Merge pull request #3700 from Nicofuma/ticket/13823

[ticket/13823] Change diff options while packaging to not ignore all whitespaces
2025-09-10 16:20:46 +02:00 · 2015-06-10 22:22:52 +02:00 · 2015-06-10 14:15:10 +02:00 · 2015-06-08 17:52:31 +02:00 · 2015-06-08 17:01:52 +02:00 · 2015-05-29 22:31:41 +02:00
46 changed files with 599 additions and 220 deletions
--- a/.travis.yml
+++ b/.travis.yml
@@ -1,6 +1,5 @@
 language: php
 php:
-  - 5.2
  - 5.3.3
  - 5.3
  - 5.4
@@ -17,15 +16,14 @@ before_script:
  - sh -c "if [ '$DB' = 'mariadb' ]; then travis/setup-mariadb.sh; fi"
  - sh -c "if [ '$TRAVIS_PHP_VERSION' = '5.3' -a '$DB' = 'mysql' ]; then mysql -e 'SET GLOBAL storage_engine=MyISAM;'; fi"
  - sh -c "if [ '$DB' = 'mysql' -o '$DB' = 'mariadb' ]; then mysql -e 'create database IF NOT EXISTS phpbb_tests;'; fi"
-  - sh -c "if [ '$TRAVIS_PHP_VERSION' = '5.2' ]; then pear install --force phpunit/DbUnit; phpenv rehash; fi"
  - cd phpBB
-  - sh -c "if [ '$TRAVIS_PHP_VERSION' != '5.2' ]; then php ../composer.phar install --dev --no-interaction --prefer-source; fi"
+  - php ../composer.phar install --dev --no-interaction --prefer-source
  - cd ..
  - sh -c "if [ `php -r "echo (int) version_compare(PHP_VERSION, '5.3.19', '>=');"` = "1" ]; then travis/setup-webserver.sh; fi"
  - sh -c "if [ '$TRAVIS_PHP_VERSION' = '5.3.3' -a '$DB' = 'mysql' ]; then sudo apt-get update; sudo apt-get install -y parallel libimage-exiftool-perl; fi"

 script:
-  - sh -c "if [ '$TRAVIS_PHP_VERSION' = '5.2' ]; then phpunit --configuration travis/phpunit-$DB-5-2-travis.xml; else phpBB/vendor/bin/phpunit --configuration travis/phpunit-$DB-travis.xml; fi"
+  - phpBB/vendor/bin/phpunit --configuration travis/phpunit-$DB-travis.xml
  - sh -c "if [ '$TRAVIS_PHP_VERSION' = '5.3.3' -a '$DB' = 'mysql' -a '$TRAVIS_PULL_REQUEST' != 'false' ]; then git-tools/commit-msg-hook-range.sh origin/$TRAVIS_BRANCH..FETCH_HEAD; fi"
  - sh -c "if [ '$TRAVIS_PHP_VERSION' = '5.3.3' -a '$DB' = 'mysql' ]; then find . -type f -not -path './phpBB/vendor/*' -iregex '.*\.\(gif\|jpg\|jpeg\|png\)$' | parallel --gnu --keep-order 'phpBB/develop/strip_icc_profiles.sh {}' || exit 1; fi"

--- a/README.md
+++ b/README.md
@@ -19,9 +19,9 @@ Find support and lots more on [phpBB.com](http://www.phpbb.com)! Discuss the dev

 We have unit and functional tests in order to prevent regressions. You can view the bamboo continuous integration [here](http://bamboo.phpbb.com) or check our travis build below:

-* develop [![Build Status](https://secure.travis-ci.org/phpbb/phpbb.png?branch=develop)](http://travis-ci.org/phpbb/phpbb)
-* develop-ascraeus [![Build Status](https://secure.travis-ci.org/phpbb/phpbb.png?branch=develop-ascraeus)](http://travis-ci.org/phpbb/phpbb)
-* develop-olympus [![Build Status](https://secure.travis-ci.org/phpbb/phpbb.png?branch=develop-olympus)](http://travis-ci.org/phpbb/phpbb)
+* [![Build Status](https://secure.travis-ci.org/phpbb/phpbb.png?branch=master)](http://travis-ci.org/phpbb/phpbb) **master** - Latest development version
+* [![Build Status](https://secure.travis-ci.org/phpbb/phpbb.png?branch=3.1.x)](http://travis-ci.org/phpbb/phpbb) **3.1.x** - Development of version 3.1.x
+* [![Build Status](https://secure.travis-ci.org/phpbb/phpbb.png?branch=3.0.x)](http://travis-ci.org/phpbb/phpbb) **3.0.x** - Development of version 3.0.x

 ## LICENSE

--- a/build/build.xml
+++ b/build/build.xml
@@ -2,9 +2,9 @@

 <project name="phpBB" description="The phpBB forum software" default="all" basedir="../">
 	<!-- a few settings for the build -->
-	<property name="newversion" value="3.0.13-dev" />
-	<property name="prevversion" value="3.0.12" />
-	<property name="olderversions" value="3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.0.7, 3.0.7-PL1, 3.0.8, 3.0.9, 3.0.10, 3.0.11" />
+	<property name="newversion" value="3.0.15-dev" />
+	<property name="prevversion" value="3.0.14" />
+	<property name="olderversions" value="3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.0.7, 3.0.7-PL1, 3.0.8, 3.0.9, 3.0.10, 3.0.11, 3.0.12, 3.0.13, 3.0.13-PL1" />
 	<!-- no configuration should be needed beyond this point -->

 	<property name="oldversions" value="${olderversions}, ${prevversion}" />
@@ -73,9 +73,16 @@
 			passthru="true" />
 	</target>

+	<!-- Builds docs for current branch into build/api/output/master -->
 	<target name="docs">
 		<exec dir="."
-			command="phpBB/vendor/bin/sami.php update build/sami.conf.php"
+			command="phpBB/vendor/bin/sami.php update build/sami-checkout.conf.php"
+			passthru="true" />
+	</target>
+	<!-- Builds docs for multiple branches/tags into build/api/output/$branch -->
+	<target name="docs-all">
+		<exec dir="."
+			command="phpBB/vendor/bin/sami.php update build/sami-all.conf.php"
 			passthru="true" />
 	</target>

@@ -98,7 +105,7 @@
 			<property name="dir" value="build/old_versions/release-${version}" />
 		</phingcall>

-		<exec dir="build/old_versions" command="LC_ALL=C diff -crNEBwd release-${version} release-${newversion} >
+		<exec dir="build/old_versions" command="LC_ALL=C diff -crNEBZbd release-${version} release-${newversion} >
 			../new_version/patches/phpBB-${version}_to_${newversion}.patch" escape="false" />
 	</target>

@@ -125,13 +132,13 @@
 	<target name="package" depends="clean,prepare,prepare-new-version,old-version-diffs">
 		<exec dir="build" command="php -f package.php '${versions}' > logs/package.log" escape="false" />
 		<exec dir="build" escape="false"
-			command="diff -crNEBwd old_versions/release-${prevversion}/language new_version/phpBB3/language >
+			command="LC_ALL=C diff -crNEBZbd old_versions/release-${prevversion}/language new_version/phpBB3/language >
 				save/phpbb-${prevversion}_to_${newversion}_language.patch" />
 		<exec dir="build" escape="false"
-			command="diff -crNEBwd old_versions/release-${prevversion}/styles/prosilver new_version/phpBB3/styles/prosilver >
+			command="LC_ALL=C diff -crNEBZbd old_versions/release-${prevversion}/styles/prosilver new_version/phpBB3/styles/prosilver >
 				save/phpbb-${prevversion}_to_${newversion}_prosilver.patch" />
 		<exec dir="build" escape="false"
-			command="diff -crNEBwd old_versions/release-${prevversion}/styles/subsilver2 new_version/phpBB3/styles/subsilver2 >
+			command="LC_ALL=C diff -crNEBZbd old_versions/release-${prevversion}/styles/subsilver2 new_version/phpBB3/styles/subsilver2 >
 				save/phpbb-${prevversion}_to_${newversion}_subsilver2.patch" />

 		<exec dir="build" escape="false"
--- a/build/build_helper.php
+++ b/build/build_helper.php
@@ -18,11 +18,11 @@ class build_package
 	// -r - compare recursive
 	// -N - Treat missing files as empty
 	// -E - Ignore tab expansions
-	//		not used: -b - Ignore space changes.
-	// -w - Ignore all whitespace
+	// -Z - Ignore white space at line end.
+	// -b - Ignore changes in the amount of white space.
 	// -B - Ignore blank lines
 	// -d - Try to find smaller set of changes
-	var $diff_options = '-crNEBwd';
+	var $diff_options = '-crNEBZbd';
 	var $diff_options_long = '-x images -crNEB'; // -x fonts -x imageset //imageset not used here, because it includes the imageset.cfg file. ;)

 	var $verbose = false;
--- a/build/sami-all.conf.php
+++ b/build/sami-all.conf.php
@@ -0,0 +1,30 @@
+<?php
+/**
+*
+* This file is part of the phpBB Forum Software package.
+*
+* @copyright (c) phpBB Limited <https://www.phpbb.com>
+* @license GNU General Public License, version 2 (GPL-2.0)
+*
+* For full copyright and license information, please see
+* the docs/CREDITS.txt file.
+*
+*/
+
+require __DIR__ . '/sami-checkout.conf.php';
+
+$config['versions'] = Sami\Version\GitVersionCollection::create(__DIR__ . '/../')
+	/*
+	This would be nice, but currently causes various problems that need
+	debugging.
+	->addFromTags('release-3.0.*')
+	->add('3.0.x', '3.0-next (olympus)')
+	->addFromTags('release-3.1.*')
+	->add('3.1.x', '3.1-next (ascraeus)')
+	->add('master')
+	*/
+	->add('3.0.x')
+	->add('3.1.x')
+;
+
+return new Sami\Sami($iterator, $config);
--- a/build/sami-checkout.conf.php
+++ b/build/sami-checkout.conf.php
@@ -1,7 +1,14 @@
 <?php
 /**
-* @copyright (c) 2014 phpBB Group
-* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2
+*
+* This file is part of the phpBB Forum Software package.
+*
+* @copyright (c) phpBB Limited <https://www.phpbb.com>
+* @license GNU General Public License, version 2 (GPL-2.0)
+*
+* For full copyright and license information, please see
+* the docs/CREDITS.txt file.
+*
 */

 // Prevent 'Class "acm" does not exist.' exception on removeClass().
@@ -24,27 +31,14 @@ $iterator = Symfony\Component\Finder\Finder::create()
 	->notPath('data')
 ;

-$versions = Sami\Version\GitVersionCollection::create(__DIR__ . '/../')
-	/*
-	This would be nice, but currently causes various problems that need
-	debugging.
-	->addFromTags('release-3.0.*')
-	->add('develop-olympus', '3.0-next (olympus)')
-	->addFromTags('release-3.1.*')
-	->add('develop-ascraeus', '3.1-next (ascraeus)')
-	->add('develop')
-	*/
-	->add('develop-olympus')
-	->add('develop-ascraeus')
-;
-
-return new Sami\Sami($iterator, array(
+$config = array(
 	'theme'                => 'enhanced',
-	'versions'             => $versions,
 	'title'                => 'phpBB API Documentation',
 	'build_dir'            => __DIR__.'/api/output/%version%',
 	'cache_dir'            => __DIR__.'/api/cache/%version%',
 	'default_opened_level' => 2,
 	// Do not use JsonStore. See https://github.com/fabpot/Sami/issues/79
 	'store'                => new PhpbbArrayStore,
-));
+);
+
+return new Sami\Sami($iterator, $config);
--- a/composer.phar
+++ b/composer.phar
--- a/phpBB/adm/index.php
+++ b/phpBB/adm/index.php
@@ -524,6 +524,9 @@ function validate_config_vars($config_vars, &$cfg_array, &$error)

 				$cfg_array[$config_name] = trim($destination);

+			// Absolute file path
+			case 'absolute_path':
+			case 'absolute_path_writable':
 			// Path being relative (still prefixed by phpbb_root_path), but with the ability to escape the root dir...
 			case 'path':
 			case 'wpath':
@@ -542,20 +545,22 @@ function validate_config_vars($config_vars, &$cfg_array, &$error)
 					break;
 				}

-				if (!file_exists($phpbb_root_path . $cfg_array[$config_name]))
+				$path = in_array($config_definition['validate'], array('wpath', 'path', 'rpath', 'rwpath')) ? $phpbb_root_path . $cfg_array[$config_name] : $cfg_array[$config_name];
+
+				if (!file_exists($path))
 				{
 					$error[] = sprintf($user->lang['DIRECTORY_DOES_NOT_EXIST'], $cfg_array[$config_name]);
 				}

-				if (file_exists($phpbb_root_path . $cfg_array[$config_name]) && !is_dir($phpbb_root_path . $cfg_array[$config_name]))
+				if (file_exists($path) && !is_dir($path))
 				{
 					$error[] = sprintf($user->lang['DIRECTORY_NOT_DIR'], $cfg_array[$config_name]);
 				}

 				// Check if the path is writable
-				if ($config_definition['validate'] == 'wpath' || $config_definition['validate'] == 'rwpath')
+				if ($config_definition['validate'] == 'wpath' || $config_definition['validate'] == 'rwpath' || $config_definition['validate'] === 'absolute_path_writable')
 				{
-					if (file_exists($phpbb_root_path . $cfg_array[$config_name]) && !phpbb_is_writable($phpbb_root_path . $cfg_array[$config_name]))
+					if (file_exists($path) && !phpbb_is_writable($path))
 					{
 						$error[] = sprintf($user->lang['DIRECTORY_NOT_WRITABLE'], $cfg_array[$config_name]);
 					}
--- a/phpBB/adm/style/acp_update.html
+++ b/phpBB/adm/style/acp_update.html
@@ -19,7 +19,7 @@
 	<!-- ENDIF -->

