Merge branch 'prep-release-3.1.12' into 3.1.x

[ticket/security/211] Make sure website URL only uses http & https schemes

.travis.yml

@@ -1,4 +1,6 @@
 language: php
+sudo: required
+dist: precise
 
 matrix:
   include:

build/build.xml

@@ -2,9 +2,9 @@
 
 <project name="phpBB" description="The phpBB forum software" default="all" basedir="../">
 	<!-- a few settings for the build -->
-	<property name="newversion" value="3.1.10" />
-	<property name="prevversion" value="3.1.9" />
-	<property name="olderversions" value="3.0.14, 3.1.0, 3.1.1, 3.1.2, 3.1.3, 3.1.4, 3.1.5, 3.1.6, 3.1.7, 3.1.7-pl1, 3.1.8" />
+	<property name="newversion" value="3.1.12" />
+	<property name="prevversion" value="3.1.11" />
+	<property name="olderversions" value="3.0.14, 3.1.0, 3.1.1, 3.1.2, 3.1.3, 3.1.4, 3.1.5, 3.1.6, 3.1.7, 3.1.7-pl1, 3.1.8, 3.1.9, 3.1.10" />
 	<!-- no configuration should be needed beyond this point -->
 
 	<property name="oldversions" value="${olderversions}, ${prevversion}" />

git-tools/setup_github_network.php

@@ -1,292 +0,0 @@
-#!/usr/bin/env php
-<?php
-/**
-*
-* This file is part of the phpBB Forum Software package.
-*
-* @copyright (c) phpBB Limited <https://www.phpbb.com>
-* @license GNU General Public License, version 2 (GPL-2.0)
-*
-* For full copyright and license information, please see
-* the docs/CREDITS.txt file.
-*
-*/
-
-function show_usage()
-{
-	$filename = basename(__FILE__);
-
-	echo "$filename adds repositories of a github network as remotes to a local git repository.\n";
-	echo "\n";
-
-	echo "Usage: [php] $filename -s collaborators|organisation|contributors|forks [OPTIONS]\n";
-	echo "\n";
-
-	echo "Scopes:\n";
-	echo "  collaborators                 Repositories of people who have push access to the specified repository\n";
-	echo "  contributors                  Repositories of people who have contributed to the specified repository\n";
-	echo "  organisation                  Repositories of members of the organisation at github\n";
-	echo "  forks                         All repositories of the whole github network\n";
-	echo "\n";
-
-	echo "Options:\n";
-	echo " -s scope                       See description above (mandatory)\n";
-	echo " -u github_username             Overwrites the github username (optional)\n";
-	echo " -r repository_name             Overwrites the repository name (optional)\n";
-	echo " -m your_github_username        Sets up ssh:// instead of git:// for pushable repositories (optional)\n";
-	echo " -d                             Outputs the commands instead of running them (optional)\n";
-	echo " -h                             This help text\n";
-
-	exit(1);
-}
-
-// Handle arguments
-$opts = getopt('s:u:r:m:dh');
-
-if (empty($opts) || isset($opts['h']))
-{
-	show_usage();
-}
-
-$scope			= get_arg($opts, 's', '');
-$username		= get_arg($opts, 'u', 'phpbb');
-$repository 	= get_arg($opts, 'r', 'phpbb3');
-$developer		= get_arg($opts, 'm', '');
-$dry_run		= !get_arg($opts, 'd', true);
-run(null, $dry_run);
-exit(work($scope, $username, $repository, $developer));
-
-function work($scope, $username, $repository, $developer)
-{
-	// Get some basic data
-	$forks		= get_forks($username, $repository);
-	$collaborators	= get_collaborators($username, $repository);
-
-	if ($forks === false || $collaborators === false)
-	{
-		echo "Error: failed to retrieve forks or collaborators\n";
-		return 1;
-	}
-
-	switch ($scope)
-	{
-		case 'collaborators':
-			$remotes = array_intersect_key($forks, $collaborators);
-		break;
-
-		case 'organisation':
-			$remotes = array_intersect_key($forks, get_organisation_members($username));
-		break;
-
-		case 'contributors':
-			$remotes = array_intersect_key($forks, get_contributors($username, $repository));
-		break;
-
-		case 'forks':
-			$remotes = $forks;
-		break;
-
-		default:
-			show_usage();
-	}
-
-	if (file_exists('.git'))
-	{
-		add_remote($username, $repository, isset($collaborators[$developer]));
-	}
-	else
-	{
-		clone_repository($username, $repository, isset($collaborators[$developer]));
-	}
-
-	// Add private security repository for developers
-	if ($username == 'phpbb' && $repository == 'phpbb3' && isset($collaborators[$developer]))
-	{
-		run("git remote add $username-security " . get_repository_url($username, "$repository-security", true));
-	}
-
-	// Skip blessed repository.
-	unset($remotes[$username]);
-
-	foreach ($remotes as $remote)
-	{
-		add_remote($remote['username'], $remote['repository'], $remote['username'] == $developer);
-	}
-
-	run('git remote update');
-}
-
-function clone_repository($username, $repository, $pushable = false)
-{
-	$url = get_repository_url($username, $repository, false);
-	run("git clone $url ./ --origin $username");
-
-	if ($pushable)
-	{
-		$ssh_url = get_repository_url($username, $repository, true);
-		run("git remote set-url --push $username $ssh_url");
-	}
-}
-
-function add_remote($username, $repository, $pushable = false)
-{
-	$url = get_repository_url($username, $repository, false);
-	run("git remote add $username $url");
-
-	if ($pushable)
-	{
-		$ssh_url = get_repository_url($username, $repository, true);
-		run("git remote set-url --push $username $ssh_url");
-	}
-}
-
-function get_repository_url($username, $repository, $ssh = false)
-{
-	$url_base = ($ssh) ? 'git@github.com:' : 'git://github.com/';
-
-	return $url_base . $username . '/' . $repository . '.git';
-}
-
-function api_request($query)
-{
-	return api_url_request("https://api.github.com/$query?per_page=100");
-}
-
-function api_url_request($url)
-{
-	$contents = file_get_contents($url, false, stream_context_create(array(
-		'http' => array(
-			'header' => "User-Agent: phpBB/1.0\r\n",
-		),
-	)));
-
-	$sub_request_result = array();
-	// Check headers for pagination links
-	if (!empty($http_response_header))
-	{
-		foreach ($http_response_header as $header_element)
-		{
-			// Find Link Header which gives us a link to the next page
-			if (strpos($header_element, 'Link: ') === 0)
-			{
-				list($head, $header_content) = explode(': ', $header_element);
-				foreach (explode(', ', $header_content) as $links)
-				{
-					list($url, $rel) = explode('; ', $links);
-					if ($rel == 'rel="next"')
-					{
-						// Found a next link, follow it and merge the results
-						$sub_request_result = api_url_request(substr($url, 1, -1));
-					}
-				}
-			}
-		}
-	}
-
-	if ($contents === false)
-	{
-		return false;
-	}
-	$contents = json_decode($contents);
-
-	if (isset($contents->message) && strpos($contents->message, 'API Rate Limit') === 0)
-	{
-		throw new RuntimeException('Reached github API Rate Limit. Please try again later' . "\n", 4);
-	}
-
-	return ($sub_request_result) ? array_merge($sub_request_result, $contents) : $contents;
-}
-
-function get_contributors($username, $repository)
-{
-	$request = api_request("repos/$username/$repository/stats/contributors");
-	if ($request === false)
-	{
-		return false;
-	}
-
-	$usernames = array();
-	foreach ($request as $contribution)
-	{
-		$usernames[$contribution->author->login] = $contribution->author->login;
-	}
-
-	return $usernames;
-}
-
-function get_organisation_members($username)
-{
-	$request = api_request("orgs/$username/public_members");
-	if ($request === false)
-	{
-		return false;
-	}
-
-	$usernames = array();
-	foreach ($request as $member)
-	{
-		$usernames[$member->login] = $member->login;
-	}
-
-	return $usernames;
-}
-
-function get_collaborators($username, $repository)
-{
-	$request = api_request("repos/$username/$repository/collaborators");
-	if ($request === false)
-	{
-		return false;
-	}
-
-	$usernames = array();
-	foreach ($request as $collaborator)
-	{
-		$usernames[$collaborator->login] = $collaborator->login;
-	}
-
-	return $usernames;
-}
-
-function get_forks($username, $repository)
-{
-	$request = api_request("repos/$username/$repository/forks");
-	if ($request === false)
-	{
-		return false;
-	}
-
-	$usernames = array();
-	foreach ($request as $fork)
-	{
-		$usernames[$fork->owner->login] = array(
-			'username'		=> $fork->owner->login,
-			'repository'	=> $fork->name,
-		);
-	}
-
-	return $usernames;
-}
-
-function get_arg($array, $index, $default)
-{
-	return isset($array[$index]) ? $array[$index] : $default;
-}
-
-function run($cmd, $dry = false)
-{
-	static $dry_run;
-
-	if (is_null($cmd))
-	{
-		$dry_run = $dry;
-	}
-	else if (!empty($dry_run))
-	{
-		echo "$cmd\n";
-	}
-	else
-	{
-		passthru(escapeshellcmd($cmd));
-	}
-}

phpBB/adm/style/acp_ext_details.html

@@ -21,6 +21,7 @@
 		<p>{VERSIONCHECK_FAIL_REASON}</p>
 	</div>
 	<!-- ENDIF -->
+<!-- EVENT acp_ext_details_notice -->
 
