Merge pull request #27 from phpbb/ticket/security-196

[ticket/security-196] Escapes the exception messages before displaying them

.github/CONTRIBUTING.md

@@ -2,5 +2,5 @@
 
 1. [Create an account on phpBB.com](http://www.phpbb.com/community/ucp.php?mode=register)
 2. [Create a ticket (unless there already is one)](http://tracker.phpbb.com/secure/CreateIssue!default.jspa)
-3. Read our [Coding guidelines](https://wiki.phpbb.com/Coding_guidelines) and [Git Contribution Guidelines](http://wiki.phpbb.com/Git); if you're new to git, also read [the introduction guide](http://wiki.phpbb.com/display/DEV/Working+with+Git)
+3. Read our [Coding guidelines](https://wiki.phpbb.com/Coding_guidelines) and [Git Contribution Guidelines](http://wiki.phpbb.com/Git)
 4. Send us a pull request

.github/PULL_REQUEST_TEMPLATE.md

@@ -0,0 +1,10 @@
+Checklist:
+
+- [ ] Correct branch: master for new features; 3.2.x, 3.1.x for fixes
+- [ ] Tests pass
+- [ ] Code follows coding guidelines: [master / 3.2.x](https://area51.phpbb.com/docs/master/coding-guidelines.html), [3.1.x](https://area51.phpbb.com/docs/31x/coding-guidelines.html)
+- [ ] Commit follows commit message [format](https://wiki.phpbb.com/Git#Commit_Messages)
+
+Tracker ticket (set the ticket ID to **your ticket ID**):
+
+https://tracker.phpbb.com/browse/PHPBB3-12345

.jshintrc

@@ -19,6 +19,7 @@
   "jquery": true,
 
   "globals": {
-    "JSON": true
+    "JSON": true,
+    "phpbb": true
   }
 }

.travis.yml

@@ -22,12 +22,9 @@ matrix:
       env: DB=mysqli
     - php: 5.6
       env: DB=mysqli
-    - php: 7.0
-      env: DB=mysqli
     - php: hhvm
       env: DB=mysqli
   allow_failures:
-    - php: 7.0
     - php: hhvm
   fast_finish: true
 

README.md

@@ -2,34 +2,34 @@
 
 ## ABOUT
 
-phpBB is a free bulletin board written in PHP.
+phpBB is a free open-source bulletin board written in PHP.
 
 ## COMMUNITY
 
-Find support and lots more on [phpBB.com](http://www.phpbb.com)! Discuss the development on [area51](http://area51.phpbb.com/phpBB/index.php).
+Get your copy of phpBB, find support and lots more on [phpBB.com](http://www.phpbb.com)! Discuss the development on [area51](http://area51.phpbb.com/phpBB/index.php).
 
 ## INSTALLING DEPENDENCIES
 
 To be able to run an installation from the repo (and not from a pre-built package) you need to run the following commands to install phpBB's dependencies.
 
 	cd phpBB
-	php ../composer.phar install --dev
+	php ../composer.phar install
 
 
 ## CONTRIBUTE
 
 1. [Create an account on phpBB.com](http://www.phpbb.com/community/ucp.php?mode=register)
 2. [Create a ticket (unless there already is one)](http://tracker.phpbb.com/secure/CreateIssue!default.jspa)
-3. [Read our Git Contribution Guidelines](http://wiki.phpbb.com/Git); if you're new to git, also read [the introduction guide](http://wiki.phpbb.com/display/DEV/Working+with+Git)
+3. Read our [Coding guidelines](https://wiki.phpbb.com/Coding_guidelines) and [Git Contribution Guidelines](http://wiki.phpbb.com/Git)
 4. Send us a pull request
 
 ## AUTOMATED TESTING
 
-We have unit and functional tests in order to prevent regressions. You can view the bamboo continuous integration [here](http://bamboo.phpbb.com) or check our travis build below:
+We have unit and functional tests in order to prevent regressions. You can view the bamboo continuous integration [here](http://bamboo.phpbb.com) or check our travis builds below:
 
 * [![Build Status](https://secure.travis-ci.org/phpbb/phpbb.png?branch=master)](http://travis-ci.org/phpbb/phpbb) **master** - Latest development version
+* [![Build Status](https://secure.travis-ci.org/phpbb/phpbb.png?branch=3.2.x)](http://travis-ci.org/phpbb/phpbb) **3.2.x** - Development of version 3.2.x
 * [![Build Status](https://secure.travis-ci.org/phpbb/phpbb.png?branch=3.1.x)](http://travis-ci.org/phpbb/phpbb) **3.1.x** - Development of version 3.1.x
-* [![Build Status](https://secure.travis-ci.org/phpbb/phpbb.png?branch=3.0.x)](http://travis-ci.org/phpbb/phpbb) **3.0.x** - Development of version 3.0.x
 
 ## LICENSE
 

build/build.xml

@@ -2,9 +2,9 @@
 
 <project name="phpBB" description="The phpBB forum software" default="all" basedir="../">
 	<!-- a few settings for the build -->
-	<property name="newversion" value="3.1.7-pl1" />
-	<property name="prevversion" value="3.1.6" />
-	<property name="olderversions" value="3.0.14, 3.1.0, 3.1.1, 3.1.2, 3.1.3, 3.1.4, 3.1.5, 3.1.7-RC1, 3.1.7" />
+	<property name="newversion" value="3.1.10" />
+	<property name="prevversion" value="3.1.9" />
+	<property name="olderversions" value="3.0.14, 3.1.0, 3.1.1, 3.1.2, 3.1.3, 3.1.4, 3.1.5, 3.1.6, 3.1.7, 3.1.7-pl1, 3.1.8" />
 	<!-- no configuration should be needed beyond this point -->
 
 	<property name="oldversions" value="${olderversions}, ${prevversion}" />
@@ -49,7 +49,7 @@
 	-->
 	<target name="composer">
 		<exec dir="phpBB"
-			command="php ../composer.phar install --dev"
+			command="php ../composer.phar install --ignore-platform-reqs"
 			checkreturn="true"
 			passthru="true" />
 	</target>
@@ -143,6 +143,7 @@
 		<phingcall target="export">
 			<property name="revision" value="release-${version}" />
 			<property name="dir" value="build/old_versions/release-${version}" />
+			<property name="skip-composer" value="true" />
 		</phingcall>
 
 		<phingcall target="clean-diff-dir">
@@ -251,26 +252,35 @@
 			<equals arg1="${composer-has-dependencies}" arg2="1" trim="true" />
 			<then>
 				<!-- We have non-dev composer dependencies -->
-				<exec dir="."
-					command="git ls-tree ${revision} composer.phar"
-					checkreturn="true"
-					outputProperty='composer-ls-tree-output' />
 				<if>
-					<equals arg1="${composer-ls-tree-output}" arg2="" trim="true" />
+					<not><isset property="skip-composer" /></not>
 					<then>
-						<fail message="There are composer dependencies, but composer.phar is missing." />
-					</then>
-					<else>
-						<!-- Export the phar, install dependencies, delete phar. -->
 						<exec dir="."
-							command="git archive ${revision} composer.phar | tar -xf - -C ${dir}"
-							checkreturn="true" />
-						<exec dir="${dir}"
-							command="php composer.phar install --no-dev --optimize-autoloader"
+							command="git ls-tree ${revision} composer.phar"
 							checkreturn="true"
-							passthru="true" />
-						<delete file="${dir}/composer.phar" />
-					</else>
+							outputProperty='composer-ls-tree-output' />
+						<if>
+							<equals arg1="${composer-ls-tree-output}" arg2="" trim="true" />
+							<then>
+								<fail message="There are composer dependencies, but composer.phar is missing." />
+							</then>
+							<else>
+								<!-- Export the phar, install dependencies, delete phar. -->
+								<exec dir="."
+									command="git archive ${revision} composer.phar | tar -xf - -C ${dir}"
+									checkreturn="true" />
+								<exec dir="${dir}"
+									command="php composer.phar install --no-dev --optimize-autoloader --ignore-platform-reqs"
+									checkreturn="true"
+									passthru="true" />
+								<delete file="${dir}/composer.phar" />
+
+								<phingcall target="clean-vendor-dir">
+									<property name="dir" value="${dir}" />
+								</phingcall>
+							</else>
+						</if>
+					</then>
 				</if>
 			</then>
 			<else>
@@ -287,10 +297,6 @@
 		<delete dir="${dir}/develop" />
 		<delete dir="${dir}/install/data" />
 
-		<phingcall target="clean-vendor-dir">
-			<property name="dir" value="${dir}" />
-		</phingcall>
-
 		<echo msg="Setting permissions for checkout of ${revision} in ${dir}" />
 		<!-- set permissions of all files to 644, directories to 755 -->
 		<exec dir="${dir}" command="find . -type f|xargs chmod 644" escape="false" />
@@ -307,6 +313,7 @@
 		<delete dir="${dir}/vendor/lusitanian/oauth/examples" />
 		<delete dir="${dir}/vendor/lusitanian/oauth/tests" />
 		<delete file="${dir}/vendor/lusitanian/oauth/.gitignore" />
+		<delete file="${dir}/vendor/lusitanian/oauth/.scrutinizer.yml" />
 		<delete file="${dir}/vendor/lusitanian/oauth/.travis.yml" />
 		<delete file="${dir}/vendor/lusitanian/oauth/phpunit.xml.dist" />
 		<delete file="${dir}/vendor/lusitanian/oauth/README.md" />
@@ -381,10 +388,9 @@
 		<delete file="${dir}/vendor/twig/twig/.editorconfig" />
 		<delete file="${dir}/vendor/twig/twig/.gitignore" />
 		<delete file="${dir}/vendor/twig/twig/.travis.yml" />
-		<delete file="${dir}/vendor/twig/twig/AUTHORS" />
 		<delete file="${dir}/vendor/twig/twig/CHANGELOG" />
 		<delete file="${dir}/vendor/twig/twig/phpunit.xml.dist" />
-		<delete file="${dir}/vendor/twig/twig/README.markdown" />
+		<delete file="${dir}/vendor/twig/twig/README.rst" />
 	</target>
 
 	<target name="clean-diff-dir">

build/code_sniffer/phpbb/Sniffs/Namespaces/UnusedUseSniff.php

@@ -129,53 +129,19 @@ class phpbb_Sniffs_Namespaces_UnusedUseSniff implements PHP_CodeSniffer_Sniff
 			}
 		}
 
+		$old_docblock = $stackPtr;
+		while (($docblock = $phpcsFile->findNext(T_DOC_COMMENT_CLOSE_TAG, ($old_docblock + 1))) !== false)
+		{
+			$old_docblock = $docblock;
+			$ok = $this->checkDocblock($phpcsFile, $docblock, $tokens, $class_name_full, $class_name_short) ? true : $ok;
+		}
+
 		// Checks in type hinting
 		$old_function_declaration = $stackPtr;
 		while (($function_declaration = $phpcsFile->findNext(T_FUNCTION, ($old_function_declaration + 1))) !== false)
 		{
 			$old_function_declaration = $function_declaration;
 
-			// Check docblocks
-			$find = array(
-				T_COMMENT,
-				T_DOC_COMMENT_CLOSE_TAG,
-				T_DOC_COMMENT,
-				T_CLASS,
-				T_FUNCTION,
-				T_OPEN_TAG,
-			);
-
-			$comment_end = $phpcsFile->findPrevious($find, ($function_declaration - 1));
-			if ($comment_end !== false)
-			{
-				if ($tokens[$comment_end]['code'] === T_DOC_COMMENT_CLOSE_TAG)
-				{
-					$comment_start = $tokens[$comment_end]['comment_opener'];
-					foreach ($tokens[$comment_start]['comment_tags'] as $tag) {
-						if ($tokens[$tag]['content'] !== '@param' && $tokens[$tag]['content'] !== '@return' && $tokens[$tag]['content'] !== '@throws') {
-							continue;
-						}
-
-						$classes = $tokens[($tag + 2)]['content'];
-						$space = strpos($classes, ' ');
-						if ($space !== false) {
-							$classes = substr($classes, 0, $space);
-						}
-
-						$tab = strpos($classes, "\t");
-						if ($tab !== false) {
-							$classes = substr($classes, 0, $tab);
-						}
-
-						$classes = explode('|', str_replace('[]', '', $classes));
-						foreach ($classes as $class)
-						{
-							$ok = $this->check($phpcsFile, $class, $class_name_full, $class_name_short, $tokens[$tag + 2]['line']) ? true : $ok;
-						}
-					}
-				}
-			}
-
 			// Check type hint
 			$params = $phpcsFile->getMethodParameters($function_declaration);
 			foreach ($params as $param)
@@ -234,4 +200,49 @@ class phpbb_Sniffs_Namespaces_UnusedUseSniff implements PHP_CodeSniffer_Sniff
 		return false;
 
 	}
+
+	/**
+	 * @param PHP_CodeSniffer_File $phpcsFile
+	 * @param int $field
+	 * @param array $tokens
+	 * @param string $class_name_full
+	 * @param string $class_name_short
+	 * @param bool $ok
+	 *
+	 * @return bool
+	 */
+	private function checkDocblock(PHP_CodeSniffer_File $phpcsFile, $comment_end, $tokens, $class_name_full, $class_name_short)
+	{
+		$ok = false;
+
+		$comment_start = $tokens[$comment_end]['comment_opener'];
+		foreach ($tokens[$comment_start]['comment_tags'] as $tag)
+		{
+			if (!in_array($tokens[$tag]['content'], array('@param', '@var', '@return', '@throws'), true))
+			{
+				continue;
+			}
+
+			$classes = $tokens[($tag + 2)]['content'];
+			$space = strpos($classes, ' ');
+			if ($space !== false)
+			{
+				$classes = substr($classes, 0, $space);
+			}
+
+			$tab = strpos($classes, "\t");
+			if ($tab !== false)
+			{
+				$classes = substr($classes, 0, $tab);
+			}
+
+			$classes = explode('|', str_replace('[]', '', $classes));
+			foreach ($classes as $class)
+			{
+				$ok = $this->check($phpcsFile, $class, $class_name_full, $class_name_short, $tokens[$tag + 2]['line']) ? true : $ok;
+			}
+		}
+
+		return $ok;
+	}
 }

build/sami-all.conf.php

@@ -25,6 +25,7 @@ $config['versions'] = Sami\Version\GitVersionCollection::create(__DIR__ . '/../'
 	*/
 	->add('3.0.x')
 	->add('3.1.x')
+	->add('3.2.x')
 	->add('master')
 ;
 

phpBB/.htaccess

@@ -1,6 +1,16 @@
 <IfModule mod_rewrite.c>
 RewriteEngine on
 
+#
+# Uncomment the statement below if URL rewriting doesn't
+# work properly. If you installed phpBB in a subdirectory
+# of your site, properly set the argument for the statement.
+# e.g.: if your domain is test.com and you installed phpBB
+# in http://www.test.com/phpBB/index.php you have to set
+# the statement RewriteBase /phpBB/
+#
+#RewriteBase /
+
 #
 # Uncomment the statement below if you want to make use of
 # HTTP authentication and it does not already work.

phpBB/adm/style/acp_attachments.html

@@ -196,7 +196,7 @@
 		</dl>
 		<dl>
 			<dt><label for="extgroup_filesize">{L_MAX_EXTGROUP_FILESIZE}{L_COLON}</label></dt>
-			<dd><input type="number" id="extgroup_filesize" size="3" maxlength="15" name="max_filesize" value="{EXTGROUP_FILESIZE}" /> <select name="size_select">{S_EXT_GROUP_SIZE_OPTIONS}</select></dd>
+			<dd><input type="number" id="extgroup_filesize" min="0" max="999999999999999" step="any" name="max_filesize" value="{EXTGROUP_FILESIZE}" /> <select name="size_select">{S_EXT_GROUP_SIZE_OPTIONS}</select></dd>
 		</dl>
 		<dl>
 			<dt><label for="assigned_extensions">{L_ASSIGNED_EXTENSIONS}{L_COLON}</label></dt>
@@ -346,7 +346,7 @@
 			<td><a href="{orphan.U_FILE}">{orphan.REAL_FILENAME}</a></td>
 			<td>{orphan.FILETIME}</td>
 			<td>{orphan.FILESIZE}</td>
-			<td><strong>{L_ATTACH_ID}{L_COLON} </strong><input type="number" name="post_id[{orphan.ATTACH_ID}]" maxlength="10" value="{orphan.POST_ID}" style="width: 75%;" /></td>
+			<td><strong>{L_ATTACH_ID}{L_COLON} </strong><input type="number" min="0" max="9999999999" name="post_id[{orphan.ATTACH_ID}]" value="{orphan.POST_ID}" style="width: 75%;" /></td>
 			<td><input type="checkbox" class="radio" name="add[{orphan.ATTACH_ID}]" /></td>
 			<td><input type="checkbox" class="radio" name="delete[{orphan.ATTACH_ID}]" /></td>
 		</tr>

phpBB/adm/style/acp_avatar_options_gravatar.html

@@ -5,7 +5,7 @@
 <dl>
 	<dt><label for="avatar_gravatar_width">{L_GRAVATAR_AVATAR_SIZE}{L_COLON}</label><br /><span>{L_GRAVATAR_AVATAR_SIZE_EXPLAIN}</span></dt>
 	<dd>
-		<input type="number" name="avatar_gravatar_width" id="avatar_gravatar_width" size="3" value="{AVATAR_GRAVATAR_WIDTH}" class="inputbox autowidth" /> {L_PIXEL} &times;&nbsp; 
-		<input type="number" name="avatar_gravatar_height" id="avatar_gravatar_height" size="3" value="{AVATAR_GRAVATAR_HEIGHT}" class="inputbox autowidth" /> {L_PIXEL}
+		<input type="number" name="avatar_gravatar_width" id="avatar_gravatar_width" min="{AVATAR_MIN_WIDTH}" max="{AVATAR_MAX_WIDTH}" value="{AVATAR_GRAVATAR_WIDTH}" class="inputbox autowidth" /> {L_PIXEL} &times;&nbsp;
+		<input type="number" name="avatar_gravatar_height" id="avatar_gravatar_height" min="{AVATAR_MIN_HEIGHT}" max="{AVATAR_MAX_HEIGHT}" value="{AVATAR_GRAVATAR_HEIGHT}" class="inputbox autowidth" /> {L_PIXEL}
 	</dd>
 </dl>

phpBB/adm/style/acp_avatar_options_remote.html

@@ -5,7 +5,7 @@
 <dl>
 	<dt><label for="avatar_remote_width">{L_LINK_REMOTE_SIZE}{L_COLON}</label><br /><span>{L_LINK_REMOTE_SIZE_EXPLAIN}</span></dt>
 	<dd>
-		<input type="number" name="avatar_remote_width" id="avatar_remote_width" size="3" value="{AVATAR_REMOTE_WIDTH}" class="inputbox autowidth" /> {L_PIXEL} &times;&nbsp; 
-		<input type="number" name="avatar_remote_height" id="avatar_remote_height" size="3" value="{AVATAR_REMOTE_HEIGHT}" class="inputbox autowidth" /> {L_PIXEL}
+		<input type="number" name="avatar_remote_width" id="avatar_remote_width" min="{AVATAR_MIN_WIDTH}" max="{AVATAR_MAX_WIDTH}" value="{AVATAR_REMOTE_WIDTH}" class="inputbox autowidth" /> {L_PIXEL} &times;&nbsp;
+		<input type="number" name="avatar_remote_height" id="avatar_remote_height" min="{AVATAR_MIN_HEIGHT}" max="{AVATAR_MAX_HEIGHT}" value="{AVATAR_REMOTE_HEIGHT}" class="inputbox autowidth" /> {L_PIXEL}
 	</dd>
 </dl>

phpBB/adm/style/acp_captcha.html

@@ -27,11 +27,11 @@
 </dl>
 <dl>
 	<dt><label for="max_reg_attempts">{L_REG_LIMIT}{L_COLON}</label><br /><span>{L_REG_LIMIT_EXPLAIN}</span></dt>
-	<dd><input id="max_reg_attempts" type="number" size="4" maxlength="4" min="0" max="9999" name="max_reg_attempts" value="{REG_LIMIT}" /></dd>
+	<dd><input id="max_reg_attempts" type="number" min="0" max="9999" name="max_reg_attempts" value="{REG_LIMIT}" /></dd>
 </dl>
 <dl>
 	<dt><label for="max_login_attempts">{L_MAX_LOGIN_ATTEMPTS}{L_COLON}</label><br /><span>{L_MAX_LOGIN_ATTEMPTS_EXPLAIN}</span></dt>
-	<dd><input id="max_login_attempts" type="number" size="4" maxlength="4" min="0" max="9999" name="max_login_attempts" value="{MAX_LOGIN_ATTEMPTS}" /></dd>
+	<dd><input id="max_login_attempts" type="number" min="0" max="9999" name="max_login_attempts" value="{MAX_LOGIN_ATTEMPTS}" /></dd>
 </dl>
 <dl>
 	<dt><label for="enable_post_confirm">{L_VISUAL_CONFIRM_POST}{L_COLON}</label><br /><span>{L_VISUAL_CONFIRM_POST_EXPLAIN}</span></dt>

phpBB/adm/style/acp_database.html

@@ -14,7 +14,7 @@
 		<legend>{L_RESTORE_OPTIONS}</legend>
 	<dl>
 		<dt><label for="file">{L_SELECT_FILE}{L_COLON}</label></dt>
-		<dd><select id="file" name="file" size="10"><!-- BEGIN files --><option value="{files.FILE}"<!-- IF files.S_LAST_ROW --> selected="selected"<!-- ENDIF -->>{files.NAME}</option><!-- END files --></select></dd>
+		<dd><select id="file" name="file" size="10"><!-- BEGIN files --><option value="{files.FILE}"<!-- IF files.S_FIRST_ROW --> selected="selected"<!-- ENDIF -->>{files.NAME}</option><!-- END files --></select></dd>
 	</dl>
 