 	<!-- IF NEXT_FEATURE_VERSION -->
-		<div class="errorbox">
+		<div class="errorbox notice">
 			<p>{UPGRADE_INSTRUCTIONS}</p>
 		</div>
 	<!-- ENDIF -->
--- a/phpBB/composer.lock
+++ b/phpBB/composer.lock
@@ -10,21 +10,21 @@
    "packages-dev": [
        {
            "name": "fabpot/goutte",
-            "version": "v1.0.3",
+            "version": "v1.0.7",
            "source": {
                "type": "git",
-                "url": "https://github.com/fabpot/Goutte.git",
-                "reference": "75c9f23c4122caf4ea3e87a42a00b471366e707f"
+                "url": "https://github.com/FriendsOfPHP/Goutte.git",
+                "reference": "794b196e76bdd37b5155cdecbad311f0a3b07625"
            },
            "dist": {
                "type": "zip",
-                "url": "https://api.github.com/repos/fabpot/Goutte/zipball/75c9f23c4122caf4ea3e87a42a00b471366e707f",
-                "reference": "75c9f23c4122caf4ea3e87a42a00b471366e707f",
+                "url": "https://api.github.com/repos/FriendsOfPHP/Goutte/zipball/794b196e76bdd37b5155cdecbad311f0a3b07625",
+                "reference": "794b196e76bdd37b5155cdecbad311f0a3b07625",
                "shasum": ""
            },
            "require": {
                "ext-curl": "*",
-                "guzzle/http": ">=3.0.5,<3.8-dev",
+                "guzzle/http": "~3.1",
                "php": ">=5.3.0",
                "symfony/browser-kit": "~2.1",
                "symfony/css-selector": "~2.1",
@@ -33,8 +33,8 @@
                "symfony/process": "~2.1"
            },
            "require-dev": {
-                "guzzle/plugin-history": ">=3.0.5,<3.8-dev",
-                "guzzle/plugin-mock": ">=3.0.5,<3.8-dev"
+                "guzzle/plugin-history": "~3.1",
+                "guzzle/plugin-mock": "~3.1"
            },
            "type": "application",
            "extra": {
@@ -54,9 +54,7 @@
            "authors": [
                {
                    "name": "Fabien Potencier",
-                    "email": "fabien@symfony.com",
-                    "homepage": "http://fabien.potencier.org",
-                    "role": "Lead Developer"
+                    "email": "fabien@symfony.com"
                }
            ],
            "description": "A simple PHP Web Scraper",
@@ -64,7 +62,7 @@
            "keywords": [
                "scraper"
            ],
-            "time": "2013-08-16 06:03:22"
+            "time": "2014-10-09 15:52:51"
        },
        {
            "name": "guzzle/common",
@@ -899,16 +897,16 @@
        },
        {
            "name": "sami/sami",
-            "version": "v1.3",
+            "version": "v1.4",
            "source": {
                "type": "git",
-                "url": "https://github.com/fabpot/Sami.git",
-                "reference": "76f2ed80b3420f7e2f6dcd5b7218b5a5781f4110"
+                "url": "https://github.com/FriendsOfPHP/Sami.git",
+                "reference": "70f29c781f7bef30181c814b9471b2ceac694454"
            },
            "dist": {
                "type": "zip",
-                "url": "https://api.github.com/repos/fabpot/Sami/zipball/76f2ed80b3420f7e2f6dcd5b7218b5a5781f4110",
-                "reference": "76f2ed80b3420f7e2f6dcd5b7218b5a5781f4110",
+                "url": "https://api.github.com/repos/FriendsOfPHP/Sami/zipball/70f29c781f7bef30181c814b9471b2ceac694454",
+                "reference": "70f29c781f7bef30181c814b9471b2ceac694454",
                "shasum": ""
            },
            "require": {
@@ -929,7 +927,7 @@
            "type": "application",
            "extra": {
                "branch-alias": {
-                    "dev-master": "1.3-dev"
+                    "dev-master": "1.4-dev"
                }
            },
            "autoload": {
@@ -944,9 +942,7 @@
            "authors": [
                {
                    "name": "Fabien Potencier",
-                    "email": "fabien@symfony.com",
-                    "homepage": "http://fabien.potencier.org",
-                    "role": "Lead Developer"
+                    "email": "fabien@symfony.com"
                }
            ],
            "description": "Sami, an API documentation generator",
@@ -954,7 +950,7 @@
            "keywords": [
                "phpdoc"
            ],
-            "time": "2013-11-30 17:16:25"
+            "time": "2014-06-25 11:24:03"
        },
        {
            "name": "sebastian/comparator",
--- a/phpBB/docs/AUTHORS
+++ b/phpBB/docs/AUTHORS
@@ -24,9 +24,10 @@ phpBB Lead Developer:  naderman (Nils Adermann)

 phpBB Developers:      bantu (Andreas Fischer)
                       dhruv.goel92 (Dhruv Goel)
+                       Elsensee (Oliver Schramm)
                       marc1706 (Marc Alexander)
                       nickvergessen (Joas Schilling)
-                       nicofuma (Tristan Darricau)
+                       Nicofuma (Tristan Darricau)
                       prototech (Cesar Gallegos)

 Contributions by:      leviatan21 (Gabriel Vazquez)
--- a/phpBB/docs/CHANGELOG.html
+++ b/phpBB/docs/CHANGELOG.html
@@ -52,7 +52,10 @@

 <ol>
 	<li><a href="#changelog">Changelog</a>
-	<ol style="list-style-type: lower-roman;">
+	<ul>
+		<li><a href="#v3013-PL1">Changes since 3.0.13-PL1</a></li>
+		<li><a href="#v3013">Changes since 3.0.13</a></li>
+		<li><a href="#v3012">Changes since 3.0.12</a></li>
 		<li><a href="#v3011">Changes since 3.0.11</a></li>
 		<li><a href="#v3010">Changes since 3.0.10</a></li>
 		<li><a href="#v309">Changes since 3.0.9</a></li>
@@ -74,7 +77,7 @@
 		<li><a href="#v30rc3">Changes since RC-3</a></li>
 		<li><a href="#v30rc2">Changes since RC-2</a></li>
 		<li><a href="#v30rc1">Changes since RC-1</a></li>
-	</ol>
+	</ul>
 	</li>
 	<li><a href="#disclaimer">Copyright and disclaimer</a></li>
 </ol>
@@ -93,7 +96,181 @@

