Merge remote-tracking branch 'phpbb-security/ticket/security-180' into prep-release-3.0.14

* phpbb-security/ticket/security-180:
  [ticket/security-180] Add tests for redirecting to main URL
  [ticket/security-180] Always fail when redirecting to an insecure URL
  [ticket/security-180] Make sure that redirect goes to full URL plus slash
  [ticket/security-180] Check if redirect URL contains board URL

.travis.yml

@@ -1,6 +1,5 @@
 language: php
 php:
-  - 5.2
   - 5.3.3
   - 5.3
   - 5.4
@@ -17,17 +16,16 @@ before_script:
   - sh -c "if [ '$DB' = 'mariadb' ]; then travis/setup-mariadb.sh; fi"
   - sh -c "if [ '$TRAVIS_PHP_VERSION' = '5.3' -a '$DB' = 'mysql' ]; then mysql -e 'SET GLOBAL storage_engine=MyISAM;'; fi"
   - sh -c "if [ '$DB' = 'mysql' -o '$DB' = 'mariadb' ]; then mysql -e 'create database IF NOT EXISTS phpbb_tests;'; fi"
-  - sh -c "if [ '$TRAVIS_PHP_VERSION' = '5.2' ]; then pear install --force phpunit/DbUnit; phpenv rehash; fi"
   - cd phpBB
-  - sh -c "if [ '$TRAVIS_PHP_VERSION' != '5.2' ]; then php ../composer.phar install --dev --no-interaction --prefer-source; fi"
+  - php ../composer.phar install --dev --no-interaction --prefer-source
   - cd ..
   - sh -c "if [ `php -r "echo (int) version_compare(PHP_VERSION, '5.3.19', '>=');"` = "1" ]; then travis/setup-webserver.sh; fi"
-  - sh -c "if [ '$TRAVIS_PHP_VERSION' = '5.5' -a '$DB' = 'mysql' ]; then sudo apt-get update; sudo apt-get install -y parallel libimage-exiftool-perl; fi"
+  - sh -c "if [ '$TRAVIS_PHP_VERSION' = '5.3.3' -a '$DB' = 'mysql' ]; then sudo apt-get update; sudo apt-get install -y parallel libimage-exiftool-perl; fi"
 
 script:
-  - sh -c "if [ '$TRAVIS_PHP_VERSION' = '5.2' ]; then phpunit --configuration travis/phpunit-$DB-5-2-travis.xml; else phpBB/vendor/bin/phpunit --configuration travis/phpunit-$DB-travis.xml; fi"
-  - sh -c "if [ '$TRAVIS_PHP_VERSION' = '5.5' -a '$DB' = 'mysql' -a '$TRAVIS_PULL_REQUEST' != 'false' ]; then git-tools/commit-msg-hook-range.sh origin/$TRAVIS_BRANCH..FETCH_HEAD; fi"
-  - sh -c "if [ '$TRAVIS_PHP_VERSION' = '5.5' -a '$DB' = 'mysql' ]; then find . -type f -not -path './phpBB/vendor/*' -iregex '.*\.\(gif\|jpg\|jpeg\|png\)$' | parallel --gnu --keep-order 'phpBB/develop/strip_icc_profiles.sh {}' || exit 1; fi"
+  - phpBB/vendor/bin/phpunit --configuration travis/phpunit-$DB-travis.xml
+  - sh -c "if [ '$TRAVIS_PHP_VERSION' = '5.3.3' -a '$DB' = 'mysql' -a '$TRAVIS_PULL_REQUEST' != 'false' ]; then git-tools/commit-msg-hook-range.sh origin/$TRAVIS_BRANCH..FETCH_HEAD; fi"
+  - sh -c "if [ '$TRAVIS_PHP_VERSION' = '5.3.3' -a '$DB' = 'mysql' ]; then find . -type f -not -path './phpBB/vendor/*' -iregex '.*\.\(gif\|jpg\|jpeg\|png\)$' | parallel --gnu --keep-order 'phpBB/develop/strip_icc_profiles.sh {}' || exit 1; fi"
 
 matrix:
   include:

README.md

@@ -19,9 +19,9 @@ Find support and lots more on [phpBB.com](http://www.phpbb.com)! Discuss the dev
 
 We have unit and functional tests in order to prevent regressions. You can view the bamboo continuous integration [here](http://bamboo.phpbb.com) or check our travis build below:
 
-* develop [![Build Status](https://secure.travis-ci.org/phpbb/phpbb.png?branch=develop)](http://travis-ci.org/phpbb/phpbb)
-* develop-ascraeus [![Build Status](https://secure.travis-ci.org/phpbb/phpbb.png?branch=develop-ascraeus)](http://travis-ci.org/phpbb/phpbb)
-* develop-olympus [![Build Status](https://secure.travis-ci.org/phpbb/phpbb.png?branch=develop-olympus)](http://travis-ci.org/phpbb/phpbb)
+* [![Build Status](https://secure.travis-ci.org/phpbb/phpbb.png?branch=master)](http://travis-ci.org/phpbb/phpbb) **master** - Latest development version
+* [![Build Status](https://secure.travis-ci.org/phpbb/phpbb.png?branch=3.1.x)](http://travis-ci.org/phpbb/phpbb) **3.1.x** - Development of version 3.1.x
+* [![Build Status](https://secure.travis-ci.org/phpbb/phpbb.png?branch=3.0.x)](http://travis-ci.org/phpbb/phpbb) **3.0.x** - Development of version 3.0.x
 
 ## LICENSE
 

build/build.xml

@@ -2,9 +2,9 @@
 
 <project name="phpBB" description="The phpBB forum software" default="all" basedir="../">
 	<!-- a few settings for the build -->
-	<property name="newversion" value="3.0.13-dev" />
-	<property name="prevversion" value="3.0.12" />
-	<property name="olderversions" value="3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.0.7, 3.0.7-PL1, 3.0.8, 3.0.9, 3.0.10, 3.0.11" />
+	<property name="newversion" value="3.0.14-RC1" />
+	<property name="prevversion" value="3.0.13-PL1" />
+	<property name="olderversions" value="3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.0.7, 3.0.7-PL1, 3.0.8, 3.0.9, 3.0.10, 3.0.11, 3.0.12, 3.0.13" />
 	<!-- no configuration should be needed beyond this point -->
 
 	<property name="oldversions" value="${olderversions}, ${prevversion}" />
@@ -73,9 +73,16 @@
 			passthru="true" />
 	</target>
 
+	<!-- Builds docs for current branch into build/api/output/master -->
 	<target name="docs">
 		<exec dir="."
-			command="phpBB/vendor/bin/sami.php update build/sami.conf.php"
+			command="phpBB/vendor/bin/sami.php update build/sami-checkout.conf.php"
+			passthru="true" />
+	</target>
+	<!-- Builds docs for multiple branches/tags into build/api/output/$branch -->
+	<target name="docs-all">
+		<exec dir="."
+			command="phpBB/vendor/bin/sami.php update build/sami-all.conf.php"
 			passthru="true" />
 	</target>
 

build/sami-all.conf.php

@@ -0,0 +1,30 @@
+<?php
+/**
+*
+* This file is part of the phpBB Forum Software package.
+*
+* @copyright (c) phpBB Limited <https://www.phpbb.com>
+* @license GNU General Public License, version 2 (GPL-2.0)
+*
+* For full copyright and license information, please see
+* the docs/CREDITS.txt file.
+*
+*/
+
+require __DIR__ . '/sami-checkout.conf.php';
+
+$config['versions'] = Sami\Version\GitVersionCollection::create(__DIR__ . '/../')
+	/*
+	This would be nice, but currently causes various problems that need
+	debugging.
+	->addFromTags('release-3.0.*')
+	->add('3.0.x', '3.0-next (olympus)')
+	->addFromTags('release-3.1.*')
+	->add('3.1.x', '3.1-next (ascraeus)')
+	->add('master')
+	*/
+	->add('3.0.x')
+	->add('3.1.x')
+;
+
+return new Sami\Sami($iterator, $config);

build/sami-checkout.conf.php

@@ -1,7 +1,14 @@
 <?php
 /**
-* @copyright (c) 2014 phpBB Group
-* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2
+*
+* This file is part of the phpBB Forum Software package.
+*
+* @copyright (c) phpBB Limited <https://www.phpbb.com>
+* @license GNU General Public License, version 2 (GPL-2.0)
+*
+* For full copyright and license information, please see
+* the docs/CREDITS.txt file.
+*
 */
 
 // Prevent 'Class "acm" does not exist.' exception on removeClass().
@@ -24,27 +31,14 @@ $iterator = Symfony\Component\Finder\Finder::create()
 	->notPath('data')
 ;
 
-$versions = Sami\Version\GitVersionCollection::create(__DIR__ . '/../')
-	/*
-	This would be nice, but currently causes various problems that need
-	debugging.
-	->addFromTags('release-3.0.*')
-	->add('develop-olympus', '3.0-next (olympus)')
-	->addFromTags('release-3.1.*')
-	->add('develop-ascraeus', '3.1-next (ascraeus)')
-	->add('develop')
-	*/
-	->add('develop-olympus')
-	->add('develop-ascraeus')
-;
-
-return new Sami\Sami($iterator, array(
+$config = array(
 	'theme'                => 'enhanced',
-	'versions'             => $versions,
 	'title'                => 'phpBB API Documentation',
 	'build_dir'            => __DIR__.'/api/output/%version%',
 	'cache_dir'            => __DIR__.'/api/cache/%version%',
 	'default_opened_level' => 2,
 	// Do not use JsonStore. See https://github.com/fabpot/Sami/issues/79
 	'store'                => new PhpbbArrayStore,
-));
+);
+
+return new Sami\Sami($iterator, $config);

phpBB/adm/index.php

@@ -524,6 +524,9 @@ function validate_config_vars($config_vars, &$cfg_array, &$error)
 
 				$cfg_array[$config_name] = trim($destination);
 
+			// Absolute file path
+			case 'absolute_path':
+			case 'absolute_path_writable':
 			// Path being relative (still prefixed by phpbb_root_path), but with the ability to escape the root dir...
 			case 'path':
 			case 'wpath':
@@ -542,20 +545,22 @@ function validate_config_vars($config_vars, &$cfg_array, &$error)
 					break;
 				}
 
-				if (!file_exists($phpbb_root_path . $cfg_array[$config_name]))
+				$path = in_array($config_definition['validate'], array('wpath', 'path', 'rpath', 'rwpath')) ? $phpbb_root_path . $cfg_array[$config_name] : $cfg_array[$config_name];
+
+				if (!file_exists($path))
 				{
 					$error[] = sprintf($user->lang['DIRECTORY_DOES_NOT_EXIST'], $cfg_array[$config_name]);
 				}
 
-				if (file_exists($phpbb_root_path . $cfg_array[$config_name]) && !is_dir($phpbb_root_path . $cfg_array[$config_name]))
+				if (file_exists($path) && !is_dir($path))
 				{
 					$error[] = sprintf($user->lang['DIRECTORY_NOT_DIR'], $cfg_array[$config_name]);
 				}
 
 				// Check if the path is writable
-				if ($config_definition['validate'] == 'wpath' || $config_definition['validate'] == 'rwpath')
+				if ($config_definition['validate'] == 'wpath' || $config_definition['validate'] == 'rwpath' || $config_definition['validate'] === 'absolute_path_writable')
 				{
-					if (file_exists($phpbb_root_path . $cfg_array[$config_name]) && !phpbb_is_writable($phpbb_root_path . $cfg_array[$config_name]))
+					if (file_exists($path) && !phpbb_is_writable($path))
 					{
 						$error[] = sprintf($user->lang['DIRECTORY_NOT_WRITABLE'], $cfg_array[$config_name]);
 					}

phpBB/adm/style/acp_update.html

@@ -19,7 +19,7 @@
 	<!-- ENDIF -->
 
 	<!-- IF NEXT_FEATURE_VERSION -->
-		<div class="errorbox">
+		<div class="errorbox notice">
 			<p>{UPGRADE_INSTRUCTIONS}</p>
 		</div>
 	<!-- ENDIF -->

phpBB/composer.lock

@@ -10,21 +10,21 @@
     "packages-dev": [
         {
             "name": "fabpot/goutte",
-            "version": "v1.0.3",
+            "version": "v1.0.7",
             "source": {
                 "type": "git",
-                "url": "https://github.com/fabpot/Goutte.git",
-                "reference": "75c9f23c4122caf4ea3e87a42a00b471366e707f"
+                "url": "https://github.com/FriendsOfPHP/Goutte.git",
+                "reference": "794b196e76bdd37b5155cdecbad311f0a3b07625"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/fabpot/Goutte/zipball/75c9f23c4122caf4ea3e87a42a00b471366e707f",
-                "reference": "75c9f23c4122caf4ea3e87a42a00b471366e707f",
+                "url": "https://api.github.com/repos/FriendsOfPHP/Goutte/zipball/794b196e76bdd37b5155cdecbad311f0a3b07625",
+                "reference": "794b196e76bdd37b5155cdecbad311f0a3b07625",
                 "shasum": ""
             },
             "require": {
                 "ext-curl": "*",
-                "guzzle/http": ">=3.0.5,<3.8-dev",
+                "guzzle/http": "~3.1",
                 "php": ">=5.3.0",
                 "symfony/browser-kit": "~2.1",
                 "symfony/css-selector": "~2.1",
@@ -33,8 +33,8 @@
                 "symfony/process": "~2.1"
             },
             "require-dev": {
-                "guzzle/plugin-history": ">=3.0.5,<3.8-dev",
-                "guzzle/plugin-mock": ">=3.0.5,<3.8-dev"
+                "guzzle/plugin-history": "~3.1",
+                "guzzle/plugin-mock": "~3.1"
             },
             "type": "application",
             "extra": {
@@ -54,9 +54,7 @@
             "authors": [
                 {
                     "name": "Fabien Potencier",
-                    "email": "fabien@symfony.com",
-                    "homepage": "http://fabien.potencier.org",
-                    "role": "Lead Developer"
+                    "email": "fabien@symfony.com"
                 }
             ],
             "description": "A simple PHP Web Scraper",
@@ -64,7 +62,7 @@
             "keywords": [
                 "scraper"
             ],
-            "time": "2013-08-16 06:03:22"
+            "time": "2014-10-09 15:52:51"
         },
         {
             "name": "guzzle/common",
@@ -899,16 +897,16 @@
         },
         {
             "name": "sami/sami",
-            "version": "v1.3",
+            "version": "v1.4",
             "source": {
                 "type": "git",
-                "url": "https://github.com/fabpot/Sami.git",
-                "reference": "76f2ed80b3420f7e2f6dcd5b7218b5a5781f4110"
+                "url": "https://github.com/FriendsOfPHP/Sami.git",
+                "reference": "70f29c781f7bef30181c814b9471b2ceac694454"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/fabpot/Sami/zipball/76f2ed80b3420f7e2f6dcd5b7218b5a5781f4110",
-                "reference": "76f2ed80b3420f7e2f6dcd5b7218b5a5781f4110",
+                "url": "https://api.github.com/repos/FriendsOfPHP/Sami/zipball/70f29c781f7bef30181c814b9471b2ceac694454",
+                "reference": "70f29c781f7bef30181c814b9471b2ceac694454",
                 "shasum": ""
             },
             "require": {
@@ -929,7 +927,7 @@
             "type": "application",
             "extra": {
                 "branch-alias": {
-                    "dev-master": "1.3-dev"
+                    "dev-master": "1.4-dev"
                 }
             },
             "autoload": {
@@ -944,9 +942,7 @@
             "authors": [
                 {
                     "name": "Fabien Potencier",
-                    "email": "fabien@symfony.com",
-                    "homepage": "http://fabien.potencier.org",
-                    "role": "Lead Developer"
+                    "email": "fabien@symfony.com"
                 }
             ],
             "description": "Sami, an API documentation generator",
@@ -954,7 +950,7 @@
             "keywords": [
                 "phpdoc"
             ],
-            "time": "2013-11-30 17:16:25"
+            "time": "2014-06-25 11:24:03"
         },
         {
             "name": "sebastian/comparator",

phpBB/docs/AUTHORS

@@ -24,10 +24,10 @@ phpBB Lead Developer:  naderman (Nils Adermann)
 
 phpBB Developers:      bantu (Andreas Fischer)
                        dhruv.goel92 (Dhruv Goel)
-                       EXreaction (Nathan Guse)
+                       Elsensee (Oliver Schramm)
                        marc1706 (Marc Alexander)
                        nickvergessen (Joas Schilling)
-                       nicofuma (Tristan Darricau)
+                       Nicofuma (Tristan Darricau)
                        prototech (Cesar Gallegos)
 
