
@@ -583,6 +588,14 @@ class session
 			$bot = false;
 		}
 
+		// Bot user, if they have a SID in the Request URI we need to get rid of it
+		// otherwise they'll index this page with the SID, duplicate content oh my!
+		if ($bot && isset($_GET['sid']))
+		{
+			send_status_line(301, 'Moved Permanently');
+			redirect(build_url(array('sid')));
+		}
+
 		// If no data was returned one or more of the following occurred:
 		// Key didn't match one in the DB
 		// User does not exist
@@ -619,12 +632,6 @@ class session
 		}
 		else
 		{
-			// Bot user, if they have a SID in the Request URI we need to get rid of it
-			// otherwise they'll index this page with the SID, duplicate content oh my!
-			if (isset($_GET['sid']))
-			{
-				redirect(build_url(array('sid')));
-			}
 			$this->data['session_last_visit'] = $this->time_now;
 		}
 
@@ -999,6 +1006,10 @@ class session
 				include($phpbb_root_path . "includes/captcha/captcha_factory." . $phpEx);
 			}
 			phpbb_captcha_factory::garbage_collect($config['captcha_plugin']);
+
+			$sql = 'DELETE FROM ' . LOGIN_ATTEMPT_TABLE . '
+				WHERE attempt_time < ' . (time() - (int) $config['ip_login_limit_time']);
+			$db->sql_query($sql);
 		}
 
 		return;
@@ -1237,6 +1248,12 @@ class session
 			$ip = $this->ip;
 		}
 
+		// Neither Spamhaus nor Spamcop supports IPv6 addresses.
+		if (strpos($ip, ':') !== false)
+		{
+			return false;
+		}
+
 		$dnsbl_check = array(
 			'sbl.spamhaus.org'	=> 'http://www.spamhaus.org/query/bl?ip=',
 		);
@@ -1966,6 +1983,7 @@ class user extends session
 
 					$key_found = $num;
 				}
+				break;
 			}
 		}
 
@@ -2254,9 +2272,44 @@ class user extends session
 			// Use URL if told so
 			$root_path = (defined('PHPBB_USE_BOARD_URL_PATH') && PHPBB_USE_BOARD_URL_PATH) ? generate_board_url() . '/' : $phpbb_root_path;
 
-			$img_data['src'] = $root_path . 'styles/' . rawurlencode($this->theme['imageset_path']) . '/imageset/' . ($this->img_array[$img]['image_lang'] ? $this->img_array[$img]['image_lang'] .'/' : '') . $this->img_array[$img]['image_filename'];
+			$path = 'styles/' . rawurlencode($this->theme['imageset_path']) . '/imageset/' . ($this->img_array[$img]['image_lang'] ? $this->img_array[$img]['image_lang'] .'/' : '') . $this->img_array[$img]['image_filename'];
+
+			$img_data['src'] = $root_path . $path;
 			$img_data['width'] = $this->img_array[$img]['image_width'];
 			$img_data['height'] = $this->img_array[$img]['image_height'];
+
+			// We overwrite the width and height to the phpbb logo's width
+			// and height here if the contents of the site_logo file are
+			// really equal to the phpbb_logo
+			// This allows us to change the dimensions of the phpbb_logo without
+			// modifying the imageset.cfg and causing a conflict for everyone
+			// who modified it for their custom logo on updating
+			if ($img == 'site_logo' && file_exists($phpbb_root_path . $path))
+			{
+				global $cache;
+
+				$img_file_hashes = $cache->get('imageset_site_logo_md5');
+
+				if ($img_file_hashes === false)
+				{
+					$img_file_hashes = array();
+				}
+
+				$key = $this->theme['imageset_path'] . '::' . $this->img_array[$img]['image_lang'];
+				if (!isset($img_file_hashes[$key]))
+				{
+					$img_file_hashes[$key] = md5(file_get_contents($phpbb_root_path . $path));
+					$cache->put('imageset_site_logo_md5', $img_file_hashes);
+				}
+
+				$phpbb_logo_hash = '0c461a32cd3621643105f0d02a772c10';
+
+				if ($phpbb_logo_hash == $img_file_hashes[$key])
+				{
+					$img_data['width'] = '149';
+					$img_data['height'] = '52';
+				}
+			}
 		}
 
 		$alt = (!empty($this->lang[$alt])) ? $this->lang[$alt] : $alt;

phpBB/includes/startup.php

@@ -0,0 +1,150 @@
+<?php
+/**
+*
+* @package phpBB3
+* @copyright (c) 2011 phpBB Group
+* @license http://opensource.org/licenses/gpl-license.php GNU Public License
+*
+*/
+
+/**
+*/
+if (!defined('IN_PHPBB'))
+{
+	exit;
+}
+
+// Report all errors, except notices and deprecation messages
+if (!defined('E_DEPRECATED'))
+{
+	define('E_DEPRECATED', 8192);
+}
+error_reporting(E_ALL & ~E_NOTICE & ~E_DEPRECATED);
+
+/*
+* Remove variables created by register_globals from the global scope
+* Thanks to Matt Kavanagh
+*/
+function deregister_globals()
+{
+	$not_unset = array(
+		'GLOBALS'	=> true,
+		'_GET'		=> true,
+		'_POST'		=> true,
+		'_COOKIE'	=> true,
+		'_REQUEST'	=> true,
+		'_SERVER'	=> true,
+		'_SESSION'	=> true,
+		'_ENV'		=> true,
+		'_FILES'	=> true,
+		'phpEx'		=> true,
+		'phpbb_root_path'	=> true
+	);
+
+	// Not only will array_merge and array_keys give a warning if
+	// a parameter is not an array, array_merge will actually fail.
+	// So we check if _SESSION has been initialised.
+	if (!isset($_SESSION) || !is_array($_SESSION))
+	{
+		$_SESSION = array();
+	}
+
+	// Merge all into one extremely huge array; unset this later
+	$input = array_merge(
+		array_keys($_GET),
+		array_keys($_POST),
+		array_keys($_COOKIE),
+		array_keys($_SERVER),
+		array_keys($_SESSION),
+		array_keys($_ENV),
+		array_keys($_FILES)
+	);
+
+	foreach ($input as $varname)
+	{
+		if (isset($not_unset[$varname]))
+		{
+			// Hacking attempt. No point in continuing unless it's a COOKIE (so a cookie called GLOBALS doesn't lock users out completely)
+			if ($varname !== 'GLOBALS' || isset($_GET['GLOBALS']) || isset($_POST['GLOBALS']) || isset($_SERVER['GLOBALS']) || isset($_SESSION['GLOBALS']) || isset($_ENV['GLOBALS']) || isset($_FILES['GLOBALS']))
+			{
+				exit;
+			}
+			else
+			{
+				$cookie = &$_COOKIE;
+				while (isset($cookie['GLOBALS']))
+				{
+					if (!is_array($cookie['GLOBALS']))
+					{
+						break;
+					}
+
+					foreach ($cookie['GLOBALS'] as $registered_var => $value)
+					{
+						if (!isset($not_unset[$registered_var]))
+						{
+							unset($GLOBALS[$registered_var]);
+						}
+					}
+					$cookie = &$cookie['GLOBALS'];
+				}
+			}
+		}
+
+		unset($GLOBALS[$varname]);
+	}
+
+	unset($input);
+}
+
+// If we are on PHP >= 6.0.0 we do not need some code
+if (version_compare(PHP_VERSION, '6.0.0-dev', '>='))
+{
+	/**
+	* @ignore
+	*/
+	define('STRIP', false);
+}
+else
+{
+	@set_magic_quotes_runtime(0);
+
+	// Be paranoid with passed vars
+	if (@ini_get('register_globals') == '1' || strtolower(@ini_get('register_globals')) == 'on' || !function_exists('ini_get'))
+	{
+		deregister_globals();
+	}
+
+	define('STRIP', (get_magic_quotes_gpc()) ? true : false);
+}
+
+// Prevent date/time functions from throwing E_WARNING on PHP 5.3 by setting a default timezone
+if (function_exists('date_default_timezone_set') && function_exists('date_default_timezone_get'))
+{
+	// For PHP 5.1.0 the date/time functions have been rewritten
+	// and setting a timezone is required prior to calling any date/time function.
+
+	// Since PHP 5.2.0 calls to date/time functions without having a timezone set
+	// result in E_STRICT errors being thrown.
+	// Note: We already exclude E_STRICT errors
+	// (to be exact: they are not included in E_ALL in PHP 5.2)
+
+	// In PHP 5.3.0 the error level has been raised to E_WARNING which causes problems
+	// because we show E_WARNING errors and do not set a default timezone.
+	// This is because we have our own timezone handling and work in UTC only anyway.
+
+	// So what we basically want to do is set our timezone to UTC,
+	// but we don't know what other scripts (such as bridges) are involved,
+	// so we check whether a timezone is already set by calling date_default_timezone_get().
+
+	// Unfortunately, date_default_timezone_get() itself might throw E_WARNING
+	// if no timezone has been set, so we have to keep it quiet with @.
+
+	// date_default_timezone_get() tries to guess the correct timezone first
+	// and then falls back to UTC when everything fails.
+	// We just set the timezone to whatever date_default_timezone_get() returns.
+	date_default_timezone_set(@date_default_timezone_get());
+}
+
+$starttime = explode(' ', microtime());
+$starttime = $starttime[1] + $starttime[0];