 	<fieldset>
 		<legend>{L_EXT_DETAILS}</legend>

phpBB/adm/style/acp_ext_list.html

@@ -48,7 +48,7 @@
 		</tr>
 		<!-- BEGIN enabled -->
 		<tr class="ext_enabled row-highlight">
-			<td><strong title="{enabled.NAME}">{enabled.META_DISPLAY_NAME}</strong></td>
+			<td><strong title="{enabled.NAME}">{enabled.META_DISPLAY_NAME}</strong><!-- EVENT acp_ext_list_enabled_name_after --></td>
 			<td style="text-align: center;">
 				<!-- IF enabled.S_VERSIONCHECK -->
 				<strong <!-- IF enabled.S_UP_TO_DATE -->style="color: #228822;"<!-- ELSE -->style="color: #BC2A4D;"<!-- ENDIF -->>{enabled.META_VERSION}</strong>
@@ -73,7 +73,7 @@
 		</tr>
 		<!-- BEGIN disabled -->
 		<tr class="ext_disabled row-highlight">
-			<td><strong title="{disabled.NAME}">{disabled.META_DISPLAY_NAME}</strong></td>
+			<td><strong title="{disabled.NAME}">{disabled.META_DISPLAY_NAME}</strong><!-- EVENT acp_ext_list_disabled_name_after --></td>
 			<td style="text-align: center;">
 				<!-- IF disabled.S_VERSIONCHECK -->
 				<strong <!-- IF disabled.S_UP_TO_DATE -->style="color: #228822;"<!-- ELSE -->style="color: #BC2A4D;"<!-- ENDIF -->>{disabled.META_VERSION}</strong>

phpBB/adm/style/acp_jabber.html

@@ -47,6 +47,21 @@
 	<dd><label><input type="radio" class="radio" id="jab_use_ssl" name="jab_use_ssl" value="1"<!-- IF JAB_USE_SSL --> checked="checked"<!-- ENDIF --> /> {L_YES}</label>
 		<label><input type="radio" class="radio" name="jab_use_ssl" value="0"<!-- IF not JAB_USE_SSL --> checked="checked"<!-- ENDIF --> /> {L_NO}</label></dd>
 </dl>
+<dl>
+	<dt><label for="jab_verify_peer">{L_JAB_VERIFY_PEER}{L_COLON}</label><br /><span>{L_JAB_VERIFY_PEER_EXPLAIN}</span></dt>
+	<dd><label><input type="radio" class="radio" id="jab_verify_peer" name="jab_verify_peer" value="1"<!-- IF JAB_VERIFY_PEER --> checked="checked"<!-- ENDIF --> /> {L_YES}</label>
+		<label><input type="radio" class="radio" name="jab_verify_peer" value="0"<!-- IF not JAB_VERIFY_PEER --> checked="checked"<!-- ENDIF --> /> {L_NO}</label></dd>
+</dl>
+<dl>
+	<dt><label for="jab_verify_peer_name">{L_JAB_VERIFY_PEER_NAME}{L_COLON}</label><br /><span>{L_JAB_VERIFY_PEER_NAME_EXPLAIN}</span></dt>
+	<dd><label><input type="radio" class="radio" id="jab_verify_peer_name" name="jab_verify_peer_name" value="1"<!-- IF JAB_VERIFY_PEER_NAME --> checked="checked"<!-- ENDIF --> /> {L_YES}</label>
+		<label><input type="radio" class="radio" name="jab_verify_peer_name" value="0"<!-- IF not JAB_VERIFY_PEER_NAME --> checked="checked"<!-- ENDIF --> /> {L_NO}</label></dd>
+</dl>
+<dl>
+	<dt><label for="jab_allow_self_signed">{L_JAB_ALLOW_SELF_SIGNED}{L_COLON}</label><br /><span>{L_JAB_ALLOW_SELF_SIGNED_EXPLAIN}</span></dt>
+	<dd><label><input type="radio" class="radio" id="jab_allow_self_signed" name="jab_allow_self_signed" value="1"<!-- IF JAB_ALLOW_SELF_SIGNED --> checked="checked"<!-- ENDIF --> /> {L_YES}</label>
+		<label><input type="radio" class="radio" name="jab_allow_self_signed" value="0"<!-- IF not JAB_ALLOW_SELF_SIGNED --> checked="checked"<!-- ENDIF --> /> {L_NO}</label></dd>
+</dl>
 <!-- ENDIF -->
 <dl>
 	<dt><label for="jab_package_size">{L_JAB_PACKAGE_SIZE}{L_COLON}</label><br /><span>{L_JAB_PACKAGE_SIZE_EXPLAIN}</span></dt>

phpBB/adm/style/acp_main.html

@@ -30,6 +30,11 @@
 			<p><a href="{U_VERSIONCHECK_FORCE}">{L_VERSIONCHECK_FORCE_UPDATE}</a> &middot; <a href="{U_VERSIONCHECK}">{L_MORE_INFORMATION}</a></p>
 		</div>
 	<!-- ENDIF -->
+	<!-- IF S_VERSION_UPGRADEABLE -->
+		<div class="errorbox notice">
+			<p>{UPGRADE_INSTRUCTIONS}</p>
+		</div>
+	<!-- ENDIF -->
 
 	<!-- IF S_SEARCH_INDEX_MISSING -->
 		<div class="errorbox">

phpBB/adm/style/acp_profile.html

@@ -85,6 +85,7 @@
 			<dd><input type="checkbox" class="radio" id="field_is_contact" name="field_is_contact" value="1"<!-- IF S_FIELD_CONTACT --> checked="checked"<!-- ENDIF --> /></dd>
 			<dd><input class="text medium" type="text" name="field_contact_desc" id="field_contact_desc" value="{FIELD_CONTACT_DESC}" /> <label for="field_contact_desc">{L_FIELD_CONTACT_DESC}</label></dd>
 			<dd><input class="text medium" type="text" name="field_contact_url" id="field_contact_url" value="{FIELD_CONTACT_URL}" /> <label for="field_contact_url">{L_FIELD_CONTACT_URL}</label></dd>
+			<!-- EVENT acp_profile_contact_last -->
 		</dl>
 		</fieldset>
 

phpBB/adm/style/acp_styles.html

@@ -51,6 +51,10 @@
 		<dt><label>{L_STYLE_PATH}{L_COLON}</label></dt>
 		<dd><strong>{STYLE_PATH}</strong></dd>
 	</dl>
+	<dl>
+		<dt><label>{L_STYLE_VERSION}{L_COLON}</label></dt>
+		<dd><strong>{STYLE_VERSION}</strong></dd>
+	</dl>
 	<dl>
 		<dt><label for="name">{L_COPYRIGHT}{L_COLON}</label></dt>
 		<dd><strong>{STYLE_COPYRIGHT}</strong></dd>

phpBB/adm/style/acp_update.html

@@ -20,6 +20,11 @@
 		<p>{L_VERSION_NOT_UP_TO_DATE_ACP} - <a href="{U_VERSIONCHECK_FORCE}">{L_VERSIONCHECK_FORCE_UPDATE}</a></p>
 	</div>
 <!-- ENDIF -->
+<!-- IF S_VERSION_UPGRADEABLE -->
+	<div class="errorbox notice">
+		<p>{UPGRADE_INSTRUCTIONS}</p>
+	</div>
+<!-- ENDIF -->
 
 <fieldset>
 	<legend></legend>

phpBB/adm/style/ajax.js

@@ -173,10 +173,11 @@ function submitPermissions() {
 		$.ajax({
 			url: $form.action,
 			type: 'POST',
-			data: formData + '&' + $submitAllButton.name + '=' + encodeURIComponent($submitAllButton.value) +
+			data: formData + '&' + $submitButton.name + '=' + encodeURIComponent($submitButton.value) +
 				'&creation_time=' + $form.find('input[type=hidden][name=creation_time]')[0].value +
 				'&form_token=' + $form.find('input[type=hidden][name=form_token]')[0].value +
-				'&' + $form.children('input[type=hidden]').serialize(),
+				'&' + $form.children('input[type=hidden]').serialize() +
+				'&' + $form.find('input[type=checkbox][name^=inherit]').serialize(),
 			success: handlePermissionReturn,
 			error: handlePermissionReturn
 		});

phpBB/adm/style/overall_header.html

@@ -53,7 +53,7 @@ function marklist(id, name, state)
 	
 	for (var r = 0; r < rb.length; r++)
 	{
-		if (rb[r].name.substr(0, name.length) == name)
+		if (rb[r].name.substr(0, name.length) == name && rb[r].disabled !== true)
 		{
 			rb[r].checked = state;
 		}

phpBB/adm/style/simple_header.html

@@ -66,7 +66,7 @@ function marklist(id, name, state)
 	
 	for (var r = 0; r < rb.length; r++)
 	{
-		if (rb[r].name.substr(0, name.length) == name)
+		if (rb[r].name.substr(0, name.length) == name && rb[r].disabled !== true)
 		{
 			rb[r].checked = state;
 		}

phpBB/assets/javascript/core.js

@@ -33,20 +33,27 @@ phpbb.loadingIndicator = function() {
 
 	if (!$loadingIndicator.is(':visible')) {
 		$loadingIndicator.fadeIn(phpbb.alertTime);
-		// Wait fifteen seconds and display an error if nothing has been returned by then.
+		// Wait 60 seconds and display an error if nothing has been returned by then.
 		phpbb.clearLoadingTimeout();
 		phpbbAlertTimer = setTimeout(function() {
-			var $alert = $('#phpbb_alert');
-
-			if ($loadingIndicator.is(':visible')) {
-				phpbb.alert($alert.attr('data-l-err'), $alert.attr('data-l-timeout-processing-req'));
-			}
-		}, 15000);
+			phpbb.showTimeoutMessage();
+		}, 60000);
 	}
 
 	return $loadingIndicator;
 };
 
+/**
+ * Show timeout message
+ */
+phpbb.showTimeoutMessage = function () {
+	var $alert = $('#phpbb_alert');
+
+	if ($loadingIndicator.is(':visible')) {
+		phpbb.alert($alert.attr('data-l-err'), $alert.attr('data-l-timeout-processing-req'));
+	}
+};
+
 /**
  * Clear loading alert timeout
 */

phpBB/composer.json

@@ -34,7 +34,7 @@
 		"symfony/http-kernel": "2.3.*",
 		"symfony/routing": "2.3.*",
 		"symfony/yaml": "2.3.*",
-		"twig/twig": "1.*"
+		"twig/twig": "^1.0,<1.25"
 	},
 	"require-dev": {
 		"fabpot/goutte": "1.0.*",

