[prep-release-3.0.14] Add security relevant changes to CHANGELOG.html.

* phpbb-security/ticket/security-180:
  [ticket/security-180] Add tests for redirecting to main URL
  [ticket/security-180] Always fail when redirecting to an insecure URL
  [ticket/security-180] Make sure that redirect goes to full URL plus slash
  [ticket/security-180] Check if redirect URL contains board URL

.gitignore

@@ -4,9 +4,7 @@
 /phpBB/cache/*.php
 /phpBB/cache/*.lock
 /phpBB/composer.phar
-/phpBB/config.php
-/phpBB/config_dev.php
-/phpBB/config_test.php
+/phpBB/config*.php
 /phpBB/ext/*
 /phpBB/files/*
 /phpBB/images/avatars/gallery/*
@@ -14,5 +12,5 @@
 /phpBB/store/*
 /phpBB/vendor
 /tests/phpbb_unit_tests.sqlite2
-/tests/test_config.php
+/tests/test_config*.php
 /tests/tmp/*

.travis.yml

@@ -1,27 +1,38 @@
 language: php
 php:
-  - 5.2
   - 5.3.3
   - 5.3
   - 5.4
   - 5.5
+  - 5.6
+  - hhvm
 
 env:
-  - DB=mariadb
   - DB=mysql
-  - DB=postgres
 
 before_script:
   - sh -c "if [ '$DB' = 'postgres' ]; then psql -c 'DROP DATABASE IF EXISTS phpbb_tests;' -U postgres; fi"
   - sh -c "if [ '$DB' = 'postgres' ]; then psql -c 'create database phpbb_tests;' -U postgres; fi"
   - sh -c "if [ '$DB' = 'mariadb' ]; then travis/setup-mariadb.sh; fi"
+  - sh -c "if [ '$TRAVIS_PHP_VERSION' = '5.3' -a '$DB' = 'mysql' ]; then mysql -e 'SET GLOBAL storage_engine=MyISAM;'; fi"
   - sh -c "if [ '$DB' = 'mysql' -o '$DB' = 'mariadb' ]; then mysql -e 'create database IF NOT EXISTS phpbb_tests;'; fi"
-  - sh -c "if [ '$TRAVIS_PHP_VERSION' = '5.2' ]; then pear install --force phpunit/DbUnit; phpenv rehash; fi"
   - cd phpBB
-  - sh -c "if [ '$TRAVIS_PHP_VERSION' != '5.2' ]; then php ../composer.phar install --dev --no-interaction --prefer-source; fi"
+  - php ../composer.phar install --dev --no-interaction --prefer-source
   - cd ..
   - sh -c "if [ `php -r "echo (int) version_compare(PHP_VERSION, '5.3.19', '>=');"` = "1" ]; then travis/setup-webserver.sh; fi"
+  - sh -c "if [ '$TRAVIS_PHP_VERSION' = '5.3.3' -a '$DB' = 'mysql' ]; then sudo apt-get update; sudo apt-get install -y parallel libimage-exiftool-perl; fi"
 
 script:
-  - sh -c "if [ '$TRAVIS_PHP_VERSION' = '5.2' ]; then phpunit --configuration travis/phpunit-$DB-travis.xml; else phpBB/vendor/bin/phpunit --configuration travis/phpunit-$DB-travis.xml; fi"
-  - sh -c "if [ '$TRAVIS_PHP_VERSION' = '5.5' -a '$DB' = 'mysql' -a '$TRAVIS_PULL_REQUEST' != 'false' ]; then git-tools/commit-msg-hook-range.sh origin/$TRAVIS_BRANCH...FETCH_HEAD; fi"
+  - phpBB/vendor/bin/phpunit --configuration travis/phpunit-$DB-travis.xml
+  - sh -c "if [ '$TRAVIS_PHP_VERSION' = '5.3.3' -a '$DB' = 'mysql' -a '$TRAVIS_PULL_REQUEST' != 'false' ]; then git-tools/commit-msg-hook-range.sh origin/$TRAVIS_BRANCH..FETCH_HEAD; fi"
+  - sh -c "if [ '$TRAVIS_PHP_VERSION' = '5.3.3' -a '$DB' = 'mysql' ]; then find . -type f -not -path './phpBB/vendor/*' -iregex '.*\.\(gif\|jpg\|jpeg\|png\)$' | parallel --gnu --keep-order 'phpBB/develop/strip_icc_profiles.sh {}' || exit 1; fi"
+
+matrix:
+  include:
+    - php: 5.4
+      env: DB=mariadb
+    - php: 5.4
+      env: DB=postgres
+  allow_failures:
+    - php: hhvm
+  fast_finish: true

README.md

@@ -17,9 +17,11 @@ Find support and lots more on [phpBB.com](http://www.phpbb.com)! Discuss the dev
 
 ## AUTOMATED TESTING
 
-We have unit and functional tests in order to prevent regressions. You can view the bamboo continuous integration [here](http://bamboo.phpbb.com) or check our travis build below.
-develop - [![Build Status](https://secure.travis-ci.org/phpbb/phpbb.png?branch=develop)](http://travis-ci.org/phpbb/phpbb)
-develop-olympus - [![Build Status](https://secure.travis-ci.org/phpbb/phpbb.png?branch=develop-olympus)](http://travis-ci.org/phpbb/phpbb)
+We have unit and functional tests in order to prevent regressions. You can view the bamboo continuous integration [here](http://bamboo.phpbb.com) or check our travis build below:
+
+* [![Build Status](https://secure.travis-ci.org/phpbb/phpbb.png?branch=master)](http://travis-ci.org/phpbb/phpbb) **master** - Latest development version
+* [![Build Status](https://secure.travis-ci.org/phpbb/phpbb.png?branch=3.1.x)](http://travis-ci.org/phpbb/phpbb) **3.1.x** - Development of version 3.1.x
+* [![Build Status](https://secure.travis-ci.org/phpbb/phpbb.png?branch=3.0.x)](http://travis-ci.org/phpbb/phpbb) **3.0.x** - Development of version 3.0.x
 
 ## LICENSE
 

build/build.xml

@@ -2,9 +2,9 @@
 
 <project name="phpBB" description="The phpBB forum software" default="all" basedir="../">
 	<!-- a few settings for the build -->
-	<property name="newversion" value="3.0.13-dev" />
-	<property name="prevversion" value="3.0.12" />
-	<property name="olderversions" value="3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.0.7, 3.0.7-PL1, 3.0.8, 3.0.9, 3.0.10, 3.0.11" />
+	<property name="newversion" value="3.0.14" />
+	<property name="prevversion" value="3.0.14-RC1" />
+	<property name="olderversions" value="3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.0.7, 3.0.7-PL1, 3.0.8, 3.0.9, 3.0.10, 3.0.11, 3.0.12, 3.0.13, 3.0.13-PL1" />
 	<!-- no configuration should be needed beyond this point -->
 
 	<property name="oldversions" value="${olderversions}, ${prevversion}" />
@@ -67,22 +67,22 @@
 		<exec dir="."
 			command="phpBB/vendor/bin/phpunit
 			--log-junit build/logs/phpunit.xml
-			--configuration phpunit.xml.all
 			--group slow
 			--coverage-clover build/logs/clover-slow.xml
 			--coverage-html build/coverage-slow"
 			passthru="true" />
 	</target>
 
+	<!-- Builds docs for current branch into build/api/output/master -->
 	<target name="docs">
-		<!-- only works if you setup phpdoctor:
-                     git clone https://github.com/peej/phpdoctor.git
-                     and then create an executable phpdoctor in your path containing
-                     #!/bin/sh
-                     php -f /path/to/phpdoctor/phpdoc.php $@
-                -->
-		<exec dir="build"
-			command="phpdoctor phpdoc-phpbb.ini"
+		<exec dir="."
+			command="phpBB/vendor/bin/sami.php update build/sami-checkout.conf.php"
+			passthru="true" />
+	</target>
+	<!-- Builds docs for multiple branches/tags into build/api/output/$branch -->
+	<target name="docs-all">
+		<exec dir="."
+			command="phpBB/vendor/bin/sami.php update build/sami-all.conf.php"
 			passthru="true" />
 	</target>
 
@@ -221,7 +221,7 @@
 							command="git archive ${revision} composer.phar | tar -xf - -C ${dir}"
 							checkreturn="true" />
 						<exec dir="${dir}"
-							command="php composer.phar install"
+							command="php composer.phar install --no-dev"
 							checkreturn="true"
 							passthru="true" />
 						<delete file="${dir}/composer.phar" />

build/phpdoc-phpbb.ini

@@ -1,145 +0,0 @@
-; Default configuration file for PHPDoctor
-
-; This config file will cause PHPDoctor to generate API documentation of
-; itself.
-
-
-; PHPDoctor settings
-; -----------------------------------------------------------------------------
-
-; Names of files to parse. This can be a single filename, or a comma separated
-; list of filenames. Wildcards are allowed.
-
-files = "*.php"
-
-; Names of files or directories to ignore. This can be a single filename, or a
-; comma separated list of filenames. Wildcards are NOT allowed.
-
-;ignore = "CVS, .svn, .git, _compiled"
-ignore = templates_c/,*HTML/default/*,spec/,*config.php*,*CVS/,test_chora.php,testupdate/,cache/,store/,*proSilver/,develop/,includes/utf/data/,includes/captcha/fonts/,install/update/,install/update.new/,files/,*phpinfo.php*,*update_script.php*,*upgrade.php*,*convert.php*,install/converter/,language/de/,script/,*swatch.php*,*test.php*,*test2.php*,*install.php*,*functions_diff.php*,*acp_update.php*,acm_xcache.php
-
-; The directory to look for files in, if not used the PHPDoctor will look in
-; the current directory (the directory it is run from).
-
-source_path = "../phpBB/"
-
-; If you do not want PHPDoctor to look in each sub directory for files
-; uncomment this line.
-
-;subdirs = off
-
-; Set how loud PHPDoctor is as it runs. Quiet mode suppresses all output other
-; than warnings and errors. Verbose mode outputs additional messages during
-; execution.
-
-quiet = on
-;verbose = on
-
-; Select the doclet to use for generating output.
-
-doclet = standard
-;doclet = debug
-
-; The directory to find the doclet in. Doclets control the HTML output of
-; phpDoctor and can be modified to suit your needs. They are expected to be 
-; in a directory named after themselves at the location given.
-
-;doclet_path = ./doclets
-
-; Select the formatter to use for generating output.
-
-;formatter = htmlStandardFormatter
-
-; The directory to find the formatter in. Formatters convert textual markup
-; for use by the doclet.
-
-;formatter_path = ./formatters
-
-; The directory to find taglets in. Taglets allow you to make PHPDoctor handle
-; new tags and to alter the behavour of existing tags and their output.
-
-;taglet_path = ./taglets
-
-; If the code you are parsing does not use package tags or not all elements
-; have package tags, use this setting to place unbound elements into a
-; particular package.
-
-default_package = "phpBB"
-
-use_class_path_as_package = off
-
-ignore_package_tags = off
-
-; Specifies the name of a HTML file containing text for the overview
-; documentation to be placed on the overview page. The path is relative to
-; "source_path" unless an absolute path is given.
-
-overview = ../README.md
-
-; Package comments will be looked for in a file named package.html in the same
-; directory as the first source file parsed in that package or in the directory
-; given below. If package comments are placed in the directory given below then
-; they should be named "<packageName>.html".
-
-package_comment_dir = ./
-
-; Parse out global variables and/or global constants?
-
-;globals = off
-;constants = off
-
-; Generate documentation for all class members
-
-;private = on
-
-; Generate documentation for public and protected class members
-
-;protected = on
-
-; Generate documentation for only public class members
-
-;public = on
-
-; Use the PEAR compatible handling of the docblock first sentence
-
-;pear_compat = on
-
-; Standard doclet settings
-; -----------------------------------------------------------------------------
-
-; The directory to place generated documentation in. If the given path is
-; relative to it will be relative to "source_path".
-
-d = "../build/api/"
-
-; Specifies the title to be placed in the HTML <title> tag.
-
-windowtitle = "phpBB3"
-
-; Specifies the title to be placed near the top of the overview summary file.
-
-doctitle = "phpBB3 Sourcecode Documentation"
-
-; Specifies the header text to be placed at the top of each output file. The
-; header will be placed to the right of the upper navigation bar. 
-
-header = "phpBB3"
-
-; Specifies the footer text to be placed at the bottom of each output file. The
-; footer will be placed to the right of the lower navigation bar.
-
-footer = "phpBB3"
-
-; Specifies the text to be placed at the bottom of each output file. The text
-; will be placed at the bottom of the page, below the lower navigation bar.
-
-;bottom = "This document was generated by <a href="http://peej.github.com/phpdoctor/">PHPDoctor: The PHP Documentation Creator</a>"
-
-; Create a class tree?
-
-;tree = off
-
-; Use GeSHi to include formatted source files in the documentation. PHPDoctor will look in the current doclet directory for a /geshi subdirectory. Unpack the GeSHi archive from http://qbnz.com/highlighter to get this directory - it will contain a php script and a subdirectory with formatting files.
-
-include_source = off
-

build/sami-all.conf.php

@@ -0,0 +1,30 @@
+<?php
+/**
+*
+* This file is part of the phpBB Forum Software package.
+*
+* @copyright (c) phpBB Limited <https://www.phpbb.com>
+* @license GNU General Public License, version 2 (GPL-2.0)
+*
+* For full copyright and license information, please see
+* the docs/CREDITS.txt file.
+*
+*/
+
+require __DIR__ . '/sami-checkout.conf.php';
+
+$config['versions'] = Sami\Version\GitVersionCollection::create(__DIR__ . '/../')
+	/*
+	This would be nice, but currently causes various problems that need
+	debugging.
+	->addFromTags('release-3.0.*')
+	->add('3.0.x', '3.0-next (olympus)')
+	->addFromTags('release-3.1.*')
+	->add('3.1.x', '3.1-next (ascraeus)')
+	->add('master')
+	*/
+	->add('3.0.x')
+	->add('3.1.x')
+;
+
+return new Sami\Sami($iterator, $config);

build/sami-checkout.conf.php

@@ -0,0 +1,44 @@
+<?php
+/**
+*
+* This file is part of the phpBB Forum Software package.
+*
+* @copyright (c) phpBB Limited <https://www.phpbb.com>
+* @license GNU General Public License, version 2 (GPL-2.0)
+*
+* For full copyright and license information, please see
+* the docs/CREDITS.txt file.
+*
+*/
+
+// Prevent 'Class "acm" does not exist.' exception on removeClass().
+class PhpbbArrayStore extends Sami\Store\ArrayStore
+{
+	public function removeClass(Sami\Project $project, $name)
+	{
+		unset($this->classes[$name]);
+	}
+}
+
+$iterator = Symfony\Component\Finder\Finder::create()
+	->files()
+	->name('*.php')
+	->in(__DIR__ . '/../phpBB/')
+	->notPath('#^cache/#')
+	->notPath('#^develop/#')
+	->notPath('#^ext/#')
+	->notPath('#^vendor/#')
+	->notPath('data')
+;
+
+$config = array(
+	'theme'                => 'enhanced',
+	'title'                => 'phpBB API Documentation',
+	'build_dir'            => __DIR__.'/api/output/%version%',
+	'cache_dir'            => __DIR__.'/api/cache/%version%',
+	'default_opened_level' => 2,
+	// Do not use JsonStore. See https://github.com/fabpot/Sami/issues/79
+	'store'                => new PhpbbArrayStore,
+);
+
+return new Sami\Sami($iterator, $config);

git-tools/commit-msg-hook-range.sh

@@ -5,26 +5,47 @@
 #
 # Calls the git commit-msg hook on all non-merge commits in a given commit range.
 #
-set -e
 
 if [ "$#" -ne 1 ];
 then
-	echo "Expected one argument (commit range, e.g. eef1b586...1666476b)."
+	echo "Expected one argument (commit range, e.g. phpbb/develop..ticket/12345)."
 	exit
 fi
 
 DIR=$(dirname "$0")
-COMMIT_MSG_HOOK_PATH="$DIR/hooks/commit-msg"
-
 COMMIT_RANGE="$1"
+COMMIT_MSG_HOOK_PATH="$DIR/hooks/commit-msg"
+COMMIT_MSG_HOOK_FATAL=$(git config --bool phpbb.hooks.commit-msg.fatal 2> /dev/null)
+git config phpbb.hooks.commit-msg.fatal true
 
+EXIT_STATUS=0
 for COMMIT_HASH in $(git rev-list --no-merges "$COMMIT_RANGE")
 do
+	echo "Inspecting commit message of commit $COMMIT_HASH"
+
 	# The git commit-msg hook takes a path to a file containing a commit
 	# message. So we have to extract the commit message into a file first,
 	# which then also needs to be deleted after our work is done.
 	COMMIT_MESSAGE_PATH="$DIR/commit_msg.$COMMIT_HASH"
 	git log -n 1 --pretty=format:%B "$COMMIT_HASH" > "$COMMIT_MESSAGE_PATH"
+
+	# Invoke hook on commit message file.
 	"$COMMIT_MSG_HOOK_PATH" "$COMMIT_MESSAGE_PATH"
+
+	# If any commit message hook complains with a non-zero exit status, we
+	# will send a non-zero exit status upstream.
+	if [ $? -ne 0 ]
+	then
+		EXIT_STATUS=1
+	fi
+
 	rm "$COMMIT_MESSAGE_PATH"
 done
+
+# Restore phpbb.hooks.commit-msg.fatal config
+if [ -n "$COMMIT_MSG_HOOK_FATAL" ]
+then
+	git config phpbb.hooks.commit-msg.fatal "$COMMIT_MSG_HOOK_FATAL"
+fi
+
+exit $EXIT_STATUS

git-tools/hooks/commit-msg

@@ -191,12 +191,12 @@ do
 				err=$ERR_HEADER;
 				echo "$line" | grep -Eq "^\[(ticket/[0-9]+|feature/$branch_regex|task/$branch_regex)\] .+$"
 				result=$?
-				if ! echo "$line" | grep -Eq "^\[(ticket/[0-9]+|feature/$branch_regex|task/$branch_regex)\] [A-Z].+$"
+				if ! echo "$line" | grep -Eq "^\[(ticket/[0-9]+|feature/$branch_regex|task/$branch_regex)\] [a-zA-Z].+$"
 				then
 					# Don't be too strict.
 					# Commits may be temporary, intended to be squashed later.
 					# Just issue a warning here.
-					complain "$severity: heading should be a sentence beginning with a capital letter." 1>&2
+					complain "$severity: heading should be a sentence beginning with a letter." 1>&2
 					complain "You entered:" 1>&2
 					complain "$line" 1>&2
 				fi

phpBB/.htaccess

@@ -8,12 +8,50 @@
 #RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]
 #</IfModule>
 
-<Files "config.php">
-Order Allow,Deny
-Deny from All
-</Files>
-
-<Files "common.php">
-Order Allow,Deny
-Deny from All
-</Files>
+# With Apache 2.4 the "Order, Deny" syntax has been deprecated and moved from
+# module mod_authz_host to a new module called mod_access_compat (which may be
+# disabled) and a new "Require" syntax has been introduced to mod_authz_host.
+# We could just conditionally provide both versions, but unfortunately Apache
+# does not explicitly tell us its version if the module mod_version is not
+# available. In this case, we check for the availability of module
+# mod_authz_core (which should be on 2.4 or higher only) as a best guess.
+<IfModule mod_version.c>
+	<IfVersion < 2.4>
+		<Files "config.php">
+			Order Allow,Deny
+			Deny from All
+		</Files>
+		<Files "common.php">
+			Order Allow,Deny
+			Deny from All
+		</Files>
+	</IfVersion>
+	<IfVersion >= 2.4>
+		<Files "config.php">
+			Require all denied
+		</Files>
+		<Files "common.php">
+			Require all denied
+		</Files>
+	</IfVersion>
+</IfModule>
+<IfModule !mod_version.c>
+	<IfModule !mod_authz_core.c>
+		<Files "config.php">
+			Order Allow,Deny
+			Deny from All
+		</Files>
+		<Files "common.php">
+			Order Allow,Deny
+			Deny from All
+		</Files>
+	</IfModule>
+	<IfModule mod_authz_core.c>
+		<Files "config.php">
+			Require all denied
+		</Files>
+		<Files "common.php">
+			Require all denied
+		</Files>
+	</IfModule>
+</IfModule>

phpBB/adm/index.php

@@ -524,6 +524,9 @@ function validate_config_vars($config_vars, &$cfg_array, &$error)
 
 				$cfg_array[$config_name] = trim($destination);
 
+			// Absolute file path
+			case 'absolute_path':
+			case 'absolute_path_writable':
 			// Path being relative (still prefixed by phpbb_root_path), but with the ability to escape the root dir...
 			case 'path':
 			case 'wpath':
@@ -542,20 +545,22 @@ function validate_config_vars($config_vars, &$cfg_array, &$error)
 					break;
 				}
 
-				if (!file_exists($phpbb_root_path . $cfg_array[$config_name]))
+				$path = in_array($config_definition['validate'], array('wpath', 'path', 'rpath', 'rwpath')) ? $phpbb_root_path . $cfg_array[$config_name] : $cfg_array[$config_name];
+
+				if (!file_exists($path))
 				{
 					$error[] = sprintf($user->lang['DIRECTORY_DOES_NOT_EXIST'], $cfg_array[$config_name]);
 				}
 
-				if (file_exists($phpbb_root_path . $cfg_array[$config_name]) && !is_dir($phpbb_root_path . $cfg_array[$config_name]))
+				if (file_exists($path) && !is_dir($path))
 				{
 					$error[] = sprintf($user->lang['DIRECTORY_NOT_DIR'], $cfg_array[$config_name]);
 				}
 
 				// Check if the path is writable
-				if ($config_definition['validate'] == 'wpath' || $config_definition['validate'] == 'rwpath')
+				if ($config_definition['validate'] == 'wpath' || $config_definition['validate'] == 'rwpath' || $config_definition['validate'] === 'absolute_path_writable')
 				{
-					if (file_exists($phpbb_root_path . $cfg_array[$config_name]) && !phpbb_is_writable($phpbb_root_path . $cfg_array[$config_name]))
+					if (file_exists($path) && !phpbb_is_writable($path))
 					{
 						$error[] = sprintf($user->lang['DIRECTORY_NOT_WRITABLE'], $cfg_array[$config_name]);
 					}

phpBB/adm/style/acp_update.html

@@ -19,7 +19,7 @@
 	<!-- ENDIF -->
 
 	<!-- IF NEXT_FEATURE_VERSION -->
-		<div class="errorbox">
+		<div class="errorbox notice">
 			<p>{UPGRADE_INSTRUCTIONS}</p>
 		</div>
 	<!-- ENDIF -->

phpBB/adm/style/acp_users_overview.html

@@ -30,7 +30,7 @@
 </dl>
 <dl>
 	<dt><label>{L_POSTS}:</label></dt>
-	<dd><strong>{USER_POSTS}</strong><!-- IF POSTS_IN_QUEUE and U_MCP_QUEUE --> (<a href="{U_MCP_QUEUE}">{L_POSTS_IN_QUEUE}</a>)<!-- ELSEIF POSTS_IN_QUEUE --> ({L_POSTS_IN_QUEUE})<!-- ENDIF --></dd>
+	<dd><strong><!-- IF USER_HAS_POSTS and U_SEARCH_USER --><a href="{U_SEARCH_USER}">{USER_POSTS}</a><!-- ELSE -->{USER_POSTS}<!-- ENDIF --></strong><!-- IF POSTS_IN_QUEUE and U_MCP_QUEUE --> (<a href="{U_MCP_QUEUE}">{L_POSTS_IN_QUEUE}</a>)<!-- ELSEIF POSTS_IN_QUEUE --> ({L_POSTS_IN_QUEUE})<!-- ENDIF --></dd>
 </dl>
 <dl>
 	<dt><label>{L_WARNINGS}:</label></dt>

phpBB/adm/style/editor.js

@@ -292,7 +292,7 @@ function mozWrap(txtarea, open, close)
 */
 function storeCaret(textEl)
 {
-	if (textEl.createTextRange)
+	if (textEl.createTextRange && document.selection)
 	{
 		textEl.caretPos = document.selection.createRange().duplicate();
 	}

phpBB/composer.json

@@ -1,8 +1,9 @@
 {
 	"require-dev": {
 		"fabpot/goutte": "1.0.*",
-		"phpunit/dbunit": "1.2.*",
-		"phpunit/phpunit": "3.7.*",
-		"phing/phing": "2.4.*"
+		"phpunit/dbunit": "1.3.*",
+		"phpunit/phpunit": "4.1.*",
+		"phing/phing": "2.4.*",
+		"sami/sami": "1.*"
 	}
 }

phpBB/develop/create_schema_files.php

@@ -237,6 +237,19 @@ $supported_dbms = array('firebird', 'mssql', 'mysql_40', 'mysql_41', 'oracle', '
 
 foreach ($supported_dbms as $dbms)
 {
+	$schema_data = get_schema_struct();
+	if ($dbms == 'mssql')
+	{
+		foreach ($schema_data as $table_name => $table_data)
+		{
+			if (!isset($table_data['PRIMARY_KEY']))
+			{
+				$schema_data[$table_name]['COLUMNS']['mssqlindex'] = array('UINT', NULL, 'auto_increment');
+				$schema_data[$table_name]['PRIMARY_KEY'] = 'mssqlindex';
+			}
+		}
+	}
+
 	$fp = fopen($schema_path . $dbms . '_schema.sql', 'wb');
 