phpBB/includes/template.php

@@ -205,7 +205,7 @@ class template
 	{
 		global $user, $phpbb_hook;
 
-		if (!empty($phpbb_hook) && $phpbb_hook->call_hook(array(__CLASS__, __FUNCTION__), $handle, $include_once))
+		if (!empty($phpbb_hook) && $phpbb_hook->call_hook(array(__CLASS__, __FUNCTION__), $handle, $include_once, $this))
 		{
 			if ($phpbb_hook->hook_return(array(__CLASS__, __FUNCTION__)))
 			{
@@ -276,7 +276,7 @@ class template
 		$this->files_template[$handle] = (isset($user->theme['template_id'])) ? $user->theme['template_id'] : 0;
 
 		$recompile = false;
-		if (!file_exists($filename) || @filesize($filename) === 0)
+		if (!file_exists($filename) || @filesize($filename) === 0 || defined('DEBUG_EXTRA'))
 		{
 			$recompile = true;
 		}

phpBB/includes/ucp/ucp_activate.php

@@ -98,6 +98,13 @@ class ucp_activate
 				SET user_actkey = ''
 				WHERE user_id = {$user_row['user_id']}";
 			$db->sql_query($sql);
+
+			// Create the correct logs
+			add_log('user', $user_row['user_id'], 'LOG_USER_ACTIVE_USER');
+			if ($auth->acl_get('a_user'))
+			{
+				add_log('admin', 'LOG_USER_ACTIVE', $user_row['username']);
+			}
 		}
 
 		if ($config['require_activation'] == USER_ACTIVATION_ADMIN && !$update_password)

phpBB/includes/ucp/ucp_pm.php

@@ -115,7 +115,7 @@ class ucp_pm
 			case 'compose':
 				$action = request_var('action', 'post');
 
-				get_folder($user->data['user_id']);
+				$user_folders = get_folder($user->data['user_id']);
 
 				if (!$auth->acl_get('u_sendpm'))
 				{
@@ -130,7 +130,7 @@ class ucp_pm
 				}
 
 				include($phpbb_root_path . 'includes/ucp/ucp_pm_compose.' . $phpEx);
-				compose_pm($id, $mode, $action);
+				compose_pm($id, $mode, $action, $user_folders);
 
 				$tpl_file = 'posting_body';
 			break;

phpBB/includes/ucp/ucp_pm_compose.php

@@ -20,7 +20,7 @@ if (!defined('IN_PHPBB'))
 * Compose private message
 * Called from ucp_pm with mode == 'compose'
 */
-function compose_pm($id, $mode, $action)
+function compose_pm($id, $mode, $action, $user_folders = array())
 {
 	global $template, $db, $auth, $user;
 	global $phpbb_root_path, $phpEx, $config;
@@ -135,6 +135,7 @@ function compose_pm($id, $mode, $action)
 	}
 
 	$sql = '';
+	$folder_id = 0;
 
 	// What is all this following SQL for? Well, we need to know
 	// some basic information in all cases before we do anything.
@@ -398,7 +399,7 @@ function compose_pm($id, $mode, $action)
 	unset($message_text);
 
 	$s_action = append_sid("{$phpbb_root_path}ucp.$phpEx", "i=$id&mode=$mode&action=$action", true, $user->session_id);
-	$s_action .= ($msg_id) ? "&p=$msg_id" : '';
+	$s_action .= (($folder_id) ? "&f=$folder_id" : '') . (($msg_id) ? "&p=$msg_id" : '');
 
 	// Delete triggered ?
 	if ($action == 'delete')
@@ -741,10 +742,30 @@ function compose_pm($id, $mode, $action)
 			$msg_id = submit_pm($action, $subject, $pm_data);
 
 			$return_message_url = append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=pm&mode=view&p=' . $msg_id);
-			$return_folder_url = append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=pm&folder=outbox');
-			meta_refresh(3, $return_message_url);
+			$inbox_folder_url = append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=pm&folder=inbox');
+			$outbox_folder_url = append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=pm&folder=outbox');
 
-			$message = $user->lang['MESSAGE_STORED'] . '<br /><br />' . sprintf($user->lang['VIEW_PRIVATE_MESSAGE'], '<a href="' . $return_message_url . '">', '</a>') . '<br /><br />' . sprintf($user->lang['CLICK_RETURN_FOLDER'], '<a href="' . $return_folder_url . '">', '</a>', $user->lang['PM_OUTBOX']);
+			$folder_url = '';
+			if (($folder_id > 0) && isset($user_folders[$folder_id]))
+			{
+				$folder_url = append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=pm&amp;folder=' . $folder_id);
+			}
+
+			$return_box_url = ($action === 'post' || $action === 'edit') ? $outbox_folder_url : $inbox_folder_url;
+			$return_box_lang = ($action === 'post' || $action === 'edit') ? 'PM_OUTBOX' : 'PM_INBOX';
+
+
+			$message = $user->lang['MESSAGE_STORED'] . '<br /><br />' . sprintf($user->lang['VIEW_PRIVATE_MESSAGE'], '<a href="' . $return_message_url . '">', '</a>');
+
+			$last_click_type = 'CLICK_RETURN_FOLDER';
+			if ($folder_url)
+			{
+				$message .= '<br /><br />' . sprintf($user->lang['CLICK_RETURN_FOLDER'], '<a href="' . $folder_url . '">', '</a>', $user_folders[$folder_id]['folder_name']);
+				$last_click_type = 'CLICK_GOTO_FOLDER';
+			}
+			$message .= '<br /><br />' . sprintf($user->lang[$last_click_type], '<a href="' . $return_box_url . '">', '</a>', $user->lang[$return_box_lang]);
+
+			meta_refresh(3, $return_message_url);
 			trigger_error($message);
 		}
 

phpBB/includes/ucp/ucp_pm_viewfolder.php

@@ -169,6 +169,7 @@ function view_folder($id, $mode, $folder_id, $folder)
 					'PM_IMG'			=> ($row_indicator) ? $user->img('pm_' . $row_indicator, '') : '',
 					'ATTACH_ICON_IMG'	=> ($auth->acl_get('u_pm_download') && $row['message_attachment'] && $config['allow_pm_attach']) ? $user->img('icon_topic_attach', $user->lang['TOTAL_ATTACHMENTS']) : '',
 