 Contributions by:      leviatan21 (Gabriel Vazquez)
@@ -52,6 +52,7 @@ phpBB Developers:      A_Jelly_Doughnut (Josh Woody) [01/2010 - 11/2010]
                        ckwalsh (Cullen Walsh)        [01/2010 - 07/2011]
                        DavidMJ (David M.)            [12/2005 - 08/2009]
                        dhn (Dominik Dröscher)        [05/2007 - 01/2011]
+                       EXreaction (Nathan Guse)      [07/2012 - 05/2014]
                        GrahamJE (Graham Eames)       [09/2005 - 11/2006]
                        igorw (Igor Wiedler)          [08/2010 - 02/2013]
                        imkingdavid (David King)      [11/2012 - 06/2014]

phpBB/docs/CHANGELOG.html

@@ -52,7 +52,10 @@
 
 <ol>
 	<li><a href="#changelog">Changelog</a>
-	<ol style="list-style-type: lower-roman;">
+	<ul>
+		<li><a href="#v3013-PL1">Changes since 3.0.13-PL1</a></li>
+		<li><a href="#v3013">Changes since 3.0.13</a></li>
+		<li><a href="#v3012">Changes since 3.0.12</a></li>
 		<li><a href="#v3011">Changes since 3.0.11</a></li>
 		<li><a href="#v3010">Changes since 3.0.10</a></li>
 		<li><a href="#v309">Changes since 3.0.9</a></li>
@@ -74,7 +77,7 @@
 		<li><a href="#v30rc3">Changes since RC-3</a></li>
 		<li><a href="#v30rc2">Changes since RC-2</a></li>
 		<li><a href="#v30rc1">Changes since RC-1</a></li>
-	</ol>
+	</ul>
 	</li>
 	<li><a href="#disclaimer">Copyright and disclaimer</a></li>
 </ol>
@@ -93,7 +96,177 @@
 
 		<div class="content">
 
-	<a name="v3011"></a><h3>1.i. Changes since 3.0.11</h3>
+	<a name="v3013-PL1"></a><h3>Changes since 3.0.13-PL1</h3>
+
+<h4>Bug</h4>
+<ul>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13348">PHPBB3-13348</a>] - sql_freeresult() should be called in feed base class</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13414">PHPBB3-13414</a>] - download/file.php sends Content-Length header even when issuing 304 Not Modified</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13555">PHPBB3-13555</a>] - Poll options preview rendered incorrectly by &lt;br /&gt; collision</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13568">PHPBB3-13568</a>] - Imagick path validated as relative path although ACP asks for absolute path</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13617">PHPBB3-13617</a>] - Bot session continuation with invalid f= query parameter causes SQL error</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13738">PHPBB3-13738</a>] - Sami still refers to develop-* branches</li>
+</ul>
+<h4>Improvement</h4>
+<ul>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12089">PHPBB3-12089</a>] - Make HTTP status code assertion failure messages more informative</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13765">PHPBB3-13765</a>] - Verify that SERVER_PROTOCOL has the expected format</li>
+</ul>
+<h4>Task</h4>
+<ul>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11539">PHPBB3-11539</a>] - Add unit tests for several functions in functions.php</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13572">PHPBB3-13572</a>] - Upgrade composer to 1.0.0-alpha9</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13599">PHPBB3-13599</a>] - Remove PHP 5.2 Travis environment</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13634">PHPBB3-13634</a>] - Update README to show new branch names</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13723">PHPBB3-13723</a>] - Update docs/AUTHORS for 3.0.14-RC1 / 3.1.4-RC1</li>
+</ul>
+
+	<a name="v3013"></a><h3>Changes since 3.0.13</h3>
+
+<h4>Bug</h4>
+<ul>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12933">PHPBB3-12933</a>] - The search operator for partial matches does not work</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13549">PHPBB3-13549</a>] - Compare ORIG_PATH_INFO with SCRIPT_NAME for checking trailing paths</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13554">PHPBB3-13554</a>] - Advertisement of feature release in red indicates a problem</li>
+</ul>
+
+	<a name="v3012"></a><h3>Changes since 3.0.12</h3>
+
+<h4>Security</h4>
+<ul>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13531">PHPBB3-13531</a>] - Disallow trailing paths (e.g. using the PATH_INFO feature) to prevent path-relative CSS injection</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13526">PHPBB3-13526</a>] - Correctly validate ucp_pm_options form key</li>
+</ul>
+<h4>Bug</h4>
+<ul>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-6703">PHPBB3-6703</a>] - Problem with russian letter while converting from 2.0.x</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-8960">PHPBB3-8960</a>] - Allow changing allow_avatar_remote when images/avatars/upload is not writable</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-9420">PHPBB3-9420</a>] - BBCode - Unable to use a proper URI token</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-9724">PHPBB3-9724</a>] - Wrong return &quot;Return to ACP&quot;</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-9725">PHPBB3-9725</a>] - MSSQL Schema is not azure compatible</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10023">PHPBB3-10023</a>] - Password change requirement notification in UCP is not noticable</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10423">PHPBB3-10423</a>] - Searching for the term &quot;test *&quot; will highlight nearly every word and displays htmlspecialchars as htmlentities.</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10442">PHPBB3-10442</a>] - XHTML is invalid when a forum link without redirect counter is present</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10687">PHPBB3-10687</a>] - UNABLE_GET_IMAGE_SIZE text misleading for remote avatars</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10729">PHPBB3-10729</a>] - Post editor information is not updated when user being deleted with posts</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10776">PHPBB3-10776</a>] - Grammar errors in docs/README.html</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10796">PHPBB3-10796</a>] - SQL Azure does not allow SELECT FROM sysfiles</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10851">PHPBB3-10851</a>] - HTML files containing certain tags being rejected as possible attack vectors with &quot;Check attachment file&quot; set to &quot;No&quot;</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10863">PHPBB3-10863</a>] - Permission mask does not accurately show some forum permissions if user has MOD parmissions</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10917">PHPBB3-10917</a>] - Updater notice &quot;Update files are out of date...&quot; when updating to unreleased version</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10985">PHPBB3-10985</a>] - Error bbcode.html not found when updating with custom style inheriting from prosilver</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11062">PHPBB3-11062</a>] - In Automatic Update, new language strings from install.php are only loaded from English</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11224">PHPBB3-11224</a>] - SQL cache destroy does not destroy queries to tables joined</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11288">PHPBB3-11288</a>] - &quot;Fulltext native&quot; search fooled by hyphens</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11480">PHPBB3-11480</a>] - Prevent Private Message system from returning &quot;Unknown folder&quot; when inbox folder is full</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11613">PHPBB3-11613</a>] - Cookies do not work for netbios domain</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11686">PHPBB3-11686</a>] - Not checking for phpBB Debug errors on functional tests</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11699">PHPBB3-11699</a>] - PHP Lint Test should exclude selected subdirectories of the build directory.</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11726">PHPBB3-11726</a>] - Don't run lint tests on Travis on postgres</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11762">PHPBB3-11762</a>] - generate_text_for_display() treats &quot;0&quot; as an empty string</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11789">PHPBB3-11789</a>] - Inline css with color value in subsilver2</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11794">PHPBB3-11794</a>] - Coding Guidelines document says to place a comma after every array element, but fails to do so itself</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11799">PHPBB3-11799</a>] - Anti Abuse Headers missing for sendpassword</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11811">PHPBB3-11811</a>] - Chrome 30 adds outline to focused elements</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11821">PHPBB3-11821</a>] - Wrong comma usage &quot;You are receiving this notification&quot;</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11823">PHPBB3-11823</a>] - Travis-CI webserver not matching PHP files with anything after the .php</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11829">PHPBB3-11829</a>] - Closed reports may seem open in detailed view</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11860">PHPBB3-11860</a>] - .htaccess not working for Apache 2.4</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11864">PHPBB3-11864</a>] - Do not call exit after display_progress_bar in acp_forums</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11879">PHPBB3-11879</a>] - Compatibility error in forum_fn.js: .live should be replaced with .on</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11968">PHPBB3-11968</a>] - Travis Image are broken due to repository rename</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12037">PHPBB3-12037</a>] - acp_inactive.html has hard-coded text</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12048">PHPBB3-12048</a>] - Custom BBCodes Fail to Render Language Strings with a Number</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12061">PHPBB3-12061</a>] - Keyboard shortcut alt+h doesn't work properly in firefox</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12072">PHPBB3-12072</a>] - Missing word &quot;send&quot; in comment in schema_data.sql</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12093">PHPBB3-12093</a>] - IE 11 javascript selection is no longer supported</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12118">PHPBB3-12118</a>] - Add noindex meta tag to subsilver2 pm/topic view-print template</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12119">PHPBB3-12119</a>] - Remove keywords and description meta tags from prosilver view-print templates</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12120">PHPBB3-12120</a>] - Update docs/AUTHORS for 3.0.13-RC1</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12140">PHPBB3-12140</a>] - Avoid endless loop in build script</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12161">PHPBB3-12161</a>] - build/save directories are no longer created</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12162">PHPBB3-12162</a>] - Binary files missing from update packages</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12176">PHPBB3-12176</a>] - No error shown when attempting to delete a founder</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12186">PHPBB3-12186</a>] - MCP should open &quot;Reported posts&quot; instead of PM Reports</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12188">PHPBB3-12188</a>] - Add php 5.6 to travis tests</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12202">PHPBB3-12202</a>] - Variables read from style.cfg etc. should be htmlspecialchared</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12205">PHPBB3-12205</a>] - Custom Profile Field display bug</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12210">PHPBB3-12210</a>] - dbtools::sql_create_table incorrectly throws error related to auto-increment length on non auto-increment fields</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12310">PHPBB3-12310</a>] - SMTP username and password should not autocomplete during install</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12316">PHPBB3-12316</a>] - develop-ascraeus build status missing from &quot;Automated Testing&quot; section in README.md</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12353">PHPBB3-12353</a>] - User attachments in ACP are not displaying every attachment</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12359">PHPBB3-12359</a>] - Day and Month of Birthday Misaligned When Editing</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12381">PHPBB3-12381</a>] - Broken error message when selecting invalid DB driver</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12397">PHPBB3-12397</a>] - db_tools::sql_unique_index_exists() has wrong doc block</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12429">PHPBB3-12429</a>] - Update phpunit to 3.8+</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12467">PHPBB3-12467</a>] - Add config_*.php  and tests_config_*.php to .gitignore</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12472">PHPBB3-12472</a>] - Set fast finish for .travis.yml</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12485">PHPBB3-12485</a>] - Broken tests due to absolute exclude</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12492">PHPBB3-12492</a>] - DB_TEST: Special chars are not supported.</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12540">PHPBB3-12540</a>] - WRONG_FILESIZE contains broken placeholders</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12660">PHPBB3-12660</a>] - Undefined offset error when phpinfo() disabled and debug enabled</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12695">PHPBB3-12695</a>] - Undefined index: MISSING_INLINE_ATTACHMENT notice given when viewing post details</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12720">PHPBB3-12720</a>] - Git commit hook should not require commit message to start with a capital letter</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12741">PHPBB3-12741</a>] - Functional tests on Travis fail since php update last night</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12755">PHPBB3-12755</a>] - Remote upload stuck in infinite loop if server sends keep-alive</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13086">PHPBB3-13086</a>] - Update ACP_MASS_EMAIL_EXPLAIN language key</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13096">PHPBB3-13096</a>] - ldap_escape() added to PHP 5.6.0</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13138">PHPBB3-13138</a>] - Banned users cause infinite recursion</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13168">PHPBB3-13168</a>] - Warning displayed in PHP 5.6 for mbstring.http_input</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13234">PHPBB3-13234</a>] - Remember me cookie gets unset by admin reauthentication</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13341">PHPBB3-13341</a>] - Tests fail when generating coverage report</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13376">PHPBB3-13376</a>] - deregister_globals() does not work correctly when $_COOKIE['GLOBALS'] - is specified</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13519">PHPBB3-13519</a>] - Correctly validate imagick path as path and not string</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13523">PHPBB3-13523</a>] - PHP 5.2 Unit Tests no longer work due to deprecated PHPUnit PEAR channel</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13527">PHPBB3-13527</a>] - Escape information received from version server</li>
+</ul>
+<h4>Improvement</h4>
+<ul>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10037">PHPBB3-10037</a>] - Add Smiley Buttons in Signature Editor</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10174">PHPBB3-10174</a>] - Rename &quot;Ban usernames&quot; to &quot;Ban users&quot; in ACP</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10549">PHPBB3-10549</a>] - Languages variables should be used, not hardcoded</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10555">PHPBB3-10555</a>] - Copyright notice in overall_header.html is not translatable</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10945">PHPBB3-10945</a>] - Show entered search query in the search box when no results are found.</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11254">PHPBB3-11254</a>] - Check CRLF line endings in the test suite</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11295">PHPBB3-11295</a>] - Drop tables for postgres in the test suite</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11297">PHPBB3-11297</a>] - Running tests doc should mention dbunit dependency</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11704">PHPBB3-11704</a>] - phing build script does not include vendor folder, even if there are dependencies</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11766">PHPBB3-11766</a>] - Remove Quote and Edit button when topic is lock</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11801">PHPBB3-11801</a>] - missing semi colons in css</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11814">PHPBB3-11814</a>] - Topic reply notification email text change</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12035">PHPBB3-12035</a>] - Add a link to user's posts in the ACP user overview page</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12106">PHPBB3-12106</a>] - Document exceptions to &quot;Disable Board&quot; in ACP.</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12146">PHPBB3-12146</a>] - Add color demo when editing a group from the UCP</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12247">PHPBB3-12247</a>] - include poster's username in email notifications of posts that get approved by moderators</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12259">PHPBB3-12259</a>] - Too many redundant tests are run on Travis</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12468">PHPBB3-12468</a>] - Allow mbstring.http_input='' besides 'pass' for PHP 5.6 compatibility</li>
+</ul>
+<h4>Task</h4>
+<ul>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10839">PHPBB3-10839</a>] - Remove phpunit.xml.functional and always include functional tests</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11509">PHPBB3-11509</a>] - Travis should check commit message format</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11876">PHPBB3-11876</a>] - Upgrade package checksums from MD5 to SHA256</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11877">PHPBB3-11877</a>] - Create package download links and checksums for announcement via script</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11920">PHPBB3-11920</a>] - Add MariaDB tests to Travis-CI</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11951">PHPBB3-11951</a>] - Add MariaDB to supported RDBMS list</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11970">PHPBB3-11970</a>] - Use 'set -x' in Travis CI setup scripts</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12046">PHPBB3-12046</a>] - Use PHP_BINARY environment variable in lint unit test</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12056">PHPBB3-12056</a>] - Make sure each unit test runs on its own</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12147">PHPBB3-12147</a>] - Remove Travis CI notification configuration</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12302">PHPBB3-12302</a>] - Upgrade composer.phar to 1.0.0-alpha8</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12318">PHPBB3-12318</a>] - Correctly setup HHVM functional tests on Travis CI</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12319">PHPBB3-12319</a>] - Backport Travis CI HHVM environment enabling to develop-olympus.</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12320">PHPBB3-12320</a>] - No longer allow Travis CI HHVM environment to fail</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12341">PHPBB3-12341</a>] - Add tests for get_username_string()</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12384">PHPBB3-12384</a>] - Run Travis CI HHVM tests against MySQLi instead of MySQL</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12417">PHPBB3-12417</a>] - hhvm-nightly 2014.04.16~precise breaks tests</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12495">PHPBB3-12495</a>] - Add Sami to composer dependencies and build script</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12582">PHPBB3-12582</a>] - Strip away copyrighted ICC profile from images</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12917">PHPBB3-12917</a>] - Move commit check and file executable checks to 5.3.3 build on travis</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13324">PHPBB3-13324</a>] - Composer no longer downloads sami/sami and fabpot/goutte</li>
+</ul>
+
+	<a name="v3011"></a><h3>Changes since 3.0.11</h3>
 
 <h4>Bug</h4>
 <ul>
@@ -248,7 +421,7 @@
 <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11753">PHPBB3-11753</a>] - Upgrade mysql_upgrader.php schema data.</li>
 </ul>
 
-	<a name="v3010"></a><h3>1.ii. Changes since 3.0.10</h3>
+	<a name="v3010"></a><h3>Changes since 3.0.10</h3>
 
 <h4>Bug</h4>
 <ul>
@@ -373,7 +546,7 @@
 <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10909">PHPBB3-10909</a>] - Update Travis Test Configuration: Travis no longer supports PHP 5.3.2</li>
 </ul>
 
-	<a name="v309"></a><h3>1.iii. Changes since 3.0.9</h3>
+	<a name="v309"></a><h3>Changes since 3.0.9</h3>
 
 <h4>Bug</h4>
 <ul>
@@ -509,7 +682,7 @@
 <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10480">PHPBB3-10480</a>] - Automate changelog building</li>
 </ul>
 