 	<p class="submit-buttons">

phpBB/adm/style/acp_forums.html

@@ -242,7 +242,7 @@
 		</dl>
 		<dl>
 			<dt><label for="topics_per_page">{L_FORUM_TOPICS_PAGE}{L_COLON}</label><br /><span>{L_FORUM_TOPICS_PAGE_EXPLAIN}</span></dt>
-			<dd><input type="number" id="topics_per_page" name="topics_per_page" value="{TOPICS_PER_PAGE}" size="4" maxlength="4" min="0" max="9999" /></dd>
+			<dd><input type="number" id="topics_per_page" name="topics_per_page" value="{TOPICS_PER_PAGE}" min="0" max="9999" /></dd>
 		</dl>
 		<!-- EVENT acp_forums_normal_settings_append -->
 		</fieldset>
@@ -257,15 +257,15 @@
 		</dl>
 		<dl>
 			<dt><label for="prune_freq">{L_AUTO_PRUNE_FREQ}{L_COLON}</label><br /><span>{L_AUTO_PRUNE_FREQ_EXPLAIN}</span></dt>
-			<dd><input type="number" id="prune_freq" name="prune_freq" value="{PRUNE_FREQ}" maxlength="4" size="4" min="0" max="9999" /> {L_DAYS}</dd>
+			<dd><input type="number" id="prune_freq" name="prune_freq" value="{PRUNE_FREQ}" min="0" max="9999" /> {L_DAYS}</dd>
 		</dl>
 		<dl>
 			<dt><label for="prune_days">{L_AUTO_PRUNE_DAYS}{L_COLON}</label><br /><span>{L_AUTO_PRUNE_DAYS_EXPLAIN}</span></dt>
-			<dd><input type="number" id="prune_days" name="prune_days" value="{PRUNE_DAYS}" maxlength="4" size="4" min="0" max="9999" /> {L_DAYS}</dd>
+			<dd><input type="number" id="prune_days" name="prune_days" value="{PRUNE_DAYS}" min="0" max="9999" /> {L_DAYS}</dd>
 		</dl>
 		<dl>
 			<dt><label for="prune_viewed">{L_AUTO_PRUNE_VIEWED}{L_COLON}</label><br /><span>{L_AUTO_PRUNE_VIEWED_EXPLAIN}</span></dt>
-			<dd><input type="number" id="prune_viewed" name="prune_viewed" value="{PRUNE_VIEWED}" maxlength="4" size="4" min="0" max="9999" /> {L_DAYS}</dd>
+			<dd><input type="number" id="prune_viewed" name="prune_viewed" value="{PRUNE_VIEWED}" min="0" max="9999" /> {L_DAYS}</dd>
 		</dl>
 		<dl>
 			<dt><label for="prune_old_polls">{L_PRUNE_OLD_POLLS}{L_COLON}</label><br /><span>{L_PRUNE_OLD_POLLS_EXPLAIN}</span></dt>
@@ -289,11 +289,11 @@
 		</dl>
 		<dl>
 			<dt><label for="prune_shadow_freq">{L_AUTO_PRUNE_SHADOW_FREQ}{L_COLON}</label><br /><span>{L_AUTO_PRUNE_SHADOW_FREQ_EXPLAIN}</span></dt>
-			<dd><input type="number" id="prune_shadow_freq" name="prune_shadow_freq" value="{PRUNE_SHADOW_FREQ}" maxlength="4" size="4" min="0" max="9999" /> {L_DAYS}</dd>
+			<dd><input type="number" id="prune_shadow_freq" name="prune_shadow_freq" value="{PRUNE_SHADOW_FREQ}" min="0" max="9999" /> {L_DAYS}</dd>
 		</dl>
 		<dl>
 			<dt><label for="prune_shadow_days">{L_AUTO_PRUNE_SHADOW_DAYS}{L_COLON}</label><br /><span>{L_AUTO_PRUNE_SHADOW_DAYS_EXPLAIN}</span></dt>
-			<dd><input type="number" id="prune_shadow_days" name="prune_shadow_days" value="{PRUNE_SHADOW_DAYS}" maxlength="4" size="4" min="0" max="9999" /> {L_DAYS}</dd>
+			<dd><input type="number" id="prune_shadow_days" name="prune_shadow_days" value="{PRUNE_SHADOW_DAYS}" min="0" max="9999" /> {L_DAYS}</dd>
 		</dl>
 		<!-- EVENT acp_forums_prune_settings_append -->
 		</fieldset>

phpBB/adm/style/acp_groups.html

@@ -86,11 +86,11 @@
 		<legend>{L_GROUP_SETTINGS_SAVE}</legend>
 	<dl>
 		<dt><label for="group_message_limit">{L_GROUP_MESSAGE_LIMIT}{L_COLON}</label><br /><span>{L_GROUP_MESSAGE_LIMIT_EXPLAIN}</span></dt>
-		<dd><input name="group_message_limit" type="number" id="group_message_limit" maxlength="4" size="4" min="0" max="9999" value="{GROUP_MESSAGE_LIMIT}" /></dd>
+		<dd><input name="group_message_limit" type="number" id="group_message_limit" min="0" max="9999" value="{GROUP_MESSAGE_LIMIT}" /></dd>
 	</dl>
 	<dl>
 		<dt><label for="group_max_recipients">{L_GROUP_MAX_RECIPIENTS}{L_COLON}</label><br /><span>{L_GROUP_MAX_RECIPIENTS_EXPLAIN}</span></dt>
-		<dd><input name="group_max_recipients" type="number" id="group_max_recipients" maxlength="10" size="4" value="{GROUP_MAX_RECIPIENTS}" /></dd>
+		<dd><input name="group_max_recipients" type="number" id="group_max_recipients" min="0" max="9999" value="{GROUP_MAX_RECIPIENTS}" /></dd>
 	</dl>
 	<dl>
 		<dt><label for="group_colour">{L_GROUP_COLOR}{L_COLON}</label><br /><span>{L_GROUP_COLOR_EXPLAIN}</span></dt>

phpBB/adm/style/acp_icons.html

@@ -108,8 +108,8 @@
 			<td><input class="text post" type="text" name="code[{items.IMG}]" value="{items.CODE}" size="10" maxlength="50" /></td>
 			<td><input class="text post" type="text" name="emotion[{items.IMG}]" value="{items.EMOTION}" size="10" maxlength="50" /></td>
 		<!-- ENDIF -->
-		<td><input class="text post" type="number" size="3" name="width[{items.IMG}]" value="{items.WIDTH}" /></td>
-		<td><input class="text post" type="number" size="3" name="height[{items.IMG}]" value="{items.HEIGHT}" /></td>
+		<td><input class="text post" type="number" min="0" max="999" name="width[{items.IMG}]" value="{items.WIDTH}" /></td>
+		<td><input class="text post" type="number" min="0" max="999" name="height[{items.IMG}]" value="{items.HEIGHT}" /></td>
 		<td>
 			<input type="checkbox" class="radio" name="display_on_posting[{items.IMG}]"{items.POSTING_CHECKED} onclick="toggle_select('{items.A_IMG}', this.checked, '{items.S_ROW_COUNT}');"/>
 			<!-- IF items.S_ID -->
@@ -136,8 +136,8 @@
 		<td style="vertical-align: top;"><img src="{IMG_SRC}" id="add_image_src" alt="" title="" /></td>
 		<td><input class="text post" type="text" name="add_code" id="add_code" value="{CODE}" size="10" maxlength="50" /></td>
 		<td><input class="text post" type="text" name="add_emotion" id="add_emotion" value="{EMOTION}" size="10" maxlength="50" /></td>
-		<td><input class="text post" type="number" size="3" name="add_width" id="add_width" value="{WIDTH}" /></td>
-		<td><input class="text post" type="number" size="3" name="add_height" id="add_height" value="{HEIGHT}" /></td>
+		<td><input class="text post" type="number" min="0" max="999" name="add_width" id="add_width" value="{WIDTH}" /></td>
+		<td><input class="text post" type="number" min="0" max="999" name="add_height" id="add_height" value="{HEIGHT}" /></td>
 		<td><input type="checkbox" class="radio" name="add_display_on_posting" checked="checked" onclick="toggle_select('add', this.checked, 'add_order');"/></td>
  		<td><select id="order_add_order" name="add_order">
 				<optgroup id="order_disp_add_order" label="{L_DISPLAY_POSTING}">{S_ADD_ORDER_LIST_DISPLAY}</optgroup>

phpBB/adm/style/acp_inactive.html

@@ -52,7 +52,7 @@
 </table>
 
 <fieldset class="display-options">
-	{L_DISPLAY_LOG}{L_COLON} &nbsp;{S_LIMIT_DAYS}&nbsp;{L_SORT_BY}{L_COLON} {S_SORT_KEY} {S_SORT_DIR}<!-- IF .pagination -->&nbsp;{L_USERS_PER_PAGE}{L_COLON} <input class="inputbox autowidth" type="number" name="users_per_page" id="users_per_page" size="3" value="{USERS_PER_PAGE}" /><!-- ENDIF -->
+	{L_DISPLAY_LOG}{L_COLON} &nbsp;{S_LIMIT_DAYS}&nbsp;{L_SORT_BY}{L_COLON} {S_SORT_KEY} {S_SORT_DIR}<!-- IF .pagination -->&nbsp;{L_USERS_PER_PAGE}{L_COLON} <input class="inputbox autowidth" type="number" name="users_per_page" id="users_per_page" min="0" max="999" value="{USERS_PER_PAGE}" /><!-- ENDIF -->
 	<input class="button2" type="submit" value="{L_GO}" name="sort" />
 </fieldset>
 

phpBB/adm/style/acp_jabber.html

@@ -31,7 +31,7 @@
 </dl>
 <dl>
 	<dt><label for="jab_port">{L_JAB_PORT}{L_COLON}</label><br /><span>{L_JAB_PORT_EXPLAIN}</span></dt>
-	<dd><input type="number" id="jab_port" name="jab_port" value="{JAB_PORT}" maxlength="5" size="5" /></dd>
+	<dd><input type="number" id="jab_port" name="jab_port" value="{JAB_PORT}" min="0" max="99999" /></dd>
 </dl>
 <dl>
 	<dt><label for="jab_username">{L_JAB_USERNAME}{L_COLON}</label><br /><span>{L_JAB_USERNAME_EXPLAIN}</span></dt>
@@ -50,7 +50,7 @@
 <!-- ENDIF -->
 <dl>
 	<dt><label for="jab_package_size">{L_JAB_PACKAGE_SIZE}{L_COLON}</label><br /><span>{L_JAB_PACKAGE_SIZE_EXPLAIN}</span></dt>
-	<dd><input type="number" id="jab_package_size" name="jab_package_size" value="{JAB_PACKAGE_SIZE}" maxlength="5" size="5" min="0" max="99999" /></dd>
+	<dd><input type="number" id="jab_package_size" name="jab_package_size" value="{JAB_PACKAGE_SIZE}" min="0" max="99999" /></dd>
 </dl>
 
 </fieldset>

phpBB/adm/style/acp_main.html

@@ -14,7 +14,11 @@
 
 	<p>{L_ADMIN_INTRO}</p>
 
-	<!-- IF S_VERSIONCHECK_FAIL -->
+	<!-- IF S_UPDATE_INCOMPLETE -->
+		<div class="errorbox">
+			<p>{L_UPDATE_INCOMPLETE} <a href="{U_VERSIONCHECK}">{L_MORE_INFORMATION}</a></p>
+		</div>
+	<!-- ELSEIF S_VERSIONCHECK_FAIL -->
 		<div class="errorbox notice">
 			<p>{L_VERSIONCHECK_FAIL}</p>
 			<p>{VERSIONCHECK_FAIL_REASON}</p>

phpBB/adm/style/acp_posting_buttons.html

@@ -63,6 +63,7 @@
 		<!-- ENDIF -->
 		<!-- ENDIF -->
 	</select>
+	<!-- EVENT acp_posting_buttons_custom_tags_before -->
 	<!-- BEGIN custom_tags -->
 	<input type="button" class="button2" name="addbbcode{custom_tags.BBCODE_ID}" value="{custom_tags.BBCODE_TAG}" onclick="bbstyle({custom_tags.BBCODE_ID})" title="{custom_tags.BBCODE_HELPLINE}" />
 	<!-- END custom_tags -->

phpBB/adm/style/acp_ranks.html

@@ -44,7 +44,7 @@
 	<div id="posts"<!-- IF S_SPECIAL_RANK --> style="display: none;"<!-- ENDIF -->>
 	<dl>
 		<dt><label for="min_posts">{L_RANK_MINIMUM}{L_COLON}</label></dt>
-		<dd><input name="min_posts" type="number" id="min_posts" maxlength="10" value="{MIN_POSTS}" /></dd>
+		<dd><input name="min_posts" type="number" id="min_posts" min="0" max="9999999999" value="{MIN_POSTS}" /></dd>
 	</dl>
 	</div>
 

phpBB/adm/style/acp_search.html

@@ -18,11 +18,11 @@
 	</dl>
 	<dl>
 		<dt><label for="search_interval">{L_SEARCH_INTERVAL}{L_COLON}</label><br /><span>{L_SEARCH_INTERVAL_EXPLAIN}</span></dt>
-		<dd><input id="search_interval" type="number" size="4" maxlength="4" min="0" max="9999" name="config[search_interval]" value="{SEARCH_INTERVAL}" /> {L_SECONDS}</dd>
+		<dd><input id="search_interval" type="number" min="0" max="9999" name="config[search_interval]" value="{SEARCH_INTERVAL}" /> {L_SECONDS}</dd>
 	</dl>
 	<dl>
 		<dt><label for="search_anonymous_interval">{L_SEARCH_GUEST_INTERVAL}{L_COLON}</label><br /><span>{L_SEARCH_GUEST_INTERVAL_EXPLAIN}</span></dt>
-		<dd><input id="search_anonymous_interval" type="number" size="4" maxlength="4" min="0" max="9999" name="config[search_anonymous_interval]" value="{SEARCH_GUEST_INTERVAL}" /> {L_SECONDS}</dd>
+		<dd><input id="search_anonymous_interval" type="number" min="0" max="9999" name="config[search_anonymous_interval]" value="{SEARCH_GUEST_INTERVAL}" /> {L_SECONDS}</dd>
 	</dl>
 	<dl>
 		<dt><label for="limit_search_load">{L_LIMIT_SEARCH_LOAD}{L_COLON}</label><br /><span>{L_LIMIT_SEARCH_LOAD_EXPLAIN}</span></dt>
@@ -30,15 +30,15 @@
 	</dl>
 	<dl>
 		<dt><label for="min_search_author_chars">{L_MIN_SEARCH_AUTHOR_CHARS}{L_COLON}</label><br /><span>{L_MIN_SEARCH_AUTHOR_CHARS_EXPLAIN}</span></dt>
-		<dd><input id="min_search_author_chars" type="number" size="4" maxlength="4" min="0" max="9999" name="config[min_search_author_chars]" value="{MIN_SEARCH_AUTHOR_CHARS}" /></dd>
+		<dd><input id="min_search_author_chars" type="number" min="0" max="9999" name="config[min_search_author_chars]" value="{MIN_SEARCH_AUTHOR_CHARS}" /></dd>
 	</dl>
 	<dl>
 		<dt><label for="max_num_search_keywords">{L_MAX_NUM_SEARCH_KEYWORDS}{L_COLON}</label><br /><span>{L_MAX_NUM_SEARCH_KEYWORDS_EXPLAIN}</span></dt>
-		<dd><input id="max_num_search_keywords" type="number" size="4" maxlength="4" min="0" max="9999" name="config[max_num_search_keywords]" value="{MAX_NUM_SEARCH_KEYWORDS}" /></dd>
+		<dd><input id="max_num_search_keywords" type="number" min="0" max="9999" name="config[max_num_search_keywords]" value="{MAX_NUM_SEARCH_KEYWORDS}" /></dd>
 	</dl>
 	<dl>
 		<dt><label for="search_store_results">{L_SEARCH_STORE_RESULTS}{L_COLON}</label><br /><span>{L_SEARCH_STORE_RESULTS_EXPLAIN}</span></dt>
-		<dd><input id="search_store_results" type="number" size="4" maxlength="6" min="0" max="999999" name="config[search_store_results]" value="{SEARCH_STORE_RESULTS}" /> {L_SECONDS}</dd>
+		<dd><input id="search_store_results" type="number" min="0" max="999999" name="config[search_store_results]" value="{SEARCH_STORE_RESULTS}" /> {L_SECONDS}</dd>
 	</dl>
 	</fieldset>
 

phpBB/adm/style/acp_update.html

@@ -6,11 +6,16 @@
 
 <p>{L_VERSION_CHECK_EXPLAIN}</p>
 
+<!-- IF S_UPDATE_INCOMPLETE -->
+	<div class="errorbox">
+		<p>{L_UPDATE_INCOMPLETE} {L_UPDATE_INCOMPLETE_MORE}</p>
+	</div>
+<!-- ENDIF -->
 <!-- IF S_UP_TO_DATE -->
 	<div class="successbox">
 		<p>{L_VERSION_UP_TO_DATE_ACP} - <a href="{U_VERSIONCHECK_FORCE}">{L_VERSIONCHECK_FORCE_UPDATE}</a></p>
 	</div>
-<!-- ELSE -->
+<!-- ELSEIF not S_UPDATE_INCOMPLETE -->
 	<div class="errorbox">
 		<p>{L_VERSION_NOT_UP_TO_DATE_ACP} - <a href="{U_VERSIONCHECK_FORCE}">{L_VERSIONCHECK_FORCE_UPDATE}</a></p>
 	</div>
@@ -18,10 +23,21 @@
 
 <fieldset>
 	<legend></legend>
+	<!-- IF not S_UPDATE_INCOMPLETE -->
 	<dl>
 		<dt><label>{L_CURRENT_VERSION}</label></dt>
 		<dd><strong>{CURRENT_VERSION}</strong></dd>
 	</dl>
+	<!-- ELSE -->
+	<dl>
+		<dt><label>{L_FILES_VERSION}</label></dt>
+		<dd><strong>{FILES_VERSION}</strong></dd>
+	</dl>
+	<dl>
+		<dt><label>{L_DATABASE_VERSION}</label></dt>
+		<dd><strong>{CURRENT_VERSION}</strong></dd>
+	</dl>
+	<!-- ENDIF -->
 </fieldset>
 
 <!-- BEGIN updates_available -->
@@ -38,6 +54,11 @@
 	</fieldset>
 <!-- END updates_available -->
 
+<!-- IF S_UPDATE_INCOMPLETE -->
+	{INCOMPLETE_INSTRUCTIONS}
+	<br>
+<!-- ENDIF -->
+
 <!-- IF not S_UP_TO_DATE -->
 	{UPDATE_INSTRUCTIONS}
 	<br /><br />

phpBB/adm/style/acp_users_prefs.html

@@ -52,7 +52,7 @@
 	<dl> 
 		<dt><label for="dateoptions">{L_BOARD_DATE_FORMAT}{L_COLON}</label><br /><span>{L_BOARD_DATE_FORMAT_EXPLAIN}</span></dt>
 		<dd><select name="dateoptions" id="dateoptions" onchange="if(this.value=='custom'){phpbb.toggleDisplay('custom_date',1);}else{phpbb.toggleDisplay('custom_date',-1);} if (this.value == 'custom') { document.getElementById('dateformat').value = default_dateformat; } else { document.getElementById('dateformat').value = this.value; }">{S_DATEFORMAT_OPTIONS}</select></dd>
-		<dd><div id="custom_date"<!-- IF not S_CUSTOM_DATEFORMAT --> style="display:none;"<!-- ENDIF -->><input type="text" name="dateformat" id="dateformat" value="{DATE_FORMAT}" maxlength="30" /></div></dd>
+		<dd><div id="custom_date"<!-- IF not S_CUSTOM_DATEFORMAT --> style="display:none;"<!-- ENDIF -->><input type="text" name="dateformat" id="dateformat" value="{DATE_FORMAT}" maxlength="64" /></div></dd>
 	</dl>
 	<!-- EVENT acp_users_prefs_personal_append -->
 	</fieldset>

phpBB/adm/style/install_footer.html

@@ -12,7 +12,7 @@
 </div>
 
 <script type="text/javascript" src="{T_JQUERY_LINK}"></script>
-<!-- IF S_ALLOW_CDN --><script type="text/javascript">window.jQuery || document.write(unescape('%3Cscript src="{T_ASSETS_PATH}/javascript/jquery.min.js" type="text/javascript"%3E%3C/script%3E'));</script><!-- ENDIF -->
+<!-- IF S_ALLOW_CDN --><script type="text/javascript">window.jQuery || document.write('\x3Cscript src="{T_ASSETS_PATH}/javascript/jquery.min.js">\x3C/script>');</script><!-- ENDIF -->
 <script type="text/javascript" src="{T_ASSETS_PATH}/javascript/core.js?assets_version={T_ASSETS_VERSION}"></script>
 <!-- INCLUDEJS admin.js -->
 {$SCRIPTS}

phpBB/adm/style/install_header.html

@@ -2,6 +2,7 @@
 <html dir="{S_CONTENT_DIRECTION}" lang="{S_USER_LANG}">
 <head>
 <meta charset="utf-8">
+<meta http-equiv="X-UA-Compatible" content="IE=edge">
 <meta name="viewport" content="width=device-width, initial-scale=1" />
 <!-- IF META -->{META}<!-- ENDIF -->
 <title>{PAGE_TITLE}</title>

phpBB/adm/style/install_update_diff.html

@@ -2,6 +2,7 @@
 <html dir="{S_CONTENT_DIRECTION}" lang="{S_USER_LANG}">
 <head>
 <meta charset="utf-8">
+<meta http-equiv="X-UA-Compatible" content="IE=edge">
 <meta name="viewport" content="width=device-width, initial-scale=1" />
 <!-- IF META -->{META}<!-- ENDIF -->
 <title>{PAGE_TITLE}</title>

phpBB/adm/style/overall_footer.html

@@ -34,7 +34,7 @@
 </div>
 
 <script type="text/javascript" src="{T_JQUERY_LINK}"></script>
-<!-- IF S_ALLOW_CDN --><script type="text/javascript">window.jQuery || document.write(unescape('%3Cscript src="{T_ASSETS_PATH}/javascript/jquery.min.js?assets_version={T_ASSETS_VERSION}" type="text/javascript"%3E%3C/script%3E'));</script><!-- ENDIF -->
+<!-- IF S_ALLOW_CDN --><script type="text/javascript">window.jQuery || document.write('\x3Cscript src="{T_ASSETS_PATH}/javascript/jquery.min.js?assets_version={T_ASSETS_VERSION}">\x3C/script>');</script><!-- ENDIF -->
 <script type="text/javascript" src="{T_ASSETS_PATH}/javascript/core.js?assets_version={T_ASSETS_VERSION}"></script>
 <!-- INCLUDEJS ajax.js -->
 <!-- INCLUDEJS admin.js -->

phpBB/adm/style/overall_header.html

@@ -2,6 +2,7 @@
 <html dir="{S_CONTENT_DIRECTION}" lang="{S_USER_LANG}">
 <head>
 <meta charset="utf-8">
+<meta http-equiv="X-UA-Compatible" content="IE=edge">
 <meta name="viewport" content="width=device-width, initial-scale=1" />
 <!-- IF META -->{META}<!-- ENDIF -->
 <title>{PAGE_TITLE}</title>

phpBB/adm/style/simple_footer.html

@@ -17,7 +17,7 @@
 </div>
 
 <script type="text/javascript" src="{T_JQUERY_LINK}"></script>
-<!-- IF S_ALLOW_CDN --><script type="text/javascript">window.jQuery || document.write(unescape('%3Cscript src="{T_ASSETS_PATH}/javascript/jquery.min.js?assets_version={T_ASSETS_VERSION}" type="text/javascript"%3E%3C/script%3E'));</script><!-- ENDIF -->
+<!-- IF S_ALLOW_CDN --><script type="text/javascript">window.jQuery || document.write('\x3Cscript src="{T_ASSETS_PATH}/javascript/jquery.min.js?assets_version={T_ASSETS_VERSION}">\x3C/script>');</script><!-- ENDIF -->
 <script type="text/javascript" src="{T_ASSETS_PATH}/javascript/core.js?assets_version={T_ASSETS_VERSION}"></script>
 
 <!-- EVENT acp_simple_footer_after -->

phpBB/adm/style/simple_header.html

@@ -2,6 +2,7 @@
 <html dir="{S_CONTENT_DIRECTION}" lang="{S_USER_LANG}">
 <head>
 <meta charset="utf-8">
+<meta http-equiv="X-UA-Compatible" content="IE=edge">
 <meta name="viewport" content="width=device-width, initial-scale=1" />
 <!-- IF META -->{META}<!-- ENDIF -->
 <title>{PAGE_TITLE}</title>

phpBB/assets/javascript/core.js

@@ -1029,7 +1029,7 @@ phpbb.resizeTextArea = function($items, options) {
 
 	function autoResize(item) {
 		function setHeight(height) {
-			height += parseInt($item.css('height'), 10) - $item.height();
+			height += parseInt($item.css('height'), 10) - $item.innerHeight();
 			$item
 				.css({ height: height + 'px', resize: 'none' })
 				.addClass('auto-resized');
@@ -1048,7 +1048,7 @@ phpbb.resizeTextArea = function($items, options) {
 				configuration.maxHeight
 			),
 			$item = $(item),
-			height = parseInt($item.height(), 10),
+			height = parseInt($item.innerHeight(), 10),
 			scrollHeight = (item.scrollHeight) ? item.scrollHeight : 0;
 
 		if (height < 0) {
@@ -1538,6 +1538,13 @@ phpbb.toggleSelectSettings = function(el) {
 		var $this = $(this),
 			$setting = $($this.data('toggle-setting'));
 		$setting.toggle($this.is(':selected'));
+
+		// Disable any input elements that are not visible right now
+		if ($this.is(':selected')) {
+			$($this.data('toggle-setting') + ' input').prop('disabled', false);
+		} else {
+			$($this.data('toggle-setting') + ' input').prop('disabled', true);
+		}
 	});
 };
 

phpBB/assets/javascript/editor.js

@@ -358,6 +358,12 @@ function getCaretPosition(txtarea) {
 		if ($('#attach-panel').length) {
 			phpbb.showDragNDrop(textarea);
 		}
+
+		$('textarea').on('keydown', function (e) {
+			if (e.which === 13 && (e.metaKey || e.ctrlKey)) {
+				$(this).closest('form').submit();
+			}
+		});
 	});
 })(jQuery);
 

phpBB/bin/phpbbcli.php

@@ -59,6 +59,8 @@ $phpbb_container->get('request')->enable_super_globals();
 require($phpbb_root_path . 'includes/compatibility_globals.' . $phpEx);
 
 $user = $phpbb_container->get('user');
+$user->data['user_id'] = ANONYMOUS;
+$user->ip = '127.0.0.1';
 $user->add_lang('acp/common');
 $user->add_lang('cli');
 

phpBB/common.php

@@ -38,7 +38,13 @@ if (!defined('PHPBB_INSTALLED'))
 	// available as used by the redirect function
 	$server_name = (!empty($_SERVER['HTTP_HOST'])) ? strtolower($_SERVER['HTTP_HOST']) : ((!empty($_SERVER['SERVER_NAME'])) ? $_SERVER['SERVER_NAME'] : getenv('SERVER_NAME'));
 	$server_port = (!empty($_SERVER['SERVER_PORT'])) ? (int) $_SERVER['SERVER_PORT'] : (int) getenv('SERVER_PORT');
-	$secure = (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') ? 1 : 0;
+	$secure = (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off') ? 1 : 0;
+
+	if (!empty($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https')
+	{
+		$secure = 1;
+		$server_port = 443;
+	}
 