+					'S_PM_UNREAD'		=> ($row['pm_unread']) ? true : false,
 					'S_PM_DELETED'		=> ($row['pm_deleted']) ? true : false,
 					'S_PM_REPORTED'		=> (isset($row['report_id'])) ? true : false,
 					'S_AUTHOR_DELETED'	=> ($row['author_id'] == ANONYMOUS) ? true : false,

phpBB/includes/ucp/ucp_pm_viewmessage.php

@@ -172,6 +172,8 @@ function view_message($id, $mode, $folder_id, $msg_id, $folder, $message_row)
 	// Number of "to" recipients
 	$num_recipients = (int) preg_match_all('/:?(u|g)_([0-9]+):?/', $message_row['to_address'], $match);
 
+	$bbcode_status	= ($config['allow_bbcode'] && $config['auth_bbcode_pm'] && $auth->acl_get('u_pm_bbcode')) ? true : false;
+
 	$template->assign_vars(array(
 		'MESSAGE_AUTHOR_FULL'		=> get_username_string('full', $author_id, $user_info['username'], $user_info['user_colour'], $user_info['username']),
 		'MESSAGE_AUTHOR_COLOUR'		=> get_username_string('colour', $author_id, $user_info['username'], $user_info['user_colour'], $user_info['username']),
@@ -206,7 +208,7 @@ function view_message($id, $mode, $folder_id, $msg_id, $folder, $message_row)
 
 		'U_PM'			=> ($config['allow_privmsg'] && $auth->acl_get('u_sendpm') && ($user_info['user_allow_pm'] || $auth->acl_gets('a_', 'm_') || $auth->acl_getf_global('m_'))) ? append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=pm&mode=compose&u=' . $author_id) : '',
 		'U_WWW'			=> (!empty($user_info['user_website'])) ? $user_info['user_website'] : '',
-		'U_ICQ'			=> ($user_info['user_icq']) ? 'http://www.icq.com/people/webmsg.php?to=' . urlencode($user_info['user_icq']) : '',
+		'U_ICQ'			=> ($user_info['user_icq']) ? 'http://www.icq.com/people' . urlencode($user_info['user_icq']) . '/' : '',
 		'U_AIM'			=> ($user_info['user_aim'] && $auth->acl_get('u_sendim')) ? append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=contact&action=aim&u=' . $author_id) : '',
 		'U_YIM'			=> ($user_info['user_yim']) ? 'http://edit.yahoo.com/config/send_webmesg?.target=' . urlencode($user_info['user_yim']) . '&.src=pg' : '',
 		'U_MSN'			=> ($user_info['user_msnm'] && $auth->acl_get('u_sendim')) ? append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=contact&action=msnm&u=' . $author_id) : '',
@@ -229,6 +231,7 @@ function view_message($id, $mode, $folder_id, $msg_id, $folder, $message_row)
 		'S_AUTHOR_DELETED'	=> ($author_id == ANONYMOUS) ? true : false,
 		'S_SPECIAL_FOLDER'	=> in_array($folder_id, array(PRIVMSGS_NO_BOX, PRIVMSGS_OUTBOX)),
 		'S_PM_RECIPIENTS'	=> $num_recipients,
+		'S_BBCODE_ALLOWED'	=> ($bbcode_status) ? 1 : 0,
 
 		'U_PRINT_PM'		=> ($config['print_pm'] && $auth->acl_get('u_pm_printpm')) ? "$url&f=$folder_id&p=" . $message_row['msg_id'] . "&view=print" : '',
 		'U_FORWARD_PM'		=> ($config['forward_pm'] && $auth->acl_get('u_sendpm') && $auth->acl_get('u_pm_forward')) ? "$url&mode=compose&action=forward&f=$folder_id&p=" . $message_row['msg_id'] : '')

phpBB/includes/ucp/ucp_prefs.php

@@ -65,7 +65,7 @@ class ucp_prefs
 
 					$error = validate_data($data, array(
 						'dateformat'	=> array('string', false, 1, 30),
-						'lang'			=> array('match', false, '#^[a-z0-9_\-]{2,}$#i'),
+						'lang'			=> array('language_iso_name'),
 						'tz'			=> array('num', false, -14, 14),
 					));
 

phpBB/includes/ucp/ucp_register.php

@@ -56,7 +56,7 @@ class ucp_register
 		{
 			$use_lang = ($change_lang) ? basename($change_lang) : basename($user_lang);
 
-			if (file_exists($user->lang_path . $use_lang . '/'))
+			if (!validate_language_iso_name($use_lang))
 			{
 				if ($change_lang)
 				{
@@ -210,7 +210,7 @@ class ucp_register
 					array('email')),
 				'email_confirm'		=> array('string', false, 6, 60),
 				'tz'				=> array('num', false, -14, 14),
-				'lang'				=> array('match', false, '#^[a-z_\-]{2,}$#i'),
+				'lang'				=> array('language_iso_name'),
 			));
 
 			if (!check_form_key('ucp_register'))

phpBB/install/convertors/convert_phpbb20.php

@@ -32,7 +32,7 @@ unset($dbpasswd);
 $convertor_data = array(
 	'forum_name'	=> 'phpBB 2.0.x',
 	'version'		=> '1.0.3',
-	'phpbb_version'	=> '3.0.8',
+	'phpbb_version'	=> '3.0.9',
 	'author'		=> '<a href="http://www.phpbb.com/">phpBB Group</a>',
 	'dbms'			=> $dbms,
 	'dbhost'		=> $dbhost,
@@ -134,7 +134,7 @@ $config_schema = array(
 		'avatar_filesize'		=> 'avatar_filesize',
 		'avatar_max_width'		=> 'avatar_max_width',
 		'avatar_max_height'		=> 'avatar_max_height',
-		'default_dateformat'	=> 'default_dateformat',
+		'default_dateformat'	=> 'phpbb_set_encoding(default_dateformat)',
 		'board_timezone'		=> 'board_timezone',
 		'allow_privmsg'			=> 'not(privmsg_disable)',
 		'gzip_compress'			=> 'gzip_compress',

phpBB/install/convertors/functions_phpbb20.php

@@ -94,6 +94,7 @@ function phpbb_insert_forums()
 	{
 		case 'mssql':
 		case 'mssql_odbc':
+		case 'mssqlnative':
 			$db->sql_query('SET IDENTITY_INSERT ' . FORUMS_TABLE . ' ON');
 		break;
 	}
@@ -291,6 +292,7 @@ function phpbb_insert_forums()
 
 		case 'mssql':
 		case 'mssql_odbc':
+		case 'mssqlnative':
 			$db->sql_query('SET IDENTITY_INSERT ' . FORUMS_TABLE . ' OFF');
 		break;
 