 		<div class="content">

-	<a name="v3011"></a><h3>1.i. Changes since 3.0.11</h3>
+	<a name="v3013-PL1"></a><h3>Changes since 3.0.13-PL1</h3>
+
+<h4>Security</h4>
+<ul>
+<li>[SECURITY-180] - An insufficient check allowed users of the Google Chrome browser to be redirected to external domains (e.g. on login)</li>
+</ul>
+<h4>Bug</h4>
+<ul>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13348">PHPBB3-13348</a>] - sql_freeresult() should be called in feed base class</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13414">PHPBB3-13414</a>] - download/file.php sends Content-Length header even when issuing 304 Not Modified</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13555">PHPBB3-13555</a>] - Poll options preview rendered incorrectly by &lt;br /&gt; collision</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13568">PHPBB3-13568</a>] - Imagick path validated as relative path although ACP asks for absolute path</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13617">PHPBB3-13617</a>] - Bot session continuation with invalid f= query parameter causes SQL error</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13738">PHPBB3-13738</a>] - Sami still refers to develop-* branches</li>
+</ul>
+<h4>Improvement</h4>
+<ul>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12089">PHPBB3-12089</a>] - Make HTTP status code assertion failure messages more informative</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13765">PHPBB3-13765</a>] - Verify that SERVER_PROTOCOL has the expected format</li>
+</ul>
+<h4>Task</h4>
+<ul>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11539">PHPBB3-11539</a>] - Add unit tests for several functions in functions.php</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13572">PHPBB3-13572</a>] - Upgrade composer to 1.0.0-alpha9</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13599">PHPBB3-13599</a>] - Remove PHP 5.2 Travis environment</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13634">PHPBB3-13634</a>] - Update README to show new branch names</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13723">PHPBB3-13723</a>] - Update docs/AUTHORS for 3.0.14-RC1 / 3.1.4-RC1</li>
+</ul>
+
+	<a name="v3013"></a><h3>Changes since 3.0.13</h3>
+
+<h4>Bug</h4>
+<ul>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12933">PHPBB3-12933</a>] - The search operator for partial matches does not work</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13549">PHPBB3-13549</a>] - Compare ORIG_PATH_INFO with SCRIPT_NAME for checking trailing paths</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13554">PHPBB3-13554</a>] - Advertisement of feature release in red indicates a problem</li>
+</ul>
+
+	<a name="v3012"></a><h3>Changes since 3.0.12</h3>
+
+<h4>Security</h4>
+<ul>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13531">PHPBB3-13531</a>] - Disallow trailing paths (e.g. using the PATH_INFO feature) to prevent path-relative CSS injection</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13526">PHPBB3-13526</a>] - Correctly validate ucp_pm_options form key</li>
+</ul>
+<h4>Bug</h4>
+<ul>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-6703">PHPBB3-6703</a>] - Problem with russian letter while converting from 2.0.x</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-8960">PHPBB3-8960</a>] - Allow changing allow_avatar_remote when images/avatars/upload is not writable</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-9420">PHPBB3-9420</a>] - BBCode - Unable to use a proper URI token</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-9724">PHPBB3-9724</a>] - Wrong return &quot;Return to ACP&quot;</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-9725">PHPBB3-9725</a>] - MSSQL Schema is not azure compatible</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10023">PHPBB3-10023</a>] - Password change requirement notification in UCP is not noticable</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10423">PHPBB3-10423</a>] - Searching for the term &quot;test *&quot; will highlight nearly every word and displays htmlspecialchars as htmlentities.</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10442">PHPBB3-10442</a>] - XHTML is invalid when a forum link without redirect counter is present</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10687">PHPBB3-10687</a>] - UNABLE_GET_IMAGE_SIZE text misleading for remote avatars</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10729">PHPBB3-10729</a>] - Post editor information is not updated when user being deleted with posts</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10776">PHPBB3-10776</a>] - Grammar errors in docs/README.html</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10796">PHPBB3-10796</a>] - SQL Azure does not allow SELECT FROM sysfiles</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10851">PHPBB3-10851</a>] - HTML files containing certain tags being rejected as possible attack vectors with &quot;Check attachment file&quot; set to &quot;No&quot;</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10863">PHPBB3-10863</a>] - Permission mask does not accurately show some forum permissions if user has MOD parmissions</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10917">PHPBB3-10917</a>] - Updater notice &quot;Update files are out of date...&quot; when updating to unreleased version</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10985">PHPBB3-10985</a>] - Error bbcode.html not found when updating with custom style inheriting from prosilver</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11062">PHPBB3-11062</a>] - In Automatic Update, new language strings from install.php are only loaded from English</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11224">PHPBB3-11224</a>] - SQL cache destroy does not destroy queries to tables joined</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11288">PHPBB3-11288</a>] - &quot;Fulltext native&quot; search fooled by hyphens</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11480">PHPBB3-11480</a>] - Prevent Private Message system from returning &quot;Unknown folder&quot; when inbox folder is full</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11613">PHPBB3-11613</a>] - Cookies do not work for netbios domain</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11686">PHPBB3-11686</a>] - Not checking for phpBB Debug errors on functional tests</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11699">PHPBB3-11699</a>] - PHP Lint Test should exclude selected subdirectories of the build directory.</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11726">PHPBB3-11726</a>] - Don't run lint tests on Travis on postgres</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11762">PHPBB3-11762</a>] - generate_text_for_display() treats &quot;0&quot; as an empty string</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11789">PHPBB3-11789</a>] - Inline css with color value in subsilver2</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11794">PHPBB3-11794</a>] - Coding Guidelines document says to place a comma after every array element, but fails to do so itself</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11799">PHPBB3-11799</a>] - Anti Abuse Headers missing for sendpassword</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11811">PHPBB3-11811</a>] - Chrome 30 adds outline to focused elements</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11821">PHPBB3-11821</a>] - Wrong comma usage &quot;You are receiving this notification&quot;</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11823">PHPBB3-11823</a>] - Travis-CI webserver not matching PHP files with anything after the .php</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11829">PHPBB3-11829</a>] - Closed reports may seem open in detailed view</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11860">PHPBB3-11860</a>] - .htaccess not working for Apache 2.4</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11864">PHPBB3-11864</a>] - Do not call exit after display_progress_bar in acp_forums</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11879">PHPBB3-11879</a>] - Compatibility error in forum_fn.js: .live should be replaced with .on</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11968">PHPBB3-11968</a>] - Travis Image are broken due to repository rename</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12037">PHPBB3-12037</a>] - acp_inactive.html has hard-coded text</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12048">PHPBB3-12048</a>] - Custom BBCodes Fail to Render Language Strings with a Number</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12061">PHPBB3-12061</a>] - Keyboard shortcut alt+h doesn't work properly in firefox</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12072">PHPBB3-12072</a>] - Missing word &quot;send&quot; in comment in schema_data.sql</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12093">PHPBB3-12093</a>] - IE 11 javascript selection is no longer supported</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12118">PHPBB3-12118</a>] - Add noindex meta tag to subsilver2 pm/topic view-print template</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12119">PHPBB3-12119</a>] - Remove keywords and description meta tags from prosilver view-print templates</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12120">PHPBB3-12120</a>] - Update docs/AUTHORS for 3.0.13-RC1</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12140">PHPBB3-12140</a>] - Avoid endless loop in build script</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12161">PHPBB3-12161</a>] - build/save directories are no longer created</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12162">PHPBB3-12162</a>] - Binary files missing from update packages</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12176">PHPBB3-12176</a>] - No error shown when attempting to delete a founder</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12186">PHPBB3-12186</a>] - MCP should open &quot;Reported posts&quot; instead of PM Reports</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12188">PHPBB3-12188</a>] - Add php 5.6 to travis tests</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12202">PHPBB3-12202</a>] - Variables read from style.cfg etc. should be htmlspecialchared</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12205">PHPBB3-12205</a>] - Custom Profile Field display bug</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12210">PHPBB3-12210</a>] - dbtools::sql_create_table incorrectly throws error related to auto-increment length on non auto-increment fields</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12310">PHPBB3-12310</a>] - SMTP username and password should not autocomplete during install</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12316">PHPBB3-12316</a>] - develop-ascraeus build status missing from &quot;Automated Testing&quot; section in README.md</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12353">PHPBB3-12353</a>] - User attachments in ACP are not displaying every attachment</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12359">PHPBB3-12359</a>] - Day and Month of Birthday Misaligned When Editing</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12381">PHPBB3-12381</a>] - Broken error message when selecting invalid DB driver</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12397">PHPBB3-12397</a>] - db_tools::sql_unique_index_exists() has wrong doc block</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12429">PHPBB3-12429</a>] - Update phpunit to 3.8+</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12467">PHPBB3-12467</a>] - Add config_*.php  and tests_config_*.php to .gitignore</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12472">PHPBB3-12472</a>] - Set fast finish for .travis.yml</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12485">PHPBB3-12485</a>] - Broken tests due to absolute exclude</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12492">PHPBB3-12492</a>] - DB_TEST: Special chars are not supported.</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12540">PHPBB3-12540</a>] - WRONG_FILESIZE contains broken placeholders</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12660">PHPBB3-12660</a>] - Undefined offset error when phpinfo() disabled and debug enabled</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12695">PHPBB3-12695</a>] - Undefined index: MISSING_INLINE_ATTACHMENT notice given when viewing post details</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12720">PHPBB3-12720</a>] - Git commit hook should not require commit message to start with a capital letter</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12741">PHPBB3-12741</a>] - Functional tests on Travis fail since php update last night</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12755">PHPBB3-12755</a>] - Remote upload stuck in infinite loop if server sends keep-alive</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13086">PHPBB3-13086</a>] - Update ACP_MASS_EMAIL_EXPLAIN language key</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13096">PHPBB3-13096</a>] - ldap_escape() added to PHP 5.6.0</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13138">PHPBB3-13138</a>] - Banned users cause infinite recursion</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13168">PHPBB3-13168</a>] - Warning displayed in PHP 5.6 for mbstring.http_input</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13234">PHPBB3-13234</a>] - Remember me cookie gets unset by admin reauthentication</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13341">PHPBB3-13341</a>] - Tests fail when generating coverage report</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13376">PHPBB3-13376</a>] - deregister_globals() does not work correctly when $_COOKIE['GLOBALS'] - is specified</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13519">PHPBB3-13519</a>] - Correctly validate imagick path as path and not string</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13523">PHPBB3-13523</a>] - PHP 5.2 Unit Tests no longer work due to deprecated PHPUnit PEAR channel</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13527">PHPBB3-13527</a>] - Escape information received from version server</li>
+</ul>
+<h4>Improvement</h4>
+<ul>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10037">PHPBB3-10037</a>] - Add Smiley Buttons in Signature Editor</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10174">PHPBB3-10174</a>] - Rename &quot;Ban usernames&quot; to &quot;Ban users&quot; in ACP</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10549">PHPBB3-10549</a>] - Languages variables should be used, not hardcoded</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10555">PHPBB3-10555</a>] - Copyright notice in overall_header.html is not translatable</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10945">PHPBB3-10945</a>] - Show entered search query in the search box when no results are found.</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11254">PHPBB3-11254</a>] - Check CRLF line endings in the test suite</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11295">PHPBB3-11295</a>] - Drop tables for postgres in the test suite</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11297">PHPBB3-11297</a>] - Running tests doc should mention dbunit dependency</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11704">PHPBB3-11704</a>] - phing build script does not include vendor folder, even if there are dependencies</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11766">PHPBB3-11766</a>] - Remove Quote and Edit button when topic is lock</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11801">PHPBB3-11801</a>] - missing semi colons in css</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11814">PHPBB3-11814</a>] - Topic reply notification email text change</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12035">PHPBB3-12035</a>] - Add a link to user's posts in the ACP user overview page</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12106">PHPBB3-12106</a>] - Document exceptions to &quot;Disable Board&quot; in ACP.</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12146">PHPBB3-12146</a>] - Add color demo when editing a group from the UCP</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12247">PHPBB3-12247</a>] - include poster's username in email notifications of posts that get approved by moderators</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12259">PHPBB3-12259</a>] - Too many redundant tests are run on Travis</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12468">PHPBB3-12468</a>] - Allow mbstring.http_input='' besides 'pass' for PHP 5.6 compatibility</li>
+</ul>
+<h4>Task</h4>
+<ul>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10839">PHPBB3-10839</a>] - Remove phpunit.xml.functional and always include functional tests</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11509">PHPBB3-11509</a>] - Travis should check commit message format</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11876">PHPBB3-11876</a>] - Upgrade package checksums from MD5 to SHA256</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11877">PHPBB3-11877</a>] - Create package download links and checksums for announcement via script</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11920">PHPBB3-11920</a>] - Add MariaDB tests to Travis-CI</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11951">PHPBB3-11951</a>] - Add MariaDB to supported RDBMS list</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11970">PHPBB3-11970</a>] - Use 'set -x' in Travis CI setup scripts</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12046">PHPBB3-12046</a>] - Use PHP_BINARY environment variable in lint unit test</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12056">PHPBB3-12056</a>] - Make sure each unit test runs on its own</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12147">PHPBB3-12147</a>] - Remove Travis CI notification configuration</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12302">PHPBB3-12302</a>] - Upgrade composer.phar to 1.0.0-alpha8</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12318">PHPBB3-12318</a>] - Correctly setup HHVM functional tests on Travis CI</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12319">PHPBB3-12319</a>] - Backport Travis CI HHVM environment enabling to develop-olympus.</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12320">PHPBB3-12320</a>] - No longer allow Travis CI HHVM environment to fail</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12341">PHPBB3-12341</a>] - Add tests for get_username_string()</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12384">PHPBB3-12384</a>] - Run Travis CI HHVM tests against MySQLi instead of MySQL</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12417">PHPBB3-12417</a>] - hhvm-nightly 2014.04.16~precise breaks tests</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12495">PHPBB3-12495</a>] - Add Sami to composer dependencies and build script</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12582">PHPBB3-12582</a>] - Strip away copyrighted ICC profile from images</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12917">PHPBB3-12917</a>] - Move commit check and file executable checks to 5.3.3 build on travis</li>
+<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13324">PHPBB3-13324</a>] - Composer no longer downloads sami/sami and fabpot/goutte</li>
+</ul>
+
+	<a name="v3011"></a><h3>Changes since 3.0.11</h3>

 <h4>Bug</h4>
 <ul>
@@ -248,7 +425,7 @@
 <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11753">PHPBB3-11753</a>] - Upgrade mysql_upgrader.php schema data.</li>
 </ul>

-	<a name="v3010"></a><h3>1.ii. Changes since 3.0.10</h3>
+	<a name="v3010"></a><h3>Changes since 3.0.10</h3>

 <h4>Bug</h4>
 <ul>
@@ -373,7 +550,7 @@
 <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10909">PHPBB3-10909</a>] - Update Travis Test Configuration: Travis no longer supports PHP 5.3.2</li>
 </ul>

-	<a name="v309"></a><h3>1.iii. Changes since 3.0.9</h3>
+	<a name="v309"></a><h3>Changes since 3.0.9</h3>

 <h4>Bug</h4>
 <ul>
@@ -509,7 +686,7 @@
 <li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10480">PHPBB3-10480</a>] - Automate changelog building</li>
 </ul>

-	<a name="v308"></a><h3>1.iv. Changes since 3.0.8</h3>
+	<a name="v308"></a><h3>Changes since 3.0.8</h3>

 <h4>        Bug
 </h4>
@@ -574,7 +751,7 @@
 </li>
 <li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9924'>PHPBB3-9924</a>] -         $template-&gt;display hook does not pass $template instance
 </li>
-<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9925'>PHPBB3-9925</a>] -         prosilver logo margin bug in IE 6-7-8 
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9925'>PHPBB3-9925</a>] -         prosilver logo margin bug in IE 6-7-8
 </li>
 <li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9928'>PHPBB3-9928</a>] -         Do not link &quot;login to your board&quot; to the &quot;send statistics&quot; page after completed update.
 </li>
@@ -582,7 +759,7 @@
 </li>
 <li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9932'>PHPBB3-9932</a>] -         The Bing bot is not added when converting.
 </li>
-<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9933'>PHPBB3-9933</a>] -         Wrong handling of consecutive multiple asterisks in word censor 
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9933'>PHPBB3-9933</a>] -         Wrong handling of consecutive multiple asterisks in word censor
 </li>
 <li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9934'>PHPBB3-9934</a>] -         Mass Mail missing under the system tab on a fresh install
 </li>
@@ -594,7 +771,7 @@
 </li>
 <li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9948'>PHPBB3-9948</a>] -         Inline quicktime files won&#39;t display
 </li>
-<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9949'>PHPBB3-9949</a>] -         $user-&gt;lang() is not handling arguments as per documentation 
+<li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9949'>PHPBB3-9949</a>] -         $user-&gt;lang() is not handling arguments as per documentation
 </li>
 <li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-9950'>PHPBB3-9950</a>] -         Problem with localized button images after uprading from 3.0.7-PL1 to 3.0.8
 </li>
@@ -757,7 +934,7 @@
 <li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10250'>PHPBB3-10250</a>] -         phpBB Logo needs the Registered Trademark Symbol
 </li>
 </ul>
-    
+
 <h4>        Improvement
 </h4>
 <ul>
@@ -814,7 +991,7 @@
 <li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10186'>PHPBB3-10186</a>] -         UCP signature panel displays when not authed for signatures
 </li>
 </ul>
-    
+
 <h4>        New Feature
 </h4>
 <ul>
@@ -825,7 +1002,7 @@
 <li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10110'>PHPBB3-10110</a>] -         Redis caching module
 </li>
 </ul>
-    
+
 <h4>        Task
 </h4>
 <ul>
@@ -864,7 +1041,7 @@
 <li>[<a href='http://tracker.phpbb.com/browse/PHPBB3-10107'>PHPBB3-10107</a>] -         Improve docs for non-apache webserver configuration
 </li>
 </ul>
-    
+
 <h4>        Sub-task
 </h4>
 <ul>
@@ -877,7 +1054,7 @@
 </ul>


-	<a name="v307-PL1"></a><h3>1.v. Changes since 3.0.7-PL1</h3>
+	<a name="v307-PL1"></a><h3>Changes since 3.0.7-PL1</h3>
 <h4>        Security
 </h4>
 <ul>
@@ -1335,13 +1512,13 @@
 </ul>


-	<a name="v307"></a><h3>1.vi. Changes since 3.0.7</h3>
+	<a name="v307"></a><h3>Changes since 3.0.7</h3>

 	<ul>
 		<li>[Sec] Do not expose forum content of forums with ACL entries but no actual permission in ATOM Feeds. (Bug #58595)</li>
 	</ul>

-	<a name="v306"></a><h3>1.vii. Changes since 3.0.6</h3>
+	<a name="v306"></a><h3>Changes since 3.0.6</h3>

 	<ul>
 		<li>[Fix] Allow ban reason and length to be selected and copied in ACP and subsilver2 MCP. (Bug #51095)</li>
@@ -1445,7 +1622,7 @@

 	</ul>

-	<a name="v305"></a><h3>1.viii. Changes since 3.0.5</h3>
+	<a name="v305"></a><h3>Changes since 3.0.5</h3>

 	<ul>
 		<li>[Fix] Allow whitespaces in avatar gallery names. (Bug #44955)</li>
@@ -1667,7 +1844,7 @@
 		<li>[Feature] Send anonymous statistical information to phpBB on installation and update (optional).</li>
 	</ul>

-	<a name="v304"></a><h3>1.ix. Changes since 3.0.4</h3>
+	<a name="v304"></a><h3>Changes since 3.0.4</h3>

 	<ul>
 		<li>[Fix] Delete user entry from ban list table upon user deletion (Bug #40015 - Patch by TerraFrost)</li>
@@ -1756,7 +1933,7 @@
 		<li>[Sec] Only use forum id supplied for posting if global announcement detected. (Reported by nickvergessen)</li>
 	</ul>

-	<a name="v303"></a><h3>1.x. Changes since 3.0.3</h3>
+	<a name="v303"></a><h3>Changes since 3.0.3</h3>

 	<ul>
 		<li>[Fix] Allow mixed-case template directories to be inherited (Bug #36725)</li>
@@ -1788,7 +1965,7 @@
 		<li>[Sec] Ask for forum password if post within passworded forum quoted in private message. (Reported by nickvergessen)</li>
 	</ul>

-	<a name="v302"></a><h3>1.xi. Changes since 3.0.2</h3>
+	<a name="v302"></a><h3>Changes since 3.0.2</h3>

