[prep-release-3.1.11] Add migration for 3.1.11

[ticket/security/210] Prevent using IP addresses or ports for remote avatar

.github/CONTRIBUTING.md

@@ -2,5 +2,5 @@
 
 1. [Create an account on phpBB.com](http://www.phpbb.com/community/ucp.php?mode=register)
 2. [Create a ticket (unless there already is one)](http://tracker.phpbb.com/secure/CreateIssue!default.jspa)
-3. Read our [Coding guidelines](https://wiki.phpbb.com/Coding_guidelines) and [Git Contribution Guidelines](http://wiki.phpbb.com/Git); if you're new to git, also read [the introduction guide](http://wiki.phpbb.com/display/DEV/Working+with+Git)
+3. Read our [Coding guidelines](https://wiki.phpbb.com/Coding_guidelines) and [Git Contribution Guidelines](http://wiki.phpbb.com/Git)
 4. Send us a pull request

.github/PULL_REQUEST_TEMPLATE.md

@@ -0,0 +1,10 @@
+Checklist:
+
+- [ ] Correct branch: master for new features; 3.2.x, 3.1.x for fixes
+- [ ] Tests pass
+- [ ] Code follows coding guidelines: [master / 3.2.x](https://area51.phpbb.com/docs/master/coding-guidelines.html), [3.1.x](https://area51.phpbb.com/docs/31x/coding-guidelines.html)
+- [ ] Commit follows commit message [format](https://wiki.phpbb.com/Git#Commit_Messages)
+
+Tracker ticket (set the ticket ID to **your ticket ID**):
+
+https://tracker.phpbb.com/browse/PHPBB3-12345

.jshintrc

@@ -19,6 +19,7 @@
   "jquery": true,
 
   "globals": {
-    "JSON": true
+    "JSON": true,
+    "phpbb": true
   }
 }

.travis.yml

@@ -22,12 +22,9 @@ matrix:
       env: DB=mysqli
     - php: 5.6
       env: DB=mysqli
-    - php: 7.0
-      env: DB=mysqli
     - php: hhvm
       env: DB=mysqli
   allow_failures:
-    - php: 7.0
     - php: hhvm
   fast_finish: true
 
@@ -50,4 +47,3 @@ script:
   - sh -c "if [ '$SLOWTESTS' != '1' ]; then phpBB/vendor/bin/phpunit --configuration travis/phpunit-$DB-travis.xml; fi"
   - sh -c "if [ '$SLOWTESTS' = '1' ]; then phpBB/vendor/bin/phpunit --configuration travis/phpunit-$DB-travis.xml --group slow; fi"
   - sh -c "if [ '$TRAVIS_PHP_VERSION' = '5.3.3' -a '$DB' = 'mysqli' -a '$TRAVIS_PULL_REQUEST' != 'false' ]; then git-tools/commit-msg-hook-range.sh origin/$TRAVIS_BRANCH..FETCH_HEAD; fi"
-

README.md

@@ -2,34 +2,34 @@
 
 ## ABOUT
 
-phpBB is a free bulletin board written in PHP.
+phpBB is a free open-source bulletin board written in PHP.
 
 ## COMMUNITY
 
-Find support and lots more on [phpBB.com](http://www.phpbb.com)! Discuss the development on [area51](http://area51.phpbb.com/phpBB/index.php).
+Get your copy of phpBB, find support and lots more on [phpBB.com](http://www.phpbb.com)! Discuss the development on [area51](http://area51.phpbb.com/phpBB/index.php).
 
 ## INSTALLING DEPENDENCIES
 
 To be able to run an installation from the repo (and not from a pre-built package) you need to run the following commands to install phpBB's dependencies.
 
 	cd phpBB
-	php ../composer.phar install --dev
+	php ../composer.phar install
 
 
 ## CONTRIBUTE
 
 1. [Create an account on phpBB.com](http://www.phpbb.com/community/ucp.php?mode=register)
 2. [Create a ticket (unless there already is one)](http://tracker.phpbb.com/secure/CreateIssue!default.jspa)
-3. [Read our Git Contribution Guidelines](http://wiki.phpbb.com/Git); if you're new to git, also read [the introduction guide](http://wiki.phpbb.com/display/DEV/Working+with+Git)
+3. Read our [Coding guidelines](https://wiki.phpbb.com/Coding_guidelines) and [Git Contribution Guidelines](http://wiki.phpbb.com/Git)
 4. Send us a pull request
 
 ## AUTOMATED TESTING
 
-We have unit and functional tests in order to prevent regressions. You can view the bamboo continuous integration [here](http://bamboo.phpbb.com) or check our travis build below:
+We have unit and functional tests in order to prevent regressions. You can view the bamboo continuous integration [here](http://bamboo.phpbb.com) or check our travis builds below:
 
 * [![Build Status](https://secure.travis-ci.org/phpbb/phpbb.png?branch=master)](http://travis-ci.org/phpbb/phpbb) **master** - Latest development version
+* [![Build Status](https://secure.travis-ci.org/phpbb/phpbb.png?branch=3.2.x)](http://travis-ci.org/phpbb/phpbb) **3.2.x** - Development of version 3.2.x
 * [![Build Status](https://secure.travis-ci.org/phpbb/phpbb.png?branch=3.1.x)](http://travis-ci.org/phpbb/phpbb) **3.1.x** - Development of version 3.1.x
-* [![Build Status](https://secure.travis-ci.org/phpbb/phpbb.png?branch=3.0.x)](http://travis-ci.org/phpbb/phpbb) **3.0.x** - Development of version 3.0.x
 
 ## LICENSE
 

build/build.xml

@@ -2,9 +2,9 @@
 
 <project name="phpBB" description="The phpBB forum software" default="all" basedir="../">
 	<!-- a few settings for the build -->
-	<property name="newversion" value="3.1.6-RC1" />
-	<property name="prevversion" value="3.1.5" />
-	<property name="olderversions" value="3.0.12, 3.0.13, 3.0.13-PL1, 3.0.14, 3.1.0, 3.1.1, 3.1.2, 3.1.3, 3.1.4" />
+	<property name="newversion" value="3.1.11" />
+	<property name="prevversion" value="3.1.10" />
+	<property name="olderversions" value="3.0.14, 3.1.0, 3.1.1, 3.1.2, 3.1.3, 3.1.4, 3.1.5, 3.1.6, 3.1.7, 3.1.7-pl1, 3.1.8, 3.1.9, 3.1.11-RC1" />
 	<!-- no configuration should be needed beyond this point -->
 
 	<property name="oldversions" value="${olderversions}, ${prevversion}" />
@@ -49,7 +49,7 @@
 	-->
 	<target name="composer">
 		<exec dir="phpBB"
-			command="php ../composer.phar install --dev"
+			command="php ../composer.phar install --ignore-platform-reqs"
 			checkreturn="true"
 			passthru="true" />
 	</target>
@@ -143,6 +143,7 @@
 		<phingcall target="export">
 			<property name="revision" value="release-${version}" />
 			<property name="dir" value="build/old_versions/release-${version}" />
+			<property name="skip-composer" value="true" />
 		</phingcall>
 
 		<phingcall target="clean-diff-dir">
@@ -251,26 +252,35 @@
 			<equals arg1="${composer-has-dependencies}" arg2="1" trim="true" />
 			<then>
 				<!-- We have non-dev composer dependencies -->
-				<exec dir="."
-					command="git ls-tree ${revision} composer.phar"
-					checkreturn="true"
-					outputProperty='composer-ls-tree-output' />
 				<if>
-					<equals arg1="${composer-ls-tree-output}" arg2="" trim="true" />
+					<not><isset property="skip-composer" /></not>
 					<then>
-						<fail message="There are composer dependencies, but composer.phar is missing." />
-					</then>
-					<else>
-						<!-- Export the phar, install dependencies, delete phar. -->
 						<exec dir="."
-							command="git archive ${revision} composer.phar | tar -xf - -C ${dir}"
-							checkreturn="true" />
-						<exec dir="${dir}"
-							command="php composer.phar install --no-dev --optimize-autoloader"
+							command="git ls-tree ${revision} composer.phar"
 							checkreturn="true"
-							passthru="true" />
-						<delete file="${dir}/composer.phar" />
-					</else>
+							outputProperty='composer-ls-tree-output' />
+						<if>
+							<equals arg1="${composer-ls-tree-output}" arg2="" trim="true" />
+							<then>
+								<fail message="There are composer dependencies, but composer.phar is missing." />
+							</then>
+							<else>
+								<!-- Export the phar, install dependencies, delete phar. -->
+								<exec dir="."
+									command="git archive ${revision} composer.phar | tar -xf - -C ${dir}"
+									checkreturn="true" />
+								<exec dir="${dir}"
+									command="php composer.phar install --no-dev --optimize-autoloader --ignore-platform-reqs"
+									checkreturn="true"
+									passthru="true" />
+								<delete file="${dir}/composer.phar" />
+
+								<phingcall target="clean-vendor-dir">
+									<property name="dir" value="${dir}" />
+								</phingcall>
+							</else>
+						</if>
+					</then>
 				</if>
 			</then>
 			<else>
@@ -287,10 +297,6 @@
 		<delete dir="${dir}/develop" />
 		<delete dir="${dir}/install/data" />
 
-		<phingcall target="clean-vendor-dir">
-			<property name="dir" value="${dir}" />
-		</phingcall>
-
 		<echo msg="Setting permissions for checkout of ${revision} in ${dir}" />
 		<!-- set permissions of all files to 644, directories to 755 -->
 		<exec dir="${dir}" command="find . -type f|xargs chmod 644" escape="false" />
@@ -307,6 +313,7 @@
 		<delete dir="${dir}/vendor/lusitanian/oauth/examples" />
 		<delete dir="${dir}/vendor/lusitanian/oauth/tests" />
 		<delete file="${dir}/vendor/lusitanian/oauth/.gitignore" />
+		<delete file="${dir}/vendor/lusitanian/oauth/.scrutinizer.yml" />
 		<delete file="${dir}/vendor/lusitanian/oauth/.travis.yml" />
 		<delete file="${dir}/vendor/lusitanian/oauth/phpunit.xml.dist" />
 		<delete file="${dir}/vendor/lusitanian/oauth/README.md" />
@@ -381,10 +388,9 @@
 		<delete file="${dir}/vendor/twig/twig/.editorconfig" />
 		<delete file="${dir}/vendor/twig/twig/.gitignore" />
 		<delete file="${dir}/vendor/twig/twig/.travis.yml" />
-		<delete file="${dir}/vendor/twig/twig/AUTHORS" />
 		<delete file="${dir}/vendor/twig/twig/CHANGELOG" />
 		<delete file="${dir}/vendor/twig/twig/phpunit.xml.dist" />
-		<delete file="${dir}/vendor/twig/twig/README.markdown" />
+		<delete file="${dir}/vendor/twig/twig/README.rst" />
 	</target>
 
 	<target name="clean-diff-dir">

build/code_sniffer/phpbb/Sniffs/Namespaces/UnusedUseSniff.php

@@ -129,53 +129,19 @@ class phpbb_Sniffs_Namespaces_UnusedUseSniff implements PHP_CodeSniffer_Sniff
 			}
 		}
 
+		$old_docblock = $stackPtr;
+		while (($docblock = $phpcsFile->findNext(T_DOC_COMMENT_CLOSE_TAG, ($old_docblock + 1))) !== false)
+		{
+			$old_docblock = $docblock;
+			$ok = $this->checkDocblock($phpcsFile, $docblock, $tokens, $class_name_full, $class_name_short) ? true : $ok;
+		}
+
 		// Checks in type hinting
 		$old_function_declaration = $stackPtr;
 		while (($function_declaration = $phpcsFile->findNext(T_FUNCTION, ($old_function_declaration + 1))) !== false)
 		{
 			$old_function_declaration = $function_declaration;
 
-			// Check docblocks
-			$find = array(
-				T_COMMENT,
-				T_DOC_COMMENT_CLOSE_TAG,
-				T_DOC_COMMENT,
-				T_CLASS,
-				T_FUNCTION,
-				T_OPEN_TAG,
-			);
-
-			$comment_end = $phpcsFile->findPrevious($find, ($function_declaration - 1));
-			if ($comment_end !== false)
-			{
-				if ($tokens[$comment_end]['code'] === T_DOC_COMMENT_CLOSE_TAG)
-				{
-					$comment_start = $tokens[$comment_end]['comment_opener'];
-					foreach ($tokens[$comment_start]['comment_tags'] as $tag) {
-						if ($tokens[$tag]['content'] !== '@param' && $tokens[$tag]['content'] !== '@return' && $tokens[$tag]['content'] !== '@throws') {
-							continue;
-						}
-
-						$classes = $tokens[($tag + 2)]['content'];
-						$space = strpos($classes, ' ');
-						if ($space !== false) {
-							$classes = substr($classes, 0, $space);
-						}
-
-						$tab = strpos($classes, "\t");
-						if ($tab !== false) {
-							$classes = substr($classes, 0, $tab);
-						}
-
-						$classes = explode('|', str_replace('[]', '', $classes));
-						foreach ($classes as $class)
-						{
-							$ok = $this->check($phpcsFile, $class, $class_name_full, $class_name_short, $tokens[$tag + 2]['line']) ? true : $ok;
-						}
-					}
-				}
-			}
-
 			// Check type hint
 			$params = $phpcsFile->getMethodParameters($function_declaration);
 			foreach ($params as $param)
@@ -234,4 +200,49 @@ class phpbb_Sniffs_Namespaces_UnusedUseSniff implements PHP_CodeSniffer_Sniff
 		return false;
 
 	}
+
+	/**
+	 * @param PHP_CodeSniffer_File $phpcsFile
+	 * @param int $field
+	 * @param array $tokens
+	 * @param string $class_name_full
+	 * @param string $class_name_short
+	 * @param bool $ok
+	 *
+	 * @return bool
+	 */
+	private function checkDocblock(PHP_CodeSniffer_File $phpcsFile, $comment_end, $tokens, $class_name_full, $class_name_short)
+	{
+		$ok = false;
+
+		$comment_start = $tokens[$comment_end]['comment_opener'];
+		foreach ($tokens[$comment_start]['comment_tags'] as $tag)
+		{
+			if (!in_array($tokens[$tag]['content'], array('@param', '@var', '@return', '@throws'), true))
+			{
+				continue;
+			}
+
+			$classes = $tokens[($tag + 2)]['content'];
+			$space = strpos($classes, ' ');
+			if ($space !== false)
+			{
+				$classes = substr($classes, 0, $space);
+			}
+
+			$tab = strpos($classes, "\t");
+			if ($tab !== false)
+			{
+				$classes = substr($classes, 0, $tab);
+			}
+
+			$classes = explode('|', str_replace('[]', '', $classes));
+			foreach ($classes as $class)
+			{
+				$ok = $this->check($phpcsFile, $class, $class_name_full, $class_name_short, $tokens[$tag + 2]['line']) ? true : $ok;
+			}
+		}
+
+		return $ok;
+	}
 }

build/sami-all.conf.php

@@ -25,6 +25,7 @@ $config['versions'] = Sami\Version\GitVersionCollection::create(__DIR__ . '/../'
 	*/
 	->add('3.0.x')
 	->add('3.1.x')
+	->add('3.2.x')
 	->add('master')
 ;
 

git-tools/setup_github_network.php

@@ -1,292 +0,0 @@
-#!/usr/bin/env php
-<?php
-/**
-*
-* This file is part of the phpBB Forum Software package.
-*
-* @copyright (c) phpBB Limited <https://www.phpbb.com>
-* @license GNU General Public License, version 2 (GPL-2.0)
-*
-* For full copyright and license information, please see
-* the docs/CREDITS.txt file.
-*
-*/
-
-function show_usage()
-{
-	$filename = basename(__FILE__);
-
-	echo "$filename adds repositories of a github network as remotes to a local git repository.\n";
-	echo "\n";
-
-	echo "Usage: [php] $filename -s collaborators|organisation|contributors|forks [OPTIONS]\n";
-	echo "\n";
-
-	echo "Scopes:\n";
-	echo "  collaborators                 Repositories of people who have push access to the specified repository\n";
-	echo "  contributors                  Repositories of people who have contributed to the specified repository\n";
-	echo "  organisation                  Repositories of members of the organisation at github\n";
-	echo "  forks                         All repositories of the whole github network\n";
-	echo "\n";
-
-	echo "Options:\n";
-	echo " -s scope                       See description above (mandatory)\n";
-	echo " -u github_username             Overwrites the github username (optional)\n";
-	echo " -r repository_name             Overwrites the repository name (optional)\n";
-	echo " -m your_github_username        Sets up ssh:// instead of git:// for pushable repositories (optional)\n";
-	echo " -d                             Outputs the commands instead of running them (optional)\n";
-	echo " -h                             This help text\n";
-
-	exit(1);
-}
-
-// Handle arguments
-$opts = getopt('s:u:r:m:dh');
-
-if (empty($opts) || isset($opts['h']))
-{
-	show_usage();
-}
-
-$scope			= get_arg($opts, 's', '');
-$username		= get_arg($opts, 'u', 'phpbb');
-$repository 	= get_arg($opts, 'r', 'phpbb3');
-$developer		= get_arg($opts, 'm', '');
-$dry_run		= !get_arg($opts, 'd', true);
-run(null, $dry_run);
-exit(work($scope, $username, $repository, $developer));
-
-function work($scope, $username, $repository, $developer)
-{
-	// Get some basic data
-	$forks		= get_forks($username, $repository);
-	$collaborators	= get_collaborators($username, $repository);
-
-	if ($forks === false || $collaborators === false)
-	{
-		echo "Error: failed to retrieve forks or collaborators\n";
-		return 1;
-	}
-
-	switch ($scope)
-	{
-		case 'collaborators':
-			$remotes = array_intersect_key($forks, $collaborators);
-		break;
-
-		case 'organisation':
-			$remotes = array_intersect_key($forks, get_organisation_members($username));
-		break;
-
-		case 'contributors':
-			$remotes = array_intersect_key($forks, get_contributors($username, $repository));
-		break;
-
-		case 'forks':
-			$remotes = $forks;
-		break;
-
-		default:
-			show_usage();
-	}
-
-	if (file_exists('.git'))
-	{
-		add_remote($username, $repository, isset($collaborators[$developer]));
-	}
-	else
-	{
-		clone_repository($username, $repository, isset($collaborators[$developer]));
-	}
-
-	// Add private security repository for developers
-	if ($username == 'phpbb' && $repository == 'phpbb3' && isset($collaborators[$developer]))
-	{
-		run("git remote add $username-security " . get_repository_url($username, "$repository-security", true));
-	}
-
-	// Skip blessed repository.
-	unset($remotes[$username]);
-
-	foreach ($remotes as $remote)
-	{
-		add_remote($remote['username'], $remote['repository'], $remote['username'] == $developer);
-	}
-
-	run('git remote update');
-}
-
-function clone_repository($username, $repository, $pushable = false)
-{
-	$url = get_repository_url($username, $repository, false);
-	run("git clone $url ./ --origin $username");
-
-	if ($pushable)
-	{
-		$ssh_url = get_repository_url($username, $repository, true);
-		run("git remote set-url --push $username $ssh_url");
-	}
-}
-
-function add_remote($username, $repository, $pushable = false)
-{
-	$url = get_repository_url($username, $repository, false);
-	run("git remote add $username $url");
-
-	if ($pushable)
-	{
-		$ssh_url = get_repository_url($username, $repository, true);
-		run("git remote set-url --push $username $ssh_url");
-	}
-}
-
-function get_repository_url($username, $repository, $ssh = false)
-{
-	$url_base = ($ssh) ? 'git@github.com:' : 'git://github.com/';
-
-	return $url_base . $username . '/' . $repository . '.git';
-}
-
-function api_request($query)
-{
-	return api_url_request("https://api.github.com/$query?per_page=100");
-}
-
-function api_url_request($url)
-{
-	$contents = file_get_contents($url, false, stream_context_create(array(
-		'http' => array(
-			'header' => "User-Agent: phpBB/1.0\r\n",
-		),
-	)));
-
-	$sub_request_result = array();
-	// Check headers for pagination links
-	if (!empty($http_response_header))
-	{
-		foreach ($http_response_header as $header_element)
-		{
-			// Find Link Header which gives us a link to the next page
-			if (strpos($header_element, 'Link: ') === 0)
-			{
-				list($head, $header_content) = explode(': ', $header_element);
-				foreach (explode(', ', $header_content) as $links)
-				{
-					list($url, $rel) = explode('; ', $links);
-					if ($rel == 'rel="next"')
-					{
-						// Found a next link, follow it and merge the results
-						$sub_request_result = api_url_request(substr($url, 1, -1));
-					}
-				}
-			}
-		}
-	}
-
-	if ($contents === false)
-	{
-		return false;
-	}
-	$contents = json_decode($contents);
-
-	if (isset($contents->message) && strpos($contents->message, 'API Rate Limit') === 0)
-	{
-		throw new RuntimeException('Reached github API Rate Limit. Please try again later' . "\n", 4);
-	}
-
-	return ($sub_request_result) ? array_merge($sub_request_result, $contents) : $contents;
-}
-
-function get_contributors($username, $repository)
-{
-	$request = api_request("repos/$username/$repository/stats/contributors");
-	if ($request === false)
-	{
-		return false;
-	}
-
-	$usernames = array();
-	foreach ($request as $contribution)
-	{
-		$usernames[$contribution->author->login] = $contribution->author->login;
-	}
-
-	return $usernames;
-}
-
-function get_organisation_members($username)
-{
-	$request = api_request("orgs/$username/public_members");
-	if ($request === false)
-	{
-		return false;
-	}
-
-	$usernames = array();
-	foreach ($request as $member)
-	{
-		$usernames[$member->login] = $member->login;
-	}
-
-	return $usernames;
-}
-
-function get_collaborators($username, $repository)
-{
-	$request = api_request("repos/$username/$repository/collaborators");
-	if ($request === false)
-	{
-		return false;
-	}
-
-	$usernames = array();
-	foreach ($request as $collaborator)
-	{
-		$usernames[$collaborator->login] = $collaborator->login;
-	}
-
-	return $usernames;
-}
-
-function get_forks($username, $repository)
-{
-	$request = api_request("repos/$username/$repository/forks");
-	if ($request === false)
-	{
-		return false;
-	}
-
-	$usernames = array();
-	foreach ($request as $fork)
-	{
-		$usernames[$fork->owner->login] = array(
-			'username'		=> $fork->owner->login,
-			'repository'	=> $fork->name,
-		);
-	}
-
-	return $usernames;
-}
-
-function get_arg($array, $index, $default)
-{
-	return isset($array[$index]) ? $array[$index] : $default;
-}
-
-function run($cmd, $dry = false)
-{
-	static $dry_run;
-
-	if (is_null($cmd))
-	{
-		$dry_run = $dry;
-	}
-	else if (!empty($dry_run))
-	{
-		echo "$cmd\n";
-	}
-	else
-	{
-		passthru(escapeshellcmd($cmd));
-	}
-}

phpBB/.htaccess

@@ -1,6 +1,16 @@
 <IfModule mod_rewrite.c>
 RewriteEngine on
 
+#
+# Uncomment the statement below if URL rewriting doesn't
+# work properly. If you installed phpBB in a subdirectory
+# of your site, properly set the argument for the statement.
+# e.g.: if your domain is test.com and you installed phpBB
+# in http://www.test.com/phpBB/index.php you have to set
+# the statement RewriteBase /phpBB/
+#
+#RewriteBase /
+
 #
 # Uncomment the statement below if you want to make use of
 # HTTP authentication and it does not already work.

phpBB/adm/style/acp_attachments.html

@@ -196,7 +196,7 @@
 		</dl>
 		<dl>
 			<dt><label for="extgroup_filesize">{L_MAX_EXTGROUP_FILESIZE}{L_COLON}</label></dt>
-			<dd><input type="number" id="extgroup_filesize" size="3" maxlength="15" name="max_filesize" value="{EXTGROUP_FILESIZE}" /> <select name="size_select">{S_EXT_GROUP_SIZE_OPTIONS}</select></dd>
+			<dd><input type="number" id="extgroup_filesize" min="0" max="999999999999999" step="any" name="max_filesize" value="{EXTGROUP_FILESIZE}" /> <select name="size_select">{S_EXT_GROUP_SIZE_OPTIONS}</select></dd>
 		</dl>
 		<dl>
 			<dt><label for="assigned_extensions">{L_ASSIGNED_EXTENSIONS}{L_COLON}</label></dt>
@@ -346,7 +346,7 @@
 			<td><a href="{orphan.U_FILE}">{orphan.REAL_FILENAME}</a></td>
 			<td>{orphan.FILETIME}</td>
 			<td>{orphan.FILESIZE}</td>
-			<td><strong>{L_ATTACH_ID}{L_COLON} </strong><input type="number" name="post_id[{orphan.ATTACH_ID}]" maxlength="10" value="{orphan.POST_ID}" style="width: 75%;" /></td>
+			<td><strong>{L_ATTACH_ID}{L_COLON} </strong><input type="number" min="0" max="9999999999" name="post_id[{orphan.ATTACH_ID}]" value="{orphan.POST_ID}" style="width: 75%;" /></td>
 			<td><input type="checkbox" class="radio" name="add[{orphan.ATTACH_ID}]" /></td>
 			<td><input type="checkbox" class="radio" name="delete[{orphan.ATTACH_ID}]" /></td>
 		</tr>

phpBB/adm/style/acp_avatar_options_gravatar.html

@@ -5,7 +5,7 @@
 <dl>
 	<dt><label for="avatar_gravatar_width">{L_GRAVATAR_AVATAR_SIZE}{L_COLON}</label><br /><span>{L_GRAVATAR_AVATAR_SIZE_EXPLAIN}</span></dt>
 	<dd>
-		<input type="number" name="avatar_gravatar_width" id="avatar_gravatar_width" size="3" value="{AVATAR_GRAVATAR_WIDTH}" class="inputbox autowidth" /> {L_PIXEL} &times;&nbsp; 
-		<input type="number" name="avatar_gravatar_height" id="avatar_gravatar_height" size="3" value="{AVATAR_GRAVATAR_HEIGHT}" class="inputbox autowidth" /> {L_PIXEL}
+		<input type="number" name="avatar_gravatar_width" id="avatar_gravatar_width" min="{AVATAR_MIN_WIDTH}" max="{AVATAR_MAX_WIDTH}" value="{AVATAR_GRAVATAR_WIDTH}" class="inputbox autowidth" /> {L_PIXEL} &times;&nbsp;
+		<input type="number" name="avatar_gravatar_height" id="avatar_gravatar_height" min="{AVATAR_MIN_HEIGHT}" max="{AVATAR_MAX_HEIGHT}" value="{AVATAR_GRAVATAR_HEIGHT}" class="inputbox autowidth" /> {L_PIXEL}
 	</dd>
 </dl>

phpBB/adm/style/acp_avatar_options_local.html

@@ -12,7 +12,7 @@
 	<!-- BEGIN avatar_local_col -->
 		<li>
 			<label for="av-{avatar_local_row.S_ROW_COUNT}-{avatar_local_row.avatar_local_col.S_ROW_COUNT}"><img src="{avatar_local_row.avatar_local_col.AVATAR_IMAGE}" alt="" /><br />
-			<input type="radio" name="avatar_local_file" id="av-{avatar_local_row.S_ROW_COUNT}-{avatar_local_row.avatar_local_col.S_ROW_COUNT}" value="{avatar_local_row.avatar_local_col.AVATAR_FILE}" /></label>
+			<input type="radio" name="avatar_local_file" id="av-{avatar_local_row.S_ROW_COUNT}-{avatar_local_row.avatar_local_col.S_ROW_COUNT}" value="{avatar_local_row.avatar_local_col.AVATAR_FILE}"<!-- IF avatar_local_row.avatar_local_col.CHECKED -->checked="checked"<!-- ENDIF --> /></label>
 		</li>
 	<!-- END avatar_local_col -->
 	<!-- END avatar_local_row -->

phpBB/adm/style/acp_avatar_options_remote.html

@@ -5,7 +5,7 @@
 <dl>
 	<dt><label for="avatar_remote_width">{L_LINK_REMOTE_SIZE}{L_COLON}</label><br /><span>{L_LINK_REMOTE_SIZE_EXPLAIN}</span></dt>
 	<dd>
-		<input type="number" name="avatar_remote_width" id="avatar_remote_width" size="3" value="{AVATAR_REMOTE_WIDTH}" class="inputbox autowidth" /> {L_PIXEL} &times;&nbsp; 
-		<input type="number" name="avatar_remote_height" id="avatar_remote_height" size="3" value="{AVATAR_REMOTE_HEIGHT}" class="inputbox autowidth" /> {L_PIXEL}
+		<input type="number" name="avatar_remote_width" id="avatar_remote_width" min="{AVATAR_MIN_WIDTH}" max="{AVATAR_MAX_WIDTH}" value="{AVATAR_REMOTE_WIDTH}" class="inputbox autowidth" /> {L_PIXEL} &times;&nbsp;
+		<input type="number" name="avatar_remote_height" id="avatar_remote_height" min="{AVATAR_MIN_HEIGHT}" max="{AVATAR_MAX_HEIGHT}" value="{AVATAR_REMOTE_HEIGHT}" class="inputbox autowidth" /> {L_PIXEL}
 	</dd>
 </dl>

phpBB/adm/style/acp_ban.html

@@ -52,7 +52,7 @@
 	<legend>{L_TITLE}</legend>
 <dl>
 	<dt><label for="ban">{L_BAN_CELL}{L_COLON}</label></dt>
-	<dd><textarea name="ban" cols="40" rows="3" id="ban"></textarea></dd>
+	<dd><!-- EVENT acp_ban_cell_prepend --><textarea name="ban" cols="40" rows="3" id="ban"></textarea><!-- EVENT acp_ban_cell_append --></dd>
 	<!-- IF S_USERNAME_BAN --><dd>[ <a href="{U_FIND_USERNAME}" onclick="find_username(this.href); return false;">{L_FIND_USERNAME}</a> ]</dd><!-- ENDIF -->
 </dl>
 <dl>

phpBB/adm/style/acp_captcha.html

@@ -8,6 +8,13 @@
 
 <p>{L_ACP_VC_EXT_GET_MORE}</p>
 
+<!-- IF ERROR_MSG -->
+<div class="errorbox">
+	<h3>{L_WARNING}</h3>
+	<p>{ERROR_MSG}</p>
+</div>
+<!-- ENDIF -->
+
 <form id="acp_captcha" method="post" action="{U_ACTION}">
 