phpBB/composer.lock

@@ -4,8 +4,8 @@
         "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#composer-lock-the-lock-file",
         "This file is @generated automatically"
     ],
-    "hash": "33fa9de480a8a9c8f7e3f2926cd4c034",
-    "content-hash": "2d9c1857e65554ceb4cfa435495df188",
+    "hash": "ab3d7f33388bce90e6032110a537e61f",
+    "content-hash": "9c138398f4bc789098b020ed37f6ae20",
     "packages": [
         {
             "name": "lusitanian/oauth",
@@ -72,22 +72,30 @@
         },
         {
             "name": "psr/log",
-            "version": "1.0.0",
+            "version": "1.0.2",
             "source": {
                 "type": "git",
                 "url": "https://github.com/php-fig/log.git",
-                "reference": "fe0936ee26643249e916849d48e3a51d5f5e278b"
+                "reference": "4ebe3a8bf773a19edfe0a84b6585ba3d401b724d"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/php-fig/log/zipball/fe0936ee26643249e916849d48e3a51d5f5e278b",
-                "reference": "fe0936ee26643249e916849d48e3a51d5f5e278b",
+                "url": "https://api.github.com/repos/php-fig/log/zipball/4ebe3a8bf773a19edfe0a84b6585ba3d401b724d",
+                "reference": "4ebe3a8bf773a19edfe0a84b6585ba3d401b724d",
                 "shasum": ""
             },
+            "require": {
+                "php": ">=5.3.0"
+            },
             "type": "library",
+            "extra": {
+                "branch-alias": {
+                    "dev-master": "1.0.x-dev"
+                }
+            },
             "autoload": {
-                "psr-0": {
-                    "Psr\\Log\\": ""
+                "psr-4": {
+                    "Psr\\Log\\": "Psr/Log/"
                 }
             },
             "notification-url": "https://packagist.org/downloads/",
@@ -101,12 +109,13 @@
                 }
             ],
             "description": "Common interface for logging libraries",
+            "homepage": "https://github.com/php-fig/log",
             "keywords": [
                 "log",
                 "psr",
                 "psr-3"
             ],
-            "time": "2012-12-21 11:40:51"
+            "time": "2016-10-10 12:19:37"
         },
         {
             "name": "symfony/config",
@@ -575,16 +584,16 @@
         },
         {
             "name": "symfony/polyfill-mbstring",
-            "version": "v1.2.0",
+            "version": "v1.3.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/polyfill-mbstring.git",
-                "reference": "dff51f72b0706335131b00a7f49606168c582594"
+                "reference": "e79d363049d1c2128f133a2667e4f4190904f7f4"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/polyfill-mbstring/zipball/dff51f72b0706335131b00a7f49606168c582594",
-                "reference": "dff51f72b0706335131b00a7f49606168c582594",
+                "url": "https://api.github.com/repos/symfony/polyfill-mbstring/zipball/e79d363049d1c2128f133a2667e4f4190904f7f4",
+                "reference": "e79d363049d1c2128f133a2667e4f4190904f7f4",
                 "shasum": ""
             },
             "require": {
@@ -596,7 +605,7 @@
             "type": "library",
             "extra": {
                 "branch-alias": {
-                    "dev-master": "1.2-dev"
+                    "dev-master": "1.3-dev"
                 }
             },
             "autoload": {
@@ -630,7 +639,7 @@
                 "portable",
                 "shim"
             ],
-            "time": "2016-05-18 14:26:46"
+            "time": "2016-11-14 01:06:16"
         },
         {
             "name": "symfony/routing",
@@ -746,16 +755,16 @@
         },
         {
             "name": "twig/twig",
-            "version": "v1.24.1",
+            "version": "v1.24.2",
             "source": {
                 "type": "git",
                 "url": "https://github.com/twigphp/Twig.git",
-                "reference": "3566d311a92aae4deec6e48682dc5a4528c4a512"
+                "reference": "33093f6e310e6976baeac7b14f3a6ec02f2d79b7"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/twigphp/Twig/zipball/3566d311a92aae4deec6e48682dc5a4528c4a512",
-                "reference": "3566d311a92aae4deec6e48682dc5a4528c4a512",
+                "url": "https://api.github.com/repos/twigphp/Twig/zipball/33093f6e310e6976baeac7b14f3a6ec02f2d79b7",
+                "reference": "33093f6e310e6976baeac7b14f3a6ec02f2d79b7",
                 "shasum": ""
             },
             "require": {
@@ -803,7 +812,7 @@
             "keywords": [
                 "templating"
             ],
-            "time": "2016-05-30 09:11:59"
+            "time": "2016-09-01 17:50:53"
         }
     ],
     "packages-dev": [
@@ -1067,16 +1076,16 @@
         },
         {
             "name": "michelf/php-markdown",
-            "version": "1.6.0",
+            "version": "1.7.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/michelf/php-markdown.git",
-                "reference": "156e56ee036505ec637d761ee62dc425d807183c"
+                "reference": "1f51cc520948f66cd2af8cbc45a5ee175e774220"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/michelf/php-markdown/zipball/156e56ee036505ec637d761ee62dc425d807183c",
-                "reference": "156e56ee036505ec637d761ee62dc425d807183c",
+                "url": "https://api.github.com/repos/michelf/php-markdown/zipball/1f51cc520948f66cd2af8cbc45a5ee175e774220",
+                "reference": "1f51cc520948f66cd2af8cbc45a5ee175e774220",
                 "shasum": ""
             },
             "require": {
@@ -1114,7 +1123,7 @@
             "keywords": [
                 "markdown"
             ],
-            "time": "2015-12-24 01:37:31"
+            "time": "2016-10-29 18:58:20"
         },
         {
             "name": "nikic/php-parser",
@@ -1422,25 +1431,30 @@
         },
         {
             "name": "phpunit/php-timer",
-            "version": "1.0.8",
+            "version": "1.0.9",
             "source": {
                 "type": "git",
                 "url": "https://github.com/sebastianbergmann/php-timer.git",
-                "reference": "38e9124049cf1a164f1e4537caf19c99bf1eb260"
+                "reference": "3dcf38ca72b158baf0bc245e9184d3fdffa9c46f"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/sebastianbergmann/php-timer/zipball/38e9124049cf1a164f1e4537caf19c99bf1eb260",
-                "reference": "38e9124049cf1a164f1e4537caf19c99bf1eb260",
+                "url": "https://api.github.com/repos/sebastianbergmann/php-timer/zipball/3dcf38ca72b158baf0bc245e9184d3fdffa9c46f",
+                "reference": "3dcf38ca72b158baf0bc245e9184d3fdffa9c46f",
                 "shasum": ""
             },
             "require": {
-                "php": ">=5.3.3"
+                "php": "^5.3.3 || ^7.0"
             },
             "require-dev": {
-                "phpunit/phpunit": "~4|~5"
+                "phpunit/phpunit": "^4.8.35 || ^5.7 || ^6.0"
             },
             "type": "library",
+            "extra": {
+                "branch-alias": {
+                    "dev-master": "1.0-dev"
+                }
+            },
             "autoload": {
                 "classmap": [
                     "src/"
@@ -1462,20 +1476,20 @@
             "keywords": [
                 "timer"
             ],
-            "time": "2016-05-12 18:03:57"
+            "time": "2017-02-26 11:10:40"
         },
         {
             "name": "phpunit/php-token-stream",
-            "version": "1.4.8",
+            "version": "1.4.11",
             "source": {
                 "type": "git",
                 "url": "https://github.com/sebastianbergmann/php-token-stream.git",
-                "reference": "3144ae21711fb6cac0b1ab4cbe63b75ce3d4e8da"
+                "reference": "e03f8f67534427a787e21a385a67ec3ca6978ea7"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/sebastianbergmann/php-token-stream/zipball/3144ae21711fb6cac0b1ab4cbe63b75ce3d4e8da",
-                "reference": "3144ae21711fb6cac0b1ab4cbe63b75ce3d4e8da",
+                "url": "https://api.github.com/repos/sebastianbergmann/php-token-stream/zipball/e03f8f67534427a787e21a385a67ec3ca6978ea7",
+                "reference": "e03f8f67534427a787e21a385a67ec3ca6978ea7",
                 "shasum": ""
             },
             "require": {
@@ -1511,7 +1525,7 @@
             "keywords": [
                 "tokenizer"
             ],
-            "time": "2015-09-15 10:49:45"
+            "time": "2017-02-27 10:12:30"
         },
         {
             "name": "phpunit/phpunit",
@@ -1751,22 +1765,22 @@
         },
         {
             "name": "sebastian/comparator",
-            "version": "1.2.0",
+            "version": "1.2.4",
             "source": {
                 "type": "git",
                 "url": "https://github.com/sebastianbergmann/comparator.git",
-                "reference": "937efb279bd37a375bcadf584dec0726f84dbf22"
+                "reference": "2b7424b55f5047b47ac6e5ccb20b2aea4011d9be"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/sebastianbergmann/comparator/zipball/937efb279bd37a375bcadf584dec0726f84dbf22",
-                "reference": "937efb279bd37a375bcadf584dec0726f84dbf22",
+                "url": "https://api.github.com/repos/sebastianbergmann/comparator/zipball/2b7424b55f5047b47ac6e5ccb20b2aea4011d9be",
+                "reference": "2b7424b55f5047b47ac6e5ccb20b2aea4011d9be",
                 "shasum": ""
             },
             "require": {
                 "php": ">=5.3.3",
                 "sebastian/diff": "~1.2",
-                "sebastian/exporter": "~1.2"
+                "sebastian/exporter": "~1.2 || ~2.0"
             },
             "require-dev": {
                 "phpunit/phpunit": "~4.4"
@@ -1811,27 +1825,27 @@
                 "compare",
                 "equality"
             ],
-            "time": "2015-07-26 15:48:44"
+            "time": "2017-01-29 09:50:25"
         },
         {
             "name": "sebastian/diff",
-            "version": "1.4.1",
+            "version": "1.4.3",
             "source": {
                 "type": "git",
                 "url": "https://github.com/sebastianbergmann/diff.git",
-                "reference": "13edfd8706462032c2f52b4b862974dd46b71c9e"
+                "reference": "7f066a26a962dbe58ddea9f72a4e82874a3975a4"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/sebastianbergmann/diff/zipball/13edfd8706462032c2f52b4b862974dd46b71c9e",
-                "reference": "13edfd8706462032c2f52b4b862974dd46b71c9e",
+                "url": "https://api.github.com/repos/sebastianbergmann/diff/zipball/7f066a26a962dbe58ddea9f72a4e82874a3975a4",
+                "reference": "7f066a26a962dbe58ddea9f72a4e82874a3975a4",
                 "shasum": ""
             },
             "require": {
-                "php": ">=5.3.3"
+                "php": "^5.3.3 || ^7.0"
             },
             "require-dev": {
-                "phpunit/phpunit": "~4.8"
+                "phpunit/phpunit": "^4.8.35 || ^5.7 || ^6.0"
             },
             "type": "library",
             "extra": {
@@ -1863,27 +1877,27 @@
             "keywords": [
                 "diff"
             ],
-            "time": "2015-12-08 07:14:41"
+            "time": "2017-05-22 07:24:03"
         },
         {
             "name": "sebastian/environment",
-            "version": "1.3.7",
+            "version": "1.3.8",
             "source": {
                 "type": "git",
                 "url": "https://github.com/sebastianbergmann/environment.git",
-                "reference": "4e8f0da10ac5802913afc151413bc8c53b6c2716"
+                "reference": "be2c607e43ce4c89ecd60e75c6a85c126e754aea"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/sebastianbergmann/environment/zipball/4e8f0da10ac5802913afc151413bc8c53b6c2716",
-                "reference": "4e8f0da10ac5802913afc151413bc8c53b6c2716",
+                "url": "https://api.github.com/repos/sebastianbergmann/environment/zipball/be2c607e43ce4c89ecd60e75c6a85c126e754aea",
+                "reference": "be2c607e43ce4c89ecd60e75c6a85c126e754aea",
                 "shasum": ""
             },
             "require": {
-                "php": ">=5.3.3"
+                "php": "^5.3.3 || ^7.0"
             },
             "require-dev": {
-                "phpunit/phpunit": "~4.4"
+                "phpunit/phpunit": "^4.8 || ^5.0"
             },
             "type": "library",
             "extra": {
@@ -1913,7 +1927,7 @@
                 "environment",
                 "hhvm"
             ],
-            "time": "2016-05-17 03:18:57"
+            "time": "2016-08-18 05:49:44"
         },
         {
             "name": "sebastian/exporter",
@@ -1984,16 +1998,16 @@
         },
         {
             "name": "sebastian/recursion-context",
-            "version": "1.0.2",
+            "version": "1.0.5",
             "source": {
                 "type": "git",
                 "url": "https://github.com/sebastianbergmann/recursion-context.git",
-                "reference": "913401df809e99e4f47b27cdd781f4a258d58791"
+                "reference": "b19cc3298482a335a95f3016d2f8a6950f0fbcd7"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/sebastianbergmann/recursion-context/zipball/913401df809e99e4f47b27cdd781f4a258d58791",
-                "reference": "913401df809e99e4f47b27cdd781f4a258d58791",
+                "url": "https://api.github.com/repos/sebastianbergmann/recursion-context/zipball/b19cc3298482a335a95f3016d2f8a6950f0fbcd7",
+                "reference": "b19cc3298482a335a95f3016d2f8a6950f0fbcd7",
                 "shasum": ""
             },
             "require": {
@@ -2033,7 +2047,7 @@
             ],
             "description": "Provides functionality to recursively process PHP variables",
             "homepage": "http://www.github.com/sebastianbergmann/recursion-context",
-            "time": "2015-11-11 19:50:13"
+            "time": "2016-10-03 07:41:43"
         },
         {
             "name": "sebastian/version",
@@ -2072,16 +2086,16 @@
         },
         {
             "name": "squizlabs/php_codesniffer",
-            "version": "2.6.2",
+            "version": "2.9.1",
             "source": {
                 "type": "git",
                 "url": "https://github.com/squizlabs/PHP_CodeSniffer.git",
-                "reference": "4edb770cb853def6e60c93abb088ad5ac2010c83"
+                "reference": "dcbed1074f8244661eecddfc2a675430d8d33f62"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/squizlabs/PHP_CodeSniffer/zipball/4edb770cb853def6e60c93abb088ad5ac2010c83",
-                "reference": "4edb770cb853def6e60c93abb088ad5ac2010c83",
+                "url": "https://api.github.com/repos/squizlabs/PHP_CodeSniffer/zipball/dcbed1074f8244661eecddfc2a675430d8d33f62",
+                "reference": "dcbed1074f8244661eecddfc2a675430d8d33f62",
                 "shasum": ""
             },
             "require": {
@@ -2146,7 +2160,7 @@
                 "phpcs",
                 "standards"
             ],
-            "time": "2016-07-13 23:29:13"
+            "time": "2017-05-22 02:43:20"
         },
         {
             "name": "symfony/browser-kit",