 	$script_name = (!empty($_SERVER['PHP_SELF'])) ? $_SERVER['PHP_SELF'] : getenv('PHP_SELF');
 	if (!$script_name)

phpBB/composer.json

@@ -51,5 +51,10 @@
 		"symfony/finder": "2.3.*",
 		"symfony/http-foundation": "2.3.*",
 		"symfony/process": "2.3.*"
+	},
+	"extra": {
+		"branch-alias": {
+			"dev-master": "3.1.x-dev"
+		}
 	}
 }

phpBB/config/feed.yml

@@ -25,6 +25,7 @@ services:
             - @user
             - @auth
             - @content.visibility
+            - @dispatcher
             - %core.php_ext%
 
     feed.forums:
@@ -38,6 +39,7 @@ services:
             - @user
             - @auth
             - @content.visibility
+            - @dispatcher
             - %core.php_ext%
 
     feed.news:
@@ -51,6 +53,7 @@ services:
             - @user
             - @auth
             - @content.visibility
+            - @dispatcher
             - %core.php_ext%
 
     feed.overall:
@@ -64,6 +67,7 @@ services:
             - @user
             - @auth
             - @content.visibility
+            - @dispatcher
             - %core.php_ext%
 
     feed.topic:
@@ -77,6 +81,7 @@ services:
             - @user
             - @auth
             - @content.visibility
+            - @dispatcher
             - %core.php_ext%
 
     feed.topics:
@@ -90,6 +95,7 @@ services:
             - @user
             - @auth
             - @content.visibility
+            - @dispatcher
             - %core.php_ext%
 
     feed.topics_active:
@@ -103,4 +109,5 @@ services:
             - @user
             - @auth
             - @content.visibility
+            - @dispatcher
             - %core.php_ext%

phpBB/cron.php

@@ -55,6 +55,18 @@ if ($cron_lock->acquire())
 	$task = $cron->find_task($cron_type);
 	if ($task)
 	{
+		/**
+		 * This event enables you to catch the task before it runs
+		 *
+		 * @event core.cron_run_before
+		 * @var	\phpbb\cron\task\wrapper	task	Current Cron task
+		 * @since 3.1.8-RC1
+		 */
+		$vars = array(
+			'task',
+		);
+		extract($phpbb_dispatcher->trigger_event('core.cron_run_before', compact($vars)));
+
 		if ($task->is_parametrized())
 		{
 			$task->parse_parameters($request);

phpBB/docs/CHANGELOG.html

@@ -2,6 +2,7 @@
 <html dir="ltr" lang="en">
 <head>
 <meta charset="utf-8">
+<meta http-equiv="X-UA-Compatible" content="IE=edge">
 <meta name="keywords" content="" />
 <meta name="description" content="phpBB 3.1.x Changelog" />
 <title>phpBB &bull; Changelog</title>
@@ -49,6 +50,9 @@
 <ol>
 	<li><a href="#changelog">Changelog</a>
 	<ul>
+		<li><a href="#v319">Changes since 3.1.9</a></li>
+		<li><a href="#v318">Changes since 3.1.8</a></li>
+		<li><a href="#v317pl1">Changes since 3.1.7-PL1</a></li>
 		<li><a href="#v317">Changes since 3.1.7</a></li>
 		<li><a href="#v316">Changes since 3.1.6</a></li>
 		<li><a href="#v315">Changes since 3.1.5</a></li>
@@ -113,7 +117,186 @@
 	<div class="paragraph">
 		<div class="inner">
 
-		<div class="content">
+<div class="content">
+
+	<a name="v319"></a><h3>Changes since 3.1.9</h3>
+
+	<h4>Bug</h4>
+	<ul>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11446">PHPBB3-11446</a>] - Use sql_in_set as designed and consistent with the rest of phpBB code in phpbb_notification_manager</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12230">PHPBB3-12230</a>] - Do not auto remove user group when Newly Registered Users group was disabled</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12925">PHPBB3-12925</a>] - Use plural for permanent delete posts/topics confirmation</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14109">PHPBB3-14109</a>] - MySQL InnoDB does not support multiple index definitions on the same query.</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14291">PHPBB3-14291</a>] - Function send_file_to_browser() endlessly overwrites 'filesize' in ATTACHMENTS_TABLE</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14610">PHPBB3-14610</a>] - Q&amp;A CAPTCHA logs error when it has been solved</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14615">PHPBB3-14615</a>] - delete avatar triggers the new min max value in the HTML5 inputs</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14616">PHPBB3-14616</a>] - Auto-prune fails on large forums</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14631">PHPBB3-14631</a>] - 3.1.9 DB cli update crashes with PHP Fatal error: Call to undefined function phpbb\truncate_string()</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14654">PHPBB3-14654</a>] - Imagemagick &gt; ImageMagick</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14661">PHPBB3-14661</a>] - Fix a typo in twig.php</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14673">PHPBB3-14673</a>] - Missing Language Variable</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14683">PHPBB3-14683</a>] - Typos in operators in some email templates</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14703">PHPBB3-14703</a>] - module.add adds a module to the wrong parent</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14704">PHPBB3-14704</a>] - Remove unused language files and corresponding  functions</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14721">PHPBB3-14721</a>] - New registrants choosing old deleted usernames get linked to old accounts with namechange</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14742">PHPBB3-14742</a>] - Improvements to migrator</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14745">PHPBB3-14745</a>] - &quot;U_NOTIFICATION_SETTINGS&quot; contains an HTML entity but is printed in a plaintext email</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14755">PHPBB3-14755</a>] - Error in MCP Move posts</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14782">PHPBB3-14782</a>] - Quick Links &gt; Your Posts gives mysql error</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14788">PHPBB3-14788</a>] - Update developer list to reflect team changes</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14796">PHPBB3-14796</a>] - Log table is using constant in log delete method</li>
+	</ul>
+	<h4>Improvement</h4>
+	<ul>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13709">PHPBB3-13709</a>] - Fallback to english in email templates by extensions</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13716">PHPBB3-13716</a>] - Check phpBB version constant against config version</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13865">PHPBB3-13865</a>] - Complement core event search_modify_param</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14184">PHPBB3-14184</a>] - Missing info on SMTP mail function option</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14429">PHPBB3-14429</a>] - core.obtain_users_online_string_modify</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14466">PHPBB3-14466</a>] - Add an event to cron.php</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14469">PHPBB3-14469</a>] - [Template] - &lt;!-- EVENT viewforum_topicrow_before --&gt;</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14516">PHPBB3-14516</a>] - [Template] - memberlist_email_before</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14581">PHPBB3-14581</a>] - Add core events relating to soft delete</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14592">PHPBB3-14592</a>] - [PHP] - core.search_backend_search_after</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14596">PHPBB3-14596</a>] - Prevent installs of 3.1 on PHP 7</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14624">PHPBB3-14624</a>] - Add event to ucp_profile in signature section</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14630">PHPBB3-14630</a>] - Add event to ucp_pm_compose</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14638">PHPBB3-14638</a>] - [PHP] - multiple UCP subscription events for form data and template variables</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14643">PHPBB3-14643</a>] - Select newest file in restore list</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14652">PHPBB3-14652</a>] - Typo birthdays</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14664">PHPBB3-14664</a>] - Fix PHPDoc comment in cron manager</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14672">PHPBB3-14672</a>] - Add template event to viewforum</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14685">PHPBB3-14685</a>] - PHP event for altering announcements sql</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14687">PHPBB3-14687</a>] - Modify viewforum_modify_topicrow</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14688">PHPBB3-14688</a>] - Add core events to the feeds</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14689">PHPBB3-14689</a>] - Build 3.2.x API docs</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14695">PHPBB3-14695</a>] - Add posting_editor_subject_prepend/append template events</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14712">PHPBB3-14712</a>] - Add search.php core event to allow modifying the forum select list</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14713">PHPBB3-14713</a>] - Add core event to the admin function get_forum_list()</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14715">PHPBB3-14715</a>] - Add template events in posting_topic_review &amp; mcp_topic</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14720">PHPBB3-14720</a>] - Add global javascript variable 'phpbb' to jshint settings</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14727">PHPBB3-14727</a>] - Event core.search_modify_submit_parameters</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14738">PHPBB3-14738</a>] - Add core events to improve modifying forum lists</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14747">PHPBB3-14747</a>] - Add topic_last_poster_id and topic_last_post_time to Event core.modify_posting_auth</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14762">PHPBB3-14762</a>] - Add core event to session.php to alter IP address</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14781">PHPBB3-14781</a>] - Add core event to the function group_user_attributes()</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14783">PHPBB3-14783</a>] - Event - ACP Posting Buttons Before Custom BBCodes</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14784">PHPBB3-14784</a>] - missing rewrite for lighttpd</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14785">PHPBB3-14785</a>] - [Template event] - overall_header_headerbar_append</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14787">PHPBB3-14787</a>] - Add more parameters to the core.search_modify_url_parameters event</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14789">PHPBB3-14789</a>] - Add missing link hash and form token checks to ACP</li>
+	</ul>
+	<h4>New Feature</h4>
+	<ul>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13978">PHPBB3-13978</a>] - [PHP] - User control panel - on signature change</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14484">PHPBB3-14484</a>] - Support extensions in UI tests</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14506">PHPBB3-14506</a>] - [Template] - mcp_move_before</li>
+	</ul>
+	<h4>Task</h4>
+	<ul>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12133">PHPBB3-12133</a>] - Update list of browsers supporting filename* in Content-Disposition</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14538">PHPBB3-14538</a>] - Update composer dependencies</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14598">PHPBB3-14598</a>] - Phing Sniffer Testing Use Statements in DocBlocks</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14743">PHPBB3-14743</a>] - Remove PHP7 from test matrix in 3.1.x</li>
+	</ul>
+
+	<a name="v318"></a><h3>Changes since 3.1.8</h3>
+
+	<h4>Bug</h4>
+	<ul>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-8058">PHPBB3-8058</a>] - Default style in ACP-&gt;Board Settings not observing offset</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13028">PHPBB3-13028</a>] - &quot;View unanswered posts&quot; link should be called instead &quot;View unanswered topics&quot;</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13264">PHPBB3-13264</a>] - Editing an unapproved post as a moderator/admin approves it</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13521">PHPBB3-13521</a>] - Q&amp;A Captcha ACP, required fields error corrupts inputted data</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13630">PHPBB3-13630</a>] - NULL value parsed into $select_single can cause 403 Forbidden on certain restrictive hosting environments for &quot;Find a Member&quot; function within Private Message composition</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13681">PHPBB3-13681</a>] - Email queue shouldn't be cached by opcache</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13683">PHPBB3-13683</a>] - Controller generates urls with absolute path of phpbb's root</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13842">PHPBB3-13842</a>] - Missing rewrite module on IIS7 leads to an error</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13977">PHPBB3-13977</a>] - Fatal error entering UCP if bookmarked topic was deleted</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14132">PHPBB3-14132</a>] - SQL Error when creating a new subject on fresh installation</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14136">PHPBB3-14136</a>] - IE compatibility meta is missing in overall_header.html</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14241">PHPBB3-14241</a>] - Security bug into Spambot control Questions</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14272">PHPBB3-14272</a>] - Use valid html5 input elements in forms</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14290">PHPBB3-14290</a>] - Function set_modified_headers() never sends 304 'Not Modified' header</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14408">PHPBB3-14408</a>] - Remove span corners</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14422">PHPBB3-14422</a>] - Support cmd+enter &amp; ctrl+enter for submitting message</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14437">PHPBB3-14437</a>] - Place Inline Images on Post get scrambled up -- not follow the order you place them in.</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14443">PHPBB3-14443</a>] - jabber notification-template prefix &quot;short&quot; breaks resolution of paths in extensions</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14475">PHPBB3-14475</a>] - Do not log upon automatically removing users form newly registered users group</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14481">PHPBB3-14481</a>] - phpBB does not obey HTTP_X_FORWARDED_PORT header</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14483">PHPBB3-14483</a>] - call to header(arg, arg) function sendHeaders() in Response.php causes Error 500 in app.php generated links</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14496">PHPBB3-14496</a>] - Automatic update relies on cache creating files in cache folder</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14500">PHPBB3-14500</a>] - Duplicate newversion in build.xml</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14514">PHPBB3-14514</a>] - Users get skipped in passwords_convert_p1 migration</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14519">PHPBB3-14519</a>] - Do not query database for unread notifications if all are retrieved</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14532">PHPBB3-14532</a>] - Database column default incorrectly escaped on MSSQL</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14533">PHPBB3-14533</a>] - &quot;U_NOTIFICATION_SETTINGS&quot; doesn't return the correct URL</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14536">PHPBB3-14536</a>] - Force timestamp to be integer in user::format_date()</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14559">PHPBB3-14559</a>] - Attachments' behaviour in quotes</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14562">PHPBB3-14562</a>] - Extension's permissions don't have language fallback</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14570">PHPBB3-14570</a>] - Board versions for 3.2.x can be accidentally downgraded to 3.1.x</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14577">PHPBB3-14577</a>] - Stop using sizeof() inside for() loop</li>
+	</ul>
+	<h4>Improvement</h4>
+	<ul>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10356">PHPBB3-10356</a>] - Username search should find all users for administrators instead of NORMALs and FOUNDERs only</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12305">PHPBB3-12305</a>] - Add new event core.viewforum_get_topic_id_sql to control forum topic listing</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14134">PHPBB3-14134</a>] - Send warning notification PM in user's language.</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14316">PHPBB3-14316</a>] - Add memberlist_view.html template events before/after the custom fields and zebra links</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14365">PHPBB3-14365</a>] - Add core event to the function topic_review() </li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14366">PHPBB3-14366</a>] - Add core events to the function decode_message()</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14395">PHPBB3-14395</a>] - Add event core.viewtopic_add_quickmod_option_after</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14471">PHPBB3-14471</a>] - Add filedata var to the core.avatar_driver_upload_move_file_before event</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14486">PHPBB3-14486</a>] - Add an event and fix an event in login_box()</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14508">PHPBB3-14508</a>] - Change language notice on account activation</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14540">PHPBB3-14540</a>] - Adjust class recursive_dot_prefix_filter_iterator to increase performance</li>
+	</ul>
+	<h4>New Feature</h4>
+	<ul>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12684">PHPBB3-12684</a>] - Add a command to add a user from the CLI</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14189">PHPBB3-14189</a>] - [PHP] - core.gen_sort_selects_after</li>
+	</ul>
+	<h4>Task</h4>
+	<ul>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14538">PHPBB3-14538</a>] - Update composer dependencies</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14565">PHPBB3-14565</a>] - Updates composer to 1.0.0-b2</li>
+	</ul>
+
+	<a name="v317pl1"></a><h3>Changes since 3.1.7-PL1</h3>
+
+	<h4>Bug</h4>
+	<ul>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12441">PHPBB3-12441</a>] - Database-size in ACP missing after update MariaDB from 5.5 to 10.0</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12618">PHPBB3-12618</a>] - Extension Version Check does not support https</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13180">PHPBB3-13180</a>] - Increase the field size of date format to allow more syntax for other calendars</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13908">PHPBB3-13908</a>] - After clause in migration add_column schema tool not honored</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14046">PHPBB3-14046</a>] - Instant message (jabber) dialog says message sent on the creation screen</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14303">PHPBB3-14303</a>] - Some changes for UTF-8 variant on language pack?</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14374">PHPBB3-14374</a>] - Update dynamically generated jquery CDN script tag</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14386">PHPBB3-14386</a>] - open_basedir restriction in effect with remote upload avatar</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14387">PHPBB3-14387</a>] - Extend avatar-driver by extension in ACP not possible</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14394">PHPBB3-14394</a>] - Only purge cache in functional tests if necessary</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14396">PHPBB3-14396</a>] - Use VCHAR_UNI instead of VCHAR for user_dateformat</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14397">PHPBB3-14397</a>] - Fix @since tag in event 'core.ucp_prefs_view_after'</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14403">PHPBB3-14403</a>] - phpbb\log should still work even when no user data is given</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14407">PHPBB3-14407</a>] - Users not being removed from Newly Registered Users group</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14409">PHPBB3-14409</a>] - Update session page info before displaying online list</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14411">PHPBB3-14411</a>] - Delete permanently is not working as it should be</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14423">PHPBB3-14423</a>] - Display database size for Aria storage engine</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14425">PHPBB3-14425</a>] - Database tests do not allow using socket</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14427">PHPBB3-14427</a>] - Memberlist Display Wrong</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14433">PHPBB3-14433</a>] - Functional tests fail for extensions</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14439">PHPBB3-14439</a>] - Error page shown in Manage users -&gt; Anonymous -&gt; Select Form -&gt; Avatar when board wide all avatar settings are disabled</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14467">PHPBB3-14467</a>] - Automatic resize of textarea calculates wrong height</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14475">PHPBB3-14475</a>] - Do not log removal of users from newly registered group</li>
+	</ul>
+	<h4>Improvement</h4>
+	<ul>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14289">PHPBB3-14289</a>] - Add events in navbar header</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14356">PHPBB3-14356</a>] - Add template events to viewtopic around back2top link</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14412">PHPBB3-14412</a>] - Comment fixes for PHPDoc in the events</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14458">PHPBB3-14458</a>] - Explicitly state RewriteBase into .htaccess root file</li>
+	</ul>
 
 			<a name="v317"></a><h3>Changes since 3.1.7</h3>
 

phpBB/docs/CREDITS.txt

@@ -1,6 +1,6 @@
 /**
 *
-* phpBB © Copyright phpBB Limited 2003-2014
+* phpBB © Copyright phpBB Limited 2003-2016
 * http://www.phpbb.com
 *
 * phpBB is free software. You can redistribute it and/or modify it
@@ -20,13 +20,13 @@
 
 phpBB Project Manager:   Marshalrusty (Yuriy Rusko)
 
-phpBB Lead Developer:    naderman (Nils Adermann)
+phpBB Product Manager:   naderman (Nils Adermann)
+
+phpBB Lead Developer:    Marc (Marc Alexander)
 
 phpBB Developers:        bantu (Andreas Fischer)
                          CHItA (Máté Bartus)
-                         dhruv.goel92 (Dhruv Goel)
                          Elsensee (Oliver Schramm)
-                         marc1706 (Marc Alexander)
                          nickvergessen (Joas Schilling)
                          Nicofuma (Tristan Darricau)
                          prototech (Cesar Gallegos)
@@ -54,6 +54,7 @@ phpBB Developers:        A_Jelly_Doughnut (Josh Woody) [01/2010 - 11/2010]
                          ckwalsh (Cullen Walsh)        [01/2010 - 07/2011]
                          DavidMJ (David M.)            [12/2005 - 08/2009]
                          dhn (Dominik Dröscher)        [05/2007 - 01/2011]
+                         dhruv.goel92 (Dhruv Goel)     [04/2013 - 05/2016]
                          EXreaction (Nathan Guse)      [07/2012 - 05/2014]
                          GrahamJE (Graham Eames)       [09/2005 - 11/2006]
                          igorw (Igor Wiedler)          [08/2010 - 02/2013]

phpBB/docs/FAQ.html

@@ -2,6 +2,7 @@
 <html dir="ltr" lang="en">
 <head>
 <meta charset="utf-8">
+<meta http-equiv="X-UA-Compatible" content="IE=edge">
 <meta name="keywords" content="" />
 <meta name="description" content="phpBB 3.1.x frequently asked questions" />
 <title>phpBB &bull; FAQ</title>

phpBB/docs/INSTALL.html

@@ -2,6 +2,7 @@
 <html dir="ltr" lang="en">
 <head>
 <meta charset="utf-8">
+<meta http-equiv="X-UA-Compatible" content="IE=edge">
 <meta name="keywords" content="" />
 <meta name="description" content="phpBB 3.1.x Installation, updating and conversion informations" />
 <title>phpBB &bull; Install</title>
@@ -159,7 +160,7 @@
 			<li>zlib Compression support</li>
 			<li>Remote FTP support</li>
 			<li>XML support</li>
-			<li>Imagemagick support</li>
+			<li>ImageMagick support</li>
 			<li>GD Support</li>
 		</ul>
 		</li>

phpBB/docs/README.html

@@ -2,6 +2,7 @@
 <html dir="ltr" lang="en">
 <head>
 <meta charset="utf-8">
+<meta http-equiv="X-UA-Compatible" content="IE=edge">
 <meta name="keywords" content="" />
 <meta name="description" content="phpBB 3.1.x Readme" />
 <title>phpBB &bull; Readme</title>

phpBB/docs/auth_api.html

@@ -2,6 +2,7 @@
 <html dir="ltr" lang="en">
 <head>
 <meta charset="utf-8">
+<meta http-equiv="X-UA-Compatible" content="IE=edge">
 <meta name="keywords" content="" />
 <meta name="description" content="This is an explanation of how to use the phpBB auth/acl API" />
 <title>phpBB3 &bull; Auth API</title>

phpBB/docs/coding-guidelines.html

@@ -2,6 +2,7 @@
 <html dir="ltr" lang="en">
 <head>
 <meta charset="utf-8">
+<meta http-equiv="X-UA-Compatible" content="IE=edge">
 <meta name="keywords" content="" />
 <meta name="description" content="Ascraeus coding guidelines document" />
 <title>phpBB3 &bull; Coding Guidelines</title>

phpBB/docs/events.md

@@ -343,6 +343,13 @@ acp_posting_buttons_before
 * Since: 3.1.0-b4
 * Purpose: Add content before BBCode posting buttons in the ACP
 
+acp_posting_buttons_custom_tags_before
+===
+* Locations:
+    + adm/style/acp_posting_buttons.html
+* Since: 3.1.10-RC1
+* Purpose: Add content before the custom BBCodes in the ACP
+
 acp_profile_contact_before
 ===
 * Locations:
@@ -843,6 +850,14 @@ mcp_front_latest_unapproved_before
 * Since: 3.1.3-RC1
 * Purpose: Add content before latest unapproved posts list
 
+mcp_move_before
+===
+* Locations:
+    + styles/prosilver/template/mcp_move.html
+    + styles/subsilver2/template/mcp_move.html
+* Since: 3.1.10-RC1
+* Purpose: Add content before move topic/post form
+
 mcp_post_additional_options
 ===
 * Locations:
@@ -867,6 +882,22 @@ mcp_topic_options_before
 * Since: 3.1.6-RC1
 * Purpose: Add some options (field, checkbox, ...) before the subject field when split a subject
 
+mcp_topic_postrow_post_details_after
+===
+* Locations:
+    + styles/prosilver/template/mcp_topic.html
+    + styles/subsilver2/template/mcp_topic.html
+* Since: 3.1.10-RC1
+* Purpose: Add content after post details in topic moderation
+
+mcp_topic_postrow_post_details_before
+===
+* Locations:
+    + styles/prosilver/template/mcp_topic.html
+    + styles/subsilver2/template/mcp_topic.html
+* Since: 3.1.10-RC1
+* Purpose: Add content before post details in topic moderation
+
 mcp_topic_topic_title_after
 ===
 * Locations:
@@ -951,6 +982,14 @@ memberlist_body_username_prepend
 * Purpose: Add information before every username in the memberlist. Works in
 all display modes (leader, group and normal memberlist).
 
+memberlist_email_before
+===
+* Locations:
+    + styles/prosilver/template/memberlist_email.html
+    + styles/subsilver2/template/memberlist_email.html
+* Since: 3.1.10-RC1
+* Purpose: Allow adding customizations before the memberlist_email form.
+
 memberlist_search_fields_after
 ===
 * Locations:
@@ -991,6 +1030,22 @@ memberlist_view_contact_before
 * Since: 3.1.0-b2
 * Purpose: Add content before the user contact part of any user profile
 
+memberlist_view_contact_custom_fields_after
+===
+* Locations:
+    + styles/prosilver/template/memberlist_view.html
+    + styles/subsilver2/template/memberlist_view.html
+* Since: 3.1.9-RC1
+* Purpose: Add content after the user contact related custom fields
+
+memberlist_view_contact_custom_fields_before
+===
+* Locations:
+    + styles/prosilver/template/memberlist_view.html
+    + styles/subsilver2/template/memberlist_view.html
+* Since: 3.1.9-RC1
+* Purpose: Add content before the user contact related custom fields
+
 memberlist_view_content_append
 ===
 * Locations:
@@ -1007,6 +1062,22 @@ memberlist_view_content_prepend
 * Since: 3.1.0-b3
 * Purpose: Add custom content to the user profile view before the main content
 
+memberlist_view_non_contact_custom_fields_after
+===
+* Locations:
+    + styles/prosilver/template/memberlist_view.html
+    + styles/subsilver2/template/memberlist_view.html
+* Since: 3.1.9-RC1
+* Purpose: Add content after the user not contact related custom fields
+
+memberlist_view_non_contact_custom_fields_before
+===
+* Locations:
+    + styles/prosilver/template/memberlist_view.html
+    + styles/subsilver2/template/memberlist_view.html
+* Since: 3.1.9-RC1
+* Purpose: Add content before the user not contact related custom fields
+
 memberlist_view_rank_after
 ===
 * Locations:
@@ -1065,6 +1136,22 @@ memberlist_view_user_statistics_before
 * Since: 3.1.0-a1
 * Purpose: Add entries before the user statistics part of any user profile
 
+memberlist_view_zebra_after
+===
+* Locations:
+    + styles/prosilver/template/memberlist_view.html
+    + styles/subsilver2/template/memberlist_view.html
+* Since: 3.1.9-RC1
+* Purpose: Add content after the user friends/foes links
+
+memberlist_view_zebra_before
+===
+* Locations:
+    + styles/prosilver/template/memberlist_view.html
+    + styles/subsilver2/template/memberlist_view.html
+* Since: 3.1.9-RC1
+* Purpose: Add content before the user friends/foes links
+
 navbar_header_logged_out_content
 ===
 * Locations:
@@ -1100,6 +1187,20 @@ navbar_header_quick_links_before
 * Since: 3.1.0-RC2
 * Purpose: Add links to the top of the quick-links drop-down menu in the header
 
+navbar_header_user_profile_append
+===
+* Locations:
+    + styles/prosilver/template/navbar_header.html
+* Since: 3.1.8-RC1
+* Purpose: Add links to the right of the user drop down area
+
+navbar_header_user_profile_prepend
+===
+* Locations:
+    + styles/prosilver/template/navbar_header.html
+* Since: 3.1.8-RC1
+* Purpose: Add links to the left of the notification area
+
 navbar_header_username_append
 ===
 * Locations:
@@ -1274,6 +1375,20 @@ overall_header_head_append
 * Since: 3.1.0-a1
 * Purpose: Add asset calls directly before the `</head>` tag
 
+overall_header_headerbar_after
+===
+* Locations:
+    + styles/prosilver/template/overall_header.html
+* Since: 3.1.10-RC1
+* Purpose: Add content at the end of the headerbar
+
+overall_header_headerbar_before
+===
+* Locations:
+    + styles/prosilver/template/overall_header.html
+* Since: 3.1.10-RC1
+* Purpose: Add content at the beginning of the headerbar
+
 overall_header_navbar_before
 ===
 * Locations:
@@ -1425,6 +1540,14 @@ posting_editor_subject_after
 * Since: 3.1.0-a2
 * Purpose: Add field (e.g. textbox) to the posting screen after the subject
 
+posting_editor_subject_append
+===
+* Locations:
+    + styles/prosilver/template/posting_editor.html
+    + styles/subsilver2/template/posting_body.html
+* Since: 3.1.10-RC1
+* Purpose: Add field, text, etc. to the posting after the subject text box
+
 posting_editor_subject_before
 ===
 * Locations:
@@ -1433,6 +1556,14 @@ posting_editor_subject_before
 * Since: 3.1.0-a2
 * Purpose: Add field (e.g. textbox) to the posting screen before the subject
 
+posting_editor_subject_prepend
+===
+* Locations:
+    + styles/prosilver/template/posting_editor.html
+    + styles/subsilver2/template/posting_body.html
+* Since: 3.1.10-RC1
+* Purpose: Add field, text, etc. to the posting before the subject text box
+
 posting_editor_submit_buttons
 ===
 * Locations:
@@ -1494,6 +1625,22 @@ posting_preview_poll_after
 * Since: 3.1.7-RC1
 * Purpose: Add content after the poll preview block
 
+posting_topic_review_row_post_details_after
+===
+* Locations:
+    + styles/prosilver/template/posting_topic_review.html
+    + styles/subsilver2/template/posting_topic_review.html
+* Since: 3.1.10-RC1
+* Purpose: Add content after post details in topic review
+
+posting_topic_review_row_post_details_before
+===
+* Locations:
+    + styles/prosilver/template/posting_topic_review.html
+    + styles/subsilver2/template/posting_topic_review.html
+* Since: 3.1.10-RC1
+* Purpose: Add content before post details in topic review
+
 posting_topic_title_after
 ===
 * Locations:
@@ -1791,6 +1938,18 @@ topiclist_row_append
 * Changed: 3.1.6-RC1 Added event to mcp_forum.html
 * Purpose: Add content into topic rows (inside the elements containing topic titles)
 
+topiclist_row_topic_title_after
+===
+* Locations:
+    + styles/prosilver/template/search_results.html
+    + styles/prosilver/template/viewforum_body.html
+    + styles/prosilver/template/mcp_forum.html
+    + styles/subsilver2/template/search_results.html
+    + styles/subsilver2/template/viewforum_body.html
+    + styles/subsilver2/template/mcp_forum.html
+* Since: 3.1.10-RC1
+* Purpose: Add content into topic rows (after the elements containing the topic titles)
+
 ucp_agreement_terms_after
 ===
 * Locations:
@@ -2165,6 +2324,14 @@ viewforum_body_topic_row_prepend
 * Since: 3.1.7-RC1
 * Purpose: Add content at the end of the topic list item.
 