-	<a name="v308"></a><h3>1.iv. Changes since 3.0.8</h3>
+	<a name="v308"></a><h3>Changes since 3.0.8</h3>
 
 <h4>        Bug
 </h4>
@@ -574,7 +747,7 @@
 </li>
 <li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9924'>PHPBB3-9924</a>] -         $template-&gt;display hook does not pass $template instance
 </li>
-<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9925'>PHPBB3-9925</a>] -         prosilver logo margin bug in IE 6-7-8 
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9925'>PHPBB3-9925</a>] -         prosilver logo margin bug in IE 6-7-8
 </li>
 <li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9928'>PHPBB3-9928</a>] -         Do not link &quot;login to your board&quot; to the &quot;send statistics&quot; page after completed update.
 </li>
@@ -582,7 +755,7 @@
 </li>
 <li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9932'>PHPBB3-9932</a>] -         The Bing bot is not added when converting.
 </li>
-<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9933'>PHPBB3-9933</a>] -         Wrong handling of consecutive multiple asterisks in word censor 
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9933'>PHPBB3-9933</a>] -         Wrong handling of consecutive multiple asterisks in word censor
 </li>
 <li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9934'>PHPBB3-9934</a>] -         Mass Mail missing under the system tab on a fresh install
 </li>
@@ -594,7 +767,7 @@
 </li>
 <li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9948'>PHPBB3-9948</a>] -         Inline quicktime files won&#39;t display
 </li>
-<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9949'>PHPBB3-9949</a>] -         $user-&gt;lang() is not handling arguments as per documentation 
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9949'>PHPBB3-9949</a>] -         $user-&gt;lang() is not handling arguments as per documentation
 </li>
 <li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9950'>PHPBB3-9950</a>] -         Problem with localized button images after uprading from 3.0.7-PL1 to 3.0.8
 </li>
@@ -757,7 +930,7 @@
 <li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10250'>PHPBB3-10250</a>] -         phpBB Logo needs the Registered Trademark Symbol
 </li>
 </ul>
-    
+
 <h4>        Improvement
 </h4>
 <ul>
@@ -814,7 +987,7 @@
 <li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10186'>PHPBB3-10186</a>] -         UCP signature panel displays when not authed for signatures
 </li>
 </ul>
-    
+
 <h4>        New Feature
 </h4>
 <ul>
@@ -825,7 +998,7 @@
 <li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10110'>PHPBB3-10110</a>] -         Redis caching module
 </li>
 </ul>
-    
+
 <h4>        Task
 </h4>
 <ul>
@@ -864,7 +1037,7 @@
 <li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10107'>PHPBB3-10107</a>] -         Improve docs for non-apache webserver configuration
 </li>
 </ul>
-    
+
 <h4>        Sub-task
 </h4>
 <ul>
@@ -877,7 +1050,7 @@
 </ul>
 
 
-	<a name="v307-PL1"></a><h3>1.v. Changes since 3.0.7-PL1</h3>
+	<a name="v307-PL1"></a><h3>Changes since 3.0.7-PL1</h3>
 <h4>        Security
 </h4>
 <ul>
@@ -1335,13 +1508,13 @@
 </ul>
 
 
-	<a name="v307"></a><h3>1.vi. Changes since 3.0.7</h3>
+	<a name="v307"></a><h3>Changes since 3.0.7</h3>
 
 	<ul>
 		<li>[Sec] Do not expose forum content of forums with ACL entries but no actual permission in ATOM Feeds. (Bug #58595)</li>
 	</ul>
 
-	<a name="v306"></a><h3>1.vii. Changes since 3.0.6</h3>
+	<a name="v306"></a><h3>Changes since 3.0.6</h3>
 
 	<ul>
 		<li>[Fix] Allow ban reason and length to be selected and copied in ACP and subsilver2 MCP. (Bug #51095)</li>
@@ -1445,7 +1618,7 @@
 
 	</ul>
 
-	<a name="v305"></a><h3>1.viii. Changes since 3.0.5</h3>
+	<a name="v305"></a><h3>Changes since 3.0.5</h3>
 
 	<ul>
 		<li>[Fix] Allow whitespaces in avatar gallery names. (Bug #44955)</li>
@@ -1667,7 +1840,7 @@
 		<li>[Feature] Send anonymous statistical information to phpBB on installation and update (optional).</li>
 	</ul>
 
-	<a name="v304"></a><h3>1.ix. Changes since 3.0.4</h3>
+	<a name="v304"></a><h3>Changes since 3.0.4</h3>
 
 	<ul>
 		<li>[Fix] Delete user entry from ban list table upon user deletion (Bug #40015 - Patch by TerraFrost)</li>
@@ -1756,7 +1929,7 @@
 		<li>[Sec] Only use forum id supplied for posting if global announcement detected. (Reported by nickvergessen)</li>
 	</ul>
 
-	<a name="v303"></a><h3>1.x. Changes since 3.0.3</h3>
+	<a name="v303"></a><h3>Changes since 3.0.3</h3>
 
 	<ul>
 		<li>[Fix] Allow mixed-case template directories to be inherited (Bug #36725)</li>
@@ -1788,7 +1961,7 @@
 		<li>[Sec] Ask for forum password if post within passworded forum quoted in private message. (Reported by nickvergessen)</li>
 	</ul>
 
-	<a name="v302"></a><h3>1.xi. Changes since 3.0.2</h3>
+	<a name="v302"></a><h3>Changes since 3.0.2</h3>
 
 	<ul>
 		<li>[Fix] Correctly set topic starter if first post in topic removed (Bug #30575 - Patch by blueray2048)</li>
@@ -1887,7 +2060,7 @@
 		<li>[Sec Precaution] Stricter validation of the HTTP_HOST header (Thanks to Techie-Micheal et al for pointing out possible issues in derived code)</li>
 	</ul>
 
-	<a name="v301"></a><h3>1.xii. Changes since 3.0.1</h3>
+	<a name="v301"></a><h3>Changes since 3.0.1</h3>
 
 	<ul>
 		<li>[Fix] Ability to set permissions on non-mysql dbms (Bug #24955)</li>
@@ -1935,7 +2108,7 @@
 		<li>[Sec] Only allow urls gone through redirect() being used within login_box(). (thanks nookieman)</li>
 	</ul>
 
-	<a name="v300"></a><h3>1.xiii Changes since 3.0.0</h3>
+	<a name="v300"></a><h3>Changes since 3.0.0</h3>
 
 	<ul>
 		<li>[Change] Validate birthdays (Bug #15004)</li>
@@ -2006,7 +2179,7 @@
 		<li>[Fix] Find and display colliding usernames correctly when converting from one database to another (Bug #23925)</li>
 	</ul>
 
-	<a name="v30rc8"></a><h3>1.xiv. Changes since 3.0.RC8</h3>
+	<a name="v30rc8"></a><h3>Changes since 3.0.RC8</h3>
 
 	<ul>
 		<li>[Fix] Cleaned usernames contain only single spaces, so &quot;a_name&quot; and &quot;a__name&quot; are treated as the same name (Bug #15634)</li>
@@ -2015,7 +2188,7 @@
 		<li>[Fix] Call garbage_collection() within database updater to correctly close connections (affects Oracle for example)</li>
 	</ul>
 
-	<a name="v30rc7"></a><h3>1.xv. Changes since 3.0.RC7</h3>
+	<a name="v30rc7"></a><h3>Changes since 3.0.RC7</h3>
 
 	<ul>
 		<li>[Fix] Fixed MSSQL related bug in the update system</li>
@@ -2050,7 +2223,7 @@
 		<li>[Fix] No duplication of active topics (Bug #15474)</li>
 	</ul>
 
-	<a name="v30rc6"></a><h3>1.xvi. Changes since 3.0.RC6</h3>
+	<a name="v30rc6"></a><h3>Changes since 3.0.RC6</h3>
 
 	<ul>
 		<li>[Fix] Submitting language changes using acp_language (Bug #14736)</li>
@@ -2060,7 +2233,7 @@
 		<li>[Fix] Able to request new password (Bug #14743)</li>
 	</ul>
 
-	<a name="v30rc5"></a><h3>1.xvii. Changes since 3.0.RC5</h3>
+	<a name="v30rc5"></a><h3>Changes since 3.0.RC5</h3>
 
 	<ul>
 		<li>[Feature] Removing constant PHPBB_EMBEDDED in favor of using an exit_handler(); the constant was meant to achive this more or less.</li>
@@ -2123,7 +2296,7 @@
 		<li>[Sec] New password hashing mechanism for storing passwords (#i42)</li>
 	</ul>
 
-	<a name="v30rc4"></a><h3>1.xviii. Changes since 3.0.RC4</h3>
+	<a name="v30rc4"></a><h3>Changes since 3.0.RC4</h3>
 
 	<ul>
 		<li>[Fix] MySQL, PostgreSQL and SQLite related database fixes (Bug #13862)</li>
@@ -2174,7 +2347,7 @@
 		<li>[Fix] odbc_autocommit causing existing result sets to be dropped (Bug #14182)</li>
 	</ul>
 
-	<a name="v30rc3"></a><h3>1.xix. Changes since 3.0.RC3</h3>
+	<a name="v30rc3"></a><h3>Changes since 3.0.RC3</h3>
 
 	<ul>
 		<li>[Fix] Fixing some subsilver2 and prosilver style issues</li>
@@ -2283,7 +2456,7 @@
 
 	</ul>
 
-	<a name="v30rc2"></a><h3>1.xx. Changes since 3.0.RC2</h3>
+	<a name="v30rc2"></a><h3>Changes since 3.0.RC2</h3>
 
 	<ul>
 		<li>[Fix] Re-allow searching within the memberlist</li>
@@ -2329,7 +2502,7 @@
 
 	</ul>
 
-	<a name="v30rc1"></a><h3>1.xxi. Changes since 3.0.RC1</h3>
+	<a name="v30rc1"></a><h3>Changes since 3.0.RC1</h3>
 
 	<ul>
 		<li>[Fix] (X)HTML issues within the templates (Bug #11255, #11255)</li>

phpBB/docs/INSTALL.html

@@ -276,7 +276,7 @@
 
 	<p>This package is meant for those wanting to only replace the files that were changed between a previous version and the latest version.</p>
 
-	<p>This package contains a number of archives, each contains the files changed from a given release to the latest version. You should select the appropriate archive for your current version, e.g. if you currently have <strong>3.0.11</strong> you should select the appropriate <code>phpBB-3.0.12-files.zip/tar.bz2</code> file.</p>
+	<p>This package contains a number of archives, each contains the files changed from a given release to the latest version. You should select the appropriate archive for your current version, e.g. if you currently have <strong>3.0.13</strong> you should select the appropriate <code>phpBB-3.0.14-files.zip/tar.bz2</code> file.</p>
 
 	<p>The directory structure has been preserved, enabling you (if you wish) to simply upload the uncompressed contents of the archive to the appropriate location on your server, i.e. simply overwrite the existing files with the new versions. Do not forget that if you have installed any modifications (MODs) these files will overwrite the originals, possibly destroying them in the process. You will need to re-add MODs to any affected file before uploading.</p>
 
@@ -288,7 +288,7 @@
 
 	<p>The patch file is one solution for those with many Modifications (MODs) or other changes and do not want to re-add them back to all the changed files. To use this you will need command line access to a standard UNIX type <strong>patch</strong> application. If you do not have access to such an application, but still want to use this update approach, we strongly recommend the <a href="#update_auto">Automatic update package</a> explained below. It is also the recommended update method.</p>
 
-	<p>A number of patch files are provided to allow you to update from previous stable releases. Select the correct patch, e.g. if your current version is <strong>3.0.11</strong>, you need the <code>phpBB-3.0.12-patch.zip/tar.bz2</code> file. Place the correct patch in the parent directory containing the phpBB core files (i.e. index.php, viewforum.php, etc.). With this done you should run the following command: <code>patch -cl -d [PHPBB DIRECTORY] -p1 &lt; [PATCH NAME]</code> (where PHPBB DIRECTORY is the directory name your phpBB Installation resides in, for example phpBB, and where PATCH NAME is the relevant filename of the selected patch file). This should complete quickly, hopefully without any HUNK FAILED comments.</p>
+	<p>A number of patch files are provided to allow you to update from previous stable releases. Select the correct patch, e.g. if your current version is <strong>3.0.13</strong>, you need the <code>phpBB-3.0.14-patch.zip/tar.bz2</code> file. Place the correct patch in the parent directory containing the phpBB core files (i.e. index.php, viewforum.php, etc.). With this done you should run the following command: <code>patch -cl -d [PHPBB DIRECTORY] -p1 &lt; [PATCH NAME]</code> (where PHPBB DIRECTORY is the directory name your phpBB Installation resides in, for example phpBB, and where PATCH NAME is the relevant filename of the selected patch file). This should complete quickly, hopefully without any HUNK FAILED comments.</p>
 
 	<p>If you do get failures, you should look at using the <a href="#update_files">Changed Files</a> package to replace the files which failed to patch. Please note that you will need to manually re-add any MODs to these particular files. Alternatively, if you know how, you can examine the .rej files to determine what failed where and make manual adjustments to the relevant source.</p>
 
@@ -298,7 +298,7 @@
 
 	<p>This update method is the recommended method for updating. This package detects changed files automatically and merges in changes if needed.</p>
 
-	<p>The automatic update package will update the board from a given version to the latest version. A number of automatic update files are available, and you should choose the one that corresponds to the version of the board that you are currently running. For example, if your current version is <strong>3.0.11</strong>, you need the <code>phpBB-3.0.11_to_3.0.12.zip/tar.bz2</code> file.</p>
+	<p>The automatic update package will update the board from a given version to the latest version. A number of automatic update files are available, and you should choose the one that corresponds to the version of the board that you are currently running. For example, if your current version is <strong>3.0.13</strong>, you need the <code>phpBB-3.0.13_to_3.0.14.zip/tar.bz2</code> file.</p>
 
 	<p>To perform the update, either follow the instructions from the <strong>Administration Control Panel-&gt;System</strong> Tab - this should point out that you are running an outdated version and will guide you through the update - or follow the instructions listed below.</p>
 

phpBB/download/file.php

@@ -509,16 +509,18 @@ function send_file_to_browser($attachment, $upload_dir, $category)
 		}
 	}
 
-	if ($size)
-	{
-		header("Content-Length: $size");
-	}
-
 	// Close the db connection before sending the file
 	$db->sql_close();
 
 	if (!set_modified_headers($attachment['filetime'], $user->browser))
 	{
+		// Send Content-Length only if set_modified_headers() does not send
+		// status 304 - Not Modified
+		if ($size)
+		{
+			header("Content-Length: $size");
+		}
+
 		// Try to deliver in chunks
 		@set_time_limit(0);
 

phpBB/feed.php

@@ -464,6 +464,9 @@ class phpbb_feed_base
 	*/
 	var $separator_stats = "\xE2\x80\x94"; // —
 
+	/** @var mixed Query result handle */
+	var $result;
+
 	/**
 	* Constructor
 	*/
@@ -617,10 +620,9 @@ class phpbb_feed_base
 
 	function get_item()
 	{
-		global $db, $cache;
-		static $result;
+		global $db;
 
-		if (!isset($result))
+		if (!isset($this->result))
 		{
 			if (!$this->get_sql())
 			{
@@ -629,10 +631,10 @@ class phpbb_feed_base
 
 			// Query database
 			$sql = $db->sql_build_query('SELECT', $this->sql);
-			$result = $db->sql_query_limit($sql, $this->num_items);
+			$this->result = $db->sql_query_limit($sql, $this->num_items);
 		}
 