 <fieldset>
@@ -20,11 +27,11 @@
 </dl>
 <dl>
 	<dt><label for="max_reg_attempts">{L_REG_LIMIT}{L_COLON}</label><br /><span>{L_REG_LIMIT_EXPLAIN}</span></dt>
-	<dd><input id="max_reg_attempts" type="number" size="4" maxlength="4" min="0" max="9999" name="max_reg_attempts" value="{REG_LIMIT}" /></dd>
+	<dd><input id="max_reg_attempts" type="number" min="0" max="9999" name="max_reg_attempts" value="{REG_LIMIT}" /></dd>
 </dl>
 <dl>
 	<dt><label for="max_login_attempts">{L_MAX_LOGIN_ATTEMPTS}{L_COLON}</label><br /><span>{L_MAX_LOGIN_ATTEMPTS_EXPLAIN}</span></dt>
-	<dd><input id="max_login_attempts" type="number" size="4" maxlength="4" min="0" max="9999" name="max_login_attempts" value="{MAX_LOGIN_ATTEMPTS}" /></dd>
+	<dd><input id="max_login_attempts" type="number" min="0" max="9999" name="max_login_attempts" value="{MAX_LOGIN_ATTEMPTS}" /></dd>
 </dl>
 <dl>
 	<dt><label for="enable_post_confirm">{L_VISUAL_CONFIRM_POST}{L_COLON}</label><br /><span>{L_VISUAL_CONFIRM_POST_EXPLAIN}</span></dt>

phpBB/adm/style/acp_database.html

@@ -14,7 +14,7 @@
 		<legend>{L_RESTORE_OPTIONS}</legend>
 	<dl>
 		<dt><label for="file">{L_SELECT_FILE}{L_COLON}</label></dt>
-		<dd><select id="file" name="file" size="10"><!-- BEGIN files --><option value="{files.FILE}"<!-- IF files.S_LAST_ROW --> selected="selected"<!-- ENDIF -->>{files.NAME}</option><!-- END files --></select></dd>
+		<dd><select id="file" name="file" size="10"><!-- BEGIN files --><option value="{files.FILE}"<!-- IF files.S_FIRST_ROW --> selected="selected"<!-- ENDIF -->>{files.NAME}</option><!-- END files --></select></dd>
 	</dl>
 
 	<p class="submit-buttons">

phpBB/adm/style/acp_email.html

@@ -19,12 +19,14 @@
 	<legend>{L_COMPOSE}</legend>
 <dl>
 	<dt><label for="group">{L_SEND_TO_GROUP}{L_COLON}</label></dt>
+	<!-- EVENT acp_email_group_options_prepend -->
 	<dd><select id="group" name="g">{S_GROUP_OPTIONS}</select></dd>
+	<!-- EVENT acp_email_group_options_append -->
 </dl>
 <dl>
 	<dt><label for="usernames">{L_SEND_TO_USERS}{L_COLON}</label><br /><span>{L_SEND_TO_USERS_EXPLAIN}</span></dt>
 	<dd><textarea name="usernames" id="usernames" rows="5" cols="40">{USERNAMES}</textarea></dd>
-	<dd>[ <a href="{U_FIND_USERNAME}" onclick="find_username(this.href); return false;">{L_FIND_USERNAME}</a> ]</dd>
+	<dd><!-- EVENT acp_email_find_username_prepend -->[ <a href="{U_FIND_USERNAME}" onclick="find_username(this.href); return false;">{L_FIND_USERNAME}</a> ]<!-- EVENT acp_email_find_username_append --></dd>
 </dl>
 <dl>
 	<dt><label for="subject">{L_SUBJECT}{L_COLON}</label></dt>

phpBB/adm/style/acp_ext_details.html

@@ -21,6 +21,7 @@
 		<p>{VERSIONCHECK_FAIL_REASON}</p>
 	</div>
 	<!-- ENDIF -->
+<!-- EVENT acp_ext_details_notice -->
 
 	<fieldset>
 		<legend>{L_EXT_DETAILS}</legend>
@@ -136,4 +137,5 @@
 		<!-- END meta_authors -->
 	</fieldset>
 
+	<!-- EVENT acp_ext_details_end -->
 <!-- INCLUDE overall_footer.html -->

phpBB/adm/style/acp_ext_list.html

@@ -44,11 +44,11 @@
 	<tbody>
 		<!-- IF .enabled -->
 		<tr>
-			<td class="row3" colspan="4"><strong>{L_EXTENSIONS_ENABLED}</strong></td>
+			<td class="row3" colspan="4"><strong>{L_EXTENSIONS_ENABLED}</strong><!-- EVENT acp_ext_list_enabled_title_after --></td>
 		</tr>
 		<!-- BEGIN enabled -->
-		<tr class="ext_enabled">
-			<td><strong>{enabled.META_DISPLAY_NAME}</strong></td>
+		<tr class="ext_enabled row-highlight">
+			<td><strong title="{enabled.NAME}">{enabled.META_DISPLAY_NAME}</strong><!-- EVENT acp_ext_list_enabled_name_after --></td>
 			<td style="text-align: center;">
 				<!-- IF enabled.S_VERSIONCHECK -->
 				<strong <!-- IF enabled.S_UP_TO_DATE -->style="color: #228822;"<!-- ELSE -->style="color: #BC2A4D;"<!-- ENDIF -->>{enabled.META_VERSION}</strong>
@@ -69,11 +69,11 @@
 
 		<!-- IF .disabled -->
 		<tr>
-			<td class="row3" colspan="4"><strong>{L_EXTENSIONS_DISABLED}</strong></td>
+			<td class="row3" colspan="4"><strong>{L_EXTENSIONS_DISABLED}</strong><!-- EVENT acp_ext_list_disabled_title_after --></td>
 		</tr>
 		<!-- BEGIN disabled -->
-		<tr class="ext_disabled">
-			<td><strong>{disabled.META_DISPLAY_NAME}</strong></td>
+		<tr class="ext_disabled row-highlight">
+			<td><strong title="{disabled.NAME}">{disabled.META_DISPLAY_NAME}</strong><!-- EVENT acp_ext_list_disabled_name_after --></td>
 			<td style="text-align: center;">
 				<!-- IF disabled.S_VERSIONCHECK -->
 				<strong <!-- IF disabled.S_UP_TO_DATE -->style="color: #228822;"<!-- ELSE -->style="color: #BC2A4D;"<!-- ENDIF -->>{disabled.META_VERSION}</strong>

phpBB/adm/style/acp_forums.html

@@ -242,7 +242,7 @@
 		</dl>
 		<dl>
 			<dt><label for="topics_per_page">{L_FORUM_TOPICS_PAGE}{L_COLON}</label><br /><span>{L_FORUM_TOPICS_PAGE_EXPLAIN}</span></dt>
-			<dd><input type="number" id="topics_per_page" name="topics_per_page" value="{TOPICS_PER_PAGE}" size="4" maxlength="4" min="0" max="9999" /></dd>
+			<dd><input type="number" id="topics_per_page" name="topics_per_page" value="{TOPICS_PER_PAGE}" min="0" max="9999" /></dd>
 		</dl>
 		<!-- EVENT acp_forums_normal_settings_append -->
 		</fieldset>
@@ -257,15 +257,15 @@
 		</dl>
 		<dl>
 			<dt><label for="prune_freq">{L_AUTO_PRUNE_FREQ}{L_COLON}</label><br /><span>{L_AUTO_PRUNE_FREQ_EXPLAIN}</span></dt>
-			<dd><input type="number" id="prune_freq" name="prune_freq" value="{PRUNE_FREQ}" maxlength="4" size="4" min="0" max="9999" /> {L_DAYS}</dd>
+			<dd><input type="number" id="prune_freq" name="prune_freq" value="{PRUNE_FREQ}" min="0" max="9999" /> {L_DAYS}</dd>
 		</dl>
 		<dl>
 			<dt><label for="prune_days">{L_AUTO_PRUNE_DAYS}{L_COLON}</label><br /><span>{L_AUTO_PRUNE_DAYS_EXPLAIN}</span></dt>
-			<dd><input type="number" id="prune_days" name="prune_days" value="{PRUNE_DAYS}" maxlength="4" size="4" min="0" max="9999" /> {L_DAYS}</dd>
+			<dd><input type="number" id="prune_days" name="prune_days" value="{PRUNE_DAYS}" min="0" max="9999" /> {L_DAYS}</dd>
 		</dl>
 		<dl>
 			<dt><label for="prune_viewed">{L_AUTO_PRUNE_VIEWED}{L_COLON}</label><br /><span>{L_AUTO_PRUNE_VIEWED_EXPLAIN}</span></dt>
-			<dd><input type="number" id="prune_viewed" name="prune_viewed" value="{PRUNE_VIEWED}" maxlength="4" size="4" min="0" max="9999" /> {L_DAYS}</dd>
+			<dd><input type="number" id="prune_viewed" name="prune_viewed" value="{PRUNE_VIEWED}" min="0" max="9999" /> {L_DAYS}</dd>
 		</dl>
 		<dl>
 			<dt><label for="prune_old_polls">{L_PRUNE_OLD_POLLS}{L_COLON}</label><br /><span>{L_PRUNE_OLD_POLLS_EXPLAIN}</span></dt>
@@ -289,11 +289,11 @@
 		</dl>
 		<dl>
 			<dt><label for="prune_shadow_freq">{L_AUTO_PRUNE_SHADOW_FREQ}{L_COLON}</label><br /><span>{L_AUTO_PRUNE_SHADOW_FREQ_EXPLAIN}</span></dt>
-			<dd><input type="number" id="prune_shadow_freq" name="prune_shadow_freq" value="{PRUNE_SHADOW_FREQ}" maxlength="4" size="4" min="0" max="9999" /> {L_DAYS}</dd>
+			<dd><input type="number" id="prune_shadow_freq" name="prune_shadow_freq" value="{PRUNE_SHADOW_FREQ}" min="0" max="9999" /> {L_DAYS}</dd>
 		</dl>
 		<dl>
 			<dt><label for="prune_shadow_days">{L_AUTO_PRUNE_SHADOW_DAYS}{L_COLON}</label><br /><span>{L_AUTO_PRUNE_SHADOW_DAYS_EXPLAIN}</span></dt>
-			<dd><input type="number" id="prune_shadow_days" name="prune_shadow_days" value="{PRUNE_SHADOW_DAYS}" maxlength="4" size="4" min="0" max="9999" /> {L_DAYS}</dd>
+			<dd><input type="number" id="prune_shadow_days" name="prune_shadow_days" value="{PRUNE_SHADOW_DAYS}" min="0" max="9999" /> {L_DAYS}</dd>
 		</dl>
 		<!-- EVENT acp_forums_prune_settings_append -->
 		</fieldset>
@@ -498,7 +498,7 @@
 	<fieldset class="quick">
 		{L_SELECT_FORUM}{L_COLON} <select name="parent_id" onchange="if(this.options[this.selectedIndex].value != -1){ this.form.submit(); }">{FORUM_BOX}</select>
 
-		<input class="button2" type="submit" value="{L_GO}" />
+		<!-- EVENT acp_forums_quick_select_button_prepend --><input class="button2" type="submit" value="{L_GO}" /><!-- EVENT acp_forums_quick_select_button_append -->
 		{S_FORM_TOKEN}
 	</fieldset>
 	</form>

phpBB/adm/style/acp_groups.html

@@ -86,11 +86,11 @@
 		<legend>{L_GROUP_SETTINGS_SAVE}</legend>
 	<dl>
 		<dt><label for="group_message_limit">{L_GROUP_MESSAGE_LIMIT}{L_COLON}</label><br /><span>{L_GROUP_MESSAGE_LIMIT_EXPLAIN}</span></dt>
-		<dd><input name="group_message_limit" type="number" id="group_message_limit" maxlength="4" size="4" min="0" max="9999" value="{GROUP_MESSAGE_LIMIT}" /></dd>
+		<dd><input name="group_message_limit" type="number" id="group_message_limit" min="0" max="9999" value="{GROUP_MESSAGE_LIMIT}" /></dd>
 	</dl>
 	<dl>
 		<dt><label for="group_max_recipients">{L_GROUP_MAX_RECIPIENTS}{L_COLON}</label><br /><span>{L_GROUP_MAX_RECIPIENTS_EXPLAIN}</span></dt>
-		<dd><input name="group_max_recipients" type="number" id="group_max_recipients" maxlength="10" size="4" value="{GROUP_MAX_RECIPIENTS}" /></dd>
+		<dd><input name="group_max_recipients" type="number" id="group_max_recipients" min="0" max="9999" value="{GROUP_MAX_RECIPIENTS}" /></dd>
 	</dl>
 	<dl>
 		<dt><label for="group_colour">{L_GROUP_COLOR}{L_COLON}</label><br /><span>{L_GROUP_COLOR_EXPLAIN}</span></dt>
@@ -236,7 +236,7 @@
 	<dl>
 		<dt><label for="usernames">{L_USERNAME}{L_COLON}</label><br /><span>{L_USERNAMES_EXPLAIN}</span></dt>
 		<dd><textarea id="usernames" name="usernames" cols="40" rows="5"></textarea></dd>
-		<dd>[ <a href="{U_FIND_USERNAME}" onclick="find_username(this.href); return false;">{L_FIND_USERNAME}</a> ]</dd>
+		<dd><!-- EVENT acp_groups_find_username_prepend -->[ <a href="{U_FIND_USERNAME}" onclick="find_username(this.href); return false;">{L_FIND_USERNAME}</a> ]<!-- EVENT acp_groups_find_username_append --></dd>
 	</dl>
 
 	<p class="quick">
@@ -265,6 +265,7 @@
 
 	<form id="acp_groups" method="post" action="{U_ACTION}">
 
+	<!-- EVENT acp_groups_manage_before -->
 	<table class="table1">
 		<col class="col1" /><col class="col1" /><col class="col2" /><col class="col2" /><col class="col2" />
 	<thead>
@@ -285,6 +286,7 @@
 		<!-- ENDIF -->
 	</tbody>
 	</table>
+	<!-- EVENT acp_groups_manage_after -->
 
 	<fieldset class="quick">
 		<!-- IF S_GROUP_ADD -->

phpBB/adm/style/acp_groups_position.html

@@ -65,8 +65,10 @@
 					<option<!-- IF add_legend.GROUP_SPECIAL --> class="sep"<!-- ENDIF --> value="{add_legend.GROUP_ID}">{add_legend.GROUP_NAME}</option>
 				<!-- END add_legend -->
 			</select>
+			<!-- EVENT acp_groups_position_legend_add_button_before -->
 			<input class="button2" type="submit" name="submit" value="{L_ADD}" />
 			<input type="hidden" name="action" value="add" />
+			<!-- EVENT acp_groups_position_legend_add_button_after -->
 			{S_FORM_TOKEN}
 		</fieldset>
 	</form>
@@ -162,8 +164,10 @@
 					<option<!-- IF add_teampage.GROUP_SPECIAL --> class="sep"<!-- ENDIF --> value="{add_teampage.GROUP_ID}">{add_teampage.GROUP_NAME}</option>
 				<!-- END add_teampage -->
 			</select>
+			<!-- EVENT acp_groups_position_teampage_add_button_before -->
 			<input class="button2" type="submit" name="submit" value="{L_ADD}" />
 			<input type="hidden" name="action" value="add" />
+			<!-- EVENT acp_groups_position_teampage_add_button_after -->
 			{S_FORM_TOKEN}
 		</fieldset>
 	</form>

phpBB/adm/style/acp_icons.html

@@ -108,8 +108,8 @@
 			<td><input class="text post" type="text" name="code[{items.IMG}]" value="{items.CODE}" size="10" maxlength="50" /></td>
 			<td><input class="text post" type="text" name="emotion[{items.IMG}]" value="{items.EMOTION}" size="10" maxlength="50" /></td>
 		<!-- ENDIF -->
-		<td><input class="text post" type="number" size="3" name="width[{items.IMG}]" value="{items.WIDTH}" /></td>
-		<td><input class="text post" type="number" size="3" name="height[{items.IMG}]" value="{items.HEIGHT}" /></td>
+		<td><input class="text post" type="number" min="0" max="999" name="width[{items.IMG}]" value="{items.WIDTH}" /></td>
+		<td><input class="text post" type="number" min="0" max="999" name="height[{items.IMG}]" value="{items.HEIGHT}" /></td>
 		<td>
 			<input type="checkbox" class="radio" name="display_on_posting[{items.IMG}]"{items.POSTING_CHECKED} onclick="toggle_select('{items.A_IMG}', this.checked, '{items.S_ROW_COUNT}');"/>
 			<!-- IF items.S_ID -->
@@ -136,8 +136,8 @@
 		<td style="vertical-align: top;"><img src="{IMG_SRC}" id="add_image_src" alt="" title="" /></td>
 		<td><input class="text post" type="text" name="add_code" id="add_code" value="{CODE}" size="10" maxlength="50" /></td>
 		<td><input class="text post" type="text" name="add_emotion" id="add_emotion" value="{EMOTION}" size="10" maxlength="50" /></td>
-		<td><input class="text post" type="number" size="3" name="add_width" id="add_width" value="{WIDTH}" /></td>
-		<td><input class="text post" type="number" size="3" name="add_height" id="add_height" value="{HEIGHT}" /></td>
+		<td><input class="text post" type="number" min="0" max="999" name="add_width" id="add_width" value="{WIDTH}" /></td>
+		<td><input class="text post" type="number" min="0" max="999" name="add_height" id="add_height" value="{HEIGHT}" /></td>
 		<td><input type="checkbox" class="radio" name="add_display_on_posting" checked="checked" onclick="toggle_select('add', this.checked, 'add_order');"/></td>
  		<td><select id="order_add_order" name="add_order">
 				<optgroup id="order_disp_add_order" label="{L_DISPLAY_POSTING}">{S_ADD_ORDER_LIST_DISPLAY}</optgroup>

phpBB/adm/style/acp_inactive.html

@@ -18,6 +18,7 @@
 <thead>
 <tr>
 	<th>{L_USERNAME}</th>
+	<th>{L_EMAIL}</th>
 	<th>{L_JOINED}</th>
 	<th>{L_INACTIVE_DATE}</th>
 	<th>{L_LAST_VISIT}</th>
@@ -32,6 +33,7 @@
 			{inactive.USERNAME_FULL}
 			<!-- IF inactive.POSTS --><br />{L_POSTS}{L_COLON} <strong>{inactive.POSTS}</strong> [<a href="{inactive.U_SEARCH_USER}">{L_SEARCH_USER_POSTS}</a>]<!-- ENDIF -->
 		</td>
+		<td style="vertical-align: top;">{inactive.USER_EMAIL}</td>
 		<td style="vertical-align: top;">{inactive.JOINED}</td>
 		<td style="vertical-align: top;">{inactive.INACTIVE_DATE}</td>
 		<td style="vertical-align: top;">{inactive.LAST_VISIT}</td>
@@ -50,7 +52,7 @@
 </table>
 
 <fieldset class="display-options">
-	{L_DISPLAY_LOG}{L_COLON} &nbsp;{S_LIMIT_DAYS}&nbsp;{L_SORT_BY}{L_COLON} {S_SORT_KEY} {S_SORT_DIR}<!-- IF .pagination -->&nbsp;{L_USERS_PER_PAGE}{L_COLON} <input class="inputbox autowidth" type="number" name="users_per_page" id="users_per_page" size="3" value="{USERS_PER_PAGE}" /><!-- ENDIF -->
+	{L_DISPLAY_LOG}{L_COLON} &nbsp;{S_LIMIT_DAYS}&nbsp;{L_SORT_BY}{L_COLON} {S_SORT_KEY} {S_SORT_DIR}<!-- IF .pagination -->&nbsp;{L_USERS_PER_PAGE}{L_COLON} <input class="inputbox autowidth" type="number" name="users_per_page" id="users_per_page" min="0" max="999" value="{USERS_PER_PAGE}" /><!-- ENDIF -->
 	<input class="button2" type="submit" value="{L_GO}" name="sort" />
 </fieldset>
 

phpBB/adm/style/acp_jabber.html

@@ -31,7 +31,7 @@
 </dl>
 <dl>
 	<dt><label for="jab_port">{L_JAB_PORT}{L_COLON}</label><br /><span>{L_JAB_PORT_EXPLAIN}</span></dt>
-	<dd><input type="number" id="jab_port" name="jab_port" value="{JAB_PORT}" maxlength="5" size="5" /></dd>
+	<dd><input type="number" id="jab_port" name="jab_port" value="{JAB_PORT}" min="0" max="99999" /></dd>
 </dl>
 <dl>
 	<dt><label for="jab_username">{L_JAB_USERNAME}{L_COLON}</label><br /><span>{L_JAB_USERNAME_EXPLAIN}</span></dt>
@@ -47,10 +47,25 @@
 	<dd><label><input type="radio" class="radio" id="jab_use_ssl" name="jab_use_ssl" value="1"<!-- IF JAB_USE_SSL --> checked="checked"<!-- ENDIF --> /> {L_YES}</label>
 		<label><input type="radio" class="radio" name="jab_use_ssl" value="0"<!-- IF not JAB_USE_SSL --> checked="checked"<!-- ENDIF --> /> {L_NO}</label></dd>
 </dl>
+<dl>
+	<dt><label for="jab_verify_peer">{L_JAB_VERIFY_PEER}{L_COLON}</label><br /><span>{L_JAB_VERIFY_PEER_EXPLAIN}</span></dt>
+	<dd><label><input type="radio" class="radio" id="jab_verify_peer" name="jab_verify_peer" value="1"<!-- IF JAB_VERIFY_PEER --> checked="checked"<!-- ENDIF --> /> {L_YES}</label>
+		<label><input type="radio" class="radio" name="jab_verify_peer" value="0"<!-- IF not JAB_VERIFY_PEER --> checked="checked"<!-- ENDIF --> /> {L_NO}</label></dd>
+</dl>
+<dl>
+	<dt><label for="jab_verify_peer_name">{L_JAB_VERIFY_PEER_NAME}{L_COLON}</label><br /><span>{L_JAB_VERIFY_PEER_NAME_EXPLAIN}</span></dt>
+	<dd><label><input type="radio" class="radio" id="jab_verify_peer_name" name="jab_verify_peer_name" value="1"<!-- IF JAB_VERIFY_PEER_NAME --> checked="checked"<!-- ENDIF --> /> {L_YES}</label>
+		<label><input type="radio" class="radio" name="jab_verify_peer_name" value="0"<!-- IF not JAB_VERIFY_PEER_NAME --> checked="checked"<!-- ENDIF --> /> {L_NO}</label></dd>
+</dl>
+<dl>
+	<dt><label for="jab_allow_self_signed">{L_JAB_ALLOW_SELF_SIGNED}{L_COLON}</label><br /><span>{L_JAB_ALLOW_SELF_SIGNED_EXPLAIN}</span></dt>
+	<dd><label><input type="radio" class="radio" id="jab_allow_self_signed" name="jab_allow_self_signed" value="1"<!-- IF JAB_ALLOW_SELF_SIGNED --> checked="checked"<!-- ENDIF --> /> {L_YES}</label>
+		<label><input type="radio" class="radio" name="jab_allow_self_signed" value="0"<!-- IF not JAB_ALLOW_SELF_SIGNED --> checked="checked"<!-- ENDIF --> /> {L_NO}</label></dd>
+</dl>
 <!-- ENDIF -->
 <dl>
 	<dt><label for="jab_package_size">{L_JAB_PACKAGE_SIZE}{L_COLON}</label><br /><span>{L_JAB_PACKAGE_SIZE_EXPLAIN}</span></dt>
-	<dd><input type="number" id="jab_package_size" name="jab_package_size" value="{JAB_PACKAGE_SIZE}" maxlength="5" size="5" min="0" max="99999" /></dd>
+	<dd><input type="number" id="jab_package_size" name="jab_package_size" value="{JAB_PACKAGE_SIZE}" min="0" max="99999" /></dd>
 </dl>
 
 </fieldset>

phpBB/adm/style/acp_logs.html

@@ -73,7 +73,7 @@
 <!-- IF S_SHOW_FORUMS -->
 	<fieldset class="quick">
 		{L_SELECT_FORUM}{L_COLON} <select name="f" onchange="if(this.options[this.selectedIndex].value != -1){ this.form.submit(); }">{S_FORUM_BOX}</select>
-		<input class="button2" type="submit" value="{L_GO}" />
+		<!-- EVENT acp_logs_quick_select_forum_button_prepend --><input class="button2" type="submit" value="{L_GO}" /><!-- EVENT acp_logs_quick_select_forum_button_append -->
 	</fieldset>
 <!-- ENDIF -->
 

phpBB/adm/style/acp_main.html

@@ -14,7 +14,11 @@
 
 	<p>{L_ADMIN_INTRO}</p>
 
-	<!-- IF S_VERSIONCHECK_FAIL -->
+	<!-- IF S_UPDATE_INCOMPLETE -->
+		<div class="errorbox">
+			<p>{L_UPDATE_INCOMPLETE} <a href="{U_VERSIONCHECK}">{L_MORE_INFORMATION}</a></p>
+		</div>
+	<!-- ELSEIF S_VERSIONCHECK_FAIL -->
 		<div class="errorbox notice">
 			<p>{L_VERSIONCHECK_FAIL}</p>
 			<p>{VERSIONCHECK_FAIL_REASON}</p>
@@ -26,6 +30,11 @@
 			<p><a href="{U_VERSIONCHECK_FORCE}">{L_VERSIONCHECK_FORCE_UPDATE}</a> &middot; <a href="{U_VERSIONCHECK}">{L_MORE_INFORMATION}</a></p>
 		</div>
 	<!-- ENDIF -->
+	<!-- IF S_VERSION_UPGRADEABLE -->
+		<div class="errorbox notice">
+			<p>{UPGRADE_INSTRUCTIONS}</p>
+		</div>
+	<!-- ENDIF -->
 