 	<ul>
 		<li>[Fix] Correctly set topic starter if first post in topic removed (Bug #30575 - Patch by blueray2048)</li>
@@ -1887,7 +2064,7 @@
 		<li>[Sec Precaution] Stricter validation of the HTTP_HOST header (Thanks to Techie-Micheal et al for pointing out possible issues in derived code)</li>
 	</ul>

-	<a name="v301"></a><h3>1.xii. Changes since 3.0.1</h3>
+	<a name="v301"></a><h3>Changes since 3.0.1</h3>

 	<ul>
 		<li>[Fix] Ability to set permissions on non-mysql dbms (Bug #24955)</li>
@@ -1935,7 +2112,7 @@
 		<li>[Sec] Only allow urls gone through redirect() being used within login_box(). (thanks nookieman)</li>
 	</ul>

-	<a name="v300"></a><h3>1.xiii Changes since 3.0.0</h3>
+	<a name="v300"></a><h3>Changes since 3.0.0</h3>

 	<ul>
 		<li>[Change] Validate birthdays (Bug #15004)</li>
@@ -2006,7 +2183,7 @@
 		<li>[Fix] Find and display colliding usernames correctly when converting from one database to another (Bug #23925)</li>
 	</ul>

-	<a name="v30rc8"></a><h3>1.xiv. Changes since 3.0.RC8</h3>
+	<a name="v30rc8"></a><h3>Changes since 3.0.RC8</h3>

 	<ul>
 		<li>[Fix] Cleaned usernames contain only single spaces, so &quot;a_name&quot; and &quot;a__name&quot; are treated as the same name (Bug #15634)</li>
@@ -2015,7 +2192,7 @@
 		<li>[Fix] Call garbage_collection() within database updater to correctly close connections (affects Oracle for example)</li>
 	</ul>

-	<a name="v30rc7"></a><h3>1.xv. Changes since 3.0.RC7</h3>
+	<a name="v30rc7"></a><h3>Changes since 3.0.RC7</h3>

 	<ul>
 		<li>[Fix] Fixed MSSQL related bug in the update system</li>
@@ -2050,7 +2227,7 @@
 		<li>[Fix] No duplication of active topics (Bug #15474)</li>
 	</ul>

-	<a name="v30rc6"></a><h3>1.xvi. Changes since 3.0.RC6</h3>
+	<a name="v30rc6"></a><h3>Changes since 3.0.RC6</h3>

 	<ul>
 		<li>[Fix] Submitting language changes using acp_language (Bug #14736)</li>
@@ -2060,7 +2237,7 @@
 		<li>[Fix] Able to request new password (Bug #14743)</li>
 	</ul>

-	<a name="v30rc5"></a><h3>1.xvii. Changes since 3.0.RC5</h3>
+	<a name="v30rc5"></a><h3>Changes since 3.0.RC5</h3>

 	<ul>
 		<li>[Feature] Removing constant PHPBB_EMBEDDED in favor of using an exit_handler(); the constant was meant to achive this more or less.</li>
@@ -2123,7 +2300,7 @@
 		<li>[Sec] New password hashing mechanism for storing passwords (#i42)</li>
 	</ul>

-	<a name="v30rc4"></a><h3>1.xviii. Changes since 3.0.RC4</h3>
+	<a name="v30rc4"></a><h3>Changes since 3.0.RC4</h3>

 	<ul>
 		<li>[Fix] MySQL, PostgreSQL and SQLite related database fixes (Bug #13862)</li>
@@ -2174,7 +2351,7 @@
 		<li>[Fix] odbc_autocommit causing existing result sets to be dropped (Bug #14182)</li>
 	</ul>

-	<a name="v30rc3"></a><h3>1.xix. Changes since 3.0.RC3</h3>
+	<a name="v30rc3"></a><h3>Changes since 3.0.RC3</h3>

 	<ul>
 		<li>[Fix] Fixing some subsilver2 and prosilver style issues</li>
@@ -2283,7 +2460,7 @@

 	</ul>

-	<a name="v30rc2"></a><h3>1.xx. Changes since 3.0.RC2</h3>
+	<a name="v30rc2"></a><h3>Changes since 3.0.RC2</h3>

 	<ul>
 		<li>[Fix] Re-allow searching within the memberlist</li>
@@ -2329,7 +2506,7 @@

 	</ul>

-	<a name="v30rc1"></a><h3>1.xxi. Changes since 3.0.RC1</h3>
+	<a name="v30rc1"></a><h3>Changes since 3.0.RC1</h3>

 	<ul>
 		<li>[Fix] (X)HTML issues within the templates (Bug #11255, #11255)</li>
--- a/phpBB/docs/INSTALL.html
+++ b/phpBB/docs/INSTALL.html
@@ -276,7 +276,7 @@

 	<p>This package is meant for those wanting to only replace the files that were changed between a previous version and the latest version.</p>

-	<p>This package contains a number of archives, each contains the files changed from a given release to the latest version. You should select the appropriate archive for your current version, e.g. if you currently have <strong>3.0.11</strong> you should select the appropriate <code>phpBB-3.0.12-files.zip/tar.bz2</code> file.</p>
+	<p>This package contains a number of archives, each contains the files changed from a given release to the latest version. You should select the appropriate archive for your current version, e.g. if you currently have <strong>3.0.13</strong> you should select the appropriate <code>phpBB-3.0.14-files.zip/tar.bz2</code> file.</p>

 	<p>The directory structure has been preserved, enabling you (if you wish) to simply upload the uncompressed contents of the archive to the appropriate location on your server, i.e. simply overwrite the existing files with the new versions. Do not forget that if you have installed any modifications (MODs) these files will overwrite the originals, possibly destroying them in the process. You will need to re-add MODs to any affected file before uploading.</p>

@@ -288,7 +288,7 @@

 	<p>The patch file is one solution for those with many Modifications (MODs) or other changes and do not want to re-add them back to all the changed files. To use this you will need command line access to a standard UNIX type <strong>patch</strong> application. If you do not have access to such an application, but still want to use this update approach, we strongly recommend the <a href="#update_auto">Automatic update package</a> explained below. It is also the recommended update method.</p>

-	<p>A number of patch files are provided to allow you to update from previous stable releases. Select the correct patch, e.g. if your current version is <strong>3.0.11</strong>, you need the <code>phpBB-3.0.12-patch.zip/tar.bz2</code> file. Place the correct patch in the parent directory containing the phpBB core files (i.e. index.php, viewforum.php, etc.). With this done you should run the following command: <code>patch -cl -d [PHPBB DIRECTORY] -p1 &lt; [PATCH NAME]</code> (where PHPBB DIRECTORY is the directory name your phpBB Installation resides in, for example phpBB, and where PATCH NAME is the relevant filename of the selected patch file). This should complete quickly, hopefully without any HUNK FAILED comments.</p>
+	<p>A number of patch files are provided to allow you to update from previous stable releases. Select the correct patch, e.g. if your current version is <strong>3.0.13</strong>, you need the <code>phpBB-3.0.14-patch.zip/tar.bz2</code> file. Place the correct patch in the parent directory containing the phpBB core files (i.e. index.php, viewforum.php, etc.). With this done you should run the following command: <code>patch -cl -d [PHPBB DIRECTORY] -p1 &lt; [PATCH NAME]</code> (where PHPBB DIRECTORY is the directory name your phpBB Installation resides in, for example phpBB, and where PATCH NAME is the relevant filename of the selected patch file). This should complete quickly, hopefully without any HUNK FAILED comments.</p>

 	<p>If you do get failures, you should look at using the <a href="#update_files">Changed Files</a> package to replace the files which failed to patch. Please note that you will need to manually re-add any MODs to these particular files. Alternatively, if you know how, you can examine the .rej files to determine what failed where and make manual adjustments to the relevant source.</p>

@@ -298,7 +298,7 @@

 	<p>This update method is the recommended method for updating. This package detects changed files automatically and merges in changes if needed.</p>

-	<p>The automatic update package will update the board from a given version to the latest version. A number of automatic update files are available, and you should choose the one that corresponds to the version of the board that you are currently running. For example, if your current version is <strong>3.0.11</strong>, you need the <code>phpBB-3.0.11_to_3.0.12.zip/tar.bz2</code> file.</p>
+	<p>The automatic update package will update the board from a given version to the latest version. A number of automatic update files are available, and you should choose the one that corresponds to the version of the board that you are currently running. For example, if your current version is <strong>3.0.13</strong>, you need the <code>phpBB-3.0.13_to_3.0.14.zip/tar.bz2</code> file.</p>

 	<p>To perform the update, either follow the instructions from the <strong>Administration Control Panel-&gt;System</strong> Tab - this should point out that you are running an outdated version and will guide you through the update - or follow the instructions listed below.</p>

--- a/phpBB/download/file.php
+++ b/phpBB/download/file.php
@@ -509,16 +509,18 @@ function send_file_to_browser($attachment, $upload_dir, $category)
 		}
 	}

-	if ($size)
-	{
-		header("Content-Length: $size");
-	}
-
 	// Close the db connection before sending the file
 	$db->sql_close();

 	if (!set_modified_headers($attachment['filetime'], $user->browser))
 	{
+		// Send Content-Length only if set_modified_headers() does not send
+		// status 304 - Not Modified
+		if ($size)
+		{
+			header("Content-Length: $size");
+		}
+
 		// Try to deliver in chunks
 		@set_time_limit(0);

--- a/phpBB/feed.php
+++ b/phpBB/feed.php
@@ -464,6 +464,9 @@ class phpbb_feed_base
 	*/
 	var $separator_stats = "\xE2\x80\x94"; // &mdash;

+	/** @var mixed Query result handle */
+	var $result;
+
 	/**
 	* Constructor
 	*/
@@ -617,10 +620,9 @@ class phpbb_feed_base

 	function get_item()
 	{
-		global $db, $cache;
-		static $result;
+		global $db;

-		if (!isset($result))
+		if (!isset($this->result))
 		{
 			if (!$this->get_sql())
 			{
@@ -629,10 +631,10 @@ class phpbb_feed_base

 			// Query database
 			$sql = $db->sql_build_query('SELECT', $this->sql);
-			$result = $db->sql_query_limit($sql, $this->num_items);
+			$this->result = $db->sql_query_limit($sql, $this->num_items);
 		}

-		return $db->sql_fetchrow($result);
+		return $db->sql_fetchrow($this->result);
 	}

 	function user_viewprofile($row)
--- a/phpBB/includes/acp/acp_attachments.php
+++ b/phpBB/includes/acp/acp_attachments.php
@@ -127,7 +127,7 @@ class acp_attachments
 						'img_create_thumbnail'		=> array('lang' => 'CREATE_THUMBNAIL',		'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
 						'img_max_thumb_width'		=> array('lang' => 'MAX_THUMB_WIDTH',		'validate' => 'int',	'type' => 'text:7:15', 'explain' => true, 'append' => ' ' . $user->lang['PIXEL']),
 						'img_min_thumb_filesize'	=> array('lang' => 'MIN_THUMB_FILESIZE',	'validate' => 'int',	'type' => 'text:7:15', 'explain' => true, 'append' => ' ' . $user->lang['BYTES']),
-						'img_imagick'				=> array('lang' => 'IMAGICK_PATH',			'validate' => 'string',	'type' => 'text:20:200', 'explain' => true, 'append' => '&nbsp;&nbsp;<span>[ <a href="' . $this->u_action . '&amp;action=imgmagick">' . $user->lang['SEARCH_IMAGICK'] . '</a> ]</span>'),
+						'img_imagick'				=> array('lang' => 'IMAGICK_PATH',			'validate' => 'absolute_path',	'type' => 'text:20:200', 'explain' => true, 'append' => '&nbsp;&nbsp;<span>[ <a href="' . $this->u_action . '&amp;action=imgmagick">' . $user->lang['SEARCH_IMAGICK'] . '</a> ]</span>'),
 						'img_max'					=> array('lang' => 'MAX_IMAGE_SIZE',		'validate' => 'int',	'type' => 'dimension:3:4', 'explain' => true, 'append' => ' ' . $user->lang['PIXEL']),
 						'img_link'					=> array('lang' => 'IMAGE_LINK_SIZE',		'validate' => 'int',	'type' => 'dimension:3:4', 'explain' => true, 'append' => ' ' . $user->lang['PIXEL']),
 					)
--- a/phpBB/includes/acp/acp_update.php
+++ b/phpBB/includes/acp/acp_update.php
@@ -34,10 +34,7 @@ class acp_update
 		$this->page_title = 'ACP_VERSION_CHECK';

 		// Get current and latest version
-		$errstr = '';
-		$errno = 0;
-
-		$info = obtain_latest_version_info(request_var('versioncheck_force', false));
+		$info = htmlspecialchars(obtain_latest_version_info(request_var('versioncheck_force', false)));

 		if (empty($info))
 		{
--- a/phpBB/includes/bbcode.php
+++ b/phpBB/includes/bbcode.php
@@ -135,6 +135,11 @@ class bbcode
 			$this->template_bitfield = new bitfield($user->theme['bbcode_bitfield']);
 			$this->template_filename = $phpbb_root_path . 'styles/' . $user->theme['template_path'] . '/template/bbcode.html';

+			if (empty($user->theme['template_inherits_id']) && !empty($template->orig_tpl_inherits_id))
+			{
+				$user->theme['template_inherits_id'] = $template->orig_tpl_inherits_id;
+			}
+
 			if (!@file_exists($this->template_filename))
 			{
 				if (isset($user->theme['template_inherits_id']) && $user->theme['template_inherits_id'])
--- a/phpBB/includes/constants.php
+++ b/phpBB/includes/constants.php
@@ -25,7 +25,7 @@ if (!defined('IN_PHPBB'))
 */