-		return $db->sql_fetchrow($result);
+		return $db->sql_fetchrow($this->result);
 	}
 
 	function user_viewprofile($row)

phpBB/includes/acm/acm_memory.php

@@ -292,12 +292,24 @@ class acm_memory
 		// determine which tables this query belongs to
 		// Some queries use backticks, namely the get_database_size() query
 		// don't check for conformity, the SQL would error and not reach here.
-		if (!preg_match('/FROM \\(?(`?\\w+`?(?: \\w+)?(?:, ?`?\\w+`?(?: \\w+)?)*)\\)?/', $query, $regs))
+		if (!preg_match_all('/(?:FROM \\(?(`?\\w+`?(?: \\w+)?(?:, ?`?\\w+`?(?: \\w+)?)*)\\)?)|(?:JOIN (`?\\w+`?(?: \\w+)?))/', $query, $regs, PREG_SET_ORDER))
 		{
 			// Bail out if the match fails.
 			return;
 		}
-		$tables = array_map('trim', explode(',', $regs[1]));
+
+		$tables = array();
+		foreach ($regs as $match)
+		{
+			if ($match[0][0] == 'F')
+			{
+				$tables = array_merge($tables, array_map('trim', explode(',', $match[1])));
+			}
+			else
+			{
+				$tables[] = $match[2];
+			}
+		}
 
 		foreach ($tables as $table_name)
 		{

phpBB/includes/acp/acp_attachments.php

@@ -127,7 +127,7 @@ class acp_attachments
 						'img_create_thumbnail'		=> array('lang' => 'CREATE_THUMBNAIL',		'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
 						'img_max_thumb_width'		=> array('lang' => 'MAX_THUMB_WIDTH',		'validate' => 'int',	'type' => 'text:7:15', 'explain' => true, 'append' => ' ' . $user->lang['PIXEL']),
 						'img_min_thumb_filesize'	=> array('lang' => 'MIN_THUMB_FILESIZE',	'validate' => 'int',	'type' => 'text:7:15', 'explain' => true, 'append' => ' ' . $user->lang['BYTES']),
-						'img_imagick'				=> array('lang' => 'IMAGICK_PATH',			'validate' => 'string',	'type' => 'text:20:200', 'explain' => true, 'append' => '&nbsp;&nbsp;<span>[ <a href="' . $this->u_action . '&amp;action=imgmagick">' . $user->lang['SEARCH_IMAGICK'] . '</a> ]</span>'),
+						'img_imagick'				=> array('lang' => 'IMAGICK_PATH',			'validate' => 'absolute_path',	'type' => 'text:20:200', 'explain' => true, 'append' => '&nbsp;&nbsp;<span>[ <a href="' . $this->u_action . '&amp;action=imgmagick">' . $user->lang['SEARCH_IMAGICK'] . '</a> ]</span>'),
 						'img_max'					=> array('lang' => 'MAX_IMAGE_SIZE',		'validate' => 'int',	'type' => 'dimension:3:4', 'explain' => true, 'append' => ' ' . $user->lang['PIXEL']),
 						'img_link'					=> array('lang' => 'IMAGE_LINK_SIZE',		'validate' => 'int',	'type' => 'dimension:3:4', 'explain' => true, 'append' => ' ' . $user->lang['PIXEL']),
 					)

phpBB/includes/acp/acp_main.php

@@ -606,8 +606,8 @@ class acp_main
 				'S_MBSTRING_LOADED'						=> true,
 				'S_MBSTRING_FUNC_OVERLOAD_FAIL'			=> (intval(@ini_get('mbstring.func_overload')) & (MB_OVERLOAD_MAIL | MB_OVERLOAD_STRING)),
 				'S_MBSTRING_ENCODING_TRANSLATION_FAIL'	=> (@ini_get('mbstring.encoding_translation') != 0),
-				'S_MBSTRING_HTTP_INPUT_FAIL'			=> (@ini_get('mbstring.http_input') != 'pass'),
-				'S_MBSTRING_HTTP_OUTPUT_FAIL'			=> (@ini_get('mbstring.http_output') != 'pass'),
+				'S_MBSTRING_HTTP_INPUT_FAIL'			=> !in_array(@ini_get('mbstring.http_input'), array('pass', '')),
+				'S_MBSTRING_HTTP_OUTPUT_FAIL'			=> !in_array(@ini_get('mbstring.http_output'), array('pass', '')),
 			));
 		}
 

phpBB/includes/acp/acp_update.php

@@ -34,10 +34,7 @@ class acp_update
 		$this->page_title = 'ACP_VERSION_CHECK';
 
 		// Get current and latest version
-		$errstr = '';
-		$errno = 0;
-
-		$info = obtain_latest_version_info(request_var('versioncheck_force', false));
+		$info = htmlspecialchars(obtain_latest_version_info(request_var('versioncheck_force', false)));
 
 		if (empty($info))
 		{

phpBB/includes/auth/auth_ldap.php

@@ -282,7 +282,7 @@ function ldap_user_filter($username)
 {
 	global $config;
 
-	$filter = '(' . $config['ldap_uid'] . '=' . ldap_escape(htmlspecialchars_decode($username)) . ')';
+	$filter = '(' . $config['ldap_uid'] . '=' . phpbb_ldap_escape(htmlspecialchars_decode($username)) . ')';
 	if ($config['ldap_user_filter'])
 	{
 		$_filter = ($config['ldap_user_filter'][0] == '(' && substr($config['ldap_user_filter'], -1) == ')') ? $config['ldap_user_filter'] : "({$config['ldap_user_filter']})";
@@ -294,7 +294,7 @@ function ldap_user_filter($username)
 /**
 * Escapes an LDAP AttributeValue
 */
-function ldap_escape($string)
+function phpbb_ldap_escape($string)
 {
 	return str_replace(array('*', '\\', '(', ')'), array('\\*', '\\\\', '\\(', '\\)'), $string);
 }

phpBB/includes/bbcode.php

@@ -135,6 +135,11 @@ class bbcode
 			$this->template_bitfield = new bitfield($user->theme['bbcode_bitfield']);
 			$this->template_filename = $phpbb_root_path . 'styles/' . $user->theme['template_path'] . '/template/bbcode.html';
 
+			if (empty($user->theme['template_inherits_id']) && !empty($template->orig_tpl_inherits_id))
+			{
+				$user->theme['template_inherits_id'] = $template->orig_tpl_inherits_id;
+			}
+
 			if (!@file_exists($this->template_filename))
 			{
 				if (isset($user->theme['template_inherits_id']) && $user->theme['template_inherits_id'])

phpBB/includes/constants.php

@@ -25,7 +25,7 @@ if (!defined('IN_PHPBB'))
 */
 
 // phpBB Version
-define('PHPBB_VERSION', '3.0.13-dev');
+define('PHPBB_VERSION', '3.0.14-RC1');
 
 // QA-related
 // define('PHPBB_QA', 1);

phpBB/includes/functions.php

@@ -2492,7 +2492,7 @@ function redirect($url, $return = false, $disable_cd_check = false)
 		// Attention: only able to redirect within the same domain if $disable_cd_check is false (yourdomain.com -> www.yourdomain.com will not work)
 		if (!$disable_cd_check && $url_parts['host'] !== $user->host)
 		{
-			$url = generate_board_url();
+			trigger_error('Tried to redirect to potentially insecure url.', E_USER_ERROR);
 		}
 	}
 	else if ($url[0] == '/')
@@ -2579,6 +2579,12 @@ function redirect($url, $return = false, $disable_cd_check = false)
 		}
 	}
 
+	// Make sure we don't redirect to external URLs
+	if (!$disable_cd_check && strpos($url, generate_board_url(true) . '/') !== 0)
+	{
+		trigger_error('Tried to redirect to potentially insecure url.', E_USER_ERROR);
+	}
+
 	// Make sure no linebreaks are there... to prevent http response splitting for PHP < 4.4.2
 	if (strpos(urldecode($url), "\n") !== false || strpos(urldecode($url), "\r") !== false || strpos($url, ';') !== false)
 	{
@@ -2782,7 +2788,7 @@ function send_status_line($code, $message)
 	}
 	else
 	{
-		if (!empty($_SERVER['SERVER_PROTOCOL']))
+		if (!empty($_SERVER['SERVER_PROTOCOL']) && is_string($_SERVER['SERVER_PROTOCOL']) && preg_match('#^HTTP/[0-9]\.[0-9]$#', $_SERVER['SERVER_PROTOCOL']))
 		{
 			$version = $_SERVER['SERVER_PROTOCOL'];
 		}

phpBB/includes/functions_install.php

@@ -309,7 +309,7 @@ function connect_check_db($error_connect, &$error, $dbms_details, $table_prefix,
 	if (is_array($db->sql_connect($dbhost, $dbuser, $dbpasswd, $dbname, $dbport, false, true)))
 	{
 		$db_error = $db->sql_error();
-		$error[] = $lang['INST_ERR_DB_CONNECT'] . '<br />' . (($db_error['message']) ? $db_error['message'] : $lang['INST_ERR_DB_NO_ERROR']);
+		$error[] = $lang['INST_ERR_DB_CONNECT'] . '<br />' . (($db_error['message']) ? utf8_convert_message($db_error['message']) : $lang['INST_ERR_DB_NO_ERROR']);
 	}
 	else
 	{

phpBB/includes/functions_privmsgs.php

@@ -208,7 +208,7 @@ function get_folder($user_id, $folder_id = false)
 		);
 	}
 
-	if ($folder_id !== false && !isset($folder[$folder_id]))
+	if ($folder_id !== false && $folder_id !== PRIVMSGS_HOLD_BOX && !isset($folder[$folder_id]))
 	{
 		trigger_error('UNKNOWN_FOLDER');
 	}

phpBB/includes/functions_user.php

@@ -329,11 +329,16 @@ function user_add($user_row, $cp_data = false)
 }
 
 /**
-* Remove User
-*/
+ * Remove User
+ *
+ * @param string	$mode		'retain' or 'remove'
+ * @param int		$user_id
+ * @param mixed		$post_username
+ * @return bool
+ */
 function user_delete($mode, $user_id, $post_username = false)
 {
-	global $cache, $config, $db, $user, $auth;
+	global $cache, $config, $db, $user;
 	global $phpbb_root_path, $phpEx;
 
 	$sql = 'SELECT *
@@ -439,11 +444,6 @@ function user_delete($mode, $user_id, $post_username = false)
 					WHERE poster_id = $user_id";
 				$db->sql_query($sql);
 
-				$sql = 'UPDATE ' . POSTS_TABLE . '
-					SET post_edit_user = ' . ANONYMOUS . "
-					WHERE post_edit_user = $user_id";
-				$db->sql_query($sql);
-
 				$sql = 'UPDATE ' . TOPICS_TABLE . '
 					SET topic_poster = ' . ANONYMOUS . ", topic_first_poster_name = '" . $db->sql_escape($post_username) . "', topic_first_poster_colour = ''
 					WHERE topic_poster = $user_id";
@@ -501,6 +501,18 @@ function user_delete($mode, $user_id, $post_username = false)
 
 	$cache->destroy('sql', MODERATOR_CACHE_TABLE);
 
+	// Change user_id to anonymous for posts edited by this user
+	$sql = 'UPDATE ' . POSTS_TABLE . '
+		SET post_edit_user = ' . ANONYMOUS . '
+		WHERE post_edit_user = ' . $user_id;
+	$db->sql_query($sql);
+
+	// Change user_id to anonymous for pms edited by this user
+	$sql = 'UPDATE ' . PRIVMSGS_TABLE . '
+		SET message_edit_user = ' . ANONYMOUS . '
+		WHERE message_edit_user = ' . $user_id;
+	$db->sql_query($sql);
+
 	// Delete user log entries about this user
 	$sql = 'DELETE FROM ' . LOG_TABLE . '
 		WHERE reportee_id = ' . $user_id;

phpBB/includes/search/fulltext_native.php

@@ -204,7 +204,7 @@ class fulltext_native extends search_backend
 		$this->search_query = $keywords;
 
 		$exact_words = array();
-		preg_match_all('#([^\\s+\\-|*()]+)(?:$|[\\s+\\-|()])#u', $keywords, $exact_words);
+		preg_match_all('#([^\\s+\\-|()]+)(?:$|[\\s+\\-|()])#u', $keywords, $exact_words);
 		$exact_words = $exact_words[1];
 
 		$common_ids = $words = array();

phpBB/includes/session.php

@@ -121,6 +121,8 @@ class session
 		$script_path .= (substr($script_path, -1, 1) == '/') ? '' : '/';
 		$root_script_path .= (substr($root_script_path, -1, 1) == '/') ? '' : '/';
 
+		$forum_id = (isset($_REQUEST['f']) && $_REQUEST['f'] > 0 && $_REQUEST['f'] < 16777215) ? (int) $_REQUEST['f'] : 0;
+
 		$page_array += array(
 			'page_name'			=> $page_name,
 			'page_dir'			=> $page_dir,
@@ -130,7 +132,7 @@ class session
 			'root_script_path'	=> str_replace(' ', '%20', htmlspecialchars($root_script_path)),
 
 			'page'				=> $page,
-			'forum'				=> (isset($_REQUEST['f']) && $_REQUEST['f'] > 0) ? (int) $_REQUEST['f'] : 0,
+			'forum'				=> $forum_id,
 		);
 
 		return $page_array;
@@ -556,7 +558,12 @@ class session
 		$method = 'autologin_' . $method;
 		if (function_exists($method))
 		{
-			$this->data = $method();
+			$user_data = $method();
+
+			if ($user_id === false || (isset($user_data['user_id']) && $user_id == $user_data['user_id']))
+			{
+				$this->data = $user_data;
+			}
 
 			if (sizeof($this->data))
 			{
@@ -576,11 +583,18 @@ class session
 					AND k.user_id = u.user_id
 					AND k.key_id = '" . $db->sql_escape(md5($this->cookie_data['k'])) . "'";
 			$result = $db->sql_query($sql);
-			$this->data = $db->sql_fetchrow($result);
+			$user_data = $db->sql_fetchrow($result);
+
+			if ($user_id === false || (isset($user_data['user_id']) && $user_id == $user_data['user_id']))
+			{
+				$this->data = $user_data;
+				$bot = false;
+			}
+
 			$db->sql_freeresult($result);
-			$bot = false;
 		}
-		else if ($user_id !== false && !sizeof($this->data))
+
+		if ($user_id !== false && !sizeof($this->data))
 		{
 			$this->cookie_data['k'] = '';
 			$this->cookie_data['u'] = $user_id;
@@ -1037,7 +1051,7 @@ class session
 
 		$name_data = rawurlencode($config['cookie_name'] . '_' . $name) . '=' . rawurlencode($cookiedata);
 		$expire = gmdate('D, d-M-Y H:i:s \\G\\M\\T', $cookietime);
-		$domain = (!$config['cookie_domain'] || $config['cookie_domain'] == 'localhost' || $config['cookie_domain'] == '127.0.0.1') ? '' : '; domain=' . $config['cookie_domain'];
+		$domain = (!$config['cookie_domain'] || $config['cookie_domain'] == '127.0.0.1' || strpos($config['cookie_domain'], '.') === false) ? '' : '; domain=' . $config['cookie_domain'];
 
 		header('Set-Cookie: ' . $name_data . (($cookietime) ? '; expires=' . $expire : '') . '; path=' . $config['cookie_path'] . $domain . ((!$config['cookie_secure']) ? '' : '; secure') . '; HttpOnly', false);
 	}

phpBB/includes/startup.php

@@ -80,31 +80,13 @@ function deregister_globals()
 	{
 		if (isset($not_unset[$varname]))
 		{
-			// Hacking attempt. No point in continuing unless it's a COOKIE (so a cookie called GLOBALS doesn't lock users out completely)
-			if ($varname !== 'GLOBALS' || isset($_GET['GLOBALS']) || isset($_POST['GLOBALS']) || isset($_SERVER['GLOBALS']) || isset($_SESSION['GLOBALS']) || isset($_ENV['GLOBALS']) || isset($_FILES['GLOBALS']))
+			// Hacking attempt. No point in continuing.
+			if (isset($_COOKIE[$varname]))
 			{
-				exit;
-			}
-			else
-			{
-				$cookie = &$_COOKIE;
-				while (isset($cookie['GLOBALS']))
-				{
-					if (!is_array($cookie['GLOBALS']))
-					{
-						break;
-					}
-
-					foreach ($cookie['GLOBALS'] as $registered_var => $value)
-					{
-						if (!isset($not_unset[$registered_var]))
-						{
-							unset($GLOBALS[$registered_var]);
-						}
-					}
-					$cookie = &$cookie['GLOBALS'];
-				}
+				echo "Clear your cookies. ";
 			}
+			echo "Malicious variable name detected. Contact the administrator and ask them to disable register_globals.";
+			exit;
 		}
 
 		unset($GLOBALS[$varname]);
@@ -113,6 +95,54 @@ function deregister_globals()
 	unset($input);
 }
 