@@ -1727,6 +1729,7 @@ function phpbb_create_userconv_table()
 
 		case 'mssql':
 		case 'mssql_odbc':
+		case 'mssqlnative':
 			$map_dbms = 'mssql';
 		break;
 

phpBB/install/database_update.php

@@ -8,17 +8,21 @@
 *
 */
 
-$updates_to_version = '3.0.8';
+define('UPDATES_TO_VERSION', '3.0.9');
 
 // Enter any version to update from to test updates. The version within the db will not be updated.
-$debug_from_version = false;
+define('DEBUG_FROM_VERSION', false);
 
 // Which oldest version does this updater support?
-$oldest_from_version = '3.0.0';
+define('OLDEST_FROM_VERSION', '3.0.0');
 
 // Return if we "just include it" to find out for which version the database update is responsible for
 if (defined('IN_PHPBB') && defined('IN_INSTALL'))
 {
+	$updates_to_version = UPDATES_TO_VERSION;
+	$debug_from_version = DEBUG_FROM_VERSION;
+	$oldest_from_version = OLDEST_FROM_VERSION;
+
 	return;
 }
 
@@ -30,12 +34,32 @@ define('IN_INSTALL', true);
 $phpbb_root_path = (defined('PHPBB_ROOT_PATH')) ? PHPBB_ROOT_PATH : './../';
 $phpEx = substr(strrchr(__FILE__, '.'), 1);
 
-// Report all errors, except notices and deprecation messages
-if (!defined('E_DEPRECATED'))
+if (!function_exists('phpbb_require_updated'))
 {
-	define('E_DEPRECATED', 8192);
+	function phpbb_require_updated($path, $optional = false)
+	{
+		global $phpbb_root_path;
+
+		$new_path = $phpbb_root_path . 'install/update/new/' . $path;
+		$old_path = $phpbb_root_path . $path;
+
+		if (file_exists($new_path))
+		{
+			require($new_path);
+		}
+		else if (!$optional || file_exists($old_path))
+		{
+			require($old_path);
+		}
+	}
 }
-//error_reporting(E_ALL ^ E_NOTICE ^ E_DEPRECATED);
+
+phpbb_require_updated('includes/startup.' . $phpEx);
+
+$updates_to_version = UPDATES_TO_VERSION;
+$debug_from_version = DEBUG_FROM_VERSION;
+$oldest_from_version = OLDEST_FROM_VERSION;
+
 error_reporting(E_ALL);
 
 @set_time_limit(0);
@@ -68,28 +92,18 @@ require($phpbb_root_path . 'includes/auth.' . $phpEx);
 
 require($phpbb_root_path . 'includes/functions.' . $phpEx);
 
-if (file_exists($phpbb_root_path . 'includes/functions_content.' . $phpEx))
-{
-	require($phpbb_root_path . 'includes/functions_content.' . $phpEx);
-}
+phpbb_require_updated('includes/functions_content.' . $phpEx, true);
 
 require($phpbb_root_path . 'includes/functions_admin.' . $phpEx);
 require($phpbb_root_path . 'includes/constants.' . $phpEx);
 require($phpbb_root_path . 'includes/db/' . $dbms . '.' . $phpEx);
 require($phpbb_root_path . 'includes/utf/utf_tools.' . $phpEx);
 
-// If we are on PHP >= 6.0.0 we do not need some code
-if (version_compare(PHP_VERSION, '6.0.0-dev', '>='))
+// new table constants are separately defined here in case the updater is run
+// before the files are updated
+if (!defined('LOGIN_ATTEMPT_TABLE'))
 {
-	/**
-	* @ignore
-	*/
-	define('STRIP', false);
-}
-else
-{
-	@set_magic_quotes_runtime(0);
-	define('STRIP', (get_magic_quotes_gpc()) ? true : false);
+	define('LOGIN_ATTEMPT_TABLE', $table_prefix . 'login_attempts');
 }
 
 $user = new user();
@@ -227,7 +241,7 @@ if (empty($config['dbms_version']))
 	set_config('dbms_version', $db->sql_server_info(true));
 }
 
-// Firebird update from Firebord 2.0 to 2.1+ required?
+// Firebird update from Firebird 2.0 to 2.1+ required?
 if ($db->sql_layer == 'firebird')
 {
 	// We do not trust any PHP5 function enabled, we will simply test for a function new in 2.1
@@ -511,7 +525,7 @@ function _print_footer()
 	</div>
 
 	<div id="page-footer">
-		Powered by phpBB &copy; 2000, 2002, 2005, 2007 <a href="http://www.phpbb.com/">phpBB Group</a>
+		Powered by <a href="http://www.phpbb.com/">phpBB</a>&reg; Forum Software &copy; phpBB Group
 	</div>
 </div>
 
@@ -534,12 +548,23 @@ function _sql($sql, &$errored, &$error_ary, $echo_dot = true)
 
 	$db->sql_return_on_error(true);
 
-	$result = $db->sql_query($sql);
-	if ($db->sql_error_triggered)
+	if ($sql === 'begin')
 	{
-		$errored = true;
-		$error_ary['sql'][] = $db->sql_error_sql;
-		$error_ary['error_code'][] = $db->sql_error_returned;
+		$result = $db->sql_transaction('begin');
+	}
+	else if ($sql === 'commit')
+	{
+		$result = $db->sql_transaction('commit');
+	}
+	else
+	{
+		$result = $db->sql_query($sql);
+		if ($db->sql_error_triggered)
+		{
+			$errored = true;
+			$error_ary['sql'][] = $db->sql_error_sql;
+			$error_ary['error_code'][] = $db->sql_error_returned;
+		}
 	}
 
 	$db->sql_return_on_error(false);
@@ -916,6 +941,50 @@ function database_update_info()
 		'3.0.7-PL1'		=> array(),
 		// No changes from 3.0.8-RC1 to 3.0.8
 		'3.0.8-RC1'		=> array(),
+		// Changes from 3.0.8 to 3.0.9-RC1
+		'3.0.8'			=> array(
+			'add_tables'		=> array(
+				LOGIN_ATTEMPT_TABLE	=> array(
+					'COLUMNS'			=> array(
+						// this column was removed from the database updater
+						// after 3.0.9-RC3 was released. It might still exist
+						// in 3.0.9-RCX installations and has to be dropped in
+						// 3.0.10 after the db_tools class is capable of properly
+						// removing a primary key.
+						// 'attempt_id'			=> array('UINT', NULL, 'auto_increment'),
+						'attempt_ip'			=> array('VCHAR:40', ''),
+						'attempt_browser'		=> array('VCHAR:150', ''),
+						'attempt_forwarded_for'	=> array('VCHAR:255', ''),
+						'attempt_time'			=> array('TIMESTAMP', 0),
+						'user_id'				=> array('UINT', 0),
+						'username'				=> array('VCHAR_UNI:255', 0),
+						'username_clean'		=> array('VCHAR_CI', 0),
+					),
+					//'PRIMARY_KEY'		=> 'attempt_id',
+					'KEYS'				=> array(
+						'att_ip'			=> array('INDEX', array('attempt_ip', 'attempt_time')),
+						'att_for'	=> array('INDEX', array('attempt_forwarded_for', 'attempt_time')),
+						'att_time'			=> array('INDEX', array('attempt_time')),
+						'user_id'				=> array('INDEX', 'user_id'),
+					),
+				),
+			),
+			'change_columns'	=> array(
+				BBCODES_TABLE	=> array(
+					'bbcode_id'	=> array('USINT', 0),
+				),
+			),
+		),
+		// No changes from 3.0.9-RC1 to 3.0.9-RC2
+		'3.0.9-RC1'		=> array(),
+		// No changes from 3.0.9-RC2 to 3.0.9-RC3
+		'3.0.9-RC2'		=> array(),
+		// No changes from 3.0.9-RC3 to 3.0.9-RC4
+		'3.0.9-RC3'     => array(),
+		// No changes from 3.0.9-RC4 to 3.0.9
+		'3.0.9-RC4'     => array(),
+
+		/** @todo DROP LOGIN_ATTEMPT_TABLE.attempt_id in 3.0.10-RC1 */
 	);
 }
 