+viewforum_body_topicrow_row_before
+===
+* Locations:
+    + styles/prosilver/template/viewforum_body.html
+    + styles/subsilver2/template/viewforum_body.html
+* Since: 3.1.10-RC1
+* Purpose: Add content before list of topics.
+
 viewforum_buttons_bottom_before
 ===
 * Locations:
@@ -2441,6 +2608,38 @@ viewtopic_body_post_subject_before
 * Since: 3.1.7-RC1
 * Purpose: Add data before post icon and subject
 
+viewtopic_body_postrow_back2top_after
+===
+* Locations:
+    + styles/prosilver/template/viewtopic_body.html
+    + styles/subsilver2/template/viewtopic_body.html
+* Since: 3.1.8-RC1
+* Purpose: Add content to the post's bottom after the back to top link 
+
+viewtopic_body_postrow_back2top_append
+===
+* Locations:
+    + styles/prosilver/template/viewtopic_body.html
+    + styles/subsilver2/template/viewtopic_body.html
+* Since: 3.1.8-RC1
+* Purpose: Add content to the post's bottom directly after the back to top link 
+
+viewtopic_body_postrow_back2top_before
+===
+* Locations:
+    + styles/prosilver/template/viewtopic_body.html
+    + styles/subsilver2/template/viewtopic_body.html
+* Since: 3.1.8-RC1
+* Purpose: Add content to the post's bottom before the back to top link 
+
+viewtopic_body_postrow_back2top_prepend
+===
+* Locations:
+    + styles/prosilver/template/viewtopic_body.html
+    + styles/subsilver2/template/viewtopic_body.html
+* Since: 3.1.8-RC1
+* Purpose: Add content to the post's bottom directly before the back to top link 
+
 viewtopic_body_postrow_custom_fields_after
 ===
 * Locations:

phpBB/docs/lighttpd.sample.conf

@@ -1,7 +1,7 @@
 # Sample lighttpd configuration file for phpBB.
 # Global settings have been removed, copy them
 # from your system's lighttpd.conf.
-# Tested with lighttpd 1.4.26
+# Tested with lighttpd 1.4.35
 
 # If you want to use the X-Sendfile feature,
 # uncomment the 'allow-x-send-file' for the fastcgi
@@ -16,6 +16,7 @@
 server.modules += ( 
 	"mod_access",
 	"mod_fastcgi",
+	"mod_rewrite",
 	"mod_accesslog"
 )
 
@@ -49,7 +50,15 @@ $HTTP["host"] == "www.myforums.com" {
 	$HTTP["url"] =~ "/\.htaccess|/\.htpasswd|/\.htgroups" {
 		url.access-deny = ( "" )
 	}
-
+	
+	# The following 3 lines will rewrite URLs passed through the front controller
+	# to not require app.php in the actual URL. In other words, a controller is
+	# by default accessed at /app.php/my/controller, but can also be accessed at
+	# /my/controller
+	url.rewrite-if-not-file = (
+	   "^/(.*)$" => "/app.php/$1"
+	)
+	
 	fastcgi.server = ( ".php" => 
 		((
 			"bin-path" => "/usr/bin/php-cgi",

phpBB/feed.php

@@ -84,6 +84,20 @@ $feed->open();
 // Iterate through items
 while ($row = $feed->get_item())
 {
+	/**
+	* Event to modify the feed row
+	*
+	* @event core.feed_modify_feed_row
+	* @var	int		forum_id	Forum ID
+	* @var	string	mode		Feeds mode (forums|topics|topics_new|topics_active|news)
+	* @var	array	row			Array with feed data
+	* @var	int		topic_id	Topic ID
+	*
+	* @since 3.1.10-RC1
+	*/
+	$vars = array('forum_id', 'mode', 'row', 'topic_id');
+	extract($phpbb_dispatcher->trigger_event('core.feed_modify_feed_row', compact($vars)));
+
 	// BBCode options to correctly disable urls, smilies, bbcode...
 	if ($feed->get('options') === NULL)
 	{

phpBB/includes/acp/acp_attachments.php

@@ -1426,7 +1426,7 @@ class acp_attachments
 		$row['group_name'] = $user->lang['NOT_ASSIGNED'];
 		$group_name[] = $row;
 
-		for ($i = 0; $i < sizeof($group_name); $i++)
+		for ($i = 0, $groups_size = sizeof($group_name); $i < $groups_size; $i++)
 		{
 			if ($default_group === false)
 			{
@@ -1735,8 +1735,8 @@ class acp_attachments
 		$size_var = $filesize['si_identifier'];
 		$value = $filesize['value'];
 
-		// size="8" and maxlength="15" attributes as a fallback for browsers that do not support type="number" yet.
-		return '<input type="number" id="' . $key . '" size="8" maxlength="15" min="0" name="config[' . $key . ']" value="' . $value . '" /> <select name="' . $key . '">' . size_select_options($size_var) . '</select>';
+		// size and maxlength must not be specified for input of type number
+		return '<input type="number" id="' . $key . '" min="0" max="999999999999999" step="any" name="config[' . $key . ']" value="' . $value . '" /> <select name="' . $key . '">' . size_select_options($size_var) . '</select>';
 	}
 
 	/**

phpBB/includes/acp/acp_bbcodes.php

@@ -370,7 +370,7 @@ class acp_bbcodes
 		*
 		* @event core.acp_bbcodes_display_form
 		* @var	string	action			Type of the action: modify|create
-		* @var	string	sql_ary			The SQL array to get custom bbcode data
+		* @var	array	sql_ary			The SQL array to get custom bbcode data
 		* @var	array	template_data	Array with form template data
 		* @var	string	u_action		The u_action link
 		* @since 3.1.0-a3

phpBB/includes/acp/acp_board.php

@@ -449,7 +449,7 @@ class acp_board
 
 						'legend2'				=> 'SMTP_SETTINGS',
 						'smtp_delivery'			=> array('lang' => 'USE_SMTP',				'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
-						'smtp_host'				=> array('lang' => 'SMTP_SERVER',			'validate' => 'string',	'type' => 'text:25:50', 'explain' => false),
+						'smtp_host'				=> array('lang' => 'SMTP_SERVER',			'validate' => 'string',	'type' => 'text:25:50', 'explain' => true),
 						'smtp_port'				=> array('lang' => 'SMTP_PORT',				'validate' => 'int:0:99999',	'type' => 'number:0:99999', 'explain' => true),
 						'smtp_auth_method'		=> array('lang' => 'SMTP_AUTH_METHOD',		'validate' => 'string',	'type' => 'select', 'method' => 'mail_auth_select', 'explain' => true),
 						'smtp_username'			=> array('lang' => 'SMTP_USERNAME',			'validate' => 'string',	'type' => 'text:25:255', 'explain' => true),
@@ -842,7 +842,7 @@ class acp_board
 	{
 		global $user;
 
-		return '<input id="' . $key . '" type="number" size="3" maxlength="3" min="1" max="999" name="config[min_name_chars]" value="' . $value . '" /> ' . $user->lang['MIN_CHARS'] . '&nbsp;&nbsp;<input type="number" size="3" maxlength="3" min="8" max="180" name="config[max_name_chars]" value="' . $this->new_config['max_name_chars'] . '" /> ' . $user->lang['MAX_CHARS'];
+		return '<input id="' . $key . '" type="number" min="1" max="999" name="config[min_name_chars]" value="' . $value . '" /> ' . $user->lang['MIN_CHARS'] . '&nbsp;&nbsp;<input type="number" min="8" max="180" name="config[max_name_chars]" value="' . $this->new_config['max_name_chars'] . '" /> ' . $user->lang['MAX_CHARS'];
 	}
 
 	/**
@@ -870,7 +870,7 @@ class acp_board
 	{
 		global $user;
 
-		return '<input id="' . $key . '" type="number" size="3" maxlength="3" min="1" max="999" name="config[min_pass_chars]" value="' . $value . '" /> ' . $user->lang['MIN_CHARS'] . '&nbsp;&nbsp;<input type="number" size="3" maxlength="3" min="8" max="255" name="config[max_pass_chars]" value="' . $this->new_config['max_pass_chars'] . '" /> ' . $user->lang['MAX_CHARS'];
+		return '<input id="' . $key . '" type="number" min="1" max="999" name="config[min_pass_chars]" value="' . $value . '" /> ' . $user->lang['MIN_CHARS'] . '&nbsp;&nbsp;<input type="number" min="8" max="255" name="config[max_pass_chars]" value="' . $this->new_config['max_pass_chars'] . '" /> ' . $user->lang['MAX_CHARS'];
 	}
 
 	/**

phpBB/includes/acp/acp_database.php

@@ -39,6 +39,9 @@ class acp_database
 		$action	= request_var('action', '');
 		$submit = (isset($_POST['submit'])) ? true : false;
 
+		$form_key = 'acp_database';
+		add_form_key($form_key);
+
 		$template->assign_vars(array(
 			'MODE'	=> $mode
 		));
@@ -62,6 +65,11 @@ class acp_database
 							trigger_error($user->lang['TABLE_SELECT_ERROR'] . adm_back_link($this->u_action), E_USER_WARNING);
 						}
 
+						if (!check_form_key($form_key))
+						{
+							trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING);
+						}
+
 						$store = $download = $structure = $schema_data = false;
 
 						if ($where == 'store_and_download' || $where == 'store')

phpBB/includes/acp/acp_extensions.php

@@ -535,7 +535,7 @@ class acp_extensions
 
 		$version_helper = new \phpbb\version_helper($this->cache, $this->config, new \phpbb\file_downloader(), $this->user);
 		$version_helper->set_current_version($meta['version']);
-		$version_helper->set_file_location($version_check['host'], $version_check['directory'], $version_check['filename']);
+		$version_helper->set_file_location($version_check['host'], $version_check['directory'], $version_check['filename'], isset($version_check['ssl']) ? $version_check['ssl'] : false);
 		$version_helper->force_stability($this->config['extension_force_unstable'] ? 'unstable' : null);
 
 		return $updates = $version_helper->get_suggested_updates($force_update, $force_cache);

phpBB/includes/acp/acp_forums.php

@@ -842,9 +842,26 @@ class acp_forums
 			ORDER BY left_id";
 		$result = $db->sql_query($sql);
 
-		if ($row = $db->sql_fetchrow($result))
+		$rowset = array();
+		while ($row = $db->sql_fetchrow($result))
 		{
-			do
+			$rowset[(int) $row['forum_id']] = $row;
+		}
+		$db->sql_freeresult($result);
+
+		/**
+		* Modify the forum list data
+		*
+		* @event core.acp_manage_forums_modify_forum_list
+		* @var	array	rowset	Array with the forums list data
+		* @since 3.1.10-RC1
+		*/
+		$vars = array('rowset');
+		extract($phpbb_dispatcher->trigger_event('core.acp_manage_forums_modify_forum_list', compact($vars)));
+
+		if (!empty($rowset))
+		{
+			foreach ($rowset as $row)
 			{
 				$forum_type = $row['forum_type'];
 
@@ -888,7 +905,6 @@ class acp_forums
 					'U_SYNC'			=> $url . '&action=sync')
 				);
 			}
-			while ($row = $db->sql_fetchrow($result));
 		}
 		else if ($this->parent_id)
 		{
@@ -904,7 +920,7 @@ class acp_forums
 				'U_SYNC'			=> $url . '&action=sync')
 			);
 		}
-		$db->sql_freeresult($result);
+		unset($rowset);
 
 		$template->assign_vars(array(
 			'ERROR_MSG'		=> (sizeof($errors)) ? implode('<br />', $errors) : '',
@@ -1411,7 +1427,7 @@ class acp_forums
 		$diff = sizeof($moved_forums) * 2;
 
 		$moved_ids = array();
-		for ($i = 0; $i < sizeof($moved_forums); ++$i)
+		for ($i = 0, $size = sizeof($moved_forums); $i < $size; ++$i)
 		{
 			$moved_ids[] = $moved_forums[$i]['forum_id'];
 		}

phpBB/includes/acp/acp_groups.php

@@ -324,9 +324,11 @@ class acp_groups
 				$avatar_data = null;
 				$avatar_error = array();
 
+				/** @var \phpbb\avatar\manager $phpbb_avatar_manager */
+				$phpbb_avatar_manager = $phpbb_container->get('avatar.manager');
+
 				if ($config['allow_avatar'])
 				{
-					$phpbb_avatar_manager = $phpbb_container->get('avatar.manager');
 					$avatar_drivers = $phpbb_avatar_manager->get_enabled_drivers();
 
 					// This is normalised data, without the group_ prefix
@@ -667,14 +669,21 @@ class acp_groups
 					$avatars_enabled = false;
 					$selected_driver = $phpbb_avatar_manager->clean_driver_name($request->variable('avatar_driver', $avatar_data['avatar_type']));
 
+					// Assign min and max values before generating avatar driver html
+					$template->assign_vars(array(
+							'AVATAR_MIN_WIDTH'		=> $config['avatar_min_width'],
+							'AVATAR_MAX_WIDTH'		=> $config['avatar_max_width'],
+							'AVATAR_MIN_HEIGHT'		=> $config['avatar_min_height'],
+							'AVATAR_MAX_HEIGHT'		=> $config['avatar_max_height'],
+					));
+
 					foreach ($avatar_drivers as $current_driver)
 					{
 						$driver = $phpbb_avatar_manager->get_driver($current_driver);
 
 						$avatars_enabled = true;
-						$config_name = $phpbb_avatar_manager->get_driver_config_name($driver);
 						$template->set_filenames(array(
-							'avatar' => "acp_avatar_options_{$config_name}.html",
+							'avatar' => $driver->get_acp_template_name(),
 						));
 
 						if ($driver->prepare_form($request, $template, $user, $avatar_data, $avatar_error))

phpBB/includes/acp/acp_icons.php

@@ -40,6 +40,10 @@ class acp_icons
 		$action = (isset($_POST['edit'])) ? 'edit' : $action;
 		$action = (isset($_POST['import'])) ? 'import' : $action;
 		$icon_id = request_var('id', 0);
+		$submit = $request->is_set_post('submit', false);
+
+		$form_key = 'acp_icons';
+		add_form_key($form_key);
 
 		$mode = ($mode == 'smilies') ? 'smilies' : 'icons';
 
@@ -325,6 +329,11 @@ class acp_icons
 			case 'create':
 			case 'modify':
 
+				if (!check_form_key($form_key))
+				{
+					trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING);
+				}
+
 				// Get items to create/modify
 				$images = (isset($_POST['image'])) ? array_keys(request_var('image', array('' => 0))) : array();
 
@@ -513,6 +522,11 @@ class acp_icons
 				{
 					$order = 0;
 
+					if (!check_form_key($form_key))
+					{
+						trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING);
+					}
+
 					if (!($pak_ary = @file($phpbb_root_path . $img_path . '/' . $pak)))
 					{
 						trigger_error($user->lang['PAK_FILE_NOT_READABLE'] . adm_back_link($this->u_action), E_USER_WARNING);
@@ -698,7 +712,7 @@ class acp_icons
 
 				$template->assign_vars(array(
 					'MESSAGE_TITLE'		=> $user->lang['EXPORT_' . $lang],
-					'MESSAGE_TEXT'		=> sprintf($user->lang['EXPORT_' . $lang . '_EXPLAIN'], '<a href="' . $this->u_action . '&amp;action=send">', '</a>'),
+					'MESSAGE_TEXT'		=> sprintf($user->lang['EXPORT_' . $lang . '_EXPLAIN'], '<a href="' . $this->u_action . '&amp;action=send&amp;hash=' . generate_link_hash('acp_icons') . '">', '</a>'),
 
 					'S_USER_NOTICE'		=> true,
 					)
@@ -710,6 +724,11 @@ class acp_icons
 
 			case 'send':
 
+				if (!check_link_hash($request->variable('hash', ''), 'acp_icons'))
+				{
+					trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING);
+				}
+
 				$sql = "SELECT *
 					FROM $table
 					ORDER BY {$fields}_order";
@@ -811,6 +830,11 @@ class acp_icons
 			case 'move_up':
 			case 'move_down':
 
+				if (!check_link_hash($request->variable('hash', ''), 'acp_icons'))
+				{
+					trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING);
+				}
+
 				// Get current order id...
 				$sql = "SELECT {$fields}_order as current_order
 					FROM $table
@@ -928,8 +952,8 @@ class acp_icons
 				'EMOTION'		=> (isset($row['emotion'])) ? $row['emotion'] : '',
 				'U_EDIT'		=> $this->u_action . '&amp;action=edit&amp;id=' . $row[$fields . '_id'],
 				'U_DELETE'		=> $this->u_action . '&amp;action=delete&amp;id=' . $row[$fields . '_id'],
-				'U_MOVE_UP'		=> $this->u_action . '&amp;action=move_up&amp;id=' . $row[$fields . '_id'] . '&amp;start=' . $pagination_start,
-				'U_MOVE_DOWN'	=> $this->u_action . '&amp;action=move_down&amp;id=' . $row[$fields . '_id'] . '&amp;start=' . $pagination_start,
+				'U_MOVE_UP'		=> $this->u_action . '&amp;action=move_up&amp;id=' . $row[$fields . '_id'] . '&amp;start=' . $pagination_start . '&amp;hash=' . generate_link_hash('acp_icons'),
+				'U_MOVE_DOWN'	=> $this->u_action . '&amp;action=move_down&amp;id=' . $row[$fields . '_id'] . '&amp;start=' . $pagination_start . '&amp;hash=' . generate_link_hash('acp_icons'),
 			));
 
 			if (!$spacer && !$row['display_on_posting'])

phpBB/includes/acp/acp_language.php

@@ -244,6 +244,11 @@ class acp_language
 			break;
 
 			case 'install':
+				if (!check_link_hash($request->variable('hash', ''), 'acp_language'))
+				{
+					trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING);
+				}
+
 				$lang_iso = request_var('iso', '');
 				$lang_iso = basename($lang_iso);
 
@@ -423,7 +428,7 @@ class acp_language
 					'ISO'			=> htmlspecialchars($lang_ary['iso']),
 					'LOCAL_NAME'	=> htmlspecialchars($lang_ary['local_name'], ENT_COMPAT, 'UTF-8'),
 					'NAME'			=> htmlspecialchars($lang_ary['name'], ENT_COMPAT, 'UTF-8'),
-					'U_INSTALL'		=> $this->u_action . '&action=install&iso=' . urlencode($lang_ary['iso']))
+					'U_INSTALL'		=> $this->u_action . '&action=install&iso=' . urlencode($lang_ary['iso']) . '&hash=' . generate_link_hash('acp_language'))
 				);
 			}
 		}

phpBB/includes/acp/acp_main.php

@@ -453,6 +453,12 @@ class acp_main
 			$template->assign_var('S_VERSION_UP_TO_DATE', true);
 		}
 
+		// Incomplete update?
+		if (phpbb_version_compare($config['version'], PHPBB_VERSION, '<'))
+		{
+			$template->assign_var('S_UPDATE_INCOMPLETE', true);
+		}
+
 		/**
 		* Notice admin
 		*

phpBB/includes/acp/acp_modules.php

@@ -46,6 +46,9 @@ class acp_modules
 		$user->add_lang('acp/modules');
 		$this->tpl_name = 'acp_modules';
 
+		$form_key = 'acp_modules';
+		add_form_key($form_key);
+
 		// module class
 		$this->module_class = $mode;
 
@@ -119,6 +122,11 @@ class acp_modules
 					trigger_error($user->lang['NO_MODULE_ID'] . adm_back_link($this->u_action . '&parent_id=' . $this->parent_id), E_USER_WARNING);
 				}
 
+				if (!check_link_hash($request->variable('hash', ''), 'acp_modules'))
+				{
+					trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&parent_id=' . $this->parent_id), E_USER_WARNING);
+				}
+
 				$sql = 'SELECT *
 					FROM ' . MODULES_TABLE . "
 					WHERE module_class = '" . $db->sql_escape($this->module_class) . "'
@@ -150,6 +158,11 @@ class acp_modules
 					trigger_error($user->lang['NO_MODULE_ID'] . adm_back_link($this->u_action . '&parent_id=' . $this->parent_id), E_USER_WARNING);
 				}
 
+				if (!check_link_hash($request->variable('hash', ''), 'acp_modules'))
+				{
+					trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&parent_id=' . $this->parent_id), E_USER_WARNING);
+				}
+
 				$sql = 'SELECT *
 					FROM ' . MODULES_TABLE . "
 					WHERE module_class = '" . $db->sql_escape($this->module_class) . "'
@@ -273,6 +286,11 @@ class acp_modules
 
 				if ($submit)
 				{
+					if (!check_form_key($form_key))
+					{
+						trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action . '&parent_id=' . $this->parent_id), E_USER_WARNING);
+					}
+
 					if (!$module_data['module_langname'])
 					{
 						trigger_error($user->lang['NO_MODULE_LANGNAME'] . adm_back_link($this->u_action . '&parent_id=' . $this->parent_id), E_USER_WARNING);
@@ -460,12 +478,12 @@ class acp_modules
 					'S_ACP_MODULE_MANAGEMENT'	=> ($this->module_class == 'acp' && ($row['module_basename'] == 'modules' || $row['module_langname'] == 'ACP_MODULE_MANAGEMENT')) ? true : false,
 
 					'U_MODULE'			=> $this->u_action . '&parent_id=' . $row['module_id'],
-					'U_MOVE_UP'			=> $url . '&action=move_up',
-					'U_MOVE_DOWN'		=> $url . '&action=move_down',
+					'U_MOVE_UP'			=> $url . '&action=move_up&hash=' . generate_link_hash('acp_modules'),
+					'U_MOVE_DOWN'		=> $url . '&action=move_down&hash=' . generate_link_hash('acp_modules'),
 					'U_EDIT'			=> $url . '&action=edit',
 					'U_DELETE'			=> $url . '&action=delete',
-					'U_ENABLE'			=> $url . '&action=enable',
-					'U_DISABLE'			=> $url . '&action=disable')
+					'U_ENABLE'			=> $url . '&action=enable&hash=' . generate_link_hash('acp_modules'),
+					'U_DISABLE'			=> $url . '&action=disable&hash=' . generate_link_hash('acp_modules'))
 				);
 			}
 			while ($row = $db->sql_fetchrow($result));
@@ -484,8 +502,8 @@ class acp_modules
 