 // phpBB Version
-define('PHPBB_VERSION', '3.0.13-dev');
+define('PHPBB_VERSION', '3.0.15-dev');

 // QA-related
 // define('PHPBB_QA', 1);
--- a/phpBB/includes/functions.php
+++ b/phpBB/includes/functions.php
@@ -2492,7 +2492,7 @@ function redirect($url, $return = false, $disable_cd_check = false)
 		// Attention: only able to redirect within the same domain if $disable_cd_check is false (yourdomain.com -> www.yourdomain.com will not work)
 		if (!$disable_cd_check && $url_parts['host'] !== $user->host)
 		{
-			$url = generate_board_url();
+			trigger_error('Tried to redirect to potentially insecure url.', E_USER_ERROR);
 		}
 	}
 	else if ($url[0] == '/')
@@ -2579,6 +2579,12 @@ function redirect($url, $return = false, $disable_cd_check = false)
 		}
 	}

+	// Make sure we don't redirect to external URLs
+	if (!$disable_cd_check && strpos($url, generate_board_url(true) . '/') !== 0)
+	{
+		trigger_error('Tried to redirect to potentially insecure url.', E_USER_ERROR);
+	}
+
 	// Make sure no linebreaks are there... to prevent http response splitting for PHP < 4.4.2
 	if (strpos(urldecode($url), "\n") !== false || strpos(urldecode($url), "\r") !== false || strpos($url, ';') !== false)
 	{
@@ -2782,7 +2788,7 @@ function send_status_line($code, $message)
 	}
 	else
 	{
-		if (!empty($_SERVER['SERVER_PROTOCOL']))
+		if (!empty($_SERVER['SERVER_PROTOCOL']) && is_string($_SERVER['SERVER_PROTOCOL']) && preg_match('#^HTTP/[0-9]\.[0-9]$#', $_SERVER['SERVER_PROTOCOL']))
 		{
 			$version = $_SERVER['SERVER_PROTOCOL'];
 		}
--- a/phpBB/includes/search/fulltext_native.php
+++ b/phpBB/includes/search/fulltext_native.php
@@ -204,7 +204,7 @@ class fulltext_native extends search_backend
 		$this->search_query = $keywords;

 		$exact_words = array();
-		preg_match_all('#([^\\s+\\-|*()]+)(?:$|[\\s+\\-|()])#u', $keywords, $exact_words);
+		preg_match_all('#([^\\s+\\-|()]+)(?:$|[\\s+\\-|()])#u', $keywords, $exact_words);
 		$exact_words = $exact_words[1];

 		$common_ids = $words = array();
--- a/phpBB/includes/session.php
+++ b/phpBB/includes/session.php
@@ -121,6 +121,8 @@ class session
 		$script_path .= (substr($script_path, -1, 1) == '/') ? '' : '/';
 		$root_script_path .= (substr($root_script_path, -1, 1) == '/') ? '' : '/';

+		$forum_id = (isset($_REQUEST['f']) && $_REQUEST['f'] > 0 && $_REQUEST['f'] < 16777215) ? (int) $_REQUEST['f'] : 0;
+
 		$page_array += array(
 			'page_name'			=> $page_name,
 			'page_dir'			=> $page_dir,
@@ -130,7 +132,7 @@ class session
 			'root_script_path'	=> str_replace(' ', '%20', htmlspecialchars($root_script_path)),

 			'page'				=> $page,
-			'forum'				=> (isset($_REQUEST['f']) && $_REQUEST['f'] > 0) ? (int) $_REQUEST['f'] : 0,
+			'forum'				=> $forum_id,
 		);

 		return $page_array;
@@ -1049,7 +1051,7 @@ class session

 		$name_data = rawurlencode($config['cookie_name'] . '_' . $name) . '=' . rawurlencode($cookiedata);
 		$expire = gmdate('D, d-M-Y H:i:s \\G\\M\\T', $cookietime);
-		$domain = (!$config['cookie_domain'] || $config['cookie_domain'] == 'localhost' || $config['cookie_domain'] == '127.0.0.1') ? '' : '; domain=' . $config['cookie_domain'];
+		$domain = (!$config['cookie_domain'] || $config['cookie_domain'] == '127.0.0.1' || strpos($config['cookie_domain'], '.') === false) ? '' : '; domain=' . $config['cookie_domain'];

 		header('Set-Cookie: ' . $name_data . (($cookietime) ? '; expires=' . $expire : '') . '; path=' . $config['cookie_path'] . $domain . ((!$config['cookie_secure']) ? '' : '; secure') . '; HttpOnly', false);
 	}
--- a/phpBB/includes/startup.php
+++ b/phpBB/includes/startup.php
@@ -80,31 +80,13 @@ function deregister_globals()
 	{
 		if (isset($not_unset[$varname]))
 		{
-			// Hacking attempt. No point in continuing unless it's a COOKIE (so a cookie called GLOBALS doesn't lock users out completely)
-			if ($varname !== 'GLOBALS' || isset($_GET['GLOBALS']) || isset($_POST['GLOBALS']) || isset($_SERVER['GLOBALS']) || isset($_SESSION['GLOBALS']) || isset($_ENV['GLOBALS']) || isset($_FILES['GLOBALS']))
+			// Hacking attempt. No point in continuing.
+			if (isset($_COOKIE[$varname]))
 			{
-				exit;
-			}
-			else
-			{
-				$cookie = &$_COOKIE;
-				while (isset($cookie['GLOBALS']))
-				{
-					if (!is_array($cookie['GLOBALS']))
-					{
-						break;
-					}
-
-					foreach ($cookie['GLOBALS'] as $registered_var => $value)
-					{
-						if (!isset($not_unset[$registered_var]))
-						{
-							unset($GLOBALS[$registered_var]);
-						}
-					}
-					$cookie = &$cookie['GLOBALS'];
-				}
+				echo "Clear your cookies. ";
 			}
+			echo "Malicious variable name detected. Contact the administrator and ask them to disable register_globals.";
+			exit;
 		}

 		unset($GLOBALS[$varname]);
@@ -113,6 +95,54 @@ function deregister_globals()
 	unset($input);
 }

+/**
+ * Check if requested page uses a trailing path
+ *
+ * @param string $phpEx PHP extension
+ *
+ * @return bool True if trailing path is used, false if not
+ */
+function phpbb_has_trailing_path($phpEx)
+{
+	// Check if path_info is being used
+	if (!empty($_SERVER['PATH_INFO']) || (!empty($_SERVER['ORIG_PATH_INFO']) && $_SERVER['SCRIPT_NAME'] != $_SERVER['ORIG_PATH_INFO']))
+	{
+		return true;
+	}
+
+	// Match any trailing path appended to a php script in the REQUEST_URI.
+	// It is assumed that only actual PHP scripts use names like foo.php. Due
+	// to this, any phpBB board inside a directory that has the php extension
+	// appended to its name will stop working, i.e. if the board is at
+	// example.com/phpBB/test.php/ or example.com/test.php/
+	if (preg_match('#^[^?]+\.' . preg_quote($phpEx, '#') . '/#', $_SERVER['REQUEST_URI']))
+	{
+		return true;
+	}
+
+	return false;
+}
+
+// Check if trailing path is used
+if (phpbb_has_trailing_path($phpEx))
+{
+	if (substr(strtolower(@php_sapi_name()), 0, 3) === 'cgi')
+	{
+		$prefix = 'Status:';
+	}
+	else if (!empty($_SERVER['SERVER_PROTOCOL']) && is_string($_SERVER['SERVER_PROTOCOL']) && preg_match('#^HTTP/[0-9]\.[0-9]$#', $_SERVER['SERVER_PROTOCOL']))
+	{
+		$prefix = $_SERVER['SERVER_PROTOCOL'];
+	}
+	else
+	{
+		$prefix = 'HTTP/1.0';
+	}
+	header("$prefix 404 Not Found", true, 404);
+	echo 'Trailing paths and PATH_INFO is not supported by phpBB 3.0';
+	exit;
+}
+
 // Register globals and magic quotes have been dropped in PHP 5.4
 if (version_compare(PHP_VERSION, '5.4.0-dev', '>='))
 {
--- a/phpBB/includes/ucp/ucp_pm_compose.php
+++ b/phpBB/includes/ucp/ucp_pm_compose.php
@@ -57,7 +57,6 @@ function compose_pm($id, $mode, $action, $user_folders = array())
 		$address_list = array();
 	}

-	$submit		= (isset($_POST['post'])) ? true : false;
 	$preview	= (isset($_POST['preview'])) ? true : false;
 	$save		= (isset($_POST['save'])) ? true : false;
 	$load		= (isset($_POST['load'])) ? true : false;
@@ -71,6 +70,7 @@ function compose_pm($id, $mode, $action, $user_folders = array())

 	$refresh	= isset($_POST['add_file']) || isset($_POST['delete_file']) || $save || $load
 		|| $remove_u || $remove_g || $add_to || $add_bcc;
+	$submit = isset($_POST['post']) && !$refresh && !$preview;

 	$action		= ($delete && !$preview && !$refresh && $submit) ? 'delete' : $action;
 	$select_single = ($config['allow_mass_pm'] && $auth->acl_get('u_masspm')) ? false : true;
--- a/phpBB/includes/ucp/ucp_pm_options.php
+++ b/phpBB/includes/ucp/ucp_pm_options.php
@@ -29,7 +29,11 @@ function message_options($id, $mode, $global_privmsgs_rules, $global_rule_condit
 	// Change "full folder" setting - what to do if folder is full
 	if (isset($_POST['fullfolder']))
 	{
-		check_form_key('ucp_pm_options', $config['form_token_lifetime'], $redirect_url);
+		if (!check_form_key('ucp_pm_options'))
+		{
+			trigger_error('FORM_INVALID');
+		}
+
 		$full_action = request_var('full_action', 0);

 		$set_folder_id = 0;
--- a/phpBB/install/convertors/convert_phpbb20.php
+++ b/phpBB/install/convertors/convert_phpbb20.php
@@ -32,7 +32,7 @@ unset($dbpasswd);
 $convertor_data = array(
 	'forum_name'	=> 'phpBB 2.0.x',
 	'version'		=> '1.0.3',
-	'phpbb_version'	=> '3.0.12',
+	'phpbb_version'	=> '3.0.14',
 	'author'		=> '<a href="https://www.phpbb.com/">phpBB Group</a>',
 	'dbms'			=> $dbms,
 	'dbhost'		=> $dbhost,
--- a/phpBB/install/database_update.php
+++ b/phpBB/install/database_update.php
@@ -8,7 +8,7 @@
 *
 */

-define('UPDATES_TO_VERSION', '3.0.13-dev');
+define('UPDATES_TO_VERSION', '3.0.15-dev');

 // Enter any version to update from to test updates. The version within the db will not be updated.
 define('DEBUG_FROM_VERSION', false);
@@ -949,7 +949,7 @@ function database_update_info()
 						// this column was removed from the database updater
 						// after 3.0.9-RC3 was released. It might still exist
 						// in 3.0.9-RCX installations and has to be dropped in
-						// 3.0.13 after the db_tools class is capable of properly
+						// 3.0.15 after the db_tools class is capable of properly
 						// removing a primary key.
 						// 'attempt_id'			=> array('UINT', NULL, 'auto_increment'),
 						'attempt_ip'			=> array('VCHAR:40', ''),
@@ -1011,8 +1011,16 @@ function database_update_info()
 		'3.0.12-RC2'	=> array(),
 		// No changes from 3.0.12-RC3 to 3.0.12
 		'3.0.12-RC3'	=> array(),
+		// No changes from 3.0.12 to 3.0.13-RC1
+		'3.0.12'		=> array(),
+		// No changes from 3.0.13-RC1 to 3.0.13
+		'3.0.13-RC1'	=> array(),
+		// No changes from 3.0.13 to 3.0.13-PL1
+		'3.0.13'		=> array(),
+		// No changes from 3.0.13-PL1 to 3.0.14-RC1
+		'3.0.13-PL1'	=> array(),

-		/** @todo DROP LOGIN_ATTEMPT_TABLE.attempt_id in 3.0.13-RC1 */
+		/** @todo DROP LOGIN_ATTEMPT_TABLE.attempt_id in 3.0.15-RC1 */
 	);
 }

@@ -2254,6 +2262,22 @@ function change_database_data(&$no_updates, $version)
 		// No changes from 3.0.12-RC3 to 3.0.12
 		case '3.0.12-RC3':
 		break;
+
+		// No changes from 3.0.12 to 3.0.13-RC1
+		case '3.0.12':
+		break;
+
+		// No changes from 3.0.13-RC1 to 3.0.13
+		case '3.0.13-RC1':
+		break;
+
+		// No changes from 3.0.13 to 3.0.13-PL1
+		case '3.0.13':
+		break;
+
+		// No changes from 3.0.13-PL1 to 3.0.14-RC1
+		case '3.0.13-PL1':
+		break;
 	}
 }

--- a/phpBB/install/schemas/schema_data.sql
+++ b/phpBB/install/schemas/schema_data.sql
@@ -246,7 +246,7 @@ INSERT INTO phpbb_config (config_name, config_value) VALUES ('topics_per_page',
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('tpl_allow_php', '0');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('upload_icons_path', 'images/upload_icons');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('upload_path', 'files');
-INSERT INTO phpbb_config (config_name, config_value) VALUES ('version', '3.0.13-dev');
+INSERT INTO phpbb_config (config_name, config_value) VALUES ('version', '3.0.15-dev');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('warnings_expire_days', '90');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('warnings_gc', '14400');