 	$line = '';
@@ -552,7 +565,7 @@ foreach ($supported_dbms as $dbms)
 
 			case 'mssql':
 				$line = substr($line, 0, -2);
-				$line .= "\n) ON [PRIMARY]" . (($textimage) ? ' TEXTIMAGE_ON [PRIMARY]' : '') . "\n";
+				$line .= "\n)";// ON [PRIMARY]" . (($textimage) ? ' TEXTIMAGE_ON [PRIMARY]' : '') . "\n";
 				$line .= "GO\n\n";
 			break;
 		}
@@ -589,7 +602,7 @@ foreach ($supported_dbms as $dbms)
 					$line .= "\tCONSTRAINT [PK_{$table_name}] PRIMARY KEY  CLUSTERED \n";
 					$line .= "\t(\n";
 					$line .= "\t\t[" . implode("],\n\t\t[", $table_data['PRIMARY_KEY']) . "]\n";
-					$line .= "\t)  ON [PRIMARY] \n";
+					$line .= "\t)\n";
 					$line .= "GO\n\n";
 				break;
 
@@ -684,7 +697,7 @@ foreach ($supported_dbms as $dbms)
 					case 'mssql':
 						$line .= ($key_data[0] == 'INDEX') ? 'CREATE  INDEX' : '';
 						$line .= ($key_data[0] == 'UNIQUE') ? 'CREATE  UNIQUE  INDEX' : '';
-						$line .= " [{$key_name}] ON [{$table_name}]([" . implode('], [', $key_data[1]) . "]) ON [PRIMARY]\n";
+						$line .= " [{$key_name}] ON [{$table_name}]([" . implode('], [', $key_data[1]) . "])\n";
 						$line .= "GO\n\n";
 					break;
 

phpBB/develop/strip_icc_profiles.sh

@@ -0,0 +1,26 @@
+#!/bin/sh
+#
+# @copyright (c) 2014 phpBB Group
+# @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2
+#
+
+if [ "$#" -ne 1 ]
+then
+	SCRIPT=$(basename "$0")
+	echo "Description: Finds and strips ICC Profiles from given image file." >&2
+	echo "Usage: $SCRIPT /path/to/image/file" >&2
+	echo "Exit Status: 0 if no ICC profiles have been stripped, otherwise 1." >&2
+	echo "Requires: exiftool" >&2
+	exit 1
+fi
+
+FILE=$1
+HASH_OLD=$(md5sum "$FILE")
+exiftool -icc_profile"-<=" -overwrite_original_in_place "$FILE" > /dev/null 2>&1
+HASH_NEW=$(md5sum "$FILE")
+
+if [ "$HASH_OLD" != "$HASH_NEW" ]
+then
+	echo "Stripped ICC Profile from $FILE."
+	exit 1
+fi

phpBB/docs/AUTHORS

@@ -24,9 +24,10 @@ phpBB Lead Developer:  naderman (Nils Adermann)
 
 phpBB Developers:      bantu (Andreas Fischer)
                        dhruv.goel92 (Dhruv Goel)
-                       EXreaction (Nathan Guse)
-                       imkingdavid (David King)
+                       Elsensee (Oliver Schramm)
+                       marc1706 (Marc Alexander)
                        nickvergessen (Joas Schilling)
+                       Nicofuma (Tristan Darricau)
                        prototech (Cesar Gallegos)
 
 Contributions by:      leviatan21 (Gabriel Vazquez)
@@ -51,9 +52,11 @@ phpBB Developers:      A_Jelly_Doughnut (Josh Woody) [01/2010 - 11/2010]
                        ckwalsh (Cullen Walsh)        [01/2010 - 07/2011]
                        DavidMJ (David M.)            [12/2005 - 08/2009]
                        dhn (Dominik Dröscher)        [05/2007 - 01/2011]
+                       EXreaction (Nathan Guse)      [07/2012 - 05/2014]
                        GrahamJE (Graham Eames)       [09/2005 - 11/2006]
-                       kellanved (Henry Sudhof)      [04/2007 - 03/2011]
                        igorw (Igor Wiedler)          [08/2010 - 02/2013]
+                       imkingdavid (David King)      [11/2012 - 06/2014]
+                       kellanved (Henry Sudhof)      [04/2007 - 03/2011]
                        Oleg (Oleg Pudeyev)           [01/2011 - 05/2013]
                        rxu (Ruslan Uzdenov)          [04/2010 - 12/2012]
                        TerraFrost (Jim Wigginton)    [04/2009 - 01/2011]

phpBB/docs/CHANGELOG.html

@@ -52,7 +52,10 @@
 
 <ol>
 	<li><a href="#changelog">Changelog</a>
-	<ol style="list-style-type: lower-roman;">
+	<ul>
+		<li><a href="#v3013-PL1">Changes since 3.0.13-PL1</a></li>
+		<li><a href="#v3013">Changes since 3.0.13</a></li>
+		<li><a href="#v3012">Changes since 3.0.12</a></li>
 		<li><a href="#v3011">Changes since 3.0.11</a></li>
 		<li><a href="#v3010">Changes since 3.0.10</a></li>
 		<li><a href="#v309">Changes since 3.0.9</a></li>
@@ -74,7 +77,7 @@
 		<li><a href="#v30rc3">Changes since RC-3</a></li>
 		<li><a href="#v30rc2">Changes since RC-2</a></li>
 		<li><a href="#v30rc1">Changes since RC-1</a></li>
-	</ol>
+	</ul>
 	</li>
 	<li><a href="#disclaimer">Copyright and disclaimer</a></li>
 </ol>
@@ -93,7 +96,181 @@
 
 		<div class="content">
 
-	<a name="v3011"></a><h3>1.i. Changes since 3.0.11</h3>
+	<a name="v3013-PL1"></a><h3>Changes since 3.0.13-PL1</h3>
+
+<h4>Security</h4>
+<ul>
+<li>[SECURITY-180] - An insufficient check allowed users of the Google Chrome browser to be redirected to external domains (e.g. on login)</li>
+</ul>
+<h4>Bug</h4>
+<ul>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13348">PHPBB3-13348</a>] - sql_freeresult() should be called in feed base class</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13414">PHPBB3-13414</a>] - download/file.php sends Content-Length header even when issuing 304 Not Modified</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13555">PHPBB3-13555</a>] - Poll options preview rendered incorrectly by &lt;br /&gt; collision</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13568">PHPBB3-13568</a>] - Imagick path validated as relative path although ACP asks for absolute path</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13617">PHPBB3-13617</a>] - Bot session continuation with invalid f= query parameter causes SQL error</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13738">PHPBB3-13738</a>] - Sami still refers to develop-* branches</li>
+</ul>
+<h4>Improvement</h4>
+<ul>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12089">PHPBB3-12089</a>] - Make HTTP status code assertion failure messages more informative</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13765">PHPBB3-13765</a>] - Verify that SERVER_PROTOCOL has the expected format</li>
+</ul>
+<h4>Task</h4>
+<ul>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11539">PHPBB3-11539</a>] - Add unit tests for several functions in functions.php</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13572">PHPBB3-13572</a>] - Upgrade composer to 1.0.0-alpha9</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13599">PHPBB3-13599</a>] - Remove PHP 5.2 Travis environment</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13634">PHPBB3-13634</a>] - Update README to show new branch names</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13723">PHPBB3-13723</a>] - Update docs/AUTHORS for 3.0.14-RC1 / 3.1.4-RC1</li>
+</ul>
+
+	<a name="v3013"></a><h3>Changes since 3.0.13</h3>
+
+<h4>Bug</h4>
+<ul>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12933">PHPBB3-12933</a>] - The search operator for partial matches does not work</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13549">PHPBB3-13549</a>] - Compare ORIG_PATH_INFO with SCRIPT_NAME for checking trailing paths</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13554">PHPBB3-13554</a>] - Advertisement of feature release in red indicates a problem</li>
+</ul>
+
+	<a name="v3012"></a><h3>Changes since 3.0.12</h3>
+
+<h4>Security</h4>
+<ul>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13531">PHPBB3-13531</a>] - Disallow trailing paths (e.g. using the PATH_INFO feature) to prevent path-relative CSS injection</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13526">PHPBB3-13526</a>] - Correctly validate ucp_pm_options form key</li>
+</ul>
+<h4>Bug</h4>
+<ul>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-6703">PHPBB3-6703</a>] - Problem with russian letter while converting from 2.0.x</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-8960">PHPBB3-8960</a>] - Allow changing allow_avatar_remote when images/avatars/upload is not writable</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-9420">PHPBB3-9420</a>] - BBCode - Unable to use a proper URI token</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-9724">PHPBB3-9724</a>] - Wrong return &quot;Return to ACP&quot;</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-9725">PHPBB3-9725</a>] - MSSQL Schema is not azure compatible</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10023">PHPBB3-10023</a>] - Password change requirement notification in UCP is not noticable</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10423">PHPBB3-10423</a>] - Searching for the term &quot;test *&quot; will highlight nearly every word and displays htmlspecialchars as htmlentities.</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10442">PHPBB3-10442</a>] - XHTML is invalid when a forum link without redirect counter is present</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10687">PHPBB3-10687</a>] - UNABLE_GET_IMAGE_SIZE text misleading for remote avatars</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10729">PHPBB3-10729</a>] - Post editor information is not updated when user being deleted with posts</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10776">PHPBB3-10776</a>] - Grammar errors in docs/README.html</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10796">PHPBB3-10796</a>] - SQL Azure does not allow SELECT FROM sysfiles</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10851">PHPBB3-10851</a>] - HTML files containing certain tags being rejected as possible attack vectors with &quot;Check attachment file&quot; set to &quot;No&quot;</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10863">PHPBB3-10863</a>] - Permission mask does not accurately show some forum permissions if user has MOD parmissions</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10917">PHPBB3-10917</a>] - Updater notice &quot;Update files are out of date...&quot; when updating to unreleased version</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10985">PHPBB3-10985</a>] - Error bbcode.html not found when updating with custom style inheriting from prosilver</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11062">PHPBB3-11062</a>] - In Automatic Update, new language strings from install.php are only loaded from English</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11224">PHPBB3-11224</a>] - SQL cache destroy does not destroy queries to tables joined</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11288">PHPBB3-11288</a>] - &quot;Fulltext native&quot; search fooled by hyphens</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11480">PHPBB3-11480</a>] - Prevent Private Message system from returning &quot;Unknown folder&quot; when inbox folder is full</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11613">PHPBB3-11613</a>] - Cookies do not work for netbios domain</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11686">PHPBB3-11686</a>] - Not checking for phpBB Debug errors on functional tests</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11699">PHPBB3-11699</a>] - PHP Lint Test should exclude selected subdirectories of the build directory.</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11726">PHPBB3-11726</a>] - Don't run lint tests on Travis on postgres</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11762">PHPBB3-11762</a>] - generate_text_for_display() treats &quot;0&quot; as an empty string</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11789">PHPBB3-11789</a>] - Inline css with color value in subsilver2</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11794">PHPBB3-11794</a>] - Coding Guidelines document says to place a comma after every array element, but fails to do so itself</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11799">PHPBB3-11799</a>] - Anti Abuse Headers missing for sendpassword</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11811">PHPBB3-11811</a>] - Chrome 30 adds outline to focused elements</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11821">PHPBB3-11821</a>] - Wrong comma usage &quot;You are receiving this notification&quot;</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11823">PHPBB3-11823</a>] - Travis-CI webserver not matching PHP files with anything after the .php</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11829">PHPBB3-11829</a>] - Closed reports may seem open in detailed view</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11860">PHPBB3-11860</a>] - .htaccess not working for Apache 2.4</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11864">PHPBB3-11864</a>] - Do not call exit after display_progress_bar in acp_forums</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11879">PHPBB3-11879</a>] - Compatibility error in forum_fn.js: .live should be replaced with .on</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11968">PHPBB3-11968</a>] - Travis Image are broken due to repository rename</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12037">PHPBB3-12037</a>] - acp_inactive.html has hard-coded text</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12048">PHPBB3-12048</a>] - Custom BBCodes Fail to Render Language Strings with a Number</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12061">PHPBB3-12061</a>] - Keyboard shortcut alt+h doesn't work properly in firefox</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12072">PHPBB3-12072</a>] - Missing word &quot;send&quot; in comment in schema_data.sql</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12093">PHPBB3-12093</a>] - IE 11 javascript selection is no longer supported</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12118">PHPBB3-12118</a>] - Add noindex meta tag to subsilver2 pm/topic view-print template</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12119">PHPBB3-12119</a>] - Remove keywords and description meta tags from prosilver view-print templates</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12120">PHPBB3-12120</a>] - Update docs/AUTHORS for 3.0.13-RC1</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12140">PHPBB3-12140</a>] - Avoid endless loop in build script</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12161">PHPBB3-12161</a>] - build/save directories are no longer created</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12162">PHPBB3-12162</a>] - Binary files missing from update packages</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12176">PHPBB3-12176</a>] - No error shown when attempting to delete a founder</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12186">PHPBB3-12186</a>] - MCP should open &quot;Reported posts&quot; instead of PM Reports</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12188">PHPBB3-12188</a>] - Add php 5.6 to travis tests</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12202">PHPBB3-12202</a>] - Variables read from style.cfg etc. should be htmlspecialchared</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12205">PHPBB3-12205</a>] - Custom Profile Field display bug</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12210">PHPBB3-12210</a>] - dbtools::sql_create_table incorrectly throws error related to auto-increment length on non auto-increment fields</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12310">PHPBB3-12310</a>] - SMTP username and password should not autocomplete during install</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12316">PHPBB3-12316</a>] - develop-ascraeus build status missing from &quot;Automated Testing&quot; section in README.md</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12353">PHPBB3-12353</a>] - User attachments in ACP are not displaying every attachment</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12359">PHPBB3-12359</a>] - Day and Month of Birthday Misaligned When Editing</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12381">PHPBB3-12381</a>] - Broken error message when selecting invalid DB driver</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12397">PHPBB3-12397</a>] - db_tools::sql_unique_index_exists() has wrong doc block</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12429">PHPBB3-12429</a>] - Update phpunit to 3.8+</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12467">PHPBB3-12467</a>] - Add config_*.php  and tests_config_*.php to .gitignore</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12472">PHPBB3-12472</a>] - Set fast finish for .travis.yml</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12485">PHPBB3-12485</a>] - Broken tests due to absolute exclude</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12492">PHPBB3-12492</a>] - DB_TEST: Special chars are not supported.</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12540">PHPBB3-12540</a>] - WRONG_FILESIZE contains broken placeholders</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12660">PHPBB3-12660</a>] - Undefined offset error when phpinfo() disabled and debug enabled</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12695">PHPBB3-12695</a>] - Undefined index: MISSING_INLINE_ATTACHMENT notice given when viewing post details</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12720">PHPBB3-12720</a>] - Git commit hook should not require commit message to start with a capital letter</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12741">PHPBB3-12741</a>] - Functional tests on Travis fail since php update last night</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12755">PHPBB3-12755</a>] - Remote upload stuck in infinite loop if server sends keep-alive</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13086">PHPBB3-13086</a>] - Update ACP_MASS_EMAIL_EXPLAIN language key</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13096">PHPBB3-13096</a>] - ldap_escape() added to PHP 5.6.0</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13138">PHPBB3-13138</a>] - Banned users cause infinite recursion</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13168">PHPBB3-13168</a>] - Warning displayed in PHP 5.6 for mbstring.http_input</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13234">PHPBB3-13234</a>] - Remember me cookie gets unset by admin reauthentication</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13341">PHPBB3-13341</a>] - Tests fail when generating coverage report</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13376">PHPBB3-13376</a>] - deregister_globals() does not work correctly when $_COOKIE['GLOBALS'] - is specified</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13519">PHPBB3-13519</a>] - Correctly validate imagick path as path and not string</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13523">PHPBB3-13523</a>] - PHP 5.2 Unit Tests no longer work due to deprecated PHPUnit PEAR channel</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13527">PHPBB3-13527</a>] - Escape information received from version server</li>
+</ul>
+<h4>Improvement</h4>
+<ul>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10037">PHPBB3-10037</a>] - Add Smiley Buttons in Signature Editor</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10174">PHPBB3-10174</a>] - Rename &quot;Ban usernames&quot; to &quot;Ban users&quot; in ACP</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10549">PHPBB3-10549</a>] - Languages variables should be used, not hardcoded</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10555">PHPBB3-10555</a>] - Copyright notice in overall_header.html is not translatable</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10945">PHPBB3-10945</a>] - Show entered search query in the search box when no results are found.</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11254">PHPBB3-11254</a>] - Check CRLF line endings in the test suite</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11295">PHPBB3-11295</a>] - Drop tables for postgres in the test suite</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11297">PHPBB3-11297</a>] - Running tests doc should mention dbunit dependency</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11704">PHPBB3-11704</a>] - phing build script does not include vendor folder, even if there are dependencies</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11766">PHPBB3-11766</a>] - Remove Quote and Edit button when topic is lock</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11801">PHPBB3-11801</a>] - missing semi colons in css</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11814">PHPBB3-11814</a>] - Topic reply notification email text change</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12035">PHPBB3-12035</a>] - Add a link to user's posts in the ACP user overview page</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12106">PHPBB3-12106</a>] - Document exceptions to &quot;Disable Board&quot; in ACP.</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12146">PHPBB3-12146</a>] - Add color demo when editing a group from the UCP</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12247">PHPBB3-12247</a>] - include poster's username in email notifications of posts that get approved by moderators</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12259">PHPBB3-12259</a>] - Too many redundant tests are run on Travis</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12468">PHPBB3-12468</a>] - Allow mbstring.http_input='' besides 'pass' for PHP 5.6 compatibility</li>
+</ul>
+<h4>Task</h4>
+<ul>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10839">PHPBB3-10839</a>] - Remove phpunit.xml.functional and always include functional tests</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11509">PHPBB3-11509</a>] - Travis should check commit message format</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11876">PHPBB3-11876</a>] - Upgrade package checksums from MD5 to SHA256</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11877">PHPBB3-11877</a>] - Create package download links and checksums for announcement via script</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11920">PHPBB3-11920</a>] - Add MariaDB tests to Travis-CI</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11951">PHPBB3-11951</a>] - Add MariaDB to supported RDBMS list</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11970">PHPBB3-11970</a>] - Use 'set -x' in Travis CI setup scripts</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12046">PHPBB3-12046</a>] - Use PHP_BINARY environment variable in lint unit test</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12056">PHPBB3-12056</a>] - Make sure each unit test runs on its own</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12147">PHPBB3-12147</a>] - Remove Travis CI notification configuration</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12302">PHPBB3-12302</a>] - Upgrade composer.phar to 1.0.0-alpha8</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12318">PHPBB3-12318</a>] - Correctly setup HHVM functional tests on Travis CI</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12319">PHPBB3-12319</a>] - Backport Travis CI HHVM environment enabling to develop-olympus.</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12320">PHPBB3-12320</a>] - No longer allow Travis CI HHVM environment to fail</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12341">PHPBB3-12341</a>] - Add tests for get_username_string()</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12384">PHPBB3-12384</a>] - Run Travis CI HHVM tests against MySQLi instead of MySQL</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12417">PHPBB3-12417</a>] - hhvm-nightly 2014.04.16~precise breaks tests</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12495">PHPBB3-12495</a>] - Add Sami to composer dependencies and build script</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12582">PHPBB3-12582</a>] - Strip away copyrighted ICC profile from images</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12917">PHPBB3-12917</a>] - Move commit check and file executable checks to 5.3.3 build on travis</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13324">PHPBB3-13324</a>] - Composer no longer downloads sami/sami and fabpot/goutte</li>
+</ul>
+
+	<a name="v3011"></a><h3>Changes since 3.0.11</h3>
 
 <h4>Bug</h4>
 <ul>
@@ -248,7 +425,7 @@
 <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11753">PHPBB3-11753</a>] - Upgrade mysql_upgrader.php schema data.</li>
 </ul>
 
-	<a name="v3010"></a><h3>1.ii. Changes since 3.0.10</h3>
+	<a name="v3010"></a><h3>Changes since 3.0.10</h3>
 
 <h4>Bug</h4>
 <ul>
@@ -373,7 +550,7 @@
 <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10909">PHPBB3-10909</a>] - Update Travis Test Configuration: Travis no longer supports PHP 5.3.2</li>
 </ul>
 
-	<a name="v309"></a><h3>1.iii. Changes since 3.0.9</h3>
+	<a name="v309"></a><h3>Changes since 3.0.9</h3>
 
 <h4>Bug</h4>
 <ul>
@@ -509,7 +686,7 @@
 <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10480">PHPBB3-10480</a>] - Automate changelog building</li>
 </ul>
 
-	<a name="v308"></a><h3>1.iv. Changes since 3.0.8</h3>
+	<a name="v308"></a><h3>Changes since 3.0.8</h3>
 
 <h4>        Bug
 </h4>
@@ -574,7 +751,7 @@
 </li>
 <li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9924'>PHPBB3-9924</a>] -         $template-&gt;display hook does not pass $template instance
 </li>
-<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9925'>PHPBB3-9925</a>] -         prosilver logo margin bug in IE 6-7-8 
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9925'>PHPBB3-9925</a>] -         prosilver logo margin bug in IE 6-7-8
 </li>
 <li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9928'>PHPBB3-9928</a>] -         Do not link &quot;login to your board&quot; to the &quot;send statistics&quot; page after completed update.
 </li>
@@ -582,7 +759,7 @@
 </li>
 <li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9932'>PHPBB3-9932</a>] -         The Bing bot is not added when converting.
 </li>
-<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9933'>PHPBB3-9933</a>] -         Wrong handling of consecutive multiple asterisks in word censor 
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9933'>PHPBB3-9933</a>] -         Wrong handling of consecutive multiple asterisks in word censor
 </li>
 <li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9934'>PHPBB3-9934</a>] -         Mass Mail missing under the system tab on a fresh install
 </li>
@@ -594,7 +771,7 @@
 </li>
 <li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9948'>PHPBB3-9948</a>] -         Inline quicktime files won&#39;t display
 </li>
-<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9949'>PHPBB3-9949</a>] -         $user-&gt;lang() is not handling arguments as per documentation 
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9949'>PHPBB3-9949</a>] -         $user-&gt;lang() is not handling arguments as per documentation
 </li>
 <li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9950'>PHPBB3-9950</a>] -         Problem with localized button images after uprading from 3.0.7-PL1 to 3.0.8
 </li>
@@ -757,7 +934,7 @@
 <li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10250'>PHPBB3-10250</a>] -         phpBB Logo needs the Registered Trademark Symbol
 </li>
 </ul>
-    
+
 <h4>        Improvement
 </h4>
 <ul>
@@ -814,7 +991,7 @@
 <li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10186'>PHPBB3-10186</a>] -         UCP signature panel displays when not authed for signatures
 </li>
 </ul>
-    
+
 <h4>        New Feature
 </h4>
 <ul>
@@ -825,7 +1002,7 @@
 <li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10110'>PHPBB3-10110</a>] -         Redis caching module
 </li>
 </ul>
-    
+
 <h4>        Task
 </h4>
 <ul>
@@ -864,7 +1041,7 @@
 <li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10107'>PHPBB3-10107</a>] -         Improve docs for non-apache webserver configuration
 </li>
 </ul>
-    
+
 <h4>        Sub-task
 </h4>
 <ul>
@@ -877,7 +1054,7 @@
 </ul>
 
 
-	<a name="v307-PL1"></a><h3>1.v. Changes since 3.0.7-PL1</h3>
+	<a name="v307-PL1"></a><h3>Changes since 3.0.7-PL1</h3>
 <h4>        Security
 </h4>
 <ul>
@@ -1335,13 +1512,13 @@
 </ul>
 
 
-	<a name="v307"></a><h3>1.vi. Changes since 3.0.7</h3>
+	<a name="v307"></a><h3>Changes since 3.0.7</h3>
 
 	<ul>
 		<li>[Sec] Do not expose forum content of forums with ACL entries but no actual permission in ATOM Feeds. (Bug #58595)</li>
 	</ul>
 
-	<a name="v306"></a><h3>1.vii. Changes since 3.0.6</h3>
+	<a name="v306"></a><h3>Changes since 3.0.6</h3>
 
 	<ul>
 		<li>[Fix] Allow ban reason and length to be selected and copied in ACP and subsilver2 MCP. (Bug #51095)</li>
@@ -1445,7 +1622,7 @@
 
 	</ul>
 
-	<a name="v305"></a><h3>1.viii. Changes since 3.0.5</h3>
+	<a name="v305"></a><h3>Changes since 3.0.5</h3>
 
 	<ul>
 		<li>[Fix] Allow whitespaces in avatar gallery names. (Bug #44955)</li>
@@ -1667,7 +1844,7 @@
 		<li>[Feature] Send anonymous statistical information to phpBB on installation and update (optional).</li>
 	</ul>
 
-	<a name="v304"></a><h3>1.ix. Changes since 3.0.4</h3>
+	<a name="v304"></a><h3>Changes since 3.0.4</h3>
 
 	<ul>
 		<li>[Fix] Delete user entry from ban list table upon user deletion (Bug #40015 - Patch by TerraFrost)</li>
@@ -1756,7 +1933,7 @@
 		<li>[Sec] Only use forum id supplied for posting if global announcement detected. (Reported by nickvergessen)</li>
 	</ul>
 
-	<a name="v303"></a><h3>1.x. Changes since 3.0.3</h3>
+	<a name="v303"></a><h3>Changes since 3.0.3</h3>
 
 	<ul>
 		<li>[Fix] Allow mixed-case template directories to be inherited (Bug #36725)</li>
@@ -1788,7 +1965,7 @@
 		<li>[Sec] Ask for forum password if post within passworded forum quoted in private message. (Reported by nickvergessen)</li>
 	</ul>
 
-	<a name="v302"></a><h3>1.xi. Changes since 3.0.2</h3>
+	<a name="v302"></a><h3>Changes since 3.0.2</h3>
 