 				'U_EDIT'			=> $url . '&action=edit',
 				'U_DELETE'			=> $url . '&action=delete',
-				'U_ENABLE'			=> $url . '&action=enable',
-				'U_DISABLE'			=> $url . '&action=disable')
+				'U_ENABLE'			=> $url . '&action=enable&hash=' . generate_link_hash('acp_modules'),
+				'U_DISABLE'			=> $url . '&action=disable&hash=' . generate_link_hash('acp_modules'))
 			);
 		}
 		$db->sql_freeresult($result);
@@ -888,7 +906,7 @@ class acp_modules
 		$diff = sizeof($moved_modules) * 2;
 
 		$moved_ids = array();
-		for ($i = 0; $i < sizeof($moved_modules); ++$i)
+		for ($i = 0, $size = sizeof($moved_modules); $i < $size; ++$i)
 		{
 			$moved_ids[] = $moved_modules[$i]['module_id'];
 		}

phpBB/includes/acp/acp_permission_roles.php

@@ -366,6 +366,11 @@ class acp_permission_roles
 			case 'move_up':
 			case 'move_down':
 
+				if (!check_link_hash($request->variable('hash', ''), 'acp_permission_roles'))
+				{
+					trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING);
+				}
+
 				$sql = 'SELECT role_order
 					FROM ' . ACL_ROLES_TABLE . "
 					WHERE role_id = $role_id";
@@ -440,8 +445,8 @@ class acp_permission_roles
 
 				'U_EDIT'			=> $this->u_action . '&action=edit&role_id=' . $row['role_id'],
 				'U_REMOVE'			=> $this->u_action . '&action=remove&role_id=' . $row['role_id'],
-				'U_MOVE_UP'			=> $this->u_action . '&action=move_up&role_id=' . $row['role_id'],
-				'U_MOVE_DOWN'		=> $this->u_action . '&action=move_down&role_id=' . $row['role_id'],
+				'U_MOVE_UP'			=> $this->u_action . '&action=move_up&role_id=' . $row['role_id'] . '&hash=' . generate_link_hash('acp_permission_roles'),
+				'U_MOVE_DOWN'		=> $this->u_action . '&action=move_down&role_id=' . $row['role_id'] . '&hash=' . generate_link_hash('acp_permission_roles'),
 				'U_DISPLAY_ITEMS'	=> ($row['role_id'] == $display_item) ? '' : $this->u_action . '&display_item=' . $row['role_id'] . '#assigned_to')
 			);
 

phpBB/includes/acp/acp_profile.php

@@ -53,6 +53,9 @@ class acp_profile
 		$error = array();
 		$s_hidden_fields = '';
 
+		$form_key = 'acp_profile';
+		add_form_key($form_key);
+
 		if (!$field_id && in_array($action, array('delete','activate', 'deactivate', 'move_up', 'move_down', 'edit')))
 		{
 			trigger_error($user->lang['NO_FIELD_ID'] . adm_back_link($this->u_action), E_USER_WARNING);
@@ -161,6 +164,11 @@ class acp_profile
 
 			case 'activate':
 
+				if (!check_link_hash($request->variable('hash', ''), 'acp_profile'))
+				{
+					trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING);
+				}
+
 				$sql = 'SELECT lang_id
 					FROM ' . LANG_TABLE . "
 					WHERE lang_iso = '" . $db->sql_escape($config['default_lang']) . "'";
@@ -201,6 +209,11 @@ class acp_profile
 
 			case 'deactivate':
 
+				if (!check_link_hash($request->variable('hash', ''), 'acp_profile'))
+				{
+					trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING);
+				}
+
 				$sql = 'UPDATE ' . PROFILE_FIELDS_TABLE . "
 					SET field_active = 0
 					WHERE field_id = $field_id";
@@ -230,6 +243,11 @@ class acp_profile
 			case 'move_up':
 			case 'move_down':
 
+				if (!check_link_hash($request->variable('hash', ''), 'acp_profile'))
+				{
+					trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING);
+				}
+
 				$sql = 'SELECT field_order
 					FROM ' . PROFILE_FIELDS_TABLE . "
 					WHERE field_id = $field_id";
@@ -579,6 +597,11 @@ class acp_profile
 
 				if (!sizeof($error))
 				{
+					if (!check_form_key($form_key))
+					{
+						trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING);
+					}
+
 					if (($step == 3 && (sizeof($this->lang_defs['iso']) == 1 || $save)) || ($action == 'edit' && $save))
 					{
 						$this->save_profile_field($cp, $field_type, $action);
@@ -735,12 +758,12 @@ class acp_profile
 				'FIELD_TYPE'		=> $profile_field->get_name(),
 
 				'L_ACTIVATE_DEACTIVATE'		=> $user->lang[$active_lang],
-				'U_ACTIVATE_DEACTIVATE'		=> $this->u_action . "&action=$active_value&field_id=$id",
+				'U_ACTIVATE_DEACTIVATE'		=> $this->u_action . "&action=$active_value&field_id=$id" . '&hash=' . generate_link_hash('acp_profile'),
 				'U_EDIT'					=> $this->u_action . "&action=edit&field_id=$id",
 				'U_TRANSLATE'				=> $this->u_action . "&action=edit&field_id=$id&step=3",
 				'U_DELETE'					=> $this->u_action . "&action=delete&field_id=$id",
-				'U_MOVE_UP'					=> $this->u_action . "&action=move_up&field_id=$id",
-				'U_MOVE_DOWN'				=> $this->u_action . "&action=move_down&field_id=$id",
+				'U_MOVE_UP'					=> $this->u_action . "&action=move_up&field_id=$id" . '&hash=' . generate_link_hash('acp_profile'),
+				'U_MOVE_DOWN'				=> $this->u_action . "&action=move_down&field_id=$id" . '&hash=' . generate_link_hash('acp_profile'),
 
 				'S_NEED_EDIT'				=> $s_need_edit)
 			);

phpBB/includes/acp/acp_reasons.php

@@ -282,6 +282,11 @@ class acp_reasons
 			case 'move_up':
 			case 'move_down':
 
+				if (!check_link_hash($request->variable('hash', ''), 'acp_reasons'))
+				{
+					trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING);
+				}
+
 				$sql = 'SELECT reason_order
 					FROM ' . REPORTS_REASONS_TABLE . "
 					WHERE reason_id = $reason_id";
@@ -383,8 +388,8 @@ class acp_reasons
 
 				'U_EDIT'		=> $this->u_action . '&action=edit&id=' . $row['reason_id'],
 				'U_DELETE'		=> (!$other_reason) ? $this->u_action . '&action=delete&id=' . $row['reason_id'] : '',
-				'U_MOVE_UP'		=> $this->u_action . '&action=move_up&id=' . $row['reason_id'],
-				'U_MOVE_DOWN'	=> $this->u_action . '&action=move_down&id=' . $row['reason_id'])
+				'U_MOVE_UP'		=> $this->u_action . '&action=move_up&id=' . $row['reason_id'] . '&hash=' . generate_link_hash('acp_reasons'),
+				'U_MOVE_DOWN'	=> $this->u_action . '&action=move_down&id=' . $row['reason_id'] . '&hash=' . generate_link_hash('acp_reasons'))
 			);
 		}
 		$db->sql_freeresult($result);

phpBB/includes/acp/acp_search.php

@@ -54,6 +54,13 @@ class acp_search
 		global $config, $phpbb_root_path, $phpbb_admin_path, $phpEx;
 
 		$submit = (isset($_POST['submit'])) ? true : false;
+		$form_key = 'acp_search';
+		add_form_key($form_key);
+
+		if ($submit && !check_form_key($form_key))
+		{
+			trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING);
+		}
 
 		$search_types = $this->get_search_types();
 
@@ -232,7 +239,7 @@ class acp_search
 
 	function index($id, $mode)
 	{
-		global $db, $user, $auth, $template, $cache;
+		global $db, $user, $auth, $template, $cache, $request;
 		global $config, $phpbb_root_path, $phpbb_admin_path, $phpEx;
 
 		$action = request_var('action', '');
@@ -244,6 +251,15 @@ class acp_search
 			$this->state = array();
 			$this->save_state();
 		}
+		$submit = $request->is_set_post('submit', false);
+
+		$form_key = 'acp_search';
+		add_form_key($form_key);
+
+		if (!check_form_key($form_key) && in_array($action, array('delete', 'create')))
+		{
+			trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING);
+		}
 
 		if ($action)
 		{

phpBB/includes/acp/acp_update.php

@@ -62,5 +62,17 @@ class acp_update
 
 			'UPDATE_INSTRUCTIONS'	=> sprintf($user->lang['UPDATE_INSTRUCTIONS'], $update_link),
 		));
+
+		// Incomplete update?
+		if (phpbb_version_compare($config['version'], PHPBB_VERSION, '<'))
+		{
+			$database_update_link = append_sid($phpbb_root_path . 'install/database_update.' . $phpEx);
+
+			$template->assign_vars(array(
+				'S_UPDATE_INCOMPLETE'		=> true,
+				'FILES_VERSION'				=> PHPBB_VERSION,
+				'INCOMPLETE_INSTRUCTIONS'	=> $user->lang('UPDATE_INCOMPLETE_EXPLAIN', $database_update_link),
+			));
+		}
 	}
 }

phpBB/includes/acp/acp_users.php

@@ -1587,7 +1587,7 @@ class acp_users
 				if ($submit)
 				{
 					$error = validate_data($data, array(
-						'dateformat'	=> array('string', false, 1, 30),
+						'dateformat'	=> array('string', false, 1, 64),
 						'lang'			=> array('match', false, '#^[a-z_\-]{2,}$#i'),
 						'tz'			=> array('timezone'),
 
@@ -1809,10 +1809,11 @@ class acp_users
 			case 'avatar':
 
 				$avatars_enabled = false;
+				/** @var \phpbb\avatar\manager $phpbb_avatar_manager */
+				$phpbb_avatar_manager = $phpbb_container->get('avatar.manager');
 
 				if ($config['allow_avatar'])
 				{
-					$phpbb_avatar_manager = $phpbb_container->get('avatar.manager');
 					$avatar_drivers = $phpbb_avatar_manager->get_enabled_drivers();
 
 					// This is normalised data, without the user_ prefix
@@ -1873,14 +1874,21 @@ class acp_users
 
 					$selected_driver = $phpbb_avatar_manager->clean_driver_name($request->variable('avatar_driver', $user_row['user_avatar_type']));
 
+					// Assign min and max values before generating avatar driver html
+					$template->assign_vars(array(
+						'AVATAR_MIN_WIDTH'		=> $config['avatar_min_width'],
+						'AVATAR_MAX_WIDTH'		=> $config['avatar_max_width'],
+						'AVATAR_MIN_HEIGHT'		=> $config['avatar_min_height'],
+						'AVATAR_MAX_HEIGHT'		=> $config['avatar_max_height'],
+					));
+
 					foreach ($avatar_drivers as $current_driver)
 					{
 						$driver = $phpbb_avatar_manager->get_driver($current_driver);
 
 						$avatars_enabled = true;
-						$config_name = $phpbb_avatar_manager->get_driver_config_name($driver);
 						$template->set_filenames(array(
-							'avatar' => "acp_avatar_options_{$config_name}.html",
+							'avatar' => $driver->get_acp_template_name(),
 						));
 
 						if ($driver->prepare_form($request, $template, $user, $avatar_data, $error))
@@ -1900,8 +1908,12 @@ class acp_users
 					}
 				}
 
-				// Replace "error" strings with their real, localised form
-				$error = $phpbb_avatar_manager->localize_errors($user, $error);
+				// Avatar manager is not initialized if avatars are disabled
+				if (isset($phpbb_avatar_manager))
+				{
+					// Replace "error" strings with their real, localised form
+					$error = $phpbb_avatar_manager->localize_errors($user, $error);
+				}
 
 				$avatar = phpbb_get_user_avatar($user_row, 'USER_AVATAR', true);
 
@@ -2262,6 +2274,12 @@ class acp_users
 						{
 							trigger_error($user->lang['NO_GROUP'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
 						}
+
+						if (!check_link_hash($request->variable('hash', ''), 'acp_users'))
+						{
+							trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING);
+						}
+
 						group_user_attributes($action, $group_id, $user_id);
 
 						if ($action == 'default')
@@ -2419,8 +2437,8 @@ class acp_users
 					{
 						$template->assign_block_vars('group', array(
 							'U_EDIT_GROUP'		=> append_sid("{$phpbb_admin_path}index.$phpEx", "i=groups&mode=manage&action=edit&u=$user_id&g={$data['group_id']}&back_link=acp_users_groups"),
-							'U_DEFAULT'			=> $this->u_action . "&action=default&u=$user_id&g=" . $data['group_id'],
-							'U_DEMOTE_PROMOTE'	=> $this->u_action . '&action=' . (($data['group_leader']) ? 'demote' : 'promote') . "&u=$user_id&g=" . $data['group_id'],
+							'U_DEFAULT'			=> $this->u_action . "&action=default&u=$user_id&g=" . $data['group_id'] . '&hash=' . generate_link_hash('acp_users'),
+							'U_DEMOTE_PROMOTE'	=> $this->u_action . '&action=' . (($data['group_leader']) ? 'demote' : 'promote') . "&u=$user_id&g=" . $data['group_id'] . '&hash=' . generate_link_hash('acp_users'),
 							'U_DELETE'			=> $this->u_action . "&action=delete&u=$user_id&g=" . $data['group_id'],
 							'U_APPROVE'			=> ($group_type == 'pending') ? $this->u_action . "&action=approve&u=$user_id&g=" . $data['group_id'] : '',
 

phpBB/includes/constants.php

@@ -28,7 +28,7 @@ if (!defined('IN_PHPBB'))
 */
 
 // phpBB Version
-define('PHPBB_VERSION', '3.1.7-pl1');
+define('PHPBB_VERSION', '3.1.10');
 
 // QA-related
 // define('PHPBB_QA', 1);

phpBB/includes/functions.php

@@ -2234,6 +2234,12 @@ function generate_board_url($without_script_path = false)
 
 	$server_name = $user->host;
 	$server_port = $request->server('SERVER_PORT', 0);
+	$forwarded_proto = $request->server('HTTP_X_FORWARDED_PROTO');
+
+	if (!empty($forwarded_proto) && $forwarded_proto === 'https')
+	{
+		$server_port = 443;
+	}
 
 	// Forcing server vars is the only way to specify/override the protocol
 	if ($config['force_server_vars'] || !$server_name)
@@ -2401,6 +2407,7 @@ function redirect($url, $return = false, $disable_cd_check = false)
 		echo '<html dir="' . $user->lang['DIRECTION'] . '" lang="' . $user->lang['USER_LANG'] . '">';
 		echo '<head>';
 		echo '<meta charset="utf-8">';
+		echo '<meta http-equiv="X-UA-Compatible" content="IE=edge">';
 		echo '<meta http-equiv="refresh" content="0; url=' . str_replace('&', '&amp;', $url) . '" />';
 		echo '<title>' . $user->lang['REDIRECT'] . '</title>';
 		echo '</head>';
@@ -2821,6 +2828,21 @@ function login_box($redirect = '', $l_explain = '', $l_success = '', $admin = fa
 		$user->setup();
 	}
 
+	/**
+	 * This event allows an extension to modify the login process
+	 *
+	 * @event core.login_box_before
+	 * @var string	redirect	Redirect string
+	 * @var string	l_explain	Explain language string
+	 * @var string	l_success	Success language string
+	 * @var	bool	admin		Is admin?
+	 * @var bool	s_display	Display full login form?
+	 * @var string	err			Error string
+	 * @since 3.1.9-RC1
+	 */
+	$vars = array('redirect', 'l_explain', 'l_success', 'admin', 's_display', 'err');
+	extract($phpbb_dispatcher->trigger_event('core.login_box_before', compact($vars)));
+
 	// Print out error if user tries to authenticate as an administrator without having the privileges...
 	if ($admin && !$auth->acl_get('a_'))
 	{
@@ -2833,7 +2855,7 @@ function login_box($redirect = '', $l_explain = '', $l_success = '', $admin = fa
 		trigger_error('NO_AUTH_ADMIN');
 	}
 
-	if ($request->is_set_post('login') || ($request->is_set('login') && $request->variable('login', '') == 'external'))
+	if (empty($err) && ($request->is_set_post('login') || ($request->is_set('login') && $request->variable('login', '') == 'external')))
 	{
 		// Get credential
 		if ($admin)
@@ -2902,11 +2924,11 @@ function login_box($redirect = '', $l_explain = '', $l_success = '', $admin = fa
 			*
 			* @event core.login_box_redirect
 			* @var  string	redirect	Redirect string
-			* @var	boolean	admin		Is admin?
-			* @var	bool	return		If true, do not redirect but return the sanitized URL.
+			* @var	bool	admin		Is admin?
 			* @since 3.1.0-RC5
+			* @changed 3.1.9-RC1 Removed undefined return variable
 			*/
-			$vars = array('redirect', 'admin', 'return');
+			$vars = array('redirect', 'admin');
 			extract($phpbb_dispatcher->trigger_event('core.login_box_redirect', compact($vars)));
 
 			// append/replace SID (may change during the session for AOL users)
@@ -3982,6 +4004,7 @@ function msg_handler($errno, $msg_text, $errfile, $errline)
 			echo '<html dir="ltr">';
 			echo '<head>';
 			echo '<meta charset="utf-8">';
+			echo '<meta http-equiv="X-UA-Compatible" content="IE=edge">';
 			echo '<title>' . $msg_title . '</title>';
 			echo '<style type="text/css">' . "\n" . '/* <![CDATA[ */' . "\n";
 			echo '* { margin: 0; padding: 0; } html { font-size: 100%; height: 100%; margin-bottom: 1px; background-color: #E4EDF0; } body { font-family: "Lucida Grande", Verdana, Helvetica, Arial, sans-serif; color: #536482; background: #E4EDF0; font-size: 62.5%; margin: 0; } ';
@@ -4283,7 +4306,7 @@ function obtain_users_online_string($online_users, $item_id = 0, $item = 'forum'
 		* @var	string	item			Restrict online users to a certain
 		*								session item, e.g. forum for
 		*								session_forum_id
-		* @var	string	sql_ary			SQL query to obtain users online data
+		* @var	array	sql_ary			SQL query array to obtain users online data
 		* @since 3.1.4-RC1
 		* @changed 3.1.7-RC1			Change sql query into array and adjust var accordingly. Allows extension authors the ability to adjust the sql_ary.
 		*/
@@ -4311,6 +4334,30 @@ function obtain_users_online_string($online_users, $item_id = 0, $item = 'forum'
 			}
 		}
 	}
+
+	/**
+	* Modify online userlist data
+	*
+	* @event core.obtain_users_online_string_before_modify
+	* @var	array	online_users		Array with online users data
+	*									from obtain_users_online()
+	* @var	int		item_id				Restrict online users to item id
+	* @var	string	item				Restrict online users to a certain
+	*									session item, e.g. forum for
+	*									session_forum_id
+	* @var	array	rowset				Array with online users data
+	* @var	array	user_online_link	Array with online users items (usernames)
+	* @since 3.1.10-RC1
+	*/
+	$vars = array(
+		'online_users',
+		'item_id',
+		'item',
+		'rowset',
+		'user_online_link',
+	);
+	extract($phpbb_dispatcher->trigger_event('core.obtain_users_online_string_before_modify', compact($vars)));
+
 	$online_userlist = implode(', ', $user_online_link);
 
 	if (!$online_userlist)
@@ -4909,7 +4956,7 @@ function phpbb_get_avatar($row, $alt, $ignore_config = false, $lazy = false)
 /**
 * Generate page header
 */
-function page_header($page_title = '', $display_online_list = false, $item_id = 0, $item = 'forum')
+function page_header($page_title = '', $display_online_list = false, $item_id = 0, $item = 'forum', $send_headers = true)
 {
 	global $db, $config, $template, $SID, $_SID, $_EXTRA_URL, $user, $auth, $phpEx, $phpbb_root_path;
 	global $phpbb_dispatcher, $request, $phpbb_container, $phpbb_admin_path;
@@ -4969,6 +5016,8 @@ function page_header($page_title = '', $display_online_list = false, $item_id =
 		}
 	}
 
+	$user->update_session_infos();
+
 	// Generate logged in/logged out status
 	if ($user->data['user_id'] != ANONYMOUS)
 	{
@@ -5247,17 +5296,22 @@ function page_header($page_title = '', $display_online_list = false, $item_id =
 		'SITE_LOGO_IMG'			=> $user->img('site_logo'),
 	));
 
-	// An array of http headers that phpbb will set. The following event may override these.
-	$http_headers = array(
-		// application/xhtml+xml not used because of IE
-		'Content-type' => 'text/html; charset=UTF-8',
-		'Cache-Control' => 'private, no-cache="set-cookie"',
-		'Expires' => gmdate('D, d M Y H:i:s', time()) . ' GMT',
-	);
-	if (!empty($user->data['is_bot']))
+	$http_headers = array();
+
+	if ($send_headers)
 	{
-		// Let reverse proxies know we detected a bot.
-		$http_headers['X-PHPBB-IS-BOT'] = 'yes';
+		// An array of http headers that phpbb will set. The following event may override these.
+		$http_headers += array(
+			// application/xhtml+xml not used because of IE
+			'Content-type' => 'text/html; charset=UTF-8',
+			'Cache-Control' => 'private, no-cache="set-cookie"',
+			'Expires' => gmdate('D, d M Y H:i:s', time()) . ' GMT',
+		);
+		if (!empty($user->data['is_bot']))
+		{
+			// Let reverse proxies know we detected a bot.
+			$http_headers['X-PHPBB-IS-BOT'] = 'yes';
+		}
 	}
 
 	/**
@@ -5395,8 +5449,6 @@ function page_footer($run_cron = true, $display_template = true, $exit_handler =
 		return;
 	}
 
-	$user->update_session_infos();
-
 	phpbb_check_and_display_sql_report($request, $auth, $db);
 
 	$template->assign_vars(array(

phpBB/includes/functions_acp.php

@@ -55,6 +55,8 @@ function adm_page_header($page_title)
 		return;
 	}
 
+	$user->update_session_infos();
+
 	// gzip_compression
 	if ($config['gzip_compress'])
 	{
@@ -164,8 +166,6 @@ function adm_page_footer($copyright_html = true)
 		return;
 	}
 
-	$user->update_session_infos();
-
 	phpbb_check_and_display_sql_report($request, $auth, $db);
 
 	$template->assign_vars(array(
@@ -256,46 +256,49 @@ function build_cfg_template($tpl_type, $key, &$new, $config_key, $vars)
 		case 'text':
 		case 'url':
 		case 'email':
-		case 'color':
-		case 'date':
-		case 'time':
-		case 'datetime':
-		case 'datetime-local':
-		case 'month':
-		case 'range':
-		case 'search':
 		case 'tel':
-		case 'week':
+		case 'search':
+			// maxlength and size are only valid for these types and will be
+			// ignored for other input types.
 			$size = (int) $tpl_type[1];
 			$maxlength = (int) $tpl_type[2];
 
 			$tpl = '<input id="' . $key . '" type="' . $tpl_type[0] . '"' . (($size) ? ' size="' . $size . '"' : '') . ' maxlength="' . (($maxlength) ? $maxlength : 255) . '" name="' . $name . '" value="' . $new[$config_key] . '"' . (($tpl_type[0] === 'password') ?  ' autocomplete="off"' : '') . ' />';
 		break;
 
+		case 'color':
+		case 'datetime':
+		case 'datetime-local':
+		case 'month':
+		case 'week':
+			$tpl = '<input id="' . $key . '" type="' . $tpl_type[0] . '" name="' . $name . '" value="' . $new[$config_key] . '" />';
+		break;
+
+		case 'date':
+		case 'time':
 		case 'number':
-			$min = $max = $maxlength = '';
+		case 'range':
+			$max = '';
 			$min = ( isset($tpl_type[1]) ) ? (int) $tpl_type[1] : false;
 			if ( isset($tpl_type[2]) )
 			{
 				$max = (int) $tpl_type[2];
-				$maxlength = strlen( (string) $max );
 			}
 
-			$tpl = '<input id="' . $key . '" type="number" maxlength="' . (( $maxlength != '' ) ? $maxlength : 255) . '"' . (( $min != '' ) ? ' min="' . $min . '"' : '') . (( $max != '' ) ? ' max="' . $max . '"' : '') . ' name="' . $name . '" value="' . $new[$config_key] . '" />';
+			$tpl = '<input id="' . $key . '" type="' . $tpl_type[0] . '"' . (( $min != '' ) ? ' min="' . $min . '"' : '') . (( $max != '' ) ? ' max="' . $max . '"' : '') . ' name="' . $name . '" value="' . $new[$config_key] . '" />';
 		break;
 
 		case 'dimension':
-			$min = $max = $maxlength = $size = '';
+			$max = '';
 
 			$min = (int) $tpl_type[1];
 
 			if ( isset($tpl_type[2]) )
 			{
 				$max = (int) $tpl_type[2];
-				$size = $maxlength = strlen( (string) $max );
 			}
 