phpBB/config/console.yml

@@ -139,3 +139,24 @@ services:
             - @dbal.conn
         tags:
             - { name: console.command }
+
+    console.command.fixup.update_hashes:
+        class: phpbb\console\command\fixup\update_hashes
+        arguments:
+            - @config
+            - @user
+            - @dbal.conn
+            - @passwords.manager
+            - @passwords.driver_collection
+            - %passwords.algorithms%
+        tags:
+            - { name: console.command }
+
+    console.command.fixup.fix_left_right_ids:
+        class: phpbb\console\command\fixup\fix_left_right_ids
+        arguments:
+            - @user
+            - @dbal.conn
+            - @cache.driver
+        tags:
+            - { name: console.command }

phpBB/config/cron.yml

@@ -146,3 +146,17 @@ services:
             - [set_name, [cron.task.core.tidy_warnings]]
         tags:
             - { name: cron.task }
+
+    cron.task.core.update_hashes:
+        class: phpbb\cron\task\core\update_hashes
+        arguments:
+            - @config
+            - @dbal.conn
+            - @passwords.update.lock
+            - @passwords.manager
+            - @passwords.driver_collection
+            - %passwords.algorithms%
+        calls:
+            - [set_name, [cron.task.core.update_hashes]]
+        tags:
+            - { name: cron.task }

phpBB/config/password.yml

@@ -122,3 +122,10 @@ services:
             - @passwords.driver_helper
         tags:
             - { name: passwords.driver }
+
+    passwords.update.lock:
+        class: phpbb\lock\db
+        arguments:
+            - update_hashes_lock
+            - '@config'
+            - '@dbal.conn'

phpBB/develop/regex_idn.php

@@ -120,7 +120,7 @@ do
 	$pct_encoded = "%[\dA-F]{2}";
 	$unreserved = "$add_chars\pL0-9\-._~";
 	$sub_delims = ($inline) ? '!$&\'(*+,;=' : '!$&\'()*+,;=';
-	$scheme = ($inline) ? '[a-z][a-z\d+]*': '[a-z][a-z\d+\-.]*' ; // avoid automatic parsing of "word" in "last word.http://..."
+	$scheme = ($inline) ? '[a-z][a-z\d+]*(?<!javascript)': '[a-z][a-z\d+\-.]*(?<!javascript)' ; // avoid automatic parsing of "word" in "last word.http://..."
 	$pchar = "(?:[^$remove_chars]*[$unreserved$sub_delims:@|]+|$pct_encoded)"; // rfc: no "|"
 
 	$reg_name = "(?:[^$remove_chars]*[$unreserved$sub_delims:@|]+|$pct_encoded)+"; // rfc: * instead of + and no "|" and no "@" and no ":" (included instead of userinfo)

phpBB/docs/CHANGELOG.html

@@ -50,6 +50,8 @@
 <ol>
 	<li><a href="#changelog">Changelog</a>
 	<ul>
+		<li><a href="#v3111">Changes since 3.1.11</a></li>
+		<li><a href="#v3110">Changes since 3.1.10</a></li>
 		<li><a href="#v319">Changes since 3.1.9</a></li>
 		<li><a href="#v318">Changes since 3.1.8</a></li>
 		<li><a href="#v317pl1">Changes since 3.1.7-PL1</a></li>
@@ -119,6 +121,197 @@
 