 	<!-- IF S_SEARCH_INDEX_MISSING -->
 		<div class="errorbox">
@@ -141,19 +150,24 @@
 		<td>{L_GZIP_COMPRESSION}{L_COLON} </td>
 		<td><strong>{GZIP_COMPRESSION}</strong></td>
 	</tr>
+	<!-- IF S_TOTAL_ORPHAN or S_VERSIONCHECK -->
 	<tr>
+	<!-- IF S_VERSIONCHECK -->
 		<td>{L_BOARD_VERSION}{L_COLON} </td>
 		<td>
-			<strong><a href="{U_VERSIONCHECK}" <!-- IF S_VERSION_UP_TO_DATE -->style="color: #228822;"<!-- ELSE -->style="color: #BC2A4D;"<!-- ENDIF --> title="{L_MORE_INFORMATION}">{BOARD_VERSION}</a></strong> [&nbsp;<a href="{U_VERSIONCHECK_FORCE}">{L_VERSIONCHECK_FORCE_UPDATE}</a>&nbsp;]
+			<strong><a href="{U_VERSIONCHECK}" <!-- IF S_VERSION_UP_TO_DATE -->style="color: #228822;" <!-- ELSEIF not S_VERSIONCHECK_FAIL -->style="color: #BC2A4D;" <!-- ENDIF -->title="{L_MORE_INFORMATION}">{BOARD_VERSION}</a></strong> [&nbsp;<a href="{U_VERSIONCHECK_FORCE}">{L_VERSIONCHECK_FORCE_UPDATE}</a>&nbsp;]
 		</td>
+	<!-- ENDIF -->
 	<!-- IF S_TOTAL_ORPHAN -->
 		<td>{L_NUMBER_ORPHAN}{L_COLON} </td>
 		<td><strong>{TOTAL_ORPHAN}</strong></td>
-	<!-- ELSE -->
+	<!-- ENDIF -->
+	<!-- IF not S_TOTAL_ORPHAN or not S_VERSIONCHECK -->
 		<td>&nbsp;</td>
 		<td>&nbsp;</td>
 	<!-- ENDIF -->
 	</tr>
+	<!-- ENDIF -->
 	</tbody>
 	</table>
 

phpBB/adm/style/acp_permissions.html

@@ -30,7 +30,7 @@
 			<legend>{L_LOOK_UP_FORUM}</legend>
 			<!-- IF S_FORUM_MULTIPLE --><p>{L_LOOK_UP_FORUMS_EXPLAIN}</p><!-- ENDIF -->
 		<dl>
-			<dt><label for="forum">{L_LOOK_UP_FORUM}{L_COLON}</label></dt>
+			<dt><!-- EVENT acp_permissions_select_multiple_forum_prepend --><label for="forum">{L_LOOK_UP_FORUM}{L_COLON}</label><!-- EVENT acp_permissions_select_multiple_forum_append --></dt>
 			<dd><select id="forum" name="forum_id[]"<!-- IF S_FORUM_MULTIPLE --> multiple="multiple"<!-- ENDIF --> size="10">{S_FORUM_OPTIONS}</select></dd>
 			<!-- IF S_FORUM_ALL --><dd><label><input type="checkbox" class="radio" name="all_forums" value="1" /> {L_ALL_FORUMS}</label></dd><!-- ENDIF -->
 		</dl>
@@ -52,7 +52,7 @@
 				<legend>{L_LOOK_UP_FORUM}</legend>
 				<p>{L_SELECT_FORUM_SUBFORUM_EXPLAIN}</p>
 			<dl>
-				<dt><label for="sforum">{L_LOOK_UP_FORUM}{L_COLON}</label></dt>
+				<dt><!-- EVENT acp_permissions_select_forum_prepend --><label for="sforum">{L_LOOK_UP_FORUM}{L_COLON}</label><!-- EVENT acp_permissions_select_forum_append --></dt>
 				<dd><select id="sforum" name="subforum_id">{S_SUBFORUM_OPTIONS}</select></dd>
 			</dl>
 
@@ -95,7 +95,7 @@
 		<fieldset>
 			<legend>{L_LOOK_UP_GROUP}</legend>
 		<dl>
-			<dt><label for="group">{L_LOOK_UP_GROUP}{L_COLON}</label></dt>
+			<dt><!-- EVENT acp_permissions_select_group_prepend --><label for="group">{L_LOOK_UP_GROUP}{L_COLON}</label><!-- EVENT acp_permissions_select_group_append --></dt>
 			<dd><select name="group_id[]" id="group">{S_GROUP_OPTIONS}</select></dd>
 		</dl>
 
@@ -140,7 +140,7 @@
 				<p>{L_USERNAMES_EXPLAIN}</p>
 			<dl>
 				<dd class="full"><textarea id="username" name="usernames" rows="5" cols="5" style="width: 100%; height: 60px;"></textarea></dd>
-				<dd class="full" style="text-align: left;"><div style="float: {S_CONTENT_FLOW_END};">[ <a href="{U_FIND_USERNAME}" onclick="find_username(this.href); return false;">{L_FIND_USERNAME}</a> ]</div><label><input type="checkbox" class="radio" id="anonymous" name="user_id[]" value="{ANONYMOUS_USER_ID}" /> {L_SELECT_ANONYMOUS}</label></dd>
+				<dd class="full" style="text-align: left;"><!-- EVENT acp_permissions_find_username_prepend --><div style="float: {S_CONTENT_FLOW_END};">[ <a href="{U_FIND_USERNAME}" onclick="find_username(this.href); return false;">{L_FIND_USERNAME}</a> ]</div><!-- EVENT acp_permissions_find_username_append --><label><input type="checkbox" class="radio" id="anonymous" name="user_id[]" value="{ANONYMOUS_USER_ID}" /> {L_SELECT_ANONYMOUS}</label></dd>
 			</dl>
 			</fieldset>
 
@@ -183,7 +183,7 @@
 			<fieldset>
 				<legend>{L_ADD_GROUPS}</legend>
 			<dl>
-				<dd class="full"><select name="group_id[]" style="width: 100%; height: 107px;" multiple="multiple">{S_ADD_GROUP_OPTIONS}</select></dd>
+				<dd class="full"><!-- EVENT acp_permissions_add_group_options_prepend --><select name="group_id[]" style="width: 100%; height: 107px;" multiple="multiple">{S_ADD_GROUP_OPTIONS}</select><!-- EVENT acp_permissions_add_group_options_append --></dd>
 			</dl>
 			</fieldset>
 
@@ -267,7 +267,9 @@
 				<legend>{L_LOOK_UP_GROUP}</legend>
 			<dl>
 				<dt><label for="group_select">{L_LOOK_UP_GROUP}{L_COLON}</label></dt>
+				<!-- EVENT acp_permissions_select_group_before -->
 				<dd><select name="group_id[]" id="group_select">{S_ADD_GROUP_OPTIONS}</select></dd>
+				<!-- EVENT acp_permissions_select_group_after -->
 				<dd>&nbsp;</dd>
 			</dl>
 			</fieldset>

phpBB/adm/style/acp_posting_buttons.html

@@ -63,6 +63,7 @@
 		<!-- ENDIF -->
 		<!-- ENDIF -->
 	</select>
+	<!-- EVENT acp_posting_buttons_custom_tags_before -->
 	<!-- BEGIN custom_tags -->
 	<input type="button" class="button2" name="addbbcode{custom_tags.BBCODE_ID}" value="{custom_tags.BBCODE_TAG}" onclick="bbstyle({custom_tags.BBCODE_ID})" title="{custom_tags.BBCODE_HELPLINE}" />
 	<!-- END custom_tags -->

phpBB/adm/style/acp_profile.html

@@ -17,7 +17,7 @@
 		</div>
 	<!-- ENDIF -->
 
-	<form id="add_profile_field" method="post" action="{U_ACTION}">
+	<form id="add_profile_field" method="post" action="{U_ACTION}"{S_FORM_ENCTYPE}>
 
 	<!-- IF S_STEP_ONE -->
 
@@ -85,6 +85,7 @@
 			<dd><input type="checkbox" class="radio" id="field_is_contact" name="field_is_contact" value="1"<!-- IF S_FIELD_CONTACT --> checked="checked"<!-- ENDIF --> /></dd>
 			<dd><input class="text medium" type="text" name="field_contact_desc" id="field_contact_desc" value="{FIELD_CONTACT_DESC}" /> <label for="field_contact_desc">{L_FIELD_CONTACT_DESC}</label></dd>
 			<dd><input class="text medium" type="text" name="field_contact_url" id="field_contact_url" value="{FIELD_CONTACT_URL}" /> <label for="field_contact_url">{L_FIELD_CONTACT_URL}</label></dd>
+			<!-- EVENT acp_profile_contact_last -->
 		</dl>
 		</fieldset>
 
@@ -127,6 +128,7 @@
 			<!-- ENDIF -->
 			</dl>
 		<!-- ENDIF -->
+		<!-- EVENT acp_profile_step_one_lang_after -->
 		</fieldset>
 
 		<fieldset class="quick">

phpBB/adm/style/acp_prune_forums.html

@@ -43,7 +43,7 @@
 		<legend>{L_SELECT_FORUM}</legend>
 		<p>{L_LOOK_UP_FORUMS_EXPLAIN}</p>
 	<dl>
-		<dt><label for="forum">{L_LOOK_UP_FORUM}{L_COLON}</label></dt>
+		<dt><!-- EVENT acp_prune_forums_prepend --><label for="forum">{L_LOOK_UP_FORUM}{L_COLON}</label><!-- EVENT acp_prune_forums_append --></dt>
 		<dd><select id="forum" name="f[]" multiple="multiple" size="10">{S_FORUM_OPTIONS}</select></dd>
 		<dd><label><input type="checkbox" class="radio" name="all_forums" value="1" /> {L_ALL_FORUMS}</label></dd>
 	</dl>

phpBB/adm/style/acp_prune_users.html

@@ -50,7 +50,7 @@
 <dl>
 	<dt><label for="users">{L_ACP_PRUNE_USERS}{L_COLON}</label><br /><span>{L_SELECT_USERS_EXPLAIN}</span></dt>
 	<dd><textarea id="users" name="users" cols="40" rows="5"></textarea></dd>
-	<dd>[ <a href="{U_FIND_USERNAME}" onclick="find_username(this.href); return false;">{L_FIND_USERNAME}</a> ]</dd>
+	<dd><!-- EVENT acp_prune_users_find_username_prepend -->[ <a href="{U_FIND_USERNAME}" onclick="find_username(this.href); return false;">{L_FIND_USERNAME}</a> ]<!-- EVENT acp_prune_users_find_username_append --></dd>
 </dl>
 </fieldset>
 

phpBB/adm/style/acp_ranks.html

@@ -44,7 +44,7 @@
 	<div id="posts"<!-- IF S_SPECIAL_RANK --> style="display: none;"<!-- ENDIF -->>
 	<dl>
 		<dt><label for="min_posts">{L_RANK_MINIMUM}{L_COLON}</label></dt>
-		<dd><input name="min_posts" type="number" id="min_posts" maxlength="10" value="{MIN_POSTS}" /></dd>
+		<dd><input name="min_posts" type="number" id="min_posts" min="0" max="9999999999" value="{MIN_POSTS}" /></dd>
 	</dl>
 	</div>
 

phpBB/adm/style/acp_search.html

@@ -18,11 +18,11 @@
 	</dl>
 	<dl>
 		<dt><label for="search_interval">{L_SEARCH_INTERVAL}{L_COLON}</label><br /><span>{L_SEARCH_INTERVAL_EXPLAIN}</span></dt>
-		<dd><input id="search_interval" type="number" size="4" maxlength="4" min="0" max="9999" name="config[search_interval]" value="{SEARCH_INTERVAL}" /> {L_SECONDS}</dd>
+		<dd><input id="search_interval" type="number" min="0" max="9999" name="config[search_interval]" value="{SEARCH_INTERVAL}" /> {L_SECONDS}</dd>
 	</dl>
 	<dl>
 		<dt><label for="search_anonymous_interval">{L_SEARCH_GUEST_INTERVAL}{L_COLON}</label><br /><span>{L_SEARCH_GUEST_INTERVAL_EXPLAIN}</span></dt>
-		<dd><input id="search_anonymous_interval" type="number" size="4" maxlength="4" min="0" max="9999" name="config[search_anonymous_interval]" value="{SEARCH_GUEST_INTERVAL}" /> {L_SECONDS}</dd>
+		<dd><input id="search_anonymous_interval" type="number" min="0" max="9999" name="config[search_anonymous_interval]" value="{SEARCH_GUEST_INTERVAL}" /> {L_SECONDS}</dd>
 	</dl>
 	<dl>
 		<dt><label for="limit_search_load">{L_LIMIT_SEARCH_LOAD}{L_COLON}</label><br /><span>{L_LIMIT_SEARCH_LOAD_EXPLAIN}</span></dt>
@@ -30,15 +30,15 @@
 	</dl>
 	<dl>
 		<dt><label for="min_search_author_chars">{L_MIN_SEARCH_AUTHOR_CHARS}{L_COLON}</label><br /><span>{L_MIN_SEARCH_AUTHOR_CHARS_EXPLAIN}</span></dt>
-		<dd><input id="min_search_author_chars" type="number" size="4" maxlength="4" min="0" max="9999" name="config[min_search_author_chars]" value="{MIN_SEARCH_AUTHOR_CHARS}" /></dd>
+		<dd><input id="min_search_author_chars" type="number" min="0" max="9999" name="config[min_search_author_chars]" value="{MIN_SEARCH_AUTHOR_CHARS}" /></dd>
 	</dl>
 	<dl>
 		<dt><label for="max_num_search_keywords">{L_MAX_NUM_SEARCH_KEYWORDS}{L_COLON}</label><br /><span>{L_MAX_NUM_SEARCH_KEYWORDS_EXPLAIN}</span></dt>
-		<dd><input id="max_num_search_keywords" type="number" size="4" maxlength="4" min="0" max="9999" name="config[max_num_search_keywords]" value="{MAX_NUM_SEARCH_KEYWORDS}" /></dd>
+		<dd><input id="max_num_search_keywords" type="number" min="0" max="9999" name="config[max_num_search_keywords]" value="{MAX_NUM_SEARCH_KEYWORDS}" /></dd>
 	</dl>
 	<dl>
 		<dt><label for="search_store_results">{L_SEARCH_STORE_RESULTS}{L_COLON}</label><br /><span>{L_SEARCH_STORE_RESULTS_EXPLAIN}</span></dt>
-		<dd><input id="search_store_results" type="number" size="4" maxlength="6" min="0" max="999999" name="config[search_store_results]" value="{SEARCH_STORE_RESULTS}" /> {L_SECONDS}</dd>
+		<dd><input id="search_store_results" type="number" min="0" max="999999" name="config[search_store_results]" value="{SEARCH_STORE_RESULTS}" /> {L_SECONDS}</dd>
 	</dl>
 	</fieldset>
 

phpBB/adm/style/acp_styles.html

@@ -51,6 +51,10 @@
 		<dt><label>{L_STYLE_PATH}{L_COLON}</label></dt>
 		<dd><strong>{STYLE_PATH}</strong></dd>
 	</dl>
+	<dl>
+		<dt><label>{L_STYLE_VERSION}{L_COLON}</label></dt>
+		<dd><strong>{STYLE_VERSION}</strong></dd>
+	</dl>
 	<dl>
 		<dt><label for="name">{L_COPYRIGHT}{L_COLON}</label></dt>
 		<dd><strong>{STYLE_COPYRIGHT}</strong></dd>
@@ -87,6 +91,7 @@
 <!-- ENDIF -->
 
 <!-- IF .styles_list -->
+	<!-- EVENT acp_styles_list_before -->
 	<table class="table1 styles">
 	<thead>
 	<tr>
@@ -99,7 +104,7 @@
 	</thead>
 	<!-- BEGIN styles_list -->
 	<tbody id="styles-list-{styles_list.S_ROW_COUNT}">
-	<tr<!-- IF styles_list.STYLE_ID and not styles_list.STYLE_ACTIVE --> class="row-inactive"<!-- ENDIF -->>
+	<tr class="row-highlight<!-- IF styles_list.STYLE_ID and not styles_list.STYLE_ACTIVE --> row-inactive<!-- ENDIF -->">
 		<!-- IF styles_list.LEVEL is odd -->
 			<!-- IF $ROW_CLASS == 'row1a' --><!-- DEFINE $ROW_CLASS = 'row1b' --><!-- ELSE --><!-- DEFINE $ROW_CLASS = 'row1a' --><!-- ENDIF -->
 		<!-- ELSE -->

phpBB/adm/style/acp_update.html

@@ -6,22 +6,43 @@
 
 <p>{L_VERSION_CHECK_EXPLAIN}</p>
 
+<!-- IF S_UPDATE_INCOMPLETE -->
+	<div class="errorbox">
+		<p>{L_UPDATE_INCOMPLETE} {L_UPDATE_INCOMPLETE_MORE}</p>
+	</div>
+<!-- ENDIF -->
 <!-- IF S_UP_TO_DATE -->
 	<div class="successbox">
 		<p>{L_VERSION_UP_TO_DATE_ACP} - <a href="{U_VERSIONCHECK_FORCE}">{L_VERSIONCHECK_FORCE_UPDATE}</a></p>
 	</div>
-<!-- ELSE -->
+<!-- ELSEIF not S_UPDATE_INCOMPLETE -->
 	<div class="errorbox">
 		<p>{L_VERSION_NOT_UP_TO_DATE_ACP} - <a href="{U_VERSIONCHECK_FORCE}">{L_VERSIONCHECK_FORCE_UPDATE}</a></p>
 	</div>
 <!-- ENDIF -->
+<!-- IF S_VERSION_UPGRADEABLE -->
+	<div class="errorbox notice">
+		<p>{UPGRADE_INSTRUCTIONS}</p>
+	</div>
+<!-- ENDIF -->
 
 <fieldset>
 	<legend></legend>
+	<!-- IF not S_UPDATE_INCOMPLETE -->
 	<dl>
 		<dt><label>{L_CURRENT_VERSION}</label></dt>
 		<dd><strong>{CURRENT_VERSION}</strong></dd>
 	</dl>
+	<!-- ELSE -->
+	<dl>
+		<dt><label>{L_FILES_VERSION}</label></dt>
+		<dd><strong>{FILES_VERSION}</strong></dd>
+	</dl>
+	<dl>
+		<dt><label>{L_DATABASE_VERSION}</label></dt>
+		<dd><strong>{CURRENT_VERSION}</strong></dd>
+	</dl>
+	<!-- ENDIF -->
 </fieldset>
 
 <!-- BEGIN updates_available -->
@@ -38,6 +59,11 @@
 	</fieldset>
 <!-- END updates_available -->
 
+<!-- IF S_UPDATE_INCOMPLETE -->
+	{INCOMPLETE_INSTRUCTIONS}
+	<br>
+<!-- ENDIF -->
+
 <!-- IF not S_UP_TO_DATE -->
 	{UPDATE_INSTRUCTIONS}
 	<br /><br />

phpBB/adm/style/acp_users.html

@@ -146,7 +146,9 @@
 
 	<!-- IF S_GROUP_OPTIONS -->
 		<fieldset class="quick">
+			<!-- EVENT acp_users_select_group_before -->
 			{L_USER_GROUP_ADD}{L_COLON} <select name="g">{S_GROUP_OPTIONS}</select> <input class="button1" type="submit" name="update" value="{L_SUBMIT}" />
+			<!-- EVENT acp_users_select_group_after -->
 			{S_FORM_TOKEN}
 		</fieldset>
 	<!-- ENDIF -->

phpBB/adm/style/acp_users_prefs.html

@@ -52,7 +52,7 @@
 	<dl> 
 		<dt><label for="dateoptions">{L_BOARD_DATE_FORMAT}{L_COLON}</label><br /><span>{L_BOARD_DATE_FORMAT_EXPLAIN}</span></dt>
 		<dd><select name="dateoptions" id="dateoptions" onchange="if(this.value=='custom'){phpbb.toggleDisplay('custom_date',1);}else{phpbb.toggleDisplay('custom_date',-1);} if (this.value == 'custom') { document.getElementById('dateformat').value = default_dateformat; } else { document.getElementById('dateformat').value = this.value; }">{S_DATEFORMAT_OPTIONS}</select></dd>
-		<dd><div id="custom_date"<!-- IF not S_CUSTOM_DATEFORMAT --> style="display:none;"<!-- ENDIF -->><input type="text" name="dateformat" id="dateformat" value="{DATE_FORMAT}" maxlength="30" /></div></dd>
+		<dd><div id="custom_date"<!-- IF not S_CUSTOM_DATEFORMAT --> style="display:none;"<!-- ENDIF -->><input type="text" name="dateformat" id="dateformat" value="{DATE_FORMAT}" maxlength="64" /></div></dd>
 	</dl>
 	<!-- EVENT acp_users_prefs_personal_append -->
 	</fieldset>

phpBB/adm/style/acp_users_profile.html

@@ -1,4 +1,4 @@
-	<form id="user_profile" method="post" action="{U_ACTION}">
+	<form id="user_profile" method="post" action="{U_ACTION}"{S_FORM_ENCTYPE}>
 
 	<fieldset>
 		<legend>{L_USER_PROFILE}</legend>

phpBB/adm/style/admin.css

@@ -859,6 +859,8 @@ table.zebra-table tbody tr:nth-child(even) {
 .row2a { background-color: #E7EEF4; }
 .row2b { background-color: #E3EBF2; }
 
+tr.row-highlight:hover td { background-color: #DBDFE2; }
+
 .spacer {
 	background-color: #DBDFE2;
 	height: 1px;

phpBB/adm/style/ajax.js

@@ -62,7 +62,127 @@ phpbb.addAjaxCallback('row_delete', function(res) {
 	}
 });
 
+/**
+ * Handler for submitting permissions form in chunks
+ * This call will submit permissions forms in chunks of 5 fieldsets.
+ */
+function submitPermissions() {
+	var $form = $('form#set-permissions'),
+		fieldsetList = $form.find('fieldset[id^=perm]'),
+		formDataSets = [],
+		$submitAllButton = $form.find('input[type=submit][name^=action]')[0],
+		$submitButton = $form.find('input[type=submit][data-clicked=true]')[0];
 
+	// Set proper start values for handling refresh of page
+	var permissionSubmitSize = 0,
+		permissionRequestCount = 0,
+		forumIds = [],
+		permissionSubmitFailed = false;
+
+	if ($submitAllButton !== $submitButton) {
+		fieldsetList = $form.find('fieldset#' + $submitButton.closest('fieldset.permissions').id);
+	}
+
+	$.each(fieldsetList, function (key, value) {
+		if (key % 5 === 0) {
+			formDataSets[Math.floor(key / 5)] = $form.find('fieldset#' + value.id).serialize();
+		} else {
+			formDataSets[Math.floor(key / 5)] += '&' + $form.find('fieldset#' + value.id).serialize();
+		}
+	});
+
+	permissionSubmitSize = formDataSets.length;
+
+	// Add each forum ID to forum ID list to preserve selected forums
+	$.each($form.find('input[type=hidden][name^=forum_id]'), function (key, value) {
+		if (value.name.match(/^forum_id\[([0-9]+)\]$/)) {
+			forumIds.push(value.value);
+		}
+	});
+
+	/**
+	 * Handler for submitted permissions form chunk
+	 *
+	 * @param {object} res Object returned by AJAX call
+	 */
+	function handlePermissionReturn(res) {
+		permissionRequestCount++;
+		var $dark = $('#darkenwrapper');
+
+		if (res.S_USER_WARNING) {
+			phpbb.alert(res.MESSAGE_TITLE, res.MESSAGE_TEXT);
+			permissionSubmitFailed = true;
+		} else if (!permissionSubmitFailed && res.S_USER_NOTICE) {
+			// Display success message at the end of submitting the form
+			if (permissionRequestCount >= permissionSubmitSize) {
+				var $alert = phpbb.alert(res.MESSAGE_TITLE, res.MESSAGE_TEXT);
+				var $alertBoxLink = $alert.find('p.alert_text > a');
+
+				// Create form to submit instead of normal "Back to previous page" link
+				if ($alertBoxLink) {
+					// Remove forum_id[] from URL
+					$alertBoxLink.attr('href', $alertBoxLink.attr('href').replace(/(&forum_id\[\]=[0-9]+)/g, ''));
+					var previousPageForm = '<form action="' + $alertBoxLink.attr('href') + '" method="post">';
+					$.each(forumIds, function (key, value) {
+						previousPageForm += '<input type="text" name="forum_id[]" value="' + value + '" />';
+					});
+					previousPageForm += '</form>';
+
+					$alertBoxLink.on('click', function (e) {
+						var $previousPageForm = $(previousPageForm);
+						$('body').append($previousPageForm);
+						e.preventDefault();
+						$previousPageForm.submit();
+					});
+				}
+
+				// Do not allow closing alert
+				$dark.off('click');
+				$alert.find('.alert_close').hide();
+
+				if (typeof res.REFRESH_DATA !== 'undefined') {
+					setTimeout(function () {
+						// Create forum to submit using POST. This will prevent
+						// exceeding the maximum length of URLs
+						var form = '<form action="' + res.REFRESH_DATA.url.replace(/(&forum_id\[\]=[0-9]+)/g, '') + '" method="post">';
+						$.each(forumIds, function (key, value) {
+							form += '<input type="text" name="forum_id[]" value="' + value + '" />';
+						});
+						form += '</form>';
+						$form = $(form);
+						$('body').append($form);
+
+						// Hide the alert even if we refresh the page, in case the user
+						// presses the back button.
+						$dark.fadeOut(phpbb.alertTime, function () {
+							if (typeof $alert !== 'undefined') {
+								$alert.hide();
+							}
+						});
+
+						// Submit form
+						$form.submit();
+					}, res.REFRESH_DATA.time * 1000); // Server specifies time in seconds
+				}
+			}
+		}
+	}
+
+	// Create AJAX request for each form data set
+	$.each(formDataSets, function (key, formData) {
+		$.ajax({
+			url: $form.action,
+			type: 'POST',
+			data: formData + '&' + $submitButton.name + '=' + encodeURIComponent($submitButton.value) +
+				'&creation_time=' + $form.find('input[type=hidden][name=creation_time]')[0].value +
+				'&form_token=' + $form.find('input[type=hidden][name=form_token]')[0].value +
+				'&' + $form.children('input[type=hidden]').serialize() +
+				'&' + $form.find('input[type=checkbox][name^=inherit]').serialize(),
+			success: handlePermissionReturn,
+			error: handlePermissionReturn
+		});
+	});
+}
 
 $('[data-ajax]').each(function() {
 	var $this = $(this),
@@ -83,6 +203,18 @@ $('[data-ajax]').each(function() {
 */
 $(function() {
 	phpbb.resizeTextArea($('textarea:not(.no-auto-resize)'), {minHeight: 75});
+
+	var $setPermissionsForm = $('form#set-permissions');
+	if ($setPermissionsForm.length) {
+		$setPermissionsForm.on('submit', function (e) {
+			submitPermissions();
+			e.preventDefault();
+		});
+		$setPermissionsForm.find('input[type=submit]').click(function() {
+			$('input[type=submit]', $(this).parents($('form#set-permissions'))).removeAttr('data-clicked');
+			$(this).attr('data-clicked', true);
+		});
+	}
 });
 
 

phpBB/adm/style/install_footer.html

@@ -12,7 +12,7 @@
 </div>
 
 <script type="text/javascript" src="{T_JQUERY_LINK}"></script>
-<!-- IF S_ALLOW_CDN --><script type="text/javascript">window.jQuery || document.write(unescape('%3Cscript src="{T_ASSETS_PATH}/javascript/jquery.min.js" type="text/javascript"%3E%3C/script%3E'));</script><!-- ENDIF -->
+<!-- IF S_ALLOW_CDN --><script type="text/javascript">window.jQuery || document.write('\x3Cscript src="{T_ASSETS_PATH}/javascript/jquery.min.js">\x3C/script>');</script><!-- ENDIF -->
 <script type="text/javascript" src="{T_ASSETS_PATH}/javascript/core.js?assets_version={T_ASSETS_VERSION}"></script>
 <!-- INCLUDEJS admin.js -->
 {$SCRIPTS}

phpBB/adm/style/install_header.html

@@ -2,6 +2,7 @@
 <html dir="{S_CONTENT_DIRECTION}" lang="{S_USER_LANG}">
 <head>
 <meta charset="utf-8">
+<meta http-equiv="X-UA-Compatible" content="IE=edge">
 <meta name="viewport" content="width=device-width, initial-scale=1" />
 <!-- IF META -->{META}<!-- ENDIF -->
 <title>{PAGE_TITLE}</title>

phpBB/adm/style/install_update_diff.html

@@ -2,6 +2,7 @@
 <html dir="{S_CONTENT_DIRECTION}" lang="{S_USER_LANG}">
 <head>
 <meta charset="utf-8">
+<meta http-equiv="X-UA-Compatible" content="IE=edge">
 <meta name="viewport" content="width=device-width, initial-scale=1" />
 <!-- IF META -->{META}<!-- ENDIF -->
 <title>{PAGE_TITLE}</title>

phpBB/adm/style/overall_footer.html

@@ -34,7 +34,7 @@
 </div>
 
 <script type="text/javascript" src="{T_JQUERY_LINK}"></script>
-<!-- IF S_ALLOW_CDN --><script type="text/javascript">window.jQuery || document.write(unescape('%3Cscript src="{T_ASSETS_PATH}/javascript/jquery.min.js?assets_version={T_ASSETS_VERSION}" type="text/javascript"%3E%3C/script%3E'));</script><!-- ENDIF -->
+<!-- IF S_ALLOW_CDN --><script type="text/javascript">window.jQuery || document.write('\x3Cscript src="{T_ASSETS_PATH}/javascript/jquery.min.js?assets_version={T_ASSETS_VERSION}">\x3C/script>');</script><!-- ENDIF -->
 <script type="text/javascript" src="{T_ASSETS_PATH}/javascript/core.js?assets_version={T_ASSETS_VERSION}"></script>
 <!-- INCLUDEJS ajax.js -->
 <!-- INCLUDEJS admin.js -->

phpBB/adm/style/overall_header.html

@@ -2,6 +2,7 @@
 <html dir="{S_CONTENT_DIRECTION}" lang="{S_USER_LANG}">
 <head>
 <meta charset="utf-8">
+<meta http-equiv="X-UA-Compatible" content="IE=edge">
 <meta name="viewport" content="width=device-width, initial-scale=1" />
 <!-- IF META -->{META}<!-- ENDIF -->
 <title>{PAGE_TITLE}</title>
@@ -52,7 +53,7 @@ function marklist(id, name, state)
 	
 	for (var r = 0; r < rb.length; r++)
 	{
-		if (rb[r].name.substr(0, name.length) == name)
+		if (rb[r].name.substr(0, name.length) == name && rb[r].disabled !== true)
 		{
 			rb[r].checked = state;
 		}

phpBB/adm/style/permission_forum_copy.html

@@ -12,7 +12,7 @@
 		<legend>{L_LOOK_UP_FORUM}</legend>
 
 		<dl>
-			<dt><label for="src_forum">{L_COPY_PERMISSIONS_FROM}{L_COLON}</label><br /><span>{L_COPY_PERMISSIONS_FORUM_FROM_EXPLAIN}</span></dt>
+			<dt><!-- EVENT acp_permission_forum_copy_src_forum_prepend --><label for="src_forum">{L_COPY_PERMISSIONS_FROM}{L_COLON}</label><br /><span>{L_COPY_PERMISSIONS_FORUM_FROM_EXPLAIN}</span><!-- EVENT acp_permission_forum_copy_src_forum_append --></dt>
 			<dd><select id="src_forum" name="src_forum_id"><option value="0">{L_SELECT_FORUM}</option><option value="-1">------------------</option>{S_FORUM_OPTIONS}</select></dd>
 		</dl>
 	</fieldset>
@@ -22,7 +22,7 @@
 		<p>{L_LOOK_UP_FORUMS_EXPLAIN}</p>
 