+/**
+ * Check if requested page uses a trailing path
+ *
+ * @param string $phpEx PHP extension
+ *
+ * @return bool True if trailing path is used, false if not
+ */
+function phpbb_has_trailing_path($phpEx)
+{
+	// Check if path_info is being used
+	if (!empty($_SERVER['PATH_INFO']) || (!empty($_SERVER['ORIG_PATH_INFO']) && $_SERVER['SCRIPT_NAME'] != $_SERVER['ORIG_PATH_INFO']))
+	{
+		return true;
+	}
+
+	// Match any trailing path appended to a php script in the REQUEST_URI.
+	// It is assumed that only actual PHP scripts use names like foo.php. Due
+	// to this, any phpBB board inside a directory that has the php extension
+	// appended to its name will stop working, i.e. if the board is at
+	// example.com/phpBB/test.php/ or example.com/test.php/
+	if (preg_match('#^[^?]+\.' . preg_quote($phpEx, '#') . '/#', $_SERVER['REQUEST_URI']))
+	{
+		return true;
+	}
+
+	return false;
+}
+
+// Check if trailing path is used
+if (phpbb_has_trailing_path($phpEx))
+{
+	if (substr(strtolower(@php_sapi_name()), 0, 3) === 'cgi')
+	{
+		$prefix = 'Status:';
+	}
+	else if (!empty($_SERVER['SERVER_PROTOCOL']) && is_string($_SERVER['SERVER_PROTOCOL']) && preg_match('#^HTTP/[0-9]\.[0-9]$#', $_SERVER['SERVER_PROTOCOL']))
+	{
+		$prefix = $_SERVER['SERVER_PROTOCOL'];
+	}
+	else
+	{
+		$prefix = 'HTTP/1.0';
+	}
+	header("$prefix 404 Not Found", true, 404);
+	echo 'Trailing paths and PATH_INFO is not supported by phpBB 3.0';
+	exit;
+}
+
 // Register globals and magic quotes have been dropped in PHP 5.4
 if (version_compare(PHP_VERSION, '5.4.0-dev', '>='))
 {

phpBB/includes/ucp/ucp_pm_options.php

@@ -29,7 +29,11 @@ function message_options($id, $mode, $global_privmsgs_rules, $global_rule_condit
 	// Change "full folder" setting - what to do if folder is full
 	if (isset($_POST['fullfolder']))
 	{
-		check_form_key('ucp_pm_options', $config['form_token_lifetime'], $redirect_url);
+		if (!check_form_key('ucp_pm_options'))
+		{
+			trigger_error('FORM_INVALID');
+		}
+
 		$full_action = request_var('full_action', 0);
 
 		$set_folder_id = 0;

phpBB/install/convertors/convert_phpbb20.php

@@ -32,7 +32,7 @@ unset($dbpasswd);
 $convertor_data = array(
 	'forum_name'	=> 'phpBB 2.0.x',
 	'version'		=> '1.0.3',
-	'phpbb_version'	=> '3.0.12',
+	'phpbb_version'	=> '3.0.14',
 	'author'		=> '<a href="https://www.phpbb.com/">phpBB Group</a>',
 	'dbms'			=> $dbms,
 	'dbhost'		=> $dbhost,

phpBB/install/database_update.php

@@ -8,7 +8,7 @@
 *
 */
 
-define('UPDATES_TO_VERSION', '3.0.13-dev');
+define('UPDATES_TO_VERSION', '3.0.14-RC1');
 
 // Enter any version to update from to test updates. The version within the db will not be updated.
 define('DEBUG_FROM_VERSION', false);
@@ -949,7 +949,7 @@ function database_update_info()
 						// this column was removed from the database updater
 						// after 3.0.9-RC3 was released. It might still exist
 						// in 3.0.9-RCX installations and has to be dropped in
-						// 3.0.13 after the db_tools class is capable of properly
+						// 3.0.15 after the db_tools class is capable of properly
 						// removing a primary key.
 						// 'attempt_id'			=> array('UINT', NULL, 'auto_increment'),
 						'attempt_ip'			=> array('VCHAR:40', ''),
@@ -1011,8 +1011,16 @@ function database_update_info()
 		'3.0.12-RC2'	=> array(),
 		// No changes from 3.0.12-RC3 to 3.0.12
 		'3.0.12-RC3'	=> array(),
+		// No changes from 3.0.12 to 3.0.13-RC1
+		'3.0.12'		=> array(),
+		// No changes from 3.0.13-RC1 to 3.0.13
+		'3.0.13-RC1'	=> array(),
+		// No changes from 3.0.13 to 3.0.13-PL1
+		'3.0.13'		=> array(),
+		// No changes from 3.0.13-PL1 to 3.0.14-RC1
+		'3.0.13-PL1'	=> array(),
 
-		/** @todo DROP LOGIN_ATTEMPT_TABLE.attempt_id in 3.0.13-RC1 */
+		/** @todo DROP LOGIN_ATTEMPT_TABLE.attempt_id in 3.0.15-RC1 */
 	);
 }
 
@@ -2254,6 +2262,22 @@ function change_database_data(&$no_updates, $version)
 		// No changes from 3.0.12-RC3 to 3.0.12
 		case '3.0.12-RC3':
 		break;
+
+		// No changes from 3.0.12 to 3.0.13-RC1
+		case '3.0.12':
+		break;
+
+		// No changes from 3.0.13-RC1 to 3.0.13
+		case '3.0.13-RC1':
+		break;
+
+		// No changes from 3.0.13 to 3.0.13-PL1
+		case '3.0.13':
+		break;
+
+		// No changes from 3.0.13-PL1 to 3.0.14-RC1
+		case '3.0.13-PL1':
+		break;
 	}
 }
 

phpBB/install/schemas/schema_data.sql

@@ -246,7 +246,7 @@ INSERT INTO phpbb_config (config_name, config_value) VALUES ('topics_per_page',
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('tpl_allow_php', '0');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('upload_icons_path', 'images/upload_icons');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('upload_path', 'files');
-INSERT INTO phpbb_config (config_name, config_value) VALUES ('version', '3.0.13-dev');
+INSERT INTO phpbb_config (config_name, config_value) VALUES ('version', '3.0.14-RC1');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('warnings_expire_days', '90');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('warnings_gc', '14400');
 

phpBB/language/en/acp/email.php

@@ -37,7 +37,7 @@ if (empty($lang) || !is_array($lang))
 
 // Email settings
 $lang = array_merge($lang, array(
-	'ACP_MASS_EMAIL_EXPLAIN'		=> 'Here you can e-mail a message to either all of your users or all users of a specific group <strong>having the option to receive mass e-mails enabled</strong>. To achieve this an e-mail will be sent out to the administrative e-mail address supplied, with a blind carbon copy sent to all recipients. The default setting is to only include 50 recipients in such an e-mail, for more recipients more e-mails will be sent. If you are emailing a large group of people please be patient after submitting and do not stop the page halfway through. It is normal for a mass emailing to take a long time, you will be notified when the script has completed.',
+	'ACP_MASS_EMAIL_EXPLAIN'		=> 'Here you can e-mail a message to either all of your users or all users of a specific group <strong>having the option to receive mass e-mails enabled</strong>. To achieve this an e-mail will be sent out to the administrative e-mail address supplied, with a blind carbon copy sent to all recipients. The default setting is to only include 20 recipients in such an e-mail, for more recipients more e-mails will be sent. If you are emailing a large group of people please be patient after submitting and do not stop the page halfway through. It is normal for a mass emailing to take a long time, you will be notified when the script has completed.',
 	'ALL_USERS'						=> 'All users',
 
 	'COMPOSE'				=> 'Compose',

phpBB/posting.php

@@ -1222,9 +1222,13 @@ if (!sizeof($error) && $preview)
 			'L_MAX_VOTES'		=> ($post_data['poll_max_options'] == 1) ? $user->lang['MAX_OPTION_SELECT'] : sprintf($user->lang['MAX_OPTIONS_SELECT'], $post_data['poll_max_options']))
 		);
 
-		$parse_poll->message = implode("\n", $post_data['poll_options']);
-		$parse_poll->format_display($post_data['enable_bbcode'], $post_data['enable_urls'], $post_data['enable_smilies']);
-		$preview_poll_options = explode('<br />', $parse_poll->message);
+		$preview_poll_options = array();
+		foreach ($post_data['poll_options'] as $poll_option)
+		{
+			$parse_poll->message = $poll_option;
+			$parse_poll->format_display($post_data['enable_bbcode'], $post_data['enable_urls'], $post_data['enable_smilies']);
+			$preview_poll_options[] = $parse_poll->message;
+		}
 		unset($parse_poll);
 
 		foreach ($preview_poll_options as $key => $option)

phpBB/styles/prosilver/imageset/imageset.cfg

@@ -19,7 +19,7 @@
 # General Information about this style
 name = prosilver
 copyright = © phpBB Group, 2007
-version = 3.0.12
+version = 3.0.14
 
 # Images
 img_site_logo = site_logo.gif*52*139

phpBB/styles/prosilver/style.cfg

@@ -19,4 +19,4 @@
 # General Information about this style
 name = prosilver
 copyright = © phpBB Group, 2007
-version = 3.0.12
+version = 3.0.14

phpBB/styles/prosilver/template/forumlist_body.html

@@ -47,6 +47,8 @@
 						<!-- IF forumrow.LAST_POST_TIME --><dfn>{L_LAST_POST}</dfn> {L_POST_BY_AUTHOR} {forumrow.LAST_POSTER_FULL}
 						<!-- IF not S_IS_BOT --><a href="{forumrow.U_LAST_POST}">{LAST_POST_IMG}</a> <!-- ENDIF --><br />{forumrow.LAST_POST_TIME}<!-- ELSE -->{L_NO_POSTS}<br />&nbsp;<!-- ENDIF --></span>
 					</dd>
+				<!-- ELSE -->
+					<dd>&nbsp;</dd>
 				<!-- ENDIF -->
 			</dl>
 		</li>

phpBB/styles/prosilver/template/template.cfg

@@ -19,7 +19,7 @@
 # General Information about this template
 name = prosilver
 copyright = © phpBB Group, 2007
-version = 3.0.12
+version = 3.0.14
 
 # Defining a different template bitfield
 template_bitfield = lNg=

phpBB/styles/prosilver/theme/theme.cfg

@@ -21,7 +21,7 @@
 # General Information about this theme
 name = prosilver
 copyright = © phpBB Group, 2007
-version = 3.0.12
+version = 3.0.14
 
 # Some configuration options
 

phpBB/styles/subsilver2/imageset/imageset.cfg

@@ -19,7 +19,7 @@
 # General Information about this style
 name = subsilver2
 copyright = © phpBB Group, 2003
-version = 3.0.12
+version = 3.0.14
 
 # Images
 img_site_logo = site_logo.gif*94*170

phpBB/styles/subsilver2/style.cfg

@@ -19,4 +19,4 @@
 # General Information about this style
 name = subsilver2
 copyright = © 2005 phpBB Group
-version = 3.0.12
+version = 3.0.14

phpBB/styles/subsilver2/template/template.cfg

@@ -19,7 +19,7 @@
 # General Information about this template
 name = subsilver2
 copyright = © phpBB Group, 2003
-version = 3.0.12
+version = 3.0.14
 
 # Template inheritance
 # See http://blog.phpbb.com/2008/07/31/templating-just-got-easier/

phpBB/styles/subsilver2/theme/theme.cfg

@@ -21,7 +21,7 @@
 # General Information about this theme
 name = subsilver2
 copyright = © phpBB Group, 2003
-version = 3.0.12
+version = 3.0.14
 
 # Some configuration options
 

phpunit.xml.dist

@@ -32,8 +32,8 @@
     </groups>
 
     <filter>
-        <blacklist>
-            <directory>./tests</directory>
-        </blacklist>
+        <whitelist>
+            <directory suffix=".php">./phpBB/includes/</directory>
+        </whitelist>
     </filter>
 </phpunit>

tests/cache/cache_memory.php

@@ -0,0 +1,62 @@
+<?php
+/**
+*
+* @package testing
+* @copyright (c) 2014 phpBB Group
+* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2
+*
+*/
+
+require_once dirname(__FILE__) . '/../../phpBB/includes/acm/acm_memory.php';
+
+class phpbb_cache_memory extends acm_memory
+{
+	protected $data = array();
+
+	/**
+	* Set cache path
+	*/
+	function phpbb_cache_memory()
+	{
+	}
+
+	/**
+	* Fetch an item from the cache
+	*
+	* @access protected
+	* @param string $var Cache key
+	* @return mixed Cached data
+	*/
+	function _read($var)
+	{
+		return $this->data[$var];
+	}
+
+	/**
+	* Store data in the cache
+	*
+	* @access protected
+	* @param string $var Cache key
+	* @param mixed $data Data to store
+	* @param int $ttl Time-to-live of cached data
+	* @return bool True if the operation succeeded
+	*/
+	function _write($var, $data, $ttl = 2592000)
+	{
+		$this->data[$var] = $data;
+		return true;
+	}
+
+	/**
+	* Remove an item from the cache
+	*
+	* @access protected
+	* @param string $var Cache key
+	* @return bool True if the operation succeeded
+	*/
+	function _delete($var)
+	{
+		unset($this->data[$var]);
+		return true;
+	}
+}

tests/cache/cache_memory_test.php

@@ -0,0 +1,125 @@
+<?php
+/**
+*
+* @package testing
+* @copyright (c) 2014 phpBB Group
+* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2
+*
+*/
+
+require_once dirname(__FILE__) . '/cache_memory.php';
+
+class phpbb_cache_memory_test extends phpbb_database_test_case
+{
+	protected $cache;
+
+	public function getDataSet()
+	{
+		return $this->createXMLDataSet(dirname(__FILE__).'/fixtures/cache_memory.xml');
+	}
+
+	protected function setUp()
+	{
+		global $db;
+		parent::setUp();
+
+		$this->cache = new phpbb_cache_memory();
+		$db = $this->new_dbal();
+	}
+
+	static public function cache_single_query_data()
+	{
+		return array(
+			array(
+				array(
+					array(
+						'SELECT * FROM ' . POSTS_TABLE,
+						3,
+					),
+				),
+				POSTS_TABLE,
+			),
+			array(
+				array(
+					array(
+						'SELECT * FROM ' . POSTS_TABLE,
+						3,
+					),
+					array(
+						'SELECT * FROM ' . POSTS_TABLE . ' p
+							LEFT JOIN ' . TOPICS_TABLE . ' t ON p.topic_id = t.topic_id',
+						3,
+					),
+				),
+				POSTS_TABLE,
+			),
+			array(
+				array(
+					array(
+						'SELECT * FROM ' . POSTS_TABLE,
+						3,
+					),
+					array(
+						'SELECT * FROM ' . POSTS_TABLE . ' p
+							LEFT JOIN ' . TOPICS_TABLE . ' t ON p.topic_id = t.topic_id',
+						3,
+					),
+					array(
+						'SELECT * FROM ' . POSTS_TABLE . ' p
+							LEFT JOIN ' . TOPICS_TABLE . ' t ON p.topic_id = t.topic_id
+							LEFT JOIN ' . USERS_TABLE . ' u ON p.poster_id = u.user_id',
+						3,
+					),
+				),
+				POSTS_TABLE,
+			),
+			array(
+				array(
+					array(
+						'SELECT * FROM ' . POSTS_TABLE . ' p
+							LEFT JOIN ' . TOPICS_TABLE . ' t ON p.topic_id = t.topic_id',
+						3,
+					),
+					array(
+						'SELECT * FROM ' . POSTS_TABLE . ' p
+							LEFT JOIN ' . TOPICS_TABLE . ' t ON p.topic_id = t.topic_id
+							LEFT JOIN ' . USERS_TABLE . ' u ON p.poster_id = u.user_id',
+						3,
+					),
+				),
+				TOPICS_TABLE,
+			),
+		);
+	}
+
+	/**
+	* @dataProvider cache_single_query_data
+	*/
+	public function test_cache_single_query($sql_queries, $table)
+	{
+		global $db;
+
+		foreach ($sql_queries as $query)
+		{
+			$sql_request_res = $db->sql_query($query[0]);
+
+			$this->cache->sql_save($query[0], $sql_request_res, 1);
+
+			$results = array();
+			$query_id = $this->cache->sql_load($query[0]);
+			while ($row = $this->cache->sql_fetchrow($query_id))
+			{
+				$results[] = $row;
+			}
+			$this->cache->sql_freeresult($query_id);
+			$this->assertEquals($query[1], sizeof($results));
+		}
+
+		$this->cache->destroy('sql', $table);
+
+		foreach ($sql_queries as $query)
+		{
+			$this->assertNotEquals(false, $this->cache->sql_load($query[0]));
+		}
+	}
+}

tests/cache/fixtures/cache_memory.xml

@@ -0,0 +1,85 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<dataset>
+	<table name="phpbb_topics">
+		<column>topic_id</column>
+		<column>forum_id</column>
+		<column>topic_title</column>
+		<column>topic_first_post_id</column>
+		<column>topic_last_post_id</column>
+		<row>
+			<value>1</value>
+			<value>1</value>
+			<value>Topic</value>
+			<value>2</value>
+			<value>2</value>
+		</row>
+	</table>
+	<table name="phpbb_posts">
+		<column>post_id</column>
+		<column>poster_id</column>
+		<column>topic_id</column>
+		<column>forum_id</column>
+		<column>post_text</column>
+		<row>
+			<value>1</value>
+			<value>1</value>
+			<value>1</value>
+			<value>1</value>
+			<value>Post 1</value>
+		</row>
+		<row>
+			<value>2</value>
+			<value>2</value>
+			<value>1</value>
+			<value>1</value>
+			<value>Post 2</value>
+		</row>
+		<row>
+			<value>3</value>
+			<value>3</value>
+			<value>1</value>
+			<value>1</value>
+			<value>Post 3</value>
+		</row>
+	</table>
+	<table name="phpbb_users">
+		<column>user_id</column>
+		<column>user_posts</column>
+		<column>username</column>
+		<column>username_clean</column>
+		<column>user_permissions</column>
+		<column>user_sig</column>
+		<column>user_occ</column>
+		<column>user_interests</column>
+		<row>
+			<value>1</value>
+			<value>1</value>
+			<value>user 1</value>
+			<value>user 1</value>
+			<value></value>
+			<value></value>
+			<value></value>
+			<value></value>
+		</row>
+		<row>
+			<value>2</value>
+			<value>1</value>
+			<value>user 2</value>
+			<value>user 2</value>
+			<value></value>
+			<value></value>
+			<value></value>
+			<value></value>
+		</row>
+		<row>
+			<value>3</value>
+			<value>1</value>
+			<value>user 3</value>
+			<value>user 3</value>
+			<value></value>
+			<value></value>
+			<value></value>
+			<value></value>
+		</row>
+	</table>
+</dataset>