 <div class="content">
 
+	<a name="v3111"></a><h3>Changes since 3.1.11</h3>
+
+	<h4>Security Issue</h4>
+	<ul>
+		<li>[SECURITY-211] - URLs with javascript scheme should not be made clickable</li>
+	</ul>
+	<h4>Bug</h4>
+	<ul>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-9533">PHPBB3-9533</a>] - phpbb_own_realpath() doesn't always replicate realpath() behaviour</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12835">PHPBB3-12835</a>] - Jump-box dropdown menu doesn't expand with according to line length in IE8</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13360">PHPBB3-13360</a>] - rename_too_long_indexes migration never deleted the old unique index</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13464">PHPBB3-13464</a>] - problem with drop down options and Arabic letters in chrome</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13574">PHPBB3-13574</a>] - Last post not showing in &quot;Active topics&quot; when Prosilver goes responsive</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-15174">PHPBB3-15174</a>] - Unable to purge cache (ext &amp; acp)</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-15285">PHPBB3-15285</a>] - Travis tests are failing due to trusty changes</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-15303">PHPBB3-15303</a>] - Typo in memcached driver</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-15347">PHPBB3-15347</a>] - Password updater in cron generates invalid postgres SQL</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-15367">PHPBB3-15367</a>] - Sphinx search backend doesn't escape special characters</li>
+	</ul>
+	<h4>Improvement</h4>
+	<ul>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10122">PHPBB3-10122</a>] - [list=] - should support &quot;none&quot;, along with CSS2 types</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11063">PHPBB3-11063</a>] - Change version check to SSL</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14820">PHPBB3-14820</a>] - Style Version Missing</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14919">PHPBB3-14919</a>] - Inconsistent use of globals vs class elements in acp_extensions</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14927">PHPBB3-14927</a>] - event core.user_add_modify_data</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14944">PHPBB3-14944</a>] - Add possibility to search for template loop indexes by key</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14995">PHPBB3-14995</a>] - Add ACP template events acp_ext_list_*_name_after</li>
+	</ul>
+	<h4>New Feature</h4>
+	<ul>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13344">PHPBB3-13344</a>] - Add new events for logging</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-15122">PHPBB3-15122</a>] - Support using memcached instead of memcache</li>
+	</ul>
+	<h4>Sub-task</h4>
+	<ul>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11182">PHPBB3-11182</a>] - Ensure that template files use L_COLON instead of colons.</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11676">PHPBB3-11676</a>] - generate_text_for_storage on includes/acp/acp_users.php</li>
+	</ul>
+	<h4>Task</h4>
+	<ul>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10758">PHPBB3-10758</a>] - Improve Functional Test Code Coverage</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10791">PHPBB3-10791</a>] - Add a section for extensions to readme.html</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10792">PHPBB3-10792</a>] - Add a section for 3.0 to 3.1 upgrades to install.html</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13874">PHPBB3-13874</a>] - Add master to sami API docs</li>
+	</ul>
+
+	<a name="v3110"></a><h3>Changes since 3.1.10</h3>
+
+	<h4>Bug</h4>
+	<ul>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-7336">PHPBB3-7336</a>] - Words in new topic title aren't found by search after topic is split</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-8116">PHPBB3-8116</a>] - Server timeout or browsercrash after viewing postdetails</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-8301">PHPBB3-8301</a>] - admin log generate slow queries</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-9590">PHPBB3-9590</a>] - Unable to update permissions for more than 6 forums at a time</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11076">PHPBB3-11076</a>] - Update notification in ACP for minimum PHP version missing essential information</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11483">PHPBB3-11483</a>] - Forced Activation needs looking at.</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-11611">PHPBB3-11611</a>] - setup_github_network.php no longer creates a repository</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13247">PHPBB3-13247</a>] - Online indicator in post profile hides behind certain avatars</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13250">PHPBB3-13250</a>] - File cache does not write entries starting with _ and containing a slash</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13429">PHPBB3-13429</a>] - Changes tag in docblock of events should be unified</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13558">PHPBB3-13558</a>] -  Error - stream_socket_enable_crypto()</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13757">PHPBB3-13757</a>] - Negative PM count</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14468">PHPBB3-14468</a>] - [php] - 'core.viewforum_modify_topics_data' add parameter forum_id</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14549">PHPBB3-14549</a>] - Correctly redirect back after topic merge in MCP</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14770">PHPBB3-14770</a>] - Plupload: WRONG_FILESIZE is used wrong</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14795">PHPBB3-14795</a>] - Topic merge bug</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14801">PHPBB3-14801</a>] - Search highlight option doesn't always highlight unicode strings</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14802">PHPBB3-14802</a>] - Empty/blank lines should not be additional poll options</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14806">PHPBB3-14806</a>] - Authentication for e-mail is not working</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14819">PHPBB3-14819</a>] - Soft deleted posts visible in topic review</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14821">PHPBB3-14821</a>] - Do not expect parsed HTML in kernel subscriber output</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14830">PHPBB3-14830</a>] - FORM_INVALID error on ACP search and CPF settings</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14831">PHPBB3-14831</a>] - Extension migration file fails</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14838">PHPBB3-14838</a>] - feeds.attachments_base - server 500 error for large attachment tables</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14844">PHPBB3-14844</a>] - BBcodes B and I return &lt;strong&gt; and &lt;em&gt; tags instead of CSS under inherited styles</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14859">PHPBB3-14859</a>] - PM report notifications only sent out to full Global Moderators</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14860">PHPBB3-14860</a>] - Broken link on subscriptions page on mobile devices</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14863">PHPBB3-14863</a>] - &quot;Array&quot; in message title when permanently deleting posts</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14864">PHPBB3-14864</a>] - ACP datefromat text input  still has 30 max length while dateformat field had been expanded to 64</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14876">PHPBB3-14876</a>] - Multibyte message is not displayed properly on exception</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14877">PHPBB3-14877</a>] - CSS error in &quot;.codebox code&quot; definition</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14881">PHPBB3-14881</a>] - Problems using EVENT (overall_footer_content_after)</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14888">PHPBB3-14888</a>] - Missing check for disabled profile field types</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14889">PHPBB3-14889</a>] - Missing method declaration in profile fields type interface</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14890">PHPBB3-14890</a>] - Wrong validation of input field in profile field type string</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14906">PHPBB3-14906</a>] - Duplicated sig key in user_cache_data array</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14923">PHPBB3-14923</a>] - SQL PostgreSQL blocking errors during DB update installation</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14938">PHPBB3-14938</a>] - Inconsistent data results from ext_mgr-&gt;all_available() vs ext_mgr-&gt;is_available()</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14941">PHPBB3-14941</a>] - MySQL Fulltext search index creating still fails on InnoDB</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14943">PHPBB3-14943</a>] - Template loop access gives PHP error</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14953">PHPBB3-14953</a>] - Incorrect &quot;order by&quot; definition in ucp_pm_viewfolder</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14968">PHPBB3-14968</a>] - Version check marks 3.1.10 boards as outdated </li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14997">PHPBB3-14997</a>] - Bad Position for topiclist_row_topic_title_after</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14998">PHPBB3-14998</a>] - ACP Update link is incorrect!</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-15003">PHPBB3-15003</a>] - When using mark all, disabled check boxes should not become checked</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-15006">PHPBB3-15006</a>] - Permission inheritance with checkbox not working</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-15011">PHPBB3-15011</a>] - Error not checked on metadata load failure</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-15108">PHPBB3-15108</a>] - Duplicate code in request-&gt;overwrite</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-15143">PHPBB3-15143</a>] - version check on branch is broken</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-15146">PHPBB3-15146</a>] - Date profile field validation incorrect</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-15150">PHPBB3-15150</a>] - Yabber SSL/TLS certification</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-15186">PHPBB3-15186</a>] - The force_delete_allowed flag does not affect actual posts deletion ability</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-15187">PHPBB3-15187</a>] - ACP Template files not purged during Extension Enable</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-15246">PHPBB3-15246</a>] - Memcache driver incorrectly handles Unix sockets</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-15248">PHPBB3-15248</a>] - Event core.modify_posting_auth does not honor its parameters</li>
+	</ul>
+	<h4>Improvement</h4>
+	<ul>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-9211">PHPBB3-9211</a>] - List subforums-links separately in parent-forums' legend</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12749">PHPBB3-12749</a>] - core.submit_post_end add subject to the event data</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13457">PHPBB3-13457</a>] - New Hooks for ucp_main</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13459">PHPBB3-13459</a>] - New Template-Event in overall_header.html</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13479">PHPBB3-13479</a>] - Add hook for modifying highlighting on viewtopic</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13601">PHPBB3-13601</a>] - New event upon acl_clear_prefetch</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13603">PHPBB3-13603</a>] - New event upon index_body_online_block_after</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13605">PHPBB3-13605</a>] - New event upon ucp_pm_compose_predefined_message</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13608">PHPBB3-13608</a>] - New event upon ucp_restore_permissions</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13609">PHPBB3-13609</a>] - New event upon ucp_switch_permissions</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13845">PHPBB3-13845</a>] - Add event when user changes or delete avatar</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14119">PHPBB3-14119</a>] - [PHP] - (User) unban event request</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14239">PHPBB3-14239</a>] - [PHP] - Add event ucp_remind_modify_select_sql</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14331">PHPBB3-14331</a>] - Add rank calculation or result event access</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14520">PHPBB3-14520</a>] - [Template] - ucp_pm_viewmessage_message_body_after</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14522">PHPBB3-14522</a>] - [Template] - ucp_register_buttons_before</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14524">PHPBB3-14524</a>] - [PHP] - core.ucp_register_requests_after</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14733">PHPBB3-14733</a>] - Support increasing hashing cost factor</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14750">PHPBB3-14750</a>] - Fileupload form should not set invalid attributes for file input</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14758">PHPBB3-14758</a>] - ACP-Parameter &quot;Maximum thumbnail width in pixel&quot; should be &quot;Maximum thumbnail width/heigth in pixel:&quot;</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14759">PHPBB3-14759</a>] - Event core.mcp_main_modify_shadow_sql</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14760">PHPBB3-14760</a>] - Event core.mcp_main_modify_fork_sql</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14786">PHPBB3-14786</a>] - Add mcp_forum_actions_before/after events</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14804">PHPBB3-14804</a>] - Add core event to MCP after merging topics</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14805">PHPBB3-14805</a>] - Allow building package for previous versions on PHP 7</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14808">PHPBB3-14808</a>] - Add template event overall_header_searchbox_after</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14817">PHPBB3-14817</a>] - Add core event on includes/functions_download.php</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14825">PHPBB3-14825</a>] - Add OAuth events</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14827">PHPBB3-14827</a>] - Possibility to add multiple form keys</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14842">PHPBB3-14842</a>] - Avatar size 0 - unlimited</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14847">PHPBB3-14847</a>] - Add php event to add options in ACP Attachments</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14848">PHPBB3-14848</a>] - Add ACP template events after extensions list titles</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14849">PHPBB3-14849</a>] - Add ACP extension event</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14850">PHPBB3-14850</a>] - Add core events for smilies</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14852">PHPBB3-14852</a>] - Add core event to the function build_header()</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14853">PHPBB3-14853</a>] - Add core event to allow modifying PM attachments download auth</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14855">PHPBB3-14855</a>] - Update notifications and PM alert bubbles</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14870">PHPBB3-14870</a>] - Add php events to modify list of PMs</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14872">PHPBB3-14872</a>] - Remove count versus sizeof restriction in coding guidelines</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14874">PHPBB3-14874</a>] - Error on sending a .pak smiley</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14882">PHPBB3-14882</a>] - Add core event to MCP after move posts sync</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14887">PHPBB3-14887</a>] - ACP profile step 1 lang specific event</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14918">PHPBB3-14918</a>] - Provide quick access to extension version metadata</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14940">PHPBB3-14940</a>] - Add ACP template event acp_ext_details_end</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14957">PHPBB3-14957</a>] - Do not cache database config</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14958">PHPBB3-14958</a>] - Twig extension function lang() performs redundant template data copying</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-15020">PHPBB3-15020</a>] - Add Events for mcp_topic_postrow_post_subject</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-15059">PHPBB3-15059</a>] - Do not wrap content in code box</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-15081">PHPBB3-15081</a>] - Add ACP template event acp_ext_details_notice</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-15107">PHPBB3-15107</a>] - Add additional vars to event</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-15131">PHPBB3-15131</a>] - Add variable to the 'core.mcp_main_modify_fork_sql' event</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-15142">PHPBB3-15142</a>] - Extension Version Check Should Support Branches</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-15151">PHPBB3-15151</a>] - ACP Cookie settings should contain explanatory text for all fields</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-15199">PHPBB3-15199</a>] - Add core event to the function send() in the messenger</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-15200">PHPBB3-15200</a>] - Allow extensions using custom templates for help/faq controllers </li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-15205">PHPBB3-15205</a>] - Add template events to forumlist_body.html</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-15219">PHPBB3-15219</a>] - Add cron to update passwords hashes to bcrypt</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-15226">PHPBB3-15226</a>] - Add index for latest topics query in feeds</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-15237">PHPBB3-15237</a>] - Unguarded includes functions_user</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-15238">PHPBB3-15238</a>] - Add console command to fix left/right IDs for the forums and modules</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-15241">PHPBB3-15241</a>] - Add ACP template event acp_profile_contact_last</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-15250">PHPBB3-15250</a>] - Add core event to MCP at the end of merge_posts</li>
+	</ul>
+	<h4>New Feature</h4>
+	<ul>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12545">PHPBB3-12545</a>] - new pre-posting event</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13730">PHPBB3-13730</a>] - [PHP] - core.delete_post_end</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14390">PHPBB3-14390</a>] - [prosilver] - ucp_main_front_user_details_after</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14498">PHPBB3-14498</a>] - Not possible to deactivate display of &quot;who is online&quot; and birthdays for guests</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14662">PHPBB3-14662</a>] - [Template] - memberlist_team_username_prepend &amp; append</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14868">PHPBB3-14868</a>] - [Template] - mcp_forum_modify_select_after</li>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14996">PHPBB3-14996</a>] - [event] - Add Event search_results_topictitle_after</li>
+	</ul>
+	<h4>Sub-task</h4>
+	<ul>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13149">PHPBB3-13149</a>] - [Event] - core.phpbb_log_get_topic_auth_sql_before</li>
+	</ul>
+	<h4>Task</h4>
+	<ul>
+		<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-15178">PHPBB3-15178</a>] - Update 3.1.x dependencies</li>
+	</ul>
+
 	<a name="v319"></a><h3>Changes since 3.1.9</h3>
 