 	<ul>
 		<li>[Fix] Correctly set topic starter if first post in topic removed (Bug #30575 - Patch by blueray2048)</li>
@@ -1887,7 +2064,7 @@
 		<li>[Sec Precaution] Stricter validation of the HTTP_HOST header (Thanks to Techie-Micheal et al for pointing out possible issues in derived code)</li>
 	</ul>
 
-	<a name="v301"></a><h3>1.xii. Changes since 3.0.1</h3>
+	<a name="v301"></a><h3>Changes since 3.0.1</h3>
 
 	<ul>
 		<li>[Fix] Ability to set permissions on non-mysql dbms (Bug #24955)</li>
@@ -1935,7 +2112,7 @@
 		<li>[Sec] Only allow urls gone through redirect() being used within login_box(). (thanks nookieman)</li>
 	</ul>
 
-	<a name="v300"></a><h3>1.xiii Changes since 3.0.0</h3>
+	<a name="v300"></a><h3>Changes since 3.0.0</h3>
 
 	<ul>
 		<li>[Change] Validate birthdays (Bug #15004)</li>
@@ -2006,7 +2183,7 @@
 		<li>[Fix] Find and display colliding usernames correctly when converting from one database to another (Bug #23925)</li>
 	</ul>
 
-	<a name="v30rc8"></a><h3>1.xiv. Changes since 3.0.RC8</h3>
+	<a name="v30rc8"></a><h3>Changes since 3.0.RC8</h3>
 
 	<ul>
 		<li>[Fix] Cleaned usernames contain only single spaces, so &quot;a_name&quot; and &quot;a__name&quot; are treated as the same name (Bug #15634)</li>
@@ -2015,7 +2192,7 @@
 		<li>[Fix] Call garbage_collection() within database updater to correctly close connections (affects Oracle for example)</li>
 	</ul>
 
-	<a name="v30rc7"></a><h3>1.xv. Changes since 3.0.RC7</h3>
+	<a name="v30rc7"></a><h3>Changes since 3.0.RC7</h3>
 
 	<ul>
 		<li>[Fix] Fixed MSSQL related bug in the update system</li>
@@ -2050,7 +2227,7 @@
 		<li>[Fix] No duplication of active topics (Bug #15474)</li>
 	</ul>
 
-	<a name="v30rc6"></a><h3>1.xvi. Changes since 3.0.RC6</h3>
+	<a name="v30rc6"></a><h3>Changes since 3.0.RC6</h3>
 
 	<ul>
 		<li>[Fix] Submitting language changes using acp_language (Bug #14736)</li>
@@ -2060,7 +2237,7 @@
 		<li>[Fix] Able to request new password (Bug #14743)</li>
 	</ul>
 
-	<a name="v30rc5"></a><h3>1.xvii. Changes since 3.0.RC5</h3>
+	<a name="v30rc5"></a><h3>Changes since 3.0.RC5</h3>
 
 	<ul>
 		<li>[Feature] Removing constant PHPBB_EMBEDDED in favor of using an exit_handler(); the constant was meant to achive this more or less.</li>
@@ -2123,7 +2300,7 @@
 		<li>[Sec] New password hashing mechanism for storing passwords (#i42)</li>
 	</ul>
 
-	<a name="v30rc4"></a><h3>1.xviii. Changes since 3.0.RC4</h3>
+	<a name="v30rc4"></a><h3>Changes since 3.0.RC4</h3>
 
 	<ul>
 		<li>[Fix] MySQL, PostgreSQL and SQLite related database fixes (Bug #13862)</li>
@@ -2174,7 +2351,7 @@
 		<li>[Fix] odbc_autocommit causing existing result sets to be dropped (Bug #14182)</li>
 	</ul>
 
-	<a name="v30rc3"></a><h3>1.xix. Changes since 3.0.RC3</h3>
+	<a name="v30rc3"></a><h3>Changes since 3.0.RC3</h3>
 
 	<ul>
 		<li>[Fix] Fixing some subsilver2 and prosilver style issues</li>
@@ -2283,7 +2460,7 @@
 
 	</ul>
 
-	<a name="v30rc2"></a><h3>1.xx. Changes since 3.0.RC2</h3>
+	<a name="v30rc2"></a><h3>Changes since 3.0.RC2</h3>
 
 	<ul>
 		<li>[Fix] Re-allow searching within the memberlist</li>
@@ -2329,7 +2506,7 @@
 
 	</ul>
 
-	<a name="v30rc1"></a><h3>1.xxi. Changes since 3.0.RC1</h3>
+	<a name="v30rc1"></a><h3>Changes since 3.0.RC1</h3>
 
 	<ul>
 		<li>[Fix] (X)HTML issues within the templates (Bug #11255, #11255)</li>

phpBB/docs/INSTALL.html

@@ -276,7 +276,7 @@
 
 	<p>This package is meant for those wanting to only replace the files that were changed between a previous version and the latest version.</p>
 
-	<p>This package contains a number of archives, each contains the files changed from a given release to the latest version. You should select the appropriate archive for your current version, e.g. if you currently have <strong>3.0.11</strong> you should select the appropriate <code>phpBB-3.0.12-files.zip/tar.bz2</code> file.</p>
+	<p>This package contains a number of archives, each contains the files changed from a given release to the latest version. You should select the appropriate archive for your current version, e.g. if you currently have <strong>3.0.13</strong> you should select the appropriate <code>phpBB-3.0.14-files.zip/tar.bz2</code> file.</p>
 
 	<p>The directory structure has been preserved, enabling you (if you wish) to simply upload the uncompressed contents of the archive to the appropriate location on your server, i.e. simply overwrite the existing files with the new versions. Do not forget that if you have installed any modifications (MODs) these files will overwrite the originals, possibly destroying them in the process. You will need to re-add MODs to any affected file before uploading.</p>
 
@@ -288,7 +288,7 @@
 
 	<p>The patch file is one solution for those with many Modifications (MODs) or other changes and do not want to re-add them back to all the changed files. To use this you will need command line access to a standard UNIX type <strong>patch</strong> application. If you do not have access to such an application, but still want to use this update approach, we strongly recommend the <a href="#update_auto">Automatic update package</a> explained below. It is also the recommended update method.</p>
 
-	<p>A number of patch files are provided to allow you to update from previous stable releases. Select the correct patch, e.g. if your current version is <strong>3.0.11</strong>, you need the <code>phpBB-3.0.12-patch.zip/tar.bz2</code> file. Place the correct patch in the parent directory containing the phpBB core files (i.e. index.php, viewforum.php, etc.). With this done you should run the following command: <code>patch -cl -d [PHPBB DIRECTORY] -p1 &lt; [PATCH NAME]</code> (where PHPBB DIRECTORY is the directory name your phpBB Installation resides in, for example phpBB, and where PATCH NAME is the relevant filename of the selected patch file). This should complete quickly, hopefully without any HUNK FAILED comments.</p>
+	<p>A number of patch files are provided to allow you to update from previous stable releases. Select the correct patch, e.g. if your current version is <strong>3.0.13</strong>, you need the <code>phpBB-3.0.14-patch.zip/tar.bz2</code> file. Place the correct patch in the parent directory containing the phpBB core files (i.e. index.php, viewforum.php, etc.). With this done you should run the following command: <code>patch -cl -d [PHPBB DIRECTORY] -p1 &lt; [PATCH NAME]</code> (where PHPBB DIRECTORY is the directory name your phpBB Installation resides in, for example phpBB, and where PATCH NAME is the relevant filename of the selected patch file). This should complete quickly, hopefully without any HUNK FAILED comments.</p>
 
 	<p>If you do get failures, you should look at using the <a href="#update_files">Changed Files</a> package to replace the files which failed to patch. Please note that you will need to manually re-add any MODs to these particular files. Alternatively, if you know how, you can examine the .rej files to determine what failed where and make manual adjustments to the relevant source.</p>
 
@@ -298,7 +298,7 @@
 
 	<p>This update method is the recommended method for updating. This package detects changed files automatically and merges in changes if needed.</p>
 
-	<p>The automatic update package will update the board from a given version to the latest version. A number of automatic update files are available, and you should choose the one that corresponds to the version of the board that you are currently running. For example, if your current version is <strong>3.0.11</strong>, you need the <code>phpBB-3.0.11_to_3.0.12.zip/tar.bz2</code> file.</p>
+	<p>The automatic update package will update the board from a given version to the latest version. A number of automatic update files are available, and you should choose the one that corresponds to the version of the board that you are currently running. For example, if your current version is <strong>3.0.13</strong>, you need the <code>phpBB-3.0.13_to_3.0.14.zip/tar.bz2</code> file.</p>
 
 	<p>To perform the update, either follow the instructions from the <strong>Administration Control Panel-&gt;System</strong> Tab - this should point out that you are running an outdated version and will guide you through the update - or follow the instructions listed below.</p>
 

phpBB/download/file.php

@@ -509,16 +509,18 @@ function send_file_to_browser($attachment, $upload_dir, $category)
 		}
 	}
 
-	if ($size)
-	{
-		header("Content-Length: $size");
-	}
-
 	// Close the db connection before sending the file
 	$db->sql_close();
 
 	if (!set_modified_headers($attachment['filetime'], $user->browser))
 	{
+		// Send Content-Length only if set_modified_headers() does not send
+		// status 304 - Not Modified
+		if ($size)
+		{
+			header("Content-Length: $size");
+		}
+
 		// Try to deliver in chunks
 		@set_time_limit(0);
 

phpBB/feed.php

@@ -464,6 +464,9 @@ class phpbb_feed_base
 	*/
 	var $separator_stats = "\xE2\x80\x94"; // —
 
+	/** @var mixed Query result handle */
+	var $result;
+
 	/**
 	* Constructor
 	*/
@@ -617,10 +620,9 @@ class phpbb_feed_base
 
 	function get_item()
 	{
-		global $db, $cache;
-		static $result;
+		global $db;
 
-		if (!isset($result))
+		if (!isset($this->result))
 		{
 			if (!$this->get_sql())
 			{
@@ -629,10 +631,10 @@ class phpbb_feed_base
 
 			// Query database
 			$sql = $db->sql_build_query('SELECT', $this->sql);
-			$result = $db->sql_query_limit($sql, $this->num_items);
+			$this->result = $db->sql_query_limit($sql, $this->num_items);
 		}
 
-		return $db->sql_fetchrow($result);
+		return $db->sql_fetchrow($this->result);
 	}
 
 	function user_viewprofile($row)

phpBB/includes/acm/acm_memory.php

@@ -292,12 +292,24 @@ class acm_memory
 		// determine which tables this query belongs to
 		// Some queries use backticks, namely the get_database_size() query
 		// don't check for conformity, the SQL would error and not reach here.
-		if (!preg_match('/FROM \\(?(`?\\w+`?(?: \\w+)?(?:, ?`?\\w+`?(?: \\w+)?)*)\\)?/', $query, $regs))
+		if (!preg_match_all('/(?:FROM \\(?(`?\\w+`?(?: \\w+)?(?:, ?`?\\w+`?(?: \\w+)?)*)\\)?)|(?:JOIN (`?\\w+`?(?: \\w+)?))/', $query, $regs, PREG_SET_ORDER))
 		{
 			// Bail out if the match fails.
 			return;
 		}
-		$tables = array_map('trim', explode(',', $regs[1]));
+
+		$tables = array();
+		foreach ($regs as $match)
+		{
+			if ($match[0][0] == 'F')
+			{
+				$tables = array_merge($tables, array_map('trim', explode(',', $match[1])));
+			}
+			else
+			{
+				$tables[] = $match[2];
+			}
+		}
 
 		foreach ($tables as $table_name)
 		{

phpBB/includes/acp/acp_attachments.php

@@ -127,7 +127,7 @@ class acp_attachments
 						'img_create_thumbnail'		=> array('lang' => 'CREATE_THUMBNAIL',		'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
 						'img_max_thumb_width'		=> array('lang' => 'MAX_THUMB_WIDTH',		'validate' => 'int',	'type' => 'text:7:15', 'explain' => true, 'append' => ' ' . $user->lang['PIXEL']),
 						'img_min_thumb_filesize'	=> array('lang' => 'MIN_THUMB_FILESIZE',	'validate' => 'int',	'type' => 'text:7:15', 'explain' => true, 'append' => ' ' . $user->lang['BYTES']),
-						'img_imagick'				=> array('lang' => 'IMAGICK_PATH',			'validate' => 'string',	'type' => 'text:20:200', 'explain' => true, 'append' => '&nbsp;&nbsp;<span>[ <a href="' . $this->u_action . '&amp;action=imgmagick">' . $user->lang['SEARCH_IMAGICK'] . '</a> ]</span>'),
+						'img_imagick'				=> array('lang' => 'IMAGICK_PATH',			'validate' => 'absolute_path',	'type' => 'text:20:200', 'explain' => true, 'append' => '&nbsp;&nbsp;<span>[ <a href="' . $this->u_action . '&amp;action=imgmagick">' . $user->lang['SEARCH_IMAGICK'] . '</a> ]</span>'),
 						'img_max'					=> array('lang' => 'MAX_IMAGE_SIZE',		'validate' => 'int',	'type' => 'dimension:3:4', 'explain' => true, 'append' => ' ' . $user->lang['PIXEL']),
 						'img_link'					=> array('lang' => 'IMAGE_LINK_SIZE',		'validate' => 'int',	'type' => 'dimension:3:4', 'explain' => true, 'append' => ' ' . $user->lang['PIXEL']),
 					)

phpBB/includes/acp/acp_board.php

@@ -123,7 +123,7 @@ class acp_board
 						'avatar_filesize'		=> array('lang' => 'MAX_FILESIZE',			'validate' => 'int:0',	'type' => 'text:4:10', 'explain' => true, 'append' => ' ' . $user->lang['BYTES']),
 						'avatar_min'			=> array('lang' => 'MIN_AVATAR_SIZE',		'validate' => 'int:0',	'type' => 'dimension:3:4', 'explain' => true, 'append' => ' ' . $user->lang['PIXEL']),
 						'avatar_max'			=> array('lang' => 'MAX_AVATAR_SIZE',		'validate' => 'int:0',	'type' => 'dimension:3:4', 'explain' => true, 'append' => ' ' . $user->lang['PIXEL']),
-						'avatar_path'			=> array('lang' => 'AVATAR_STORAGE_PATH',	'validate' => 'rwpath',	'type' => 'text:20:255', 'explain' => true),
+						'avatar_path'			=> array('lang' => 'AVATAR_STORAGE_PATH',	'validate' => 'rpath',	'type' => 'text:20:255', 'explain' => true),
 						'avatar_gallery_path'	=> array('lang' => 'AVATAR_GALLERY_PATH',	'validate' => 'rpath',	'type' => 'text:20:255', 'explain' => true)
 					)
 				);

phpBB/includes/acp/acp_main.php

@@ -606,8 +606,8 @@ class acp_main
 				'S_MBSTRING_LOADED'						=> true,
 				'S_MBSTRING_FUNC_OVERLOAD_FAIL'			=> (intval(@ini_get('mbstring.func_overload')) & (MB_OVERLOAD_MAIL | MB_OVERLOAD_STRING)),
 				'S_MBSTRING_ENCODING_TRANSLATION_FAIL'	=> (@ini_get('mbstring.encoding_translation') != 0),
-				'S_MBSTRING_HTTP_INPUT_FAIL'			=> (@ini_get('mbstring.http_input') != 'pass'),
-				'S_MBSTRING_HTTP_OUTPUT_FAIL'			=> (@ini_get('mbstring.http_output') != 'pass'),
+				'S_MBSTRING_HTTP_INPUT_FAIL'			=> !in_array(@ini_get('mbstring.http_input'), array('pass', '')),
+				'S_MBSTRING_HTTP_OUTPUT_FAIL'			=> !in_array(@ini_get('mbstring.http_output'), array('pass', '')),
 			));
 		}
 

phpBB/includes/acp/acp_php_info.php

@@ -47,7 +47,7 @@ class acp_php_info
 		// for this was nabbed from the PHP annotated manual
 		preg_match_all('#<body[^>]*>(.*)</body>#si', $phpinfo, $output);
 
-		if (empty($phpinfo) || empty($output))
+		if (empty($phpinfo) || empty($output[1][0]))
 		{
 			trigger_error('NO_PHPINFO_AVAILABLE', E_USER_WARNING);
 		}

phpBB/includes/acp/acp_update.php

@@ -34,10 +34,7 @@ class acp_update
 		$this->page_title = 'ACP_VERSION_CHECK';
 
 		// Get current and latest version
-		$errstr = '';
-		$errno = 0;
-
-		$info = obtain_latest_version_info(request_var('versioncheck_force', false));
+		$info = htmlspecialchars(obtain_latest_version_info(request_var('versioncheck_force', false)));
 
 		if (empty($info))
 		{

phpBB/includes/acp/acp_users.php

@@ -172,8 +172,7 @@ class acp_users
 
 				if ($submit)
 				{
-					// You can't delete the founder
-					if ($delete && $user_row['user_type'] != USER_FOUNDER)
+					if ($delete)
 					{
 						if (!$auth->acl_get('a_userdel'))
 						{
@@ -186,6 +185,12 @@ class acp_users
 							trigger_error($user->lang['CANNOT_REMOVE_ANONYMOUS'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
 						}
 
+						// Founders can not be deleted.
+						if ($user_row['user_type'] == USER_FOUNDER)
+						{
+							trigger_error($user->lang['CANNOT_REMOVE_FOUNDER'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
+						}
+
 						if ($user_id == $user->data['user_id'])
 						{
 							trigger_error($user->lang['CANNOT_REMOVE_YOURSELF'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
@@ -1032,6 +1037,7 @@ class acp_users
 					'U_SHOW_IP'		=> $this->u_action . "&u=$user_id&ip=" . (($ip == 'ip') ? 'hostname' : 'ip'),
 					'U_WHOIS'		=> $this->u_action . "&action=whois&user_ip={$user_row['user_ip']}",
 					'U_MCP_QUEUE'	=> ($auth->acl_getf_global('m_approve')) ? append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=queue', true, $user->session_id) : '',
+					'U_SEARCH_USER'	=> ($config['load_search'] && $auth->acl_get('u_search')) ? append_sid("{$phpbb_root_path}search.$phpEx", "author_id={$user_row['user_id']}&sr=posts") : '',
 
 					'U_SWITCH_PERMISSIONS'	=> ($auth->acl_get('a_switchperm') && $user->data['user_id'] != $user_row['user_id']) ? append_sid("{$phpbb_root_path}ucp.$phpEx", "mode=switch_perm&u={$user_row['user_id']}&hash=" . generate_link_hash('switchperm')) : '',
 
@@ -2009,7 +2015,7 @@ class acp_users
 					WHERE a.poster_id = ' . $user_id . "
 						AND a.is_orphan = 0
 					ORDER BY $order_by";
-				$result = $db->sql_query_limit($sql, $config['posts_per_page'], $start);
+				$result = $db->sql_query_limit($sql, $config['topics_per_page'], $start);
 
 				while ($row = $db->sql_fetchrow($result))
 				{

phpBB/includes/auth/auth_ldap.php

@@ -282,7 +282,7 @@ function ldap_user_filter($username)
 {
 	global $config;
 
-	$filter = '(' . $config['ldap_uid'] . '=' . ldap_escape(htmlspecialchars_decode($username)) . ')';
+	$filter = '(' . $config['ldap_uid'] . '=' . phpbb_ldap_escape(htmlspecialchars_decode($username)) . ')';
 	if ($config['ldap_user_filter'])
 	{
 		$_filter = ($config['ldap_user_filter'][0] == '(' && substr($config['ldap_user_filter'], -1) == ')') ? $config['ldap_user_filter'] : "({$config['ldap_user_filter']})";
@@ -294,7 +294,7 @@ function ldap_user_filter($username)
 /**
 * Escapes an LDAP AttributeValue
 */
-function ldap_escape($string)
+function phpbb_ldap_escape($string)
 {
 	return str_replace(array('*', '\\', '(', ')'), array('\\*', '\\\\', '\\(', '\\)'), $string);
 }

phpBB/includes/bbcode.php

@@ -135,6 +135,11 @@ class bbcode
 			$this->template_bitfield = new bitfield($user->theme['bbcode_bitfield']);
 			$this->template_filename = $phpbb_root_path . 'styles/' . $user->theme['template_path'] . '/template/bbcode.html';
 
+			if (empty($user->theme['template_inherits_id']) && !empty($template->orig_tpl_inherits_id))
+			{
+				$user->theme['template_inherits_id'] = $template->orig_tpl_inherits_id;
+			}
+
 			if (!@file_exists($this->template_filename))
 			{
 				if (isset($user->theme['template_inherits_id']) && $user->theme['template_inherits_id'])

phpBB/includes/constants.php

@@ -25,7 +25,7 @@ if (!defined('IN_PHPBB'))
 */
 
 // phpBB Version
-define('PHPBB_VERSION', '3.0.13-dev');
+define('PHPBB_VERSION', '3.0.14');
 
 // QA-related
 // define('PHPBB_QA', 1);

phpBB/includes/db/db_tools.php

@@ -452,9 +452,6 @@ class phpbb_db_tools
 		// Determine if we have created a PRIMARY KEY in the earliest
 		$primary_key_gen = false;
 
-		// Determine if the table must be created with TEXTIMAGE
-		$create_textimage = false;
-
 		// Determine if the table requires a sequence
 		$create_sequence = false;
 
@@ -471,13 +468,22 @@ class phpbb_db_tools
 			break;
 		}
 
+		if ($this->sql_layer == 'mssql' || $this->sql_layer == 'mssqlnative')
+		{
+			if (!isset($table_data['PRIMARY_KEY']))
+			{
+				$table_data['COLUMNS']['mssqlindex'] = array('UINT', null, 'auto_increment');
+				$table_data['PRIMARY_KEY'] = 'mssqlindex';
+			}
+		}
+
 		// Iterate through the columns to create a table
 		foreach ($table_data['COLUMNS'] as $column_name => $column_data)
 		{
 			// here lies an array, filled with information compiled on the column's data
 			$prepared_column = $this->sql_prepare_column_data($table_name, $column_name, $column_data);
 
-			if (isset($prepared_column['auto_increment']) && strlen($column_name) > 26) // "${column_name}_gen"
+			if (isset($prepared_column['auto_increment']) && $prepared_column['auto_increment'] && strlen($column_name) > 26) // "${column_name}_gen"
 			{
 				trigger_error("Index name '${column_name}_gen' on table '$table_name' is too long. The maximum auto increment column length is 26 characters.", E_USER_ERROR);
 			}
@@ -501,12 +507,6 @@ class phpbb_db_tools
 				$primary_key_gen = isset($prepared_column['primary_key_set']) && $prepared_column['primary_key_set'];
 			}
 
-			// create textimage DDL based off of the existance of certain column types
-			if (!$create_textimage)
-			{
-				$create_textimage = isset($prepared_column['textimage']) && $prepared_column['textimage'];
-			}
-
 			// create sequence DDL based off of the existance of auto incrementing columns
 			if (!$create_sequence && isset($prepared_column['auto_increment']) && $prepared_column['auto_increment'])
 			{
@@ -521,13 +521,9 @@ class phpbb_db_tools
 		switch ($this->sql_layer)
 		{
 			case 'firebird':
-				$table_sql .= "\n);";
-				$statements[] = $table_sql;
-			break;
-
 			case 'mssql':
 			case 'mssqlnative':
-				$table_sql .= "\n) ON [PRIMARY]" . (($create_textimage) ? ' TEXTIMAGE_ON [PRIMARY]' : '');
+				$table_sql .= "\n);";
 				$statements[] = $table_sql;
 			break;
 		}
@@ -879,7 +875,7 @@ class phpbb_db_tools
 			}
 		}
 
-		// Add unqiue indexes?
+		// Add unique indexes?
 		if (!empty($schema_changes['add_unique_index']))
 		{
 			foreach ($schema_changes['add_unique_index'] as $table => $index_array)
@@ -1290,7 +1286,7 @@ class phpbb_db_tools
 	}
 