@@ -1858,6 +1927,71 @@ function change_database_data(&$no_updates, $version)
 		// No changes from 3.0.8-RC1 to 3.0.8
 		case '3.0.8-RC1':
 		break;
+
+		// Changes from 3.0.8 to 3.0.9-RC1
+		case '3.0.8':
+			set_config('ip_login_limit_max', '50');
+			set_config('ip_login_limit_time', '21600');
+			set_config('ip_login_limit_use_forwarded', '0');
+
+			// Update file extension group names to use language strings, again.
+			$sql = 'SELECT group_id, group_name
+				FROM ' . EXTENSION_GROUPS_TABLE . '
+				WHERE group_name ' . $db->sql_like_expression('EXT_GROUP_' . $db->any_char);
+			$result = $db->sql_query($sql);
+
+			while ($row = $db->sql_fetchrow($result))
+			{
+				$sql_ary = array(
+					'group_name'	=> substr($row['group_name'], 10), // Strip off 'EXT_GROUP_'
+				);
+
+				$sql = 'UPDATE ' . EXTENSION_GROUPS_TABLE . '
+					SET ' . $db->sql_build_array('UPDATE', $sql_ary) . '
+					WHERE group_id = ' . $row['group_id'];
+				_sql($sql, $errored, $error_ary);
+			}
+			$db->sql_freeresult($result);
+
+			global $db_tools, $table_prefix;
+
+			// Recover from potentially broken Q&A CAPTCHA table on firebird
+			// Q&A CAPTCHA was uninstallable, so it's safe to remove these
+			// without data loss
+			if ($db_tools->sql_layer == 'firebird')
+			{
+				$tables = array(
+					$table_prefix . 'captcha_questions',
+					$table_prefix . 'captcha_answers',
+					$table_prefix . 'qa_confirm',
+				);
+				foreach ($tables as $table)
+				{
+					if ($db_tools->sql_table_exists($table))
+					{
+						$db_tools->sql_table_drop($table);
+					}
+				}
+			}
+
+			$no_updates = false;
+		break;
+
+		// No changes from 3.0.9-RC1 to 3.0.9-RC2
+		case '3.0.9-RC1':
+		break;
+
+		// No changes from 3.0.9-RC2 to 3.0.9-RC3
+		case '3.0.9-RC2':
+		break;
+
+		// No changes from 3.0.9-RC3 to 3.0.9-RC4
+		case '3.0.9-RC3':
+		break;
+
+		// No changes from 3.0.9-RC4 to 3.0.9
+		case '3.0.9-RC4':
+		break;
 	}
 }
 