 		<dl>
-			<dt><label for="dest_forums">{L_COPY_PERMISSIONS_TO}{L_COLON}</label><br /><span>{L_COPY_PERMISSIONS_FORUM_TO_EXPLAIN}</span></dt>
+			<dt><!-- EVENT acp_permission_forum_copy_dest_forum_prepend --><label for="dest_forums">{L_COPY_PERMISSIONS_TO}{L_COLON}</label><br /><span>{L_COPY_PERMISSIONS_FORUM_TO_EXPLAIN}</span><!-- EVENT acp_permission_forum_copy_dest_forum_append --></dt>
 			<dd><select id="dest_forums" name="dest_forum_ids[]" multiple="multiple" size="10">{S_FORUM_OPTIONS}</select></dd>
 		</dl>
 	</fieldset>

phpBB/adm/style/simple_footer.html

@@ -17,7 +17,7 @@
 </div>
 
 <script type="text/javascript" src="{T_JQUERY_LINK}"></script>
-<!-- IF S_ALLOW_CDN --><script type="text/javascript">window.jQuery || document.write(unescape('%3Cscript src="{T_ASSETS_PATH}/javascript/jquery.min.js?assets_version={T_ASSETS_VERSION}" type="text/javascript"%3E%3C/script%3E'));</script><!-- ENDIF -->
+<!-- IF S_ALLOW_CDN --><script type="text/javascript">window.jQuery || document.write('\x3Cscript src="{T_ASSETS_PATH}/javascript/jquery.min.js?assets_version={T_ASSETS_VERSION}">\x3C/script>');</script><!-- ENDIF -->
 <script type="text/javascript" src="{T_ASSETS_PATH}/javascript/core.js?assets_version={T_ASSETS_VERSION}"></script>
 
 <!-- EVENT acp_simple_footer_after -->

phpBB/adm/style/simple_header.html

@@ -2,6 +2,7 @@
 <html dir="{S_CONTENT_DIRECTION}" lang="{S_USER_LANG}">
 <head>
 <meta charset="utf-8">
+<meta http-equiv="X-UA-Compatible" content="IE=edge">
 <meta name="viewport" content="width=device-width, initial-scale=1" />
 <!-- IF META -->{META}<!-- ENDIF -->
 <title>{PAGE_TITLE}</title>
@@ -65,7 +66,7 @@ function marklist(id, name, state)
 	
 	for (var r = 0; r < rb.length; r++)
 	{
-		if (rb[r].name.substr(0, name.length) == name)
+		if (rb[r].name.substr(0, name.length) == name && rb[r].disabled !== true)
 		{
 			rb[r].checked = state;
 		}

phpBB/assets/javascript/core.js

@@ -33,20 +33,27 @@ phpbb.loadingIndicator = function() {
 
 	if (!$loadingIndicator.is(':visible')) {
 		$loadingIndicator.fadeIn(phpbb.alertTime);
-		// Wait fifteen seconds and display an error if nothing has been returned by then.
+		// Wait 60 seconds and display an error if nothing has been returned by then.
 		phpbb.clearLoadingTimeout();
 		phpbbAlertTimer = setTimeout(function() {
-			var $alert = $('#phpbb_alert');
-
-			if ($loadingIndicator.is(':visible')) {
-				phpbb.alert($alert.attr('data-l-err'), $alert.attr('data-l-timeout-processing-req'));
-			}
-		}, 15000);
+			phpbb.showTimeoutMessage();
+		}, 60000);
 	}
 
 	return $loadingIndicator;
 };
 
+/**
+ * Show timeout message
+ */
+phpbb.showTimeoutMessage = function () {
+	var $alert = $('#phpbb_alert');
+
+	if ($loadingIndicator.is(':visible')) {
+		phpbb.alert($alert.attr('data-l-err'), $alert.attr('data-l-timeout-processing-req'));
+	}
+};
+
 /**
  * Clear loading alert timeout
 */
@@ -303,6 +310,10 @@ phpbb.ajaxify = function(options) {
 					alert = phpbb.alert(res.MESSAGE_TITLE, res.MESSAGE_TEXT);
 				} else {
 					$dark.fadeOut(phpbb.alertTime);
+
+					if ($loadingIndicator) {
+						$loadingIndicator.fadeOut(phpbb.alertTime);
+					}
 				}
 
 				if (typeof phpbb.ajaxCallbacks[callback] === 'function') {
@@ -1025,7 +1036,7 @@ phpbb.resizeTextArea = function($items, options) {
 
 	function autoResize(item) {
 		function setHeight(height) {
-			height += parseInt($item.css('height'), 10) - $item.height();
+			height += parseInt($item.css('height'), 10) - $item.innerHeight();
 			$item
 				.css({ height: height + 'px', resize: 'none' })
 				.addClass('auto-resized');
@@ -1044,7 +1055,7 @@ phpbb.resizeTextArea = function($items, options) {
 				configuration.maxHeight
 			),
 			$item = $(item),
-			height = parseInt($item.height(), 10),
+			height = parseInt($item.innerHeight(), 10),
 			scrollHeight = (item.scrollHeight) ? item.scrollHeight : 0;
 
 		if (height < 0) {
@@ -1534,6 +1545,13 @@ phpbb.toggleSelectSettings = function(el) {
 		var $this = $(this),
 			$setting = $($this.data('toggle-setting'));
 		$setting.toggle($this.is(':selected'));
+
+		// Disable any input elements that are not visible right now
+		if ($this.is(':selected')) {
+			$($this.data('toggle-setting') + ' input').prop('disabled', false);
+		} else {
+			$($this.data('toggle-setting') + ' input').prop('disabled', true);
+		}
 	});
 };
 

phpBB/assets/javascript/editor.js

@@ -358,6 +358,12 @@ function getCaretPosition(txtarea) {
 		if ($('#attach-panel').length) {
 			phpbb.showDragNDrop(textarea);
 		}
+
+		$('textarea').on('keydown', function (e) {
+			if (e.which === 13 && (e.metaKey || e.ctrlKey)) {
+				$(this).closest('form').submit();
+			}
+		});
 	});
 })(jQuery);
 

phpBB/bin/phpbbcli.php

@@ -59,6 +59,8 @@ $phpbb_container->get('request')->enable_super_globals();
 require($phpbb_root_path . 'includes/compatibility_globals.' . $phpEx);
 
 $user = $phpbb_container->get('user');
+$user->data['user_id'] = ANONYMOUS;
+$user->ip = '127.0.0.1';
 $user->add_lang('acp/common');
 $user->add_lang('cli');
 

phpBB/common.php

@@ -38,7 +38,13 @@ if (!defined('PHPBB_INSTALLED'))
 	// available as used by the redirect function
 	$server_name = (!empty($_SERVER['HTTP_HOST'])) ? strtolower($_SERVER['HTTP_HOST']) : ((!empty($_SERVER['SERVER_NAME'])) ? $_SERVER['SERVER_NAME'] : getenv('SERVER_NAME'));
 	$server_port = (!empty($_SERVER['SERVER_PORT'])) ? (int) $_SERVER['SERVER_PORT'] : (int) getenv('SERVER_PORT');
-	$secure = (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') ? 1 : 0;
+	$secure = (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off') ? 1 : 0;
+
+	if (!empty($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https')
+	{
+		$secure = 1;
+		$server_port = 443;
+	}
 
 	$script_name = (!empty($_SERVER['PHP_SELF'])) ? $_SERVER['PHP_SELF'] : getenv('PHP_SELF');
 	if (!$script_name)

phpBB/composer.json

@@ -25,7 +25,7 @@
 		"phpbb/phpbb-core": "self.version"
 	},
 	"require": {
-		"php": ">=5.3.3",
+		"php": ">=5.3.3,<7.0",
 		"lusitanian/oauth": "0.2.*",
 		"symfony/config": "2.3.*",
 		"symfony/console": "2.3.*",
@@ -34,7 +34,7 @@
 		"symfony/http-kernel": "2.3.*",
 		"symfony/routing": "2.3.*",
 		"symfony/yaml": "2.3.*",
-		"twig/twig": "1.*"
+		"twig/twig": "^1.0,<1.25"
 	},
 	"require-dev": {
 		"fabpot/goutte": "1.0.*",
@@ -51,5 +51,10 @@
 		"symfony/finder": "2.3.*",
 		"symfony/http-foundation": "2.3.*",
 		"symfony/process": "2.3.*"
+	},
+	"extra": {
+		"branch-alias": {
+			"dev-master": "3.1.x-dev"
+		}
 	}
 }

phpBB/config/auth.yml

@@ -62,6 +62,7 @@ services:
             - @auth.provider.oauth.service_collection
             - %tables.users%
             - @service_container
+            - @dispatcher
             - %core.root_path%
             - %core.php_ext%
         tags:

phpBB/config/console.yml

@@ -139,3 +139,24 @@ services:
             - @dbal.conn
         tags:
             - { name: console.command }
+
+    console.command.fixup.update_hashes:
+        class: phpbb\console\command\fixup\update_hashes
+        arguments:
+            - @config
+            - @user
+            - @dbal.conn
+            - @passwords.manager
+            - @passwords.driver_collection
+            - %passwords.algorithms%
+        tags:
+            - { name: console.command }
+
+    console.command.fixup.fix_left_right_ids:
+        class: phpbb\console\command\fixup\fix_left_right_ids
+        arguments:
+            - @user
+            - @dbal.conn
+            - @cache.driver
+        tags:
+            - { name: console.command }

phpBB/config/cron.yml

@@ -146,3 +146,17 @@ services:
             - [set_name, [cron.task.core.tidy_warnings]]
         tags:
             - { name: cron.task }
+
+    cron.task.core.update_hashes:
+        class: phpbb\cron\task\core\update_hashes
+        arguments:
+            - @config
+            - @dbal.conn
+            - @passwords.update.lock
+            - @passwords.manager
+            - @passwords.driver_collection
+            - %passwords.algorithms%
+        calls:
+            - [set_name, [cron.task.core.update_hashes]]
+        tags:
+            - { name: cron.task }

phpBB/config/db.yml

@@ -5,9 +5,7 @@ services:
             - @service_container
 
     dbal.conn.driver:
-        class: %dbal.driver.class%
-        calls:
-            - [sql_connect, [%dbal.dbhost%, %dbal.dbuser%, %dbal.dbpasswd%, %dbal.dbname%, %dbal.dbport%, false, %dbal.new_link%]]
+        synthetic: true
 
     dbal.tools:
         class: phpbb\db\tools

phpBB/config/event.yml

@@ -32,3 +32,10 @@ services:
         class: phpbb\event\kernel_terminate_subscriber
         tags:
             - { name: kernel.event_subscriber }
+
+    symfony_response_listener:
+        class: Symfony\Component\HttpKernel\EventListener\ResponseListener
+        arguments:
+            - UTF-8
+        tags:
+            - { name: kernel.event_subscriber }

phpBB/config/feed.yml

@@ -25,6 +25,7 @@ services:
             - @user
             - @auth
             - @content.visibility
+            - @dispatcher
             - %core.php_ext%
 
     feed.forums:
@@ -38,6 +39,7 @@ services:
             - @user
             - @auth
             - @content.visibility
+            - @dispatcher
             - %core.php_ext%
 
     feed.news:
@@ -51,6 +53,7 @@ services:
             - @user
             - @auth
             - @content.visibility
+            - @dispatcher
             - %core.php_ext%
 
     feed.overall:
@@ -64,6 +67,7 @@ services:
             - @user
             - @auth
             - @content.visibility
+            - @dispatcher
             - %core.php_ext%
 
     feed.topic:
@@ -77,6 +81,7 @@ services:
             - @user
             - @auth
             - @content.visibility
+            - @dispatcher
             - %core.php_ext%
 
     feed.topics:
@@ -90,6 +95,7 @@ services:
             - @user
             - @auth
             - @content.visibility
+            - @dispatcher
             - %core.php_ext%
 
     feed.topics_active:
@@ -103,4 +109,5 @@ services:
             - @user
             - @auth
             - @content.visibility
+            - @dispatcher
             - %core.php_ext%

phpBB/config/password.yml

@@ -122,3 +122,10 @@ services:
             - @passwords.driver_helper
         tags:
             - { name: passwords.driver }
+
+    passwords.update.lock:
+        class: phpbb\lock\db
+        arguments:
+            - update_hashes_lock
+            - '@config'
+            - '@dbal.conn'

phpBB/cron.php

@@ -55,6 +55,18 @@ if ($cron_lock->acquire())
 	$task = $cron->find_task($cron_type);
 	if ($task)
 	{
+		/**
+		 * This event enables you to catch the task before it runs
+		 *
+		 * @event core.cron_run_before
+		 * @var	\phpbb\cron\task\wrapper	task	Current Cron task
+		 * @since 3.1.8-RC1
+		 */
+		$vars = array(
+			'task',
+		);
+		extract($phpbb_dispatcher->trigger_event('core.cron_run_before', compact($vars)));
+
 		if ($task->is_parametrized())
 		{
 			$task->parse_parameters($request);

phpBB/docs/CHANGELOG.html

@@ -2,6 +2,7 @@
 <html dir="ltr" lang="en">
 <head>
 <meta charset="utf-8">
+<meta http-equiv="X-UA-Compatible" content="IE=edge">
 <meta name="keywords" content="" />
 <meta name="description" content="phpBB 3.1.x Changelog" />
 <title>phpBB &bull; Changelog</title>
@@ -49,6 +50,12 @@
 <ol>
 	<li><a href="#changelog">Changelog</a>
 	<ul>
+		<li><a href="#v3110">Changes since 3.1.10</a></li>
+		<li><a href="#v319">Changes since 3.1.9</a></li>
+		<li><a href="#v318">Changes since 3.1.8</a></li>
+		<li><a href="#v317pl1">Changes since 3.1.7-PL1</a></li>
+		<li><a href="#v317">Changes since 3.1.7</a></li>
+		<li><a href="#v316">Changes since 3.1.6</a></li>
 		<li><a href="#v315">Changes since 3.1.5</a></li>
 		<li><a href="#v314">Changes since 3.1.4</a></li>
 		<li><a href="#v313">Changes since 3.1.3</a></li>
@@ -111,7 +118,448 @@
 	<div class="paragraph">
 		<div class="inner">
 