tests/functional/acp_attachments_test.php

@@ -0,0 +1,78 @@
+<?php
+/**
+ *
+ * This file is part of the phpBB Forum Software package.
+ *
+ * @copyright (c) phpBB Limited <https://www.phpbb.com>
+ * @license GNU General Public License, version 2 (GPL-2.0)
+ *
+ * For full copyright and license information, please see
+ * the docs/CREDITS.txt file.
+ *
+ */
+
+/**
+ * @group functional
+ */
+class phpbb_functional_acp_attachments_test extends phpbb_functional_test_case
+{
+	public function data_imagick_path_linux()
+	{
+		return array(
+			array('/usr/bin', 'Configuration updated successfully'),
+			array('/usr/foobar', 'The entered path “/usr/foobar” does not exist.'),
+			array('/usr/bin/which', 'The entered path “/usr/bin/which” is not a directory.'),
+		);
+	}
+
+	/**
+	 * @dataProvider data_imagick_path_linux
+	 */
+	public function test_imagick_path_linux($imagick_path, $expected)
+	{
+		if (strtolower(substr(PHP_OS, 0, 5)) !== 'linux')
+		{
+			$this->markTestSkipped('Unable to test linux specific paths on other OS.');
+		}
+
+		$this->login();
+		$this->admin_login();
+
+		$crawler = self::request('GET', 'adm/index.php?i=attachments&mode=attach&sid=' . $this->sid);
+
+		$form = $crawler->selectButton('Submit')->form(array('config[img_imagick]'	=> $imagick_path));
+
+		$crawler = self::submit($form);
+		$this->assertContains($expected, $crawler->filter('#main')->text());
+	}
+
+	public function data_imagick_path_windows()
+	{
+		return array(
+			array('C:\Windows', 'Configuration updated successfully'),
+			array('C:\Windows\foobar1', 'The entered path “C:\Windows\foobar1” does not exist.'),
+			array('C:\Windows\explorer.exe', 'The entered path “C:\Windows\explorer.exe” is not a directory.'),
+		);
+	}
+
+	/**
+	 * @dataProvider data_imagick_path_windows
+	 */
+	public function test_imagick_path_windows($imagick_path, $expected)
+	{
+		if (strtolower(substr(PHP_OS, 0, 3)) !== 'win')
+		{
+			$this->markTestSkipped('Unable to test windows specific paths on other OS.');
+		}
+
+		$this->login();
+		$this->admin_login();
+
+		$crawler = self::request('GET', 'adm/index.php?i=attachments&mode=attach&sid=' . $this->sid);
+
+		$form = $crawler->selectButton('Submit')->form(array('config[img_imagick]'	=> $imagick_path));
+
+		$crawler = self::submit($form);
+		$this->assertContains($expected, $crawler->filter('#main')->text());
+	}
+}

tests/functional/private_messages_test.php

@@ -0,0 +1,65 @@
+<?php
+/**
+*
+* @package testing
+* @copyright (c) 2014 phpBB Group
+* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2
+*
+*/
+
+/**
+* @group functional
+*/
+class phpbb_functional_private_messages_test extends phpbb_functional_test_case
+{
+	public function test_setup_config()
+	{
+		$this->login();
+		$this->admin_login();
+
+		$crawler = self::request('GET', "adm/index.php?sid={$this->sid}&i=board&mode=message");
+
+		$form = $crawler->selectButton('Submit')->form();
+		$values = $form->getValues();
+
+		// Set the maximum number of private messages per folder to 1
+		$values['config[pm_max_msgs]'] = 1;
+
+		$form->setValues($values);
+
+		$crawler = self::submit($form);
+		$this->assertContains($this->lang('CONFIG_UPDATED'), $crawler->filter('.successbox')->text());
+	}
+
+	public function test_inbox_full()
+	{
+		$this->login();
+		$message_id = $this->create_private_message('Test private message #1', 'This is a test private message sent by the testing framework.', array(2));
+
+		$crawler = self::request('GET', "ucp.php?i=pm&mode=view&sid{$this->sid}&p={$message_id}");
+		$this->assertContains($this->lang('UCP_PM_VIEW'), $crawler->filter('html')->text());
+
+		$message_id = $this->create_private_message('Test private message #2', 'This is a test private message sent by the testing framework.', array(2));
+
+		$crawler = self::request('GET', "ucp.php?i=pm&mode=view&sid{$this->sid}&p={$message_id}");
+		$this->assertContains($this->lang('NO_AUTH_READ_HOLD_MESSAGE'), $crawler->filter('html')->text());
+	}
+
+	public function test_restore_config()
+	{
+		$this->login();
+		$this->admin_login();
+
+		$crawler = self::request('GET', "adm/index.php?sid={$this->sid}&i=board&mode=message");
+
+		$form = $crawler->selectButton('Submit')->form();
+		$values = $form->getValues();
+
+		$values['config[pm_max_msgs]'] = 50;
+
+		$form->setValues($values);
+
+		$crawler = self::submit($form);
+		$this->assertContains($this->lang('CONFIG_UPDATED'), $crawler->filter('.successbox')->text());
+	}
+}

tests/functions_user/delete_user_test.php

@@ -0,0 +1,436 @@
+<?php
+/**
+*
+* @package testing
+* @copyright (c) 2014 phpBB Group
+* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2
+*
+*/
+
+require_once dirname(__FILE__) . '/../../phpBB/includes/functions.php';
+require_once dirname(__FILE__) . '/../../phpBB/includes/functions_user.php';
+require_once dirname(__FILE__) . '/../../phpBB/includes/utf/utf_tools.php';
+require_once dirname(__FILE__) . '/../mock/null_cache.php';
+
+class phpbb_functions_user_delete_user_test extends phpbb_database_test_case
+{
+	/** @var \dbal */
+	protected $db;
+
+	public function getDataSet()
+	{
+		return $this->createXMLDataSet(dirname(__FILE__).'/fixtures/delete_user.xml');
+	}
+
+	protected function setUp()
+	{
+		parent::setUp();
+
+		global $cache, $config, $db;
+
+		$db = $this->db = $this->new_dbal();
+		$config = array(
+			'load_online_time'	=> 5,
+			'search_type'		=> 'fulltext_mysql',
+		);
+		$cache = new phpbb_mock_null_cache();
+	}
+
+	 public function first_last_post_data()
+	{
+		return array(
+			array(
+				'retain', false,
+				array(
+					array('post_id' => 1, 'poster_id' => ANONYMOUS, 'post_username' => ''),
+					array('post_id' => 2, 'poster_id' => ANONYMOUS, 'post_username' => 'Other'),
+					array('post_id' => 3, 'poster_id' => ANONYMOUS, 'post_username' => ''),
+					array('post_id' => 4, 'poster_id' => ANONYMOUS, 'post_username' => 'Other'),
+				),
+				array(
+					array(
+						'topic_id' => 1,
+						'topic_poster' => ANONYMOUS, 'topic_first_poster_name' => '', 'topic_first_poster_colour' => '',
+						'topic_last_poster_id' => ANONYMOUS, 'topic_last_poster_name' => '', 'topic_last_poster_colour' => '',
+					),
+					array(
+						'topic_id' => 2,
+						'topic_poster' => ANONYMOUS, 'topic_first_poster_name' => 'Other', 'topic_first_poster_colour' => '',
+						'topic_last_poster_id' => ANONYMOUS, 'topic_last_poster_name' => 'Other', 'topic_last_poster_colour' => '',
+					),
+					array(
+						'topic_id' => 3,
+						'topic_poster' => ANONYMOUS, 'topic_first_poster_name' => '', 'topic_first_poster_colour' => '',
+						'topic_last_poster_id' => ANONYMOUS, 'topic_last_poster_name' => '', 'topic_last_poster_colour' => '',
+					),
+					array(
+						'topic_id' => 4,
+						'topic_poster' => ANONYMOUS, 'topic_first_poster_name' => 'Other', 'topic_first_poster_colour' => '',
+						'topic_last_poster_id' => ANONYMOUS, 'topic_last_poster_name' => 'Other', 'topic_last_poster_colour' => '',
+					),
+				),
+				array(
+					array('forum_id' => 1, 'forum_last_poster_id' => ANONYMOUS, 'forum_last_poster_name' => '', 'forum_last_poster_colour' => ''),
+					array('forum_id' => 2, 'forum_last_poster_id' => ANONYMOUS, 'forum_last_poster_name' => 'Other', 'forum_last_poster_colour' => ''),
+					array('forum_id' => 3, 'forum_last_poster_id' => ANONYMOUS, 'forum_last_poster_name' => '', 'forum_last_poster_colour' => ''),
+					array('forum_id' => 4, 'forum_last_poster_id' => ANONYMOUS, 'forum_last_poster_name' => 'Other', 'forum_last_poster_colour' => ''),
+				),
+			),
+			array(
+				'remove', false,
+				array(
+					array('post_id' => 2, 'poster_id' => ANONYMOUS, 'post_username' => 'Other'),
+					array('post_id' => 4, 'poster_id' => ANONYMOUS, 'post_username' => 'Other'),
+				),
+				array(
+					array(
+						'topic_id' => 2,
+						'topic_poster' => ANONYMOUS, 'topic_first_poster_name' => 'Other', 'topic_first_poster_colour' => '',
+						'topic_last_poster_id' => ANONYMOUS, 'topic_last_poster_name' => 'Other', 'topic_last_poster_colour' => '',
+					),
+					array(
+						'topic_id' => 4,
+						'topic_poster' => ANONYMOUS, 'topic_first_poster_name' => 'Other', 'topic_first_poster_colour' => '',
+						'topic_last_poster_id' => ANONYMOUS, 'topic_last_poster_name' => 'Other', 'topic_last_poster_colour' => '',
+					),
+				),
+				array(
+					array('forum_id' => 1, 'forum_last_poster_id' => 0, 'forum_last_poster_name' => '', 'forum_last_poster_colour' => ''),
+					array('forum_id' => 2, 'forum_last_poster_id' => ANONYMOUS, 'forum_last_poster_name' => 'Other', 'forum_last_poster_colour' => ''),
+					array('forum_id' => 3, 'forum_last_poster_id' => 0, 'forum_last_poster_name' => '', 'forum_last_poster_colour' => ''),
+					array('forum_id' => 4, 'forum_last_poster_id' => ANONYMOUS, 'forum_last_poster_name' => 'Other', 'forum_last_poster_colour' => ''),
+				),
+			),
+			array(
+				'retain', 'Bertie',
+				array(
+					array('post_id' => 1, 'poster_id' => ANONYMOUS, 'post_username' => 'Bertie'),
+					array('post_id' => 2, 'poster_id' => ANONYMOUS, 'post_username' => 'Other'),
+					array('post_id' => 3, 'poster_id' => ANONYMOUS, 'post_username' => 'Bertie'),
+					array('post_id' => 4, 'poster_id' => ANONYMOUS, 'post_username' => 'Other'),
+				),
+				array(
+					array(
+						'topic_id' => 1,
+						'topic_poster' => ANONYMOUS, 'topic_first_poster_name' => 'Bertie', 'topic_first_poster_colour' => '',
+						'topic_last_poster_id' => ANONYMOUS, 'topic_last_poster_name' => 'Bertie', 'topic_last_poster_colour' => '',
+					),
+					array(
+						'topic_id' => 2,
+						'topic_poster' => ANONYMOUS, 'topic_first_poster_name' => 'Other', 'topic_first_poster_colour' => '',
+						'topic_last_poster_id' => ANONYMOUS, 'topic_last_poster_name' => 'Other', 'topic_last_poster_colour' => '',
+					),
+					array(
+						'topic_id' => 3,
+						'topic_poster' => ANONYMOUS, 'topic_first_poster_name' => 'Bertie', 'topic_first_poster_colour' => '',
+						'topic_last_poster_id' => ANONYMOUS, 'topic_last_poster_name' => 'Bertie', 'topic_last_poster_colour' => '',
+					),
+					array(
+						'topic_id' => 4,
+						'topic_poster' => ANONYMOUS, 'topic_first_poster_name' => 'Other', 'topic_first_poster_colour' => '',
+						'topic_last_poster_id' => ANONYMOUS, 'topic_last_poster_name' => 'Other', 'topic_last_poster_colour' => '',
+					),
+				),
+				array(
+					array('forum_id' => 1, 'forum_last_poster_id' => ANONYMOUS, 'forum_last_poster_name' => 'Bertie', 'forum_last_poster_colour' => ''),
+					array('forum_id' => 2, 'forum_last_poster_id' => ANONYMOUS, 'forum_last_poster_name' => 'Other', 'forum_last_poster_colour' => ''),
+					array('forum_id' => 3, 'forum_last_poster_id' => ANONYMOUS, 'forum_last_poster_name' => 'Bertie', 'forum_last_poster_colour' => ''),
+					array('forum_id' => 4, 'forum_last_poster_id' => ANONYMOUS, 'forum_last_poster_name' => 'Other', 'forum_last_poster_colour' => ''),
+				),
+			),
+			array(
+				'remove', 'Bertie',
+				array(