@@ -2192,6 +2326,271 @@ class updater_db_tools
 		}
 	}
 
+	/**
+	* Check if table exists
+	*
+	*
+	* @param string	$table_name	The table name to check for
+	* @return bool true if table exists, else false
+	*/
+	function sql_table_exists($table_name)
+	{
+		$this->db->sql_return_on_error(true);
+		$result = $this->db->sql_query_limit('SELECT * FROM ' . $table_name, 1);
+		$this->db->sql_return_on_error(false);
+
+		if ($result)
+		{
+			$this->db->sql_freeresult($result);
+			return true;
+		}
+
+		return false;
+	}
+
+	/**
+	* Create SQL Table
+	*
+	* @param string	$table_name	The table name to create
+	* @param array	$table_data	Array containing table data.
+	* @return array	Statements if $return_statements is true.
+	*/
+	function sql_create_table($table_name, $table_data)
+	{
+		// holds the DDL for a column
+		$columns = $statements = array();
+
+		if ($this->sql_table_exists($table_name))
+		{
+			return $this->_sql_run_sql($statements);
+		}
+
+		// Begin transaction
+		$statements[] = 'begin';
+
+		// Determine if we have created a PRIMARY KEY in the earliest
+		$primary_key_gen = false;
+
+		// Determine if the table must be created with TEXTIMAGE
+		$create_textimage = false;
+
+		// Determine if the table requires a sequence
+		$create_sequence = false;
+
+		// Begin table sql statement
+		switch ($this->sql_layer)
+		{
+			case 'mssql':
+			case 'mssqlnative':
+				$table_sql = 'CREATE TABLE [' . $table_name . '] (' . "\n";
+			break;
+
+			default:
+				$table_sql = 'CREATE TABLE ' . $table_name . ' (' . "\n";
+			break;
+		}
+
+		// Iterate through the columns to create a table
+		foreach ($table_data['COLUMNS'] as $column_name => $column_data)
+		{
+			// here lies an array, filled with information compiled on the column's data
+			$prepared_column = $this->sql_prepare_column_data($table_name, $column_name, $column_data);
+
+			if (isset($prepared_column['auto_increment']) && strlen($column_name) > 26) // "${column_name}_gen"
+			{
+				trigger_error("Index name '${column_name}_gen' on table '$table_name' is too long. The maximum auto increment column length is 26 characters.", E_USER_ERROR);
+			}
+
+			// here we add the definition of the new column to the list of columns
+			switch ($this->sql_layer)
+			{
+				case 'mssql':
+				case 'mssqlnative':
+					$columns[] = "\t [{$column_name}] " . $prepared_column['column_type_sql_default'];
+				break;
+
+				default:
+					$columns[] = "\t {$column_name} " . $prepared_column['column_type_sql'];
+				break;
+			}
+
+			// see if we have found a primary key set due to a column definition if we have found it, we can stop looking
+			if (!$primary_key_gen)
+			{
+				$primary_key_gen = isset($prepared_column['primary_key_set']) && $prepared_column['primary_key_set'];
+			}
+
+			// create textimage DDL based off of the existance of certain column types
+			if (!$create_textimage)
+			{
+				$create_textimage = isset($prepared_column['textimage']) && $prepared_column['textimage'];
+			}
+
+			// create sequence DDL based off of the existance of auto incrementing columns
+			if (!$create_sequence && isset($prepared_column['auto_increment']) && $prepared_column['auto_increment'])
+			{
+				$create_sequence = $column_name;
+			}
+		}
+
+		// this makes up all the columns in the create table statement
+		$table_sql .= implode(",\n", $columns);
+
+		// Close the table for two DBMS and add to the statements
+		switch ($this->sql_layer)
+		{
+			case 'firebird':
+				$table_sql .= "\n);";
+				$statements[] = $table_sql;
+			break;
+
+			case 'mssql':
+			case 'mssqlnative':
+				$table_sql .= "\n) ON [PRIMARY]" . (($create_textimage) ? ' TEXTIMAGE_ON [PRIMARY]' : '');
+				$statements[] = $table_sql;
+			break;
+		}
+
+		// we have yet to create a primary key for this table,
+		// this means that we can add the one we really wanted instead
+		if (!$primary_key_gen)
+		{
+			// Write primary key
+			if (isset($table_data['PRIMARY_KEY']))
+			{
+				if (!is_array($table_data['PRIMARY_KEY']))
+				{
+					$table_data['PRIMARY_KEY'] = array($table_data['PRIMARY_KEY']);
+				}
+
+				switch ($this->sql_layer)
+				{
+					case 'mysql_40':
+					case 'mysql_41':
+					case 'postgres':
+					case 'sqlite':
+						$table_sql .= ",\n\t PRIMARY KEY (" . implode(', ', $table_data['PRIMARY_KEY']) . ')';
+					break;
+
+					case 'firebird':
+					case 'mssql':
+					case 'mssqlnative':
+						// We need the data here
+						$old_return_statements = $this->return_statements;
+						$this->return_statements = true;
+
+						$primary_key_stmts = $this->sql_create_primary_key($table_name, $table_data['PRIMARY_KEY']);
+						foreach ($primary_key_stmts as $pk_stmt)
+						{
+							$statements[] = $pk_stmt;
+						}
+
+						$this->return_statements = $old_return_statements;
+					break;
+
+					case 'oracle':
+						$table_sql .= ",\n\t CONSTRAINT pk_{$table_name} PRIMARY KEY (" . implode(', ', $table_data['PRIMARY_KEY']) . ')';
+					break;
+				}
+			}
+		}
+
+		// close the table
+		switch ($this->sql_layer)
+		{
+			case 'mysql_41':
+				// make sure the table is in UTF-8 mode
+				$table_sql .= "\n) CHARACTER SET `utf8` COLLATE `utf8_bin`;";
+				$statements[] = $table_sql;
+			break;
+
+			case 'mysql_40':
+			case 'sqlite':
+				$table_sql .= "\n);";
+				$statements[] = $table_sql;
+			break;
+
+			case 'postgres':
+				// do we need to add a sequence for auto incrementing columns?
+				if ($create_sequence)
+				{
+					$statements[] = "CREATE SEQUENCE {$table_name}_seq;";
+				}
+
+				$table_sql .= "\n);";
+				$statements[] = $table_sql;
+			break;
+
+			case 'oracle':
+				$table_sql .= "\n)";
+				$statements[] = $table_sql;
+
+				// do we need to add a sequence and a tigger for auto incrementing columns?
+				if ($create_sequence)
+				{
+					// create the actual sequence
+					$statements[] = "CREATE SEQUENCE {$table_name}_seq";
+
+					// the trigger is the mechanism by which we increment the counter
+					$trigger = "CREATE OR REPLACE TRIGGER t_{$table_name}\n";
+					$trigger .= "BEFORE INSERT ON {$table_name}\n";
+					$trigger .= "FOR EACH ROW WHEN (\n";
+					$trigger .= "\tnew.{$create_sequence} IS NULL OR new.{$create_sequence} = 0\n";
+					$trigger .= ")\n";
+					$trigger .= "BEGIN\n";
+					$trigger .= "\tSELECT {$table_name}_seq.nextval\n";
+					$trigger .= "\tINTO :new.{$create_sequence}\n";
+					$trigger .= "\tFROM dual;\n";
+					$trigger .= "END;";
+
+					$statements[] = $trigger;
+				}
+			break;
+
+			case 'firebird':
+				if ($create_sequence)
+				{
+					$statements[] = "CREATE GENERATOR {$table_name}_gen;";
+					$statements[] = "SET GENERATOR {$table_name}_gen TO 0;";
+
+					$trigger = "CREATE TRIGGER t_$table_name FOR $table_name\n";
+					$trigger .= "BEFORE INSERT\nAS\nBEGIN\n";
+					$trigger .= "\tNEW.{$create_sequence} = GEN_ID({$table_name}_gen, 1);\nEND;";
+					$statements[] = $trigger;
+				}
+			break;
+		}
+
+		// Write Keys
+		if (isset($table_data['KEYS']))
+		{
+			foreach ($table_data['KEYS'] as $key_name => $key_data)
+			{
+				if (!is_array($key_data[1]))
+				{
+					$key_data[1] = array($key_data[1]);
+				}
+
+				$old_return_statements = $this->return_statements;
+				$this->return_statements = true;
+
+				$key_stmts = ($key_data[0] == 'UNIQUE') ? $this->sql_create_unique_index($table_name, $key_name, $key_data[1]) : $this->sql_create_index($table_name, $key_name, $key_data[1]);
+
+				foreach ($key_stmts as $key_stmt)
+				{
+					$statements[] = $key_stmt;
+				}
+
+				$this->return_statements = $old_return_statements;
+			}
+		}
+
+		// Commit Transaction
+		$statements[] = 'commit';
+
+		return $this->_sql_run_sql($statements);
+	}
+
 	/**
 	* Handle passed database update array.
 	* Expected structure...
@@ -2229,6 +2628,19 @@ class updater_db_tools
 			$sqlite = true;
 		}
 
+		// Add tables?
+		if (!empty($schema_changes['add_tables']))
+		{
+			foreach ($schema_changes['add_tables'] as $table => $table_data)
+			{
+				$result = $this->sql_create_table($table, $table_data);
+				if ($this->return_statements)
+				{
+					$statements = array_merge($statements, $result);
+				}
+			}
+		}
+
 		// Change columns?
 		if (!empty($schema_changes['change_columns']))
 		{
@@ -2978,6 +3390,11 @@ class updater_db_tools
 	*/
 	function sql_prepare_column_data($table_name, $column_name, $column_data)
 	{
+		if (strlen($column_name) > 30)
+		{
+			trigger_error("Column name '$column_name' on table '$table_name' is too long. The maximum is 30 characters.", E_USER_ERROR);
+		}
+
 		// Get type
 		if (strpos($column_data[0], ':') !== false)
 		{
@@ -3551,6 +3968,13 @@ class updater_db_tools
 	{
 		$statements = array();
 
+		$table_prefix = substr(CONFIG_TABLE, 0, -6); // strlen(config)
+		if (strlen($table_name . $index_name) - strlen($table_prefix) > 24)
+		{
+			$max_length = $table_prefix + 24;
+			trigger_error("Index name '{$table_name}_$index_name' on table '$table_name' is too long. The maximum is $max_length characters.", E_USER_ERROR);
+		}
+
 		switch ($this->sql_layer)
 		{
 			case 'firebird':
@@ -3581,6 +4005,13 @@ class updater_db_tools
 	{
 		$statements = array();
 
+		$table_prefix = substr(CONFIG_TABLE, 0, -6); // strlen(config)
+		if (strlen($table_name . $index_name) - strlen($table_prefix) > 24)
+		{
+			$max_length = $table_prefix + 24;
+			trigger_error("Index name '{$table_name}_$index_name' on table '$table_name' is too long. The maximum is $max_length characters.", E_USER_ERROR);
+		}
+
 		// remove index length unless MySQL4
 		if ('mysql_40' != $this->sql_layer)
 		{

phpBB/install/index.php

@@ -18,110 +18,30 @@ define('IN_INSTALL', true);
 $phpbb_root_path = (defined('PHPBB_ROOT_PATH')) ? PHPBB_ROOT_PATH : './../';
 $phpEx = substr(strrchr(__FILE__, '.'), 1);
 