-			$tpl = '<input id="' . $key . '" type="number"' . (( $size != '' ) ? ' size="' . $size . '"' : '') . ' maxlength="' . (($maxlength != '') ? $maxlength : 255) . '"' . (( $min !== '' ) ? ' min="' . $min . '"' : '') . (( $max != '' ) ? ' max="' . $max . '"' : '') . ' name="config[' . $config_key . '_width]" value="' . $new[$config_key . '_width'] . '" /> x <input type="number"' . (( $size != '' ) ? ' size="' . $size . '"' : '') . ' maxlength="' . (($maxlength != '') ? $maxlength : 255) . '"' . (( $min !== '' ) ? ' min="' . $min . '"' : '') . (( $max != '' ) ? ' max="' . $max . '"' : '') . ' name="config[' . $config_key . '_height]" value="' . $new[$config_key . '_height'] . '" />';
+			$tpl = '<input id="' . $key . '" type="number"' . (( $min !== '' ) ? ' min="' . $min . '"' : '') . (( $max != '' ) ? ' max="' . $max . '"' : '') . ' name="config[' . $config_key . '_width]" value="' . $new[$config_key . '_width'] . '" /> x <input type="number"' . (( $min !== '' ) ? ' min="' . $min . '"' : '') . (( $max != '' ) ? ' max="' . $max . '"' : '') . ' name="config[' . $config_key . '_height]" value="' . $new[$config_key . '_height'] . '" />';
 		break;
 
 		case 'textarea':

phpBB/includes/functions_admin.php

@@ -65,7 +65,7 @@ function recalc_nested_sets(&$new_id, $pkey, $table, $parent_id = 0, $where = ar
 */
 function make_forum_select($select_id = false, $ignore_id = false, $ignore_acl = false, $ignore_nonpost = false, $ignore_emptycat = true, $only_acl_post = false, $return_array = false)
 {
-	global $db, $user, $auth;
+	global $db, $user, $auth, $phpbb_dispatcher;
 
 	// This query is identical to the jumpbox one
 	$sql = 'SELECT forum_id, forum_name, parent_id, forum_type, forum_flags, forum_options, left_id, right_id
@@ -73,16 +73,33 @@ function make_forum_select($select_id = false, $ignore_id = false, $ignore_acl =
 		ORDER BY left_id ASC';
 	$result = $db->sql_query($sql, 600);
 
+	$rowset = array();
+	while ($row = $db->sql_fetchrow($result))
+	{
+		$rowset[(int) $row['forum_id']] = $row;
+	}
+	$db->sql_freeresult($result);
+
 	$right = 0;
 	$padding_store = array('0' => '');
 	$padding = '';
 	$forum_list = ($return_array) ? array() : '';
 
+	/**
+	* Modify the forum list data
+	*
+	* @event core.make_forum_select_modify_forum_list
+	* @var	array	rowset	Array with the forums list data
+	* @since 3.1.10-RC1
+	*/
+	$vars = array('rowset');
+	extract($phpbb_dispatcher->trigger_event('core.make_forum_select_modify_forum_list', compact($vars)));
+
 	// Sometimes it could happen that forums will be displayed here not be displayed within the index page
 	// This is the result of forums not displayed at index, having list permissions and a parent of a forum with no permissions.
 	// If this happens, the padding could be "broken"
 
-	while ($row = $db->sql_fetchrow($result))
+	foreach ($rowset as $row)
 	{
 		if ($row['left_id'] < $right)
 		{
@@ -133,8 +150,7 @@ function make_forum_select($select_id = false, $ignore_id = false, $ignore_acl =
 			$forum_list .= '<option value="' . $row['forum_id'] . '"' . (($disabled) ? ' disabled="disabled" class="disabled-option"' : $selected) . '>' . $padding . $row['forum_name'] . '</option>';
 		}
 	}
-	$db->sql_freeresult($result);
-	unset($padding_store);
+	unset($padding_store, $rowset);
 
 	return $forum_list;
 }
@@ -201,7 +217,7 @@ function group_select_options($group_id, $exclude_ids = false, $manage_founder =
 */
 function get_forum_list($acl_list = 'f_list', $id_only = true, $postable_only = false, $no_cache = false)
 {
-	global $db, $auth;
+	global $db, $auth, $phpbb_dispatcher;
 	static $forum_rows;
 
 	if (!isset($forum_rows))
@@ -256,6 +272,16 @@ function get_forum_list($acl_list = 'f_list', $id_only = true, $postable_only =
 		}
 	}
 
+	/**
+	* Modify the forum list data
+	*
+	* @event core.get_forum_list_modify_data
+	* @var	array	rowset	Array with the forum list data
+	* @since 3.1.10-RC1
+	*/
+	$vars = array('rowset');
+	extract($phpbb_dispatcher->trigger_event('core.get_forum_list_modify_data', compact($vars)));
+
 	return $rowset;
 }
 
@@ -2531,7 +2557,7 @@ function sync($mode, $where_type = '', $where_ids = '', $resync_parents = false,
 /**
 * Prune function
 */
-function prune($forum_id, $prune_mode, $prune_date, $prune_flags = 0, $auto_sync = true)
+function prune($forum_id, $prune_mode, $prune_date, $prune_flags = 0, $auto_sync = true, $prune_limit = 0)
 {
 	global $db, $phpbb_dispatcher;
 
@@ -2583,9 +2609,19 @@ function prune($forum_id, $prune_mode, $prune_date, $prune_flags = 0, $auto_sync
 	* @var int		prune_flags		The prune flags
 	* @var bool		auto_sync		Whether or not to perform auto sync
 	* @var string	sql_and			SQL text appended to where clause
+	* @var int		prune_limit		The prune limit
 	* @since 3.1.3-RC1
+	* @changed 3.1.10-RC1			Added prune_limit
 	*/
-	$vars = array('forum_id', 'prune_mode', 'prune_date', 'prune_flags', 'auto_sync', 'sql_and');
+	$vars = array(
+		'forum_id',
+		'prune_mode',
+		'prune_date',
+		'prune_flags',
+		'auto_sync',
+		'sql_and',
+		'prune_limit',
+	);
 	extract($phpbb_dispatcher->trigger_event('core.prune_sql', compact($vars)));
 
 	$sql = 'SELECT topic_id
@@ -2593,7 +2629,7 @@ function prune($forum_id, $prune_mode, $prune_date, $prune_flags = 0, $auto_sync
 		WHERE ' . $db->sql_in_set('forum_id', $forum_id) . "
 			AND poll_start = 0
 			$sql_and";
-	$result = $db->sql_query($sql);
+	$result = $db->sql_query_limit($sql, $prune_limit);
 
 	$topic_list = array();
 	while ($row = $db->sql_fetchrow($result))
@@ -2610,7 +2646,7 @@ function prune($forum_id, $prune_mode, $prune_date, $prune_flags = 0, $auto_sync
 				AND poll_start > 0
 				AND poll_last_vote < $prune_date
 				$sql_and";
-		$result = $db->sql_query($sql);
+		$result = $db->sql_query_limit($sql, $prune_limit);
 
 		while ($row = $db->sql_fetchrow($result))
 		{
@@ -2643,12 +2679,15 @@ function auto_prune($forum_id, $prune_mode, $prune_flags, $prune_days, $prune_fr
 		$prune_date = time() - ($prune_days * 86400);
 		$next_prune = time() + ($prune_freq * 86400);
 
-		prune($forum_id, $prune_mode, $prune_date, $prune_flags, true);
+		$result = prune($forum_id, $prune_mode, $prune_date, $prune_flags, true, 300);
 
-		$sql = 'UPDATE ' . FORUMS_TABLE . "
-			SET prune_next = $next_prune
-			WHERE forum_id = $forum_id";
-		$db->sql_query($sql);
+		if ($result['topics'] == 0 && $result['posts'] == 0)
+		{
+			$sql = 'UPDATE ' . FORUMS_TABLE . "
+				SET prune_next = $next_prune
+				WHERE forum_id = $forum_id";
+			$db->sql_query($sql);
+		}
 
 		add_log('admin', 'LOG_AUTO_PRUNE', $row['forum_name']);
 	}
@@ -3101,9 +3140,9 @@ function get_database_size()
 			{
 				$version = $row['mysql_version'];
 
-				if (preg_match('#(3\.23|[45]\.)#', $version))
+				if (preg_match('#(3\.23|[45]\.|10\.[0-9]\.[0-9]{1,2}-+Maria)#', $version))
 				{
-					$db_name = (preg_match('#^(?:3\.23\.(?:[6-9]|[1-9]{2}))|[45]\.#', $version)) ? "`{$db->get_db_name()}`" : $db->get_db_name();
+					$db_name = (preg_match('#^(?:3\.23\.(?:[6-9]|[1-9]{2}))|[45]\.|10\.[0-9]\.[0-9]{1,2}-+Maria#', $version)) ? "`{$db->get_db_name()}`" : $db->get_db_name();
 
 					$sql = 'SHOW TABLE STATUS
 						FROM ' . $db_name;
@@ -3112,7 +3151,7 @@ function get_database_size()
 					$database_size = 0;
 					while ($row = $db->sql_fetchrow($result))
 					{
-						if ((isset($row['Type']) && $row['Type'] != 'MRG_MyISAM') || (isset($row['Engine']) && ($row['Engine'] == 'MyISAM' || $row['Engine'] == 'InnoDB')))
+						if ((isset($row['Type']) && $row['Type'] != 'MRG_MyISAM') || (isset($row['Engine']) && ($row['Engine'] == 'MyISAM' || $row['Engine'] == 'InnoDB' || $row['Engine'] == 'Aria')))
 						{
 							if ($table_prefix != '')
 							{
@@ -3320,18 +3359,47 @@ function tidy_database()
 */
 function add_permission_language()
 {
-	global $user, $phpEx, $phpbb_extension_manager;
+	global $config, $user, $phpEx, $phpbb_extension_manager;
 
 	// add permission language files from extensions
 	$finder = $phpbb_extension_manager->get_finder();
 
-	$lang_files = $finder
+	// We grab the language files from the default, English and user's language.
+	// So we can fall back to the other files like we do when using add_lang()
+	$default_lang_files = $english_lang_files = $user_lang_files = array();
+
+	// Search for board default language if it's not the user language
+	if ($config['default_lang'] != $user->lang_name)
+	{
+		$default_lang_files = $finder
+			->prefix('permissions_')
+			->suffix(".$phpEx")
+			->core_path('language/' . basename($config['default_lang']) . '/')
+			->extension_directory('/language/' . basename($config['default_lang']))
+			->find();
+	}
+
+	// Search for english, if its not the default or user language
+	if ($config['default_lang'] != 'en' && $user->lang_name != 'en')
+	{
+		$english_lang_files = $finder
+			->prefix('permissions_')
+			->suffix(".$phpEx")
+			->core_path('language/en/')
+			->extension_directory('/language/en')
+			->find();
+	}
+
+	// Find files in the user's language
+	$user_lang_files = $finder
 		->prefix('permissions_')
 		->suffix(".$phpEx")
 		->core_path('language/' . $user->lang_name . '/')
 		->extension_directory('/language/' . $user->lang_name)
 		->find();
 
+	$lang_files = array_merge($english_lang_files, $default_lang_files, $user_lang_files);
+
 	foreach ($lang_files as $lang_file => $ext_name)
 	{
 		if ($ext_name === '/')

phpBB/includes/functions_content.php

@@ -47,7 +47,7 @@ if (!defined('IN_PHPBB'))
 */
 function gen_sort_selects(&$limit_days, &$sort_by_text, &$sort_days, &$sort_key, &$sort_dir, &$s_limit_days, &$s_sort_key, &$s_sort_dir, &$u_sort_param, $def_st = false, $def_sk = false, $def_sd = false)
 {
-	global $user;
+	global $user, $phpbb_dispatcher;
 
 	$sort_dir_text = array('a' => $user->lang['ASCENDING'], 'd' => $user->lang['DESCENDING']);
 
@@ -106,6 +106,42 @@ function gen_sort_selects(&$limit_days, &$sort_by_text, &$sort_days, &$sort_key,
 		$u_sort_param .= ($selected !== $sort_ary['default']) ? ((strlen($u_sort_param)) ? '&' : '') . "{$name}={$selected}" : '';
 	}
 
+	/**
+	 * Run code before generated sort selects are returned
+	 *
+	 * @event core.gen_sort_selects_after
+	 * @var	int      limit_days     Days limit
+	 * @var	array    sort_by_text   Sort by text options
+	 * @var	int      sort_days      Sort by days flag
+	 * @var	string   sort_key       Sort key
+	 * @var	string   sort_dir       Sort dir
+	 * @var	string   s_limit_days   String of days limit
+	 * @var	string   s_sort_key     String of sort key
+	 * @var	string   s_sort_dir     String of sort dir
+	 * @var	string   u_sort_param   Sort URL params
+	 * @var	bool     def_st         Default sort days
+	 * @var	bool     def_sk         Default sort key
+	 * @var	bool     def_sd         Default sort dir
+	 * @var	array    sorts          Sorts
+	 * @since 3.1.9-RC1
+	 */
+	$vars = array(
+		'limit_days',
+		'sort_by_text',
+		'sort_days',
+		'sort_key',
+		'sort_dir',
+		's_limit_days',
+		's_sort_key',
+		's_sort_dir',
+		'u_sort_param',
+		'def_st',
+		'def_sk',
+		'def_sd',
+		'sorts',
+	);
+	extract($phpbb_dispatcher->trigger_event('core.gen_sort_selects_after', compact($vars)));
+
 	return;
 }
 
@@ -114,7 +150,7 @@ function gen_sort_selects(&$limit_days, &$sort_by_text, &$sort_days, &$sort_key,
 */
 function make_jumpbox($action, $forum_id = false, $select_all = false, $acl_list = false, $force_display = false)
 {
-	global $config, $auth, $template, $user, $db, $phpbb_path_helper;
+	global $config, $auth, $template, $user, $db, $phpbb_path_helper, $phpbb_dispatcher;
 
 	// We only return if the jumpbox is not forced to be displayed (in case it is needed for functionality)
 	if (!$config['load_jumpbox'] && $force_display === false)
@@ -127,16 +163,33 @@ function make_jumpbox($action, $forum_id = false, $select_all = false, $acl_list
 		ORDER BY left_id ASC';
 	$result = $db->sql_query($sql, 600);
 
+	$rowset = array();
+	while ($row = $db->sql_fetchrow($result))
+	{
+		$rowset[(int) $row['forum_id']] = $row;
+	}
+	$db->sql_freeresult($result);
+
 	$right = $padding = 0;
 	$padding_store = array('0' => 0);
 	$display_jumpbox = false;
 	$iteration = 0;
 
+	/**
+	* Modify the jumpbox forum list data
+	*
+	* @event core.make_jumpbox_modify_forum_list
+	* @var	array	rowset	Array with the forums list data
+	* @since 3.1.10-RC1
+	*/
+	$vars = array('rowset');
+	extract($phpbb_dispatcher->trigger_event('core.make_jumpbox_modify_forum_list', compact($vars)));
+
 	// Sometimes it could happen that forums will be displayed here not be displayed within the index page
 	// This is the result of forums not displayed at index, having list permissions and a parent of a forum with no permissions.
 	// If this happens, the padding could be "broken"
 
-	while ($row = $db->sql_fetchrow($result))
+	foreach ($rowset as $row)
 	{
 		if ($row['left_id'] < $right)
 		{
@@ -169,20 +222,21 @@ function make_jumpbox($action, $forum_id = false, $select_all = false, $acl_list
 			continue;
 		}
 
+		$tpl_ary = array();
 		if (!$display_jumpbox)
 		{
-			$template->assign_block_vars('jumpbox_forums', array(
+			$tpl_ary[] = array(
 				'FORUM_ID'		=> ($select_all) ? 0 : -1,
 				'FORUM_NAME'	=> ($select_all) ? $user->lang['ALL_FORUMS'] : $user->lang['SELECT_FORUM'],
 				'S_FORUM_COUNT'	=> $iteration,
 				'LINK'			=> $phpbb_path_helper->append_url_params($action, array('f' => $forum_id)),
-			));
+			);
 
 			$iteration++;
 			$display_jumpbox = true;
 		}
 
-		$template->assign_block_vars('jumpbox_forums', array(
+		$tpl_ary[] = array(
 			'FORUM_ID'		=> $row['forum_id'],
 			'FORUM_NAME'	=> $row['forum_name'],
 			'SELECTED'		=> ($row['forum_id'] == $forum_id) ? ' selected="selected"' : '',
@@ -191,7 +245,25 @@ function make_jumpbox($action, $forum_id = false, $select_all = false, $acl_list
 			'S_IS_LINK'		=> ($row['forum_type'] == FORUM_LINK) ? true : false,
 			'S_IS_POST'		=> ($row['forum_type'] == FORUM_POST) ? true : false,
 			'LINK'			=> $phpbb_path_helper->append_url_params($action, array('f' => $row['forum_id'])),
-		));
+		);
+
+		/**
+		 * Modify the jumpbox before it is assigned to the template
+		 *
+		 * @event core.make_jumpbox_modify_tpl_ary
+		 * @var	array	row				The data of the forum
+		 * @var	array	tpl_ary			Template data of the forum
+		 * @since 3.1.10-RC1
+		 */
+		$vars = array(
+			'row',
+			'tpl_ary',
+		);
+		extract($phpbb_dispatcher->trigger_event('core.make_jumpbox_modify_tpl_ary', compact($vars)));
+
+		$template->assign_block_vars_array('jumpbox_forums', $tpl_ary);
+
+		unset($tpl_ary);
 
 		for ($i = 0; $i < $padding; $i++)
 		{
@@ -199,8 +271,7 @@ function make_jumpbox($action, $forum_id = false, $select_all = false, $acl_list
 		}
 		$iteration++;
 	}
-	$db->sql_freeresult($result);
-	unset($padding_store);
+	unset($padding_store, $rowset);
 
 	$url_parts = $phpbb_path_helper->get_url_parts($action);
 
@@ -392,7 +463,7 @@ function phpbb_clean_search_string($search_string)
 */
 function decode_message(&$message, $bbcode_uid = '')
 {
-	global $config;
+	global $config, $phpbb_dispatcher;
 
 	if ($bbcode_uid)
 	{
@@ -405,12 +476,38 @@ function decode_message(&$message, $bbcode_uid = '')
 		$replace = array("\n");
 	}
 
+	/**
+	* Use this event to modify the message before it is decoded
+	*
+	* @event core.decode_message_before
+	* @var string	message_text	The message content
+	* @var string	bbcode_uid		The message BBCode UID
+	* @since 3.1.9-RC1
+	*/
+	$message_text = $message;
+	$vars = array('message_text', 'bbcode_uid');
+	extract($phpbb_dispatcher->trigger_event('core.decode_message_before', compact($vars)));
+	$message = $message_text;
+
 	$message = str_replace($match, $replace, $message);
 
 	$match = get_preg_expression('bbcode_htm');
 	$replace = array('\1', '\1', '\2', '\1', '', '');
 
 	$message = preg_replace($match, $replace, $message);
+
+	/**
+	* Use this event to modify the message after it is decoded
+	*
+	* @event core.decode_message_after
+	* @var string	message_text	The message content
+	* @var string	bbcode_uid		The message BBCode UID
+	* @since 3.1.9-RC1
+	*/
+	$message_text = $message;
+	$vars = array('message_text', 'bbcode_uid');
+	extract($phpbb_dispatcher->trigger_event('core.decode_message_after', compact($vars)));
+	$message = $message_text;
 }
 
 /**
@@ -974,17 +1071,8 @@ function parse_attachments($forum_id, &$message, &$attachments, &$update_count,
 		unset($new_attachment_data);
 	}
 
-	// Sort correctly
-	if ($config['display_order'])
-	{
-		// Ascending sort
-		krsort($attachments);
-	}
-	else
-	{
-		// Descending sort
-		ksort($attachments);
-	}
+	// Make sure attachments are properly ordered
+	ksort($attachments);
 
 	foreach ($attachments as $attachment)
 	{
@@ -1223,8 +1311,6 @@ function parse_attachments($forum_id, &$message, &$attachments, &$update_count,
 	$attachments = $compiled_attachments;
 	unset($compiled_attachments);
 
-	$tpl_size = sizeof($attachments);
-
 	$unset_tpl = array();
 
 	preg_match_all('#<!\-\- ia([0-9]+) \-\->(.*?)<!\-\- ia\1 \-\->#', $message, $matches, PREG_PATTERN_ORDER);
@@ -1232,8 +1318,7 @@ function parse_attachments($forum_id, &$message, &$attachments, &$update_count,
 	$replace = array();
 	foreach ($matches[0] as $num => $capture)
 	{
-		// Flip index if we are displaying the reverse way
-		$index = ($config['display_order']) ? ($tpl_size-($matches[1][$num] + 1)) : $matches[1][$num];
+		$index = $matches[1][$num];
 
 		$replace['from'][] = $matches[0][$num];
 		$replace['to'][] = (isset($attachments[$index])) ? $attachments[$index] : sprintf($user->lang['MISSING_INLINE_ATTACHMENT'], $matches[2][array_search($index, $matches[1])]);
@@ -1248,6 +1333,18 @@ function parse_attachments($forum_id, &$message, &$attachments, &$update_count,
 
 	$unset_tpl = array_unique($unset_tpl);
 
+	// Sort correctly
+	if ($config['display_order'])
+	{
+		// Ascending sort
+		krsort($attachments);
+	}
+	else
+	{
+		// Descending sort
+		ksort($attachments);
+	}
+
 	// Needed to let not display the inlined attachments at the end of the post again
 	foreach ($unset_tpl as $index)
 	{

phpBB/includes/functions_convert.php

@@ -479,7 +479,7 @@ function import_avatar_gallery($gallery_name = '', $subdirs_as_galleries = false
 				$dir->close();
 			}
 
-			for ($i = 0; $i < sizeof($dirlist); ++$i)
+			for ($i = 0, $end = sizeof($dirlist); $i < $end; ++$i)
 			{
 				$dir = $dirlist[$i];
 
@@ -1427,7 +1427,7 @@ function get_path($src_path, $src_url, $test_file)
 		$path_array = array();
 
 		$phpbb_parts = explode('/', $script_path);
-		for ($i = 0; $i < sizeof($url_parts); ++$i)
+		for ($i = 0, $end = sizeof($url_parts); $i < $end; ++$i)
 		{
 			if ($i < sizeof($phpbb_parts[$i]) && $url_parts[$i] == $phpbb_parts[$i])
 			{
@@ -1437,7 +1437,7 @@ function get_path($src_path, $src_url, $test_file)
 			else
 			{
 				$path = '';
-				for ($j = $i; $j < sizeof($phpbb_parts); ++$j)
+				for ($j = $i, $end2 = sizeof($phpbb_parts); $j < $end2; ++$j)
 				{
 					$path .= '../';
 				}
@@ -2269,7 +2269,7 @@ function convert_bbcode($message, $convert_size = true, $extended_bbcodes = fals
 			"\n\n"
 		);
 
-		for ($i = 0; $i < sizeof($str_from); ++$i)
+		for ($i = 0, $end = sizeof($str_from); $i < $end; ++$i)
 		{
 			$origx[] = '#\\' . str_replace(']', '\\]', $str_from[$i]) . '#is';
 			$replx[] = $str_to[$i];
@@ -2278,7 +2278,7 @@ function convert_bbcode($message, $convert_size = true, $extended_bbcodes = fals
 
 	if (preg_match_all('#\[email=([^\]]+)\](.*?)\[/email\]#i', $message, $m))
 	{
-		for ($i = 0; $i < sizeof($m[1]); ++$i)
+		for ($i = 0, $end = sizeof($m[1]); $i < $end; ++$i)
 		{
 			if ($m[1][$i] == $m[2][$i])
 			{
@@ -2339,7 +2339,7 @@ function copy_file($src, $trg, $overwrite = false, $die_on_failure = true, $sour
 	$parts = explode('/', $trg);
 	unset($parts[sizeof($parts) - 1]);
 
-	for ($i = 0; $i < sizeof($parts); ++$i)
+	for ($i = 0, $end = sizeof($parts); $i < $end; ++$i)
 	{
 		$path .= $parts[$i] . '/';
 
@@ -2436,7 +2436,7 @@ function copy_dir($src, $trg, $copy_subdirs = true, $overwrite = false, $die_on_
 
 	if ($copy_subdirs)
 	{
-		for ($i = 0; $i < sizeof($dirlist); ++$i)
+		for ($i = 0, $end = sizeof($dirlist); $i < $end; ++$i)
 		{
 			$dir = $dirlist[$i];
 
@@ -2471,7 +2471,7 @@ function copy_dir($src, $trg, $copy_subdirs = true, $overwrite = false, $die_on_
 		$convert->p_master->error(sprintf($str, implode('<br />', $bad_dirs)), __LINE__, __FILE__);
 	}
 
-	for ($i = 0; $i < sizeof($filelist); ++$i)
+	for ($i = 0, $end = sizeof($filelist); $i < $end; ++$i)
 	{
 		copy_file($src . $filelist[$i], $trg . $filelist[$i], $overwrite, $die_on_failure, $source_relative_path);
 	}

phpBB/includes/functions_download.php

@@ -108,6 +108,7 @@ function wrap_img_in_html($src, $title)
 	echo '<html>';
 	echo '<head>';
 	echo '<meta charset="utf-8">';
+	echo '<meta http-equiv="X-UA-Compatible" content="IE=edge">';
 	echo '<title>' . $title . '</title>';
 	echo '</head>';
 	echo '<body>';
@@ -165,7 +166,7 @@ function send_file_to_browser($attachment, $upload_dir, $category)
 	}
 
 	// Make sure the database record for the filesize is correct
-	if ($size > 0 && $size != $attachment['filesize'])
+	if ($size > 0 && $size != $attachment['filesize'] && strpos($attachment['physical_filename'], 'thumb_') === false)
 	{
 		// Update database record
 		$sql = 'UPDATE ' . ATTACHMENTS_TABLE . '
@@ -283,7 +284,7 @@ function header_filename($file)
 