-		<div class="content">
+<div class="content">
+
+	<a name="v3110"></a><h3>Changes since 3.1.10</h3>
+
+	<h4>Bug</h4>
+	<ul>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-7336">PHPBB3-7336</a>] - Words in new topic title aren't found by search after topic is split</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-8116">PHPBB3-8116</a>] - Server timeout or browsercrash after viewing postdetails</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-8301">PHPBB3-8301</a>] - admin log generate slow queries</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-9590">PHPBB3-9590</a>] - Unable to update permissions for more than 6 forums at a time</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11076">PHPBB3-11076</a>] - Update notification in ACP for minimum PHP version missing essential information</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11483">PHPBB3-11483</a>] - Forced Activation needs looking at.</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11611">PHPBB3-11611</a>] - setup_github_network.php no longer creates a repository</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13247">PHPBB3-13247</a>] - Online indicator in post profile hides behind certain avatars</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13250">PHPBB3-13250</a>] - File cache does not write entries starting with _ and containing a slash</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13429">PHPBB3-13429</a>] - Changes tag in docblock of events should be unified</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13558">PHPBB3-13558</a>] -  Error - stream_socket_enable_crypto()</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13757">PHPBB3-13757</a>] - Negative PM count</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14468">PHPBB3-14468</a>] - [php] - 'core.viewforum_modify_topics_data' add parameter forum_id</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14549">PHPBB3-14549</a>] - Correctly redirect back after topic merge in MCP</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14770">PHPBB3-14770</a>] - Plupload: WRONG_FILESIZE is used wrong</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14795">PHPBB3-14795</a>] - Topic merge bug</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14801">PHPBB3-14801</a>] - Search highlight option doesn't always highlight unicode strings</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14802">PHPBB3-14802</a>] - Empty/blank lines should not be additional poll options</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14806">PHPBB3-14806</a>] - Authentication for e-mail is not working</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14819">PHPBB3-14819</a>] - Soft deleted posts visible in topic review</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14821">PHPBB3-14821</a>] - Do not expect parsed HTML in kernel subscriber output</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14830">PHPBB3-14830</a>] - FORM_INVALID error on ACP search and CPF settings</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14831">PHPBB3-14831</a>] - Extension migration file fails</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14838">PHPBB3-14838</a>] - feeds.attachments_base - server 500 error for large attachment tables</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14844">PHPBB3-14844</a>] - BBcodes B and I return &lt;strong&gt; and &lt;em&gt; tags instead of CSS under inherited styles</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14859">PHPBB3-14859</a>] - PM report notifications only sent out to full Global Moderators</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14860">PHPBB3-14860</a>] - Broken link on subscriptions page on mobile devices</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14863">PHPBB3-14863</a>] - &quot;Array&quot; in message title when permanently deleting posts</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14864">PHPBB3-14864</a>] - ACP datefromat text input  still has 30 max length while dateformat field had been expanded to 64</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14876">PHPBB3-14876</a>] - Multibyte message is not displayed properly on exception</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14877">PHPBB3-14877</a>] - CSS error in &quot;.codebox code&quot; definition</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14881">PHPBB3-14881</a>] - Problems using EVENT (overall_footer_content_after)</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14888">PHPBB3-14888</a>] - Missing check for disabled profile field types</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14889">PHPBB3-14889</a>] - Missing method declaration in profile fields type interface</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14890">PHPBB3-14890</a>] - Wrong validation of input field in profile field type string</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14906">PHPBB3-14906</a>] - Duplicated sig key in user_cache_data array</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14923">PHPBB3-14923</a>] - SQL PostgreSQL blocking errors during DB update installation</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14938">PHPBB3-14938</a>] - Inconsistent data results from ext_mgr-&gt;all_available() vs ext_mgr-&gt;is_available()</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14941">PHPBB3-14941</a>] - MySQL Fulltext search index creating still fails on InnoDB</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14943">PHPBB3-14943</a>] - Template loop access gives PHP error</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14953">PHPBB3-14953</a>] - Incorrect &quot;order by&quot; definition in ucp_pm_viewfolder</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14968">PHPBB3-14968</a>] - Version check marks 3.1.10 boards as outdated </li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14997">PHPBB3-14997</a>] - Bad Position for topiclist_row_topic_title_after</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14998">PHPBB3-14998</a>] - ACP Update link is incorrect!</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-15003">PHPBB3-15003</a>] - When using mark all, disabled check boxes should not become checked</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-15006">PHPBB3-15006</a>] - Permission inheritance with checkbox not working</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-15011">PHPBB3-15011</a>] - Error not checked on metadata load failure</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-15108">PHPBB3-15108</a>] - Duplicate code in request-&gt;overwrite</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-15143">PHPBB3-15143</a>] - version check on branch is broken</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-15146">PHPBB3-15146</a>] - Date profile field validation incorrect</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-15150">PHPBB3-15150</a>] - Yabber SSL/TLS certification</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-15186">PHPBB3-15186</a>] - The force_delete_allowed flag does not affect actual posts deletion ability</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-15187">PHPBB3-15187</a>] - ACP Template files not purged during Extension Enable</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-15246">PHPBB3-15246</a>] - Memcache driver incorrectly handles Unix sockets</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-15248">PHPBB3-15248</a>] - Event core.modify_posting_auth does not honor its parameters</li>
+	</ul>
+	<h4>Improvement</h4>
+	<ul>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-9211">PHPBB3-9211</a>] - List subforums-links separately in parent-forums' legend</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12749">PHPBB3-12749</a>] - core.submit_post_end add subject to the event data</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13457">PHPBB3-13457</a>] - New Hooks for ucp_main</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13459">PHPBB3-13459</a>] - New Template-Event in overall_header.html</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13479">PHPBB3-13479</a>] - Add hook for modifying highlighting on viewtopic</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13601">PHPBB3-13601</a>] - New event upon acl_clear_prefetch</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13603">PHPBB3-13603</a>] - New event upon index_body_online_block_after</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13605">PHPBB3-13605</a>] - New event upon ucp_pm_compose_predefined_message</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13608">PHPBB3-13608</a>] - New event upon ucp_restore_permissions</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13609">PHPBB3-13609</a>] - New event upon ucp_switch_permissions</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13845">PHPBB3-13845</a>] - Add event when user changes or delete avatar</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14119">PHPBB3-14119</a>] - [PHP] - (User) unban event request</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14239">PHPBB3-14239</a>] - [PHP] - Add event ucp_remind_modify_select_sql</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14331">PHPBB3-14331</a>] - Add rank calculation or result event access</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14520">PHPBB3-14520</a>] - [Template] - ucp_pm_viewmessage_message_body_after</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14522">PHPBB3-14522</a>] - [Template] - ucp_register_buttons_before</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14524">PHPBB3-14524</a>] - [PHP] - core.ucp_register_requests_after</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14733">PHPBB3-14733</a>] - Support increasing hashing cost factor</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14750">PHPBB3-14750</a>] - Fileupload form should not set invalid attributes for file input</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14758">PHPBB3-14758</a>] - ACP-Parameter &quot;Maximum thumbnail width in pixel&quot; should be &quot;Maximum thumbnail width/heigth in pixel:&quot;</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14759">PHPBB3-14759</a>] - Event core.mcp_main_modify_shadow_sql</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14760">PHPBB3-14760</a>] - Event core.mcp_main_modify_fork_sql</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14786">PHPBB3-14786</a>] - Add mcp_forum_actions_before/after events</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14804">PHPBB3-14804</a>] - Add core event to MCP after merging topics</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14805">PHPBB3-14805</a>] - Allow building package for previous versions on PHP 7</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14808">PHPBB3-14808</a>] - Add template event overall_header_searchbox_after</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14817">PHPBB3-14817</a>] - Add core event on includes/functions_download.php</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14825">PHPBB3-14825</a>] - Add OAuth events</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14827">PHPBB3-14827</a>] - Possibility to add multiple form keys</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14842">PHPBB3-14842</a>] - Avatar size 0 - unlimited</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14847">PHPBB3-14847</a>] - Add php event to add options in ACP Attachments</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14848">PHPBB3-14848</a>] - Add ACP template events after extensions list titles</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14849">PHPBB3-14849</a>] - Add ACP extension event</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14850">PHPBB3-14850</a>] - Add core events for smilies</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14852">PHPBB3-14852</a>] - Add core event to the function build_header()</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14853">PHPBB3-14853</a>] - Add core event to allow modifying PM attachments download auth</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14855">PHPBB3-14855</a>] - Update notifications and PM alert bubbles</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14870">PHPBB3-14870</a>] - Add php events to modify list of PMs</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14872">PHPBB3-14872</a>] - Remove count versus sizeof restriction in coding guidelines</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14874">PHPBB3-14874</a>] - Error on sending a .pak smiley</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14882">PHPBB3-14882</a>] - Add core event to MCP after move posts sync</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14887">PHPBB3-14887</a>] - ACP profile step 1 lang specific event</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14918">PHPBB3-14918</a>] - Provide quick access to extension version metadata</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14940">PHPBB3-14940</a>] - Add ACP template event acp_ext_details_end</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14957">PHPBB3-14957</a>] - Do not cache database config</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14958">PHPBB3-14958</a>] - Twig extension function lang() performs redundant template data copying</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-15020">PHPBB3-15020</a>] - Add Events for mcp_topic_postrow_post_subject</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-15059">PHPBB3-15059</a>] - Do not wrap content in code box</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-15081">PHPBB3-15081</a>] - Add ACP template event acp_ext_details_notice</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-15107">PHPBB3-15107</a>] - Add additional vars to event</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-15131">PHPBB3-15131</a>] - Add variable to the 'core.mcp_main_modify_fork_sql' event</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-15142">PHPBB3-15142</a>] - Extension Version Check Should Support Branches</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-15151">PHPBB3-15151</a>] - ACP Cookie settings should contain explanatory text for all fields</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-15199">PHPBB3-15199</a>] - Add core event to the function send() in the messenger</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-15200">PHPBB3-15200</a>] - Allow extensions using custom templates for help/faq controllers </li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-15205">PHPBB3-15205</a>] - Add template events to forumlist_body.html</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-15219">PHPBB3-15219</a>] - Add cron to update passwords hashes to bcrypt</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-15226">PHPBB3-15226</a>] - Add index for latest topics query in feeds</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-15237">PHPBB3-15237</a>] - Unguarded includes functions_user</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-15238">PHPBB3-15238</a>] - Add console command to fix left/right IDs for the forums and modules</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-15241">PHPBB3-15241</a>] - Add ACP template event acp_profile_contact_last</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-15250">PHPBB3-15250</a>] - Add core event to MCP at the end of merge_posts</li>
+	</ul>
+	<h4>New Feature</h4>
+	<ul>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12545">PHPBB3-12545</a>] - new pre-posting event</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13730">PHPBB3-13730</a>] - [PHP] - core.delete_post_end</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14390">PHPBB3-14390</a>] - [prosilver] - ucp_main_front_user_details_after</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14498">PHPBB3-14498</a>] - Not possible to deactivate display of &quot;who is online&quot; and birthdays for guests</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14662">PHPBB3-14662</a>] - [Template] - memberlist_team_username_prepend &amp; append</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14868">PHPBB3-14868</a>] - [Template] - mcp_forum_modify_select_after</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14996">PHPBB3-14996</a>] - [event] - Add Event search_results_topictitle_after</li>
+	</ul>
+	<h4>Sub-task</h4>
+	<ul>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13149">PHPBB3-13149</a>] - [Event] - core.phpbb_log_get_topic_auth_sql_before</li>
+	</ul>
+	<h4>Task</h4>
+	<ul>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-15178">PHPBB3-15178</a>] - Update 3.1.x dependencies</li>
+	</ul>
+
+	<a name="v319"></a><h3>Changes since 3.1.9</h3>
+
+	<h4>Bug</h4>
+	<ul>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11446">PHPBB3-11446</a>] - Use sql_in_set as designed and consistent with the rest of phpBB code in phpbb_notification_manager</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12230">PHPBB3-12230</a>] - Do not auto remove user group when Newly Registered Users group was disabled</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12925">PHPBB3-12925</a>] - Use plural for permanent delete posts/topics confirmation</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14109">PHPBB3-14109</a>] - MySQL InnoDB does not support multiple index definitions on the same query.</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14291">PHPBB3-14291</a>] - Function send_file_to_browser() endlessly overwrites 'filesize' in ATTACHMENTS_TABLE</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14610">PHPBB3-14610</a>] - Q&amp;A CAPTCHA logs error when it has been solved</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14615">PHPBB3-14615</a>] - delete avatar triggers the new min max value in the HTML5 inputs</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14616">PHPBB3-14616</a>] - Auto-prune fails on large forums</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14631">PHPBB3-14631</a>] - 3.1.9 DB cli update crashes with PHP Fatal error: Call to undefined function phpbb\truncate_string()</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14654">PHPBB3-14654</a>] - Imagemagick &gt; ImageMagick</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14661">PHPBB3-14661</a>] - Fix a typo in twig.php</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14673">PHPBB3-14673</a>] - Missing Language Variable</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14683">PHPBB3-14683</a>] - Typos in operators in some email templates</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14703">PHPBB3-14703</a>] - module.add adds a module to the wrong parent</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14704">PHPBB3-14704</a>] - Remove unused language files and corresponding  functions</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14721">PHPBB3-14721</a>] - New registrants choosing old deleted usernames get linked to old accounts with namechange</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14742">PHPBB3-14742</a>] - Improvements to migrator</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14745">PHPBB3-14745</a>] - &quot;U_NOTIFICATION_SETTINGS&quot; contains an HTML entity but is printed in a plaintext email</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14755">PHPBB3-14755</a>] - Error in MCP Move posts</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14782">PHPBB3-14782</a>] - Quick Links &gt; Your Posts gives mysql error</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14788">PHPBB3-14788</a>] - Update developer list to reflect team changes</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14796">PHPBB3-14796</a>] - Log table is using constant in log delete method</li>
+	</ul>
+	<h4>Improvement</h4>
+	<ul>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13709">PHPBB3-13709</a>] - Fallback to english in email templates by extensions</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13716">PHPBB3-13716</a>] - Check phpBB version constant against config version</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13865">PHPBB3-13865</a>] - Complement core event search_modify_param</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14184">PHPBB3-14184</a>] - Missing info on SMTP mail function option</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14429">PHPBB3-14429</a>] - core.obtain_users_online_string_modify</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14466">PHPBB3-14466</a>] - Add an event to cron.php</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14469">PHPBB3-14469</a>] - [Template] - &lt;!-- EVENT viewforum_topicrow_before --&gt;</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14516">PHPBB3-14516</a>] - [Template] - memberlist_email_before</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14581">PHPBB3-14581</a>] - Add core events relating to soft delete</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14592">PHPBB3-14592</a>] - [PHP] - core.search_backend_search_after</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14596">PHPBB3-14596</a>] - Prevent installs of 3.1 on PHP 7</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14624">PHPBB3-14624</a>] - Add event to ucp_profile in signature section</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14630">PHPBB3-14630</a>] - Add event to ucp_pm_compose</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14638">PHPBB3-14638</a>] - [PHP] - multiple UCP subscription events for form data and template variables</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14643">PHPBB3-14643</a>] - Select newest file in restore list</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14652">PHPBB3-14652</a>] - Typo birthdays</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14664">PHPBB3-14664</a>] - Fix PHPDoc comment in cron manager</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14672">PHPBB3-14672</a>] - Add template event to viewforum</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14685">PHPBB3-14685</a>] - PHP event for altering announcements sql</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14687">PHPBB3-14687</a>] - Modify viewforum_modify_topicrow</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14688">PHPBB3-14688</a>] - Add core events to the feeds</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14689">PHPBB3-14689</a>] - Build 3.2.x API docs</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14695">PHPBB3-14695</a>] - Add posting_editor_subject_prepend/append template events</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14712">PHPBB3-14712</a>] - Add search.php core event to allow modifying the forum select list</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14713">PHPBB3-14713</a>] - Add core event to the admin function get_forum_list()</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14715">PHPBB3-14715</a>] - Add template events in posting_topic_review &amp; mcp_topic</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14720">PHPBB3-14720</a>] - Add global javascript variable 'phpbb' to jshint settings</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14727">PHPBB3-14727</a>] - Event core.search_modify_submit_parameters</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14738">PHPBB3-14738</a>] - Add core events to improve modifying forum lists</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14747">PHPBB3-14747</a>] - Add topic_last_poster_id and topic_last_post_time to Event core.modify_posting_auth</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14762">PHPBB3-14762</a>] - Add core event to session.php to alter IP address</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14781">PHPBB3-14781</a>] - Add core event to the function group_user_attributes()</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14783">PHPBB3-14783</a>] - Event - ACP Posting Buttons Before Custom BBCodes</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14784">PHPBB3-14784</a>] - missing rewrite for lighttpd</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14785">PHPBB3-14785</a>] - [Template event] - overall_header_headerbar_append</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14787">PHPBB3-14787</a>] - Add more parameters to the core.search_modify_url_parameters event</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14789">PHPBB3-14789</a>] - Add missing link hash and form token checks to ACP</li>
+	</ul>
+	<h4>New Feature</h4>
+	<ul>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13978">PHPBB3-13978</a>] - [PHP] - User control panel - on signature change</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14484">PHPBB3-14484</a>] - Support extensions in UI tests</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14506">PHPBB3-14506</a>] - [Template] - mcp_move_before</li>
+	</ul>
+	<h4>Task</h4>
+	<ul>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12133">PHPBB3-12133</a>] - Update list of browsers supporting filename* in Content-Disposition</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14538">PHPBB3-14538</a>] - Update composer dependencies</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14598">PHPBB3-14598</a>] - Phing Sniffer Testing Use Statements in DocBlocks</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14743">PHPBB3-14743</a>] - Remove PHP7 from test matrix in 3.1.x</li>
+	</ul>
+
+	<a name="v318"></a><h3>Changes since 3.1.8</h3>
+
+	<h4>Bug</h4>
+	<ul>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-8058">PHPBB3-8058</a>] - Default style in ACP-&gt;Board Settings not observing offset</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13028">PHPBB3-13028</a>] - &quot;View unanswered posts&quot; link should be called instead &quot;View unanswered topics&quot;</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13264">PHPBB3-13264</a>] - Editing an unapproved post as a moderator/admin approves it</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13521">PHPBB3-13521</a>] - Q&amp;A Captcha ACP, required fields error corrupts inputted data</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13630">PHPBB3-13630</a>] - NULL value parsed into $select_single can cause 403 Forbidden on certain restrictive hosting environments for &quot;Find a Member&quot; function within Private Message composition</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13681">PHPBB3-13681</a>] - Email queue shouldn't be cached by opcache</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13683">PHPBB3-13683</a>] - Controller generates urls with absolute path of phpbb's root</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13842">PHPBB3-13842</a>] - Missing rewrite module on IIS7 leads to an error</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13977">PHPBB3-13977</a>] - Fatal error entering UCP if bookmarked topic was deleted</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14132">PHPBB3-14132</a>] - SQL Error when creating a new subject on fresh installation</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14136">PHPBB3-14136</a>] - IE compatibility meta is missing in overall_header.html</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14241">PHPBB3-14241</a>] - Security bug into Spambot control Questions</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14272">PHPBB3-14272</a>] - Use valid html5 input elements in forms</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14290">PHPBB3-14290</a>] - Function set_modified_headers() never sends 304 'Not Modified' header</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14408">PHPBB3-14408</a>] - Remove span corners</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14422">PHPBB3-14422</a>] - Support cmd+enter &amp; ctrl+enter for submitting message</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14437">PHPBB3-14437</a>] - Place Inline Images on Post get scrambled up -- not follow the order you place them in.</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14443">PHPBB3-14443</a>] - jabber notification-template prefix &quot;short&quot; breaks resolution of paths in extensions</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14475">PHPBB3-14475</a>] - Do not log upon automatically removing users form newly registered users group</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14481">PHPBB3-14481</a>] - phpBB does not obey HTTP_X_FORWARDED_PORT header</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14483">PHPBB3-14483</a>] - call to header(arg, arg) function sendHeaders() in Response.php causes Error 500 in app.php generated links</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14496">PHPBB3-14496</a>] - Automatic update relies on cache creating files in cache folder</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14500">PHPBB3-14500</a>] - Duplicate newversion in build.xml</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14514">PHPBB3-14514</a>] - Users get skipped in passwords_convert_p1 migration</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14519">PHPBB3-14519</a>] - Do not query database for unread notifications if all are retrieved</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14532">PHPBB3-14532</a>] - Database column default incorrectly escaped on MSSQL</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14533">PHPBB3-14533</a>] - &quot;U_NOTIFICATION_SETTINGS&quot; doesn't return the correct URL</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14536">PHPBB3-14536</a>] - Force timestamp to be integer in user::format_date()</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14559">PHPBB3-14559</a>] - Attachments' behaviour in quotes</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14562">PHPBB3-14562</a>] - Extension's permissions don't have language fallback</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14570">PHPBB3-14570</a>] - Board versions for 3.2.x can be accidentally downgraded to 3.1.x</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14577">PHPBB3-14577</a>] - Stop using sizeof() inside for() loop</li>
+	</ul>
+	<h4>Improvement</h4>
+	<ul>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10356">PHPBB3-10356</a>] - Username search should find all users for administrators instead of NORMALs and FOUNDERs only</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12305">PHPBB3-12305</a>] - Add new event core.viewforum_get_topic_id_sql to control forum topic listing</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14134">PHPBB3-14134</a>] - Send warning notification PM in user's language.</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14316">PHPBB3-14316</a>] - Add memberlist_view.html template events before/after the custom fields and zebra links</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14365">PHPBB3-14365</a>] - Add core event to the function topic_review() </li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14366">PHPBB3-14366</a>] - Add core events to the function decode_message()</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14395">PHPBB3-14395</a>] - Add event core.viewtopic_add_quickmod_option_after</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14471">PHPBB3-14471</a>] - Add filedata var to the core.avatar_driver_upload_move_file_before event</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14486">PHPBB3-14486</a>] - Add an event and fix an event in login_box()</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14508">PHPBB3-14508</a>] - Change language notice on account activation</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14540">PHPBB3-14540</a>] - Adjust class recursive_dot_prefix_filter_iterator to increase performance</li>
+	</ul>
+	<h4>New Feature</h4>
+	<ul>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12684">PHPBB3-12684</a>] - Add a command to add a user from the CLI</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14189">PHPBB3-14189</a>] - [PHP] - core.gen_sort_selects_after</li>
+	</ul>
+	<h4>Task</h4>
+	<ul>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14538">PHPBB3-14538</a>] - Update composer dependencies</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14565">PHPBB3-14565</a>] - Updates composer to 1.0.0-b2</li>
+	</ul>
+
+	<a name="v317pl1"></a><h3>Changes since 3.1.7-PL1</h3>
+
+	<h4>Bug</h4>
+	<ul>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12441">PHPBB3-12441</a>] - Database-size in ACP missing after update MariaDB from 5.5 to 10.0</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12618">PHPBB3-12618</a>] - Extension Version Check does not support https</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13180">PHPBB3-13180</a>] - Increase the field size of date format to allow more syntax for other calendars</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13908">PHPBB3-13908</a>] - After clause in migration add_column schema tool not honored</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14046">PHPBB3-14046</a>] - Instant message (jabber) dialog says message sent on the creation screen</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14303">PHPBB3-14303</a>] - Some changes for UTF-8 variant on language pack?</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14374">PHPBB3-14374</a>] - Update dynamically generated jquery CDN script tag</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14386">PHPBB3-14386</a>] - open_basedir restriction in effect with remote upload avatar</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14387">PHPBB3-14387</a>] - Extend avatar-driver by extension in ACP not possible</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14394">PHPBB3-14394</a>] - Only purge cache in functional tests if necessary</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14396">PHPBB3-14396</a>] - Use VCHAR_UNI instead of VCHAR for user_dateformat</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14397">PHPBB3-14397</a>] - Fix @since tag in event 'core.ucp_prefs_view_after'</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14403">PHPBB3-14403</a>] - phpbb\log should still work even when no user data is given</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14407">PHPBB3-14407</a>] - Users not being removed from Newly Registered Users group</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14409">PHPBB3-14409</a>] - Update session page info before displaying online list</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14411">PHPBB3-14411</a>] - Delete permanently is not working as it should be</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14423">PHPBB3-14423</a>] - Display database size for Aria storage engine</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14425">PHPBB3-14425</a>] - Database tests do not allow using socket</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14427">PHPBB3-14427</a>] - Memberlist Display Wrong</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14433">PHPBB3-14433</a>] - Functional tests fail for extensions</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14439">PHPBB3-14439</a>] - Error page shown in Manage users -&gt; Anonymous -&gt; Select Form -&gt; Avatar when board wide all avatar settings are disabled</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14467">PHPBB3-14467</a>] - Automatic resize of textarea calculates wrong height</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14475">PHPBB3-14475</a>] - Do not log removal of users from newly registered group</li>
+	</ul>
+	<h4>Improvement</h4>
+	<ul>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14289">PHPBB3-14289</a>] - Add events in navbar header</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14356">PHPBB3-14356</a>] - Add template events to viewtopic around back2top link</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14412">PHPBB3-14412</a>] - Comment fixes for PHPDoc in the events</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14458">PHPBB3-14458</a>] - Explicitly state RewriteBase into .htaccess root file</li>
+	</ul>
+
+			<a name="v317"></a><h3>Changes since 3.1.7</h3>
+
+	<h4>Security Issue</h4>
+	<ul>
+		<li>[SECURITY-188] - Check form key in acp_bbcodes</li>
+	</ul>
+	<h4>Bug</h4>
+	<ul>
+		<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-14343">PHPBB3-14343</a>] - Undefined variable $phpbb_dispatcher when (un-)locking a topic or post</li>
+	</ul>
+
+			<a name="v316"></a><h3>Changes since 3.1.6</h3>
+
+	<h4>Bug</h4>
+	<ul>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-8839">PHPBB3-8839</a>] - Wrong new status of subforumlink on index</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-8920">PHPBB3-8920</a>] - PM-Report for every moderator</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-9153">PHPBB3-9153</a>] - New member can delete pm just in one way</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-9252">PHPBB3-9252</a>] - Conflict when (dis)approving a post by two moderators at the same time</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11468">PHPBB3-11468</a>] - Controllers can not set additional parameters of page_header()</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11971">PHPBB3-11971</a>] - Validating not correctly in Spambot countermeasures</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12616">PHPBB3-12616</a>] - Report notification is not removed when post is disapproved or deleted</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13202">PHPBB3-13202</a>] - dead code in sessions.php</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13423">PHPBB3-13423</a>] - Driver sqlite3 failed periodically</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13636">PHPBB3-13636</a>] - Unexpect return to previous page behaviour</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13656">PHPBB3-13656</a>] - database_upgrade.php fails when database password contains a % character</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13748">PHPBB3-13748</a>] - Wrong tooltip after poll vote change</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13759">PHPBB3-13759</a>] - submit_post doesn't take $data['post_time'] - into account</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13799">PHPBB3-13799</a>] - Avatar gallery subfolders paths are handled incorrectly</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13831">PHPBB3-13831</a>] - Post deletion reason is not appearing on moderation logs</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13835">PHPBB3-13835</a>] - File upload of large files where filename contains umlauts fails</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13846">PHPBB3-13846</a>] - Permissions around soft deleting are inconsistently handled</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13851">PHPBB3-13851</a>] - &quot;Can ignore flood limit&quot; permission not taking effect</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13892">PHPBB3-13892</a>] - &quot;Someone reports a post&quot; notification setting has no effect</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13945">PHPBB3-13945</a>] - Account re-activation does not create a notification</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13950">PHPBB3-13950</a>] - If disabled extension - no hidden permission set</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13960">PHPBB3-13960</a>] - Profile field validation may break</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13976">PHPBB3-13976</a>] - Fix comment typo in salted_md5 driver</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13988">PHPBB3-13988</a>] - Atom feeds use relative links for image attachments</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13992">PHPBB3-13992</a>] - Fix html5 error from output on w3.org its new validator</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14058">PHPBB3-14058</a>] - subsilver2 Contact us form doesn't have an email subject field</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14070">PHPBB3-14070</a>] - Disabled avatar types is still displayed on the forum</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14106">PHPBB3-14106</a>] - Sorting is unworkable while moderating forum (merge topics)</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14114">PHPBB3-14114</a>] - Inconsistency in install.html in 3.1.x Automatic uopdate package</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14127">PHPBB3-14127</a>] - Error in the BBCode FAQ in 'Linking to another site'</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14142">PHPBB3-14142</a>] - Remove unused ignore_configs from avatar drivers</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14143">PHPBB3-14143</a>] - Flush the in-memory mail queue when writing it to the disk</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14153">PHPBB3-14153</a>] - Notifications dropdown header doesn't clear floats</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14159">PHPBB3-14159</a>] - Not accessible link on main ACP page</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14161">PHPBB3-14161</a>] - The core.download_file_send_to_browser_before - $vars - 'extension' it does not exist</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14163">PHPBB3-14163</a>] - Select All in code bug in Edge</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14181">PHPBB3-14181</a>] - Custom report/denial reason not shown in user notifications</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14186">PHPBB3-14186</a>] - Incorrect string concatenation in phpbb_mcp_sorting()</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14200">PHPBB3-14200</a>] - Allow hidden users to see theself on viewonline</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14215">PHPBB3-14215</a>] - [ticket/14212] - Adding event after users have been removed to a group</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14217">PHPBB3-14217</a>] - [ticket/13591] - Change SQL query into array to allow</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14224">PHPBB3-14224</a>] - Fix trailing whitespaces</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14228">PHPBB3-14228</a>] - Vertical align of numbers in polls</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14236">PHPBB3-14236</a>] - Race condition in the functional tests</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14242">PHPBB3-14242</a>] - Fix on memberlist the sort method.</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14249">PHPBB3-14249</a>] - Online list isn't sorted anymore</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14258">PHPBB3-14258</a>] - Add event in auth::Login</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14271">PHPBB3-14271</a>] - Update nginx sample config</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14276">PHPBB3-14276</a>] - Function get_folder_status not setup for use of plurals</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14287">PHPBB3-14287</a>] - Loading indicator not removed after confirming action that does not produce a message</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14297">PHPBB3-14297</a>] - Uppercase and lowercase when sorting topics</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14334">PHPBB3-14334</a>] - Do not use deprecated function get_user_avatar() in user_loader</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14339">PHPBB3-14339</a>] - State support for PHP 7.0 in docs</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14346">PHPBB3-14346</a>] - Improve version check output when phpbb.com is unreachable</li>
+	</ul>
+	<h4>Improvement</h4>
+	<ul>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-7362">PHPBB3-7362</a>] - Title/Post Icons Need Attribute Text</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-8800">PHPBB3-8800</a>] - Add &quot;mark topics read&quot; link to &quot;View unread posts&quot;</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10343">PHPBB3-10343</a>] - ACP: searching for users does not show inactive accounts</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13684">PHPBB3-13684</a>] - Only resize attached file comments vertically</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13934">PHPBB3-13934</a>] - Enctype clause for forms may be needed for profile fields</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14066">PHPBB3-14066</a>] - Add template events to search_body.html</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14073">PHPBB3-14073</a>] - Add core events to the several places in includes/functions_admin.php</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14075">PHPBB3-14075</a>] - Event in posting preview</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14080">PHPBB3-14080</a>] - Add template events to viewforum_body.html before/after/append/prepend the topic row</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14088">PHPBB3-14088</a>] - Add core events to the search.php</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14089">PHPBB3-14089</a>] - [Template] - posting_topic_title_after</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14098">PHPBB3-14098</a>] - Add core events to the search backends (fulltext_*.php)</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14102">PHPBB3-14102</a>] - Add core event to the mcp_topic.php</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14113">PHPBB3-14113</a>] - Add core events to the memberlist.php for customizing members search</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14117">PHPBB3-14117</a>] - Add core events to index.php to allow modifying birthdays list</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14123">PHPBB3-14123</a>] - Add more descriptive help to the CLI commands</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14126">PHPBB3-14126</a>] - Add viewtopic_topic_title_after template event</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14133">PHPBB3-14133</a>] - Comment fix for phpbb_get_user_rank()</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14154">PHPBB3-14154</a>] - Include &quot;Clean Name&quot; for disabled Extensions</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14155">PHPBB3-14155</a>] - Add row highlighting to extensions and style management</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14156">PHPBB3-14156</a>] - Add the Symfony ResponseListener</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14164">PHPBB3-14164</a>] - Helpful instructions for database updates</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14170">PHPBB3-14170</a>] - Fix mcp_change_poster_after event</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14201">PHPBB3-14201</a>] - Add ACP template events</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14213">PHPBB3-14213</a>] - [PHP] - core.group_add_user_after</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14219">PHPBB3-14219</a>] - Add email address into inactive user display in ACP</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14261">PHPBB3-14261</a>] - Pages served from app.php can't disable the update of session_page</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14283">PHPBB3-14283</a>] - Add a &quot;Manage Group&quot; link on a group page</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14313">PHPBB3-14313</a>] - Don't display quote button on unapproved posts</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14343">PHPBB3-14343</a>] - Add event when locking/unlocking posts/topics</li>
+	</ul>
+	<h4>New Feature</h4>
+	<ul>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14144">PHPBB3-14144</a>] - [Template] - quickreply_editor_subject_before</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14146">PHPBB3-14146</a>] - [Template] - viewtopic_body_post_subject_before</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14187">PHPBB3-14187</a>] - [ACP Template] - acp_styles_before_table</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14188">PHPBB3-14188</a>] - [PHP] - core.acp_styles_action_before</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14191">PHPBB3-14191</a>] - [PHP] - core.get_gravatar_url_after</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14192">PHPBB3-14192</a>] - [PHP] - core.memberlist_memberrow_before</li>
+	</ul>
+	<h4>Task</h4>
+	<ul>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14140">PHPBB3-14140</a>] - Update Symfony to benefit from improvement to the console component</li>
+	</ul>
+
 
 			<a name="v315"></a><h3>Changes since 3.1.5</h3>
 

phpBB/docs/CREDITS.txt

@@ -1,6 +1,6 @@
 /**
 *
-* phpBB © Copyright phpBB Limited 2003-2014
+* phpBB © Copyright phpBB Limited 2003-2016
 * http://www.phpbb.com
 *
 * phpBB is free software. You can redistribute it and/or modify it
@@ -20,14 +20,13 @@
 
 phpBB Project Manager:   Marshalrusty (Yuriy Rusko)
 
-phpBB Lead Developer:    naderman (Nils Adermann)
+phpBB Product Manager:   naderman (Nils Adermann)
+
+phpBB Lead Developer:    Marc (Marc Alexander)
 
 phpBB Developers:        bantu (Andreas Fischer)
                          CHItA (Máté Bartus)
-                         dhruv.goel92 (Dhruv Goel)
                          Elsensee (Oliver Schramm)
-                         marc1706 (Marc Alexander)
-                         nickvergessen (Joas Schilling)
                          Nicofuma (Tristan Darricau)
                          prototech (Cesar Gallegos)
 
@@ -54,11 +53,13 @@ phpBB Developers:        A_Jelly_Doughnut (Josh Woody) [01/2010 - 11/2010]
                          ckwalsh (Cullen Walsh)        [01/2010 - 07/2011]
                          DavidMJ (David M.)            [12/2005 - 08/2009]
                          dhn (Dominik Dröscher)        [05/2007 - 01/2011]
+                         dhruv.goel92 (Dhruv Goel)     [04/2013 - 05/2016]
                          EXreaction (Nathan Guse)      [07/2012 - 05/2014]
                          GrahamJE (Graham Eames)       [09/2005 - 11/2006]
                          igorw (Igor Wiedler)          [08/2010 - 02/2013]
                          imkingdavid (David King)      [11/2012 - 06/2014]
                          kellanved (Henry Sudhof)      [04/2007 - 03/2011]
+                         nickvergessen (Joas Schilling)[04/2010 - 12/2015]
                          Oleg (Oleg Pudeyev)           [01/2011 - 05/2013]
                          rxu (Ruslan Uzdenov)          [04/2010 - 12/2012]
                          TerraFrost (Jim Wigginton)    [04/2009 - 01/2011]

phpBB/docs/FAQ.html

@@ -2,6 +2,7 @@
 <html dir="ltr" lang="en">
 <head>
 <meta charset="utf-8">
+<meta http-equiv="X-UA-Compatible" content="IE=edge">
 <meta name="keywords" content="" />
 <meta name="description" content="phpBB 3.1.x frequently asked questions" />
 <title>phpBB &bull; FAQ</title>

phpBB/docs/INSTALL.html

@@ -2,6 +2,7 @@
 <html dir="ltr" lang="en">
 <head>
 <meta charset="utf-8">
+<meta http-equiv="X-UA-Compatible" content="IE=edge">
 <meta name="keywords" content="" />
 <meta name="description" content="phpBB 3.1.x Installation, updating and conversion informations" />
 <title>phpBB &bull; Install</title>
@@ -147,7 +148,7 @@
 			<li>Oracle</li>
 		</ul>
 		</li>
-		<li><strong>PHP 5.3.3+</strong> with support for the database you intend to use.</li>
+		<li><strong>PHP 5.3.3+</strong> and <strong>PHP &lt; 7.0</strong> with support for the database you intend to use.</li>
 		<li>The following PHP modules are required:
 		<ul>
 			<li>json</li>
@@ -159,7 +160,7 @@
 			<li>zlib Compression support</li>
 			<li>Remote FTP support</li>
 			<li>XML support</li>
-			<li>Imagemagick support</li>
+			<li>ImageMagick support</li>
 			<li>GD Support</li>
 		</ul>
 		</li>
@@ -265,7 +266,7 @@
 
 <p>If you are currently using a stable release of phpBB, updating to this version is straightforward. You would have downloaded one of four packages and your choice determines what you need to do. <strong>Note</strong>: Before updating, we heavily recommend you do a <em>full backup of your database and existing phpBB files</em>! If you are unsure how to achieve this please ask your hosting provider for advice.</p>
 
-<p><strong>Please make sure you update your phpBB source files too, even if you run the <code>database_update.php</code> file.</strong></p>
+<p><strong>Please make sure you update your phpBB source files too, even if you run the <code>database_update.php</code> file.</strong> If you have shell access to your server, you may wish to update via the command line interface. From your board's root, execute the following command: <code>php bin/phpbbcli.php --safe-mode db:migrate</code>.</p>
 
 <a name="update_full"></a><h3>4.i. Full package</h3>
 
@@ -273,7 +274,7 @@
 
 	<p>First, you should make a copy of your existing <code>config.php</code> file; keep it in a safe place! Next, delete all the existing phpBB files, you may want to leave your <code>files/</code> and <code>images/</code> directories in place. You can leave alternative styles in place too. With this complete, you can upload the new phpBB files (see <a href="#install">New installation</a> for details if necessary). Once complete, copy back your saved <code>config.php</code>, replacing the new one. Another method is to just <strong>replace</strong> the existing files with the files from the full package - though make sure you do <strong>not</strong> overwrite your config.php file.</p>
 
-	<p>You should now run <code>install/database_update.php</code> which, depending on your previous version, will make a number of database changes. You may receive <em>FAILURES</em> during this procedure. They should not be a cause for concern unless you see an actual <em>ERROR</em>, in which case the script will stop (in this case you should seek help via our forums or bug tracker).</p>
+	<p>You should now run <code>install/database_update.php</code> which, depending on your previous version, will make a number of database changes. You may receive <em>FAILURES</em> during this procedure. They should not be a cause for concern unless you see an actual <em>ERROR</em>, in which case the script will stop (in this case you should seek help via our forums or bug tracker). If you have shell access to your server, you may wish to update via the command line interface. From your board's root, execute the following command: <code>php bin/phpbbcli.php --safe-mode db:migrate</code>.</p>
 
 	<p>Once <code>install/database_update.php</code> has completed, you may proceed to the Administration Control Panel and then remove the install directory as advised.</p>
 
@@ -285,7 +286,7 @@
 
 	<p>The directory structure has been preserved, enabling you (if you wish) to simply upload the uncompressed contents of the archive to the appropriate location on your server, i.e. simply overwrite the existing files with the new versions. Do not forget that if you have installed any modifications (MODs) these files will overwrite the originals, possibly destroying them in the process. You will need to re-add MODs to any affected file before uploading.</p>
 
-	<p>As for the other update procedures, you should run <code>install/database_update.php</code> after you have finished updating the files. This will update your database schema and increment the version number.</p>
+	<p>As for the other update procedures, you should run <code>install/database_update.php</code> after you have finished updating the files. This will update your database schema and increment the version number. If you have shell access to your server, you may wish to update via the command line interface. From your board's root, execute the following command: <code>php bin/phpbbcli.php --safe-mode db:migrate</code>.</p>
 
 <a name="update_patch"></a><h3>4.iii. Patch file</h3>
 
@@ -297,13 +298,13 @@
 
 	<p>If you do get failures, you should look at using the <a href="#update_files">Changed Files</a> package to replace the files which failed to patch. Please note that you will need to manually re-add any MODs to these particular files. Alternatively, if you know how, you can examine the .rej files to determine what failed where and make manual adjustments to the relevant source.</p>
 
-	<p>You should, of course, delete the patch file (or files) after use. As for the other update procedures, you should run <code>install/database_update.php</code> after you have finished updating the files. This will update your database schema and data (if appropriate) and increment the version number.</p>
+	<p>You should, of course, delete the patch file (or files) after use. As for the other update procedures, you should run <code>install/database_update.php</code> after you have finished updating the files. This will update your database schema and data (if appropriate) and increment the version number. If you have shell access to your server, you may wish to update via the command line interface. From your board's root, execute the following command: <code>php bin/phpbbcli.php --safe-mode db:migrate</code>.</p>
 
 <a name="update_auto"></a><h3>4.iv. Automatic update package</h3>
 
 	<p>This update method is the recommended method for updating. This package detects changed files automatically and merges in changes if needed.</p>
 