-// Report all errors, except notices and deprecation messages
-if (!defined('E_DEPRECATED'))
-{
-	define('E_DEPRECATED', 8192);
-}
-error_reporting(E_ALL ^ E_NOTICE ^ E_DEPRECATED);
-
 // @todo Review this test and see if we can find out what it is which prevents PHP 4.2.x from even displaying the page with requirements on it
 if (version_compare(PHP_VERSION, '4.3.3') < 0)
 {
 	die('You are running an unsupported PHP version. Please upgrade to PHP 4.3.3 or higher before trying to install phpBB 3.0');
 }
 
-/*
-* Remove variables created by register_globals from the global scope
-* Thanks to Matt Kavanagh
-*/
-function deregister_globals()
+function phpbb_require_updated($path, $optional = false)
 {
-	$not_unset = array(
-		'GLOBALS'	=> true,
-		'_GET'		=> true,
-		'_POST'		=> true,
-		'_COOKIE'	=> true,
-		'_REQUEST'	=> true,
-		'_SERVER'	=> true,
-		'_SESSION'	=> true,
-		'_ENV'		=> true,
-		'_FILES'	=> true,
-		'phpEx'		=> true,
-		'phpbb_root_path'	=> true
-	);
+	global $phpbb_root_path;
 
-	// Not only will array_merge and array_keys give a warning if
-	// a parameter is not an array, array_merge will actually fail.
-	// So we check if _SESSION has been initialised.
-	if (!isset($_SESSION) || !is_array($_SESSION))
+	$new_path = $phpbb_root_path . 'install/update/new/' . $path;
+	$old_path = $phpbb_root_path . $path;
+
+	if (file_exists($new_path))
 	{
-		$_SESSION = array();
+		require($new_path);
 	}
-
-	// Merge all into one extremely huge array; unset this later
-	$input = array_merge(
-		array_keys($_GET),
-		array_keys($_POST),
-		array_keys($_COOKIE),
-		array_keys($_SERVER),
-		array_keys($_SESSION),
-		array_keys($_ENV),
-		array_keys($_FILES)
-	);
-
-	foreach ($input as $varname)
+	else if (!$optional || file_exists($old_path))
 	{
-		if (isset($not_unset[$varname]))
-		{
-			// Hacking attempt. No point in continuing unless it's a COOKIE
-			if ($varname !== 'GLOBALS' || isset($_GET['GLOBALS']) || isset($_POST['GLOBALS']) || isset($_SERVER['GLOBALS']) || isset($_SESSION['GLOBALS']) || isset($_ENV['GLOBALS']) || isset($_FILES['GLOBALS']))
-			{
-				exit;
-			}
-			else
-			{
-				$cookie = &$_COOKIE;
-				while (isset($cookie['GLOBALS']))
-				{
-					foreach ($cookie['GLOBALS'] as $registered_var => $value)
-					{
-						if (!isset($not_unset[$registered_var]))
-						{
-							unset($GLOBALS[$registered_var]);
-						}
-					}
-					$cookie = &$cookie['GLOBALS'];
-				}
-			}
-		}
-
-		unset($GLOBALS[$varname]);
+		require($old_path);
 	}
-
-	unset($input);
 }
 
-// If we are on PHP >= 6.0.0 we do not need some code
-if (version_compare(PHP_VERSION, '6.0.0-dev', '>='))
-{
-	/**
-	* @ignore
-	*/
-	define('STRIP', false);
-}
-else
-{
-	@set_magic_quotes_runtime(0);
-
-	// Be paranoid with passed vars
-	if (@ini_get('register_globals') == '1' || strtolower(@ini_get('register_globals')) == 'on')
-	{
-		deregister_globals();
-	}
-
-	define('STRIP', (get_magic_quotes_gpc()) ? true : false);
-}
+phpbb_require_updated('includes/startup.' . $phpEx);
 
 // Try to override some limits - maybe it helps some...
 @set_time_limit(0);
@@ -154,10 +74,7 @@ else
 // Include essential scripts
 require($phpbb_root_path . 'includes/functions.' . $phpEx);
 
-if (file_exists($phpbb_root_path . 'includes/functions_content.' . $phpEx))
-{
-	require($phpbb_root_path . 'includes/functions_content.' . $phpEx);
-}
+phpbb_require_updated('includes/functions_content.' . $phpEx, true);
 
 include($phpbb_root_path . 'includes/auth.' . $phpEx);
 include($phpbb_root_path . 'includes/session.' . $phpEx);
@@ -652,7 +569,7 @@ class module
 		echo '		</div>';
 		echo '	</div>';
 		echo '	<div id="page-footer">';
-		echo '		Powered by phpBB &copy; 2000, 2002, 2005, 2007 <a href="http://www.phpbb.com/">phpBB Group</a>';
+		echo '		Powered by <a href="http://www.phpbb.com/">phpBB</a>&reg; Forum Software &copy; phpBB Group';
 		echo '	</div>';
 		echo '</div>';
 		echo '</body>';

phpBB/install/install_install.php

@@ -1882,7 +1882,7 @@ class install_install extends module
 
 			if (!$user_id)
 			{
-				// If we can't insert this user then continue to the next one to avoid inconsistant data
+				// If we can't insert this user then continue to the next one to avoid inconsistent data
 				$this->p_master->db_error('Unable to insert bot into users table', $db->sql_error_sql, __LINE__, __FILE__, true);
 				continue;
 			}

phpBB/install/schemas/firebird_schema.sql

@@ -1,5 +1,5 @@
 #
-# $Id$
+# $Id: $
 #
 
 
@@ -545,6 +545,22 @@ BEGIN
 END;;
 
 
+# Table: 'phpbb_login_attempts'
+CREATE TABLE phpbb_login_attempts (
+	attempt_ip VARCHAR(40) CHARACTER SET NONE DEFAULT '' NOT NULL,
+	attempt_browser VARCHAR(150) CHARACTER SET NONE DEFAULT '' NOT NULL,
+	attempt_forwarded_for VARCHAR(255) CHARACTER SET NONE DEFAULT '' NOT NULL,
+	attempt_time INTEGER DEFAULT 0 NOT NULL,
+	user_id INTEGER DEFAULT 0 NOT NULL,
+	username VARCHAR(255) CHARACTER SET UTF8 DEFAULT 0 NOT NULL COLLATE UNICODE,
+	username_clean VARCHAR(255) CHARACTER SET UTF8 DEFAULT 0 NOT NULL COLLATE UNICODE
+);;
+
+CREATE INDEX phpbb_login_attempts_att_ip ON phpbb_login_attempts(attempt_ip, attempt_time);;
+CREATE INDEX phpbb_login_attempts_att_for ON phpbb_login_attempts(attempt_forwarded_for, attempt_time);;
+CREATE INDEX phpbb_login_attempts_att_time ON phpbb_login_attempts(attempt_time);;
+CREATE INDEX phpbb_login_attempts_user_id ON phpbb_login_attempts(user_id);;
+
 # Table: 'phpbb_moderator_cache'
 CREATE TABLE phpbb_moderator_cache (
 	forum_id INTEGER DEFAULT 0 NOT NULL,

phpBB/install/schemas/mssql_schema.sql

@@ -1,6 +1,6 @@
 /*
 
- $Id$
+ $Id: $
 
 */
 
@@ -649,6 +649,33 @@ CREATE  INDEX [user_id] ON [phpbb_log]([user_id]) ON [PRIMARY]
 GO
 