 	<h4>Bug</h4>

phpBB/docs/INSTALL.html

@@ -148,7 +148,7 @@
 			<li>Oracle</li>
 		</ul>
 		</li>
-		<li><strong>PHP 5.3.3+</strong> and <strong>PHP < 7.0</strong> with support for the database you intend to use.</li>
+		<li><strong>PHP 5.3.3+</strong> and <strong>PHP &lt; 7.0</strong> with support for the database you intend to use.</li>
 		<li>The following PHP modules are required:
 		<ul>
 			<li>json</li>
@@ -455,9 +455,21 @@
 
 <a name="webserver_configuration"></a><h3>6.ii. Webserver configuration</h3>
 
-	<p>Depending on your web server, you may have to configure your server to deny web access to the <code>cache/</code>, <code>files/</code>, <code>store/</code> and other directories. This is to prevent users from accessing sensitive files.</p>
+	<p>Depending on your web server, you may have to configure your server to deny web access to the <code>cache/</code>, <code>files/</code>, <code>includes</code>, <code>phpbb</code>, <code>store/</code>, and <code>vendor</code> directories. This is to prevent users from accessing sensitive files.</p>
 
-	<p>For <strong>Apache</strong> there are <code>.htaccess</code> files already in place to do this for you. Similarly, for <strong>Windows</strong> based servers using <strong>IIS</strong> there are <code>web.config</code> files already in place to do this for you. For other webservers, you will have to adjust the configuration yourself. Sample files for <strong>nginx</strong> and <strong>lighttpd</strong> to help you get started may be found in <code>docs/</code> directory.</p>
+	<p>
+		For <strong>Apache</strong> there are <code>.htaccess</code> files already in place to do this for the most sensitive files and folders. We do however recommend to completely deny all access to the aforementioned folders and their respective subfolders in your Apache configuration.<br />
+		On Apache 2.4, denying access to the <code>phpbb</code> folder in a phpBB instance located at <code>/var/www/html/</code> would be accomplished by adding the following access rules to the Apache configuration file (typically apache.conf):
+		<pre>
+&lt;Directory /var/www/html/phpbb/*&gt;
+	Require all denied
+&lt;/Directory&gt;
+&lt;Directory /var/www/html/phpbb>
+	Require all denied
+&lt;/Directory&gt;</pre>
+		<br />
+	<p>The same settings can be applied to the other mentioned directories by replacing <code>phpbb</code> by the respective directory name. Please note that there are differences in syntax between Apache version <a href="https://httpd.apache.org/docs/2.2/howto/access.html">2.2</a> and <a href="https://httpd.apache.org/docs/2.4/howto/access.html">2.4</a>.</p>
+	<p>For <strong>Windows</strong> based servers using <strong>IIS</strong> there are <code>web.config</code> files already in place to do this for you. For other webservers, you will have to adjust the configuration yourself. Sample files for <strong>nginx</strong> and <strong>lighttpd</strong> to help you get started may be found in the <code>docs/</code> directory.</p>
 
 		</div>
 

phpBB/docs/assets/css/stylesheet.css

@@ -115,6 +115,17 @@ code {
 	padding: 0 4px;
 }
 
+pre {
+	color: #006600;
+	font-weight: normal;
+	font-family: 'Courier New', monospace;
+	border-color: #D1D7DC;
+	border-width: 1px;
+	border-style: solid;
+	background-color: #FAFAFA;
+	padding: 0 4px
+}
+
 #wrap {
 	padding: 0 20px;
 	min-width: 650px;

phpBB/docs/events.md

@@ -64,12 +64,30 @@ acp_ext_details_end
 * Since: 3.1.11-RC1
 * Purpose: Add more detailed information on extension after the available information.
 
+acp_ext_details_notice
+===
+* Location: adm/style/acp_ext_details.html
+* Since: 3.1.11-RC1
+* Purpose: Add extension detail notices after version check information.
+
+acp_ext_list_disabled_name_after
+===
+* Location: adm/style/acp_ext_list.html
+* Since: 3.1.11-RC1
+* Purpose: Add content after the name of disabled extensions in the list
+
 acp_ext_list_disabled_title_after
 ===
 * Location: adm/style/acp_ext_list.html
 * Since: 3.1.11-RC1
 * Purpose: Add text after disabled extensions section title.
 
+acp_ext_list_enabled_name_after
+===
+* Location: adm/style/acp_ext_list.html
+* Since: 3.1.11-RC1
+* Purpose: Add content after the name of enabled extensions in the list
+
 acp_ext_list_enabled_title_after
 ===
 * Location: adm/style/acp_ext_list.html
@@ -375,6 +393,13 @@ acp_profile_contact_before
 * Since: 3.1.6-RC1
 * Purpose: Add extra options to custom profile field configuration in the ACP
 
+acp_profile_contact_last
+===
+* Locations:
+    + adm/style/acp_profile.html
+* Since: 3.1.11-RC1
+* Purpose: Add contact specific options to custom profile fields in the ACP
+
 acp_profile_step_one_lang_after
 ===
 * Locations:
@@ -675,6 +700,22 @@ forumlist_body_last_post_title_prepend
 * Since: 3.1.0-a1
 * Purpose: Add content before the post title of the latest post in a forum on the forum list.
 
+forumlist_body_subforum_link_append
+===
+* Locations:
+    + styles/prosilver/template/forumlist_body.html
+    + styles/subsilver2/template/forumlist_body.html
+* Since: 3.1.11-RC1
+* Purpose: Add content at the end of subforum link item.
+
+forumlist_body_subforum_link_prepend
+===
+* Locations:
+    + styles/prosilver/template/forumlist_body.html
+    + styles/subsilver2/template/forumlist_body.html
+* Since: 3.1.11-RC1
+* Purpose: Add content at the start of subforum link item.
+
 forumlist_body_subforums_after
 ===
 * Locations:
@@ -699,6 +740,14 @@ forumlist_body_last_row_after
 * Since: 3.1.0-b2
 * Purpose: Add content after the very last row of the forum list.
 
+index_body_birthday_block_before
+===
+* Locations:
+    + styles/prosilver/template/index_body.html
+    + styles/subsilver2/template/index_body.html
+* Since: 3.1.11-RC1
+* Purpose: Add new statistic blocks before the Birthday block
+
 index_body_block_birthday_append
 ===
 * Locations:
@@ -947,6 +996,20 @@ mcp_topic_postrow_post_details_before
 * Since: 3.1.10-RC1
 * Purpose: Add content before post details in topic moderation
 
+mcp_topic_postrow_post_subject_after
+===
+* Locations:
+    + styles/prosilver/template/mcp_topic.html
+* Since: 3.1.11-RC1
+* Purpose: Add content after post subject in topic moderation
+
+mcp_topic_postrow_post_subject_before
+===
+* Locations:
+    + styles/prosilver/template/mcp_topic.html
+* Since: 3.1.11-RC1
+* Purpose: Add content before post subject in topic moderation
+
 mcp_topic_topic_title_after
 ===
 * Locations:
@@ -1951,6 +2014,13 @@ search_results_topic_before
 * Since: 3.1.0-b4
 * Purpose: Add data before search result topics
 
+search_results_topic_title_after
+===
+* Locations:
+    + styles/prosilver/template/search_results.html
+* Since: 3.1.11-RC1
+* Purpose: Add data after search results topic title
+
 simple_footer_after
 ===
 * Locations:

phpBB/docs/lighttpd.sample.conf

@@ -37,7 +37,7 @@ $HTTP["host"] == "www.myforums.com" {
 	accesslog.filename		= "/var/log/lighttpd/access-www.myforums.com.log"
 	
 	# Deny access to internal phpbb files.	
-	$HTTP["url"] =~ "^/(config\.php|common\.php|includes|cache|files|store|images/avatars/upload)" {
+	$HTTP["url"] =~ "^/(config\.php|common\.php|cache|files|images/avatars/upload|includes|phpbb|store|vendor)" {
 		url.access-deny = ( "" )
 	}
 

phpBB/docs/nginx.sample.conf

@@ -72,7 +72,7 @@ http {
         }
 
         # Deny access to internal phpbb files.
-        location ~ /(config\.php|common\.php|includes|cache|files|store|images/avatars/upload) {
+        location ~ /(config\.php|common\.php|cache|files|images/avatars/upload|includes|phpbb|store|vendor) {
             deny all;
             # deny was ignored before 0.8.40 for connections over IPv6.
             # Use internal directive to prohibit access on older versions.

phpBB/download/file.php

@@ -262,7 +262,7 @@ else
 	* @var	string	mode				Download mode
 	* @var	bool	thumbnail			Flag indicating if the file is a thumbnail
 	* @since 3.1.6-RC1
-	* @change 3.1.7-RC1	Fixing wrong name of a variable (replacing "extension" by "extensions")
+	* @changed 3.1.7-RC1	Fixing wrong name of a variable (replacing "extension" by "extensions")
 	*/
 	$vars = array(
 		'attach_id',

phpBB/faq.php

@@ -25,6 +25,7 @@ $auth->acl($user->data);
 $user->setup();
 
 $mode = request_var('mode', '');
+$template_file = 'faq_body.html';
 
 // Load the appropriate faq file
 switch ($mode)
@@ -47,13 +48,16 @@ switch ($mode)
 		 * @var	string	lang_file		Language file containing the help data
 		 * @var	string	ext_name		Vendor and extension name where the help
 		 *								language file can be loaded from
+		 * @var	string	template_file	Template file name
 		 * @since 3.1.4-RC1
+		 * @changed 3.1.11-RC1 Added template_file var
 		 */
 		$vars = array(
 			'page_title',
 			'mode',
 			'lang_file',
 			'ext_name',
+			'template_file',
 		);
 		extract($phpbb_dispatcher->trigger_event('core.faq_mode_validation', compact($vars)));
 
@@ -106,7 +110,7 @@ $template->assign_vars(array(
 page_header($l_title);
 