 	// There be dragons here.
 	// Not many follows the RFC...
-	if (strpos($user_agent, 'MSIE') !== false || strpos($user_agent, 'Safari') !== false || strpos($user_agent, 'Konqueror') !== false)
+	if (strpos($user_agent, 'MSIE') !== false || strpos($user_agent, 'Konqueror') !== false)
 	{
 		return "filename=" . rawurlencode($file);
 	}
@@ -412,7 +413,7 @@ function set_modified_headers($stamp, $browser)
 	global $request;
 
 	// let's see if we have to send the file at all
-	$last_load 	=  $request->header('Modified-Since') ? strtotime(trim($request->header('Modified-Since'))) : false;
+	$last_load 	=  $request->header('If-Modified-Since') ? strtotime(trim($request->header('If-Modified-Since'))) : false;
 
 	if (strpos(strtolower($browser), 'msie 6.0') === false && !phpbb_is_greater_ie_version($browser, 7))
 	{

phpBB/includes/functions_messenger.php

@@ -210,10 +210,12 @@ class messenger
 	/**
 	* Set email template to use
 	*/
-	function template($template_file, $template_lang = '', $template_path = '')
+	function template($template_file, $template_lang = '', $template_path = '', $template_dir_prefix = '')
 	{
 		global $config, $phpbb_root_path, $phpEx, $user, $phpbb_extension_manager;
 
+		$template_dir_prefix = (!$template_dir_prefix || $template_dir_prefix[0] === '/') ? $template_dir_prefix : '/' . $template_dir_prefix;
+
 		$this->setup_template();
 
 		if (!trim($template_file))
@@ -229,10 +231,17 @@ class messenger
 			$template_lang = basename($config['default_lang']);
 		}
 
+		$ext_template_paths = array(
+			array(
+				'name' 		=> $template_lang . '_email',
+				'ext_path' 	=> 'language/' . $template_lang . '/email' . $template_dir_prefix,
+			),
+		);
+
 		if ($template_path)
 		{
 			$template_paths = array(
-				$template_path,
+				$template_path . $template_dir_prefix,
 			);
 		}
 		else
@@ -241,26 +250,41 @@ class messenger
 			$template_path .= $template_lang . '/email';
 
 			$template_paths = array(
-				$template_path,
+				$template_path . $template_dir_prefix,
 			);
 
+			$board_language = basename($config['default_lang']);
+
 			// we can only specify default language fallback when the path is not a custom one for which we
 			// do not know the default language alternative
-			if ($template_lang !== basename($config['default_lang']))
+			if ($template_lang !== $board_language)
 			{
 				$fallback_template_path = (!empty($user->lang_path)) ? $user->lang_path : $phpbb_root_path . 'language/';
-				$fallback_template_path .= basename($config['default_lang']) . '/email';
+				$fallback_template_path .= $board_language . '/email';
 
-				$template_paths[] = $fallback_template_path;
+				$template_paths[] = $fallback_template_path . $template_dir_prefix;
+
+				$ext_template_paths[] = array(
+					'name'		=> $board_language . '_email',
+					'ext_path'	=> 'language/' . $board_language . '/email' . $template_dir_prefix,
+				);
+			}
+			// If everything fails just fall back to en template
+			if ($template_lang !== 'en' && $board_language !== 'en')
+			{
+				$fallback_template_path = (!empty($user->lang_path)) ? $user->lang_path : $phpbb_root_path . 'language/';
+				$fallback_template_path .= 'en/email';
+
+				$template_paths[] = $fallback_template_path . $template_dir_prefix;
+
+				$ext_template_paths[] = array(
+					'name'		=> 'en_email',
+					'ext_path'	=> 'language/en/email' . $template_dir_prefix,
+				);
 			}
 		}
 
-		$this->set_template_paths(array(
-			array(
-				'name' 		=> $template_lang . '_email',
-				'ext_path' 	=> 'language/' . $template_lang . '/email'
-			),
-		), $template_paths);
+		$this->set_template_paths($ext_template_paths, $template_paths);
 
 		$this->template->set_filenames(array(
 			'body'		=> $template_file . '.txt',
@@ -859,6 +883,11 @@ class queue
 				fwrite($fp, "<?php\nif (!defined('IN_PHPBB')) exit;\n\$this->queue_data = unserialize(" . var_export(serialize($this->queue_data), true) . ");\n\n?>");
 				fclose($fp);
 
+				if (function_exists('opcache_invalidate'))
+				{
+					@opcache_invalidate($this->cache_file);
+				}
+
 				phpbb_chmod($this->cache_file, CHMOD_READ | CHMOD_WRITE);
 			}
 		}
@@ -901,6 +930,11 @@ class queue
 			fwrite($fp, "<?php\nif (!defined('IN_PHPBB')) exit;\n\$this->queue_data = unserialize(" . var_export(serialize($this->data), true) . ");\n\n?>");
 			fclose($fp);
 
+			if (function_exists('opcache_invalidate'))
+			{
+				@opcache_invalidate($this->cache_file);
+			}
+
 			phpbb_chmod($this->cache_file, CHMOD_READ | CHMOD_WRITE);
 
 			$this->data = array();

phpBB/includes/functions_posting.php

@@ -702,7 +702,7 @@ function create_thumbnail($source, $destination, $mimetype)
 
 	$used_imagick = false;
 
-	// Only use imagemagick if defined and the passthru function not disabled
+	// Only use ImageMagick if defined and the passthru function not disabled
 	if ($config['img_imagick'] && function_exists('passthru'))
 	{
 		if (substr($config['img_imagick'], -1) !== '/')
@@ -1129,6 +1129,32 @@ function topic_review($topic_id, $forum_id, $mode = 'topic_review', $cur_post_id
 		$db->sql_freeresult($result);
 	}
 
+	/**
+	* Event to modify the posts list for topic reviews
+	*
+	* @event core.topic_review_modify_post_list
+	* @var	array	attachments			Array with the post attachments data
+	* @var	int		cur_post_id			Post offset ID
+	* @var	int		forum_id			The topic's forum ID
+	* @var	string	mode				The topic review mode
+	* @var	array	post_list			Array with the post IDs
+	* @var	array	rowset				Array with the posts data
+	* @var	bool	show_quote_button	Flag indicating if the quote button should be displayed
+	* @var	int		topic_id			The topic ID that is being reviewed
+	* @since 3.1.9-RC1
+	*/
+	$vars = array(
+		'attachments',
+		'cur_post_id',
+		'forum_id',
+		'mode',
+		'post_list',
+		'rowset',
+		'show_quote_button',
+		'topic_id',
+	);
+	extract($phpbb_dispatcher->trigger_event('core.topic_review_modify_post_list', compact($vars)));
+
 	for ($i = 0, $end = sizeof($post_list); $i < $end; ++$i)
 	{
 		// A non-existing rowset only happens if there was no user present for the entered poster_id
@@ -1610,6 +1636,10 @@ function submit_post($mode, $subject, $username, $topic_type, &$poll, &$data, $u
 			break;
 		}
 	}
+	else if (isset($data['post_visibility']) && $data['post_visibility'] !== false)
+	{
+		$post_visibility = $data['post_visibility'];
+	}
 
 	// MODs/Extensions are able to force any visibility on posts
 	if (isset($data['force_approved_state']))
@@ -2403,7 +2433,9 @@ function submit_post($mode, $subject, $username, $topic_type, &$poll, &$data, $u
 
 	$params = $add_anchor = '';
 
-	if ($post_visibility == ITEM_APPROVED)
+	if ($post_visibility == ITEM_APPROVED ||
+		($auth->acl_get('m_softdelete', $data['forum_id']) && $post_visibility == ITEM_DELETED) ||
+		($auth->acl_get('m_approve', $data['forum_id']) && in_array($post_visibility, array(ITEM_UNAPPROVED, ITEM_REAPPROVE))))
 	{
 		$params .= '&amp;t=' . $data['topic_id'];
 

phpBB/includes/functions_upload.php

@@ -776,9 +776,18 @@ class fileupload
 
 		$url = parse_url($upload_url);
 
+		$default_port = 80;
+		$hostname = $url['host'];
+
+		if ($url['scheme'] == 'https')
+		{
+			$default_port = 443;
+			$hostname = 'tls://' . $url['host'];
+		}
+
 		$host = $url['host'];
 		$path = $url['path'];
-		$port = (!empty($url['port'])) ? (int) $url['port'] : 80;
+		$port = (!empty($url['port'])) ? (int) $url['port'] : $default_port;
 
 		$upload_ary['type'] = 'application/octet-stream';
 
@@ -818,7 +827,7 @@ class fileupload
 		$errno = 0;
 		$errstr = '';
 
-		if (!($fsock = @fsockopen($host, $port, $errno, $errstr)))
+		if (!($fsock = @fsockopen($hostname, $port, $errno, $errstr)))
 		{
 			$file = new fileerror($user->lang[$this->error_prefix . 'NOT_UPLOADED']);
 			return $file;
@@ -919,7 +928,7 @@ class fileupload
 			return $file;
 		}
 
-		$tmp_path = (!@ini_get('safe_mode') || strtolower(@ini_get('safe_mode')) == 'off') ? false : $phpbb_root_path . 'cache';
+		$tmp_path = (!@ini_get('safe_mode') || strtolower(@ini_get('safe_mode')) == 'off') ? sys_get_temp_dir() : $phpbb_root_path . 'cache';
 		$filename = tempnam($tmp_path, unique_id() . '-');
 
 		if (!($fp = @fopen($filename, 'wb')))

phpBB/includes/functions_user.php

@@ -119,19 +119,29 @@ function user_update_name($old_name, $new_name)
 	global $config, $db, $cache, $phpbb_dispatcher;
 
 	$update_ary = array(
-		FORUMS_TABLE			=> array('forum_last_poster_name'),
-		MODERATOR_CACHE_TABLE	=> array('username'),
-		POSTS_TABLE				=> array('post_username'),
-		TOPICS_TABLE			=> array('topic_first_poster_name', 'topic_last_poster_name'),
+		FORUMS_TABLE			=> array(
+			'forum_last_poster_id'	=> 'forum_last_poster_name',
+		),
+		MODERATOR_CACHE_TABLE	=> array(
+			'user_id'	=> 'username',
+		),
+		POSTS_TABLE				=> array(
+			'poster_id'	=> 'post_username',
+		),
+		TOPICS_TABLE			=> array(
+			'topic_poster'			=> 'topic_first_poster_name',
+			'topic_last_poster_id'	=> 'topic_last_poster_name',
+		),
 	);
 
 	foreach ($update_ary as $table => $field_ary)
 	{
-		foreach ($field_ary as $field)
+		foreach ($field_ary as $id_field => $name_field)
 		{
 			$sql = "UPDATE $table
-				SET $field = '" . $db->sql_escape($new_name) . "'
-				WHERE $field = '" . $db->sql_escape($old_name) . "'";
+				SET $name_field = '" . $db->sql_escape($new_name) . "'
+				WHERE $name_field = '" . $db->sql_escape($old_name) . "'
+					AND $id_field <> " . ANONYMOUS;
 			$db->sql_query($sql);
 		}
 	}
@@ -2831,7 +2841,7 @@ function group_user_add($group_id, $user_id_ary = false, $username_ary = false,
 *
 * @return false if no errors occurred, else the user lang string for the relevant error, for example 'NO_USER'
 */
-function group_user_del($group_id, $user_id_ary = false, $username_ary = false, $group_name = false)
+function group_user_del($group_id, $user_id_ary = false, $username_ary = false, $group_name = false, $log_action = true)
 {
 	global $db, $auth, $config, $phpbb_dispatcher, $phpbb_container;
 
@@ -2966,16 +2976,19 @@ function group_user_del($group_id, $user_id_ary = false, $username_ary = false,
 	$vars = array('group_id', 'group_name', 'user_id_ary', 'username_ary');
 	extract($phpbb_dispatcher->trigger_event('core.group_delete_user_after', compact($vars)));
 
-	if (!$group_name)
+	if ($log_action)
 	{
-		$group_name = get_group_name($group_id);
-	}
+		if (!$group_name)
+		{
+			$group_name = get_group_name($group_id);
+		}
 
-	$log = 'LOG_GROUP_REMOVE';
+		$log = 'LOG_GROUP_REMOVE';
 
-	if ($group_name)
-	{
-		add_log('admin', $log, $group_name, implode(', ', $username_ary));
+		if ($group_name)
+		{
+			add_log('admin', $log, $group_name, implode(', ', $username_ary));
+		}
 	}
 
 	group_update_listings($group_id);
@@ -3073,7 +3086,7 @@ function remove_default_rank($group_id, $user_ids)
 */
 function group_user_attributes($action, $group_id, $user_id_ary = false, $username_ary = false, $group_name = false, $group_attributes = false)
 {
-	global $db, $auth, $phpbb_root_path, $phpEx, $config, $phpbb_container;
+	global $db, $auth, $phpbb_root_path, $phpEx, $config, $phpbb_container, $phpbb_dispatcher;
 
 	// We need both username and user_id info
 	$result = user_get_id_name($user_id_ary, $username_ary);
@@ -3204,6 +3217,28 @@ function group_user_attributes($action, $group_id, $user_id_ary = false, $userna
 		break;
 	}
 
+	/**
+	* Event to perform additional actions on setting user group attributes
+	*
+	* @event core.user_set_group_attributes
+	* @var	int		group_id			ID of the group
+	* @var	string	group_name			Name of the group
+	* @var	array	user_id_ary			IDs of the users to set group attributes
+	* @var	array	username_ary		Names of the users to set group attributes
+	* @var	array	group_attributes	Group attributes which were changed
+	* @var	string	action				Action to perform over the group members
+	* @since 3.1.10-RC1
+	*/
+	$vars = array(
+		'group_id',
+		'group_name',
+		'user_id_ary',
+		'username_ary',
+		'group_attributes',
+		'action',
+	);
+	extract($phpbb_dispatcher->trigger_event('core.user_set_group_attributes', compact($vars)));
+
 	// Clear permissions cache of relevant users
 	$auth->acl_clear_prefetch($user_id_ary);
 
@@ -3619,8 +3654,8 @@ function remove_newly_registered($user_id, $user_data = false)
 	}
 
 	// We need to call group_user_del here, because this function makes sure everything is correctly changed.
-	// A downside for a call within the session handler is that the language is not set up yet - so no log entry
-	group_user_del($group_id, $user_id);
+	// Force function to not log the removal of users from newly registered users group
+	group_user_del($group_id, $user_id, false, false, false);
 
 	// Set user_new to 0 to let this not be triggered again
 	$sql = 'UPDATE ' . USERS_TABLE . '

phpBB/includes/mcp/mcp_forum.php

@@ -273,7 +273,7 @@ function mcp_forum_view($id, $mode, $action, $forum_info)
 			'TOPIC_ICON_IMG_WIDTH'	=> (!empty($icons[$row['icon_id']])) ? $icons[$row['icon_id']]['width'] : '',
 			'TOPIC_ICON_IMG_HEIGHT'	=> (!empty($icons[$row['icon_id']])) ? $icons[$row['icon_id']]['height'] : '',
 			'UNAPPROVED_IMG'		=> ($topic_unapproved || $posts_unapproved) ? $user->img('icon_topic_unapproved', ($topic_unapproved) ? 'TOPIC_UNAPPROVED' : 'POSTS_UNAPPROVED') : '',
-			'DELETED_IMG'			=> ($topic_deleted) ? $user->img('icon_topic_deleted', 'POSTS_DELETED') : '',
+			'DELETED_IMG'			=> ($topic_deleted) ? $user->img('icon_topic_deleted', 'TOPIC_DELETED') : '',
 
 			'TOPIC_AUTHOR'				=> get_username_string('username', $row['topic_poster'], $row['topic_first_poster_name'], $row['topic_first_poster_colour']),
 			'TOPIC_AUTHOR_COLOUR'		=> get_username_string('colour', $row['topic_poster'], $row['topic_first_poster_name'], $row['topic_first_poster_colour']),

phpBB/includes/mcp/mcp_front.php

@@ -54,8 +54,8 @@ function mcp_front_view($id, $mode, $action)
 			* Allow altering the query to get the number of unapproved posts
 			*
 			* @event core.mcp_front_queue_unapproved_total_before
-			* @var	int		sql_ary						Query to get the total number of unapproved posts
-			* @var	array	forum_list					List of forums to look for unapproved posts
+			* @var	array	sql_ary			Query array to get the total number of unapproved posts
+			* @var	array	forum_list		List of forums to look for unapproved posts
 			* @since 3.1.5-RC1
 			*/
 			$vars = array('sql_ary', 'forum_list');
@@ -179,7 +179,7 @@ function mcp_front_view($id, $mode, $action)
 			* Alter sql query to count the number of reported posts
 			*
 			* @event core.mcp_front_reports_count_query_before
-			* @var	int		sql				The query string used to get the number of reports that exist
+			* @var	string	sql				The query string used to get the number of reports that exist
 			* @var	array	forum_list		List of forums that contain the posts
 			* @since 3.1.5-RC1
 			*/
@@ -226,8 +226,8 @@ function mcp_front_view($id, $mode, $action)
 				* Alter sql query to get latest reported posts
 				*
 				* @event core.mcp_front_reports_listing_query_before
-				* @var	int		sql_ary						Associative array with the query to be executed
-				* @var	array	forum_list					List of forums that contain the posts
+				* @var	array	sql_ary			Associative array with the query to be executed
+				* @var	array	forum_list		List of forums that contain the posts
 				* @since 3.1.0-RC3
 				*/
 				$vars = array('sql_ary', 'forum_list');

phpBB/includes/mcp/mcp_main.php

@@ -877,11 +877,12 @@ function mcp_delete_topic($topic_ids, $is_soft = false, $soft_delete_reason = ''
 		}
 
 		$template->assign_vars(array(
-			'S_SHADOW_TOPICS'		=> $only_shadow,
-			'S_SOFTDELETED'			=> $only_softdeleted,
-			'S_TOPIC_MODE'			=> true,
-			'S_ALLOWED_DELETE'		=> $auth->acl_get('m_delete', $forum_id),
-			'S_ALLOWED_SOFTDELETE'	=> $auth->acl_get('m_softdelete', $forum_id),
+			'S_SHADOW_TOPICS'					=> $only_shadow,
+			'S_SOFTDELETED'						=> $only_softdeleted,
+			'S_TOPIC_MODE'						=> true,
+			'S_ALLOWED_DELETE'					=> $auth->acl_get('m_delete', $forum_id),
+			'S_ALLOWED_SOFTDELETE'				=> $auth->acl_get('m_softdelete', $forum_id),
+			'DELETE_TOPIC_PERMANENTLY_EXPLAIN'	=> $user->lang('DELETE_TOPIC_PERMANENTLY', sizeof($topic_ids)),
 		));
 
 		$l_confirm = (sizeof($topic_ids) == 1) ? 'DELETE_TOPIC' : 'DELETE_TOPICS';
@@ -1116,9 +1117,10 @@ function mcp_delete_post($post_ids, $is_soft = false, $soft_delete_reason = '',
 		}
 
 		$template->assign_vars(array(
-			'S_SOFTDELETED'			=> $only_softdeleted,
-			'S_ALLOWED_DELETE'		=> $auth->acl_get('m_delete', $forum_id),
-			'S_ALLOWED_SOFTDELETE'	=> $auth->acl_get('m_softdelete', $forum_id),
+			'S_SOFTDELETED'						=> $only_softdeleted,
+			'S_ALLOWED_DELETE'					=> $auth->acl_get('m_delete', $forum_id),
+			'S_ALLOWED_SOFTDELETE'				=> $auth->acl_get('m_softdelete', $forum_id),
+			'DELETE_POST_PERMANENTLY_EXPLAIN'	=> $user->lang('DELETE_POST_PERMANENTLY', sizeof($post_ids)),
 		));
 
 		$l_confirm = (sizeof($post_ids) == 1) ? 'DELETE_POST' : 'DELETE_POSTS';

phpBB/includes/mcp/mcp_reports.php

@@ -95,7 +95,7 @@ class mcp_reports
 				*
 				* @event core.mcp_reports_report_details_query_before
 				* @var	array	sql_ary			The array in the format of the query builder with the query
-				* @var	mixed	forum_id		The forum_id, the number in the f GET parameter
+				* @var	int		forum_id		The forum_id, the number in the f GET parameter
 				* @var	int		post_id			The post_id of the report being viewed (if 0, it is meaningless)
 				* @var	int		report_id		The report_id of the report being viewed
 				* @since 3.1.5-RC1
@@ -118,10 +118,10 @@ class mcp_reports
 				*
 				* @event core.mcp_reports_report_details_query_after
 				* @var	array	sql_ary		The array in the format of the query builder with the query that had been executted
-				* @var	mixed	forum_id	The forum_id, the number in the f GET parameter
+				* @var	int		forum_id	The forum_id, the number in the f GET parameter
 				* @var	int		post_id		The post_id of the report being viewed (if 0, it is meaningless)
 				* @var	int		report_id	The report_id of the report being viewed
-				* @var	int		report		The query's resulting row.
+				* @var	array	report		The query's resulting row.
 				* @since 3.1.5-RC1
 				*/
 				$vars = array(

phpBB/includes/mcp/mcp_warn.php

@@ -530,12 +530,28 @@ function add_warning($user_row, $warning, $send_pm = true, $post_id = 0)
 		include_once($phpbb_root_path . 'includes/functions_privmsgs.' . $phpEx);
 		include_once($phpbb_root_path . 'includes/message_parser.' . $phpEx);
 
-		$user_row['user_lang'] = (file_exists($phpbb_root_path . 'language/' . $user_row['user_lang'] . "/mcp.$phpEx")) ? $user_row['user_lang'] : $config['default_lang'];
-		include($phpbb_root_path . 'language/' . basename($user_row['user_lang']) . "/mcp.$phpEx");
+		// Attempt to translate warning to language of user being warned if user's language differs from issuer's language
+		if ($user_row['user_lang'] != $user->lang_name)
+		{
+			$lang = array();
+
+			$user_row['user_lang'] = (file_exists($phpbb_root_path . 'language/' . basename($user_row['user_lang']) . "/mcp." . $phpEx)) ? $user_row['user_lang'] : $config['default_lang'];
+			include($phpbb_root_path . 'language/' . basename($user_row['user_lang']) . "/mcp." . $phpEx);
+
+			$warn_pm_subject = $lang['WARNING_PM_SUBJECT'];
+			$warn_pm_body = sprintf($lang['WARNING_PM_BODY'], $warning);
+
+			unset($lang);
+		}
+		else
+		{
+			$warn_pm_subject = $user->lang('WARNING_PM_SUBJECT');
+			$warn_pm_body = $user->lang('WARNING_PM_BODY', $warning);
+		}
 
 		$message_parser = new parse_message();
 
-		$message_parser->message = $user->lang('WARNING_PM_BODY', $warning);
+		$message_parser->message = $warn_pm_body;
 		$message_parser->parse(true, true, true, false, false, true, true);
 
 		$pm_data = array(
@@ -553,7 +569,7 @@ function add_warning($user_row, $warning, $send_pm = true, $post_id = 0)
 			'address_list'			=> array('u' => array($user_row['user_id'] => 'to')),
 		);
 
-		submit_pm('post', $user->lang('WARNING_PM_SUBJECT'), $pm_data, false);
+		submit_pm('post', $warn_pm_subject, $pm_data, false);
 	}
 
 	add_log('admin', 'LOG_USER_WARNING', $user_row['username']);

phpBB/includes/ucp/ucp_groups.php

@@ -462,9 +462,11 @@ class ucp_groups
 						$avatar_data = null;
 						$avatar_error = array();
 
+						/** @var \phpbb\avatar\manager $phpbb_avatar_manager */
+						$phpbb_avatar_manager = $phpbb_container->get('avatar.manager');
+
 						if ($config['allow_avatar'])
 						{
-							$phpbb_avatar_manager = $phpbb_container->get('avatar.manager');
 							$avatar_drivers = $phpbb_avatar_manager->get_enabled_drivers();
 
 							// This is normalised data, without the group_ prefix
@@ -649,6 +651,14 @@ class ucp_groups
 							$avatars_enabled = false;
 							$selected_driver = $phpbb_avatar_manager->clean_driver_name($request->variable('avatar_driver', $avatar_data['avatar_type']));
 
+							// Assign min and max values before generating avatar driver html
+							$template->assign_vars(array(
+									'AVATAR_MIN_WIDTH'		=> $config['avatar_min_width'],
+									'AVATAR_MAX_WIDTH'		=> $config['avatar_max_width'],
+									'AVATAR_MIN_HEIGHT'		=> $config['avatar_min_height'],
+									'AVATAR_MAX_HEIGHT'		=> $config['avatar_max_height'],
+							));
+
 							foreach ($avatar_drivers as $current_driver)
 							{
 								$driver = $phpbb_avatar_manager->get_driver($current_driver);

phpBB/includes/ucp/ucp_main.php

@@ -35,7 +35,7 @@ class ucp_main
 
 	function main($id, $mode)
 	{
-		global $config, $db, $user, $auth, $template, $phpbb_root_path, $phpEx;
+		global $config, $db, $user, $auth, $template, $phpbb_root_path, $phpEx, $phpbb_dispatcher;
 		global $request;
 
 		switch ($mode)
@@ -215,6 +215,14 @@ class ucp_main
 
 				$unwatch = (isset($_POST['unwatch'])) ? true : false;
 