 	/**
-	* Check if a specified index exists in table. Does not return PRIMARY KEY and UNIQUE indexes.
+	* Check if a specified index exists in table. Does not return PRIMARY KEY indexes.
 	*
 	* @param string	$table_name		Table to check the index at
 	* @param string	$index_name		The index name to check
@@ -1819,22 +1815,49 @@ class phpbb_db_tools
 
 			case 'mssql':
 			case 'mssqlnative':
-				// remove default cosntraints first
-				// http://msdn.microsoft.com/en-us/library/aa175912%28v=sql.80%29.aspx
-				$statements[] = "DECLARE @drop_default_name VARCHAR(100), @cmd VARCHAR(1000)
-					SET @drop_default_name =
-						(SELECT so.name FROM sysobjects so
-						JOIN sysconstraints sc ON so.id = sc.constid
-						WHERE object_name(so.parent_obj) = '{$table_name}'
-							AND so.xtype = 'D'
-							AND sc.colid = (SELECT colid FROM syscolumns
-								WHERE id = object_id('{$table_name}')
-									AND name = '{$column_name}'))
-					IF @drop_default_name <> ''
-					BEGIN
-						SET @cmd = 'ALTER TABLE [{$table_name}] DROP CONSTRAINT [' + @drop_default_name + ']'
-						EXEC(@cmd)
-					END";
+				$sql = "SELECT CAST(SERVERPROPERTY('productversion') AS VARCHAR(25)) AS mssql_version";
+				$result = $this->db->sql_query($sql);
+				$row = $this->db->sql_fetchrow($result);
+				$this->db->sql_freeresult($result);
+
+				// Remove default constraints
+				if ($row['mssql_version'][0] == '8')	// SQL Server 2000
+				{
+					// http://msdn.microsoft.com/en-us/library/aa175912%28v=sql.80%29.aspx
+					// Deprecated in SQL Server 2005
+					$statements[] = "DECLARE @drop_default_name VARCHAR(100), @cmd VARCHAR(1000)
+						SET @drop_default_name =
+							(SELECT so.name FROM sysobjects so
+							JOIN sysconstraints sc ON so.id = sc.constid
+							WHERE object_name(so.parent_obj) = '{$table_name}'
+								AND so.xtype = 'D'
+								AND sc.colid = (SELECT colid FROM syscolumns
+									WHERE id = object_id('{$table_name}')
+										AND name = '{$column_name}'))
+						IF @drop_default_name <> ''
+						BEGIN
+							SET @cmd = 'ALTER TABLE [{$table_name}] DROP CONSTRAINT [' + @drop_default_name + ']'
+							EXEC(@cmd)
+						END";
+				}
+				else
+				{
+					$sql = "SELECT dobj.name AS def_name
+					FROM sys.columns col 
+						LEFT OUTER JOIN sys.objects dobj ON (dobj.object_id = col.default_object_id AND dobj.type = 'D')
+					WHERE col.object_id = object_id('{$table_name}') 
+					AND col.name = '{$column_name}'
+					AND dobj.name IS NOT NULL";
+					$result = $this->db->sql_query($sql);
+					$row = $this->db->sql_fetchrow($result);
+					$this->db->sql_freeresult($result);
+
+					if ($row)
+					{
+						$statements[] = 'ALTER TABLE [' . $table_name . '] DROP CONSTRAINT [' . $row['def_name'] . ']';
+					}
+				}
+
 				$statements[] = 'ALTER TABLE [' . $table_name . '] DROP COLUMN [' . $column_name . ']';
 			break;
 
@@ -2038,7 +2061,7 @@ class phpbb_db_tools
 				$sql = "ALTER TABLE [{$table_name}] WITH NOCHECK ADD ";
 				$sql .= "CONSTRAINT [PK_{$table_name}] PRIMARY KEY  CLUSTERED (";
 				$sql .= '[' . implode("],\n\t\t[", $column) . ']';
-				$sql .= ') ON [PRIMARY]';
+				$sql .= ')';
 
 				$statements[] = $sql;
 			break;
@@ -2136,7 +2159,7 @@ class phpbb_db_tools
 
 			case 'mssql':
 			case 'mssqlnative':
-				$statements[] = 'CREATE UNIQUE INDEX ' . $index_name . ' ON ' . $table_name . '(' . implode(', ', $column) . ') ON [PRIMARY]';
+				$statements[] = 'CREATE UNIQUE INDEX ' . $index_name . ' ON ' . $table_name . '(' . implode(', ', $column) . ')';
 			break;
 		}
 
@@ -2189,7 +2212,7 @@ class phpbb_db_tools
 
 			case 'mssql':
 			case 'mssqlnative':
-				$statements[] = 'CREATE INDEX ' . $index_name . ' ON ' . $table_name . '(' . implode(', ', $column) . ') ON [PRIMARY]';
+				$statements[] = 'CREATE INDEX ' . $index_name . ' ON ' . $table_name . '(' . implode(', ', $column) . ')';
 			break;
 		}
 
@@ -2321,23 +2344,48 @@ class phpbb_db_tools
 
 				if (!empty($column_data['default']))
 				{
+					$sql = "SELECT CAST(SERVERPROPERTY('productversion') AS VARCHAR(25)) AS mssql_version";
+					$result = $this->db->sql_query($sql);
+					$row = $this->db->sql_fetchrow($result);
+					$this->db->sql_freeresult($result);
+
 					// Using TRANSACT-SQL for this statement because we do not want to have colliding data if statements are executed at a later stage
-					$statements[] = "DECLARE @drop_default_name VARCHAR(100), @cmd VARCHAR(1000)
-						SET @drop_default_name =
-							(SELECT so.name FROM sysobjects so
-							JOIN sysconstraints sc ON so.id = sc.constid
-							WHERE object_name(so.parent_obj) = '{$table_name}'
-								AND so.xtype = 'D'
-								AND sc.colid = (SELECT colid FROM syscolumns
-									WHERE id = object_id('{$table_name}')
-										AND name = '{$column_name}'))
-						IF @drop_default_name <> ''
-						BEGIN
-							SET @cmd = 'ALTER TABLE [{$table_name}] DROP CONSTRAINT [' + @drop_default_name + ']'
-							EXEC(@cmd)
-						END
-						SET @cmd = 'ALTER TABLE [{$table_name}] ADD CONSTRAINT [DF_{$table_name}_{$column_name}_1] {$column_data['default']} FOR [{$column_name}]'
-						EXEC(@cmd)";
+					if ($row['mssql_version'][0] == '8')	// SQL Server 2000
+					{
+						$statements[] = "DECLARE @drop_default_name VARCHAR(100), @cmd VARCHAR(1000)
+							SET @drop_default_name =
+								(SELECT so.name FROM sysobjects so
+								JOIN sysconstraints sc ON so.id = sc.constid
+								WHERE object_name(so.parent_obj) = '{$table_name}'
+									AND so.xtype = 'D'
+									AND sc.colid = (SELECT colid FROM syscolumns
+										WHERE id = object_id('{$table_name}')
+											AND name = '{$column_name}'))
+							IF @drop_default_name <> ''
+							BEGIN
+								SET @cmd = 'ALTER TABLE [{$table_name}] DROP CONSTRAINT [' + @drop_default_name + ']'
+								EXEC(@cmd)
+							END
+							SET @cmd = 'ALTER TABLE [{$table_name}] ADD CONSTRAINT [DF_{$table_name}_{$column_name}_1] {$column_data['default']} FOR [{$column_name}]'
+							EXEC(@cmd)";
+					}
+					else
+					{
+						$statements[] = "DECLARE @drop_default_name VARCHAR(100), @cmd VARCHAR(1000)
+							SET @drop_default_name =
+								(SELECT dobj.name FROM sys.columns col 
+									LEFT OUTER JOIN sys.objects dobj ON (dobj.object_id = col.default_object_id AND dobj.type = 'D')
+								WHERE col.object_id = object_id('{$table_name}') 
+								AND col.name = '{$column_name}'
+								AND dobj.name IS NOT NULL)
+							IF @drop_default_name <> ''
+							BEGIN
+								SET @cmd = 'ALTER TABLE [{$table_name}] DROP CONSTRAINT [' + @drop_default_name + ']'
+								EXEC(@cmd)
+							END
+							SET @cmd = 'ALTER TABLE [{$table_name}] ADD CONSTRAINT [DF_{$table_name}_{$column_name}_1] {$column_data['default']} FOR [{$column_name}]'
+							EXEC(@cmd)";
+					}
 				}
 			break;
 

phpBB/includes/functions.php

@@ -2492,7 +2492,7 @@ function redirect($url, $return = false, $disable_cd_check = false)
 		// Attention: only able to redirect within the same domain if $disable_cd_check is false (yourdomain.com -> www.yourdomain.com will not work)
 		if (!$disable_cd_check && $url_parts['host'] !== $user->host)
 		{
-			$url = generate_board_url();
+			trigger_error('Tried to redirect to potentially insecure url.', E_USER_ERROR);
 		}
 	}
 	else if ($url[0] == '/')
@@ -2579,6 +2579,12 @@ function redirect($url, $return = false, $disable_cd_check = false)
 		}
 	}
 
+	// Make sure we don't redirect to external URLs
+	if (!$disable_cd_check && strpos($url, generate_board_url(true) . '/') !== 0)
+	{
+		trigger_error('Tried to redirect to potentially insecure url.', E_USER_ERROR);
+	}
+
 	// Make sure no linebreaks are there... to prevent http response splitting for PHP < 4.4.2
 	if (strpos(urldecode($url), "\n") !== false || strpos(urldecode($url), "\r") !== false || strpos($url, ';') !== false)
 	{
@@ -2782,7 +2788,7 @@ function send_status_line($code, $message)
 	}
 	else
 	{
-		if (!empty($_SERVER['SERVER_PROTOCOL']))
+		if (!empty($_SERVER['SERVER_PROTOCOL']) && is_string($_SERVER['SERVER_PROTOCOL']) && preg_match('#^HTTP/[0-9]\.[0-9]$#', $_SERVER['SERVER_PROTOCOL']))
 		{
 			$version = $_SERVER['SERVER_PROTOCOL'];
 		}
@@ -3367,7 +3373,7 @@ function parse_cfg_file($filename, $lines = false)
 		}
 
 		// Determine first occurrence, since in values the equal sign is allowed
-		$key = strtolower(trim(substr($line, 0, $delim_pos)));
+		$key = htmlspecialchars(strtolower(trim(substr($line, 0, $delim_pos))));
 		$value = trim(substr($line, $delim_pos + 1));
 
 		if (in_array($value, array('off', 'false', '0')))
@@ -3384,7 +3390,11 @@ function parse_cfg_file($filename, $lines = false)
 		}
 		else if (($value[0] == "'" && $value[sizeof($value) - 1] == "'") || ($value[0] == '"' && $value[sizeof($value) - 1] == '"'))
 		{
-			$value = substr($value, 1, sizeof($value)-2);
+			$value = htmlspecialchars(substr($value, 1, sizeof($value)-2));
+		}
+		else
+		{
+			$value = htmlspecialchars($value);
 		}
 
 		$parsed_items[$key] = $value;

phpBB/includes/functions_admin.php

@@ -3057,8 +3057,24 @@ function get_database_size()
 		case 'mssql':
 		case 'mssql_odbc':
 		case 'mssqlnative':
+			$sql = 'SELECT @@VERSION AS mssql_version';
+			$result = $db->sql_query($sql);
+			$row = $db->sql_fetchrow($result);
+			$db->sql_freeresult($result);
+			
 			$sql = 'SELECT ((SUM(size) * 8.0) * 1024.0) as dbsize
 				FROM sysfiles';
+
+			if ($row)
+			{
+				// Azure stats are stored elsewhere
+				if (strpos($row['mssql_version'], 'SQL Azure') !== false)
+				{
+					$sql = 'SELECT ((SUM(reserved_page_count) * 8.0) * 1024.0) as dbsize 
+					FROM sys.dm_db_partition_stats';
+				}
+			}
+
 			$result = $db->sql_query($sql, 7200);
 			$database_size = ($row = $db->sql_fetchrow($result)) ? $row['dbsize'] : false;
 			$db->sql_freeresult($result);

phpBB/includes/functions_content.php

@@ -21,6 +21,7 @@ if (!defined('IN_PHPBB'))
 * make_jumpbox()
 * bump_topic_allowed()
 * get_context()
+* phpbb_clean_search_string()
 * decode_message()
 * strip_bbcode()
 * generate_text_for_display()
@@ -360,6 +361,23 @@ function get_context($text, $words, $length = 400)
 	}
 }
 
+/**
+* Cleans a search string by removing single wildcards from it and replacing multiple spaces with a single one.
+*
+* @param string $search_string The full search string which should be cleaned.
+*
+* @return string The cleaned search string without any wildcards and multiple spaces.
+*/
+function phpbb_clean_search_string($search_string)
+{
+	// This regular expressions matches every single wildcard.
+	// That means one after a whitespace or the beginning of the string or one before a whitespace or the end of the string.
+	$search_string = preg_replace('#(?<=^|\s)\*+(?=\s|$)#', '', $search_string);
+	$search_string = trim($search_string);
+	$search_string = preg_replace(array('#\s+#u', '#\*+#u'), array(' ', '*'), $search_string);
+	return $search_string;
+}
+
 /**
 * Decode text whereby text is coming from the db and expected to be pre-parsed content
 * We are placing this outside of the message parser because we are often in need of it...

phpBB/includes/functions_install.php

@@ -309,7 +309,7 @@ function connect_check_db($error_connect, &$error, $dbms_details, $table_prefix,
 	if (is_array($db->sql_connect($dbhost, $dbuser, $dbpasswd, $dbname, $dbport, false, true)))
 	{
 		$db_error = $db->sql_error();
-		$error[] = $lang['INST_ERR_DB_CONNECT'] . '<br />' . (($db_error['message']) ? $db_error['message'] : $lang['INST_ERR_DB_NO_ERROR']);
+		$error[] = $lang['INST_ERR_DB_CONNECT'] . '<br />' . (($db_error['message']) ? utf8_convert_message($db_error['message']) : $lang['INST_ERR_DB_NO_ERROR']);
 	}
 	else
 	{

phpBB/includes/functions_module.php

@@ -436,21 +436,21 @@ class p_master
 
 		if ($this->active_module === false)
 		{
-			trigger_error('Module not accessible', E_USER_ERROR);
+			trigger_error('MODULE_NOT_ACCESS', E_USER_ERROR);
 		}
 
 		if (!class_exists("{$this->p_class}_$this->p_name"))
 		{
 			if (!file_exists("$module_path/{$this->p_class}_$this->p_name.$phpEx"))
 			{
-				trigger_error("Cannot find module $module_path/{$this->p_class}_$this->p_name.$phpEx", E_USER_ERROR);
+				trigger_error($user->lang('MODULE_NOT_FIND', "$module_path/{$this->p_class}_$this->p_name.$phpEx"), E_USER_ERROR);
 			}
 
 			include("$module_path/{$this->p_class}_$this->p_name.$phpEx");
 
 			if (!class_exists("{$this->p_class}_$this->p_name"))
 			{
-				trigger_error("Module file $module_path/{$this->p_class}_$this->p_name.$phpEx does not contain correct class [{$this->p_class}_$this->p_name]", E_USER_ERROR);
+				trigger_error($user->lang('MODULE_FILE_INCORRECT_CLASS', "$module_path/{$this->p_class}_$this->p_name.$phpEx", "{$this->p_class}_$this->p_name"), E_USER_ERROR);
 			}
 
 			if (!empty($mode))

phpBB/includes/functions_posting.php

@@ -394,6 +394,10 @@ function upload_attachment($form_name, $forum_id, $local = false, $local_storage
 	{
 		$upload->set_disallowed_content(explode('|', $config['mime_triggers']));
 	}
+	else if (!$config['check_attachment_content'])
+	{
+		$upload->set_disallowed_content(array());
+	}
 
 	if (!$local)
 	{

phpBB/includes/functions_privmsgs.php

@@ -208,7 +208,7 @@ function get_folder($user_id, $folder_id = false)
 		);
 	}
 
-	if ($folder_id !== false && !isset($folder[$folder_id]))
+	if ($folder_id !== false && $folder_id !== PRIVMSGS_HOLD_BOX && !isset($folder[$folder_id]))
 	{
 		trigger_error('UNKNOWN_FOLDER');
 	}

phpBB/includes/functions_profile_fields.php

@@ -532,7 +532,7 @@ class custom_profile
 		switch ($this->profile_types[$field_type])
 		{
 			case 'int':
-				if ($value === '' && !$ident_ary['data']['field_show_novalue'])
+				if (($value === '' || $value === null) && !$ident_ary['data']['field_show_novalue'])
 				{
 					return NULL;
 				}

phpBB/includes/functions_upload.php

@@ -466,6 +466,9 @@ class fileupload
 	var $max_height = 0;
 	var $error_prefix = '';
 
+	/** @var int Timeout for remote upload */
+	var $upload_timeout = 6;
+
 	/**
 	* Init file upload class.
 	*
@@ -795,13 +798,28 @@ class fileupload
 		fputs($fsock, "HOST: " . $host . "\r\n");
 		fputs($fsock, "Connection: close\r\n\r\n");
 
+		// Set a proper timeout for the socket
+		socket_set_timeout($fsock, $this->upload_timeout);
+
 		$get_info = false;
 		$data = '';
-		while (!@feof($fsock))
+		$length = false;
+		$timer_stop = time() + $this->upload_timeout;
+
+		while ((!$length || $filesize < $length) && !@feof($fsock))
 		{
 			if ($get_info)
 			{
-				$block = @fread($fsock, 1024);
+				if ($length)
+				{
+					// Don't attempt to read past end of file if server indicated length
+					$block = @fread($fsock, min($length - $filesize, 1024));
+				}
+				else
+				{
+					$block = @fread($fsock, 1024);
+				}
+
 				$filesize += strlen($block);
 
 				if ($remote_max_filesize && $filesize > $remote_max_filesize)
@@ -847,6 +865,15 @@ class fileupload
 					}
 				}
 			}
+
+			$stream_meta_data = stream_get_meta_data($fsock);
+
+			// Cancel upload if we exceed timeout
+			if (!empty($stream_meta_data['timed_out']) || time() >= $timer_stop)
+			{
+				$file = new fileerror($user->lang[$this->error_prefix . 'REMOTE_UPLOAD_TIMEOUT']);
+				return $file;
+			}
 		}
 		@fclose($fsock);
 

phpBB/includes/functions_user.php

@@ -329,11 +329,16 @@ function user_add($user_row, $cp_data = false)
 }
 
 /**
-* Remove User
-*/
+ * Remove User
+ *
+ * @param string	$mode		'retain' or 'remove'
+ * @param int		$user_id
+ * @param mixed		$post_username
+ * @return bool
+ */
 function user_delete($mode, $user_id, $post_username = false)
 {
-	global $cache, $config, $db, $user, $auth;
+	global $cache, $config, $db, $user;
 	global $phpbb_root_path, $phpEx;
 
 	$sql = 'SELECT *
@@ -439,11 +444,6 @@ function user_delete($mode, $user_id, $post_username = false)
 					WHERE poster_id = $user_id";
 				$db->sql_query($sql);
 
-				$sql = 'UPDATE ' . POSTS_TABLE . '
-					SET post_edit_user = ' . ANONYMOUS . "
-					WHERE post_edit_user = $user_id";
-				$db->sql_query($sql);
-
 				$sql = 'UPDATE ' . TOPICS_TABLE . '
 					SET topic_poster = ' . ANONYMOUS . ", topic_first_poster_name = '" . $db->sql_escape($post_username) . "', topic_first_poster_colour = ''
 					WHERE topic_poster = $user_id";
@@ -501,6 +501,18 @@ function user_delete($mode, $user_id, $post_username = false)
 
 	$cache->destroy('sql', MODERATOR_CACHE_TABLE);
 
+	// Change user_id to anonymous for posts edited by this user
+	$sql = 'UPDATE ' . POSTS_TABLE . '
+		SET post_edit_user = ' . ANONYMOUS . '
+		WHERE post_edit_user = ' . $user_id;
+	$db->sql_query($sql);
+
+	// Change user_id to anonymous for pms edited by this user
+	$sql = 'UPDATE ' . PRIVMSGS_TABLE . '
+		SET message_edit_user = ' . ANONYMOUS . '
+		WHERE message_edit_user = ' . $user_id;
+	$db->sql_query($sql);
+
 	// Delete user log entries about this user
 	$sql = 'DELETE FROM ' . LOG_TABLE . '
 		WHERE reportee_id = ' . $user_id;

phpBB/includes/mcp/info/mcp_pm_reports.php

@@ -20,7 +20,7 @@ class mcp_pm_reports_info
 			'title'		=> 'MCP_PM_REPORTS',
 			'version'	=> '1.0.0',
 			'modes'		=> array(
-				'pm_reports'			=> array('title' => 'MCP_PM_REPORTS_OPEN', 'auth' => 'aclf_m_report', 'cat' => array('MCP_REPORTS')),
+				'pm_reports'		=> array('title' => 'MCP_PM_REPORTS_OPEN', 'auth' => 'aclf_m_report', 'cat' => array('MCP_REPORTS')),
 				'pm_reports_closed'	=> array('title' => 'MCP_PM_REPORTS_CLOSED', 'auth' => 'aclf_m_report', 'cat' => array('MCP_REPORTS')),
 				'pm_report_details'	=> array('title' => 'MCP_PM_REPORT_DETAILS', 'auth' => 'aclf_m_report', 'cat' => array('MCP_REPORTS')),
 			),

phpBB/includes/mcp/mcp_post.php

@@ -157,6 +157,7 @@ function mcp_post_details($id, $mode, $action)
 
 		if (sizeof($attachments))
 		{
+			$user->add_lang('viewtopic');
 			$update_count = array();
 			parse_attachments($post_info['forum_id'], $message, $attachments, $update_count);
 		}

phpBB/includes/mcp/mcp_queue.php

@@ -660,15 +660,17 @@ function approve_post($post_id_list, $id, $mode)
 
 		foreach ($post_info as $post_id => $post_data)
 		{
+			$username = ($post_data['post_username']) ? $post_data['post_username'] : $post_data['username'];
+
 			if ($post_id == $post_data['topic_first_post_id'] && $post_id == $post_data['topic_last_post_id'])
 			{
 				// Forum Notifications
-				user_notification('post', $post_data['topic_title'], $post_data['topic_title'], $post_data['forum_name'], $post_data['forum_id'], $post_data['topic_id'], $post_id);
+				user_notification('post', $post_data['topic_title'], $post_data['topic_title'], $post_data['forum_name'], $post_data['forum_id'], $post_data['topic_id'], $post_id, $username);
 			}
 			else
 			{
 				// Topic Notifications
-				user_notification('reply', $post_data['post_subject'], $post_data['topic_title'], $post_data['forum_name'], $post_data['forum_id'], $post_data['topic_id'], $post_id);
+				user_notification('reply', $post_data['post_subject'], $post_data['topic_title'], $post_data['forum_name'], $post_data['forum_id'], $post_data['topic_id'], $post_id, $username);
 			}
 		}
 

phpBB/includes/search/fulltext_native.php

@@ -204,7 +204,7 @@ class fulltext_native extends search_backend
 		$this->search_query = $keywords;
 
 		$exact_words = array();
-		preg_match_all('#([^\\s+\\-|*()]+)(?:$|[\\s+\\-|()])#u', $keywords, $exact_words);
+		preg_match_all('#([^\\s+\\-|()]+)(?:$|[\\s+\\-|()])#u', $keywords, $exact_words);
 		$exact_words = $exact_words[1];
 
 		$common_ids = $words = array();
@@ -231,7 +231,12 @@ class fulltext_native extends search_backend
 			}
 			$db->sql_freeresult($result);
 		}
-		unset($exact_words);
+
+		// Handle +, - without preceeding whitespace character
+		$match		= array('#(\S)\+#', '#(\S)-#');
+		$replace	= array('$1 +', '$1 +');
+
+		$keywords = preg_replace($match, $replace, $keywords);
 
 		// now analyse the search query, first split it using the spaces
 		$query = explode(' ', $keywords);
@@ -357,39 +362,21 @@ class fulltext_native extends search_backend
 					$this->{$mode . '_ids'}[] = $words[$word];
 				}
 			}
-			// throw an error if we shall not ignore unexistant words
-			else if (!$ignore_no_id)
+			else
 			{
 				if (!isset($common_ids[$word]))
 				{
 					$len = utf8_strlen($word);
-					if ($len >= $this->word_length['min'] && $len <= $this->word_length['max'])
-					{
-						trigger_error(sprintf($user->lang['WORD_IN_NO_POST'], $word));
-					}
-					else
+					if ($len < $this->word_length['min'] || $len > $this->word_length['max'])
 					{
 						$this->common_words[] = $word;
 					}
 				}
 			}
-			else
-			{
-				$len = utf8_strlen($word);
-				if ($len < $this->word_length['min'] || $len > $this->word_length['max'])
-				{
-					$this->common_words[] = $word;
-				}
-			}
 		}
 
-		// we can't search for negatives only
-		if (!sizeof($this->must_contain_ids))
-		{
-			return false;
-		}
-
-		if (!empty($this->search_query))
+		// Return true if all words are not common words
+		if (sizeof($exact_words) - sizeof($this->common_words) > 0)
 		{
 			return true;
 		}
@@ -428,6 +415,12 @@ class fulltext_native extends search_backend
 			return false;
 		}
 
+		// we can't search for negatives only
+		if (empty($this->must_contain_ids))
+		{
+			return false;
+		}
+
 		$must_contain_ids = $this->must_contain_ids;
 		$must_not_contain_ids = $this->must_not_contain_ids;
 		$must_exclude_one_ids = $this->must_exclude_one_ids;

phpBB/includes/session.php

@@ -121,6 +121,8 @@ class session
 		$script_path .= (substr($script_path, -1, 1) == '/') ? '' : '/';
 		$root_script_path .= (substr($root_script_path, -1, 1) == '/') ? '' : '/';
 
+		$forum_id = (isset($_REQUEST['f']) && $_REQUEST['f'] > 0 && $_REQUEST['f'] < 16777215) ? (int) $_REQUEST['f'] : 0;
+
 		$page_array += array(
 			'page_name'			=> $page_name,
 			'page_dir'			=> $page_dir,
@@ -130,7 +132,7 @@ class session
 			'root_script_path'	=> str_replace(' ', '%20', htmlspecialchars($root_script_path)),
 
 			'page'				=> $page,
-			'forum'				=> (isset($_REQUEST['f']) && $_REQUEST['f'] > 0) ? (int) $_REQUEST['f'] : 0,
+			'forum'				=> $forum_id,
 		);
 
 		return $page_array;
@@ -556,7 +558,12 @@ class session
 		$method = 'autologin_' . $method;
 		if (function_exists($method))
 		{
-			$this->data = $method();
+			$user_data = $method();
+
+			if ($user_id === false || (isset($user_data['user_id']) && $user_id == $user_data['user_id']))
+			{
+				$this->data = $user_data;
+			}
 
 			if (sizeof($this->data))
 			{
@@ -576,11 +583,18 @@ class session
 					AND k.user_id = u.user_id
 					AND k.key_id = '" . $db->sql_escape(md5($this->cookie_data['k'])) . "'";
 			$result = $db->sql_query($sql);
-			$this->data = $db->sql_fetchrow($result);
+			$user_data = $db->sql_fetchrow($result);
+
+			if ($user_id === false || (isset($user_data['user_id']) && $user_id == $user_data['user_id']))
+			{
+				$this->data = $user_data;
+				$bot = false;
+			}
+
 			$db->sql_freeresult($result);
-			$bot = false;
 		}
-		else if ($user_id !== false && !sizeof($this->data))
+
+		if ($user_id !== false && !sizeof($this->data))
 		{
 			$this->cookie_data['k'] = '';
 			$this->cookie_data['u'] = $user_id;
@@ -1037,7 +1051,7 @@ class session
 