 $template->set_filenames(array(
-	'body' => 'faq_body.html')
+	'body' => $template_file)
 );
 make_jumpbox(append_sid("{$phpbb_root_path}viewforum.$phpEx"));
 

phpBB/includes/acp/acp_board.php

@@ -26,7 +26,7 @@ if (!defined('IN_PHPBB'))
 class acp_board
 {
 	var $u_action;
-	var $new_config = array();
+	var $new_config;
 
 	function main($id, $mode)
 	{
@@ -318,9 +318,9 @@ class acp_board
 					'title'	=> 'ACP_COOKIE_SETTINGS',
 					'vars'	=> array(
 						'legend1'		=> 'ACP_COOKIE_SETTINGS',
-						'cookie_domain'	=> array('lang' => 'COOKIE_DOMAIN',	'validate' => 'string',	'type' => 'text::255', 'explain' => false),
-						'cookie_name'	=> array('lang' => 'COOKIE_NAME',	'validate' => 'string',	'type' => 'text::16', 'explain' => false),
-						'cookie_path'	=> array('lang'	=> 'COOKIE_PATH',	'validate' => 'string',	'type' => 'text::255', 'explain' => false),
+						'cookie_domain'	=> array('lang' => 'COOKIE_DOMAIN',	'validate' => 'string',	'type' => 'text::255', 'explain' => true),
+						'cookie_name'	=> array('lang' => 'COOKIE_NAME',	'validate' => 'string',	'type' => 'text::16', 'explain' => true),
+						'cookie_path'	=> array('lang'	=> 'COOKIE_PATH',	'validate' => 'string',	'type' => 'text::255', 'explain' => true),
 						'cookie_secure'	=> array('lang' => 'COOKIE_SECURE',	'validate' => 'bool',	'type' => 'radio:disabled_enabled', 'explain' => true),
 					)
 				);
@@ -454,6 +454,9 @@ class acp_board
 						'smtp_auth_method'		=> array('lang' => 'SMTP_AUTH_METHOD',		'validate' => 'string',	'type' => 'select', 'method' => 'mail_auth_select', 'explain' => true),
 						'smtp_username'			=> array('lang' => 'SMTP_USERNAME',			'validate' => 'string',	'type' => 'text:25:255', 'explain' => true),
 						'smtp_password'			=> array('lang' => 'SMTP_PASSWORD',			'validate' => 'string',	'type' => 'password:25:255', 'explain' => true),
+						'smtp_verify_peer'		=> array('lang' => 'SMTP_VERIFY_PEER',		'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
+						'smtp_verify_peer_name'	=> array('lang' => 'SMTP_VERIFY_PEER_NAME',	'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
+						'smtp_allow_self_signed'=> array('lang' => 'SMTP_ALLOW_SELF_SIGNED','validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
 
 						'legend3'					=> 'ACP_SUBMIT_CHANGES',
 					)
@@ -482,7 +485,7 @@ class acp_board
 			$user->add_lang($display_vars['lang']);
 		}
 
-		$this->new_config = $config;
+		$this->new_config = clone $config;
 		$cfg_array = (isset($_REQUEST['config'])) ? utf8_normalize_nfc(request_var('config', array('' => ''), true)) : $this->new_config;
 		$error = array();
 

phpBB/includes/acp/acp_extensions.php

@@ -22,21 +22,23 @@ if (!defined('IN_PHPBB'))
 class acp_extensions
 {
 	var $u_action;
+	var $tpl_name;
+	var $page_title;
 
-	private $db;
 	private $config;
 	private $template;
 	private $user;
 	private $cache;
 	private $log;
 	private $request;
+	private $phpbb_dispatcher;
+	private $ext_manager;
 
 	function main()
 	{
 		// Start the page
-		global $config, $user, $template, $request, $phpbb_extension_manager, $db, $phpbb_root_path, $phpEx, $phpbb_log, $cache, $phpbb_dispatcher;
+		global $config, $user, $template, $request, $phpbb_extension_manager, $phpbb_root_path, $phpEx, $phpbb_log, $cache, $phpbb_dispatcher;
 
-		$this->db = $db;
 		$this->config = $config;
 		$this->template = $template;
 		$this->user = $user;
@@ -44,49 +46,57 @@ class acp_extensions
 		$this->request = $request;
 		$this->log = $phpbb_log;
 		$this->phpbb_dispatcher = $phpbb_dispatcher;
+		$this->ext_manager = $phpbb_extension_manager;
 
-		$user->add_lang(array('install', 'acp/extensions', 'migrator'));
+		$this->user->add_lang(array('install', 'acp/extensions', 'migrator'));
 
 		$this->page_title = 'ACP_EXTENSIONS';
 
-		$action = $request->variable('action', 'list');
-		$ext_name = $request->variable('ext_name', '');
+		$action = $this->request->variable('action', 'list');
+		$ext_name = $this->request->variable('ext_name', '');
 
 		// What is a safe limit of execution time? Half the max execution time should be safe.
 		$safe_time_limit = (ini_get('max_execution_time') / 2);
 		$start_time = time();
 
-		/**
-		* Event to run a specific action on extension
-		*
-		* @event core.acp_extensions_run_action
-		* @var	string	action			Action to run
-		* @var	string	u_action		Url we are at
-		* @var	string	ext_name		Extension name from request
-		* @var	int		safe_time_limit	Safe limit of execution time
-		* @var	int		start_time		Start time
-		* @since 3.1.11-RC1
-		*/
-		$u_action = $this->u_action;
-		$vars = array('action', 'u_action', 'ext_name', 'safe_time_limit', 'start_time');
-		extract($this->phpbb_dispatcher->trigger_event('core.acp_extensions_run_action', compact($vars)));
-
 		// Cancel action
-		if ($request->is_set_post('cancel'))
+		if ($this->request->is_set_post('cancel'))
 		{
 			$action = 'list';
 			$ext_name = '';
 		}
 
-		if (in_array($action, array('enable', 'disable', 'delete_data')) && !check_link_hash($request->variable('hash', ''), $action . '.' . $ext_name))
+		if (in_array($action, array('enable', 'disable', 'delete_data')) && !check_link_hash($this->request->variable('hash', ''), $action . '.' . $ext_name))
 		{
 			trigger_error('FORM_INVALID', E_USER_WARNING);
 		}
 
+		/**
+		* Event to run a specific action on extension
+		*
+		* @event core.acp_extensions_run_action_before
+		* @var	string	action			Action to run; if the event completes execution of the action, should be set to 'none'
+		* @var	string	u_action		Url we are at
+		* @var	string	ext_name		Extension name from request
+		* @var	int		safe_time_limit	Safe limit of execution time
+		* @var	int		start_time		Start time
+		* @var	string	tpl_name		Template file to load
+		* @since 3.1.11-RC1
+		* @changed 3.2.1-RC1			Renamed to core.acp_extensions_run_action_before, added tpl_name, added action 'none'
+		*/
+		$u_action = $this->u_action;
+		$tpl_name = '';
+		$vars = array('action', 'u_action', 'ext_name', 'safe_time_limit', 'start_time', 'tpl_name');
+		extract($this->phpbb_dispatcher->trigger_event('core.acp_extensions_run_action_before', compact($vars)));
+
+		// In case they have been updated by the event
+		$this->u_action = $u_action;
+		$this->tpl_name = $tpl_name;
+
 		// If they've specified an extension, let's load the metadata manager and validate it.
 		if ($ext_name)
 		{
-			$md_manager = new \phpbb\extension\metadata_manager($ext_name, $config, $phpbb_extension_manager, $template, $user, $phpbb_root_path);
+			$md_manager = $this->ext_manager->create_extension_metadata_manager($ext_name, $this->template);
 
 			try
 			{
@@ -101,6 +111,10 @@ class acp_extensions
 		// What are we doing?
 		switch ($action)
 		{
+			case 'none':
+				// Intentionally empty, used by extensions that execute additional actions in the prior event
+				break;
+
 			case 'set_config_version_check_force_unstable':
 				$force_unstable = $this->request->variable('force_unstable', false);
 
@@ -110,12 +124,12 @@ class acp_extensions
 						'force_unstable'	=> $force_unstable,
 					));
 
-					confirm_box(false, $user->lang('EXTENSION_FORCE_UNSTABLE_CONFIRM'), $s_hidden_fields);
+					confirm_box(false, $this->user->lang('EXTENSION_FORCE_UNSTABLE_CONFIRM'), $s_hidden_fields);
 				}
 				else
 				{
-					$config->set('extension_force_unstable', false);
-					trigger_error($user->lang['CONFIG_UPDATED'] . adm_back_link($this->u_action));
+					$this->config->set('extension_force_unstable', false);
+					trigger_error($this->user->lang['CONFIG_UPDATED'] . adm_back_link($this->u_action));
 				}
 				break;
 
@@ -123,17 +137,17 @@ class acp_extensions
 			default:
 				if (confirm_box(true))
 				{
-					$config->set('extension_force_unstable', true);
-					trigger_error($user->lang['CONFIG_UPDATED'] . adm_back_link($this->u_action));
+					$this->config->set('extension_force_unstable', true);
+					trigger_error($this->user->lang['CONFIG_UPDATED'] . adm_back_link($this->u_action));
 				}
 
-				$this->list_enabled_exts($phpbb_extension_manager);
-				$this->list_disabled_exts($phpbb_extension_manager);
-				$this->list_available_exts($phpbb_extension_manager);
+				$this->list_enabled_exts();
+				$this->list_disabled_exts();
+				$this->list_available_exts();
 
 				$this->template->assign_vars(array(
 					'U_VERSIONCHECK_FORCE' 	=> $this->u_action . '&action=list&versioncheck_force=1',
-					'FORCE_UNSTABLE'		=> $config['extension_force_unstable'],
+					'FORCE_UNSTABLE'		=> $this->config['extension_force_unstable'],
 					'U_ACTION' 				=> $this->u_action,
 				));
 
@@ -141,30 +155,29 @@ class acp_extensions
 			break;
 
 			case 'enable_pre':
-				if (!$md_manager->validate_dir())
+				try
 				{
-					trigger_error($user->lang['EXTENSION_DIR_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING);
+					$md_manager->validate_enable();
+				}
+				catch (\phpbb\extension\exception $e)
+				{
+					trigger_error($e . adm_back_link($this->u_action), E_USER_WARNING);
 				}
 
-				if (!$md_manager->validate_enable())
-				{
-					trigger_error($user->lang['EXTENSION_NOT_AVAILABLE'] . adm_back_link($this->u_action), E_USER_WARNING);
-				}
-
-				$extension = $phpbb_extension_manager->get_extension($ext_name);
+				$extension = $this->ext_manager->get_extension($ext_name);
 				if (!$extension->is_enableable())
 				{
-					trigger_error($user->lang['EXTENSION_NOT_ENABLEABLE'] . adm_back_link($this->u_action), E_USER_WARNING);
+					trigger_error($this->user->lang['EXTENSION_NOT_ENABLEABLE'] . adm_back_link($this->u_action), E_USER_WARNING);
 				}
 