--- a/phpBB/posting.php
+++ b/phpBB/posting.php
@@ -32,7 +32,6 @@ $forum_id	= request_var('f', 0);
 $draft_id	= request_var('d', 0);
 $lastclick	= request_var('lastclick', 0);

-$submit		= (isset($_POST['post'])) ? true : false;
 $preview	= (isset($_POST['preview'])) ? true : false;
 $save		= (isset($_POST['save'])) ? true : false;
 $load		= (isset($_POST['load'])) ? true : false;
@@ -40,6 +39,7 @@ $delete		= (isset($_POST['delete'])) ? true : false;
 $cancel		= (isset($_POST['cancel']) && !isset($_POST['save'])) ? true : false;

 $refresh	= (isset($_POST['add_file']) || isset($_POST['delete_file']) || isset($_POST['full_editor']) || isset($_POST['cancel_unglobalise']) || $save || $load) ? true : false;
+$submit = isset($_POST['post']) && !$refresh && !$preview;
 $mode		= ($delete && !$preview && !$refresh && $submit) ? 'delete' : request_var('mode', '');

 $error = $post_data = array();
@@ -1222,9 +1222,13 @@ if (!sizeof($error) && $preview)
 			'L_MAX_VOTES'		=> ($post_data['poll_max_options'] == 1) ? $user->lang['MAX_OPTION_SELECT'] : sprintf($user->lang['MAX_OPTIONS_SELECT'], $post_data['poll_max_options']))
 		);

-		$parse_poll->message = implode("\n", $post_data['poll_options']);
-		$parse_poll->format_display($post_data['enable_bbcode'], $post_data['enable_urls'], $post_data['enable_smilies']);
-		$preview_poll_options = explode('<br />', $parse_poll->message);
+		$preview_poll_options = array();
+		foreach ($post_data['poll_options'] as $poll_option)
+		{
+			$parse_poll->message = $poll_option;
+			$parse_poll->format_display($post_data['enable_bbcode'], $post_data['enable_urls'], $post_data['enable_smilies']);
+			$preview_poll_options[] = $parse_poll->message;
+		}
 		unset($parse_poll);

 		foreach ($preview_poll_options as $key => $option)
--- a/phpBB/styles/prosilver/imageset/imageset.cfg
+++ b/phpBB/styles/prosilver/imageset/imageset.cfg
@@ -19,7 +19,7 @@
 # General Information about this style
 name = prosilver
 copyright = &copy; phpBB Group, 2007
-version = 3.0.12
+version = 3.0.14

 # Images
 img_site_logo = site_logo.gif*52*139
--- a/phpBB/styles/prosilver/style.cfg
+++ b/phpBB/styles/prosilver/style.cfg
@@ -19,4 +19,4 @@
 # General Information about this style
 name = prosilver
 copyright = © phpBB Group, 2007
-version = 3.0.12
+version = 3.0.14
--- a/phpBB/styles/prosilver/template/forumlist_body.html
+++ b/phpBB/styles/prosilver/template/forumlist_body.html
@@ -47,6 +47,8 @@
 						<!-- IF forumrow.LAST_POST_TIME --><dfn>{L_LAST_POST}</dfn> {L_POST_BY_AUTHOR} {forumrow.LAST_POSTER_FULL}
 						<!-- IF not S_IS_BOT --><a href="{forumrow.U_LAST_POST}">{LAST_POST_IMG}</a> <!-- ENDIF --><br />{forumrow.LAST_POST_TIME}<!-- ELSE -->{L_NO_POSTS}<br />&nbsp;<!-- ENDIF --></span>
 					</dd>
+				<!-- ELSE -->
+					<dd>&nbsp;</dd>
 				<!-- ENDIF -->
 			</dl>
 		</li>
--- a/phpBB/styles/prosilver/template/template.cfg
+++ b/phpBB/styles/prosilver/template/template.cfg
@@ -19,7 +19,7 @@
 # General Information about this template
 name = prosilver
 copyright = &copy; phpBB Group, 2007
-version = 3.0.12
+version = 3.0.14

 # Defining a different template bitfield
 template_bitfield = lNg=
--- a/phpBB/styles/prosilver/theme/theme.cfg
+++ b/phpBB/styles/prosilver/theme/theme.cfg
@@ -21,7 +21,7 @@
 # General Information about this theme
 name = prosilver
 copyright = &copy; phpBB Group, 2007
-version = 3.0.12
+version = 3.0.14

 # Some configuration options

--- a/phpBB/styles/subsilver2/imageset/imageset.cfg
+++ b/phpBB/styles/subsilver2/imageset/imageset.cfg
@@ -19,7 +19,7 @@
 # General Information about this style
 name = subsilver2
 copyright = &copy; phpBB Group, 2003
-version = 3.0.12
+version = 3.0.14

 # Images
 img_site_logo = site_logo.gif*94*170
--- a/phpBB/styles/subsilver2/style.cfg
+++ b/phpBB/styles/subsilver2/style.cfg
@@ -19,4 +19,4 @@
 # General Information about this style
 name = subsilver2
 copyright = © 2005 phpBB Group
-version = 3.0.12
+version = 3.0.14
--- a/phpBB/styles/subsilver2/template/template.cfg
+++ b/phpBB/styles/subsilver2/template/template.cfg
@@ -19,7 +19,7 @@
 # General Information about this template
 name = subsilver2
 copyright = &copy; phpBB Group, 2003
-version = 3.0.12
+version = 3.0.14

 # Template inheritance
 # See http://blog.phpbb.com/2008/07/31/templating-just-got-easier/
--- a/phpBB/styles/subsilver2/theme/theme.cfg
+++ b/phpBB/styles/subsilver2/theme/theme.cfg
@@ -21,7 +21,7 @@
 # General Information about this theme
 name = subsilver2
 copyright = &copy; phpBB Group, 2003
-version = 3.0.12
+version = 3.0.14

 # Some configuration options

--- a/phpunit.xml.dist
+++ b/phpunit.xml.dist
@@ -32,8 +32,8 @@
    </groups>

    <filter>
-        <blacklist>
-            <directory>./tests</directory>
-        </blacklist>
+        <whitelist>
+            <directory suffix=".php">./phpBB/includes/</directory>
+        </whitelist>
    </filter>
 </phpunit>
--- a/tests/functional/acp_attachments_test.php
+++ b/tests/functional/acp_attachments_test.php
@@ -0,0 +1,78 @@
+<?php
+/**
+ *
+ * This file is part of the phpBB Forum Software package.
+ *
+ * @copyright (c) phpBB Limited <https://www.phpbb.com>
+ * @license GNU General Public License, version 2 (GPL-2.0)
+ *
+ * For full copyright and license information, please see
+ * the docs/CREDITS.txt file.
+ *
+ */
+
+/**
+ * @group functional
+ */
+class phpbb_functional_acp_attachments_test extends phpbb_functional_test_case
+{
+	public function data_imagick_path_linux()
+	{
+		return array(
+			array('/usr/bin', 'Configuration updated successfully'),
+			array('/usr/foobar', 'The entered path “/usr/foobar” does not exist.'),
+			array('/usr/bin/which', 'The entered path “/usr/bin/which” is not a directory.'),
+		);
+	}
+
+	/**
+	 * @dataProvider data_imagick_path_linux
+	 */
+	public function test_imagick_path_linux($imagick_path, $expected)
+	{
+		if (strtolower(substr(PHP_OS, 0, 5)) !== 'linux')
+		{
+			$this->markTestSkipped('Unable to test linux specific paths on other OS.');
+		}
+
+		$this->login();
+		$this->admin_login();
+
+		$crawler = self::request('GET', 'adm/index.php?i=attachments&mode=attach&sid=' . $this->sid);
+
+		$form = $crawler->selectButton('Submit')->form(array('config[img_imagick]'	=> $imagick_path));
+
+		$crawler = self::submit($form);
+		$this->assertContains($expected, $crawler->filter('#main')->text());
+	}
+
+	public function data_imagick_path_windows()
+	{
+		return array(
+			array('C:\Windows', 'Configuration updated successfully'),
+			array('C:\Windows\foobar1', 'The entered path “C:\Windows\foobar1” does not exist.'),
+			array('C:\Windows\explorer.exe', 'The entered path “C:\Windows\explorer.exe” is not a directory.'),
+		);
+	}
+
+	/**
+	 * @dataProvider data_imagick_path_windows
+	 */
+	public function test_imagick_path_windows($imagick_path, $expected)
+	{
+		if (strtolower(substr(PHP_OS, 0, 3)) !== 'win')
+		{
+			$this->markTestSkipped('Unable to test windows specific paths on other OS.');
+		}
+
+		$this->login();
+		$this->admin_login();
+
+		$crawler = self::request('GET', 'adm/index.php?i=attachments&mode=attach&sid=' . $this->sid);
+
+		$form = $crawler->selectButton('Submit')->form(array('config[img_imagick]'	=> $imagick_path));
+
+		$crawler = self::submit($form);
+		$this->assertContains($expected, $crawler->filter('#main')->text());
+	}
+}
--- a/tests/lint_test.php
+++ b/tests/lint_test.php
@@ -40,6 +40,8 @@ class phpbb_lint_test extends phpbb_test_case
 			dirname(__FILE__) . '/../build/new_version',
 			dirname(__FILE__) . '/../build/old_versions',
 			dirname(__FILE__) . '/../phpBB/cache',
+			dirname(__FILE__) . '/../phpBB/ext',
+			dirname(__FILE__) . '/../phpBB/store',
 			// PHP Fatal error:  Cannot declare class Container because the name is already in use in /var/www/projects/phpbb3/tests/../phpBB/vendor/symfony/dependency-injection/Symfony/Component/DependencyInjection/Tests/Fixtures/php/services1-1.php on line 20
 			// https://gist.github.com/e003913ffd493da63cbc
 			dirname(__FILE__) . '/../phpBB/vendor',
--- a/tests/security/redirect_test.php
+++ b/tests/security/redirect_test.php
@@ -18,12 +18,17 @@ class phpbb_security_redirect_test extends phpbb_security_test_base
 	{
 		// array(Input -> redirect(), expected triggered error (else false), expected returned result url (else false))
 		return array(
-			array('data://x', false, 'http://localhost/phpBB'),
+			array('data://x', 'Tried to redirect to potentially insecure url.', false),
 			array('bad://localhost/phpBB/index.php', 'Tried to redirect to potentially insecure url.', false),
-			array('http://www.otherdomain.com/somescript.php', false, 'http://localhost/phpBB'),
+			array('http://www.otherdomain.com/somescript.php', 'Tried to redirect to potentially insecure url.', false),
 			array("http://localhost/phpBB/memberlist.php\n\rConnection: close", 'Tried to redirect to potentially insecure url.', false),
 			array('javascript:test', false, 'http://localhost/phpBB/../javascript:test'),
 			array('http://localhost/phpBB/index.php;url=', 'Tried to redirect to potentially insecure url.', false),
+			array('https://foobar.com\@http://localhost/phpBB', 'Tried to redirect to potentially insecure url.', false),
+			array('https://foobar.com\@localhost/troll/http://localhost/', 'Tried to redirect to potentially insecure url.', false),
+			array('http://localhost.foobar.com\@localhost/troll/http://localhost/', 'Tried to redirect to potentially insecure url.', false),
+			array('http://localhost/phpBB', false, 'http://localhost/phpBB'),
+			array('http://localhost/phpBB/', false, 'http://localhost/phpBB/'),
 		);
 	}

--- a/tests/security/trailing_path_test.php
+++ b/tests/security/trailing_path_test.php
@@ -0,0 +1,60 @@
+<?php
+/**
+ *
+ * @package testing
+ * @copyright (c) 2011 phpBB Group
+ * @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2
+ *
+ */
+
+require_once dirname(__FILE__) . '/../../phpBB/includes/startup.php';
+
+class phpbb_security_trailing_path_test extends phpbb_test_case
+{
+	public function data_has_trailing_path()
+	{
+		return array(
+			array(false, '', '', ''),
+			array(true, '/', '', ''),
+			array(true, '/foo', '', ''),
+			array(true, '', '/foo', ''),
+			array(true, '/foo', '/foo', ''),
+			array(false, '', '', '/'),
+			array(false, '', '', '/?/x.php/'),
+			array(false, '', '', '/index.php'),
+			array(false, '', '', '/dir.phpisfunny/foo.php'),
+			array(true, '', '', '/index.php/foo.php'),
+			array(false, '', '', '/phpBB/viewtopic.php?f=3&amp;t=5'),
+			array(false, '', '', '/phpBB/viewtopic.php?f=3&amp;t=5/'),
+			array(false, '', '', '/phpBB/viewtopic.php?f=3&amp;t=5/foo'),
+			array(true, '/foo', '/foo', '/phpBB/viewtopic.php?f=3&amp;t=5/foo'),
+			array(false, '', '', '/projects/php.bb/phpBB/viewtopic.php?f=3&amp;t=5/'),
+			array(false, '', '', '/projects/php.bb/phpBB/viewtopic.php?f=3&amp;t=5'),
+			array(false, '', '', '/projects/php.bb/phpBB/viewtopic.php?f=3&amp;t=5/foo.php/'),
+			array(false, '', '', '/projects/php.bb/phpBB/index.php'),
+			array(true, '', '', '/projects/php.bb/phpBB/index.php/'),
+			array(true, '', '', '/phpBB/index.php/?foo/a'),
+			array(true, '', '', '/projects/php.bb/phpBB/index.php/?a=5'),
+			array(false, '', '', '/projects/php.bb/phpBB/index.php?/a=5'),
+			array(false, '', '/phpBB/index.php', '/phpBB/index.php', '/phpBB/index.php'),
+			array(true, '', '/phpBB/index.php', '/phpBB/index.php'),
+			array(true, '', '/phpBB/index.php/', '/phpBB/index.php/', '/phpBB/index.php'),
+			array(true, '', '/phpBB/index.php/', '/phpBB/index.php/'),
+		);
+	}
+
+	/**
+	 * @dataProvider data_has_trailing_path
+	 */
+	public function test_has_trailing_path($expected, $path_info, $orig_path_info, $request_uri, $script_name = '')
+	{
+		global $phpEx;
+
+		$_SERVER['PATH_INFO'] = $path_info;
+		$_SERVER['ORIG_PATH_INFO'] = $orig_path_info;
+		$_SERVER['REQUEST_URI'] = $request_uri;
+		$_SERVER['SCRIPT_NAME'] = $script_name;
+
+		$this->assertSame($expected, phpbb_has_trailing_path($phpEx));
+	}
+}
--- a/tests/test_framework/phpbb_functional_test_case.php
+++ b/tests/test_framework/phpbb_functional_test_case.php
@@ -601,7 +601,7 @@ class phpbb_functional_test_case extends phpbb_test_case
 	*/
 	static public function assert_response_status_code($status_code = 200)
 	{
-		self::assertEquals($status_code, self::$client->getResponse()->getStatus());
+		self::assertEquals($status_code, self::$client->getResponse()->getStatus(), 'HTTP status code does not match');
 	}