-	<p>The automatic update package will update the board from a given version to the latest version. A number of automatic update files are available, and you should choose the one that corresponds to the version of the board that you are currently running. For example, if your current version is <strong>3.0.13</strong>, you need the <code>phpBB-3.0.13_to_3.0.14.zip/tar.bz2</code> file.</p>
+	<p>The automatic update package will update the board from a given version to the latest version. A number of automatic update files are available, and you should choose the one that corresponds to the version of the board that you are currently running. For example, if your current version is <strong>3.1.5</strong>, you need the <code>phpBB-3.1.5_to_3.1.6.zip/tar.bz2</code> file.</p>
 
 	<p>To perform the update, either follow the instructions from the <strong>Administration Control Panel-&gt;System</strong> Tab - this should point out that you are running an outdated version and will guide you through the update - or follow the instructions listed below.</p>
 
@@ -454,9 +455,21 @@
 
 <a name="webserver_configuration"></a><h3>6.ii. Webserver configuration</h3>
 
-	<p>Depending on your web server, you may have to configure your server to deny web access to the <code>cache/</code>, <code>files/</code>, <code>store/</code> and other directories. This is to prevent users from accessing sensitive files.</p>
+	<p>Depending on your web server, you may have to configure your server to deny web access to the <code>cache/</code>, <code>files/</code>, <code>includes</code>, <code>phpbb</code>, <code>store/</code>, and <code>vendor</code> directories. This is to prevent users from accessing sensitive files.</p>
 
-	<p>For <strong>Apache</strong> there are <code>.htaccess</code> files already in place to do this for you. Similarly, for <strong>Windows</strong> based servers using <strong>IIS</strong> there are <code>web.config</code> files already in place to do this for you. For other webservers, you will have to adjust the configuration yourself. Sample files for <strong>nginx</strong> and <strong>lighttpd</strong> to help you get started may be found in <code>docs/</code> directory.</p>
+	<p>
+		For <strong>Apache</strong> there are <code>.htaccess</code> files already in place to do this for the most sensitive files and folders. We do however recommend to completely deny all access to the aforementioned folders and their respective subfolders in your Apache configuration.<br />
+		On Apache 2.4, denying access to the <code>phpbb</code> folder in a phpBB instance located at <code>/var/www/html/</code> would be accomplished by adding the following access rules to the Apache configuration file (typically apache.conf):
+		<pre>
+&lt;Directory /var/www/html/phpbb/*&gt;
+	Require all denied
+&lt;/Directory&gt;
+&lt;Directory /var/www/html/phpbb>
+	Require all denied
+&lt;/Directory&gt;</pre>
+		<br />
+	<p>The same settings can be applied to the other mentioned directories by replacing <code>phpbb</code> by the respective directory name. Please note that there are differences in syntax between Apache version <a href="https://httpd.apache.org/docs/2.2/howto/access.html">2.2</a> and <a href="https://httpd.apache.org/docs/2.4/howto/access.html">2.4</a>.</p>
+	<p>For <strong>Windows</strong> based servers using <strong>IIS</strong> there are <code>web.config</code> files already in place to do this for you. For other webservers, you will have to adjust the configuration yourself. Sample files for <strong>nginx</strong> and <strong>lighttpd</strong> to help you get started may be found in the <code>docs/</code> directory.</p>
 
 		</div>
 

phpBB/docs/README.html

@@ -2,6 +2,7 @@
 <html dir="ltr" lang="en">
 <head>
 <meta charset="utf-8">
+<meta http-equiv="X-UA-Compatible" content="IE=edge">
 <meta name="keywords" content="" />
 <meta name="description" content="phpBB 3.1.x Readme" />
 <title>phpBB &bull; Readme</title>
@@ -323,7 +324,7 @@
 
 		<div class="content">
 
-	<p>phpBB 3.1.x takes advantage of new features added in PHP 5.3. We recommend that you upgrade to the latest stable release of PHP5 to run phpBB. The minimum version required is PHP 5.3.3.</p>
+	<p>phpBB 3.1.x takes advantage of new features added in PHP 5.3. We recommend that you upgrade to the latest stable release of PHP5 to run phpBB. The minimum version required is PHP 5.3.3 and the maximum supported version is any version prior to PHP 7.0.</p>
 
 	<p>Please remember that running any application on a development (unstable, e.g. a beta release) version of PHP can lead to strange/unexpected results which may appear to be bugs in the application. Therefore, we recommend you upgrade to the newest stable version of PHP before running phpBB. If you are running a development version of PHP please check any bugs you find on a system running a stable release before submitting.</p>
 

phpBB/docs/assets/css/stylesheet.css

@@ -115,6 +115,17 @@ code {
 	padding: 0 4px;
 }
 
+pre {
+	color: #006600;
+	font-weight: normal;
+	font-family: 'Courier New', monospace;
+	border-color: #D1D7DC;
+	border-width: 1px;
+	border-style: solid;
+	background-color: #FAFAFA;
+	padding: 0 4px
+}
+
 #wrap {
 	padding: 0 20px;
 	min-width: 650px;

phpBB/docs/auth_api.html

@@ -2,6 +2,7 @@
 <html dir="ltr" lang="en">
 <head>
 <meta charset="utf-8">
+<meta http-equiv="X-UA-Compatible" content="IE=edge">
 <meta name="keywords" content="" />
 <meta name="description" content="This is an explanation of how to use the phpBB auth/acl API" />
 <title>phpBB3 &bull; Auth API</title>

phpBB/docs/coding-guidelines.html

@@ -2,6 +2,7 @@
 <html dir="ltr" lang="en">
 <head>
 <meta charset="utf-8">
+<meta http-equiv="X-UA-Compatible" content="IE=edge">
 <meta name="keywords" content="" />
 <meta name="description" content="Ascraeus coding guidelines document" />
 <title>phpBB3 &bull; Coding Guidelines</title>
@@ -1121,9 +1122,6 @@ append_sid(&quot;{$phpbb_root_path}memberlist.$phpEx&quot;, 'mode=group&amp;amp;
 	<p>Some of these functions are only chosen over others because of personal preference and have no benefit other than maintaining consistency throughout the code.</p>
 
 	<ul>
-		<li>
-			<p>Use <code>sizeof</code> instead of <code>count</code></p>
-		</li>
 		<li>
 			<p>Use <code>strpos</code> instead of <code>strstr</code></p>
 		</li>

phpBB/docs/lighttpd.sample.conf

@@ -1,7 +1,7 @@
 # Sample lighttpd configuration file for phpBB.
 # Global settings have been removed, copy them
 # from your system's lighttpd.conf.
-# Tested with lighttpd 1.4.26
+# Tested with lighttpd 1.4.35
 
 # If you want to use the X-Sendfile feature,
 # uncomment the 'allow-x-send-file' for the fastcgi
@@ -16,6 +16,7 @@
 server.modules += ( 
 	"mod_access",
 	"mod_fastcgi",
+	"mod_rewrite",
 	"mod_accesslog"
 )
 
@@ -36,7 +37,7 @@ $HTTP["host"] == "www.myforums.com" {
 	accesslog.filename		= "/var/log/lighttpd/access-www.myforums.com.log"
 	
 	# Deny access to internal phpbb files.	
-	$HTTP["url"] =~ "^/(config\.php|common\.php|includes|cache|files|store|images/avatars/upload)" {
+	$HTTP["url"] =~ "^/(config\.php|common\.php|cache|files|images/avatars/upload|includes|phpbb|store|vendor)" {
 		url.access-deny = ( "" )
 	}
 
@@ -49,7 +50,15 @@ $HTTP["host"] == "www.myforums.com" {
 	$HTTP["url"] =~ "/\.htaccess|/\.htpasswd|/\.htgroups" {
 		url.access-deny = ( "" )
 	}
-
+	
+	# The following 3 lines will rewrite URLs passed through the front controller
+	# to not require app.php in the actual URL. In other words, a controller is
+	# by default accessed at /app.php/my/controller, but can also be accessed at
+	# /my/controller
+	url.rewrite-if-not-file = (
+	   "^/(.*)$" => "/app.php/$1"
+	)
+	
 	fastcgi.server = ( ".php" => 
 		((
 			"bin-path" => "/usr/bin/php-cgi",

phpBB/docs/nginx.sample.conf

@@ -64,10 +64,15 @@ http {
         location / {
             # phpbb uses index.htm
             index index.php index.html index.htm;
+            try_files $uri $uri/ @rewriteapp;
+        }
+
+        location @rewriteapp {
+            rewrite ^(.*)$ /app.php/$1 last;
         }
 
         # Deny access to internal phpbb files.
-        location ~ /(config\.php|common\.php|includes|cache|files|store|images/avatars/upload) {
+        location ~ /(config\.php|common\.php|cache|files|images/avatars/upload|includes|phpbb|store|vendor) {
             deny all;
             # deny was ignored before 0.8.40 for connections over IPv6.
             # Use internal directive to prohibit access on older versions.
@@ -75,12 +80,16 @@ http {
         }
 
         # Pass the php scripts to fastcgi server specified in upstream declaration.
-        location ~ \.php$ {
-            fastcgi_pass php;
-            # Necessary for php.
-            fastcgi_param SCRIPT_FILENAME  $document_root$fastcgi_script_name;
+        location ~ \.php(/|$) {
             # Unmodified fastcgi_params from nginx distribution.
             include fastcgi_params;
+            # Necessary for php.
+            fastcgi_split_path_info ^(.+\.php)(/.*)$;
+            fastcgi_param PATH_INFO $fastcgi_path_info;
+            fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
+            fastcgi_param DOCUMENT_ROOT $realpath_root;
+            try_files $uri $uri/ /app.php$is_args$args;
+            fastcgi_pass php;
         }
 
         # Deny access to version control system directories.

phpBB/download/file.php

@@ -258,17 +258,18 @@ else
 	* @var	array	attachment			Array with attachment data
 	* @var	int		display_cat			Attachment category
 	* @var	int		download_mode		File extension specific download mode
-	* @var	array	extension			Array with file extensions data
+	* @var	array	extensions			Array with file extensions data
 	* @var	string	mode				Download mode
 	* @var	bool	thumbnail			Flag indicating if the file is a thumbnail
 	* @since 3.1.6-RC1
+	* @changed 3.1.7-RC1	Fixing wrong name of a variable (replacing "extension" by "extensions")
 	*/
 	$vars = array(
 		'attach_id',
 		'attachment',
 		'display_cat',
 		'download_mode',
-		'extension',
+		'extensions',
 		'mode',
 		'thumbnail',
 	);

phpBB/faq.php

@@ -25,6 +25,7 @@ $auth->acl($user->data);
 $user->setup();
 
 $mode = request_var('mode', '');
+$template_file = 'faq_body.html';
 
 // Load the appropriate faq file
 switch ($mode)
@@ -47,13 +48,16 @@ switch ($mode)
 		 * @var	string	lang_file		Language file containing the help data
 		 * @var	string	ext_name		Vendor and extension name where the help
 		 *								language file can be loaded from
+		 * @var	string	template_file	Template file name
 		 * @since 3.1.4-RC1
+		 * @changed 3.1.11-RC1 Added template_file var
 		 */
 		$vars = array(
 			'page_title',
 			'mode',
 			'lang_file',
 			'ext_name',
+			'template_file',
 		);
 		extract($phpbb_dispatcher->trigger_event('core.faq_mode_validation', compact($vars)));
 
@@ -106,7 +110,7 @@ $template->assign_vars(array(
 page_header($l_title);
 
 $template->set_filenames(array(
-	'body' => 'faq_body.html')
+	'body' => $template_file)
 );
 make_jumpbox(append_sid("{$phpbb_root_path}viewforum.$phpEx"));
 

phpBB/feed.php

@@ -84,6 +84,20 @@ $feed->open();
 // Iterate through items
 while ($row = $feed->get_item())
 {
+	/**
+	* Event to modify the feed row
+	*
+	* @event core.feed_modify_feed_row
+	* @var	int		forum_id	Forum ID
+	* @var	string	mode		Feeds mode (forums|topics|topics_new|topics_active|news)
+	* @var	array	row			Array with feed data
+	* @var	int		topic_id	Topic ID
+	*
+	* @since 3.1.10-RC1
+	*/
+	$vars = array('forum_id', 'mode', 'row', 'topic_id');
+	extract($phpbb_dispatcher->trigger_event('core.feed_modify_feed_row', compact($vars)));
+
 	// BBCode options to correctly disable urls, smilies, bbcode...
 	if ($feed->get('options') === NULL)
 	{

phpBB/includes/acp/acp_attachments.php

@@ -42,7 +42,7 @@ class acp_attachments
 
 	function main($id, $mode)
 	{
-		global $db, $user, $auth, $template, $cache, $phpbb_container;
+		global $db, $user, $auth, $template, $cache, $phpbb_container, $phpbb_dispatcher;
 		global $config, $phpbb_admin_path, $phpbb_root_path, $phpEx;
 
 		$this->id = $id;
@@ -106,7 +106,10 @@ class acp_attachments
 		{
 			case 'attach':
 
-				include_once($phpbb_root_path . 'includes/functions_posting.' . $phpEx);
+				if (!function_exists('get_supported_image_types'))
+				{
+					include($phpbb_root_path . 'includes/functions_posting.' . $phpEx);
+				}
 
 				$sql = 'SELECT group_name, cat_id
 					FROM ' . EXTENSION_GROUPS_TABLE . '
@@ -159,6 +162,18 @@ class acp_attachments
 					)
 				);
 
+				/**
+				* Event to add and/or modify acp_attachement configurations
+				*
+				* @event core.acp_attachments_config_edit_add
+				* @var	array	display_vars	Array of config values to display and process
+				* @var	string	mode			Mode of the config page we are displaying
+				* @var	boolean	submit			Do we display the form or process the submission
+				* @since 3.1.11-RC1
+				*/
+				$vars = array('display_vars', 'mode', 'submit');
+				extract($phpbb_dispatcher->trigger_event('core.acp_attachments_config_edit_add', compact($vars)));
+
 				$this->new_config = $config;
 				$cfg_array = (isset($_REQUEST['config'])) ? request_var('config', array('' => '')) : $this->new_config;
 				$error = array();
@@ -1423,7 +1438,7 @@ class acp_attachments
 		$row['group_name'] = $user->lang['NOT_ASSIGNED'];
 		$group_name[] = $row;
 
-		for ($i = 0; $i < sizeof($group_name); $i++)
+		for ($i = 0, $groups_size = sizeof($group_name); $i < $groups_size; $i++)
 		{
 			if ($default_group === false)
 			{
@@ -1732,8 +1747,8 @@ class acp_attachments
 		$size_var = $filesize['si_identifier'];
 		$value = $filesize['value'];
 
-		// size="8" and maxlength="15" attributes as a fallback for browsers that do not support type="number" yet.
-		return '<input type="number" id="' . $key . '" size="8" maxlength="15" min="0" name="config[' . $key . ']" value="' . $value . '" /> <select name="' . $key . '">' . size_select_options($size_var) . '</select>';
+		// size and maxlength must not be specified for input of type number
+		return '<input type="number" id="' . $key . '" min="0" max="999999999999999" step="any" name="config[' . $key . ']" value="' . $value . '" /> <select name="' . $key . '">' . size_select_options($size_var) . '</select>';
 	}
 
 	/**

phpBB/includes/acp/acp_ban.php

@@ -28,7 +28,10 @@ class acp_ban
 		global $user, $template, $request, $phpbb_dispatcher;
 		global $phpbb_root_path, $phpEx;
 
-		include($phpbb_root_path . 'includes/functions_user.' . $phpEx);
+		if (!function_exists('user_ban'))
+		{
+			include($phpbb_root_path . 'includes/functions_user.' . $phpEx);
+		}
 
 		$bansubmit	= $request->is_set_post('bansubmit');
 		$unbansubmit = $request->is_set_post('unbansubmit');

phpBB/includes/acp/acp_bbcodes.php

@@ -33,6 +33,7 @@ class acp_bbcodes
 		// Set up general vars
 		$action	= request_var('action', '');
 		$bbcode_id = request_var('bbcode', 0);
+		$submit = $request->is_set_post('submit');
 
 		$this->tpl_name = 'acp_bbcodes';
 		$this->page_title = 'ACP_BBCODES';
@@ -40,6 +41,11 @@ class acp_bbcodes
 
 		add_form_key($form_key);
 
+		if ($submit && !check_form_key($form_key))
+		{
+			trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING);
+		}
+
 		// Set up mode-specific vars
 		switch ($action)
 		{
@@ -364,7 +370,7 @@ class acp_bbcodes
 		*
 		* @event core.acp_bbcodes_display_form
 		* @var	string	action			Type of the action: modify|create
-		* @var	string	sql_ary			The SQL array to get custom bbcode data
+		* @var	array	sql_ary			The SQL array to get custom bbcode data
 		* @var	array	template_data	Array with form template data
 		* @var	string	u_action		The u_action link
 		* @since 3.1.0-a3

phpBB/includes/acp/acp_board.php

@@ -26,7 +26,7 @@ if (!defined('IN_PHPBB'))
 class acp_board
 {
 	var $u_action;
-	var $new_config = array();
+	var $new_config;
 
 	function main($id, $mode)
 	{
@@ -318,9 +318,9 @@ class acp_board
 					'title'	=> 'ACP_COOKIE_SETTINGS',
 					'vars'	=> array(
 						'legend1'		=> 'ACP_COOKIE_SETTINGS',
-						'cookie_domain'	=> array('lang' => 'COOKIE_DOMAIN',	'validate' => 'string',	'type' => 'text::255', 'explain' => false),
-						'cookie_name'	=> array('lang' => 'COOKIE_NAME',	'validate' => 'string',	'type' => 'text::16', 'explain' => false),
-						'cookie_path'	=> array('lang'	=> 'COOKIE_PATH',	'validate' => 'string',	'type' => 'text::255', 'explain' => false),
+						'cookie_domain'	=> array('lang' => 'COOKIE_DOMAIN',	'validate' => 'string',	'type' => 'text::255', 'explain' => true),
+						'cookie_name'	=> array('lang' => 'COOKIE_NAME',	'validate' => 'string',	'type' => 'text::16', 'explain' => true),
+						'cookie_path'	=> array('lang'	=> 'COOKIE_PATH',	'validate' => 'string',	'type' => 'text::255', 'explain' => true),
 						'cookie_secure'	=> array('lang' => 'COOKIE_SECURE',	'validate' => 'bool',	'type' => 'radio:disabled_enabled', 'explain' => true),
 					)
 				);
@@ -449,11 +449,14 @@ class acp_board
 
 						'legend2'				=> 'SMTP_SETTINGS',
 						'smtp_delivery'			=> array('lang' => 'USE_SMTP',				'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
-						'smtp_host'				=> array('lang' => 'SMTP_SERVER',			'validate' => 'string',	'type' => 'text:25:50', 'explain' => false),
+						'smtp_host'				=> array('lang' => 'SMTP_SERVER',			'validate' => 'string',	'type' => 'text:25:50', 'explain' => true),
 						'smtp_port'				=> array('lang' => 'SMTP_PORT',				'validate' => 'int:0:99999',	'type' => 'number:0:99999', 'explain' => true),
 						'smtp_auth_method'		=> array('lang' => 'SMTP_AUTH_METHOD',		'validate' => 'string',	'type' => 'select', 'method' => 'mail_auth_select', 'explain' => true),
 						'smtp_username'			=> array('lang' => 'SMTP_USERNAME',			'validate' => 'string',	'type' => 'text:25:255', 'explain' => true),
 						'smtp_password'			=> array('lang' => 'SMTP_PASSWORD',			'validate' => 'string',	'type' => 'password:25:255', 'explain' => true),
+						'smtp_verify_peer'		=> array('lang' => 'SMTP_VERIFY_PEER',		'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
+						'smtp_verify_peer_name'	=> array('lang' => 'SMTP_VERIFY_PEER_NAME',	'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
+						'smtp_allow_self_signed'=> array('lang' => 'SMTP_ALLOW_SELF_SIGNED','validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
 
 						'legend3'					=> 'ACP_SUBMIT_CHANGES',
 					)
@@ -482,7 +485,7 @@ class acp_board
 			$user->add_lang($display_vars['lang']);
 		}
 
-		$this->new_config = $config;
+		$this->new_config = clone $config;
 		$cfg_array = (isset($_REQUEST['config'])) ? utf8_normalize_nfc(request_var('config', array('' => ''), true)) : $this->new_config;
 		$error = array();
 
@@ -842,7 +845,7 @@ class acp_board
 	{
 		global $user;
 
-		return '<input id="' . $key . '" type="number" size="3" maxlength="3" min="1" max="999" name="config[min_name_chars]" value="' . $value . '" /> ' . $user->lang['MIN_CHARS'] . '&nbsp;&nbsp;<input type="number" size="3" maxlength="3" min="8" max="180" name="config[max_name_chars]" value="' . $this->new_config['max_name_chars'] . '" /> ' . $user->lang['MAX_CHARS'];
+		return '<input id="' . $key . '" type="number" min="1" max="999" name="config[min_name_chars]" value="' . $value . '" /> ' . $user->lang['MIN_CHARS'] . '&nbsp;&nbsp;<input type="number" min="8" max="180" name="config[max_name_chars]" value="' . $this->new_config['max_name_chars'] . '" /> ' . $user->lang['MAX_CHARS'];
 	}
 
 	/**
@@ -870,7 +873,7 @@ class acp_board
 	{
 		global $user;
 
-		return '<input id="' . $key . '" type="number" size="3" maxlength="3" min="1" max="999" name="config[min_pass_chars]" value="' . $value . '" /> ' . $user->lang['MIN_CHARS'] . '&nbsp;&nbsp;<input type="number" size="3" maxlength="3" min="8" max="255" name="config[max_pass_chars]" value="' . $this->new_config['max_pass_chars'] . '" /> ' . $user->lang['MAX_CHARS'];
+		return '<input id="' . $key . '" type="number" min="1" max="999" name="config[min_pass_chars]" value="' . $value . '" /> ' . $user->lang['MIN_CHARS'] . '&nbsp;&nbsp;<input type="number" min="8" max="255" name="config[max_pass_chars]" value="' . $this->new_config['max_pass_chars'] . '" /> ' . $user->lang['MAX_CHARS'];
 	}
 
 	/**
@@ -1017,7 +1020,7 @@ class acp_board
 		$user->timezone = $old_tz;
 
 		return "<select name=\"dateoptions\" id=\"dateoptions\" onchange=\"if (this.value == 'custom') { document.getElementById('" . addslashes($key) . "').value = '" . addslashes($value) . "'; } else { document.getElementById('" . addslashes($key) . "').value = this.value; }\">$dateformat_options</select>
-		<input type=\"text\" name=\"config[$key]\" id=\"$key\" value=\"$value\" maxlength=\"30\" />";
+		<input type=\"text\" name=\"config[$key]\" id=\"$key\" value=\"$value\" maxlength=\"64\" />";
 	}
 
 	/**

phpBB/includes/acp/acp_bots.php

@@ -141,7 +141,11 @@ class acp_bots
 
 			case 'edit':
 			case 'add':
-				include_once($phpbb_root_path . 'includes/functions_user.' . $phpEx);
+
+				if (!function_exists('user_update_name'))
+				{
+					include($phpbb_root_path . 'includes/functions_user.' . $phpEx);
+				}
 
 				$bot_row = array(
 					'bot_name'		=> utf8_normalize_nfc(request_var('bot_name', '', true)),

phpBB/includes/acp/acp_captcha.php

@@ -25,7 +25,7 @@ class acp_captcha
 
 	function main($id, $mode)
 	{
-		global $db, $user, $auth, $template;
+		global $request, $user, $auth, $template;
 		global $config, $phpbb_root_path, $phpbb_admin_path, $phpEx, $phpbb_container;
 
 		$user->add_lang('acp/board');
@@ -52,11 +52,36 @@ class acp_captcha
 		else
 		{
 			$config_vars = array(
-				'enable_confirm'		=> array('tpl' => 'REG_ENABLE', 'default' => false),
-				'enable_post_confirm'	=> array('tpl' => 'POST_ENABLE', 'default' => false),
-				'confirm_refresh'		=> array('tpl' => 'CONFIRM_REFRESH', 'default' => false),
-				'max_reg_attempts'		=> array('tpl' => 'REG_LIMIT', 'default' => 0),
-				'max_login_attempts'		=> array('tpl' => 'MAX_LOGIN_ATTEMPTS', 'default' => 0),
+				'enable_confirm'		=> array(
+					'tpl'		=> 'REG_ENABLE',
+					'default'	=> false,
+					'validate'	=> 'bool',
+					'lang'		=> 'VISUAL_CONFIRM_REG',
+				),
+				'enable_post_confirm'	=> array(
+					'tpl'		=> 'POST_ENABLE',
+					'default'	=> false,
+					'validate'	=> 'bool',
+					'lang'		=> 'VISUAL_CONFIRM_POST',
+				),
+				'confirm_refresh'		=> array(
+					'tpl'		=> 'CONFIRM_REFRESH',
+					'default'	=> false,
+					'validate'	=> 'bool',
+					'lang'		=> 'VISUAL_CONFIRM_REFRESH',
+				),
+				'max_reg_attempts'		=> array(
+					'tpl'		=> 'REG_LIMIT',
+					'default'	=> 0,
+					'validate'	=> 'int:0:99999',
+					'lang'		=> 'REG_LIMIT',
+				),
+				'max_login_attempts'	=> array(
+					'tpl'		=> 'MAX_LOGIN_ATTEMPTS',
+					'default'	=> 0,
+					'validate'	=> 'int:0:99999',
+					'lang'		=> 'MAX_LOGIN_ATTEMPTS',
+				),
 			);
 
 			$this->tpl_name = 'acp_captcha';
@@ -65,12 +90,31 @@ class acp_captcha
 			add_form_key($form_key);
 
 			$submit = request_var('main_submit', false);
+			$error = $cfg_array = array();
 
-			if ($submit && check_form_key($form_key))
+			if ($submit)
 			{
 				foreach ($config_vars as $config_var => $options)
 				{
-					set_config($config_var, request_var($config_var, $options['default']));
+					$cfg_array[$config_var] = $request->variable($config_var, $options['default']);
+				}
+				validate_config_vars($config_vars, $cfg_array, $error);
+
+				if (!check_form_key($form_key))
+				{
+					$error[] = $user->lang['FORM_INVALID'];
+				}
+				if ($error)
+				{
+					$submit = false;
+				}
+			}
+
+			if ($submit)
+			{
+				foreach ($cfg_array as $key => $value)
+				{
+					$config->set($key, $value);
 				}
 
 				if ($selected !== $config['captcha_plugin'])
@@ -94,10 +138,6 @@ class acp_captcha
 				}
 				trigger_error($user->lang['CONFIG_UPDATED'] . adm_back_link($this->u_action));
 			}
-			else if ($submit)
-			{
-				trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING);
-			}
 			else
 			{
 				$captcha_select = '';
@@ -124,6 +164,7 @@ class acp_captcha
 					'CAPTCHA_PREVIEW_TPL'	=> $demo_captcha->get_demo_template($id),
 					'S_CAPTCHA_HAS_CONFIG'	=> $demo_captcha->has_config(),
 					'CAPTCHA_SELECT'		=> $captcha_select,
+					'ERROR_MSG'				=> implode('<br />', $error),
 
 					'U_ACTION'				=> $this->u_action,
 				));

phpBB/includes/acp/acp_database.php

@@ -39,6 +39,9 @@ class acp_database
 		$action	= request_var('action', '');
 		$submit = (isset($_POST['submit'])) ? true : false;
 
+		$form_key = 'acp_database';
+		add_form_key($form_key);
+
 		$template->assign_vars(array(
 			'MODE'	=> $mode
 		));
@@ -62,6 +65,11 @@ class acp_database
 							trigger_error($user->lang['TABLE_SELECT_ERROR'] . adm_back_link($this->u_action), E_USER_WARNING);
 						}
 
+						if (!check_form_key($form_key))
+						{
+							trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING);
+						}
+
 						$store = $download = $structure = $schema_data = false;
 
 						if ($where == 'store_and_download' || $where == 'store')

phpBB/includes/acp/acp_disallow.php

@@ -26,9 +26,7 @@ class acp_disallow
 	function main($id, $mode)
 	{
 		global $db, $user, $auth, $template, $cache;
-		global $config, $phpbb_root_path, $phpbb_admin_path, $phpEx;
-
-		include($phpbb_root_path . 'includes/functions_user.' . $phpEx);
+		global $config, $phpbb_admin_path;
 
 		$user->add_lang('acp/posting');
 

phpBB/includes/acp/acp_email.php

@@ -189,8 +189,15 @@ class acp_email
 				$db->sql_freeresult($result);
 
 				// Send the messages
-				include_once($phpbb_root_path . 'includes/functions_messenger.' . $phpEx);
-				include_once($phpbb_root_path . 'includes/functions_user.' . $phpEx);
+				if (!class_exists('messenger'))
+				{
+					include($phpbb_root_path . 'includes/functions_messenger.' . $phpEx);
+				}
+
+				if (!function_exists('get_group_name'))
+				{
+					include($phpbb_root_path . 'includes/functions_user.' . $phpEx);
+				}
 				$messenger = new messenger($use_queue);
 