 		$name_data = rawurlencode($config['cookie_name'] . '_' . $name) . '=' . rawurlencode($cookiedata);
 		$expire = gmdate('D, d-M-Y H:i:s \\G\\M\\T', $cookietime);
-		$domain = (!$config['cookie_domain'] || $config['cookie_domain'] == 'localhost' || $config['cookie_domain'] == '127.0.0.1') ? '' : '; domain=' . $config['cookie_domain'];
+		$domain = (!$config['cookie_domain'] || $config['cookie_domain'] == '127.0.0.1' || strpos($config['cookie_domain'], '.') === false) ? '' : '; domain=' . $config['cookie_domain'];
 
 		header('Set-Cookie: ' . $name_data . (($cookietime) ? '; expires=' . $expire : '') . '; path=' . $config['cookie_path'] . $domain . ((!$config['cookie_secure']) ? '' : '; secure') . '; HttpOnly', false);
 	}

phpBB/includes/startup.php

@@ -80,31 +80,13 @@ function deregister_globals()
 	{
 		if (isset($not_unset[$varname]))
 		{
-			// Hacking attempt. No point in continuing unless it's a COOKIE (so a cookie called GLOBALS doesn't lock users out completely)
-			if ($varname !== 'GLOBALS' || isset($_GET['GLOBALS']) || isset($_POST['GLOBALS']) || isset($_SERVER['GLOBALS']) || isset($_SESSION['GLOBALS']) || isset($_ENV['GLOBALS']) || isset($_FILES['GLOBALS']))
+			// Hacking attempt. No point in continuing.
+			if (isset($_COOKIE[$varname]))
 			{
-				exit;
-			}
-			else
-			{
-				$cookie = &$_COOKIE;
-				while (isset($cookie['GLOBALS']))
-				{
-					if (!is_array($cookie['GLOBALS']))
-					{
-						break;
-					}
-
-					foreach ($cookie['GLOBALS'] as $registered_var => $value)
-					{
-						if (!isset($not_unset[$registered_var]))
-						{
-							unset($GLOBALS[$registered_var]);
-						}
-					}
-					$cookie = &$cookie['GLOBALS'];
-				}
+				echo "Clear your cookies. ";
 			}
+			echo "Malicious variable name detected. Contact the administrator and ask them to disable register_globals.";
+			exit;
 		}
 
 		unset($GLOBALS[$varname]);
@@ -113,6 +95,54 @@ function deregister_globals()
 	unset($input);
 }
 
+/**
+ * Check if requested page uses a trailing path
+ *
+ * @param string $phpEx PHP extension
+ *
+ * @return bool True if trailing path is used, false if not
+ */
+function phpbb_has_trailing_path($phpEx)
+{
+	// Check if path_info is being used
+	if (!empty($_SERVER['PATH_INFO']) || (!empty($_SERVER['ORIG_PATH_INFO']) && $_SERVER['SCRIPT_NAME'] != $_SERVER['ORIG_PATH_INFO']))
+	{
+		return true;
+	}
+
+	// Match any trailing path appended to a php script in the REQUEST_URI.
+	// It is assumed that only actual PHP scripts use names like foo.php. Due
+	// to this, any phpBB board inside a directory that has the php extension
+	// appended to its name will stop working, i.e. if the board is at
+	// example.com/phpBB/test.php/ or example.com/test.php/
+	if (preg_match('#^[^?]+\.' . preg_quote($phpEx, '#') . '/#', $_SERVER['REQUEST_URI']))
+	{
+		return true;
+	}
+
+	return false;
+}
+
+// Check if trailing path is used
+if (phpbb_has_trailing_path($phpEx))
+{
+	if (substr(strtolower(@php_sapi_name()), 0, 3) === 'cgi')
+	{
+		$prefix = 'Status:';
+	}
+	else if (!empty($_SERVER['SERVER_PROTOCOL']) && is_string($_SERVER['SERVER_PROTOCOL']) && preg_match('#^HTTP/[0-9]\.[0-9]$#', $_SERVER['SERVER_PROTOCOL']))
+	{
+		$prefix = $_SERVER['SERVER_PROTOCOL'];
+	}
+	else
+	{
+		$prefix = 'HTTP/1.0';
+	}
+	header("$prefix 404 Not Found", true, 404);
+	echo 'Trailing paths and PATH_INFO is not supported by phpBB 3.0';
+	exit;
+}
+
 // Register globals and magic quotes have been dropped in PHP 5.4
 if (version_compare(PHP_VERSION, '5.4.0-dev', '>='))
 {

phpBB/includes/ucp/ucp_pm_options.php

@@ -29,7 +29,11 @@ function message_options($id, $mode, $global_privmsgs_rules, $global_rule_condit
 	// Change "full folder" setting - what to do if folder is full
 	if (isset($_POST['fullfolder']))
 	{
-		check_form_key('ucp_pm_options', $config['form_token_lifetime'], $redirect_url);
+		if (!check_form_key('ucp_pm_options'))
+		{
+			trigger_error('FORM_INVALID');
+		}
+
 		$full_action = request_var('full_action', 0);
 
 		$set_folder_id = 0;

phpBB/install/convertors/convert_phpbb20.php

@@ -32,7 +32,7 @@ unset($dbpasswd);
 $convertor_data = array(
 	'forum_name'	=> 'phpBB 2.0.x',
 	'version'		=> '1.0.3',
-	'phpbb_version'	=> '3.0.12',
+	'phpbb_version'	=> '3.0.14',
 	'author'		=> '<a href="https://www.phpbb.com/">phpBB Group</a>',
 	'dbms'			=> $dbms,
 	'dbhost'		=> $dbhost,

phpBB/install/database_update.php

@@ -8,7 +8,7 @@
 *
 */
 
-define('UPDATES_TO_VERSION', '3.0.13-dev');
+define('UPDATES_TO_VERSION', '3.0.14');
 
 // Enter any version to update from to test updates. The version within the db will not be updated.
 define('DEBUG_FROM_VERSION', false);
@@ -949,7 +949,7 @@ function database_update_info()
 						// this column was removed from the database updater
 						// after 3.0.9-RC3 was released. It might still exist
 						// in 3.0.9-RCX installations and has to be dropped in
-						// 3.0.13 after the db_tools class is capable of properly
+						// 3.0.15 after the db_tools class is capable of properly
 						// removing a primary key.
 						// 'attempt_id'			=> array('UINT', NULL, 'auto_increment'),
 						'attempt_ip'			=> array('VCHAR:40', ''),
@@ -1011,8 +1011,18 @@ function database_update_info()
 		'3.0.12-RC2'	=> array(),
 		// No changes from 3.0.12-RC3 to 3.0.12
 		'3.0.12-RC3'	=> array(),
+		// No changes from 3.0.12 to 3.0.13-RC1
+		'3.0.12'		=> array(),
+		// No changes from 3.0.13-RC1 to 3.0.13
+		'3.0.13-RC1'	=> array(),
+		// No changes from 3.0.13 to 3.0.13-PL1
+		'3.0.13'		=> array(),
+		// No changes from 3.0.13-PL1 to 3.0.14-RC1
+		'3.0.13-PL1'	=> array(),
+		// No changes from 3.0.14-RC1 to 3.0.14
+		'3.0.14-RC1'	=> array(),
 
-		/** @todo DROP LOGIN_ATTEMPT_TABLE.attempt_id in 3.0.13-RC1 */
+		/** @todo DROP LOGIN_ATTEMPT_TABLE.attempt_id in 3.0.15-RC1 */
 	);
 }
 
@@ -2254,6 +2264,26 @@ function change_database_data(&$no_updates, $version)
 		// No changes from 3.0.12-RC3 to 3.0.12
 		case '3.0.12-RC3':
 		break;
+
+		// No changes from 3.0.12 to 3.0.13-RC1
+		case '3.0.12':
+		break;
+
+		// No changes from 3.0.13-RC1 to 3.0.13
+		case '3.0.13-RC1':
+		break;
+
+		// No changes from 3.0.13 to 3.0.13-PL1
+		case '3.0.13':
+		break;
+
+		// No changes from 3.0.13-PL1 to 3.0.14-RC1
+		case '3.0.13-PL1':
+		break;
+
+		// No changes from 3.0.14-RC1 to 3.0.14
+		case '3.0.14-RC1':
+		break;
 	}
 }
 

phpBB/install/index.php

@@ -641,8 +641,9 @@ class module
 			case 'password':
 				$size = (int) $tpl_type[1];
 				$maxlength = (int) $tpl_type[2];
+				$autocomplete = (isset($options['autocomplete']) && $options['autocomplete'] == 'off') ? ' autocomplete="off"' : '';
 
-				$tpl = '<input id="' . $name . '" type="' . $tpl_type[0] . '"' . (($size) ? ' size="' . $size . '"' : '') . ' maxlength="' . (($maxlength) ? $maxlength : 255) . '" name="' . $name . '" value="' . $value . '" />';
+				$tpl = '<input id="' . $name . '" type="' . $tpl_type[0] . '"' . (($size) ? ' size="' . $size . '"' : '') . ' maxlength="' . (($maxlength) ? $maxlength : 255) . '" name="' . $name . '"' . $autocomplete . ' value="' . $value . '" />';
 			break;
 
 			case 'textarea':

phpBB/install/install_convert.php

@@ -417,7 +417,7 @@ class install_convert extends module
 
 			if (!isset($available_dbms[$src_dbms]) || !$available_dbms[$src_dbms]['AVAILABLE'])
 			{
-				$error['db'][] = $lang['INST_ERR_NO_DB'];
+				$error[] = $lang['INST_ERR_NO_DB'];
 				$connect_test = false;
 			}
 			else

phpBB/install/install_install.php

@@ -273,8 +273,8 @@ class install_install extends module
 			$checks = array(
 				array('func_overload', '&', MB_OVERLOAD_MAIL|MB_OVERLOAD_STRING),
 				array('encoding_translation', '!=', 0),
-				array('http_input', '!=', 'pass'),
-				array('http_output', '!=', 'pass')
+				array('http_input', '!=', array('pass', '')),
+				array('http_output', '!=', array('pass', ''))
 			);
 
 			foreach ($checks as $mb_checks)
@@ -295,7 +295,8 @@ class install_install extends module
 					break;
 
 					case '!=':
-						if ($ini_val != $mb_checks[2])
+						if (!is_array($mb_checks[2]) && $ini_val != $mb_checks[2] ||
+							is_array($mb_checks[2]) && !in_array($ini_val, $mb_checks[2]))
 						{
 							$result = '<strong style="color:red">' . $lang['NO'] . '</strong>';
 							$passed['mbstring'] = false;
@@ -1624,6 +1625,45 @@ class install_install extends module
 				$_module->move_module_by($row, 'move_up', 5);
 			}
 
+			if ($module_class == 'mcp')
+			{
+				// Move pm report details module 3 down...
+				$sql = 'SELECT *
+					FROM ' . MODULES_TABLE . "
+					WHERE module_basename = 'pm_reports'
+						AND module_class = 'mcp'
+						AND module_mode = 'pm_report_details'";
+				$result = $db->sql_query($sql);
+				$row = $db->sql_fetchrow($result);
+				$db->sql_freeresult($result);
+
+				$_module->move_module_by($row, 'move_down', 3);
+
+				// Move closed pm reports module 3 down...
+				$sql = 'SELECT *
+					FROM ' . MODULES_TABLE . "
+					WHERE module_basename = 'pm_reports'
+						AND module_class = 'mcp'
+						AND module_mode = 'pm_reports_closed'";
+				$result = $db->sql_query($sql);
+				$row = $db->sql_fetchrow($result);
+				$db->sql_freeresult($result);
+
+				$_module->move_module_by($row, 'move_down', 3);
+
+				// Move open pm reports module 3 down...
+				$sql = 'SELECT *
+					FROM ' . MODULES_TABLE . "
+					WHERE module_basename = 'pm_reports'
+						AND module_class = 'mcp'
+						AND module_mode = 'pm_reports'";
+				$result = $db->sql_query($sql);
+				$row = $db->sql_fetchrow($result);
+				$db->sql_freeresult($result);
+
+				$_module->move_module_by($row, 'move_down', 3);
+			}
+
 			if ($module_class == 'ucp')
 			{
 				// Move attachment module 4 down...
@@ -2045,8 +2085,8 @@ class install_install extends module
 		'smtp_delivery'			=> array('lang' => 'USE_SMTP',			'type' => 'radio:yes_no', 'explain' => true),
 		'smtp_host'				=> array('lang' => 'SMTP_SERVER',		'type' => 'text:25:50', 'explain' => false),
 		'smtp_auth'				=> array('lang' => 'SMTP_AUTH_METHOD',	'type' => 'select', 'options' => '$this->module->mail_auth_select(\'{VALUE}\')', 'explain' => true),
-		'smtp_user'				=> array('lang' => 'SMTP_USERNAME',		'type' => 'text:25:255', 'explain' => true),
-		'smtp_pass'				=> array('lang' => 'SMTP_PASSWORD',		'type' => 'password:25:255', 'explain' => true),
+		'smtp_user'				=> array('lang' => 'SMTP_USERNAME',		'type' => 'text:25:255', 'explain' => true, 'options' => array('autocomplete' => 'off')),
+		'smtp_pass'				=> array('lang' => 'SMTP_PASSWORD',		'type' => 'password:25:255', 'explain' => true, 'options' => array('autocomplete' => 'off')),
 
 		'legend2'				=> 'SERVER_URL_SETTINGS',
 		'cookie_secure'			=> array('lang' => 'COOKIE_SECURE',		'type' => 'radio:enabled_disabled', 'explain' => true),

phpBB/install/schemas/schema_data.sql

@@ -246,7 +246,7 @@ INSERT INTO phpbb_config (config_name, config_value) VALUES ('topics_per_page',
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('tpl_allow_php', '0');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('upload_icons_path', 'images/upload_icons');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('upload_path', 'files');
-INSERT INTO phpbb_config (config_name, config_value) VALUES ('version', '3.0.13-dev');
+INSERT INTO phpbb_config (config_name, config_value) VALUES ('version', '3.0.14');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('warnings_expire_days', '90');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('warnings_gc', '14400');
 
@@ -668,7 +668,7 @@ INSERT INTO phpbb_acl_groups (group_id, forum_id, auth_option_id, auth_role_id,
 # Bots having bot access
 INSERT INTO phpbb_acl_groups (group_id, forum_id, auth_option_id, auth_role_id, auth_setting) VALUES (6, 2, 0, 19, 0);
 
-# NEW MEMBERS aren't allowed to PM
+# NEW MEMBERS are not allowed to send private messages
 INSERT INTO phpbb_acl_groups (group_id, forum_id, auth_option_id, auth_role_id, auth_setting) VALUES (7, 0, 0, 23, 0);
 
 # NEW MEMBERS on the queue

phpBB/language/en/acp/ban.php

@@ -74,11 +74,11 @@ $lang = array_merge($lang, array(
 	'PERMANENT'		=> 'Permanent',
 
 	'UNTIL'						=> 'Until',
-	'USER_BAN'					=> 'Ban one or more usernames',
+	'USER_BAN'					=> 'Ban one or more users by username',
 	'USER_BAN_EXCLUDE_EXPLAIN'	=> 'Enable this to exclude the entered users from all current bans.',
 	'USER_BAN_EXPLAIN'			=> 'You can ban multiple users in one go by entering each name on a new line. Use the <span style="text-decoration: underline;">Find a member</span> facility to look up and add one or more users automatically.',
 	'USER_NO_BANNED'			=> 'No banned usernames',
-	'USER_UNBAN'				=> 'Un-ban or un-exclude usernames',
+	'USER_UNBAN'				=> 'Un-ban or un-exclude users by username',
 	'USER_UNBAN_EXPLAIN'		=> 'You can unban (or un-exclude) multiple users in one go using the appropriate combination of mouse and keyboard for your computer and browser. Excluded users are emphasised.',
 ));
 

phpBB/language/en/acp/board.php

@@ -44,7 +44,7 @@ $lang = array_merge($lang, array(
 	'DEFAULT_LANGUAGE'				=> 'Default language',
 	'DEFAULT_STYLE'					=> 'Default style',
 	'DISABLE_BOARD'					=> 'Disable board',
-	'DISABLE_BOARD_EXPLAIN'			=> 'This will make the board unavailable to users. You can also enter a short (255 character) message to display if you wish.',
+	'DISABLE_BOARD_EXPLAIN'			=> 'This will make the board unavailable to users who are neither administrators nor moderators. You can also enter a short (255 character) message to display if you wish.',
 	'OVERRIDE_STYLE'				=> 'Override user style',
 	'OVERRIDE_STYLE_EXPLAIN'		=> 'Replaces user’s style with the default.',
 	'SITE_DESC'						=> 'Site description',
@@ -104,7 +104,7 @@ $lang = array_merge($lang, array(
 	'AVATAR_GALLERY_PATH'			=> 'Avatar gallery path',
 	'AVATAR_GALLERY_PATH_EXPLAIN'	=> 'Path under your phpBB root directory for pre-loaded images, e.g. <samp>images/avatars/gallery</samp>.',
 	'AVATAR_STORAGE_PATH'			=> 'Avatar storage path',
-	'AVATAR_STORAGE_PATH_EXPLAIN'	=> 'Path under your phpBB root directory, e.g. <samp>images/avatars/upload</samp>.',
+	'AVATAR_STORAGE_PATH_EXPLAIN'	=> 'Path under your phpBB root directory, e.g. <samp>images/avatars/upload</samp>.<br />Avatar uploading <strong>will not be available</strong> if this path is not writable.',
 	'MAX_AVATAR_SIZE'				=> 'Maximum avatar dimensions',
 	'MAX_AVATAR_SIZE_EXPLAIN'		=> 'Width x Height in pixels.',
 	'MAX_FILESIZE'					=> 'Maximum avatar file size',

phpBB/language/en/acp/common.php

@@ -50,7 +50,7 @@ $lang = array_merge($lang, array(
 	'ACP_BAN'					=> 'Banning',
 	'ACP_BAN_EMAILS'			=> 'Ban e-mails',
 	'ACP_BAN_IPS'				=> 'Ban IPs',
-	'ACP_BAN_USERNAMES'			=> 'Ban usernames',
+	'ACP_BAN_USERNAMES'			=> 'Ban users',
 	'ACP_BBCODES'				=> 'BBCodes',
 	'ACP_BOARD_CONFIGURATION'	=> 'Board configuration',
 	'ACP_BOARD_FEATURES'		=> 'Board features',

phpBB/language/en/acp/email.php

@@ -37,7 +37,7 @@ if (empty($lang) || !is_array($lang))
 
 // Email settings
 $lang = array_merge($lang, array(
-	'ACP_MASS_EMAIL_EXPLAIN'		=> 'Here you can e-mail a message to either all of your users or all users of a specific group <strong>having the option to receive mass e-mails enabled</strong>. To achieve this an e-mail will be sent out to the administrative e-mail address supplied, with a blind carbon copy sent to all recipients. The default setting is to only include 50 recipients in such an e-mail, for more recipients more e-mails will be sent. If you are emailing a large group of people please be patient after submitting and do not stop the page halfway through. It is normal for a mass emailing to take a long time, you will be notified when the script has completed.',
+	'ACP_MASS_EMAIL_EXPLAIN'		=> 'Here you can e-mail a message to either all of your users or all users of a specific group <strong>having the option to receive mass e-mails enabled</strong>. To achieve this an e-mail will be sent out to the administrative e-mail address supplied, with a blind carbon copy sent to all recipients. The default setting is to only include 20 recipients in such an e-mail, for more recipients more e-mails will be sent. If you are emailing a large group of people please be patient after submitting and do not stop the page halfway through. It is normal for a mass emailing to take a long time, you will be notified when the script has completed.',
 	'ALL_USERS'						=> 'All users',
 
 	'COMPOSE'				=> 'Compose',

phpBB/language/en/acp/users.php

@@ -52,6 +52,7 @@ $lang = array_merge($lang, array(
 	'CANNOT_FORCE_REACT_FOUNDER'	=> 'You are not allowed to force reactivation on founder accounts.',
 	'CANNOT_FORCE_REACT_YOURSELF'	=> 'You are not allowed to force reactivation of your own account.',
 	'CANNOT_REMOVE_ANONYMOUS'		=> 'You are not able to remove the guest user account.',
+	'CANNOT_REMOVE_FOUNDER'			=> 'You are not allowed to remove founder accounts.',
 	'CANNOT_REMOVE_YOURSELF'		=> 'You are not allowed to remove your own user account.',
 	'CANNOT_SET_FOUNDER_IGNORED'	=> 'You are not able to promote ignored users to be founders.',
 	'CANNOT_SET_FOUNDER_INACTIVE'	=> 'You need to activate users before you promote them to founders, only activated users are able to be promoted.',

phpBB/language/en/common.php

@@ -88,9 +88,10 @@ $lang = array_merge($lang, array(
 	'AVATAR_PARTIAL_UPLOAD'			=> 'The specified file was only partially uploaded.',
 	'AVATAR_PHP_SIZE_NA'			=> 'The avatar’s filesize is too large.<br />The maximum allowed filesize set in php.ini could not be determined.',
 	'AVATAR_PHP_SIZE_OVERRUN'		=> 'The avatar’s filesize is too large. The maximum allowed upload size is %1$d %2$s.<br />Please note this is set in php.ini and cannot be overridden.',
+	'AVATAR_REMOTE_UPLOAD_TIMEOUT'		=> 'The specified avatar could not be uploaded because the request timed out.',
 	'AVATAR_URL_INVALID'			=> 'The URL you specified is invalid.',
 	'AVATAR_URL_NOT_FOUND'			=> 'The file specified could not be found.',
-	'AVATAR_WRONG_FILESIZE'			=> 'The avatar’s filesize must be between 0 and %1d %2s.',
+	'AVATAR_WRONG_FILESIZE'			=> 'The avatar’s filesize must be between 0 and %1$d %2$s.',
 	'AVATAR_WRONG_SIZE'				=> 'The submitted avatar is %5$d pixels wide and %6$d pixels high. Avatars must be at least %1$d pixels wide and %2$d pixels high, but no larger than %3$d pixels wide and %4$d pixels high.',
 
 	'BACK_TO_TOP'			=> 'Top',
@@ -341,6 +342,9 @@ $lang = array_merge($lang, array(
 	'MODERATE'				=> 'Moderate',
 	'MODERATOR'				=> 'Moderator',
 	'MODERATORS'			=> 'Moderators',
+	'MODULE_NOT_ACCESS'		=> 'Module not accessible',
+	'MODULE_NOT_FIND'		=> 'Cannot find module %s',
+	'MODULE_FILE_INCORRECT_CLASS'	=> 'Module file %s does not contain correct class [%s]',
 	'MONTH'					=> 'Month',
 	'MOVE'					=> 'Move',
 	'MSNM'					=> 'MSNM/WLM',
@@ -651,7 +655,7 @@ $lang = array_merge($lang, array(
 	'TOTAL_USERS_ZERO'	=> 'Total members <strong>0</strong>',
 	'TRACKED_PHP_ERROR'	=> 'Tracked PHP errors: %s',
 
-	'UNABLE_GET_IMAGE_SIZE'	=> 'It was not possible to determine the dimensions of the image.',
+	'UNABLE_GET_IMAGE_SIZE'	=> 'It was not possible to determine the dimensions of the image. Please verify that the URL you entered is correct.',
 	'UNABLE_TO_DELIVER_FILE'=> 'Unable to deliver file.',
 	'UNKNOWN_BROWSER'		=> 'Unknown browser',
 	'UNMARK_ALL'			=> 'Unmark all',

phpBB/language/en/posting.php

@@ -178,6 +178,7 @@ $lang = array_merge($lang, array(
 
 	'QUOTE_DEPTH_EXCEEDED'		=> 'You may embed only %1$d quotes within each other.',
 
+	'REMOTE_UPLOAD_TIMEOUT'		=> 'The specified file could not be uploaded because the request timed out.',
 	'SAVE'						=> 'Save',
 	'SAVE_DATE'					=> 'Saved at',
 	'SAVE_DRAFT'				=> 'Save draft',
@@ -219,7 +220,7 @@ $lang = array_merge($lang, array(
 	'VIEW_MESSAGE'				=> '%sView your submitted message%s',
 	'VIEW_PRIVATE_MESSAGE'		=> '%sView your submitted private message%s',
 
-	'WRONG_FILESIZE'			=> 'The file is too big, maximum allowed size is %1d %2s.',
+	'WRONG_FILESIZE'			=> 'The file is too big, maximum allowed size is %1$d %2$s.',
 	'WRONG_SIZE'				=> 'The image must be at least %1$d pixels wide, %2$d pixels high and at most %3$d pixels wide and %4$d pixels high. The submitted image is %5$d pixels wide and %6$d pixels high.',
 ));
 

phpBB/language/en/ucp.php

@@ -266,7 +266,7 @@ $lang = array_merge($lang, array(
 	'MOVE_DELETED_MESSAGES_TO'		=> 'Move messages from removed folder to',
 	'MOVE_DOWN'						=> 'Move down',
 	'MOVE_MARKED_TO_FOLDER'			=> 'Move marked to %s',
-	'MOVE_PM_ERROR'					=> 'An error occurred while moving the messages to the new folder, only %1d from %2d messages were moved.',
+	'MOVE_PM_ERROR'					=> 'An error occurred while moving the messages to the new folder, only %1$d from %2$d messages were moved.',
 	'MOVE_TO_FOLDER'				=> 'Move to folder',
 	'MOVE_UP'						=> 'Move up',
 

phpBB/posting.php

@@ -1222,9 +1222,13 @@ if (!sizeof($error) && $preview)
 			'L_MAX_VOTES'		=> ($post_data['poll_max_options'] == 1) ? $user->lang['MAX_OPTION_SELECT'] : sprintf($user->lang['MAX_OPTIONS_SELECT'], $post_data['poll_max_options']))
 		);
 