 
+/*
+	Table: 'phpbb_login_attempts'
+*/
+CREATE TABLE [phpbb_login_attempts] (
+	[attempt_ip] [varchar] (40) DEFAULT ('') NOT NULL ,
+	[attempt_browser] [varchar] (150) DEFAULT ('') NOT NULL ,
+	[attempt_forwarded_for] [varchar] (255) DEFAULT ('') NOT NULL ,
+	[attempt_time] [int] DEFAULT (0) NOT NULL ,
+	[user_id] [int] DEFAULT (0) NOT NULL ,
+	[username] [varchar] (255) DEFAULT (0) NOT NULL ,
+	[username_clean] [varchar] (255) DEFAULT (0) NOT NULL 
+) ON [PRIMARY]
+GO
+
+CREATE  INDEX [att_ip] ON [phpbb_login_attempts]([attempt_ip], [attempt_time]) ON [PRIMARY]
+GO
+
+CREATE  INDEX [att_for] ON [phpbb_login_attempts]([attempt_forwarded_for], [attempt_time]) ON [PRIMARY]
+GO
+
+CREATE  INDEX [att_time] ON [phpbb_login_attempts]([attempt_time]) ON [PRIMARY]
+GO
+
+CREATE  INDEX [user_id] ON [phpbb_login_attempts]([user_id]) ON [PRIMARY]
+GO
+
+
 /*
 	Table: 'phpbb_moderator_cache'
 */
@@ -1730,3 +1757,4 @@ ALTER TABLE [phpbb_zebra] WITH NOCHECK ADD
 	)  ON [PRIMARY] 
 GO
 
+

phpBB/install/schemas/mysql_40_schema.sql

@@ -1,5 +1,5 @@
 #
-# $Id$
+# $Id: $
 #
 
 # Table: 'phpbb_attachments'
@@ -110,7 +110,7 @@ CREATE TABLE phpbb_banlist (
 
 # Table: 'phpbb_bbcodes'
 CREATE TABLE phpbb_bbcodes (
-	bbcode_id tinyint(3) DEFAULT '0' NOT NULL,
+	bbcode_id smallint(4) UNSIGNED DEFAULT '0' NOT NULL,
 	bbcode_tag varbinary(16) DEFAULT '' NOT NULL,
 	bbcode_helpline blob NOT NULL,
 	display_on_posting tinyint(1) UNSIGNED DEFAULT '0' NOT NULL,
@@ -369,6 +369,22 @@ CREATE TABLE phpbb_log (
 );
 
 
+# Table: 'phpbb_login_attempts'
+CREATE TABLE phpbb_login_attempts (
+	attempt_ip varbinary(40) DEFAULT '' NOT NULL,
+	attempt_browser varbinary(150) DEFAULT '' NOT NULL,
+	attempt_forwarded_for varbinary(255) DEFAULT '' NOT NULL,
+	attempt_time int(11) UNSIGNED DEFAULT '0' NOT NULL,
+	user_id mediumint(8) UNSIGNED DEFAULT '0' NOT NULL,
+	username blob NOT NULL,
+	username_clean blob NOT NULL,
+	KEY att_ip (attempt_ip, attempt_time),
+	KEY att_for (attempt_forwarded_for, attempt_time),
+	KEY att_time (attempt_time),
+	KEY user_id (user_id)
+);
+
+
 # Table: 'phpbb_moderator_cache'
 CREATE TABLE phpbb_moderator_cache (
 	forum_id mediumint(8) UNSIGNED DEFAULT '0' NOT NULL,

phpBB/install/schemas/mysql_41_schema.sql

@@ -1,5 +1,5 @@
 #
-# $Id$
+# $Id: $
 #
 
 # Table: 'phpbb_attachments'
@@ -110,7 +110,7 @@ CREATE TABLE phpbb_banlist (
 
 # Table: 'phpbb_bbcodes'
 CREATE TABLE phpbb_bbcodes (
-	bbcode_id tinyint(3) DEFAULT '0' NOT NULL,
+	bbcode_id smallint(4) UNSIGNED DEFAULT '0' NOT NULL,
 	bbcode_tag varchar(16) DEFAULT '' NOT NULL,
 	bbcode_helpline varchar(255) DEFAULT '' NOT NULL,
 	display_on_posting tinyint(1) UNSIGNED DEFAULT '0' NOT NULL,
@@ -369,6 +369,22 @@ CREATE TABLE phpbb_log (
 ) CHARACTER SET `utf8` COLLATE `utf8_bin`;
 
 
+# Table: 'phpbb_login_attempts'
+CREATE TABLE phpbb_login_attempts (
+	attempt_ip varchar(40) DEFAULT '' NOT NULL,
+	attempt_browser varchar(150) DEFAULT '' NOT NULL,
+	attempt_forwarded_for varchar(255) DEFAULT '' NOT NULL,
+	attempt_time int(11) UNSIGNED DEFAULT '0' NOT NULL,
+	user_id mediumint(8) UNSIGNED DEFAULT '0' NOT NULL,
+	username varchar(255) DEFAULT '0' NOT NULL,
+	username_clean varchar(255) DEFAULT '0' NOT NULL,
+	KEY att_ip (attempt_ip, attempt_time),
+	KEY att_for (attempt_forwarded_for, attempt_time),
+	KEY att_time (attempt_time),
+	KEY user_id (user_id)
+) CHARACTER SET `utf8` COLLATE `utf8_bin`;
+
+
 # Table: 'phpbb_moderator_cache'
 CREATE TABLE phpbb_moderator_cache (
 	forum_id mediumint(8) UNSIGNED DEFAULT '0' NOT NULL,

phpBB/install/schemas/oracle_schema.sql

@@ -1,6 +1,6 @@
 /*
 
- $Id$
+ $Id: $
 
 */
 
@@ -254,7 +254,7 @@ END;
 	Table: 'phpbb_bbcodes'
 */
 CREATE TABLE phpbb_bbcodes (
-	bbcode_id number(3) DEFAULT '0' NOT NULL,
+	bbcode_id number(4) DEFAULT '0' NOT NULL,
 	bbcode_tag varchar2(16) DEFAULT '' ,
 	bbcode_helpline varchar2(765) DEFAULT '' ,
 	display_on_posting number(1) DEFAULT '0' NOT NULL,
@@ -740,6 +740,29 @@ END;
 /
 
 
+/*
+	Table: 'phpbb_login_attempts'
+*/
+CREATE TABLE phpbb_login_attempts (
+	attempt_ip varchar2(40) DEFAULT '' ,
+	attempt_browser varchar2(150) DEFAULT '' ,
+	attempt_forwarded_for varchar2(255) DEFAULT '' ,
+	attempt_time number(11) DEFAULT '0' NOT NULL,
+	user_id number(8) DEFAULT '0' NOT NULL,
+	username varchar2(765) DEFAULT '0' NOT NULL,
+	username_clean varchar2(255) DEFAULT '0' NOT NULL
+)
+/
+
+CREATE INDEX phpbb_login_attempts_att_ip ON phpbb_login_attempts (attempt_ip, attempt_time)
+/
+CREATE INDEX phpbb_login_attempts_att_for ON phpbb_login_attempts (attempt_forwarded_for, attempt_time)
+/
+CREATE INDEX phpbb_login_attempts_att_time ON phpbb_login_attempts (attempt_time)
+/
+CREATE INDEX phpbb_login_attempts_user_id ON phpbb_login_attempts (user_id)
+/
+
 /*
 	Table: 'phpbb_moderator_cache'
 */