 				$errored = false;

phpBB/includes/acp/acp_extensions.php

@@ -22,55 +22,81 @@ if (!defined('IN_PHPBB'))
 class acp_extensions
 {
 	var $u_action;
+	var $tpl_name;
+	var $page_title;
 
-	private $db;
 	private $config;
 	private $template;
 	private $user;
 	private $cache;
 	private $log;
 	private $request;
+	private $phpbb_dispatcher;
+	private $ext_manager;
 
 	function main()
 	{
 		// Start the page
-		global $config, $user, $template, $request, $phpbb_extension_manager, $db, $phpbb_root_path, $phpEx, $phpbb_log, $cache;
+		global $config, $user, $template, $request, $phpbb_extension_manager, $phpbb_root_path, $phpEx, $phpbb_log, $cache, $phpbb_dispatcher;
 
-		$this->db = $db;
 		$this->config = $config;
 		$this->template = $template;
 		$this->user = $user;
 		$this->cache = $cache;
 		$this->request = $request;
 		$this->log = $phpbb_log;
+		$this->phpbb_dispatcher = $phpbb_dispatcher;
+		$this->ext_manager = $phpbb_extension_manager;
 
-		$user->add_lang(array('install', 'acp/extensions', 'migrator'));
+		$this->user->add_lang(array('install', 'acp/extensions', 'migrator'));
 
 		$this->page_title = 'ACP_EXTENSIONS';
 
-		$action = $request->variable('action', 'list');
-		$ext_name = $request->variable('ext_name', '');
+		$action = $this->request->variable('action', 'list');
+		$ext_name = $this->request->variable('ext_name', '');
 
 		// What is a safe limit of execution time? Half the max execution time should be safe.
 		$safe_time_limit = (ini_get('max_execution_time') / 2);
 		$start_time = time();
 
 		// Cancel action
-		if ($request->is_set_post('cancel'))
+		if ($this->request->is_set_post('cancel'))
 		{
 			$action = 'list';
 			$ext_name = '';
 		}
 
-		if (in_array($action, array('enable', 'disable', 'delete_data')) && !check_link_hash($request->variable('hash', ''), $action . '.' . $ext_name))
+		if (in_array($action, array('enable', 'disable', 'delete_data')) && !check_link_hash($this->request->variable('hash', ''), $action . '.' . $ext_name))
 		{
 			trigger_error('FORM_INVALID', E_USER_WARNING);
 		}
 
+		/**
+		* Event to run a specific action on extension
+		*
+		* @event core.acp_extensions_run_action_before
+		* @var	string	action			Action to run; if the event completes execution of the action, should be set to 'none'
+		* @var	string	u_action		Url we are at
+		* @var	string	ext_name		Extension name from request
+		* @var	int		safe_time_limit	Safe limit of execution time
+		* @var	int		start_time		Start time
+		* @var	string	tpl_name		Template file to load
+		* @since 3.1.11-RC1
+		* @changed 3.2.1-RC1			Renamed to core.acp_extensions_run_action_before, added tpl_name, added action 'none'
+		*/
+		$u_action = $this->u_action;
+		$tpl_name = '';
+		$vars = array('action', 'u_action', 'ext_name', 'safe_time_limit', 'start_time', 'tpl_name');
+		extract($this->phpbb_dispatcher->trigger_event('core.acp_extensions_run_action_before', compact($vars)));
+
+		// In case they have been updated by the event
+		$this->u_action = $u_action;
+		$this->tpl_name = $tpl_name;
+
 		// If they've specified an extension, let's load the metadata manager and validate it.
 		if ($ext_name)
 		{
-			$md_manager = new \phpbb\extension\metadata_manager($ext_name, $config, $phpbb_extension_manager, $template, $user, $phpbb_root_path);
+			$md_manager = $this->ext_manager->create_extension_metadata_manager($ext_name, $this->template);
 
 			try
 			{
@@ -85,6 +111,10 @@ class acp_extensions
 		// What are we doing?
 		switch ($action)
 		{
+			case 'none':
+				// Intentionally empty, used by extensions that execute additional actions in the prior event
+				break;
+
 			case 'set_config_version_check_force_unstable':
 				$force_unstable = $this->request->variable('force_unstable', false);
 
@@ -94,12 +124,12 @@ class acp_extensions
 						'force_unstable'	=> $force_unstable,
 					));
 
-					confirm_box(false, $user->lang('EXTENSION_FORCE_UNSTABLE_CONFIRM'), $s_hidden_fields);
+					confirm_box(false, $this->user->lang('EXTENSION_FORCE_UNSTABLE_CONFIRM'), $s_hidden_fields);
 				}
 				else
 				{
-					$config->set('extension_force_unstable', false);
-					trigger_error($user->lang['CONFIG_UPDATED'] . adm_back_link($this->u_action));
+					$this->config->set('extension_force_unstable', false);
+					trigger_error($this->user->lang['CONFIG_UPDATED'] . adm_back_link($this->u_action));
 				}
 				break;
 
@@ -107,50 +137,47 @@ class acp_extensions
 			default:
 				if (confirm_box(true))
 				{
-					$config->set('extension_force_unstable', true);
-					trigger_error($user->lang['CONFIG_UPDATED'] . adm_back_link($this->u_action));
+					$this->config->set('extension_force_unstable', true);
+					trigger_error($this->user->lang['CONFIG_UPDATED'] . adm_back_link($this->u_action));
 				}
 
-				$this->list_enabled_exts($phpbb_extension_manager);
-				$this->list_disabled_exts($phpbb_extension_manager);
-				$this->list_available_exts($phpbb_extension_manager);
+				$this->list_enabled_exts();
+				$this->list_disabled_exts();
+				$this->list_available_exts();
 
 				$this->template->assign_vars(array(
 					'U_VERSIONCHECK_FORCE' 	=> $this->u_action . '&action=list&versioncheck_force=1',
-					'FORCE_UNSTABLE'		=> $config['extension_force_unstable'],
+					'FORCE_UNSTABLE'		=> $this->config['extension_force_unstable'],
 					'U_ACTION' 				=> $this->u_action,
 				));
 
-				add_form_key('version_check_settings');
-
 				$this->tpl_name = 'acp_ext_list';
 			break;
 
 			case 'enable_pre':
-				if (!$md_manager->validate_dir())
+				try
 				{
-					trigger_error($user->lang['EXTENSION_DIR_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING);
+					$md_manager->validate_enable();
+				}
+				catch (\phpbb\extension\exception $e)
+				{
+					trigger_error($e . adm_back_link($this->u_action), E_USER_WARNING);
 				}
 
-				if (!$md_manager->validate_enable())
-				{
-					trigger_error($user->lang['EXTENSION_NOT_AVAILABLE'] . adm_back_link($this->u_action), E_USER_WARNING);
-				}
-
-				$extension = $phpbb_extension_manager->get_extension($ext_name);
+				$extension = $this->ext_manager->get_extension($ext_name);
 				if (!$extension->is_enableable())
 				{
-					trigger_error($user->lang['EXTENSION_NOT_ENABLEABLE'] . adm_back_link($this->u_action), E_USER_WARNING);
+					trigger_error($this->user->lang['EXTENSION_NOT_ENABLEABLE'] . adm_back_link($this->u_action), E_USER_WARNING);
 				}
 
-				if ($phpbb_extension_manager->is_enabled($ext_name))
+				if ($this->ext_manager->is_enabled($ext_name))
 				{
 					redirect($this->u_action);
 				}
 
 				$this->tpl_name = 'acp_ext_enable';
 
-				$template->assign_vars(array(
+				$this->template->assign_vars(array(
 					'PRE'				=> true,
 					'L_CONFIRM_MESSAGE'	=> $this->user->lang('EXTENSION_ENABLE_CONFIRM', $md_manager->get_metadata('display-name')),
 					'U_ENABLE'			=> $this->u_action . '&action=enable&ext_name=' . urlencode($ext_name) . '&hash=' . generate_link_hash('enable.' . $ext_name),
@@ -158,57 +185,65 @@ class acp_extensions
 			break;
 
 			case 'enable':
-				if (!$md_manager->validate_dir())
+				try
 				{
-					trigger_error($user->lang['EXTENSION_DIR_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING);
+					$md_manager->validate_enable();
+				}
+				catch (\phpbb\extension\exception $e)
+				{
+					trigger_error($e . adm_back_link($this->u_action), E_USER_WARNING);
 				}
 
-				if (!$md_manager->validate_enable())
-				{
-					trigger_error($user->lang['EXTENSION_NOT_AVAILABLE'] . adm_back_link($this->u_action), E_USER_WARNING);
-				}
-
-				$extension = $phpbb_extension_manager->get_extension($ext_name);
+				$extension = $this->ext_manager->get_extension($ext_name);
 				if (!$extension->is_enableable())
 				{
-					trigger_error($user->lang['EXTENSION_NOT_ENABLEABLE'] . adm_back_link($this->u_action), E_USER_WARNING);
+					trigger_error($this->user->lang['EXTENSION_NOT_ENABLEABLE'] . adm_back_link($this->u_action), E_USER_WARNING);
 				}
 
 				try
 				{
-					while ($phpbb_extension_manager->enable_step($ext_name))
+					while ($this->ext_manager->enable_step($ext_name))
 					{
 						// Are we approaching the time limit? If so we want to pause the update and continue after refreshing
 						if ((time() - $start_time) >= $safe_time_limit)
 						{
-							$template->assign_var('S_NEXT_STEP', true);
+							$this->template->assign_var('S_NEXT_STEP', true);
 
 							meta_refresh(0, $this->u_action . '&action=enable&ext_name=' . urlencode($ext_name) . '&hash=' . generate_link_hash('enable.' . $ext_name));
 						}
 					}
-					$this->log->add('admin', $user->data['user_id'], $user->ip, 'LOG_EXT_ENABLE', time(), array($ext_name));
+
+					// Update custom style for admin area
+					$this->template->set_custom_style(array(
+						array(
+							'name' 		=> 'adm',
+							'ext_path' 	=> 'adm/style/',
+						),
+					), array($phpbb_root_path . 'adm/style'));
+
+					$this->log->add('admin', $this->user->data['user_id'], $this->user->ip, 'LOG_EXT_ENABLE', time(), array($ext_name));
 				}
 				catch (\phpbb\db\migration\exception $e)
 				{
-					$template->assign_var('MIGRATOR_ERROR', $e->getLocalisedMessage($user));
+					$this->template->assign_var('MIGRATOR_ERROR', $e->getLocalisedMessage($this->user));
 				}
 
 				$this->tpl_name = 'acp_ext_enable';
 
-				$template->assign_vars(array(
+				$this->template->assign_vars(array(
 					'U_RETURN'		=> $this->u_action . '&action=list',
 				));
 			break;
 
 			case 'disable_pre':
-				if (!$phpbb_extension_manager->is_enabled($ext_name))
+				if (!$this->ext_manager->is_enabled($ext_name))
 				{
 					redirect($this->u_action);
 				}
 
 				$this->tpl_name = 'acp_ext_disable';
 
-				$template->assign_vars(array(
+				$this->template->assign_vars(array(
 					'PRE'				=> true,
 					'L_CONFIRM_MESSAGE'	=> $this->user->lang('EXTENSION_DISABLE_CONFIRM', $md_manager->get_metadata('display-name')),
 					'U_DISABLE'			=> $this->u_action . '&action=disable&ext_name=' . urlencode($ext_name) . '&hash=' . generate_link_hash('disable.' . $ext_name),
@@ -216,38 +251,38 @@ class acp_extensions
 			break;
 
 			case 'disable':
-				if (!$phpbb_extension_manager->is_enabled($ext_name))
+				if (!$this->ext_manager->is_enabled($ext_name))
 				{
 					redirect($this->u_action);
 				}
 
-				while ($phpbb_extension_manager->disable_step($ext_name))
+				while ($this->ext_manager->disable_step($ext_name))
 				{
 					// Are we approaching the time limit? If so we want to pause the update and continue after refreshing
 					if ((time() - $start_time) >= $safe_time_limit)
 					{
-						$template->assign_var('S_NEXT_STEP', true);
+						$this->template->assign_var('S_NEXT_STEP', true);
 
 						meta_refresh(0, $this->u_action . '&action=disable&ext_name=' . urlencode($ext_name) . '&hash=' . generate_link_hash('disable.' . $ext_name));
 					}
 				}
-				$this->log->add('admin', $user->data['user_id'], $user->ip, 'LOG_EXT_DISABLE', time(), array($ext_name));
+				$this->log->add('admin', $this->user->data['user_id'], $this->user->ip, 'LOG_EXT_DISABLE', time(), array($ext_name));
 
 				$this->tpl_name = 'acp_ext_disable';
 
-				$template->assign_vars(array(
+				$this->template->assign_vars(array(
 					'U_RETURN'	=> $this->u_action . '&action=list',
 				));
 			break;
 
 			case 'delete_data_pre':
-				if ($phpbb_extension_manager->is_enabled($ext_name))
+				if ($this->ext_manager->is_enabled($ext_name))
 				{
 					redirect($this->u_action);
 				}
 				$this->tpl_name = 'acp_ext_delete_data';
 
-				$template->assign_vars(array(
+				$this->template->assign_vars(array(
 					'PRE'				=> true,
 					'L_CONFIRM_MESSAGE'	=> $this->user->lang('EXTENSION_DELETE_DATA_CONFIRM', $md_manager->get_metadata('display-name')),
 					'U_PURGE'			=> $this->u_action . '&action=delete_data&ext_name=' . urlencode($ext_name) . '&hash=' . generate_link_hash('delete_data.' . $ext_name),
@@ -255,33 +290,33 @@ class acp_extensions
 			break;
 
 			case 'delete_data':
-				if ($phpbb_extension_manager->is_enabled($ext_name))
+				if ($this->ext_manager->is_enabled($ext_name))
 				{
 					redirect($this->u_action);
 				}
 
 				try
 				{
-					while ($phpbb_extension_manager->purge_step($ext_name))
+					while ($this->ext_manager->purge_step($ext_name))
 					{
 						// Are we approaching the time limit? If so we want to pause the update and continue after refreshing
 						if ((time() - $start_time) >= $safe_time_limit)
 						{
-							$template->assign_var('S_NEXT_STEP', true);
+							$this->template->assign_var('S_NEXT_STEP', true);
 
 							meta_refresh(0, $this->u_action . '&action=delete_data&ext_name=' . urlencode($ext_name) . '&hash=' . generate_link_hash('delete_data.' . $ext_name));
 						}
 					}
-					$this->log->add('admin', $user->data['user_id'], $user->ip, 'LOG_EXT_PURGE', time(), array($ext_name));
+					$this->log->add('admin', $this->user->data['user_id'], $this->user->ip, 'LOG_EXT_PURGE', time(), array($ext_name));
 				}
 				catch (\phpbb\db\migration\exception $e)
 				{
-					$template->assign_var('MIGRATOR_ERROR', $e->getLocalisedMessage($user));
+					$this->template->assign_var('MIGRATOR_ERROR', $e->getLocalisedMessage($this->user));
 				}
 
 				$this->tpl_name = 'acp_ext_delete_data';
 
-				$template->assign_vars(array(
+				$this->template->assign_vars(array(
 					'U_RETURN'	=> $this->u_action . '&action=list',
 				));
 			break;
@@ -292,28 +327,25 @@ class acp_extensions
 
 				try
 				{
-					$updates_available = $this->version_check($md_manager, $request->variable('versioncheck_force', false));
+					$updates_available = $this->version_check($md_manager, $this->request->variable('versioncheck_force', false));
 
-					$template->assign_vars(array(
+					$this->template->assign_vars(array(
 						'S_UP_TO_DATE'		=> empty($updates_available),
 						'S_VERSIONCHECK'	=> true,
 						'UP_TO_DATE_MSG'	=> $this->user->lang(empty($updates_available) ? 'UP_TO_DATE' : 'NOT_UP_TO_DATE', $md_manager->get_metadata('display-name')),
 					));
 
-					foreach ($updates_available as $branch => $version_data)
-					{
-						$template->assign_block_vars('updates_available', $version_data);
-					}
+					$this->template->assign_block_vars('updates_available', $updates_available);
 				}
 				catch (\RuntimeException $e)
 				{
-					$template->assign_vars(array(
+					$this->template->assign_vars(array(
 						'S_VERSIONCHECK_STATUS'			=> $e->getCode(),
-						'VERSIONCHECK_FAIL_REASON'		=> ($e->getMessage() !== $user->lang('VERSIONCHECK_FAIL')) ? $e->getMessage() : '',
+						'VERSIONCHECK_FAIL_REASON'		=> ($e->getMessage() !== $this->user->lang('VERSIONCHECK_FAIL')) ? $e->getMessage() : '',
 					));
 				}
 
-				$template->assign_vars(array(
+				$this->template->assign_vars(array(
 					'U_BACK'				=> $this->u_action . '&action=list',
 					'U_VERSIONCHECK_FORCE'	=> $this->u_action . '&action=details&versioncheck_force=1&ext_name=' . urlencode($md_manager->get_metadata('name')),
 				));
@@ -321,21 +353,41 @@ class acp_extensions
 				$this->tpl_name = 'acp_ext_details';
 			break;
 		}
+
+		/**
+		* Event to run after a specific action on extension has completed
+		*
+		* @event core.acp_extensions_run_action_after
+		* @var	string	action			Action that has run
+		* @var	string	u_action		Url we are at
+		* @var	string	ext_name		Extension name from request
+		* @var	int		safe_time_limit	Safe limit of execution time
+		* @var	int		start_time		Start time
+		* @var	string	tpl_name		Template file to load
+		* @since 3.1.11-RC1
+		*/
+		$u_action = $this->u_action;
+		$tpl_name = $this->tpl_name;
+		$vars = array('action', 'u_action', 'ext_name', 'safe_time_limit', 'start_time', 'tpl_name');
+		extract($this->phpbb_dispatcher->trigger_event('core.acp_extensions_run_action_after', compact($vars)));
+
+		// In case they have been updated by the event
+		$this->u_action = $u_action;
+		$this->tpl_name = $tpl_name;
 	}
 
 	/**
 	* Lists all the enabled extensions and dumps to the template
 	*
-	* @param  $phpbb_extension_manager     An instance of the extension manager
 	* @return null
 	*/
-	public function list_enabled_exts(\phpbb\extension\manager $phpbb_extension_manager)
+	public function list_enabled_exts()
 	{
 		$enabled_extension_meta_data = array();
 
-		foreach ($phpbb_extension_manager->all_enabled() as $name => $location)
+		foreach ($this->ext_manager->all_enabled() as $name => $location)
 		{
-			$md_manager = $phpbb_extension_manager->create_extension_metadata_manager($name, $this->template);
+			$md_manager = $this->ext_manager->create_extension_metadata_manager($name, $this->template);
 
 			try
 			{
@@ -369,6 +421,7 @@ class acp_extensions
 
 		foreach ($enabled_extension_meta_data as $name => $block_vars)
 		{
+			$block_vars['NAME'] = $name;
 			$block_vars['U_DETAILS'] = $this->u_action . '&action=details&ext_name=' . urlencode($name);
 
 			$this->template->assign_block_vars('enabled', $block_vars);
@@ -382,16 +435,15 @@ class acp_extensions
 	/**
 	* Lists all the disabled extensions and dumps to the template
 	*
-	* @param  $phpbb_extension_manager     An instance of the extension manager
 	* @return null
 	*/
-	public function list_disabled_exts(\phpbb\extension\manager $phpbb_extension_manager)
+	public function list_disabled_exts()
 	{
 		$disabled_extension_meta_data = array();
 
-		foreach ($phpbb_extension_manager->all_disabled() as $name => $location)
+		foreach ($this->ext_manager->all_disabled() as $name => $location)
 		{
-			$md_manager = $phpbb_extension_manager->create_extension_metadata_manager($name, $this->template);
+			$md_manager = $this->ext_manager->create_extension_metadata_manager($name, $this->template);
 
 			try
 			{
@@ -425,6 +477,7 @@ class acp_extensions
 
 		foreach ($disabled_extension_meta_data as $name => $block_vars)
 		{
+			$block_vars['NAME'] = $name;
 			$block_vars['U_DETAILS'] = $this->u_action . '&action=details&ext_name=' . urlencode($name);
 
 			$this->template->assign_block_vars('disabled', $block_vars);
@@ -439,18 +492,17 @@ class acp_extensions
 	/**
 	* Lists all the available extensions and dumps to the template
 	*
-	* @param  $phpbb_extension_manager     An instance of the extension manager
 	* @return null
 	*/
-	public function list_available_exts(\phpbb\extension\manager $phpbb_extension_manager)
+	public function list_available_exts()
 	{
-		$uninstalled = array_diff_key($phpbb_extension_manager->all_available(), $phpbb_extension_manager->all_configured());
+		$uninstalled = array_diff_key($this->ext_manager->all_available(), $this->ext_manager->all_configured());
 
 		$available_extension_meta_data = array();
 
 		foreach ($uninstalled as $name => $location)
 		{
-			$md_manager = $phpbb_extension_manager->create_extension_metadata_manager($name, $this->template);
+			$md_manager = $this->ext_manager->create_extension_metadata_manager($name, $this->template);
 
 			try
 			{
@@ -484,6 +536,7 @@ class acp_extensions
 
 		foreach ($available_extension_meta_data as $name => $block_vars)
 		{
+			$block_vars['NAME'] = $name;
 			$block_vars['U_DETAILS'] = $this->u_action . '&action=details&ext_name=' . urlencode($name);
 
 			$this->template->assign_block_vars('disabled', $block_vars);
@@ -518,7 +571,7 @@ class acp_extensions
 	* @param \phpbb\extension\metadata_manager $md_manager The metadata manager for the version to check.
 	* @param bool $force_update Ignores cached data. Defaults to false.
 	* @param bool $force_cache Force the use of the cache. Override $force_update.
-	* @return string
+	* @return array
 	* @throws RuntimeException
 	*/
 	protected function version_check(\phpbb\extension\metadata_manager $md_manager, $force_update = false, $force_cache = false)
@@ -534,10 +587,10 @@ class acp_extensions
 
 		$version_helper = new \phpbb\version_helper($this->cache, $this->config, new \phpbb\file_downloader(), $this->user);
 		$version_helper->set_current_version($meta['version']);
-		$version_helper->set_file_location($version_check['host'], $version_check['directory'], $version_check['filename']);
+		$version_helper->set_file_location($version_check['host'], $version_check['directory'], $version_check['filename'], isset($version_check['ssl']) ? $version_check['ssl'] : false);
 		$version_helper->force_stability($this->config['extension_force_unstable'] ? 'unstable' : null);
 
-		return $updates = $version_helper->get_suggested_updates($force_update, $force_cache);
+		return $version_helper->get_ext_update_on_branch($force_update, $force_cache);
 	}
 
 	/**

phpBB/includes/acp/acp_forums.php

@@ -842,9 +842,26 @@ class acp_forums
 			ORDER BY left_id";
 		$result = $db->sql_query($sql);
 
-		if ($row = $db->sql_fetchrow($result))
+		$rowset = array();
+		while ($row = $db->sql_fetchrow($result))
 		{
-			do
+			$rowset[(int) $row['forum_id']] = $row;
+		}
+		$db->sql_freeresult($result);
+
+		/**
+		* Modify the forum list data
+		*
+		* @event core.acp_manage_forums_modify_forum_list
+		* @var	array	rowset	Array with the forums list data
+		* @since 3.1.10-RC1
+		*/
+		$vars = array('rowset');
+		extract($phpbb_dispatcher->trigger_event('core.acp_manage_forums_modify_forum_list', compact($vars)));
+
+		if (!empty($rowset))
+		{
+			foreach ($rowset as $row)
 			{
 				$forum_type = $row['forum_type'];
 
@@ -888,7 +905,6 @@ class acp_forums
 					'U_SYNC'			=> $url . '&action=sync')
 				);
 			}
-			while ($row = $db->sql_fetchrow($result));
 		}
 		else if ($this->parent_id)
 		{
@@ -904,7 +920,7 @@ class acp_forums
 				'U_SYNC'			=> $url . '&action=sync')
 			);
 		}
-		$db->sql_freeresult($result);
+		unset($rowset);
 
 		$template->assign_vars(array(
 			'ERROR_MSG'		=> (sizeof($errors)) ? implode('<br />', $errors) : '',
@@ -1411,7 +1427,7 @@ class acp_forums
 		$diff = sizeof($moved_forums) * 2;
 
 		$moved_ids = array();
-		for ($i = 0; $i < sizeof($moved_forums); ++$i)
+		for ($i = 0, $size = sizeof($moved_forums); $i < $size; ++$i)
 		{
 			$moved_ids[] = $moved_forums[$i]['forum_id'];
 		}

phpBB/includes/acp/acp_groups.php

@@ -42,7 +42,10 @@ class acp_groups
 			return;
 		}
 
-		include($phpbb_root_path . 'includes/functions_user.' . $phpEx);
+		if (!function_exists('group_user_attributes'))
+		{
+			include($phpbb_root_path . 'includes/functions_user.' . $phpEx);
+		}
 
 		// Check and set some common vars
 		$action		= (isset($_POST['add'])) ? 'add' : ((isset($_POST['addusers'])) ? 'addusers' : request_var('action', ''));
@@ -295,7 +298,10 @@ class acp_groups
 			case 'edit':
 			case 'add':
 
-				include($phpbb_root_path . 'includes/functions_display.' . $phpEx);
+				if (!function_exists('display_forums'))
+				{
+					include($phpbb_root_path . 'includes/functions_display.' . $phpEx);
+				}
 
 				$data = $submit_ary = array();
 
@@ -318,9 +324,11 @@ class acp_groups
 				$avatar_data = null;
 				$avatar_error = array();
 
+				/** @var \phpbb\avatar\manager $phpbb_avatar_manager */
+				$phpbb_avatar_manager = $phpbb_container->get('avatar.manager');
+
 				if ($config['allow_avatar'])
 				{
-					$phpbb_avatar_manager = $phpbb_container->get('avatar.manager');
 					$avatar_drivers = $phpbb_avatar_manager->get_enabled_drivers();
 
 					// This is normalised data, without the group_ prefix
@@ -661,14 +669,21 @@ class acp_groups
 					$avatars_enabled = false;
 					$selected_driver = $phpbb_avatar_manager->clean_driver_name($request->variable('avatar_driver', $avatar_data['avatar_type']));
 
+					// Assign min and max values before generating avatar driver html
+					$template->assign_vars(array(
+							'AVATAR_MIN_WIDTH'		=> $config['avatar_min_width'],
+							'AVATAR_MAX_WIDTH'		=> $config['avatar_max_width'],
+							'AVATAR_MIN_HEIGHT'		=> $config['avatar_min_height'],
+							'AVATAR_MAX_HEIGHT'		=> $config['avatar_max_height'],
+					));
+
 					foreach ($avatar_drivers as $current_driver)
 					{
 						$driver = $phpbb_avatar_manager->get_driver($current_driver);
 
 						$avatars_enabled = true;
-						$config_name = $phpbb_avatar_manager->get_driver_config_name($driver);
 						$template->set_filenames(array(
-							'avatar' => "acp_avatar_options_{$config_name}.html",
+							'avatar' => $driver->get_acp_template_name(),
 						));
 
 						if ($driver->prepare_form($request, $template, $user, $avatar_data, $avatar_error))

phpBB/includes/acp/acp_icons.php

@@ -40,6 +40,10 @@ class acp_icons
 		$action = (isset($_POST['edit'])) ? 'edit' : $action;
 		$action = (isset($_POST['import'])) ? 'import' : $action;
 		$icon_id = request_var('id', 0);
+		$submit = $request->is_set_post('submit', false);
+
+		$form_key = 'acp_icons';
+		add_form_key($form_key);
 
 		$mode = ($mode == 'smilies') ? 'smilies' : 'icons';
 
@@ -325,6 +329,11 @@ class acp_icons
 			case 'create':
 			case 'modify':
 
+				if (!check_form_key($form_key))
+				{
+					trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING);
+				}
+
 				// Get items to create/modify
 				$images = (isset($_POST['image'])) ? array_keys(request_var('image', array('' => 0))) : array();
 
@@ -513,6 +522,11 @@ class acp_icons
 				{
 					$order = 0;
 
+					if (!check_form_key($form_key))
+					{
+						trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING);
+					}
+
 					if (!($pak_ary = @file($phpbb_root_path . $img_path . '/' . $pak)))
 					{
 						trigger_error($user->lang['PAK_FILE_NOT_READABLE'] . adm_back_link($this->u_action), E_USER_WARNING);
@@ -698,7 +712,7 @@ class acp_icons
 
 				$template->assign_vars(array(
 					'MESSAGE_TITLE'		=> $user->lang['EXPORT_' . $lang],
-					'MESSAGE_TEXT'		=> sprintf($user->lang['EXPORT_' . $lang . '_EXPLAIN'], '<a href="' . $this->u_action . '&amp;action=send">', '</a>'),
+					'MESSAGE_TEXT'		=> sprintf($user->lang['EXPORT_' . $lang . '_EXPLAIN'], '<a href="' . $this->u_action . '&amp;action=send&amp;hash=' . generate_link_hash('acp_icons') . '">', '</a>'),
 