 	/**
--- a/travis/phpunit-mysql-5-2-travis.xml
+++ b/travis/phpunit-mysql-5-2-travis.xml
@@ -1,44 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<phpunit backupGlobals="true"
-         backupStaticAttributes="true"
-         colors="true"
-         convertErrorsToExceptions="true"
-         convertNoticesToExceptions="true"
-         convertWarningsToExceptions="true"
-         processIsolation="false"
-         stopOnFailure="false"
-         syntaxCheck="true"
-         strict="true"
-         verbose="true"
-         bootstrap="../tests/bootstrap.php">
-	<testsuites>
-		<testsuite name="phpBB Test Suite">
-			<directory suffix="_test.php">../tests/</directory>
-			<exclude>tests/functional</exclude>
-			<exclude>tests/lint_test.php</exclude>
-		</testsuite>
-		<testsuite name="phpBB Lint Test">
-			<file>tests/lint_test.php</file>
-		</testsuite>
-		<testsuite name="phpBB Functional Tests">
-			<directory suffix="_test.php" phpVersion="5.3.19" phpVersionOperator=">=">../tests/functional</directory>
-		</testsuite>
-	</testsuites>
-
-	<groups>
-		<exclude>
-			<group>slow</group>
-		</exclude>
-	</groups>
-
-	<php>
-		<server name="PHPBB_TEST_DBMS" value="mysqli" />
-		<server name="PHPBB_TEST_DBHOST" value="0.0.0.0" />
-		<server name="PHPBB_TEST_DBPORT" value="3306" />
-		<server name="PHPBB_TEST_DBNAME" value="phpbb_tests" />
-		<server name="PHPBB_TEST_DBUSER" value="root" />
-		<server name="PHPBB_TEST_DBPASSWD" value="" />
-		<server name="PHPBB_TEST_TABLE_PREFIX" value="phpbb_"/>
-		<server name="PHPBB_FUNCTIONAL_URL" value="http://localhost/" />
-	</php>
-</phpunit>
--- a/travis/setup-webserver.sh
+++ b/travis/setup-webserver.sh
@@ -6,12 +6,6 @@
 set -e
 set -x

-if [ "$TRAVIS_PHP_VERSION" = 'hhvm' ]
-then
-	# Add PPA providing dependencies for recent HHVM on Ubuntu 12.04.
-	sudo add-apt-repository -y ppa:mapnik/boost
-fi
-
 sudo apt-get update
 sudo apt-get install -y nginx realpath

@@ -25,11 +19,9 @@ APP_SOCK=$(realpath "$DIR")/php-app.sock

 if [ "$TRAVIS_PHP_VERSION" = 'hhvm' ]
 then
-	# Upgrade to a recent stable version of HHVM
-	sudo apt-get -o Dpkg::Options::="--force-confnew" install -y hhvm-nightly
-
 	HHVM_LOG=$(realpath "$DIR")/hhvm.log