+					array('post_id' => 2, 'poster_id' => ANONYMOUS, 'post_username' => 'Other'),
+					array('post_id' => 4, 'poster_id' => ANONYMOUS, 'post_username' => 'Other'),
+				),
+				array(
+					array(
+						'topic_id' => 2,
+						'topic_poster' => ANONYMOUS, 'topic_first_poster_name' => 'Other', 'topic_first_poster_colour' => '',
+						'topic_last_poster_id' => ANONYMOUS, 'topic_last_poster_name' => 'Other', 'topic_last_poster_colour' => '',
+					),
+					array(
+						'topic_id' => 4,
+						'topic_poster' => ANONYMOUS, 'topic_first_poster_name' => 'Other', 'topic_first_poster_colour' => '',
+						'topic_last_poster_id' => ANONYMOUS, 'topic_last_poster_name' => 'Other', 'topic_last_poster_colour' => '',
+					),
+				),
+				array(
+					array('forum_id' => 1, 'forum_last_poster_id' => 0, 'forum_last_poster_name' => '', 'forum_last_poster_colour' => ''),
+					array('forum_id' => 2, 'forum_last_poster_id' => ANONYMOUS, 'forum_last_poster_name' => 'Other', 'forum_last_poster_colour' => ''),
+					array('forum_id' => 3, 'forum_last_poster_id' => 0, 'forum_last_poster_name' => '', 'forum_last_poster_colour' => ''),
+					array('forum_id' => 4, 'forum_last_poster_id' => ANONYMOUS, 'forum_last_poster_name' => 'Other', 'forum_last_poster_colour' => ''),
+				),
+			),
+		);
+	}
+
+	/**
+	* @dataProvider first_last_post_data
+	*/
+	public function test_first_last_post_info($mode, $post_username, $expected_posts, $expected_topics, $expected_forums)
+	{
+		$this->assertFalse(user_delete($mode, 2, $post_username));
+
+		$sql = 'SELECT post_id, poster_id, post_username
+			FROM ' . POSTS_TABLE . '
+			ORDER BY post_id ASC';
+		$result = $this->db->sql_query($sql);
+		$this->assertEquals($expected_posts, $this->db->sql_fetchrowset($result), 'Post table poster info is mismatching after deleting a user.');
+		$this->db->sql_freeresult($result);
+
+		$sql = 'SELECT topic_id, topic_poster, topic_first_poster_name, topic_first_poster_colour, topic_last_poster_id, topic_last_poster_name, topic_last_poster_colour
+			FROM ' . TOPICS_TABLE . '
+			ORDER BY topic_id ASC';
+		$result = $this->db->sql_query($sql);
+		$this->assertEquals($expected_topics, $this->db->sql_fetchrowset($result), 'Topic table first/last poster info is mismatching after deleting a user.');
+		$this->db->sql_freeresult($result);
+
+		$sql = 'SELECT forum_id, forum_last_poster_id, forum_last_poster_name, forum_last_poster_colour
+			FROM ' . FORUMS_TABLE . '
+			ORDER BY forum_id ASC';
+		$result = $this->db->sql_query($sql);
+		$this->assertEquals($expected_forums, $this->db->sql_fetchrowset($result), 'Forum table last poster info is mismatching after deleting a user.');
+		$this->db->sql_freeresult($result);
+	}
+
+	 public function report_attachment_data()
+	{
+		return array(
+			array(
+				'retain',
+				array(
+					array('post_id' => 1, 'post_reported' => 1, 'post_edit_user' => 1),
+					array('post_id' => 2, 'post_reported' => 1, 'post_edit_user' => 1),
+					array('post_id' => 3, 'post_reported' => 0, 'post_edit_user' => 1),
+					array('post_id' => 4, 'post_reported' => 0, 'post_edit_user' => 1),
+				),
+				array(
+					array('report_id' => 1, 'post_id' => 1, 'user_id' => 1),
+					array('report_id' => 3, 'post_id' => 2, 'user_id' => 1),
+				),
+				array(
+					array('topic_id' => 1, 'topic_reported' => 1),
+					array('topic_id' => 2, 'topic_reported' => 1),
+					array('topic_id' => 3, 'topic_reported' => 0),
+					array('topic_id' => 4, 'topic_reported' => 0),
+				),
+				array(
+					array('attach_id' => 1, 'post_msg_id' => 1, 'poster_id' => 1),
+					array('attach_id' => 2, 'post_msg_id' => 2, 'poster_id' => 1),
+					array('attach_id' => 3, 'post_msg_id' => 0, 'poster_id' => 1), // TODO should be deleted: PHPBB3-13089
+				),
+			),
+			array(
+				'remove',
+				array(
+					array('post_id' => 2, 'post_reported' => 1, 'post_edit_user' => 1),
+					array('post_id' => 4, 'post_reported' => 0, 'post_edit_user' => 1),
+				),
+				array(
+					array('report_id' => 3, 'post_id' => 2, 'user_id' => 1),
+				),
+				array(
+					array('topic_id' => 2, 'topic_reported' => 1),
+					array('topic_id' => 4, 'topic_reported' => 0),
+				),
+				array(
+					array('attach_id' => 2, 'post_msg_id' => 2, 'poster_id' => 1),
+					array('attach_id' => 3, 'post_msg_id' => 0, 'poster_id' => 2), // TODO should be deleted: PHPBB3-13089
+				),
+			),
+		);
+	}
+
+	/**
+	* @dataProvider report_attachment_data
+	*/
+	public function test_report_attachment_info($mode, $expected_posts, $expected_reports, $expected_topics, $expected_attach)
+	{
+		$this->assertFalse(user_delete($mode, 2));
+
+		$sql = 'SELECT post_id, post_reported, post_edit_user
+			FROM ' . POSTS_TABLE . '
+			ORDER BY post_id ASC';
+		$result = $this->db->sql_query($sql);
+		$this->assertEquals($expected_posts, $this->db->sql_fetchrowset($result), 'Post report status content is mismatching after deleting a user.');
+		$this->db->sql_freeresult($result);
+
+		$sql = 'SELECT report_id, post_id, user_id
+			FROM ' . REPORTS_TABLE . '
+			ORDER BY report_id ASC';
+		$result = $this->db->sql_query($sql);
+		$this->assertEquals($expected_reports, $this->db->sql_fetchrowset($result), 'Report table content is mismatching after deleting a user.');
+		$this->db->sql_freeresult($result);
+
+		$sql = 'SELECT topic_id, topic_reported
+			FROM ' . TOPICS_TABLE . '
+			ORDER BY topic_id ASC';
+		$result = $this->db->sql_query($sql);
+		$this->assertEquals($expected_topics, $this->db->sql_fetchrowset($result), 'Topic report status is mismatching after deleting a user.');
+		$this->db->sql_freeresult($result);
+
+		$sql = 'SELECT attach_id, post_msg_id, poster_id
+			FROM ' . ATTACHMENTS_TABLE . '
+			ORDER BY attach_id ASC';
+		$result = $this->db->sql_query($sql);
+		$this->assertEquals($expected_attach, $this->db->sql_fetchrowset($result), 'Attachment table content is mismatching after deleting a user.');
+		$this->db->sql_freeresult($result);
+	}
+
+	 public function delete_data()
+	{
+		return array(
+			array(
+				'retain',
+				array(array('user_id' => 1, 'user_posts' => 4)),
+				array(array('user_id' => 1, 'zebra_id' => 3)),
+				array(array('ban_id' => 2), array('ban_id' => 3)),
+				array(array('session_id' => '12345678901234567890123456789013')),
+				array(
+					array('log_id' => 2, 'user_id' => 1, 'reportee_id' => 1),
+					array('log_id' => 3, 'user_id' => 1, 'reportee_id' => 1),
+				),
+				array(
+					array('msg_id' => 1, 'author_id' => 3, 'message_edit_user' => 3),
+					array('msg_id' => 2, 'author_id' => 1, 'message_edit_user' => 1),
+				),
+			),
+			array(
+				'remove',
+				array(array('user_id' => 1, 'user_posts' => 2)),
+				array(array('user_id' => 1, 'zebra_id' => 3)),
+				array(array('ban_id' => 2), array('ban_id' => 3)),
+				array(array('session_id' => '12345678901234567890123456789013')),
+				array(
+					array('log_id' => 2, 'user_id' => 1, 'reportee_id' => 1),
+					array('log_id' => 3, 'user_id' => 1, 'reportee_id' => 1),
+				),
+				array(
+					array('msg_id' => 1, 'author_id' => 3, 'message_edit_user' => 3),
+					array('msg_id' => 2, 'author_id' => 1, 'message_edit_user' => 1),
+				),
+			),
+		);
+	}
+
+	/**
+	* @dataProvider delete_data
+	*/
+	public function test_delete_data($mode, $expected_users, $expected_zebra, $expected_ban, $expected_sessions, $expected_logs, $expected_pms)
+	{
+		$this->assertFalse(user_delete($mode, 2));
+
+		$sql = 'SELECT user_id, user_posts
+			FROM ' . USERS_TABLE . '
+			ORDER BY user_id ASC';
+		$result = $this->db->sql_query($sql);
+		$this->assertEquals($expected_users, $this->db->sql_fetchrowset($result), 'User table content is mismatching after deleting a user.');
+		$this->db->sql_freeresult($result);
+
+		$sql = 'SELECT user_id, zebra_id
+			FROM ' . ZEBRA_TABLE . '
+			ORDER BY user_id ASC, zebra_id ASC';
+		$result = $this->db->sql_query($sql);
+		$this->assertEquals($expected_zebra, $this->db->sql_fetchrowset($result), 'Zebra table content is mismatching after deleting a user.');
+		$this->db->sql_freeresult($result);
+
+		$sql = 'SELECT ban_id
+			FROM ' . BANLIST_TABLE . '
+			ORDER BY ban_id ASC';
+		$result = $this->db->sql_query($sql);
+		$this->assertEquals($expected_ban, $this->db->sql_fetchrowset($result), 'Ban table content is mismatching after deleting a user.');
+		$this->db->sql_freeresult($result);
+
+		$sql = 'SELECT session_id
+			FROM ' . SESSIONS_TABLE . '
+			ORDER BY session_id ASC';
+		$result = $this->db->sql_query($sql);
+		$this->assertEquals($expected_sessions, $this->db->sql_fetchrowset($result), 'Session table content is mismatching after deleting a user.');
+		$this->db->sql_freeresult($result);
+
+		$sql = 'SELECT log_id, user_id, reportee_id
+			FROM ' . LOG_TABLE . '
+			ORDER BY log_id ASC';
+		$result = $this->db->sql_query($sql);
+		$this->assertEquals($expected_logs, $this->db->sql_fetchrowset($result), 'Log table content is mismatching after deleting a user.');
+		$this->db->sql_freeresult($result);
+
+		$sql = 'SELECT msg_id, author_id, message_edit_user
+			FROM ' . PRIVMSGS_TABLE . '
+			ORDER BY msg_id ASC';
+		$result = $this->db->sql_query($sql);
+		$this->assertEquals($expected_pms, $this->db->sql_fetchrowset($result), 'Private messages table content is mismatching after deleting a user.');
+		$this->db->sql_freeresult($result);
+	}
+
+	 public function delete_user_id_data()
+	{
+		return array(
+			array(
+				'retain',
+				array(
+					USER_GROUP_TABLE,
+					TOPICS_WATCH_TABLE,
+					FORUMS_WATCH_TABLE,
+					ACL_USERS_TABLE,
+					TOPICS_TRACK_TABLE,
+					TOPICS_POSTED_TABLE,
+					FORUMS_TRACK_TABLE,
+					PROFILE_FIELDS_DATA_TABLE,
+					MODERATOR_CACHE_TABLE,
+					DRAFTS_TABLE,
+					BOOKMARKS_TABLE,
+					SESSIONS_KEYS_TABLE,
+					PRIVMSGS_FOLDER_TABLE,
+					PRIVMSGS_RULES_TABLE,
+				),
+			),
+			array(
+				'remove',
+				array(
+					USER_GROUP_TABLE,
+					TOPICS_WATCH_TABLE,
+					FORUMS_WATCH_TABLE,
+					ACL_USERS_TABLE,
+					TOPICS_TRACK_TABLE,
+					TOPICS_POSTED_TABLE,
+					FORUMS_TRACK_TABLE,
+					PROFILE_FIELDS_DATA_TABLE,
+					MODERATOR_CACHE_TABLE,
+					DRAFTS_TABLE,
+					BOOKMARKS_TABLE,
+					SESSIONS_KEYS_TABLE,
+					PRIVMSGS_FOLDER_TABLE,
+					PRIVMSGS_RULES_TABLE,
+				),
+			),
+		);
+	}
+
+	/**
+	* @dataProvider delete_user_id_data
+	*/
+	public function test_delete_user_id_data($mode, $cleaned_tables)
+	{
+		$this->assertFalse(user_delete($mode, 2));
+
+		foreach ($cleaned_tables as $table)
+		{
+			$sql = 'SELECT user_id
+				FROM ' . $table . '
+				WHERE user_id = 2';
+			$result = $this->db->sql_query($sql);
+			$this->assertFalse($this->db->sql_fetchfield('user_id'), 'Found data for deleted user in table: ' . $table);
+			$this->db->sql_freeresult($result);
+
+			$sql = 'SELECT user_id
+				FROM ' . $table . '
+				WHERE user_id = 3';
+			$result = $this->db->sql_query($sql);
+			$this->assertEquals(3, $this->db->sql_fetchfield('user_id'), 'Missing data for user in table: ' . $table);
+			$this->db->sql_freeresult($result);
+		}
+	}
+}