 					'S_USER_NOTICE'		=> true,
 					)
@@ -710,6 +724,11 @@ class acp_icons
 
 			case 'send':
 
+				if (!check_link_hash($request->variable('hash', ''), 'acp_icons'))
+				{
+					trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING);
+				}
+
 				$sql = "SELECT *
 					FROM $table
 					ORDER BY {$fields}_order";
@@ -811,6 +830,11 @@ class acp_icons
 			case 'move_up':
 			case 'move_down':
 
+				if (!check_link_hash($request->variable('hash', ''), 'acp_icons'))
+				{
+					trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING);
+				}
+
 				// Get current order id...
 				$sql = "SELECT {$fields}_order as current_order
 					FROM $table
@@ -928,8 +952,8 @@ class acp_icons
 				'EMOTION'		=> (isset($row['emotion'])) ? $row['emotion'] : '',
 				'U_EDIT'		=> $this->u_action . '&amp;action=edit&amp;id=' . $row[$fields . '_id'],
 				'U_DELETE'		=> $this->u_action . '&amp;action=delete&amp;id=' . $row[$fields . '_id'],
-				'U_MOVE_UP'		=> $this->u_action . '&amp;action=move_up&amp;id=' . $row[$fields . '_id'] . '&amp;start=' . $pagination_start,
-				'U_MOVE_DOWN'	=> $this->u_action . '&amp;action=move_down&amp;id=' . $row[$fields . '_id'] . '&amp;start=' . $pagination_start,
+				'U_MOVE_UP'		=> $this->u_action . '&amp;action=move_up&amp;id=' . $row[$fields . '_id'] . '&amp;start=' . $pagination_start . '&amp;hash=' . generate_link_hash('acp_icons'),
+				'U_MOVE_DOWN'	=> $this->u_action . '&amp;action=move_down&amp;id=' . $row[$fields . '_id'] . '&amp;start=' . $pagination_start . '&amp;hash=' . generate_link_hash('acp_icons'),
 			));
 
 			if (!$spacer && !$row['display_on_posting'])

phpBB/includes/acp/acp_inactive.php

@@ -34,7 +34,10 @@ class acp_inactive
 		global $config, $db, $user, $auth, $template, $phpbb_container;
 		global $phpbb_root_path, $phpbb_admin_path, $phpEx, $table_prefix;
 
-		include($phpbb_root_path . 'includes/functions_user.' . $phpEx);
+		if (!function_exists('user_active_flip'))
+		{
+			include($phpbb_root_path . 'includes/functions_user.' . $phpEx);
+		}
 
 		$user->add_lang('memberlist');
 
@@ -109,7 +112,10 @@ class acp_inactive
 
 						if ($config['require_activation'] == USER_ACTIVATION_ADMIN && !empty($inactive_users))
 						{
-							include_once($phpbb_root_path . 'includes/functions_messenger.' . $phpEx);
+							if (!class_exists('messenger'))
+							{
+								include($phpbb_root_path . 'includes/functions_messenger.' . $phpEx);
+							}
 
 							$messenger = new messenger(false);
 
@@ -196,7 +202,10 @@ class acp_inactive
 					if ($row = $db->sql_fetchrow($result))
 					{
 						// Send the messages
-						include_once($phpbb_root_path . 'includes/functions_messenger.' . $phpEx);
+						if (!class_exists('messenger'))
+						{
+							include($phpbb_root_path . 'includes/functions_messenger.' . $phpEx);
+						}
 
 						$messenger = new messenger();
 						$usernames = $user_ids = array();
@@ -271,9 +280,10 @@ class acp_inactive
 
 				'REMINDED_EXPLAIN'	=> $user->lang('USER_LAST_REMINDED', (int) $row['user_reminded'], $user->format_date($row['user_reminded_time'])),
 
-				'USERNAME_FULL'		=> get_username_string('full', $row['user_id'], $row['username'], $row['user_colour'], false, append_sid("{$phpbb_admin_path}index.$phpEx", 'i=users&mode=overview')),
+				'USERNAME_FULL'		=> get_username_string('full', $row['user_id'], $row['username'], $row['user_colour'], false, append_sid("{$phpbb_admin_path}index.$phpEx", 'i=users&mode=overview&redirect=acp_inactive')),
 				'USERNAME'			=> get_username_string('username', $row['user_id'], $row['username'], $row['user_colour']),
 				'USER_COLOR'		=> get_username_string('colour', $row['user_id'], $row['username'], $row['user_colour']),
+				'USER_EMAIL'		=> $row['user_email'],
 
 				'U_USER_ADMIN'	=> append_sid("{$phpbb_admin_path}index.$phpEx", "i=users&mode=overview&u={$row['user_id']}"),
 				'U_SEARCH_USER'	=> ($auth->acl_get('u_search')) ? append_sid("{$phpbb_root_path}search.$phpEx", "author_id={$row['user_id']}&sr=posts") : '',

phpBB/includes/acp/acp_jabber.php

@@ -34,7 +34,10 @@ class acp_jabber
 
 		$user->add_lang('acp/board');
 
-		include_once($phpbb_root_path . 'includes/functions_jabber.' . $phpEx);
+		if (!class_exists('jabber'))
+		{
+			include($phpbb_root_path . 'includes/functions_jabber.' . $phpEx);
+		}
 
 		$action	= request_var('action', '');
 		$submit = (isset($_POST['submit'])) ? true : false;
@@ -47,13 +50,16 @@ class acp_jabber
 		$this->tpl_name = 'acp_jabber';
 		$this->page_title = 'ACP_JABBER_SETTINGS';
 
-		$jab_enable			= request_var('jab_enable',			(bool) $config['jab_enable']);
-		$jab_host			= request_var('jab_host',			(string) $config['jab_host']);
-		$jab_port			= request_var('jab_port',			(int) $config['jab_port']);
-		$jab_username		= request_var('jab_username',		(string) $config['jab_username']);
-		$jab_password		= request_var('jab_password',		(string) $config['jab_password']);
-		$jab_package_size	= request_var('jab_package_size',	(int) $config['jab_package_size']);
-		$jab_use_ssl		= request_var('jab_use_ssl',		(bool) $config['jab_use_ssl']);
+		$jab_enable				= request_var('jab_enable',				(bool) $config['jab_enable']);
+		$jab_host				= request_var('jab_host',				(string) $config['jab_host']);
+		$jab_port				= request_var('jab_port',				(int) $config['jab_port']);
+		$jab_username			= request_var('jab_username',			(string) $config['jab_username']);
+		$jab_password			= request_var('jab_password',			(string) $config['jab_password']);
+		$jab_package_size		= request_var('jab_package_size',		(int) $config['jab_package_size']);
+		$jab_use_ssl			= request_var('jab_use_ssl',			(bool) $config['jab_use_ssl']);
+		$jab_verify_peer		= request_var('jab_verify_peer',		(bool) $config['jab_verify_peer']);
+		$jab_verify_peer_name	= request_var('jab_verify_peer_name',	(bool) $config['jab_verify_peer_name']);
+		$jab_allow_self_signed	= request_var('jab_allow_self_signed',	(bool) $config['jab_allow_self_signed']);
 
 		$form_name = 'acp_jabber';
 		add_form_key($form_name);
@@ -73,7 +79,7 @@ class acp_jabber
 			// Is this feature enabled? Then try to establish a connection
 			if ($jab_enable)
 			{
-				$jabber = new jabber($jab_host, $jab_port, $jab_username, $jab_password, $jab_use_ssl);
+				$jabber = new jabber($jab_host, $jab_port, $jab_username, $jab_password, $jab_use_ssl, $jab_verify_peer, $jab_verify_peer_name, $jab_allow_self_signed);
 
 				if (!$jabber->connect())
 				{
@@ -113,6 +119,9 @@ class acp_jabber
 			}
 			set_config('jab_package_size', $jab_package_size);
 			set_config('jab_use_ssl', $jab_use_ssl);
+			set_config('jab_verify_peer', $jab_verify_peer);
+			set_config('jab_verify_peer_name', $jab_verify_peer_name);
+			set_config('jab_allow_self_signed', $jab_allow_self_signed);
 
 			add_log('admin', 'LOG_' . $log);
 			trigger_error($message . adm_back_link($this->u_action));
@@ -128,6 +137,9 @@ class acp_jabber
 			'JAB_PASSWORD'			=> $jab_password !== '' ? '********' : '',
 			'JAB_PACKAGE_SIZE'		=> $jab_package_size,
 			'JAB_USE_SSL'			=> $jab_use_ssl,
+			'JAB_VERIFY_PEER'		=> $jab_verify_peer,
+			'JAB_VERIFY_PEER_NAME'	=> $jab_verify_peer_name,
+			'JAB_ALLOW_SELF_SIGNED'	=> $jab_allow_self_signed,
 			'S_CAN_USE_SSL'			=> jabber::can_use_ssl(),
 			'S_GTALK_NOTE'			=> (!@function_exists('dns_get_record')) ? true : false,
 		));

phpBB/includes/acp/acp_language.php

@@ -34,7 +34,10 @@ class acp_language
 		global $config, $db, $user, $template;
 		global $phpbb_root_path, $phpEx, $request;
 
-		include_once($phpbb_root_path . 'includes/functions_user.' . $phpEx);
+		if (!function_exists('validate_language_iso_name'))
+		{
+			include($phpbb_root_path . 'includes/functions_user.' . $phpEx);
+		}
 
 		// Check and set some common vars
 		$action		= (isset($_POST['update_details'])) ? 'update_details' : '';
@@ -241,6 +244,11 @@ class acp_language
 			break;
 
 			case 'install':
+				if (!check_link_hash($request->variable('hash', ''), 'acp_language'))
+				{
+					trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING);
+				}
+
 				$lang_iso = request_var('iso', '');
 				$lang_iso = basename($lang_iso);
 
@@ -420,7 +428,7 @@ class acp_language
 					'ISO'			=> htmlspecialchars($lang_ary['iso']),
 					'LOCAL_NAME'	=> htmlspecialchars($lang_ary['local_name'], ENT_COMPAT, 'UTF-8'),
 					'NAME'			=> htmlspecialchars($lang_ary['name'], ENT_COMPAT, 'UTF-8'),
-					'U_INSTALL'		=> $this->u_action . '&action=install&iso=' . urlencode($lang_ary['iso']))
+					'U_INSTALL'		=> $this->u_action . '&action=install&iso=' . urlencode($lang_ary['iso']) . '&hash=' . generate_link_hash('acp_language'))
 				);
 			}
 		}

phpBB/includes/acp/acp_main.php

@@ -421,28 +421,52 @@ class acp_main
 		// Version check
 		$user->add_lang('install');
 
-		if ($auth->acl_get('a_server') && version_compare(PHP_VERSION, '5.3.3', '<'))
+		if ($auth->acl_get('a_server') && version_compare(PHP_VERSION, '5.4.0', '<'))
 		{
 			$template->assign_vars(array(
 				'S_PHP_VERSION_OLD'	=> true,
-				'L_PHP_VERSION_OLD'	=> sprintf($user->lang['PHP_VERSION_OLD'], '<a href="https://www.phpbb.com/community/viewtopic.php?f=14&amp;t=2152375">', '</a>'),
+				'L_PHP_VERSION_OLD'	=> sprintf($user->lang['PHP_VERSION_OLD'], PHP_VERSION, '5.4.0', '<a href="https://www.phpbb.com/support/docs/en/3.2/ug/quickstart/requirements">', '</a>'),
 			));
 		}
 
-		$version_helper = $phpbb_container->get('version_helper');
-		try
+		if ($auth->acl_get('a_board'))
 		{
-			$recheck = $request->variable('versioncheck_force', false);
-			$updates_available = $version_helper->get_suggested_updates($recheck);
+			/** @var \phpbb\version_helper $version_helper */
+			$version_helper = $phpbb_container->get('version_helper');
+			try
+			{
+				$recheck = $request->variable('versioncheck_force', false);
+				$updates_available = $version_helper->get_update_on_branch($recheck);
+				$upgrades_available = $version_helper->get_suggested_updates();
+				if (!empty($upgrades_available))
+				{
+					$upgrades_available = array_pop($upgrades_available);
+				}
 
-			$template->assign_var('S_VERSION_UP_TO_DATE', empty($updates_available));
+				$template->assign_vars(array(
+					'S_VERSION_UP_TO_DATE'		=> empty($updates_available),
+					'S_VERSION_UPGRADEABLE'		=> !empty($upgrades_available),
+					'UPGRADE_INSTRUCTIONS'		=> !empty($upgrades_available) ? $user->lang('UPGRADE_INSTRUCTIONS', $upgrades_available['current'], $upgrades_available['announcement']) : false,
+				));
+			}
+			catch (\RuntimeException $e)
+			{
+				$template->assign_vars(array(
+					'S_VERSIONCHECK_FAIL'		=> true,
+					'VERSIONCHECK_FAIL_REASON'	=> ($e->getMessage() !== $user->lang('VERSIONCHECK_FAIL')) ? $e->getMessage() : '',
+				));
+			}
 		}
-		catch (\RuntimeException $e)
+		else
 		{
-			$template->assign_vars(array(
-				'S_VERSIONCHECK_FAIL'		=> true,
-				'VERSIONCHECK_FAIL_REASON'	=> ($e->getMessage() !== $user->lang('VERSIONCHECK_FAIL')) ? $e->getMessage() : '',
-			));
+			// We set this template var to true, to not display an outdated version notice.
+			$template->assign_var('S_VERSION_UP_TO_DATE', true);
+		}
+
+		// Incomplete update?
+		if (phpbb_version_compare($config['version'], PHPBB_VERSION, '<'))
+		{
+			$template->assign_var('S_UPDATE_INCOMPLETE', true);
 		}
 
 		/**
@@ -553,6 +577,7 @@ class acp_main
 			'U_VERSIONCHECK'	=> append_sid("{$phpbb_admin_path}index.$phpEx", 'i=update&amp;mode=version_check'),
 			'U_VERSIONCHECK_FORCE'	=> append_sid("{$phpbb_admin_path}index.$phpEx", 'versioncheck_force=1'),
 
+			'S_VERSIONCHECK'	=> ($auth->acl_get('a_board')) ? true : false,
 			'S_ACTION_OPTIONS'	=> ($auth->acl_get('a_board')) ? true : false,
 			'S_FOUNDER'			=> ($user->data['user_type'] == USER_FOUNDER) ? true : false,
 			)

phpBB/includes/acp/acp_modules.php

@@ -46,6 +46,9 @@ class acp_modules
 		$user->add_lang('acp/modules');
 		$this->tpl_name = 'acp_modules';
 
+		$form_key = 'acp_modules';
+		add_form_key($form_key);
+
 		// module class
 		$this->module_class = $mode;
 
@@ -119,6 +122,11 @@ class acp_modules
 					trigger_error($user->lang['NO_MODULE_ID'] . adm_back_link($this->u_action . '&parent_id=' . $this->parent_id), E_USER_WARNING);
 				}
 
+				if (!check_link_hash($request->variable('hash', ''), 'acp_modules'))
+				{
+					trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&parent_id=' . $this->parent_id), E_USER_WARNING);
+				}
+
 				$sql = 'SELECT *
 					FROM ' . MODULES_TABLE . "
 					WHERE module_class = '" . $db->sql_escape($this->module_class) . "'
@@ -150,6 +158,11 @@ class acp_modules
 					trigger_error($user->lang['NO_MODULE_ID'] . adm_back_link($this->u_action . '&parent_id=' . $this->parent_id), E_USER_WARNING);
 				}
 
+				if (!check_link_hash($request->variable('hash', ''), 'acp_modules'))
+				{
+					trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&parent_id=' . $this->parent_id), E_USER_WARNING);
+				}
+
 				$sql = 'SELECT *
 					FROM ' . MODULES_TABLE . "
 					WHERE module_class = '" . $db->sql_escape($this->module_class) . "'
@@ -273,6 +286,11 @@ class acp_modules
 
 				if ($submit)
 				{
+					if (!check_form_key($form_key))
+					{
+						trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&parent_id=' . $this->parent_id), E_USER_WARNING);
+					}
+
 					if (!$module_data['module_langname'])
 					{
 						trigger_error($user->lang['NO_MODULE_LANGNAME'] . adm_back_link($this->u_action . '&parent_id=' . $this->parent_id), E_USER_WARNING);
@@ -460,12 +478,12 @@ class acp_modules
 					'S_ACP_MODULE_MANAGEMENT'	=> ($this->module_class == 'acp' && ($row['module_basename'] == 'modules' || $row['module_langname'] == 'ACP_MODULE_MANAGEMENT')) ? true : false,
 
 					'U_MODULE'			=> $this->u_action . '&parent_id=' . $row['module_id'],
-					'U_MOVE_UP'			=> $url . '&action=move_up',
-					'U_MOVE_DOWN'		=> $url . '&action=move_down',
+					'U_MOVE_UP'			=> $url . '&action=move_up&hash=' . generate_link_hash('acp_modules'),
+					'U_MOVE_DOWN'		=> $url . '&action=move_down&hash=' . generate_link_hash('acp_modules'),
 					'U_EDIT'			=> $url . '&action=edit',
 					'U_DELETE'			=> $url . '&action=delete',
-					'U_ENABLE'			=> $url . '&action=enable',
-					'U_DISABLE'			=> $url . '&action=disable')
+					'U_ENABLE'			=> $url . '&action=enable&hash=' . generate_link_hash('acp_modules'),
+					'U_DISABLE'			=> $url . '&action=disable&hash=' . generate_link_hash('acp_modules'))
 				);
 			}
 			while ($row = $db->sql_fetchrow($result));
@@ -484,8 +502,8 @@ class acp_modules
 
 				'U_EDIT'			=> $url . '&action=edit',
 				'U_DELETE'			=> $url . '&action=delete',
-				'U_ENABLE'			=> $url . '&action=enable',
-				'U_DISABLE'			=> $url . '&action=disable')
+				'U_ENABLE'			=> $url . '&action=enable&hash=' . generate_link_hash('acp_modules'),
+				'U_DISABLE'			=> $url . '&action=disable&hash=' . generate_link_hash('acp_modules'))
 			);
 		}
 		$db->sql_freeresult($result);
@@ -888,7 +906,7 @@ class acp_modules
 		$diff = sizeof($moved_modules) * 2;
 
 		$moved_ids = array();
-		for ($i = 0; $i < sizeof($moved_modules); ++$i)
+		for ($i = 0, $size = sizeof($moved_modules); $i < $size; ++$i)
 		{
 			$moved_ids[] = $moved_modules[$i]['module_id'];
 		}

phpBB/includes/acp/acp_permission_roles.php

@@ -30,8 +30,15 @@ class acp_permission_roles
 		global $config, $phpbb_root_path, $phpbb_admin_path, $phpEx;
 		global $request;
 
-		include_once($phpbb_root_path . 'includes/functions_user.' . $phpEx);
-		include_once($phpbb_root_path . 'includes/acp/auth.' . $phpEx);
+		if (!function_exists('user_get_id_name'))
+		{
+			include($phpbb_root_path . 'includes/functions_user.' . $phpEx);
+		}
+
+		if (!class_exists('auth_admin'))
+		{
+			include($phpbb_root_path . 'includes/acp/auth.' . $phpEx);
+		}
 
 		$this->auth_admin = new auth_admin();
 
@@ -359,6 +366,11 @@ class acp_permission_roles
 			case 'move_up':
 			case 'move_down':
 
+				if (!check_link_hash($request->variable('hash', ''), 'acp_permission_roles'))
+				{
+					trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING);
+				}
+
 				$sql = 'SELECT role_order
 					FROM ' . ACL_ROLES_TABLE . "
 					WHERE role_id = $role_id";
@@ -433,8 +445,8 @@ class acp_permission_roles
 
 				'U_EDIT'			=> $this->u_action . '&action=edit&role_id=' . $row['role_id'],
 				'U_REMOVE'			=> $this->u_action . '&action=remove&role_id=' . $row['role_id'],
-				'U_MOVE_UP'			=> $this->u_action . '&action=move_up&role_id=' . $row['role_id'],
-				'U_MOVE_DOWN'		=> $this->u_action . '&action=move_down&role_id=' . $row['role_id'],
+				'U_MOVE_UP'			=> $this->u_action . '&action=move_up&role_id=' . $row['role_id'] . '&hash=' . generate_link_hash('acp_permission_roles'),
+				'U_MOVE_DOWN'		=> $this->u_action . '&action=move_down&role_id=' . $row['role_id'] . '&hash=' . generate_link_hash('acp_permission_roles'),
 				'U_DISPLAY_ITEMS'	=> ($row['role_id'] == $display_item) ? '' : $this->u_action . '&display_item=' . $row['role_id'] . '#assigned_to')
 			);
 

phpBB/includes/acp/acp_permissions.php

@@ -30,8 +30,15 @@ class acp_permissions
 		global $db, $user, $auth, $template, $cache, $phpbb_container;
 		global $config, $phpbb_root_path, $phpbb_admin_path, $phpEx;
 
-		include_once($phpbb_root_path . 'includes/functions_user.' . $phpEx);
-		include_once($phpbb_root_path . 'includes/acp/auth.' . $phpEx);
+		if (!function_exists('user_get_id_name'))
+		{
+			include($phpbb_root_path . 'includes/functions_user.' . $phpEx);
+		}
+
+		if (!class_exists('auth_admin'))
+		{
+			include($phpbb_root_path . 'includes/acp/auth.' . $phpEx);
+		}
 
 		$this->permissions = $phpbb_container->get('acl.permissions');
 
@@ -748,6 +755,7 @@ class acp_permissions
 
 		$this->log_action($mode, 'add', $permission_type, $ug_type, $ug_id, $forum_id);
 
+		meta_refresh(5, $this->u_action);
 		trigger_error($user->lang['AUTH_UPDATED'] . adm_back_link($this->u_action));
 	}
 
@@ -818,10 +826,12 @@ class acp_permissions
 
 		if ($mode == 'setting_forum_local' || $mode == 'setting_mod_local')
 		{
+			meta_refresh(5, $this->u_action . '&forum_id[]=' . implode('&forum_id[]=', $forum_ids));
 			trigger_error($user->lang['AUTH_UPDATED'] . adm_back_link($this->u_action . '&forum_id[]=' . implode('&forum_id[]=', $forum_ids)));
 		}
 		else
 		{
+			meta_refresh(5, $this->u_action);
 			trigger_error($user->lang['AUTH_UPDATED'] . adm_back_link($this->u_action));
 		}
 	}
@@ -892,10 +902,12 @@ class acp_permissions
 
 		if ($mode == 'setting_forum_local' || $mode == 'setting_mod_local')
 		{
+			meta_refresh(5, $this->u_action . '&forum_id[]=' . implode('&forum_id[]=', $forum_id));
 			trigger_error($user->lang['AUTH_UPDATED'] . adm_back_link($this->u_action . '&forum_id[]=' . implode('&forum_id[]=', $forum_id)));
 		}
 		else
 		{
+			meta_refresh(5, $this->u_action);
 			trigger_error($user->lang['AUTH_UPDATED'] . adm_back_link($this->u_action));
 		}
 	}

phpBB/includes/acp/acp_profile.php

@@ -33,8 +33,15 @@ class acp_profile
 		global $phpbb_root_path, $phpbb_admin_path, $phpEx, $table_prefix;
 		global $request, $phpbb_container, $phpbb_dispatcher;
 
-		include($phpbb_root_path . 'includes/functions_posting.' . $phpEx);
-		include($phpbb_root_path . 'includes/functions_user.' . $phpEx);
+		if (!function_exists('generate_smilies'))
+		{
+			include($phpbb_root_path . 'includes/functions_posting.' . $phpEx);
+		}
+
+		if (!function_exists('user_get_id_name'))
+		{
+			include($phpbb_root_path . 'includes/functions_user.' . $phpEx);
+		}
 
 		$user->add_lang(array('ucp', 'acp/profile'));
 		$this->tpl_name = 'acp_profile';
@@ -46,6 +53,9 @@ class acp_profile
 		$error = array();
 		$s_hidden_fields = '';
 
+		$form_key = 'acp_profile';
+		add_form_key($form_key);
+
 		if (!$field_id && in_array($action, array('delete','activate', 'deactivate', 'move_up', 'move_down', 'edit')))
 		{
 			trigger_error($user->lang['NO_FIELD_ID'] . adm_back_link($this->u_action), E_USER_WARNING);
@@ -154,6 +164,11 @@ class acp_profile
 
 			case 'activate':
 
+				if (!check_link_hash($request->variable('hash', ''), 'acp_profile'))
+				{
+					trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING);
+				}
+
 				$sql = 'SELECT lang_id
 					FROM ' . LANG_TABLE . "
 					WHERE lang_iso = '" . $db->sql_escape($config['default_lang']) . "'";
@@ -194,6 +209,11 @@ class acp_profile
 
 			case 'deactivate':
 
+				if (!check_link_hash($request->variable('hash', ''), 'acp_profile'))
+				{
+					trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING);
+				}
+
 				$sql = 'UPDATE ' . PROFILE_FIELDS_TABLE . "
 					SET field_active = 0
 					WHERE field_id = $field_id";
@@ -223,6 +243,11 @@ class acp_profile
 			case 'move_up':
 			case 'move_down':
 
+				if (!check_link_hash($request->variable('hash', ''), 'acp_profile'))
+				{
+					trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING);
+				}
+
 				$sql = 'SELECT field_order
 					FROM ' . PROFILE_FIELDS_TABLE . "
 					WHERE field_id = $field_id";
@@ -537,13 +562,14 @@ class acp_profile
 					}
 				}
 
-				$step = (isset($_REQUEST['next'])) ? $step + 1 : ((isset($_REQUEST['prev'])) ? $step - 1 : $step);
-
 				if (sizeof($error))
 				{
-					$step--;
 					$submit = false;
 				}
+				else
+				{
+					$step = (isset($_REQUEST['next'])) ? $step + 1 : ((isset($_REQUEST['prev'])) ? $step - 1 : $step);
+				}
 
 				// Build up the specific hidden fields
 				foreach ($exclude as $num => $key_ary)
@@ -561,7 +587,7 @@ class acp_profile
 						$var = $profile_field->prepare_hidden_fields($step, $key, $action, $field_data);
 						if ($var !== null)
 						{
-							$_new_key_ary[$key] = $profile_field->prepare_hidden_fields($step, $key, $action, $field_data);
+							$_new_key_ary[$key] = $var;
 						}
 					}
 					$cp->vars = $field_data;
@@ -571,12 +597,13 @@ class acp_profile
 
 				if (!sizeof($error))
 				{
-					if ($step == 3 && (sizeof($this->lang_defs['iso']) == 1 || $save))
-					{
-						$this->save_profile_field($cp, $field_type, $action);
-					}
-					else if ($action == 'edit' && $save)
+					if (($step == 3 && (sizeof($this->lang_defs['iso']) == 1 || $save)) || ($action == 'edit' && $save))
 					{
+						if (!check_form_key($form_key))
+						{
+							trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING);
+						}
+
 						$this->save_profile_field($cp, $field_type, $action);
 					}
 				}
@@ -725,18 +752,22 @@ class acp_profile
 				$s_one_need_edit = true;
 			}
 
+			if (!isset($this->type_collection[$row['field_type']]))
+			{
+				continue;
+			}
 			$profile_field = $this->type_collection[$row['field_type']];
 			$template->assign_block_vars('fields', array(
 				'FIELD_IDENT'		=> $row['field_ident'],
 				'FIELD_TYPE'		=> $profile_field->get_name(),
 
 				'L_ACTIVATE_DEACTIVATE'		=> $user->lang[$active_lang],
-				'U_ACTIVATE_DEACTIVATE'		=> $this->u_action . "&action=$active_value&field_id=$id",
+				'U_ACTIVATE_DEACTIVATE'		=> $this->u_action . "&action=$active_value&field_id=$id" . '&hash=' . generate_link_hash('acp_profile'),
 				'U_EDIT'					=> $this->u_action . "&action=edit&field_id=$id",
 				'U_TRANSLATE'				=> $this->u_action . "&action=edit&field_id=$id&step=3",
 				'U_DELETE'					=> $this->u_action . "&action=delete&field_id=$id",
-				'U_MOVE_UP'					=> $this->u_action . "&action=move_up&field_id=$id",
-				'U_MOVE_DOWN'				=> $this->u_action . "&action=move_down&field_id=$id",
+				'U_MOVE_UP'					=> $this->u_action . "&action=move_up&field_id=$id" . '&hash=' . generate_link_hash('acp_profile'),
+				'U_MOVE_DOWN'				=> $this->u_action . "&action=move_down&field_id=$id" . '&hash=' . generate_link_hash('acp_profile'),
 
 				'S_NEED_EDIT'				=> $s_need_edit)
 			);