-		$parse_poll->message = implode("\n", $post_data['poll_options']);
-		$parse_poll->format_display($post_data['enable_bbcode'], $post_data['enable_urls'], $post_data['enable_smilies']);
-		$preview_poll_options = explode('<br />', $parse_poll->message);
+		$preview_poll_options = array();
+		foreach ($post_data['poll_options'] as $poll_option)
+		{
+			$parse_poll->message = $poll_option;
+			$parse_poll->format_display($post_data['enable_bbcode'], $post_data['enable_urls'], $post_data['enable_smilies']);
+			$preview_poll_options[] = $parse_poll->message;
+		}
 		unset($parse_poll);
 
 		foreach ($preview_poll_options as $key => $option)

phpBB/search.php

@@ -540,12 +540,6 @@ if ($keywords || $author || $author_id || $search_id || $submit)
 		$total_match_count = $search->author_search($show_results, $firstpost_only, $sort_by_sql, $sort_key, $sort_dir, $sort_days, $ex_fid_ary, $m_approve_fid_ary, $topic_id, $author_id_ary, $sql_author_match, $id_ary, $start, $per_page);
 	}
 
-	// For some searches we need to print out the "no results" page directly to allow re-sorting/refining the search options.
-	if (!sizeof($id_ary) && !$search_id)
-	{
-		trigger_error('NO_SEARCH_RESULTS');
-	}
-
 	$sql_where = '';
 
 	if (sizeof($id_ary))
@@ -580,9 +574,9 @@ if ($keywords || $author || $author_id || $search_id || $submit)
 	}
 
 	// define some vars for urls
-	$hilit = implode('|', explode(' ', preg_replace('#\s+#u', ' ', str_replace(array('+', '-', '|', '(', ')', '"'), ' ', $keywords))));
-	// Do not allow *only* wildcard being used for hilight
-	$hilit = (strspn($hilit, '*') === strlen($hilit)) ? '' : $hilit;
+	// A single wildcard will make the search results look ugly
+	$hilit = phpbb_clean_search_string(str_replace(array('+', '-', '|', '(', ')', '"'), ' ', $keywords));
+	$hilit = str_replace(' ', '|', $hilit);
 
 	$u_hilit = urlencode(htmlspecialchars_decode(str_replace('|', ' ', $hilit)));
 	$u_show_results = '&sr=' . $show_results;
@@ -846,7 +840,8 @@ if ($keywords || $author || $author_id || $search_id || $submit)
 			$hilit_array = array_filter(explode('|', $hilit), 'strlen');
 			foreach ($hilit_array as $key => $value)
 			{
-				$hilit_array[$key] = str_replace('\*', '\w*?', preg_quote($value, '#'));
+				$hilit_array[$key] = phpbb_clean_search_string($value);
+				$hilit_array[$key] = str_replace('\*', '\w*?', preg_quote($hilit_array[$key], '#'));
 				$hilit_array[$key] = preg_replace('#(^|\s)\\\\w\*\?(\s|$)#', '$1\w+?$2', $hilit_array[$key]);
 			}
 			$hilit = implode('|', $hilit_array);

phpBB/styles/prosilver/imageset/imageset.cfg

@@ -19,7 +19,7 @@
 # General Information about this style
 name = prosilver
 copyright = © phpBB Group, 2007
-version = 3.0.12
+version = 3.0.14
 
 # Images
 img_site_logo = site_logo.gif*52*139

phpBB/styles/prosilver/style.cfg

@@ -18,5 +18,5 @@
 
 # General Information about this style
 name = prosilver
-copyright = © phpBB Group, 2007
-version = 3.0.12
+copyright = © phpBB Group, 2007
+version = 3.0.14

phpBB/styles/prosilver/template/editor.js

@@ -347,7 +347,7 @@ function mozWrap(txtarea, open, close)
 */
 function storeCaret(textEl)
 {
-	if (textEl.createTextRange)
+	if (textEl.createTextRange && document.selection)
 	{
 		textEl.caretPos = document.selection.createRange().duplicate();
 	}

phpBB/styles/prosilver/template/forumlist_body.html

@@ -47,6 +47,8 @@
 						<!-- IF forumrow.LAST_POST_TIME --><dfn>{L_LAST_POST}</dfn> {L_POST_BY_AUTHOR} {forumrow.LAST_POSTER_FULL}
 						<!-- IF not S_IS_BOT --><a href="{forumrow.U_LAST_POST}">{LAST_POST_IMG}</a> <!-- ENDIF --><br />{forumrow.LAST_POST_TIME}<!-- ELSE -->{L_NO_POSTS}<br />&nbsp;<!-- ENDIF --></span>
 					</dd>
+				<!-- ELSE -->
+					<dd>&nbsp;</dd>
 				<!-- ENDIF -->
 			</dl>
 		</li>

phpBB/styles/prosilver/template/template.cfg

@@ -19,7 +19,7 @@
 # General Information about this template
 name = prosilver
 copyright = © phpBB Group, 2007
-version = 3.0.12
+version = 3.0.14
 
 # Defining a different template bitfield
 template_bitfield = lNg=

phpBB/styles/prosilver/template/ucp_profile_profile_info.html

@@ -50,9 +50,9 @@
 		<dl>
 			<dt><label for="bday_day">{L_BIRTHDAY}:</label><br /><span>{L_BIRTHDAY_EXPLAIN}</span></dt>
 			<dd>
-				<label for="bday_day">{L_DAY}: <select name="bday_day" id="bday_day" style="width: 4em;">{S_BIRTHDAY_DAY_OPTIONS}</select></label> 
-				<label for="bday_month">{L_MONTH}: <select name="bday_month" id="bday_month" style="width: 4em;">{S_BIRTHDAY_MONTH_OPTIONS}</select></label> 
-				<label for="bday_year">{L_YEAR}: <select name="bday_year" id="bday_year" style="width: 6em;">{S_BIRTHDAY_YEAR_OPTIONS}</select></label>
+				<label for="bday_day">{L_DAY}: <select name="bday_day" id="bday_day">{S_BIRTHDAY_DAY_OPTIONS}</select></label> 
+				<label for="bday_month">{L_MONTH}: <select name="bday_month" id="bday_month">{S_BIRTHDAY_MONTH_OPTIONS}</select></label> 
+				<label for="bday_year">{L_YEAR}: <select name="bday_year" id="bday_year">{S_BIRTHDAY_YEAR_OPTIONS}</select></label>
 			</dd>
 		</dl>
 	<!-- ENDIF -->

phpBB/styles/prosilver/theme/theme.cfg

@@ -21,7 +21,7 @@
 # General Information about this theme
 name = prosilver
 copyright = © phpBB Group, 2007
-version = 3.0.12
+version = 3.0.14
 
 # Some configuration options
 

phpBB/styles/subsilver2/imageset/imageset.cfg

@@ -19,7 +19,7 @@
 # General Information about this style
 name = subsilver2
 copyright = © phpBB Group, 2003
-version = 3.0.12
+version = 3.0.14
 
 # Images
 img_site_logo = site_logo.gif*94*170

phpBB/styles/subsilver2/style.cfg

@@ -18,5 +18,5 @@
 
 # General Information about this style
 name = subsilver2
-copyright = © 2005 phpBB Group
-version = 3.0.12
+copyright = © 2005 phpBB Group
+version = 3.0.14

phpBB/styles/subsilver2/template/editor.js

@@ -351,7 +351,7 @@ function mozWrap(txtarea, open, close)
 */
 function storeCaret(textEl)
 {
-	if (textEl.createTextRange)
+	if (textEl.createTextRange && document.selection)
 	{
 		textEl.caretPos = document.selection.createRange().duplicate();
 	}

phpBB/styles/subsilver2/template/template.cfg

@@ -19,7 +19,7 @@
 # General Information about this template
 name = subsilver2
 copyright = © phpBB Group, 2003
-version = 3.0.12
+version = 3.0.14
 
 # Template inheritance
 # See http://blog.phpbb.com/2008/07/31/templating-just-got-easier/

phpBB/styles/subsilver2/theme/theme.cfg

@@ -21,7 +21,7 @@
 # General Information about this theme
 name = subsilver2
 copyright = © phpBB Group, 2003
-version = 3.0.12
+version = 3.0.14
 
 # Some configuration options
 

phpBB/viewtopic.php

@@ -471,17 +471,11 @@ else
 $highlight_match = $highlight = '';
 if ($hilit_words)
 {
-	foreach (explode(' ', trim($hilit_words)) as $word)
-	{
-		if (trim($word))
-		{
-			$word = str_replace('\*', '\w+?', preg_quote($word, '#'));
-			$word = preg_replace('#(^|\s)\\\\w\*\?(\s|$)#', '$1\w+?$2', $word);
-			$highlight_match .= (($highlight_match != '') ? '|' : '') . $word;
-		}
-	}
-
-	$highlight = urlencode($hilit_words);
+	$highlight_match = phpbb_clean_search_string($hilit_words);
+	$highlight = urlencode($highlight_match);
+	$highlight_match = str_replace('\*', '\w+?', preg_quote($highlight_match, '#'));
+	$highlight_match = preg_replace('#(?<=^|\s)\\\\w\*\?(?=\s|$)#', '\w+?', $highlight_match);
+	$highlight_match = str_replace(' ', '|', $highlight_match);
 }
 
 // Make sure $start is set to the last page if it exceeds the amount
@@ -1509,13 +1503,19 @@ for ($i = 0, $end = sizeof($post_list); $i < $end; ++$i)
 	$edit_allowed = ($user->data['is_registered'] && ($auth->acl_get('m_edit', $forum_id) || (
 		$user->data['user_id'] == $poster_id &&
 		$auth->acl_get('f_edit', $forum_id) &&
+		$topic_data['topic_status'] != ITEM_LOCKED &&
 		!$row['post_edit_locked'] &&
 		($row['post_time'] > time() - ($config['edit_time'] * 60) || !$config['edit_time'])
 	)));
 
+	$quote_allowed = $auth->acl_get('m_edit', $forum_id) || ($topic_data['topic_status'] != ITEM_LOCKED &&
+		($user->data['user_id'] == ANONYMOUS || $auth->acl_get('f_reply', $forum_id))
+	);
+
 	$delete_allowed = ($user->data['is_registered'] && ($auth->acl_get('m_delete', $forum_id) || (
 		$user->data['user_id'] == $poster_id &&
 		$auth->acl_get('f_delete', $forum_id) &&
+		$topic_data['topic_status'] != ITEM_LOCKED &&
 		$topic_data['topic_last_post_id'] == $row['post_id'] &&
 		($row['post_time'] > time() - ($config['delete_time'] * 60) || !$config['delete_time']) &&
 		// we do not want to allow removal of the last post if a moderator locked it!
@@ -1556,7 +1556,7 @@ for ($i = 0, $end = sizeof($post_list); $i < $end; ++$i)
 		'S_ONLINE'				=> ($poster_id == ANONYMOUS || !$config['load_onlinetrack']) ? false : (($user_cache[$poster_id]['online']) ? true : false),
 
 		'U_EDIT'			=> ($edit_allowed) ? append_sid("{$phpbb_root_path}posting.$phpEx", "mode=edit&amp;f=$forum_id&amp;p={$row['post_id']}") : '',
-		'U_QUOTE'			=> ($auth->acl_get('f_reply', $forum_id)) ? append_sid("{$phpbb_root_path}posting.$phpEx", "mode=quote&amp;f=$forum_id&amp;p={$row['post_id']}") : '',
+		'U_QUOTE'			=> ($quote_allowed) ? append_sid("{$phpbb_root_path}posting.$phpEx", "mode=quote&amp;f=$forum_id&amp;p={$row['post_id']}") : '',
 		'U_INFO'			=> ($auth->acl_get('m_info', $forum_id)) ? append_sid("{$phpbb_root_path}mcp.$phpEx", "i=main&amp;mode=post_details&amp;f=$forum_id&amp;p=" . $row['post_id'], true, $user->session_id) : '',
 		'U_DELETE'			=> ($delete_allowed) ? append_sid("{$phpbb_root_path}posting.$phpEx", "mode=delete&amp;f=$forum_id&amp;p={$row['post_id']}") : '',
 

phpunit.xml.all

@@ -1,33 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-<phpunit backupGlobals="true"
-         backupStaticAttributes="true"
-         colors="true"
-         convertErrorsToExceptions="true"
-         convertNoticesToExceptions="true"
-         convertWarningsToExceptions="true"
-         processIsolation="false"
-         stopOnFailure="false"
-         syntaxCheck="false"
-         bootstrap="tests/bootstrap.php"
->
-    <testsuites>
-        <testsuite name="phpBB Test Suite">
-            <directory suffix="_test.php">./tests/</directory>
-            <exclude>./tests/functional</exclude>
-            <exclude>tests/lint_test.php</exclude>
-        </testsuite>
-        <testsuite name="phpBB Lint Test">
-            <file>tests/lint_test.php</file>
-        </testsuite>
-        <testsuite name="phpBB Functional Tests">
-            <directory suffix="_test.php" phpVersion="5.3.0" phpVersionOperator=">=">./tests/functional</directory>
-        </testsuite>
-    </testsuites>
-
-    <filter>
-        <blacklist>
-            <directory>./tests/</directory>
-        </blacklist>
-    </filter>
-</phpunit>

phpunit.xml.dist

@@ -13,28 +13,27 @@
 >
     <testsuites>
         <testsuite name="phpBB Test Suite">
-            <directory suffix="_test.php">./tests/</directory>
+            <directory suffix="_test.php">./tests</directory>
             <exclude>./tests/functional</exclude>
-            <exclude>tests/lint_test.php</exclude>
-        </testsuite>
-        <testsuite name="phpBB Lint Test">
-            <file>tests/lint_test.php</file>
+            <exclude>./tests/lint_test.php</exclude>
         </testsuite>
         <testsuite name="phpBB Functional Tests">
             <directory suffix="_test.php" phpVersion="5.3.0" phpVersionOperator=">=">./tests/functional</directory>
         </testsuite>
+        <testsuite name="phpBB Lint Test">
+            <file>./tests/lint_test.php</file>
+        </testsuite>
     </testsuites>
 
     <groups>
         <exclude>
-            <group>functional</group>
             <group>slow</group>
         </exclude>
     </groups>
 
     <filter>
-        <blacklist>
-            <directory>./tests/</directory>
-        </blacklist>
+        <whitelist>
+            <directory suffix=".php">./phpBB/includes/</directory>
+        </whitelist>
     </filter>
 </phpunit>

phpunit.xml.functional

@@ -1,39 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-<phpunit backupGlobals="true"
-         backupStaticAttributes="true"
-         colors="true"
-         convertErrorsToExceptions="true"
-         convertNoticesToExceptions="true"
-         convertWarningsToExceptions="true"
-         processIsolation="false"
-         stopOnFailure="false"
-         syntaxCheck="false"
-         bootstrap="tests/bootstrap.php"
->
-    <testsuites>
-        <testsuite name="phpBB Test Suite">
-            <directory suffix="_test.php">./tests/</directory>
-            <exclude>./tests/functional</exclude>
-            <exclude>tests/lint_test.php</exclude>
-        </testsuite>
-        <testsuite name="phpBB Lint Test">
-            <file>tests/lint_test.php</file>
-        </testsuite>
-        <testsuite name="phpBB Functional Tests">
-            <directory suffix="_test.php" phpVersion="5.3.0" phpVersionOperator=">=">./tests/functional</directory>
-        </testsuite>
-    </testsuites>
-
-    <groups>
-        <include>
-            <group>functional</group>
-        </include>
-    </groups>
-
-    <filter>
-        <blacklist>
-            <directory>./tests/</directory>
-        </blacklist>
-    </filter>
-</phpunit>

tests/RUNNING_TESTS.md

@@ -110,12 +110,16 @@ Slow tests
 --------------
 
 Certain tests, such as the UTF-8 normalizer or the DNS tests tend to be slow.
-Thus these tests are in the `slow` group, which is excluded by default. You can
-enable slow tests by copying the phpunit.xml.all file to phpunit.xml. If you
+Thus these tests are in the `slow` group, which is excluded by default. If you
 only want the slow tests, run:
 
     $ phpBB/vendor/bin/phpunit --group slow
 
+If you want all tests, run:
+
+    $ phpBB/vendor/bin/phpunit --group __nogroup__,functional,slow
+
+
 Functional tests
 -----------------
 
@@ -136,10 +140,10 @@ on which to run tests.
 
     $phpbb_functional_url = 'http://localhost/phpBB3/';
 
-To then run the tests, you run PHPUnit, but use the phpunit.xml.functional
-config file instead of the default one. Specify this through the "-c" option:
+Functional tests are automatically run, if '$phpbb_functional_url' is configured.
+If you only want the functional tests, run:
 
-    $ phpBB/vendor/bin/phpunit -c phpunit.xml.functional
+    $ phpBB/vendor/bin/phpunit --group functional
 
 This will change your board's config.php file, but it makes a backup at
 config_dev.php, so you can restore it after the test run is complete.

tests/cache/cache_memory.php

@@ -0,0 +1,62 @@
+<?php
+/**
+*
+* @package testing
+* @copyright (c) 2014 phpBB Group
+* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2
+*
+*/
+
+require_once dirname(__FILE__) . '/../../phpBB/includes/acm/acm_memory.php';
+
+class phpbb_cache_memory extends acm_memory
+{
+	protected $data = array();
+
+	/**
+	* Set cache path
+	*/
+	function phpbb_cache_memory()
+	{
+	}
+
+	/**
+	* Fetch an item from the cache
+	*
+	* @access protected
+	* @param string $var Cache key
+	* @return mixed Cached data
+	*/
+	function _read($var)
+	{
+		return $this->data[$var];
+	}
+
+	/**
+	* Store data in the cache
+	*
+	* @access protected
+	* @param string $var Cache key
+	* @param mixed $data Data to store
+	* @param int $ttl Time-to-live of cached data
+	* @return bool True if the operation succeeded
+	*/
+	function _write($var, $data, $ttl = 2592000)
+	{
+		$this->data[$var] = $data;
+		return true;
+	}
+
+	/**
+	* Remove an item from the cache
+	*
+	* @access protected
+	* @param string $var Cache key
+	* @return bool True if the operation succeeded
+	*/
+	function _delete($var)
+	{
+		unset($this->data[$var]);
+		return true;
+	}
+}

tests/cache/cache_memory_test.php

@@ -0,0 +1,125 @@
+<?php
+/**
+*
+* @package testing
+* @copyright (c) 2014 phpBB Group
+* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2
+*
+*/
+
+require_once dirname(__FILE__) . '/cache_memory.php';
+
+class phpbb_cache_memory_test extends phpbb_database_test_case
+{
+	protected $cache;
+
+	public function getDataSet()
+	{
+		return $this->createXMLDataSet(dirname(__FILE__).'/fixtures/cache_memory.xml');
+	}
+
+	protected function setUp()
+	{
+		global $db;
+		parent::setUp();
+
+		$this->cache = new phpbb_cache_memory();
+		$db = $this->new_dbal();
+	}
+
+	static public function cache_single_query_data()
+	{
+		return array(
+			array(
+				array(
+					array(
+						'SELECT * FROM ' . POSTS_TABLE,
+						3,
+					),
+				),
+				POSTS_TABLE,
+			),
+			array(
+				array(
+					array(
+						'SELECT * FROM ' . POSTS_TABLE,
+						3,
+					),
+					array(
+						'SELECT * FROM ' . POSTS_TABLE . ' p
+							LEFT JOIN ' . TOPICS_TABLE . ' t ON p.topic_id = t.topic_id',
+						3,
+					),
+				),
+				POSTS_TABLE,
+			),
+			array(
+				array(
+					array(
+						'SELECT * FROM ' . POSTS_TABLE,
+						3,
+					),
+					array(
+						'SELECT * FROM ' . POSTS_TABLE . ' p
+							LEFT JOIN ' . TOPICS_TABLE . ' t ON p.topic_id = t.topic_id',
+						3,
+					),
+					array(
+						'SELECT * FROM ' . POSTS_TABLE . ' p
+							LEFT JOIN ' . TOPICS_TABLE . ' t ON p.topic_id = t.topic_id
+							LEFT JOIN ' . USERS_TABLE . ' u ON p.poster_id = u.user_id',
+						3,
+					),
+				),
+				POSTS_TABLE,
+			),
+			array(
+				array(
+					array(
+						'SELECT * FROM ' . POSTS_TABLE . ' p
+							LEFT JOIN ' . TOPICS_TABLE . ' t ON p.topic_id = t.topic_id',
+						3,
+					),
+					array(
+						'SELECT * FROM ' . POSTS_TABLE . ' p
+							LEFT JOIN ' . TOPICS_TABLE . ' t ON p.topic_id = t.topic_id
+							LEFT JOIN ' . USERS_TABLE . ' u ON p.poster_id = u.user_id',
+						3,
+					),
+				),
+				TOPICS_TABLE,
+			),
+		);
+	}
+
+	/**
+	* @dataProvider cache_single_query_data
+	*/
+	public function test_cache_single_query($sql_queries, $table)
+	{
+		global $db;
+
+		foreach ($sql_queries as $query)
+		{
+			$sql_request_res = $db->sql_query($query[0]);
+
+			$this->cache->sql_save($query[0], $sql_request_res, 1);
+
+			$results = array();
+			$query_id = $this->cache->sql_load($query[0]);
+			while ($row = $this->cache->sql_fetchrow($query_id))
+			{
+				$results[] = $row;
+			}
+			$this->cache->sql_freeresult($query_id);
+			$this->assertEquals($query[1], sizeof($results));
+		}
+
+		$this->cache->destroy('sql', $table);
+
+		foreach ($sql_queries as $query)
+		{
+			$this->assertNotEquals(false, $this->cache->sql_load($query[0]));
+		}
+	}
+}

tests/cache/fixtures/cache_memory.xml

@@ -0,0 +1,85 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<dataset>
+	<table name="phpbb_topics">
+		<column>topic_id</column>
+		<column>forum_id</column>
+		<column>topic_title</column>
+		<column>topic_first_post_id</column>
+		<column>topic_last_post_id</column>
+		<row>
+			<value>1</value>
+			<value>1</value>
+			<value>Topic</value>
+			<value>2</value>
+			<value>2</value>
+		</row>
+	</table>
+	<table name="phpbb_posts">
+		<column>post_id</column>
+		<column>poster_id</column>
+		<column>topic_id</column>
+		<column>forum_id</column>
+		<column>post_text</column>
+		<row>
+			<value>1</value>
+			<value>1</value>
+			<value>1</value>
+			<value>1</value>
+			<value>Post 1</value>
+		</row>
+		<row>
+			<value>2</value>
+			<value>2</value>
+			<value>1</value>
+			<value>1</value>
+			<value>Post 2</value>
+		</row>
+		<row>
+			<value>3</value>
+			<value>3</value>
+			<value>1</value>
+			<value>1</value>
+			<value>Post 3</value>
+		</row>
+	</table>
+	<table name="phpbb_users">
+		<column>user_id</column>
+		<column>user_posts</column>
+		<column>username</column>
+		<column>username_clean</column>
+		<column>user_permissions</column>
+		<column>user_sig</column>
+		<column>user_occ</column>
+		<column>user_interests</column>
+		<row>
+			<value>1</value>
+			<value>1</value>
+			<value>user 1</value>
+			<value>user 1</value>
+			<value></value>
+			<value></value>
+			<value></value>
+			<value></value>
+		</row>
+		<row>
+			<value>2</value>
+			<value>1</value>
+			<value>user 2</value>
+			<value>user 2</value>
+			<value></value>
+			<value></value>
+			<value></value>
+			<value></value>
+		</row>
+		<row>
+			<value>3</value>
+			<value>1</value>
+			<value>user 3</value>
+			<value>user 3</value>
+			<value></value>
+			<value></value>
+			<value></value>
+			<value></value>
+		</row>
+	</table>
+</dataset>