tests/functions_user/fixtures/delete_user.xml

@@ -0,0 +1,531 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<dataset>
+	<table name="phpbb_attachments">
+		<column>attach_id</column>
+		<column>post_msg_id</column>
+		<column>topic_id</column>
+		<column>in_message</column>
+		<column>poster_id</column>
+		<column>is_orphan</column>
+		<column>attach_comment</column>
+		<row>
+			<value>1</value>
+			<value>1</value>
+			<value>1</value>
+			<value>0</value>
+			<value>2</value>
+			<value>0</value>
+			<value></value>
+		</row>
+		<row>
+			<value>2</value>
+			<value>2</value>
+			<value>2</value>
+			<value>0</value>
+			<value>1</value>
+			<value>0</value>
+			<value></value>
+		</row>
+		<row>
+			<value>3</value>
+			<value>0</value>
+			<value>0</value>
+			<value>0</value>
+			<value>2</value>
+			<value>1</value>
+			<value></value>
+		</row>
+	</table>
+	<table name="phpbb_banlist">
+		<column>ban_id</column>
+		<column>ban_userid</column>
+		<column>ban_email</column>
+		<column>ban_reason</column>
+		<column>ban_give_reason</column>
+		<row>
+			<value>1</value>
+			<value>2</value>
+			<value></value>
+			<value></value>
+			<value></value>
+		</row>
+		<row>
+			<value>2</value>
+			<value>3</value>
+			<value></value>
+			<value></value>
+			<value></value>
+		</row>
+		<row>
+			<value>3</value>
+			<value>0</value>
+			<value></value>
+			<value></value>
+			<value></value>
+		</row>
+	</table>
+	<table name="phpbb_forums">
+		<column>forum_id</column>
+		<column>forum_last_poster_id</column>
+		<column>forum_last_poster_name</column>
+		<column>forum_last_poster_colour</column>
+		<column>forum_parents</column>
+		<column>forum_desc</column>
+		<column>forum_rules</column>
+		<row>
+			<value>1</value>
+			<value>2</value>
+			<value></value>
+			<value>00AA00</value>
+			<value></value>
+			<value></value>
+			<value></value>
+		</row>
+		<row>
+			<value>2</value>
+			<value>1</value>
+			<value>Other</value>
+			<value></value>
+			<value></value>
+			<value></value>
+			<value></value>
+		</row>
+		<row>
+			<value>3</value>
+			<value>2</value>
+			<value></value>
+			<value>00AA00</value>
+			<value></value>
+			<value></value>
+			<value></value>
+		</row>
+		<row>
+			<value>4</value>
+			<value>1</value>
+			<value>Other</value>
+			<value></value>
+			<value></value>
+			<value></value>
+			<value></value>
+		</row>
+	</table>
+	<table name="phpbb_log">
+		<column>log_id</column>
+		<column>user_id</column>
+		<column>reportee_id</column>
+		<column>log_operation</column>
+		<column>log_data</column>
+		<row>
+			<value>1</value>
+			<value>1</value>
+			<value>2</value>
+			<value></value>
+			<value></value>
+		</row>
+		<row>
+			<value>2</value>
+			<value>2</value>
+			<value>1</value>
+			<value></value>
+			<value></value>
+		</row>
+		<row>
+			<value>3</value>
+			<value>1</value>
+			<value>1</value>
+			<value></value>
+			<value></value>
+		</row>
+		<row>
+			<value>4</value>
+			<value>2</value>
+			<value>2</value>
+			<value></value>
+			<value></value>
+		</row>
+	</table>
+	<table name="phpbb_posts">
+		<column>post_id</column>
+		<column>poster_id</column>
+		<column>post_edit_user</column>
+		<column>post_username</column>
+		<column>topic_id</column>
+		<column>forum_id</column>
+		<column>post_approved</column>
+		<column>post_time</column>
+		<column>post_text</column>
+		<column>post_reported</column>
+		<row>
+			<value>1</value>
+			<value>2</value>
+			<value>2</value>
+			<value></value>
+			<value>1</value>
+			<value>1</value>
+			<value>1</value>
+			<value>1</value>
+			<value></value>
+			<value>1</value>
+		</row>
+		<row>
+			<value>2</value>
+			<value>1</value>
+			<value>1</value>
+			<value>Other</value>
+			<value>2</value>
+			<value>2</value>
+			<value>1</value>
+			<value>1</value>
+			<value></value>
+			<value>1</value>
+		</row>
+		<row>
+			<value>3</value>
+			<value>2</value>
+			<value>2</value>
+			<value></value>
+			<value>3</value>
+			<value>3</value>
+			<value>1</value>
+			<value>1</value>
+			<value></value>
+			<value>1</value>
+		</row>
+		<row>
+			<value>4</value>
+			<value>1</value>
+			<value>1</value>
+			<value>Other</value>
+			<value>4</value>
+			<value>4</value>
+			<value>1</value>
+			<value>1</value>
+			<value></value>
+			<value>1</value>
+		</row>
+	</table>
+	<table name="phpbb_privmsgs">
+		<column>msg_id</column>
+		<column>author_id</column>
+		<column>message_edit_user</column>
+		<column>message_text</column>
+		<column>to_address</column>
+		<column>bcc_address</column>
+		<row>
+			<value>1</value>
+			<value>3</value>
+			<value>3</value>
+			<value></value>
+			<value></value>
+			<value></value>
+		</row>
+		<row>
+			<value>2</value>
+			<value>2</value>
+			<value>2</value>
+			<value></value>
+			<value></value>
+			<value></value>
+		</row>
+	</table>
+	<table name="phpbb_privmsgs_to">
+		<column>msg_id</column>
+		<column>user_id</column>
+		<column>author_id</column>
+		<row>
+			<value>1</value>
+			<value>3</value>
+			<value>3</value>
+		</row>
+		<row>
+			<value>1</value>
+			<value>2</value>
+			<value>3</value>
+		</row>
+		<row>
+			<value>2</value>
+			<value>3</value>
+			<value>2</value>
+		</row>
+		<row>
+			<value>2</value>
+			<value>2</value>
+			<value>2</value>
+		</row>
+	</table>
+	<table name="phpbb_reports">
+		<column>report_id</column>
+		<column>post_id</column>
+		<column>user_id</column>
+		<column>report_text</column>
+		<row>
+			<value>1</value>
+			<value>1</value>
+			<value>1</value>
+			<value>Post Removed?</value>
+		</row>
+		<row>
+			<value>2</value>
+			<value>3</value>
+			<value>2</value>
+			<value>Post Removed?</value>
+		</row>
+		<row>
+			<value>3</value>
+			<value>2</value>
+			<value>1</value>
+			<value>Keep</value>
+		</row>
+		<row>
+			<value>4</value>
+			<value>4</value>
+			<value>2</value>
+			<value>Remove Report</value>
+		</row>
+	</table>
+	<table name="phpbb_sessions">
+		<column>session_id</column>
+		<column>session_user_id</column>
+		<column>session_page</column>
+		<row>
+			<value>12345678901234567890123456789012</value>
+			<value>2</value>
+			<value></value>
+		</row>
+		<row>
+			<value>12345678901234567890123456789013</value>
+			<value>3</value>
+			<value></value>
+		</row>
+	</table>
+	<table name="phpbb_topics">
+		<column>topic_id</column>
+		<column>forum_id</column>
+		<column>topic_reported</column>
+		<column>topic_poster</column>
+		<column>topic_first_poster_name</column>
+		<column>topic_first_poster_colour</column>
+		<column>topic_last_poster_id</column>
+		<column>topic_last_poster_name</column>
+		<column>topic_last_poster_colour</column>
+		<row>
+			<value>1</value>
+			<value>1</value>
+			<value>1</value>
+			<value>2</value>
+			<value></value>
+			<value>00AA00</value>
+			<value>2</value>
+			<value></value>
+			<value>00AA00</value>
+		</row>
+		<row>
+			<value>2</value>
+			<value>2</value>
+			<value>1</value>
+			<value>1</value>
+			<value>Other</value>
+			<value></value>
+			<value>1</value>
+			<value>Other</value>
+			<value></value>
+		</row>
+		<row>
+			<value>3</value>
+			<value>3</value>
+			<value>1</value>
+			<value>2</value>
+			<value></value>
+			<value>00AA00</value>
+			<value>2</value>
+			<value></value>
+			<value>00AA00</value>
+		</row>
+		<row>
+			<value>4</value>
+			<value>4</value>
+			<value>1</value>
+			<value>1</value>
+			<value>Other</value>
+			<value></value>
+			<value>1</value>
+			<value>Other</value>
+			<value></value>
+		</row>
+	</table>
+	<table name="phpbb_users">
+		<column>user_id</column>
+		<column>username_clean</column>
+		<column>user_permissions</column>
+		<column>user_sig</column>
+		<column>user_occ</column>
+		<column>user_interests</column>
+		<column>user_posts</column>
+		<row>
+			<value>1</value>
+			<value>Anonymous</value>
+			<value></value>
+			<value></value>
+			<value></value>
+			<value></value>
+			<value>2</value>
+		</row>
+		<row>
+			<value>2</value>
+			<value>Foobar</value>
+			<value></value>
+			<value></value>
+			<value></value>
+			<value></value>
+			<value>2</value>
+		</row>
+	</table>
+	<table name="phpbb_zebra">
+		<column>user_id</column>
+		<column>zebra_id</column>
+		<row>
+			<value>1</value>
+			<value>2</value>
+		</row>
+		<row>
+			<value>1</value>
+			<value>3</value>
+		</row>
+		<row>
+			<value>2</value>
+			<value>1</value>
+		</row>
+	</table>
+	<table name="phpbb_user_group">
+		<column>user_id</column>
+		<row>
+			<value>2</value>
+		</row>
+		<row>
+			<value>3</value>
+		</row>
+	</table>
+	<table name="phpbb_topics_watch">
+		<column>user_id</column>
+		<row>
+			<value>2</value>
+		</row>
+		<row>
+			<value>3</value>
+		</row>
+	</table>
+	<table name="phpbb_forums_watch">
+		<column>user_id</column>
+		<row>
+			<value>2</value>
+		</row>
+		<row>
+			<value>3</value>
+		</row>
+	</table>
+	<table name="phpbb_acl_users">
+		<column>user_id</column>
+		<row>
+			<value>2</value>
+		</row>
+		<row>
+			<value>3</value>
+		</row>
+	</table>
+	<table name="phpbb_topics_track">
+		<column>user_id</column>
+		<row>
+			<value>2</value>
+		</row>
+		<row>
+			<value>3</value>
+		</row>
+	</table>
+	<table name="phpbb_forums_track">
+		<column>user_id</column>
+		<row>
+			<value>2</value>
+		</row>
+		<row>
+			<value>3</value>
+		</row>
+	</table>
+	<table name="phpbb_topics_posted">
+		<column>user_id</column>
+		<row>
+			<value>2</value>
+		</row>
+		<row>
+			<value>3</value>
+		</row>
+	</table>
+	<table name="phpbb_profile_fields_data">
+		<column>user_id</column>
+		<row>
+			<value>2</value>
+		</row>
+		<row>
+			<value>3</value>
+		</row>
+	</table>
+	<table name="phpbb_moderator_cache">
+		<column>user_id</column>
+		<row>
+			<value>2</value>
+		</row>
+		<row>
+			<value>3</value>
+		</row>
+	</table>
+	<table name="phpbb_bookmarks">
+		<column>user_id</column>
+		<row>
+			<value>2</value>
+		</row>
+		<row>
+			<value>3</value>
+		</row>
+	</table>
+	<table name="phpbb_sessions_keys">
+		<column>user_id</column>
+		<row>
+			<value>2</value>
+		</row>
+		<row>
+			<value>3</value>
+		</row>
+	</table>
+	<table name="phpbb_privmsgs_folder">
+		<column>user_id</column>
+		<row>
+			<value>2</value>
+		</row>
+		<row>
+			<value>3</value>
+		</row>
+	</table>
+	<table name="phpbb_privmsgs_rules">
+		<column>user_id</column>
+		<column>rule_string</column>
+		<row>
+			<value>2</value>
+			<value></value>
+		</row>
+		<row>
+			<value>3</value>
+			<value></value>
+		</row>
+	</table>
+	<table name="phpbb_drafts">
+		<column>user_id</column>
+		<column>draft_message</column>
+		<row>
+			<value>2</value>
+			<value></value>
+		</row>
+		<row>
+			<value>3</value>
+			<value></value>
+		</row>
+	</table>
+</dataset>

tests/security/redirect_test.php

@@ -18,12 +18,17 @@ class phpbb_security_redirect_test extends phpbb_security_test_base
 	{
 		// array(Input -> redirect(), expected triggered error (else false), expected returned result url (else false))
 		return array(
-			array('data://x', false, 'http://localhost/phpBB'),
+			array('data://x', 'Tried to redirect to potentially insecure url.', false),
 			array('bad://localhost/phpBB/index.php', 'Tried to redirect to potentially insecure url.', false),
-			array('http://www.otherdomain.com/somescript.php', false, 'http://localhost/phpBB'),
+			array('http://www.otherdomain.com/somescript.php', 'Tried to redirect to potentially insecure url.', false),
 			array("http://localhost/phpBB/memberlist.php\n\rConnection: close", 'Tried to redirect to potentially insecure url.', false),
 			array('javascript:test', false, 'http://localhost/phpBB/../javascript:test'),
 			array('http://localhost/phpBB/index.php;url=', 'Tried to redirect to potentially insecure url.', false),
+			array('https://foobar.com\@http://localhost/phpBB', 'Tried to redirect to potentially insecure url.', false),
+			array('https://foobar.com\@localhost/troll/http://localhost/', 'Tried to redirect to potentially insecure url.', false),
+			array('http://localhost.foobar.com\@localhost/troll/http://localhost/', 'Tried to redirect to potentially insecure url.', false),
+			array('http://localhost/phpBB', false, 'http://localhost/phpBB'),
+			array('http://localhost/phpBB/', false, 'http://localhost/phpBB/'),
 		);
 	}
 

tests/security/trailing_path_test.php

@@ -0,0 +1,60 @@
+<?php
+/**
+ *
+ * @package testing
+ * @copyright (c) 2011 phpBB Group
+ * @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2
+ *
+ */
+
+require_once dirname(__FILE__) . '/../../phpBB/includes/startup.php';
+
+class phpbb_security_trailing_path_test extends phpbb_test_case
+{
+	public function data_has_trailing_path()
+	{
+		return array(
+			array(false, '', '', ''),
+			array(true, '/', '', ''),
+			array(true, '/foo', '', ''),
+			array(true, '', '/foo', ''),
+			array(true, '/foo', '/foo', ''),
+			array(false, '', '', '/'),
+			array(false, '', '', '/?/x.php/'),
+			array(false, '', '', '/index.php'),
+			array(false, '', '', '/dir.phpisfunny/foo.php'),
+			array(true, '', '', '/index.php/foo.php'),
+			array(false, '', '', '/phpBB/viewtopic.php?f=3&amp;t=5'),
+			array(false, '', '', '/phpBB/viewtopic.php?f=3&amp;t=5/'),
+			array(false, '', '', '/phpBB/viewtopic.php?f=3&amp;t=5/foo'),
+			array(true, '/foo', '/foo', '/phpBB/viewtopic.php?f=3&amp;t=5/foo'),
+			array(false, '', '', '/projects/php.bb/phpBB/viewtopic.php?f=3&amp;t=5/'),
+			array(false, '', '', '/projects/php.bb/phpBB/viewtopic.php?f=3&amp;t=5'),
+			array(false, '', '', '/projects/php.bb/phpBB/viewtopic.php?f=3&amp;t=5/foo.php/'),
+			array(false, '', '', '/projects/php.bb/phpBB/index.php'),
+			array(true, '', '', '/projects/php.bb/phpBB/index.php/'),
+			array(true, '', '', '/phpBB/index.php/?foo/a'),
+			array(true, '', '', '/projects/php.bb/phpBB/index.php/?a=5'),
+			array(false, '', '', '/projects/php.bb/phpBB/index.php?/a=5'),
+			array(false, '', '/phpBB/index.php', '/phpBB/index.php', '/phpBB/index.php'),
+			array(true, '', '/phpBB/index.php', '/phpBB/index.php'),
+			array(true, '', '/phpBB/index.php/', '/phpBB/index.php/', '/phpBB/index.php'),
+			array(true, '', '/phpBB/index.php/', '/phpBB/index.php/'),
+		);
+	}
+
+	/**
+	 * @dataProvider data_has_trailing_path
+	 */
+	public function test_has_trailing_path($expected, $path_info, $orig_path_info, $request_uri, $script_name = '')
+	{
+		global $phpEx;
+
+		$_SERVER['PATH_INFO'] = $path_info;
+		$_SERVER['ORIG_PATH_INFO'] = $orig_path_info;
+		$_SERVER['REQUEST_URI'] = $request_uri;
+		$_SERVER['SCRIPT_NAME'] = $script_name;
+
+		$this->assertSame($expected, phpbb_has_trailing_path($phpEx));
+	}
+}

tests/session/fixtures/sessions_empty.xml

@@ -38,4 +38,11 @@
 		<column>session_ip</column>
 		<column>session_browser</column>
 	</table>
+	<table name="phpbb_banlist">
+		<column>ban_id</column>
+		<column>ban_userid</column>
+		<column>ban_email</column>
+		<column>ban_reason</column>
+		<column>ban_give_reason</column>
+	</table>
 </dataset>

tests/test_framework/phpbb_functional_test_case.php

@@ -601,7 +601,7 @@ class phpbb_functional_test_case extends phpbb_test_case
 	*/
 	static public function assert_response_status_code($status_code = 200)
 	{
-		self::assertEquals($status_code, self::$client->getResponse()->getStatus());
+		self::assertEquals($status_code, self::$client->getResponse()->getStatus(), 'HTTP status code does not match');
 	}
 
 	/**
@@ -665,6 +665,64 @@ class phpbb_functional_test_case extends phpbb_test_case
 	{
 		$this->add_lang('posting');
 
+		$crawler = $this->submit_message($posting_url, $posting_contains, $form_data);
+
+		$this->assertContains($this->lang('POST_STORED'), $crawler->filter('html')->text());
+		$url = $crawler->selectLink($this->lang('VIEW_MESSAGE', '', ''))->link()->getUri();
+
+		return array(
+			'topic_id'	=> $this->get_parameter_from_link($url, 't'),
+			'post_id'	=> $this->get_parameter_from_link($url, 'p'),
+		);
+	}
+
+	/**
+	* Creates a private message
+	*
+	* Be sure to login before creating
+	*
+	* @param string $subject
+	* @param string $message
+	* @param array $to
+	* @param array $additional_form_data Any additional form data to be sent in the request
+	* @return int private_message_id
+	*/
+	public function create_private_message($subject, $message, $to, $additional_form_data = array())
+	{
+		$this->add_lang(array('ucp', 'posting'));
+
+		$posting_url = "ucp.php?i=pm&mode=compose&sid={$this->sid}";
+
+		$form_data = array_merge(array(
+			'subject'		=> $subject,
+			'message'		=> $message,
+			'post'			=> true,
+		), $additional_form_data);
+
+		foreach ($to as $user_id)
+		{
+			$form_data['address_list[u][' . $user_id . ']'] = 'to';
+		}
+
+		$crawler = self::submit_message($posting_url, 'POST_NEW_PM', $form_data);
+
+		$this->assertContains($this->lang('MESSAGE_STORED'), $crawler->filter('html')->text());
+		$url = $crawler->selectLink($this->lang('VIEW_PRIVATE_MESSAGE', '', ''))->link()->getUri();
+
+		return $this->get_parameter_from_link($url, 'p');
+	}
+
+	/**
+	* Helper for submitting a message (post or private message)
+	*
+	* @param string $posting_url
+	* @param string $posting_contains
+	* @param array $form_data
+	* @return \Symfony\Component\DomCrawler\Crawler the crawler object
+	*/
+	protected function submit_message($posting_url, $posting_contains, $form_data)
+	{
+
 		$crawler = self::request('GET', $posting_url);
 		$this->assertContains($this->lang($posting_contains), $crawler->filter('html')->text());
 
@@ -689,14 +747,7 @@ class phpbb_functional_test_case extends phpbb_test_case
 		// I use a request because the form submission method does not allow you to send data that is not
 		// contained in one of the actual form fields that the browser sees (i.e. it ignores "hidden" inputs)
 		// Instead, I send it as a request with the submit button "post" set to true.
-		$crawler = self::request('POST', $posting_url, $form_data);
-		$this->assertContains($this->lang('POST_STORED'), $crawler->filter('html')->text());
-		$url = $crawler->selectLink($this->lang('VIEW_MESSAGE', '', ''))->link()->getUri();
-
-		return array(
-			'topic_id'	=> $this->get_parameter_from_link($url, 't'),
-			'post_id'	=> $this->get_parameter_from_link($url, 'p'),
-		);
+		return self::request('POST', $posting_url, $form_data);
 	}
 
 	/**

travis/phpunit-mysql-5-2-travis.xml

@@ -1,44 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<phpunit backupGlobals="true"
-         backupStaticAttributes="true"
-         colors="true"
-         convertErrorsToExceptions="true"
-         convertNoticesToExceptions="true"
-         convertWarningsToExceptions="true"
-         processIsolation="false"
-         stopOnFailure="false"
-         syntaxCheck="true"
-         strict="true"
-         verbose="true"
-         bootstrap="../tests/bootstrap.php">
-	<testsuites>
-		<testsuite name="phpBB Test Suite">
-			<directory suffix="_test.php">../tests/</directory>
-			<exclude>tests/functional</exclude>
-			<exclude>tests/lint_test.php</exclude>
-		</testsuite>
-		<testsuite name="phpBB Lint Test">
-			<file>tests/lint_test.php</file>
-		</testsuite>
-		<testsuite name="phpBB Functional Tests">
-			<directory suffix="_test.php" phpVersion="5.3.19" phpVersionOperator=">=">../tests/functional</directory>
-		</testsuite>
-	</testsuites>
-
-	<groups>
-		<exclude>
-			<group>slow</group>
-		</exclude>
-	</groups>
-
-	<php>
-		<server name="PHPBB_TEST_DBMS" value="mysqli" />
-		<server name="PHPBB_TEST_DBHOST" value="0.0.0.0" />
-		<server name="PHPBB_TEST_DBPORT" value="3306" />
-		<server name="PHPBB_TEST_DBNAME" value="phpbb_tests" />
-		<server name="PHPBB_TEST_DBUSER" value="root" />
-		<server name="PHPBB_TEST_DBPASSWD" value="" />
-		<server name="PHPBB_TEST_TABLE_PREFIX" value="phpbb_"/>
-		<server name="PHPBB_FUNCTIONAL_URL" value="http://localhost/" />
-	</php>
-</phpunit>