+    sudo service hhvm stop
 	sudo hhvm \
 		--mode daemon \
 		--user "$USER" \
Author	SHA1	Message	Date
Joas Schilling	0d349a82ca	Merge pull request #3700 from Nicofuma/ticket/13823 [ticket/13823] Change diff options while packaging to not ignore all whitespaces	2015-06-10 22:22:52 +02:00
Tristan Darricau	cdf580ee37	[ticket/13823] Change diff options while packaging to not ignore all whitespaces Removed: -w, --ignore-all-space Ignore white space when comparing lines. Added: -Z, --ignore-trailing-space Ignore white space at line end. -b, --ignore-space-change Ignore changes in the amount of white space. PHPBB3-13823	2015-06-10 14:15:10 +02:00
Marc Alexander	88d16b47a4	Merge pull request #3697 from Elsensee/ticket/13833-30x [ticket/13833] Prevent flooding if type=submit doesn't exist	2015-06-08 17:52:31 +02:00
Oliver Schramm	2c6369c5d9	[ticket/13833] Prevent flooding if type=submit doesn't exist PHPBB3-13833	2015-06-08 17:01:52 +02:00
Andreas Fischer	fedd0ae7f3	Merge pull request #3639 from marc1706/ticket/13875 [ticket/13875] Ignore cache, ext, and store folder in lint test * marc1706/ticket/13875: [ticket/13875] Ignore cache, ext, and store folder in lint test	2015-05-29 22:31:41 +02:00
Marc Alexander	ba205a6bce	[ticket/13875] Ignore cache, ext, and store folder in lint test PHPBB3-13875	2015-05-28 13:35:32 +02:00
Andreas Fischer	52aafb4dea	Merge branch 'prep-release-3.0.14' into 3.0.x * prep-release-3.0.14: [prep-release-3.0.14] Add security relevant changes to CHANGELOG.html. [prep-release-3.0.14] Bump version numbers for 3.0.14 release. Conflicts: build/build.xml phpBB/includes/constants.php phpBB/install/database_update.php phpBB/install/schemas/schema_data.sql	2015-05-03 16:41:58 +02:00
Andreas Fischer	11242dd07d	[prep-release-3.0.14] Add security relevant changes to CHANGELOG.html.	2015-05-03 16:22:28 +02:00
Andreas Fischer	5382552fc8	[prep-release-3.0.14] Bump version numbers for 3.0.14 release.	2015-05-03 14:40:50 +02:00
Tristan Darricau	9c320ccdce	Merge pull request #3575 from marc1706/ticket/13792 [ticket/13792] Use hhvm instead of manually installing nightlys for now	2015-05-02 11:45:05 +02:00
Marc Alexander	7f820ee962	[ticket/13792] Use hhvm instead of manually installing nightlys for now Nightly builds are currently not supported because packages for precise no longer exist and travis is still running on it. PHPBB3-13792	2015-05-01 15:45:40 +02:00
Andreas Fischer	2fb7ef2668	Merge branch 'prep-release-3.0.14' into 3.0.x * prep-release-3.0.14: [ticket/security-180] Add tests for redirecting to main URL [ticket/security-180] Always fail when redirecting to an insecure URL [ticket/security-180] Make sure that redirect goes to full URL plus slash [ticket/security-180] Check if redirect URL contains board URL	2015-04-28 21:55:15 +02:00
Andreas Fischer	1a3350619f	Merge remote-tracking branch 'phpbb-security/ticket/security-180' into prep-release-3.0.14 * phpbb-security/ticket/security-180: [ticket/security-180] Add tests for redirecting to main URL [ticket/security-180] Always fail when redirecting to an insecure URL [ticket/security-180] Make sure that redirect goes to full URL plus slash [ticket/security-180] Check if redirect URL contains board URL	2015-04-28 21:54:50 +02:00
Andreas Fischer	6d8df7332c	[3.0.x] Increment version number to 3.0.15-dev.	2015-04-28 20:40:20 +02:00
Andreas Fischer	d833f29069	[3.0.x] Add changelog for 3.0.14 release.	2015-04-28 18:57:03 +02:00
Andreas Fischer	ce74a0bd6c	[3.0.x] Bump version numbers for 3.0.14-RC1 release.	2015-04-27 23:22:44 +02:00
Andreas Fischer	cd6c0427fb	[3.0.x] Bumping version numbers to final for 3.0.14 releases.	2015-04-27 23:13:56 +02:00
Andreas Fischer	4d63032024	Merge pull request #3549 from bantu/ticket/13765 [ticket/13765] Verify SERVER_PROTOCOL has the expected format before using it. * bantu/ticket/13765: [ticket/13765] Verify SERVER_PROTOCOL has the expected format before using it.	2015-04-25 18:10:45 +02:00
Joas Schilling	463c62df18	[ticket/13765] Verify SERVER_PROTOCOL has the expected format before using it. PHPBB3-13765	2015-04-25 17:22:10 +02:00
Marc Alexander	18fc621d73	[ticket/security-180] Add tests for redirecting to main URL SECURITY-180	2015-04-23 15:27:30 +02:00
Joas Schilling	ee658bfe7b	[ticket/security-180] Always fail when redirecting to an insecure URL SECURITY-180	2015-04-11 17:08:28 +02:00
Marc Alexander	bca1b96b2e	[ticket/security-180] Make sure that redirect goes to full URL plus slash SECURITY-180	2015-04-11 16:41:20 +02:00
Marc Alexander	eed355b798	[ticket/security-180] Check if redirect URL contains board URL SECURITY-180	2015-04-10 18:10:32 +02:00
Joas Schilling	35d2467c94	Merge pull request #3512 from bantu/ticket/13738 [ticket/13738] Use new branch names in sami-all.conf.php.	2015-04-03 18:41:41 +02:00
Andreas Fischer	d6d9ff51b2	[ticket/13738] Use new branch names in sami-all.conf.php. PHPBB3-13738	2015-04-02 12:30:39 +02:00
Nicofuma	b9db47e3f5	Merge pull request #3359 from marc1706/ticket/13568 [ticket/13568] Validate imagick path as readable absolute path closes #3359	2015-03-29 19:41:13 +02:00
Andreas Fischer	1efbb5b3bb	Merge pull request #3493 from prototech/ticket/13555 [ticket/13555] Render poll options separately when previewing. * prototech/ticket/13555: [ticket/13555] Render poll options separately when previewing.	2015-03-26 11:15:36 +01:00
Oliver Schramm	84d77d6cd5	Merge pull request #3505 from Nicofuma/ticket/13723 [ticket/13723] Add Elsensee to authors list	2015-03-25 21:44:09 +01:00
Nicofuma	44540b6112	[ticket/13723] Add Elsensee to authors list PHPBB3-13723	2015-03-25 21:31:50 +01:00
JoshyPHP	1df97c205d	[ticket/13555] Render poll options separately when previewing. This prevents an option from being split into two when a line break is present inside of it. PHPBB3-13555	2015-03-19 15:32:31 -07:00
Joas Schilling	62973faf4b	Merge pull request #3443 from naderman/ticket/13617 [ticket/13617] Enforce column size limit for session_forum_id	2015-02-27 22:43:32 +01:00
Nils Adermann	6f3f6282d1	[ticket/13617] Enforce column size limit for session_forum_id PHPBB3-13617	2015-02-25 16:20:50 +01:00
Andreas Fischer	3db7ac0aad	Merge pull request #3422 from VSEphpbb/ticket/13634-3.0.x [ticket/13634] Update branch names on README * VSEphpbb/ticket/13634-3.0.x: [ticket/13634] Update links to travis build icons [ticket/13634] Update branch names on README	2015-02-19 19:27:14 +01:00
Matt Friedman	bbf4bcc986	[ticket/13634] Update links to travis build icons PHPBB3-13634	2015-02-18 08:42:14 -08:00
Matt Friedman	03f9c69e60	[ticket/13634] Update branch names on README PHPBB3-13634	2015-02-18 08:37:36 -08:00
Marc Alexander	877774a296	Merge pull request #3393 from bantu/ticket/13599 [ticket/13599] Remove Travis CI PHP 5.2 environment. No longer supported.	2015-02-13 12:02:25 +01:00
Andreas Fischer	0a775e0433	[ticket/13599] Remove Travis CI PHP 5.2 environment. No longer supported. PHPBB3-13599	2015-02-12 22:12:32 +01:00
Marc Alexander	7c5d872344	[ticket/13568] Also check if absolute_path_writable is writable PHPBB3-13568	2015-02-06 10:15:36 +01:00
Andreas Fischer	2787e799e1	Merge pull request #3365 from marc1706/ticket/13348-olympus [ticket/13348] Use close method to free query result handle * marc1706/ticket/13348-olympus: [ticket/13348] Remove unnecessary global $cache [ticket/13348] Use close method to free query result handle	2015-02-03 20:36:27 +01:00
Marc Alexander	4e06ab16f0	[ticket/13348] Remove unnecessary global $cache $cache is not used in the method get_item(). PHPBB3-13348	2015-02-03 18:24:16 +01:00
Marc Alexander	1f2cb69c8a	[ticket/13348] Use close method to free query result handle PHPBB3-13348	2015-02-03 18:23:13 +01:00
Marc Alexander	a3be531020	[ticket/13568] Use correct data provider on windows PHPBB3-13568	2015-02-03 16:34:41 +01:00
Andreas Fischer	e86b7ce562	Merge pull request #3363 from Nicofuma/ticket/13572 [ticket/13572] Update composer to version 1.0.0-alpha9 * Nicofuma/ticket/13572: [ticket/13572] Update composer to version 1.0.0-alpha9	2015-02-03 10:30:02 +01:00
Nicofuma	f4f983c0f6	[ticket/13572] Update composer to version 1.0.0-alpha9 PHPBB3-13572	2015-02-03 10:25:39 +01:00
Marc Alexander	ffe0e46e82	[ticket/13568] Add imagick tests for windows PHPBB3-13568	2015-02-02 20:39:58 +01:00
Marc Alexander	d50cec998c	[ticket/13568] Correctly check rpath and rwpath validation options PHPBB3-13568	2015-02-02 18:44:48 +01:00
Marc Alexander	b53fd867be	[ticket/13568] Add more test cases for imagick path PHPBB3-13568	2015-02-02 18:33:53 +01:00
Marc Alexander	a93df0e511	[ticket/13568] Use more descriptive validation names and merge with path block PHPBB3-13568	2015-02-02 18:30:05 +01:00
Marc Alexander	99574cf5e5	[ticket/13568] Add functional test for imagick path setting PHPBB3-13568	2015-02-02 16:11:00 +01:00
Marc Alexander	19421fcdef	[ticket/13568] Validate imagick path as readable absolute path PHPBB3-13568	2015-02-02 15:59:52 +01:00
Andreas Fischer	7273591560	Merge branch 'prep-release-3.0.13' into develop-olympus * prep-release-3.0.13: [prep-release-3.0.13] Correct changelog link to 3.0.13 changes. [prep-release-3.0.13] Also update version in references to files. [prep-release-3.0.13] Add changelog for 3.0.13-PL1 release. [prep-release-3.0.13] Get rid of roman numbers in CHANGELOG.html. [prep-release-3.0.13] Bump version numbers for 3.0.13-PL1 release. Conflicts: build/build.xml phpBB/includes/constants.php phpBB/install/database_update.php phpBB/install/schemas/schema_data.sql	2015-01-30 13:40:44 +01:00
Andreas Fischer	5f237a0426	[prep-release-3.0.13] Correct changelog link to 3.0.13 changes.	2015-01-30 01:32:34 +01:00
Andreas Fischer	1e94b0ae71	[prep-release-3.0.13] Also update version in references to files.	2015-01-29 23:32:05 +01:00
Andreas Fischer	5fea945b5b	[prep-release-3.0.13] Add changelog for 3.0.13-PL1 release.	2015-01-29 23:27:12 +01:00
Andreas Fischer	208923563e	[prep-release-3.0.13] Get rid of roman numbers in CHANGELOG.html.	2015-01-29 23:16:34 +01:00
Andreas Fischer	40e676ad03	[prep-release-3.0.13] Bump version numbers for 3.0.13-PL1 release.	2015-01-29 18:17:29 +01:00
Dhruv	cc210b1842	Merge remote-tracking branch 'upstream/prep-release-3.0.13' into develop-olympus	2015-01-29 11:51:33 +05:30
Dhruv Goel	36f8fb2b37	Merge pull request #3347 from bantu/ticket/13554 [ticket/13554] Show feature release upgrades in blue rather than red.	2015-01-29 11:47:37 +05:30
Andreas Fischer	6f5524de26	Merge branch 'prep-release-3.0.13' into develop-olympus * prep-release-3.0.13: [ticket/13549] Do not exit when ORIG_PATH_INFO just contains SCRIPT_NAME.	2015-01-29 00:08:23 +01:00
Andreas Fischer	872caf805c	Merge pull request #3348 from bantu/ticket/13549 [ticket/13549] Do not exit when ORIG_PATH_INFO just contains SCRIPT_NAME... * bantu/ticket/13549: [ticket/13549] Do not exit when ORIG_PATH_INFO just contains SCRIPT_NAME.	2015-01-29 00:06:00 +01:00
Andreas Fischer	f48cc8bbe9	Merge branch 'prep-release-3.0.13' into develop-olympus * prep-release-3.0.13: [ticket/12933] Handle case when * is last character of word	2015-01-29 00:03:16 +01:00
Andreas Fischer	8da3a6f117	Merge pull request #3349 from bantu/ticket/12933 [ticket/12933] Handle case when * is last character of word * bantu/ticket/12933: [ticket/12933] Handle case when * is last character of word	2015-01-29 00:03:05 +01:00
Marc Alexander	7495055907	[ticket/13549] Do not exit when ORIG_PATH_INFO just contains SCRIPT_NAME. The ORIG_PATH_INFO on IIS also contains the script name. Only use that for killing the script after removing the script name from ORIG_PATH_INFO. PHPBB3-13549	2015-01-28 22:07:16 +01:00
Dhruv	5eb0d422c8	[ticket/12933] Handle case when * is last character of word PHPBB3-12933	2015-01-28 21:59:58 +01:00
Andreas Fischer	dff1ea6b85	[ticket/13554] Show feature release upgrades in blue rather than red. PHPBB3-13554	2015-01-28 21:59:03 +01:00
Andreas Fischer	9d72463824	Merge pull request #3343 from marc1706/ticket/13414 [ticket/13414] Set Content-Length header only if status is not 304 * marc1706/ticket/13414: [ticket/13414] Set Content-Length header only if status is not 304	2015-01-28 19:48:42 +01:00
Marc Alexander	a9fa20bb91	[ticket/13414] Set Content-Length header only if status is not 304 PHPBB3-13414	2015-01-28 15:50:48 +01:00
Nils Adermann	ebd5aace3f	Merge branch 'prep-release-3.0.13' into develop-olympus * prep-release-3.0.13: [prep-release-3.0.13] Bump version numbers for 3.0.13 release [prep-release-3.0.13] Highlight security relevant changes Conflicts: build/build.xml phpBB/includes/constants.php phpBB/install/database_update.php phpBB/install/schemas/schema_data.sql	2015-01-26 18:57:06 +01:00
Nils Adermann	5ce89ae82f	[prep-release-3.0.13] Bump version numbers for 3.0.13 release	2015-01-26 18:08:31 +01:00
Nils Adermann	4b42589cfa	[prep-release-3.0.13] Highlight security relevant changes	2015-01-26 17:53:43 +01:00
Andreas Fischer	4c11ea97d5	Merge pull request #3339 from nickvergessen/ticket/12089 [ticket/12089] Add assert message on HTTP status code check * nickvergessen/ticket/12089: [ticket/12089] Add assert message on HTTP status code check	2015-01-26 02:47:36 +01:00
Joas Schilling	ed2d080551	[ticket/12089] Add assert message on HTTP status code check PHPBB3-12089	2015-01-25 23:06:56 +01:00
Andreas Fischer	14585fcb4f	[develop-olympus] Increment version number to 3.0.14-dev.	2015-01-21 15:15:30 +01:00
Andreas Fischer	2c9e178a42	[develop-olympus] Add changelog for 3.0.13 release.	2015-01-21 01:45:23 +01:00
Andreas Fischer	9f7f366573	[develop-olympus] Bump version numbers for 3.0.13-RC1 release.	2015-01-21 01:32:18 +01:00
Andreas Fischer	c09023d1db	[develop-olympus] Bumping version numbers to final for 3.0.13 releases.	2015-01-21 01:25:50 +01:00
Nils Adermann	eaeb88133f	Merge pull request #3316 from bantu/ticket/13531 [ticket/13531] Explicitly disallow trailing paths (e.g. PATH_INFO).	2015-01-21 01:05:13 +01:00
Andreas Fischer	e34b92882a	[ticket/13531] Send 404 Not Found. PHPBB3-13531	2015-01-21 01:02:16 +01:00
Marc Alexander	4b9434bf1b	[ticket/13531] Explicitly disallow trailing paths (e.g. PATH_INFO). PHPBB3-13531	2015-01-21 01:02:08 +01:00
Andreas Fischer	d17904884e	Merge pull request #3312 from bantu/ticket/13527 [ticket/13527] Escape information received from version server * bantu/ticket/13527: [ticket/13527] Apply htmlspecialchars() to data from version server. [ticket/13527] Remove two unused variables.	2015-01-20 23:14:38 +01:00
Andreas Fischer	a8027c542f	Merge pull request #3311 from bantu/ticket/13526 [ticket/13526] Correctly validate the ucp_pm_options form key. * bantu/ticket/13526: [ticket/13526] Correctly validate the ucp_pm_options form key.	2015-01-20 23:12:00 +01:00
Andreas Fischer	3134b6b70e	Merge pull request #3306 from marc1706/ticket/13519 [ticket/13519] Correctly validate imagick path as path and not string * marc1706/ticket/13519: [ticket/13519] Correctly validate imagick path as path and not string	2015-01-20 23:10:19 +01:00
Andreas Fischer	92b5222295	[ticket/13527] Apply htmlspecialchars() to data from version server. PHPBB3-13527	2015-01-20 22:40:39 +01:00
Andreas Fischer	251868dd7e	[ticket/13527] Remove two unused variables. PHPBB3-13527	2015-01-20 22:34:14 +01:00
Joas Schilling	23069a13e2	[ticket/13526] Correctly validate the ucp_pm_options form key. PHPBB3-13526	2015-01-20 22:16:24 +01:00
Joas Schilling	03e3ee7f16	Merge pull request #3310 from bantu/ticket/13523 [ticket/13523] Install PHPUnit manually instead of from PEAR.	2015-01-20 20:47:36 +01:00
Andreas Fischer	0beb9128f9	[ticket/13523] Install PHPUnit manually instead of from PEAR. The pear.phpunit.de channel has been shut down in 2014. PHPBB3-13523	2015-01-20 20:31:08 +01:00
Nils Adermann	ebbe6a7791	Merge pull request #2990 from Senky/ticket/10985 [ticket/10985] Error bbcode.html not found when updating with custom style inheriting from prosilver	2015-01-19 22:27:14 +01:00
Marc Alexander	6564446b0f	[ticket/13519] Correctly validate imagick path as path and not string PHPBB3-13519	2015-01-19 20:47:47 +01:00
Tristan Darricau	b54dbe0df6	Merge pull request #3188 from marc1706/ticket/11613 [ticket/11613] Allow cookies for domains without dots * marc1706/ticket/11613: [ticket/11613] Allow cookies to work on netbios domains	2014-11-27 10:38:45 +01:00
Jakub Senko	b67b67f2df	[ticket/11613] Allow cookies to work on netbios domains PHPBB3-11613	2014-11-26 14:58:33 +01:00
Joas Schilling	ff9b541070	Merge pull request #3180 from naderman/ticket/13376 [ticket/13376] Revert unnecessary change for cookies called GLOBALS `92f554e3`	2014-11-25 16:36:18 +01:00
Nils Adermann	965042d015	[ticket/13376] Revert unnecessary change for cookies called GLOBALS `92f554e3` Also introduce a clear cookie message hardcoded just in case. PHPBB3-13376	2014-11-25 15:57:12 +01:00
Joas Schilling	a415b8e37b	Merge pull request #3164 from Crizz0/ticket/10442 [ticket/10442] Adds <dd> </dd> to <dl> for xhtml correctness	2014-11-22 11:31:31 +01:00
Crizzo	867bfa3f9e	[ticket/10442] Adds <dd> </dd> to <dl> for xhtml correctness PHPBB3-10442	2014-11-22 01:08:14 +01:00
Joas Schilling	d4fd5e3365	Merge pull request #3146 from bantu/ticket/13341 [ticket/13341] Change coverage to whitelist to prevent errors with temp ...	2014-11-17 22:47:17 +01:00
Andreas Fischer	c40d7f0896	[ticket/13341] Change coverage to whitelist to prevent errors with temp files. `b4f95deefc` suggests that this can lead to issues with classes having the same name. However, this does not seem to be a problem with the current version of PHPUnit we are using. Despite https://phpunit.de/manual/4.1/en/code-coverage-analysis.html saying that addUncoveredFilesFromWhitelist="true" is optional, this seems to be on by default in PHPUnit 4.1.0. As a result, all files are considered for code coverage; which is what we want. processUncoveredFilesFromWhitelist is however false (by default) and as such even files that are considered for code coverage are not processed through PHP when not used in actual tests. Since it is already impossible to test multiple classes with the same name in the same test run (without process isolation), because that would already lead to "cannot redeclare class" errors, it is also impossible for "cannot redeclare class" errors to happen in test coverage. PHPBB3-13341	2014-11-14 13:44:42 +01:00
Joas Schilling	b99fbd0be0	Merge pull request #3142 from bantu/ticket/13331 [ticket/13331] Use docs target for this branch, add docs-all for all branches	2014-11-12 22:55:30 +01:00
Andreas Fischer	b55d744e77	[ticket/13331] Use docs target for this branch, add docs-all for dev branches. PHPBB3-13331	2014-11-12 21:40:26 +01:00
Tristan Darricau	6949f64d28	Merge pull request #3133 from bantu/ticket/13324 [ticket/13324] Update sami/sami and fabpot/goutte for new zipball location * bantu/ticket/13324: [ticket/13324] Update sami/sami and fabpot/goutte for new zipball location.	2014-11-11 15:27:53 +01:00
Andreas Fischer	9bd24e2efb	[ticket/13324] Update sami/sami and fabpot/goutte for new zipball location. PHPBB3-13324	2014-11-11 12:23:02 +01:00
Jakub Senko	ca7f4fb531	[ticket/10985] Add fix to properly inherit style during update process PHPBB3-10985	2014-09-23 23:03:07 +02:00