tests/functional/acp_attachments_test.php

@@ -0,0 +1,78 @@
+<?php
+/**
+ *
+ * This file is part of the phpBB Forum Software package.
+ *
+ * @copyright (c) phpBB Limited <https://www.phpbb.com>
+ * @license GNU General Public License, version 2 (GPL-2.0)
+ *
+ * For full copyright and license information, please see
+ * the docs/CREDITS.txt file.
+ *
+ */
+
+/**
+ * @group functional
+ */
+class phpbb_functional_acp_attachments_test extends phpbb_functional_test_case
+{
+	public function data_imagick_path_linux()
+	{
+		return array(
+			array('/usr/bin', 'Configuration updated successfully'),
+			array('/usr/foobar', 'The entered path “/usr/foobar” does not exist.'),
+			array('/usr/bin/which', 'The entered path “/usr/bin/which” is not a directory.'),
+		);
+	}
+
+	/**
+	 * @dataProvider data_imagick_path_linux
+	 */
+	public function test_imagick_path_linux($imagick_path, $expected)
+	{
+		if (strtolower(substr(PHP_OS, 0, 5)) !== 'linux')
+		{
+			$this->markTestSkipped('Unable to test linux specific paths on other OS.');
+		}
+
+		$this->login();
+		$this->admin_login();
+
+		$crawler = self::request('GET', 'adm/index.php?i=attachments&mode=attach&sid=' . $this->sid);
+
+		$form = $crawler->selectButton('Submit')->form(array('config[img_imagick]'	=> $imagick_path));
+
+		$crawler = self::submit($form);
+		$this->assertContains($expected, $crawler->filter('#main')->text());
+	}
+
+	public function data_imagick_path_windows()
+	{
+		return array(
+			array('C:\Windows', 'Configuration updated successfully'),
+			array('C:\Windows\foobar1', 'The entered path “C:\Windows\foobar1” does not exist.'),
+			array('C:\Windows\explorer.exe', 'The entered path “C:\Windows\explorer.exe” is not a directory.'),
+		);
+	}
+
+	/**
+	 * @dataProvider data_imagick_path_windows
+	 */
+	public function test_imagick_path_windows($imagick_path, $expected)
+	{
+		if (strtolower(substr(PHP_OS, 0, 3)) !== 'win')
+		{
+			$this->markTestSkipped('Unable to test windows specific paths on other OS.');
+		}
+
+		$this->login();
+		$this->admin_login();
+
+		$crawler = self::request('GET', 'adm/index.php?i=attachments&mode=attach&sid=' . $this->sid);
+
+		$form = $crawler->selectButton('Submit')->form(array('config[img_imagick]'	=> $imagick_path));
+
+		$crawler = self::submit($form);
+		$this->assertContains($expected, $crawler->filter('#main')->text());
+	}
+}

tests/functional/acp_users_test.php

@@ -0,0 +1,45 @@
+<?php
+/**
+*
+* @package testing
+* @copyright (c) 2014 phpBB Group
+* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2
+*
+*/
+
+/**
+* @group functional
+*/
+class phpbb_functional_acp_users_test extends phpbb_functional_test_case
+{
+	public function setUp()
+	{
+		parent::setUp();
+
+		$this->login();
+		$this->admin_login();
+		$this->add_lang('acp/users');
+	}
+
+	public function test_founder_deletion()
+	{
+		$username = 'founder-account';
+		$user_id = $this->create_user($username);
+		$this->make_founder($user_id);
+
+		$crawler = self::request('GET', "adm/index.php?i=users&mode=overview&u=$user_id&sid={$this->sid}");
+		$form = $crawler->filter('#user_delete')->selectButton($this->lang('SUBMIT'))->form();
+		$crawler = self::submit($form);
+		$this->assertContains($this->lang('CANNOT_REMOVE_FOUNDER'), $this->get_content());
+	}
+
+	protected function make_founder($user_id)
+	{
+		$crawler = self::request('GET', "adm/index.php?i=users&mode=overview&u=$user_id&sid={$this->sid}");
+		$form = $crawler->filter('#user_overview')->selectButton($this->lang('SUBMIT'))->form();
+		$data = array('user_founder' => '1');
+		$form->setValues($data);
+		$crawler = self::submit($form);
+		$this->assertContains($this->lang('USER_OVERVIEW_UPDATED'), $this->get_content());
+	}
+}

tests/functional/private_messages_test.php

@@ -0,0 +1,65 @@
+<?php
+/**
+*
+* @package testing
+* @copyright (c) 2014 phpBB Group
+* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2
+*
+*/
+
+/**
+* @group functional
+*/
+class phpbb_functional_private_messages_test extends phpbb_functional_test_case
+{
+	public function test_setup_config()
+	{
+		$this->login();
+		$this->admin_login();
+
+		$crawler = self::request('GET', "adm/index.php?sid={$this->sid}&i=board&mode=message");
+
+		$form = $crawler->selectButton('Submit')->form();
+		$values = $form->getValues();
+
+		// Set the maximum number of private messages per folder to 1
+		$values['config[pm_max_msgs]'] = 1;
+
+		$form->setValues($values);
+
+		$crawler = self::submit($form);
+		$this->assertContains($this->lang('CONFIG_UPDATED'), $crawler->filter('.successbox')->text());
+	}
+
+	public function test_inbox_full()
+	{
+		$this->login();
+		$message_id = $this->create_private_message('Test private message #1', 'This is a test private message sent by the testing framework.', array(2));
+
+		$crawler = self::request('GET', "ucp.php?i=pm&mode=view&sid{$this->sid}&p={$message_id}");
+		$this->assertContains($this->lang('UCP_PM_VIEW'), $crawler->filter('html')->text());
+
+		$message_id = $this->create_private_message('Test private message #2', 'This is a test private message sent by the testing framework.', array(2));
+
+		$crawler = self::request('GET', "ucp.php?i=pm&mode=view&sid{$this->sid}&p={$message_id}");
+		$this->assertContains($this->lang('NO_AUTH_READ_HOLD_MESSAGE'), $crawler->filter('html')->text());
+	}
+
+	public function test_restore_config()
+	{
+		$this->login();
+		$this->admin_login();
+
+		$crawler = self::request('GET', "adm/index.php?sid={$this->sid}&i=board&mode=message");
+
+		$form = $crawler->selectButton('Submit')->form();
+		$values = $form->getValues();
+
+		$values['config[pm_max_msgs]'] = 50;
+
+		$form->setValues($values);
+
+		$crawler = self::submit($form);
+		$this->assertContains($this->lang('CONFIG_UPDATED'), $crawler->filter('.successbox')->text());
+	}
+}

tests/functions/parse_cfg_file_test.php

@@ -0,0 +1,103 @@
+<?php
+/**
+*
+* @package testing
+* @copyright (c) 2014 phpBB Group
+* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2
+*
+*/
+
+require_once dirname(__FILE__) . '/../../phpBB/includes/functions.php';
+
+class phpbb_functions_parse_cfg_file extends phpbb_test_case
+{
+	public function parse_cfg_file_data()
+	{
+		return array(
+			array(
+				array(
+					'#',
+					'# phpBB Style Configuration File',
+					'#',
+					'# @package phpBB3',
+					'# @copyright (c) 2005 phpBB Group',
+					'# @license http://opensource.org/licenses/gpl-license.php GNU Public License',
+					'#',
+					'#',
+					'# At the left is the name, please do not change this',
+					'# At the right the value is entered',
+					'# For on/off options the valid values are on, off, 1, 0, true and false',
+					'#',
+					'# Values get trimmed, if you want to add a space in front or at the end of',
+					'# the value, then enclose the value with single or double quotes.',
+					'# Single and double quotes do not need to be escaped.',
+					'#',
+					'',
+					'# General Information about this style',
+					'name = prosilver',
+					'copyright = © phpBB Group, 2007',
+					'version = 3.0.12',
+				),
+				array(
+					'name'		=> 'prosilver',
+					'copyright'	=> '© phpBB Group, 2007',
+					'version'	=> '3.0.12',
+				),
+			),
+			array(
+				array(
+					'name = subsilver2',
+					'copyright = © 2005 phpBB Group',
+					'version = 3.0.12',
+				),
+				array(
+					'name'		=> 'subsilver2',
+					'copyright'	=> '© 2005 phpBB Group',
+					'version'	=> '3.0.12',
+				),
+			),
+			array(
+				array(
+					'foo = on',
+					'foo1 = true',
+					'foo2 = 1',
+					'bar = off',
+					'bar1 = false',
+					'bar2 = 0',
+					'foobar =',
+					'foobar1 = "asdf"',
+					'foobar2 = \'qwer\'',
+				),
+				array(
+					'foo'		=> true,
+					'foo1'		=> true,
+					'foo2'		=> true,
+					'bar'		=> false,
+					'bar1'		=> false,
+					'bar2'		=> false,
+					'foobar'	=> '',
+					'foobar1'	=> 'asdf',
+					'foobar2'	=> 'qwer',
+				),
+			),
+			array(
+				array(
+					'foo = &amp; bar',
+					'bar = <a href="test">Test</a>',
+				),
+				array(
+					'foo'		=> '&amp;amp; bar',
+					'bar'		=> '&lt;a href=&quot;test&quot;&gt;Test&lt;/a&gt;',
+				),
+			),
+		);
+	}
+
+	/**
+	* @dataProvider parse_cfg_file_data
+	*/
+	public function test_parse_cfg_file($file_contents, $expected)
+	{
+		$this->assertEquals($expected, parse_cfg_file(false, $file_contents));
+	}
+}

tests/functions_content/get_username_string_test.php

@@ -0,0 +1,125 @@
+<?php
+/**
+*
+* @package testing
+* @copyright (c) 2014 phpBB Group
+* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2
+*
+*/
+
+require_once dirname(__FILE__) . '/../../phpBB/includes/functions.php';
+require_once dirname(__FILE__) . '/../../phpBB/includes/functions_content.php';
+
+class phpbb_functions_content_get_username_string_test extends phpbb_test_case
+{
+	public function setUp()
+	{
+		parent::setUp();
+
+		global $auth, $user;
+		$auth = $this->getMock('auth');
+		$auth->expects($this->any())
+			->method('acl_get')
+			->with($this->stringContains('_'), $this->anything())
+			->will($this->returnValueMap(array(
+				array('u_viewprofile', true),
+			)));
+		$user->data['user_id'] = ANONYMOUS;
+		$user->lang['GUEST'] = 'Guest';
+	}
+
+	public function get_username_string_profile_data()
+	{
+		global $phpbb_root_path, $phpEx;
+
+		return array(
+			array(ANONYMOUS, 'Anonymous', '', false, false, ''),
+			array(2, 'Administrator', 'FF0000', false, false, "{$phpbb_root_path}memberlist.$phpEx?mode=viewprofile&amp;u=2"),
+			array(42, 'User42', '', false, 'http://www.example.org/user.php?mode=show', 'http://www.example.org/user.php?mode=show&amp;u=42'),
+		);
+	}
+
+	/**
+	* @dataProvider get_username_string_profile_data
+	*/
+	public function test_get_username_string_profile($user_id, $username, $user_colour, $guest_username, $custom_profile_url, $expected)
+	{
+		$this->assertEquals($expected, get_username_string('profile', $user_id, $username, $user_colour, $guest_username, $custom_profile_url));
+	}
+
+	public function get_username_string_username_data()
+	{
+		return array(
+			array(ANONYMOUS, '', '', false, false, 'Guest'),
+			array(ANONYMOUS, '', '', 'CustomName', false, 'CustomName'),
+			array(2, 'User2', '', false, false, 'User2'),
+			array(5, 'User5', '', 'Anonymous', false, 'User5'),
+			array(128, 'User128', '', false, false, 'User128'),
+		);
+	}
+
+	/**
+	* @dataProvider get_username_string_username_data
+	*/
+	public function test_get_username_string_username($user_id, $username, $user_colour, $guest_username, $custom_profile_url, $expected)
+	{
+		$this->assertEquals($expected, get_username_string('username', $user_id, $username, $user_colour, $guest_username, $custom_profile_url));
+	}
+
+	public function get_username_string_colour_data()
+	{
+		return array(
+			array(0, '', '', false, false, ''),
+			array(0, '', 'F0F0F0', false, false, '#F0F0F0'),
+			array(ANONYMOUS, 'Anonymous', '000000', false, false, '#000000'),
+			array(2, 'Administrator', '', false, false, ''),
+		);
+	}
+
+	/**
+	* @dataProvider get_username_string_colour_data
+	*/
+	public function test_get_username_string_colour($user_id, $username, $user_colour, $guest_username, $custom_profile_url, $expected)
+	{
+		$this->assertEquals($expected, get_username_string('colour', $user_id, $username, $user_colour, $guest_username, $custom_profile_url));
+	}
+
+	public function get_username_string_full_data()
+	{
+		global $phpbb_root_path, $phpEx;
+
+		return array(
+			array(0, '', '', false, false, 'Guest'),
+			array(ANONYMOUS, 'Anonymous', '', false, false, 'Anonymous'),
+			array(2, 'Administrator', 'FF0000', false, false, '<a href="' . $phpbb_root_path . 'memberlist.' . $phpEx . '?mode=viewprofile&amp;u=2" style="color: #FF0000;" class="username-coloured">Administrator</a>'),
+			array(5, 'User5', '', false, 'http://www.example.org/user.php?mode=show', '<a href="http://www.example.org/user.php?mode=show&amp;u=5">User5</a>'),
+			array(8, 'Eight', '', false, false, '<a href="' . $phpbb_root_path . 'memberlist.php?mode=viewprofile&amp;u=8">Eight</a>'),
+		);
+	}
+
+	/**
+	* @dataProvider get_username_string_full_data
+	*/
+	public function test_get_username_string_full($user_id, $username, $user_colour, $guest_username, $custom_profile_url, $expected)
+	{
+		$this->assertEquals($expected, get_username_string('full', $user_id, $username, $user_colour, $guest_username, $custom_profile_url));
+	}
+
+	public function get_username_string_no_profile_data()
+	{
+		return array(
+			array(ANONYMOUS, 'Anonymous', '', false, false, 'Anonymous'),
+			array(ANONYMOUS, 'Anonymous', '', '', false, 'Guest'),
+			array(2, 'Administrator', 'FF0000', false, false, '<span style="color: #FF0000;" class="username-coloured">Administrator</span>'),
+			array(8, 'Eight', '', false, false, 'Eight'),
+		);
+	}
+
+	/**
+	* @dataProvider get_username_string_no_profile_data
+	*/
+	public function test_get_username_string_no_profile($user_id, $username, $user_colour, $guest_username, $custom_profile_url, $expected)
+	{
+		$this->assertEquals($expected, get_username_string('no_profile', $user_id, $username, $user_colour, $guest_username, $custom_profile_url));
+	}
+}

tests/functions_content/phpbb_clean_search_string_test.php

@@ -0,0 +1,38 @@
+<?php
+/**
+*
+* @package testing
+* @copyright (c) 2014 phpBB Group
+* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2
+*
+*/
+
+require_once dirname(__FILE__) . '/../../phpBB/includes/functions_content.php';
+
+class phpbb_functions_content_phpbb_clean_search_string_test extends phpbb_test_case
+{
+	public function phpbb_clean_search_string_data()
+	{
+		return array(
+			array('*', ''),
+			array('* *', ''),
+			array('test', 'test'),
+			array(' test ', 'test'),
+			array(' test * ', 'test'),
+			array('test* *', 'test*'),
+			array('* *test*', '*test*'),
+			array('test  test  * test', 'test test test'),
+			array(' some  wild*cards *    between wo*rds  ', 'some wild*cards between wo*rds'),
+			array(' we * now have*** multiple wild***cards * ', 'we now have* multiple wild*cards'),
+			array('pi is *** . * **** * *****', 'pi is .'),
+		);
+	}
+
+	/**
+	* @dataProvider phpbb_clean_search_string_data
+	*/
+	public function test_phpbb_clean_search_string($search_string, $expected)
+	{
+		$this->assertEquals($expected, phpbb_clean_search_string($search_string));
+	}
+}

tests/functions_user/delete_user_test.php

@@ -0,0 +1,436 @@
+<?php
+/**
+*
+* @package testing
+* @copyright (c) 2014 phpBB Group
+* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2
+*
+*/
+
+require_once dirname(__FILE__) . '/../../phpBB/includes/functions.php';
+require_once dirname(__FILE__) . '/../../phpBB/includes/functions_user.php';
+require_once dirname(__FILE__) . '/../../phpBB/includes/utf/utf_tools.php';
+require_once dirname(__FILE__) . '/../mock/null_cache.php';
+
+class phpbb_functions_user_delete_user_test extends phpbb_database_test_case
+{
+	/** @var \dbal */
+	protected $db;
+
+	public function getDataSet()
+	{
+		return $this->createXMLDataSet(dirname(__FILE__).'/fixtures/delete_user.xml');
+	}
+
+	protected function setUp()
+	{
+		parent::setUp();
+
+		global $cache, $config, $db;
+
+		$db = $this->db = $this->new_dbal();
+		$config = array(
+			'load_online_time'	=> 5,
+			'search_type'		=> 'fulltext_mysql',
+		);
+		$cache = new phpbb_mock_null_cache();
+	}
+
+	 public function first_last_post_data()
+	{
+		return array(
+			array(
+				'retain', false,
+				array(
+					array('post_id' => 1, 'poster_id' => ANONYMOUS, 'post_username' => ''),
+					array('post_id' => 2, 'poster_id' => ANONYMOUS, 'post_username' => 'Other'),
+					array('post_id' => 3, 'poster_id' => ANONYMOUS, 'post_username' => ''),
+					array('post_id' => 4, 'poster_id' => ANONYMOUS, 'post_username' => 'Other'),
+				),
+				array(
+					array(
+						'topic_id' => 1,
+						'topic_poster' => ANONYMOUS, 'topic_first_poster_name' => '', 'topic_first_poster_colour' => '',
+						'topic_last_poster_id' => ANONYMOUS, 'topic_last_poster_name' => '', 'topic_last_poster_colour' => '',
+					),
+					array(
+						'topic_id' => 2,
+						'topic_poster' => ANONYMOUS, 'topic_first_poster_name' => 'Other', 'topic_first_poster_colour' => '',
+						'topic_last_poster_id' => ANONYMOUS, 'topic_last_poster_name' => 'Other', 'topic_last_poster_colour' => '',
+					),
+					array(
+						'topic_id' => 3,
+						'topic_poster' => ANONYMOUS, 'topic_first_poster_name' => '', 'topic_first_poster_colour' => '',
+						'topic_last_poster_id' => ANONYMOUS, 'topic_last_poster_name' => '', 'topic_last_poster_colour' => '',
+					),
+					array(
+						'topic_id' => 4,
+						'topic_poster' => ANONYMOUS, 'topic_first_poster_name' => 'Other', 'topic_first_poster_colour' => '',
+						'topic_last_poster_id' => ANONYMOUS, 'topic_last_poster_name' => 'Other', 'topic_last_poster_colour' => '',
+					),
+				),
+				array(
+					array('forum_id' => 1, 'forum_last_poster_id' => ANONYMOUS, 'forum_last_poster_name' => '', 'forum_last_poster_colour' => ''),
+					array('forum_id' => 2, 'forum_last_poster_id' => ANONYMOUS, 'forum_last_poster_name' => 'Other', 'forum_last_poster_colour' => ''),
+					array('forum_id' => 3, 'forum_last_poster_id' => ANONYMOUS, 'forum_last_poster_name' => '', 'forum_last_poster_colour' => ''),
+					array('forum_id' => 4, 'forum_last_poster_id' => ANONYMOUS, 'forum_last_poster_name' => 'Other', 'forum_last_poster_colour' => ''),
+				),
+			),
+			array(
+				'remove', false,
+				array(
+					array('post_id' => 2, 'poster_id' => ANONYMOUS, 'post_username' => 'Other'),
+					array('post_id' => 4, 'poster_id' => ANONYMOUS, 'post_username' => 'Other'),
+				),
+				array(
+					array(
+						'topic_id' => 2,
+						'topic_poster' => ANONYMOUS, 'topic_first_poster_name' => 'Other', 'topic_first_poster_colour' => '',
+						'topic_last_poster_id' => ANONYMOUS, 'topic_last_poster_name' => 'Other', 'topic_last_poster_colour' => '',
+					),
+					array(
+						'topic_id' => 4,
+						'topic_poster' => ANONYMOUS, 'topic_first_poster_name' => 'Other', 'topic_first_poster_colour' => '',
+						'topic_last_poster_id' => ANONYMOUS, 'topic_last_poster_name' => 'Other', 'topic_last_poster_colour' => '',
+					),
+				),
+				array(
+					array('forum_id' => 1, 'forum_last_poster_id' => 0, 'forum_last_poster_name' => '', 'forum_last_poster_colour' => ''),
+					array('forum_id' => 2, 'forum_last_poster_id' => ANONYMOUS, 'forum_last_poster_name' => 'Other', 'forum_last_poster_colour' => ''),
+					array('forum_id' => 3, 'forum_last_poster_id' => 0, 'forum_last_poster_name' => '', 'forum_last_poster_colour' => ''),
+					array('forum_id' => 4, 'forum_last_poster_id' => ANONYMOUS, 'forum_last_poster_name' => 'Other', 'forum_last_poster_colour' => ''),
+				),
+			),
+			array(
+				'retain', 'Bertie',
+				array(
+					array('post_id' => 1, 'poster_id' => ANONYMOUS, 'post_username' => 'Bertie'),
+					array('post_id' => 2, 'poster_id' => ANONYMOUS, 'post_username' => 'Other'),
+					array('post_id' => 3, 'poster_id' => ANONYMOUS, 'post_username' => 'Bertie'),
+					array('post_id' => 4, 'poster_id' => ANONYMOUS, 'post_username' => 'Other'),
+				),
+				array(
+					array(
+						'topic_id' => 1,
+						'topic_poster' => ANONYMOUS, 'topic_first_poster_name' => 'Bertie', 'topic_first_poster_colour' => '',
+						'topic_last_poster_id' => ANONYMOUS, 'topic_last_poster_name' => 'Bertie', 'topic_last_poster_colour' => '',
+					),
+					array(
+						'topic_id' => 2,
+						'topic_poster' => ANONYMOUS, 'topic_first_poster_name' => 'Other', 'topic_first_poster_colour' => '',
+						'topic_last_poster_id' => ANONYMOUS, 'topic_last_poster_name' => 'Other', 'topic_last_poster_colour' => '',
+					),
+					array(
+						'topic_id' => 3,
+						'topic_poster' => ANONYMOUS, 'topic_first_poster_name' => 'Bertie', 'topic_first_poster_colour' => '',
+						'topic_last_poster_id' => ANONYMOUS, 'topic_last_poster_name' => 'Bertie', 'topic_last_poster_colour' => '',
+					),
+					array(
+						'topic_id' => 4,
+						'topic_poster' => ANONYMOUS, 'topic_first_poster_name' => 'Other', 'topic_first_poster_colour' => '',
+						'topic_last_poster_id' => ANONYMOUS, 'topic_last_poster_name' => 'Other', 'topic_last_poster_colour' => '',
+					),
+				),
+				array(
+					array('forum_id' => 1, 'forum_last_poster_id' => ANONYMOUS, 'forum_last_poster_name' => 'Bertie', 'forum_last_poster_colour' => ''),
+					array('forum_id' => 2, 'forum_last_poster_id' => ANONYMOUS, 'forum_last_poster_name' => 'Other', 'forum_last_poster_colour' => ''),
+					array('forum_id' => 3, 'forum_last_poster_id' => ANONYMOUS, 'forum_last_poster_name' => 'Bertie', 'forum_last_poster_colour' => ''),
+					array('forum_id' => 4, 'forum_last_poster_id' => ANONYMOUS, 'forum_last_poster_name' => 'Other', 'forum_last_poster_colour' => ''),
+				),
+			),
+			array(
+				'remove', 'Bertie',
+				array(
+					array('post_id' => 2, 'poster_id' => ANONYMOUS, 'post_username' => 'Other'),
+					array('post_id' => 4, 'poster_id' => ANONYMOUS, 'post_username' => 'Other'),
+				),
+				array(
+					array(
+						'topic_id' => 2,
+						'topic_poster' => ANONYMOUS, 'topic_first_poster_name' => 'Other', 'topic_first_poster_colour' => '',
+						'topic_last_poster_id' => ANONYMOUS, 'topic_last_poster_name' => 'Other', 'topic_last_poster_colour' => '',
+					),
+					array(
+						'topic_id' => 4,
+						'topic_poster' => ANONYMOUS, 'topic_first_poster_name' => 'Other', 'topic_first_poster_colour' => '',
+						'topic_last_poster_id' => ANONYMOUS, 'topic_last_poster_name' => 'Other', 'topic_last_poster_colour' => '',
+					),
+				),
+				array(
+					array('forum_id' => 1, 'forum_last_poster_id' => 0, 'forum_last_poster_name' => '', 'forum_last_poster_colour' => ''),
+					array('forum_id' => 2, 'forum_last_poster_id' => ANONYMOUS, 'forum_last_poster_name' => 'Other', 'forum_last_poster_colour' => ''),
+					array('forum_id' => 3, 'forum_last_poster_id' => 0, 'forum_last_poster_name' => '', 'forum_last_poster_colour' => ''),
+					array('forum_id' => 4, 'forum_last_poster_id' => ANONYMOUS, 'forum_last_poster_name' => 'Other', 'forum_last_poster_colour' => ''),
+				),
+			),
+		);
+	}
+
+	/**
+	* @dataProvider first_last_post_data
+	*/
+	public function test_first_last_post_info($mode, $post_username, $expected_posts, $expected_topics, $expected_forums)
+	{
+		$this->assertFalse(user_delete($mode, 2, $post_username));
+
+		$sql = 'SELECT post_id, poster_id, post_username
+			FROM ' . POSTS_TABLE . '
+			ORDER BY post_id ASC';
+		$result = $this->db->sql_query($sql);
+		$this->assertEquals($expected_posts, $this->db->sql_fetchrowset($result), 'Post table poster info is mismatching after deleting a user.');
+		$this->db->sql_freeresult($result);
+
+		$sql = 'SELECT topic_id, topic_poster, topic_first_poster_name, topic_first_poster_colour, topic_last_poster_id, topic_last_poster_name, topic_last_poster_colour
+			FROM ' . TOPICS_TABLE . '
+			ORDER BY topic_id ASC';
+		$result = $this->db->sql_query($sql);
+		$this->assertEquals($expected_topics, $this->db->sql_fetchrowset($result), 'Topic table first/last poster info is mismatching after deleting a user.');
+		$this->db->sql_freeresult($result);
+
+		$sql = 'SELECT forum_id, forum_last_poster_id, forum_last_poster_name, forum_last_poster_colour
+			FROM ' . FORUMS_TABLE . '
+			ORDER BY forum_id ASC';
+		$result = $this->db->sql_query($sql);
+		$this->assertEquals($expected_forums, $this->db->sql_fetchrowset($result), 'Forum table last poster info is mismatching after deleting a user.');
+		$this->db->sql_freeresult($result);
+	}
+
+	 public function report_attachment_data()
+	{
+		return array(
+			array(
+				'retain',
+				array(
+					array('post_id' => 1, 'post_reported' => 1, 'post_edit_user' => 1),
+					array('post_id' => 2, 'post_reported' => 1, 'post_edit_user' => 1),
+					array('post_id' => 3, 'post_reported' => 0, 'post_edit_user' => 1),
+					array('post_id' => 4, 'post_reported' => 0, 'post_edit_user' => 1),
+				),
+				array(
+					array('report_id' => 1, 'post_id' => 1, 'user_id' => 1),
+					array('report_id' => 3, 'post_id' => 2, 'user_id' => 1),
+				),
+				array(
+					array('topic_id' => 1, 'topic_reported' => 1),
+					array('topic_id' => 2, 'topic_reported' => 1),
+					array('topic_id' => 3, 'topic_reported' => 0),
+					array('topic_id' => 4, 'topic_reported' => 0),
+				),
+				array(
+					array('attach_id' => 1, 'post_msg_id' => 1, 'poster_id' => 1),
+					array('attach_id' => 2, 'post_msg_id' => 2, 'poster_id' => 1),
+					array('attach_id' => 3, 'post_msg_id' => 0, 'poster_id' => 1), // TODO should be deleted: PHPBB3-13089
+				),
+			),
+			array(
+				'remove',
+				array(
+					array('post_id' => 2, 'post_reported' => 1, 'post_edit_user' => 1),
+					array('post_id' => 4, 'post_reported' => 0, 'post_edit_user' => 1),
+				),
+				array(
+					array('report_id' => 3, 'post_id' => 2, 'user_id' => 1),
+				),
+				array(
+					array('topic_id' => 2, 'topic_reported' => 1),
+					array('topic_id' => 4, 'topic_reported' => 0),
+				),
+				array(
+					array('attach_id' => 2, 'post_msg_id' => 2, 'poster_id' => 1),
+					array('attach_id' => 3, 'post_msg_id' => 0, 'poster_id' => 2), // TODO should be deleted: PHPBB3-13089
+				),
+			),
+		);
+	}
+
+	/**
+	* @dataProvider report_attachment_data
+	*/
+	public function test_report_attachment_info($mode, $expected_posts, $expected_reports, $expected_topics, $expected_attach)
+	{
+		$this->assertFalse(user_delete($mode, 2));
+
+		$sql = 'SELECT post_id, post_reported, post_edit_user
+			FROM ' . POSTS_TABLE . '
+			ORDER BY post_id ASC';
+		$result = $this->db->sql_query($sql);
+		$this->assertEquals($expected_posts, $this->db->sql_fetchrowset($result), 'Post report status content is mismatching after deleting a user.');
+		$this->db->sql_freeresult($result);
+
+		$sql = 'SELECT report_id, post_id, user_id
+			FROM ' . REPORTS_TABLE . '
+			ORDER BY report_id ASC';
+		$result = $this->db->sql_query($sql);
+		$this->assertEquals($expected_reports, $this->db->sql_fetchrowset($result), 'Report table content is mismatching after deleting a user.');
+		$this->db->sql_freeresult($result);
+
+		$sql = 'SELECT topic_id, topic_reported
+			FROM ' . TOPICS_TABLE . '
+			ORDER BY topic_id ASC';
+		$result = $this->db->sql_query($sql);
+		$this->assertEquals($expected_topics, $this->db->sql_fetchrowset($result), 'Topic report status is mismatching after deleting a user.');
+		$this->db->sql_freeresult($result);
+
+		$sql = 'SELECT attach_id, post_msg_id, poster_id
+			FROM ' . ATTACHMENTS_TABLE . '
+			ORDER BY attach_id ASC';
+		$result = $this->db->sql_query($sql);
+		$this->assertEquals($expected_attach, $this->db->sql_fetchrowset($result), 'Attachment table content is mismatching after deleting a user.');
+		$this->db->sql_freeresult($result);
+	}
+
+	 public function delete_data()
+	{
+		return array(
+			array(
+				'retain',
+				array(array('user_id' => 1, 'user_posts' => 4)),
+				array(array('user_id' => 1, 'zebra_id' => 3)),
+				array(array('ban_id' => 2), array('ban_id' => 3)),
+				array(array('session_id' => '12345678901234567890123456789013')),
+				array(
+					array('log_id' => 2, 'user_id' => 1, 'reportee_id' => 1),
+					array('log_id' => 3, 'user_id' => 1, 'reportee_id' => 1),
+				),
+				array(
+					array('msg_id' => 1, 'author_id' => 3, 'message_edit_user' => 3),
+					array('msg_id' => 2, 'author_id' => 1, 'message_edit_user' => 1),
+				),
+			),
+			array(
+				'remove',
+				array(array('user_id' => 1, 'user_posts' => 2)),
+				array(array('user_id' => 1, 'zebra_id' => 3)),
+				array(array('ban_id' => 2), array('ban_id' => 3)),
+				array(array('session_id' => '12345678901234567890123456789013')),
+				array(
+					array('log_id' => 2, 'user_id' => 1, 'reportee_id' => 1),
+					array('log_id' => 3, 'user_id' => 1, 'reportee_id' => 1),
+				),
+				array(
+					array('msg_id' => 1, 'author_id' => 3, 'message_edit_user' => 3),
+					array('msg_id' => 2, 'author_id' => 1, 'message_edit_user' => 1),
+				),
+			),
+		);
+	}
+
+	/**
+	* @dataProvider delete_data
+	*/
+	public function test_delete_data($mode, $expected_users, $expected_zebra, $expected_ban, $expected_sessions, $expected_logs, $expected_pms)
+	{
+		$this->assertFalse(user_delete($mode, 2));
+
+		$sql = 'SELECT user_id, user_posts
+			FROM ' . USERS_TABLE . '
+			ORDER BY user_id ASC';
+		$result = $this->db->sql_query($sql);
+		$this->assertEquals($expected_users, $this->db->sql_fetchrowset($result), 'User table content is mismatching after deleting a user.');
+		$this->db->sql_freeresult($result);
+
+		$sql = 'SELECT user_id, zebra_id
+			FROM ' . ZEBRA_TABLE . '
+			ORDER BY user_id ASC, zebra_id ASC';
+		$result = $this->db->sql_query($sql);
+		$this->assertEquals($expected_zebra, $this->db->sql_fetchrowset($result), 'Zebra table content is mismatching after deleting a user.');
+		$this->db->sql_freeresult($result);
+
+		$sql = 'SELECT ban_id
+			FROM ' . BANLIST_TABLE . '
+			ORDER BY ban_id ASC';
+		$result = $this->db->sql_query($sql);
+		$this->assertEquals($expected_ban, $this->db->sql_fetchrowset($result), 'Ban table content is mismatching after deleting a user.');
+		$this->db->sql_freeresult($result);
+
+		$sql = 'SELECT session_id
+			FROM ' . SESSIONS_TABLE . '
+			ORDER BY session_id ASC';
+		$result = $this->db->sql_query($sql);
+		$this->assertEquals($expected_sessions, $this->db->sql_fetchrowset($result), 'Session table content is mismatching after deleting a user.');
+		$this->db->sql_freeresult($result);
+
+		$sql = 'SELECT log_id, user_id, reportee_id
+			FROM ' . LOG_TABLE . '
+			ORDER BY log_id ASC';
+		$result = $this->db->sql_query($sql);
+		$this->assertEquals($expected_logs, $this->db->sql_fetchrowset($result), 'Log table content is mismatching after deleting a user.');
+		$this->db->sql_freeresult($result);
+
+		$sql = 'SELECT msg_id, author_id, message_edit_user
+			FROM ' . PRIVMSGS_TABLE . '
+			ORDER BY msg_id ASC';
+		$result = $this->db->sql_query($sql);
+		$this->assertEquals($expected_pms, $this->db->sql_fetchrowset($result), 'Private messages table content is mismatching after deleting a user.');
+		$this->db->sql_freeresult($result);
+	}
+
+	 public function delete_user_id_data()
+	{
+		return array(
+			array(
+				'retain',
+				array(
+					USER_GROUP_TABLE,
+					TOPICS_WATCH_TABLE,
+					FORUMS_WATCH_TABLE,
+					ACL_USERS_TABLE,
+					TOPICS_TRACK_TABLE,
+					TOPICS_POSTED_TABLE,
+					FORUMS_TRACK_TABLE,
+					PROFILE_FIELDS_DATA_TABLE,
+					MODERATOR_CACHE_TABLE,
+					DRAFTS_TABLE,
+					BOOKMARKS_TABLE,
+					SESSIONS_KEYS_TABLE,
+					PRIVMSGS_FOLDER_TABLE,
+					PRIVMSGS_RULES_TABLE,
+				),
+			),
+			array(
+				'remove',
+				array(
+					USER_GROUP_TABLE,
+					TOPICS_WATCH_TABLE,
+					FORUMS_WATCH_TABLE,
+					ACL_USERS_TABLE,
+					TOPICS_TRACK_TABLE,
+					TOPICS_POSTED_TABLE,
+					FORUMS_TRACK_TABLE,
+					PROFILE_FIELDS_DATA_TABLE,
+					MODERATOR_CACHE_TABLE,
+					DRAFTS_TABLE,
+					BOOKMARKS_TABLE,
+					SESSIONS_KEYS_TABLE,
+					PRIVMSGS_FOLDER_TABLE,
+					PRIVMSGS_RULES_TABLE,
+				),
+			),
+		);
+	}
+
+	/**
+	* @dataProvider delete_user_id_data
+	*/
+	public function test_delete_user_id_data($mode, $cleaned_tables)
+	{
+		$this->assertFalse(user_delete($mode, 2));
+
+		foreach ($cleaned_tables as $table)
+		{
+			$sql = 'SELECT user_id
+				FROM ' . $table . '
+				WHERE user_id = 2';
+			$result = $this->db->sql_query($sql);
+			$this->assertFalse($this->db->sql_fetchfield('user_id'), 'Found data for deleted user in table: ' . $table);
+			$this->db->sql_freeresult($result);
+
+			$sql = 'SELECT user_id
+				FROM ' . $table . '
+				WHERE user_id = 3';
+			$result = $this->db->sql_query($sql);
+			$this->assertEquals(3, $this->db->sql_fetchfield('user_id'), 'Missing data for user in table: ' . $table);
+			$this->db->sql_freeresult($result);
+		}
+	}
+}