+				/**
+				 * Read and potentially modify the post data used to remove subscriptions to forums/topics
+				 *
+				 * @event core.ucp_main_subscribed_post_data
+				 * @since 3.1.10-RC1
+				 */
+				$phpbb_dispatcher->dispatch('core.ucp_main_subscribed_post_data');
+
 				if ($unwatch)
 				{
 					if (check_form_key('ucp_front_subscribed'))
@@ -300,6 +308,20 @@ class ucp_main
 						$tracking_topics = ($tracking_topics) ? tracking_unserialize($tracking_topics) : array();
 					}
 
+					/**
+					 * Modify the query used to retrieve a list of subscribed forums
+					 *
+					 * @event core.ucp_main_subscribed_forums_modify_query
+					 * @var array	sql_array	       The subscribed forums query
+					 * @var array   forbidden_forums   The list of forbidden forums
+					 * @since 3.1.10-RC1
+					 */
+					$vars = array(
+						'sql_array',
+						'forbidden_forums',
+					);
+					extract($phpbb_dispatcher->trigger_event('core.ucp_main_subscribed_forums_modify_query', compact($vars)));
+
 					$sql = $db->sql_build_query('SELECT', $sql_array);
 					$result = $db->sql_query($sql);
 
@@ -341,7 +363,7 @@ class ucp_main
 							$last_post_time = $last_post_url = '';
 						}
 
-						$template->assign_block_vars('forumrow', array(
+						$template_vars = array(
 							'FORUM_ID'				=> $forum_id,
 							'FORUM_IMG_STYLE'		=> $folder_image,
 							'FORUM_FOLDER_IMG'		=> $user->img($folder_image, $folder_alt),
@@ -360,8 +382,36 @@ class ucp_main
 							'S_UNREAD_FORUM'		=> $unread_forum,
 
 							'U_LAST_POST'			=> $last_post_url,
-							'U_VIEWFORUM'			=> append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $row['forum_id']))
+							'U_VIEWFORUM'			=> append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $row['forum_id'])
 						);
+
+						/**
+						 * Add template variables to a subscribed forum row.
+						 *
+						 * @event core.ucp_main_subscribed_forum_modify_template_vars
+						 * @var array	template_vars	Array containing the template variables for the row
+						 * @var array   row    	        Array containing the subscribed forum row data
+						 * @var int     forum_id        Forum ID
+						 * @var string  folder_image	Folder image
+						 * @var string  folder_alt      Alt text for the folder image
+						 * @var bool    unread_forum    Whether the forum has unread content or not
+						 * @var string  last_post_time  The time of the most recent post, expressed as a formatted date string
+						 * @var string  last_post_url   The URL of the most recent post in the forum
+						 * @since 3.1.10-RC1
+						 */
+						$vars = array(
+							'template_vars',
+							'row',
+							'forum_id',
+							'folder_image',
+							'folder_alt',
+							'unread_forum',
+							'last_post_time',
+							'last_post_url',
+						);
+						extract($phpbb_dispatcher->trigger_event('core.ucp_main_subscribed_forum_modify_template_vars', compact($vars)));
+
+						$template->assign_block_vars('forumrow', $template_vars);
 					}
 					$db->sql_freeresult($result);
 				}
@@ -643,7 +693,7 @@ class ucp_main
 	*/
 	function assign_topiclist($mode = 'subscribed', $forbidden_forum_ary = array())
 	{
-		global $user, $db, $template, $config, $cache, $auth, $phpbb_root_path, $phpEx, $phpbb_container;
+		global $user, $db, $template, $config, $cache, $auth, $phpbb_root_path, $phpEx, $phpbb_container, $request, $phpbb_dispatcher;
 
 		$table = ($mode == 'subscribed') ? TOPICS_WATCH_TABLE : BOOKMARKS_TABLE;
 		$start = request_var('start', 0);
@@ -664,6 +714,23 @@ class ucp_main
 				AND i.user_id = ' . $user->data['user_id'] . '
 				AND ' . $db->sql_in_set('t.forum_id', $forbidden_forum_ary, true, true),
 		);
+
+		/**
+		 * Modify the query used to retrieve the count of subscribed/bookmarked topics
+		 *
+		 * @event core.ucp_main_topiclist_count_modify_query
+		 * @var array	sql_array	          The subscribed/bookmarked topics query
+		 * @var array   forbidden_forum_ary   The list of forbidden forums
+		 * @var string  mode                  The type of topic list ('subscribed' or 'bookmarks')
+		 * @since 3.1.10-RC1
+		 */
+		$vars = array(
+			'sql_array',
+			'forbidden_forum_ary',
+			'mode',
+		);
+		extract($phpbb_dispatcher->trigger_event('core.ucp_main_topiclist_count_modify_query', compact($vars)));
+
 		$sql = $db->sql_build_query('SELECT', $sql_array);
 		$result = $db->sql_query($sql);
 		$topics_count = (int) $db->sql_fetchfield('topics_count');
@@ -732,6 +799,22 @@ class ucp_main
 			$sql_array['SELECT'] .= ', tp.topic_posted';
 		}
 
+		/**
+		 * Modify the query used to retrieve the list of subscribed/bookmarked topics
+		 *
+		 * @event core.ucp_main_topiclist_modify_query
+		 * @var array	sql_array	          The subscribed/bookmarked topics query
+		 * @var array   forbidden_forum_ary   The list of forbidden forums
+		 * @var string  mode                  The type of topic list ('subscribed' or 'bookmarks')
+		 * @since 3.1.10-RC1
+		 */
+		$vars = array(
+			'sql_array',
+			'forbidden_forum_ary',
+			'mode',
+		);
+		extract($phpbb_dispatcher->trigger_event('core.ucp_main_topiclist_modify_query', compact($vars)));
+
 		$sql = $db->sql_build_query('SELECT', $sql_array);
 		$result = $db->sql_query_limit($sql, $config['topics_per_page'], $start);
 
@@ -796,7 +879,7 @@ class ucp_main
 			$view_topic_url = append_sid("{$phpbb_root_path}viewtopic.$phpEx", $view_topic_url_params);
 
 			// Send vars to template
-			$template->assign_block_vars('topicrow', array(
+			$template_vars = array(
 				'FORUM_ID'					=> $forum_id,
 				'TOPIC_ID'					=> $topic_id,
 				'FIRST_POST_TIME'			=> $user->format_date($row['topic_time']),
@@ -838,7 +921,41 @@ class ucp_main
 				'U_LAST_POST'			=> append_sid("{$phpbb_root_path}viewtopic.$phpEx", $view_topic_url_params . '&p=' . $row['topic_last_post_id']) . '#p' . $row['topic_last_post_id'],
 				'U_VIEW_TOPIC'			=> $view_topic_url,
 				'U_VIEW_FORUM'			=> append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $forum_id),
-			));
+			);
+
+			/**
+			 * Add template variables to a subscribed/bookmarked topic row.
+			 *
+			 * @event core.ucp_main_topiclist_topic_modify_template_vars
+			 * @var array	template_vars	Array containing the template variables for the row
+			 * @var array   row    	        Array containing the subscribed/bookmarked topic row data
+			 * @var int     forum_id        ID of the forum containing the topic
+			 * @var int     topic_id        Topic ID
+			 * @var int     replies         Number of replies in the topic
+			 * @var string  topic_type      Topic type
+			 * @var string  folder_img      Folder image
+			 * @var string  folder_alt      Alt text for the folder image
+			 * @var array   icons           Array containing topic icons
+			 * @var bool    unread_topic    Whether the topic has unread content or not
+			 * @var string  view_topic_url  The URL of the topic
+			 * @since 3.1.10-RC1
+			 */
+			$vars = array(
+				'template_vars',
+				'row',
+				'forum_id',
+				'topic_id',
+				'replies',
+				'topic_type',
+				'folder_img',
+				'folder_alt',
+				'icons',
+				'unread_topic',
+				'view_topic_url',
+			);
+			extract($phpbb_dispatcher->trigger_event('core.ucp_main_topiclist_topic_modify_template_vars', compact($vars)));
+
+			$template->assign_block_vars('topicrow', $template_vars);
 
 			$pagination->generate_template_pagination(append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'f=' . $row['forum_id'] . "&t=$topic_id"), 'topicrow.pagination', 'start', $replies + 1, $config['posts_per_page'], 1, true, true);
 		}

phpBB/includes/ucp/ucp_pm_compose.php

@@ -154,7 +154,7 @@ function compose_pm($id, $mode, $action, $user_folders = array())
 			'S_SHOW_PM_BOX'		=> true,
 			'S_ALLOW_MASS_PM'	=> ($config['allow_mass_pm'] && $auth->acl_get('u_masspm')) ? true : false,
 			'S_GROUP_OPTIONS'	=> ($config['allow_mass_pm'] && $auth->acl_get('u_masspm_group')) ? $group_options : '',
-			'U_FIND_USERNAME'	=> append_sid("{$phpbb_root_path}memberlist.$phpEx", "mode=searchuser&form=postform&field=username_list&select_single=$select_single"),
+			'U_FIND_USERNAME'	=> append_sid("{$phpbb_root_path}memberlist.$phpEx", "mode=searchuser&form=postform&field=username_list&select_single=" . (int) $select_single),
 		));
 	}
 
@@ -751,6 +751,34 @@ function compose_pm($id, $mode, $action, $user_folders = array())
 		$enable_urls 		= (isset($_POST['disable_magic_url'])) ? 0 : 1;
 		$enable_sig			= (!$config['allow_sig'] ||!$config['allow_sig_pm']) ? false : ((isset($_POST['attach_sig'])) ? true : false);
 
+		/**
+		* Modify private message
+		*
+		* @event core.ucp_pm_compose_modify_parse_before
+		* @var	bool	enable_bbcode		Whether or not bbcode is enabled
+		* @var	bool	enable_smilies		Whether or not smilies are enabled
+		* @var	bool	enable_urls			Whether or not urls are enabled
+		* @var	bool	enable_sig			Whether or not signature is enabled
+		* @var	string	subject				PM subject text
+		* @var	object	message_parser		The message parser object
+		* @var	bool	submit				Whether or not the form has been sumitted
+		* @var	bool	preview				Whether or not the signature is being previewed
+		* @var	array	error				Any error strings
+		* @since 3.1.10-RC1
+		*/
+		$vars = array(
+			'enable_bbcode',
+			'enable_smilies',
+			'enable_urls',
+			'enable_sig',
+			'subject',
+			'message_parser',
+			'submit',
+			'preview',
+			'error',
+		);
+		extract($phpbb_dispatcher->trigger_event('core.ucp_pm_compose_modify_parse_before', compact($vars)));
+
 		if ($submit)
 		{
 			$status_switch	= (($enable_bbcode+1) << 8) + (($enable_smilies+1) << 4) + (($enable_urls+1) << 2) + (($enable_sig+1) << 1);

phpBB/includes/ucp/ucp_prefs.php

@@ -86,7 +86,7 @@ class ucp_prefs
 					}
 
 					$error = array_merge(validate_data($data, array(
-						'dateformat'	=> array('string', false, 1, 30),
+						'dateformat'	=> array('string', false, 1, 64),
 						'lang'			=> array('language_iso_name'),
 						'tz'			=> array('timezone'),
 					)), $error);
@@ -368,6 +368,49 @@ class ucp_prefs
 					${'s_sort_' . $sort_option . '_dir'} .= '</select>';
 				}
 
+				/**
+				* Run code before view form is displayed
+				*
+				* @event core.ucp_prefs_view_after
+				* @var	bool	submit				Do we display the form only
+				*									or did the user press submit
+				* @var	array	data				Array with current ucp options data
+				* @var	array	sort_dir_text		Array with sort dir language strings
+				* @var	array	limit_topic_days	Topic ordering options
+				* @var	array	sort_by_topic_text	Topic ordering language strings
+				* @var	array	sort_by_topic_sql	Topic ordering sql
+				* @var	array	limit_post_days		Post ordering options
+				* @var	array	sort_by_post_text	Post ordering language strings
+				* @var	array	sort_by_post_sql	Post ordering sql
+				* @var	array	_options			Sort options
+				* @var	string	s_limit_topic_days	Sort limit topic by days select box
+				* @var	string	s_sort_topic_key	Sort topic key select box
+				* @var	string	s_sort_topic_dir	Sort topic dir select box
+				* @var	string	s_limit_post_days	Sort limit post by days select box
+				* @var	string	s_sort_post_key		Sort post key select box
+				* @var	string	s_sort_post_dir		Sort post dir select box
+				* @since 3.1.8-RC1
+				*/
+				$vars = array(
+					'submit',
+					'data',
+					'sort_dir_text',
+					'limit_topic_days',
+					'sort_by_topic_text',
+					'sort_by_topic_sql',
+					'limit_post_days',
+					'sort_by_post_text',
+					'sort_by_post_sql',
+					'_options',
+					's_limit_topic_days',
+					's_sort_topic_key',
+					's_sort_topic_dir',
+					's_limit_post_days',
+					's_sort_post_key',
+					's_sort_post_dir',
+				);
+				extract($phpbb_dispatcher->trigger_event('core.ucp_prefs_view_after', compact($vars)));
+
 				$template->assign_vars(array(
 					'ERROR'				=> (sizeof($error)) ? implode('<br />', $error) : '',
 

phpBB/includes/ucp/ucp_profile.php

@@ -479,6 +479,32 @@ class ucp_profile
 					{
 						$message_parser = new parse_message($signature);
 
+						/**
+						* Modify user signature on editing profile in UCP
+						*
+						* @event core.ucp_profile_modify_signature
+						* @var	bool	enable_bbcode		Whether or not bbcode is enabled
+						* @var	bool	enable_smilies		Whether or not smilies are enabled
+						* @var	bool	enable_urls			Whether or not urls are enabled
+						* @var	string	signature			Users signature text
+						* @var	object	message_parser		The message parser object
+						* @var	array	error				Any error strings
+						* @var	bool	submit				Whether or not the form has been sumitted
+						* @var	bool	preview				Whether or not the signature is being previewed
+						* @since 3.1.10-RC1
+						*/
+						$vars = array(
+							'enable_bbcode',
+							'enable_smilies',
+							'enable_urls',
+							'signature',
+							'message_parser',
+							'error',
+							'submit',
+							'preview',
+						);
+						extract($phpbb_dispatcher->trigger_event('core.ucp_profile_modify_signature', compact($vars)));
+
 						// Allowing Quote BBCode
 						$message_parser->parse($enable_bbcode, $enable_urls, $enable_smilies, $config['allow_sig_img'], $config['allow_sig_flash'], true, $config['allow_sig_links'], true, 'sig');
 
@@ -505,6 +531,16 @@ class ucp_profile
 								'user_sig_bbcode_bitfield'	=> $message_parser->bbcode_bitfield
 							);
 
+							/**
+							* Modify user registration data before submitting it to the database
+							*
+							* @event core.ucp_profile_modify_signature_sql_ary
+							* @var	array	sql_ary		Array with user signature data to submit to the database
+							* @since 3.1.10-RC1
+							*/
+							$vars = array('sql_ary');
+							extract($phpbb_dispatcher->trigger_event('core.ucp_profile_modify_signature_sql_ary', compact($vars)));
+
 							$sql = 'UPDATE ' . USERS_TABLE . '
 								SET ' . $db->sql_build_array('UPDATE', $sql_ary) . '
 								WHERE user_id = ' . $user->data['user_id'];
@@ -638,6 +674,13 @@ class ucp_profile
 
 					$selected_driver = $phpbb_avatar_manager->clean_driver_name($request->variable('avatar_driver', $user->data['user_avatar_type']));
 
+					$template->assign_vars(array(
+						'AVATAR_MIN_WIDTH'	=> $config['avatar_min_width'],
+						'AVATAR_MAX_WIDTH'	=> $config['avatar_max_width'],
+						'AVATAR_MIN_HEIGHT'	=> $config['avatar_min_height'],
+						'AVATAR_MAX_HEIGHT'	=> $config['avatar_max_height'],
+					));
+
 					foreach ($avatar_drivers as $current_driver)
 					{
 						$driver = $phpbb_avatar_manager->get_driver($current_driver);

phpBB/index.php

@@ -184,8 +184,8 @@ if ($config['load_birthdays'] && $config['allow_birthdays'] && $auth->acl_gets('
 	* Event to modify the birthdays list
 	*
 	* @event core.index_modify_birthdays_list
-	* @var	array	birthdays		Array with the users birhtdays data
-	* @var	array	rows			Array with the birhtdays SQL query result
+	* @var	array	birthdays		Array with the users birthdays data
+	* @var	array	rows			Array with the birthdays SQL query result
 	* @since 3.1.7-RC1
 	*/
 	$vars = array('birthdays', 'rows');

phpBB/install/convertors/convert_phpbb20.php

@@ -38,7 +38,7 @@ $dbms = $phpbb_config_php_file->convert_30_dbms_to_31($dbms);
 $convertor_data = array(
 	'forum_name'	=> 'phpBB 2.0.x',
 	'version'		=> '1.0.3',
-	'phpbb_version'	=> '3.1.7',
+	'phpbb_version'	=> '3.1.10',
 	'author'		=> '<a href="https://www.phpbb.com/">phpBB Limited</a>',
 	'dbms'			=> $dbms,
 	'dbhost'		=> $dbhost,

phpBB/install/database_update.php

@@ -31,7 +31,6 @@ function phpbb_end_update($cache, $config)
 								</p>
 							</div>
 						</div>
-					<span class="corners-bottom"><span></span></span>
 				</div>
 			</div>
 		</div>
@@ -138,6 +137,7 @@ header('Content-type: text/html; charset=UTF-8');
 <html dir="<?php echo $user->lang['DIRECTION']; ?>" lang="<?php echo $user->lang['USER_LANG']; ?>">
 <head>
 <meta charset="utf-8">
+<meta http-equiv="X-UA-Compatible" content="IE=edge">
 
 <title><?php echo $user->lang['UPDATING_TO_LATEST_STABLE']; ?></title>
 
@@ -152,7 +152,6 @@ header('Content-type: text/html; charset=UTF-8');
 		<div id="page-body">
 			<div id="acp">
 				<div class="panel">
-					<span class="corners-top"><span></span></span>
 						<div id="content">
 							<div id="main" class="install-body">
 
@@ -212,13 +211,6 @@ while (!$migrator->finished())
 		phpbb_end_update($cache, $config);
 	}
 
-	$state = array_merge(array(
-			'migration_schema_done' => false,
-			'migration_data_done'	=> false,
-		),
-		$migrator->last_run_migration['state']
-	);
-
 	// Are we approaching the time limit? If so we want to pause the update and continue after refreshing
 	if ((time() - $update_start_time) >= $safe_time_limit)
 	{

phpBB/install/index.php

@@ -633,6 +633,7 @@ class module
 		echo '<html dir="ltr">';
 		echo '<head>';
 		echo '<meta charset="utf-8">';
+		echo '<meta http-equiv="X-UA-Compatible" content="IE=edge">';
 		echo '<title>' . $lang['INST_ERR_FATAL'] . '</title>';
 		echo '<link href="' . htmlspecialchars($phpbb_admin_path) . 'style/admin.css" rel="stylesheet" type="text/css" media="screen" />';
 		echo '</head>';

phpBB/install/install_convert.php

@@ -932,7 +932,7 @@ class install_convert extends module
 								$val = array($val);
 							}
 
-							for ($j = 0; $j < sizeof($val); ++$j)
+							for ($j = 0, $size = sizeof($val); $j < $size; ++$j)
 							{
 								if (preg_match('/LEFT JOIN ([a-z0-9_]+) AS ([a-z0-9_]+)/i', $val[$j], $m))
 								{

phpBB/install/install_install.php

@@ -151,10 +151,10 @@ class install_install extends module
 			'LEGEND_EXPLAIN'	=> $lang['PHP_SETTINGS_EXPLAIN'],
 		));
 
-		// Test the minimum PHP version
+		// Test the minimum and maximum version of PHP
 		$php_version = PHP_VERSION;
 
-		if (version_compare($php_version, '5.3.3') < 0)
+		if ((version_compare($php_version, '5.3.3') < 0) || (version_compare($php_version, '7.0.0-dev', '>=')))
 		{
 			$result = '<strong style="color:red">' . $lang['NO'] . '</strong>';
 		}
@@ -404,7 +404,7 @@ class install_install extends module
 			));
 		}
 
-		// Can we find Imagemagick anywhere on the system?
+		// Can we find ImageMagick anywhere on the system?
 		$exe = (DIRECTORY_SEPARATOR == '\\') ? '.exe' : '';
 
 		$magic_home = getenv('MAGICK_HOME');

phpBB/install/install_update.php

@@ -283,6 +283,7 @@ class install_update extends module
 
 				// Make sure the update list is destroyed.
 				$cache->destroy('_update_list');
+				$cache->destroy('_update_list_time');
 				$cache->destroy('_diff_files');
 				$cache->destroy('_expected_files');
 			break;
@@ -355,7 +356,7 @@ class install_update extends module
 
 				// We are directly within an update. To make sure our update list is correct we check its status.
 				$update_list = ($request->variable('check_again', false, false, \phpbb\request\request_interface::POST)) ? false : $cache->get('_update_list');
-				$modified = ($update_list !== false) ? @filemtime($cache->get_driver()->cache_dir . 'data_update_list.' . $phpEx) : 0;
+				$modified = ($update_list !== false) ? $cache->get('_update_list_time') : 0;
 
 				// Make sure the list is up-to-date
 				if ($update_list !== false)
@@ -384,6 +385,7 @@ class install_update extends module
 				{
 					$this->get_update_structure($update_list, $expected_files);
 					$cache->put('_update_list', $update_list);
+					$cache->put('_update_list_time', time());
 
 					// Refresh the page if we are still not finished...
 					if ($update_list['status'] != -1)

phpBB/install/schemas/schema_data.sql

@@ -273,7 +273,7 @@ INSERT INTO phpbb_config (config_name, config_value) VALUES ('tpl_allow_php', '0
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('upload_icons_path', 'images/upload_icons');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('upload_path', 'files');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('use_system_cron', '0');
-INSERT INTO phpbb_config (config_name, config_value) VALUES ('version', '3.1.7-pl1');
+INSERT INTO phpbb_config (config_name, config_value) VALUES ('version', '3.1.10');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('warnings_expire_days', '90');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('warnings_gc', '14400');
 

phpBB/language/en/acp/attachments.php

@@ -117,7 +117,7 @@ $lang = array_merge($lang, array(
 
 	'IMAGE_LINK_SIZE'			=> 'Image link dimensions',
 	'IMAGE_LINK_SIZE_EXPLAIN'	=> 'Display image attachment as an inline text link if image is larger than this. To disable this behaviour, set the values to 0px by 0px.',
-	'IMAGICK_PATH'				=> 'Imagemagick path',
+	'IMAGICK_PATH'				=> 'ImageMagick path',
 	'IMAGICK_PATH_EXPLAIN'		=> 'Full path to the imagemagick convert application, e.g. <samp>/usr/bin/</samp>.',
 
 	'MAX_ATTACHMENTS'				=> 'Maximum number of attachments per post',
@@ -153,7 +153,7 @@ $lang = array_merge($lang, array(
 	'REMOVE_DISALLOWED_IPS'			=> 'Remove or un-exclude <em>disallowed</em> IPs/hostnames',
 	'RESYNC_FILES_STATS_CONFIRM'	=> 'Are you sure you wish to resynchronise file statistics?',
 
-	'SEARCH_IMAGICK'				=> 'Search for Imagemagick',
+	'SEARCH_IMAGICK'				=> 'Search for ImageMagick',
 	'SECURE_ALLOW_DENY'				=> 'Allow/Deny list',
 	'SECURE_ALLOW_DENY_EXPLAIN'		=> 'Change the default behaviour when secure downloads are enabled of the Allow/Deny list to that of a <strong>whitelist</strong> (Allow) or a <strong>blacklist</strong> (Deny).',
 	'SECURE_DOWNLOADS'				=> 'Enable secure downloads',

phpBB/language/en/acp/board.php

@@ -570,6 +570,7 @@ $lang = array_merge($lang, array(
 	'SMTP_PORT'						=> 'SMTP server port',
 	'SMTP_PORT_EXPLAIN'				=> 'Only change this if you know your SMTP server is on a different port.',
 	'SMTP_SERVER'					=> 'SMTP server address',
+	'SMTP_SERVER_EXPLAIN'			=> 'Note that you have to provide the protocol that your server uses. If you are using SSL, this has to be "ssl://your.mailserver.com"',
 	'SMTP_SETTINGS'					=> 'SMTP settings',
 	'SMTP_USERNAME'					=> 'SMTP username',
 	'SMTP_USERNAME_EXPLAIN'			=> 'Only enter a username if your SMTP server requires it.',

phpBB/language/en/acp/common.php

@@ -594,6 +594,7 @@ $lang = array_merge($lang, array(
 
 	'LOG_ERROR_JABBER'		=> '<strong>Jabber error</strong><br />» %s',
 	'LOG_ERROR_EMAIL'		=> '<strong>Email error</strong><br />» %s',
+	'LOG_ERROR_CAPTCHA'		=> '<strong>CAPTCHA error</strong><br />» %s',
 
 	'LOG_FORUM_ADD'							=> '<strong>Created new forum</strong><br />» %s',
 	'LOG_FORUM_COPIED_PERMISSIONS'			=> '<strong>Copied forum permissions</strong> from %1$s<br />» %2$s',