tests/functions_user/fixtures/delete_user.xml

@@ -0,0 +1,531 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<dataset>
+	<table name="phpbb_attachments">
+		<column>attach_id</column>
+		<column>post_msg_id</column>
+		<column>topic_id</column>
+		<column>in_message</column>
+		<column>poster_id</column>
+		<column>is_orphan</column>
+		<column>attach_comment</column>
+		<row>
+			<value>1</value>
+			<value>1</value>
+			<value>1</value>
+			<value>0</value>
+			<value>2</value>
+			<value>0</value>
+			<value></value>
+		</row>
+		<row>
+			<value>2</value>
+			<value>2</value>
+			<value>2</value>
+			<value>0</value>
+			<value>1</value>
+			<value>0</value>
+			<value></value>
+		</row>
+		<row>
+			<value>3</value>
+			<value>0</value>
+			<value>0</value>
+			<value>0</value>
+			<value>2</value>
+			<value>1</value>
+			<value></value>
+		</row>
+	</table>
+	<table name="phpbb_banlist">
+		<column>ban_id</column>
+		<column>ban_userid</column>
+		<column>ban_email</column>
+		<column>ban_reason</column>
+		<column>ban_give_reason</column>
+		<row>
+			<value>1</value>
+			<value>2</value>
+			<value></value>
+			<value></value>
+			<value></value>
+		</row>
+		<row>
+			<value>2</value>
+			<value>3</value>
+			<value></value>
+			<value></value>
+			<value></value>
+		</row>
+		<row>
+			<value>3</value>
+			<value>0</value>
+			<value></value>
+			<value></value>
+			<value></value>
+		</row>
+	</table>
+	<table name="phpbb_forums">
+		<column>forum_id</column>
+		<column>forum_last_poster_id</column>
+		<column>forum_last_poster_name</column>
+		<column>forum_last_poster_colour</column>
+		<column>forum_parents</column>
+		<column>forum_desc</column>
+		<column>forum_rules</column>
+		<row>
+			<value>1</value>
+			<value>2</value>
+			<value></value>
+			<value>00AA00</value>
+			<value></value>
+			<value></value>
+			<value></value>
+		</row>
+		<row>
+			<value>2</value>
+			<value>1</value>
+			<value>Other</value>
+			<value></value>
+			<value></value>
+			<value></value>
+			<value></value>
+		</row>
+		<row>
+			<value>3</value>
+			<value>2</value>
+			<value></value>
+			<value>00AA00</value>
+			<value></value>
+			<value></value>
+			<value></value>
+		</row>
+		<row>
+			<value>4</value>
+			<value>1</value>
+			<value>Other</value>
+			<value></value>
+			<value></value>
+			<value></value>
+			<value></value>
+		</row>
+	</table>
+	<table name="phpbb_log">
+		<column>log_id</column>
+		<column>user_id</column>
+		<column>reportee_id</column>
+		<column>log_operation</column>
+		<column>log_data</column>
+		<row>
+			<value>1</value>
+			<value>1</value>
+			<value>2</value>
+			<value></value>
+			<value></value>
+		</row>
+		<row>
+			<value>2</value>
+			<value>2</value>
+			<value>1</value>
+			<value></value>
+			<value></value>
+		</row>
+		<row>
+			<value>3</value>
+			<value>1</value>
+			<value>1</value>
+			<value></value>
+			<value></value>
+		</row>
+		<row>
+			<value>4</value>
+			<value>2</value>
+			<value>2</value>
+			<value></value>
+			<value></value>
+		</row>
+	</table>
+	<table name="phpbb_posts">
+		<column>post_id</column>
+		<column>poster_id</column>
+		<column>post_edit_user</column>
+		<column>post_username</column>
+		<column>topic_id</column>
+		<column>forum_id</column>
+		<column>post_approved</column>
+		<column>post_time</column>
+		<column>post_text</column>
+		<column>post_reported</column>
+		<row>
+			<value>1</value>
+			<value>2</value>
+			<value>2</value>
+			<value></value>
+			<value>1</value>
+			<value>1</value>
+			<value>1</value>
+			<value>1</value>
+			<value></value>
+			<value>1</value>
+		</row>
+		<row>
+			<value>2</value>
+			<value>1</value>
+			<value>1</value>
+			<value>Other</value>
+			<value>2</value>
+			<value>2</value>
+			<value>1</value>
+			<value>1</value>
+			<value></value>
+			<value>1</value>
+		</row>
+		<row>
+			<value>3</value>
+			<value>2</value>
+			<value>2</value>
+			<value></value>
+			<value>3</value>
+			<value>3</value>
+			<value>1</value>
+			<value>1</value>
+			<value></value>
+			<value>1</value>
+		</row>
+		<row>
+			<value>4</value>
+			<value>1</value>
+			<value>1</value>
+			<value>Other</value>
+			<value>4</value>
+			<value>4</value>
+			<value>1</value>
+			<value>1</value>
+			<value></value>
+			<value>1</value>
+		</row>
+	</table>
+	<table name="phpbb_privmsgs">
+		<column>msg_id</column>
+		<column>author_id</column>
+		<column>message_edit_user</column>
+		<column>message_text</column>
+		<column>to_address</column>
+		<column>bcc_address</column>
+		<row>
+			<value>1</value>
+			<value>3</value>
+			<value>3</value>
+			<value></value>
+			<value></value>
+			<value></value>
+		</row>
+		<row>
+			<value>2</value>
+			<value>2</value>
+			<value>2</value>
+			<value></value>
+			<value></value>
+			<value></value>
+		</row>
+	</table>
+	<table name="phpbb_privmsgs_to">
+		<column>msg_id</column>
+		<column>user_id</column>
+		<column>author_id</column>
+		<row>
+			<value>1</value>
+			<value>3</value>
+			<value>3</value>
+		</row>
+		<row>
+			<value>1</value>
+			<value>2</value>
+			<value>3</value>
+		</row>
+		<row>
+			<value>2</value>
+			<value>3</value>
+			<value>2</value>
+		</row>
+		<row>
+			<value>2</value>
+			<value>2</value>
+			<value>2</value>
+		</row>
+	</table>
+	<table name="phpbb_reports">
+		<column>report_id</column>
+		<column>post_id</column>
+		<column>user_id</column>
+		<column>report_text</column>
+		<row>
+			<value>1</value>
+			<value>1</value>
+			<value>1</value>
+			<value>Post Removed?</value>
+		</row>
+		<row>
+			<value>2</value>
+			<value>3</value>
+			<value>2</value>
+			<value>Post Removed?</value>
+		</row>
+		<row>
+			<value>3</value>
+			<value>2</value>
+			<value>1</value>
+			<value>Keep</value>
+		</row>
+		<row>
+			<value>4</value>
+			<value>4</value>
+			<value>2</value>
+			<value>Remove Report</value>
+		</row>
+	</table>
+	<table name="phpbb_sessions">
+		<column>session_id</column>
+		<column>session_user_id</column>
+		<column>session_page</column>
+		<row>
+			<value>12345678901234567890123456789012</value>
+			<value>2</value>
+			<value></value>
+		</row>
+		<row>
+			<value>12345678901234567890123456789013</value>
+			<value>3</value>
+			<value></value>
+		</row>
+	</table>
+	<table name="phpbb_topics">
+		<column>topic_id</column>
+		<column>forum_id</column>
+		<column>topic_reported</column>
+		<column>topic_poster</column>
+		<column>topic_first_poster_name</column>
+		<column>topic_first_poster_colour</column>
+		<column>topic_last_poster_id</column>
+		<column>topic_last_poster_name</column>
+		<column>topic_last_poster_colour</column>
+		<row>
+			<value>1</value>
+			<value>1</value>
+			<value>1</value>
+			<value>2</value>
+			<value></value>
+			<value>00AA00</value>
+			<value>2</value>
+			<value></value>
+			<value>00AA00</value>
+		</row>
+		<row>
+			<value>2</value>
+			<value>2</value>
+			<value>1</value>
+			<value>1</value>
+			<value>Other</value>
+			<value></value>
+			<value>1</value>
+			<value>Other</value>
+			<value></value>
+		</row>
+		<row>
+			<value>3</value>
+			<value>3</value>
+			<value>1</value>
+			<value>2</value>
+			<value></value>
+			<value>00AA00</value>
+			<value>2</value>
+			<value></value>
+			<value>00AA00</value>
+		</row>
+		<row>
+			<value>4</value>
+			<value>4</value>
+			<value>1</value>
+			<value>1</value>
+			<value>Other</value>
+			<value></value>
+			<value>1</value>
+			<value>Other</value>
+			<value></value>
+		</row>
+	</table>
+	<table name="phpbb_users">
+		<column>user_id</column>
+		<column>username_clean</column>
+		<column>user_permissions</column>
+		<column>user_sig</column>
+		<column>user_occ</column>
+		<column>user_interests</column>
+		<column>user_posts</column>
+		<row>
+			<value>1</value>
+			<value>Anonymous</value>
+			<value></value>
+			<value></value>
+			<value></value>
+			<value></value>
+			<value>2</value>
+		</row>
+		<row>
+			<value>2</value>
+			<value>Foobar</value>
+			<value></value>
+			<value></value>
+			<value></value>
+			<value></value>
+			<value>2</value>
+		</row>
+	</table>
+	<table name="phpbb_zebra">
+		<column>user_id</column>
+		<column>zebra_id</column>
+		<row>
+			<value>1</value>
+			<value>2</value>
+		</row>
+		<row>
+			<value>1</value>
+			<value>3</value>
+		</row>
+		<row>
+			<value>2</value>
+			<value>1</value>
+		</row>
+	</table>
+	<table name="phpbb_user_group">
+		<column>user_id</column>
+		<row>
+			<value>2</value>
+		</row>
+		<row>
+			<value>3</value>
+		</row>
+	</table>
+	<table name="phpbb_topics_watch">
+		<column>user_id</column>
+		<row>
+			<value>2</value>
+		</row>
+		<row>
+			<value>3</value>
+		</row>
+	</table>
+	<table name="phpbb_forums_watch">
+		<column>user_id</column>
+		<row>
+			<value>2</value>
+		</row>
+		<row>
+			<value>3</value>
+		</row>
+	</table>
+	<table name="phpbb_acl_users">
+		<column>user_id</column>
+		<row>
+			<value>2</value>
+		</row>
+		<row>
+			<value>3</value>
+		</row>
+	</table>
+	<table name="phpbb_topics_track">
+		<column>user_id</column>
+		<row>
+			<value>2</value>
+		</row>
+		<row>
+			<value>3</value>
+		</row>
+	</table>
+	<table name="phpbb_forums_track">
+		<column>user_id</column>
+		<row>
+			<value>2</value>
+		</row>
+		<row>
+			<value>3</value>
+		</row>
+	</table>
+	<table name="phpbb_topics_posted">
+		<column>user_id</column>
+		<row>
+			<value>2</value>
+		</row>
+		<row>
+			<value>3</value>
+		</row>
+	</table>
+	<table name="phpbb_profile_fields_data">
+		<column>user_id</column>
+		<row>
+			<value>2</value>
+		</row>
+		<row>
+			<value>3</value>
+		</row>
+	</table>
+	<table name="phpbb_moderator_cache">
+		<column>user_id</column>
+		<row>
+			<value>2</value>
+		</row>
+		<row>
+			<value>3</value>
+		</row>
+	</table>
+	<table name="phpbb_bookmarks">
+		<column>user_id</column>
+		<row>
+			<value>2</value>
+		</row>
+		<row>
+			<value>3</value>
+		</row>
+	</table>
+	<table name="phpbb_sessions_keys">
+		<column>user_id</column>
+		<row>
+			<value>2</value>
+		</row>
+		<row>
+			<value>3</value>
+		</row>
+	</table>
+	<table name="phpbb_privmsgs_folder">
+		<column>user_id</column>
+		<row>
+			<value>2</value>
+		</row>
+		<row>
+			<value>3</value>
+		</row>
+	</table>
+	<table name="phpbb_privmsgs_rules">
+		<column>user_id</column>
+		<column>rule_string</column>
+		<row>
+			<value>2</value>
+			<value></value>
+		</row>
+		<row>
+			<value>3</value>
+			<value></value>
+		</row>
+	</table>
+	<table name="phpbb_drafts">
+		<column>user_id</column>
+		<column>draft_message</column>
+		<row>
+			<value>2</value>
+			<value></value>
+		</row>
+		<row>
+			<value>3</value>
+			<value></value>
+		</row>
+	</table>
+</dataset>

tests/profile/get_profile_value_test.php

@@ -0,0 +1,42 @@
+<?php
+/**
+*
+* @package testing
+* @copyright (c) 2014 phpBB Group
+* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2
+*
+*/
+
+require_once dirname(__FILE__) . '/../../phpBB/includes/functions_profile_fields.php';
+
+class phpbb_profile_get_profile_value_test extends phpbb_test_case
+{
+	static public function get_profile_value_int_data()
+	{
+		return array(
+			array(FIELD_INT,	'10',	true,	10),
+			array(FIELD_INT,	'0',	true,	0),
+			array(FIELD_INT,	'',		true,	0),
+			array(FIELD_INT,	null,	true,	0),
+			array(FIELD_INT,	'10',	false,	10),
+			array(FIELD_INT,	'0',	false,	0),
+			array(FIELD_INT,	'',		false,	null),
+			array(FIELD_INT,	null,	false,	null),
+		);
+	}
+
+	/**
+	* @dataProvider get_profile_value_int_data
+	*/
+	public function test_get_profile_value_int($type, $value, $show_novalue, $expected)
+	{
+		$cp = new custom_profile;
+		$this->assertSame($expected, $cp->get_profile_value(array(
+			'value'	=> $value,
+			'data'	=> array(
+				'field_type'			=> $type,
+				'field_show_novalue'	=> $show_novalue,
+			),
+		)));
+	}
+}

tests/security/redirect_test.php

@@ -18,12 +18,17 @@ class phpbb_security_redirect_test extends phpbb_security_test_base
 	{
 		// array(Input -> redirect(), expected triggered error (else false), expected returned result url (else false))
 		return array(
-			array('data://x', false, 'http://localhost/phpBB'),
+			array('data://x', 'Tried to redirect to potentially insecure url.', false),
 			array('bad://localhost/phpBB/index.php', 'Tried to redirect to potentially insecure url.', false),
-			array('http://www.otherdomain.com/somescript.php', false, 'http://localhost/phpBB'),
+			array('http://www.otherdomain.com/somescript.php', 'Tried to redirect to potentially insecure url.', false),
 			array("http://localhost/phpBB/memberlist.php\n\rConnection: close", 'Tried to redirect to potentially insecure url.', false),
 			array('javascript:test', false, 'http://localhost/phpBB/../javascript:test'),
 			array('http://localhost/phpBB/index.php;url=', 'Tried to redirect to potentially insecure url.', false),
+			array('https://foobar.com\@http://localhost/phpBB', 'Tried to redirect to potentially insecure url.', false),
+			array('https://foobar.com\@localhost/troll/http://localhost/', 'Tried to redirect to potentially insecure url.', false),
+			array('http://localhost.foobar.com\@localhost/troll/http://localhost/', 'Tried to redirect to potentially insecure url.', false),
+			array('http://localhost/phpBB', false, 'http://localhost/phpBB'),
+			array('http://localhost/phpBB/', false, 'http://localhost/phpBB/'),
 		);
 	}