-				if ($phpbb_extension_manager->is_enabled($ext_name))
+				if ($this->ext_manager->is_enabled($ext_name))
 				{
 					redirect($this->u_action);
 				}
 
 				$this->tpl_name = 'acp_ext_enable';
 
-				$template->assign_vars(array(
+				$this->template->assign_vars(array(
 					'PRE'				=> true,
 					'L_CONFIRM_MESSAGE'	=> $this->user->lang('EXTENSION_ENABLE_CONFIRM', $md_manager->get_metadata('display-name')),
 					'U_ENABLE'			=> $this->u_action . '&action=enable&ext_name=' . urlencode($ext_name) . '&hash=' . generate_link_hash('enable.' . $ext_name),
@@ -172,57 +185,65 @@ class acp_extensions
 			break;
 
 			case 'enable':
-				if (!$md_manager->validate_dir())
+				try
 				{
-					trigger_error($user->lang['EXTENSION_DIR_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING);
+					$md_manager->validate_enable();
+				}
+				catch (\phpbb\extension\exception $e)
+				{
+					trigger_error($e . adm_back_link($this->u_action), E_USER_WARNING);
 				}
 
-				if (!$md_manager->validate_enable())
-				{
-					trigger_error($user->lang['EXTENSION_NOT_AVAILABLE'] . adm_back_link($this->u_action), E_USER_WARNING);
-				}
-
-				$extension = $phpbb_extension_manager->get_extension($ext_name);
+				$extension = $this->ext_manager->get_extension($ext_name);
 				if (!$extension->is_enableable())
 				{
-					trigger_error($user->lang['EXTENSION_NOT_ENABLEABLE'] . adm_back_link($this->u_action), E_USER_WARNING);
+					trigger_error($this->user->lang['EXTENSION_NOT_ENABLEABLE'] . adm_back_link($this->u_action), E_USER_WARNING);
 				}
 
 				try
 				{
-					while ($phpbb_extension_manager->enable_step($ext_name))
+					while ($this->ext_manager->enable_step($ext_name))
 					{
 						// Are we approaching the time limit? If so we want to pause the update and continue after refreshing
 						if ((time() - $start_time) >= $safe_time_limit)
 						{
-							$template->assign_var('S_NEXT_STEP', true);
+							$this->template->assign_var('S_NEXT_STEP', true);
 
 							meta_refresh(0, $this->u_action . '&action=enable&ext_name=' . urlencode($ext_name) . '&hash=' . generate_link_hash('enable.' . $ext_name));
 						}
 					}
-					$this->log->add('admin', $user->data['user_id'], $user->ip, 'LOG_EXT_ENABLE', time(), array($ext_name));
+
+					// Update custom style for admin area
+					$this->template->set_custom_style(array(
+						array(
+							'name' 		=> 'adm',
+							'ext_path' 	=> 'adm/style/',
+						),
+					), array($phpbb_root_path . 'adm/style'));
+
+					$this->log->add('admin', $this->user->data['user_id'], $this->user->ip, 'LOG_EXT_ENABLE', time(), array($ext_name));
 				}
 				catch (\phpbb\db\migration\exception $e)
 				{
-					$template->assign_var('MIGRATOR_ERROR', $e->getLocalisedMessage($user));
+					$this->template->assign_var('MIGRATOR_ERROR', $e->getLocalisedMessage($this->user));
 				}
 
 				$this->tpl_name = 'acp_ext_enable';
 
-				$template->assign_vars(array(
+				$this->template->assign_vars(array(
 					'U_RETURN'		=> $this->u_action . '&action=list',
 				));
 			break;
 
 			case 'disable_pre':
-				if (!$phpbb_extension_manager->is_enabled($ext_name))
+				if (!$this->ext_manager->is_enabled($ext_name))
 				{
 					redirect($this->u_action);
 				}
 
 				$this->tpl_name = 'acp_ext_disable';
 
-				$template->assign_vars(array(
+				$this->template->assign_vars(array(
 					'PRE'				=> true,
 					'L_CONFIRM_MESSAGE'	=> $this->user->lang('EXTENSION_DISABLE_CONFIRM', $md_manager->get_metadata('display-name')),
 					'U_DISABLE'			=> $this->u_action . '&action=disable&ext_name=' . urlencode($ext_name) . '&hash=' . generate_link_hash('disable.' . $ext_name),
@@ -230,38 +251,38 @@ class acp_extensions
 			break;
 
 			case 'disable':
-				if (!$phpbb_extension_manager->is_enabled($ext_name))
+				if (!$this->ext_manager->is_enabled($ext_name))
 				{
 					redirect($this->u_action);
 				}
 
-				while ($phpbb_extension_manager->disable_step($ext_name))
+				while ($this->ext_manager->disable_step($ext_name))
 				{
 					// Are we approaching the time limit? If so we want to pause the update and continue after refreshing
 					if ((time() - $start_time) >= $safe_time_limit)
 					{
-						$template->assign_var('S_NEXT_STEP', true);
+						$this->template->assign_var('S_NEXT_STEP', true);
 
 						meta_refresh(0, $this->u_action . '&action=disable&ext_name=' . urlencode($ext_name) . '&hash=' . generate_link_hash('disable.' . $ext_name));
 					}
 				}
-				$this->log->add('admin', $user->data['user_id'], $user->ip, 'LOG_EXT_DISABLE', time(), array($ext_name));
+				$this->log->add('admin', $this->user->data['user_id'], $this->user->ip, 'LOG_EXT_DISABLE', time(), array($ext_name));
 
 				$this->tpl_name = 'acp_ext_disable';
 
-				$template->assign_vars(array(
+				$this->template->assign_vars(array(
 					'U_RETURN'	=> $this->u_action . '&action=list',
 				));
 			break;
 
 			case 'delete_data_pre':
-				if ($phpbb_extension_manager->is_enabled($ext_name))
+				if ($this->ext_manager->is_enabled($ext_name))
 				{
 					redirect($this->u_action);
 				}
 				$this->tpl_name = 'acp_ext_delete_data';
 
-				$template->assign_vars(array(
+				$this->template->assign_vars(array(
 					'PRE'				=> true,
 					'L_CONFIRM_MESSAGE'	=> $this->user->lang('EXTENSION_DELETE_DATA_CONFIRM', $md_manager->get_metadata('display-name')),
 					'U_PURGE'			=> $this->u_action . '&action=delete_data&ext_name=' . urlencode($ext_name) . '&hash=' . generate_link_hash('delete_data.' . $ext_name),
@@ -269,33 +290,33 @@ class acp_extensions
 			break;
 
 			case 'delete_data':
-				if ($phpbb_extension_manager->is_enabled($ext_name))
+				if ($this->ext_manager->is_enabled($ext_name))
 				{
 					redirect($this->u_action);
 				}
 
 				try
 				{
-					while ($phpbb_extension_manager->purge_step($ext_name))
+					while ($this->ext_manager->purge_step($ext_name))
 					{
 						// Are we approaching the time limit? If so we want to pause the update and continue after refreshing
 						if ((time() - $start_time) >= $safe_time_limit)
 						{
-							$template->assign_var('S_NEXT_STEP', true);
+							$this->template->assign_var('S_NEXT_STEP', true);
 
 							meta_refresh(0, $this->u_action . '&action=delete_data&ext_name=' . urlencode($ext_name) . '&hash=' . generate_link_hash('delete_data.' . $ext_name));
 						}
 					}
-					$this->log->add('admin', $user->data['user_id'], $user->ip, 'LOG_EXT_PURGE', time(), array($ext_name));
+					$this->log->add('admin', $this->user->data['user_id'], $this->user->ip, 'LOG_EXT_PURGE', time(), array($ext_name));
 				}
 				catch (\phpbb\db\migration\exception $e)
 				{
-					$template->assign_var('MIGRATOR_ERROR', $e->getLocalisedMessage($user));
+					$this->template->assign_var('MIGRATOR_ERROR', $e->getLocalisedMessage($this->user));
 				}
 
 				$this->tpl_name = 'acp_ext_delete_data';
 
-				$template->assign_vars(array(
+				$this->template->assign_vars(array(
 					'U_RETURN'	=> $this->u_action . '&action=list',
 				));
 			break;
@@ -306,28 +327,25 @@ class acp_extensions
 
 				try
 				{
-					$updates_available = $this->version_check($md_manager, $request->variable('versioncheck_force', false));
+					$updates_available = $this->version_check($md_manager, $this->request->variable('versioncheck_force', false));
 
-					$template->assign_vars(array(
+					$this->template->assign_vars(array(
 						'S_UP_TO_DATE'		=> empty($updates_available),
 						'S_VERSIONCHECK'	=> true,
 						'UP_TO_DATE_MSG'	=> $this->user->lang(empty($updates_available) ? 'UP_TO_DATE' : 'NOT_UP_TO_DATE', $md_manager->get_metadata('display-name')),
 					));
 
-					foreach ($updates_available as $branch => $version_data)
-					{
-						$template->assign_block_vars('updates_available', $version_data);
-					}
+					$this->template->assign_block_vars('updates_available', $updates_available);
 				}
 				catch (\RuntimeException $e)
 				{
-					$template->assign_vars(array(
+					$this->template->assign_vars(array(
 						'S_VERSIONCHECK_STATUS'			=> $e->getCode(),
-						'VERSIONCHECK_FAIL_REASON'		=> ($e->getMessage() !== $user->lang('VERSIONCHECK_FAIL')) ? $e->getMessage() : '',
+						'VERSIONCHECK_FAIL_REASON'		=> ($e->getMessage() !== $this->user->lang('VERSIONCHECK_FAIL')) ? $e->getMessage() : '',
 					));
 				}
 
-				$template->assign_vars(array(
+				$this->template->assign_vars(array(
 					'U_BACK'				=> $this->u_action . '&action=list',
 					'U_VERSIONCHECK_FORCE'	=> $this->u_action . '&action=details&versioncheck_force=1&ext_name=' . urlencode($md_manager->get_metadata('name')),
 				));
@@ -335,21 +353,41 @@ class acp_extensions
 				$this->tpl_name = 'acp_ext_details';
 			break;
 		}
+
+		/**
+		* Event to run after a specific action on extension has completed
+		*
+		* @event core.acp_extensions_run_action_after
+		* @var	string	action			Action that has run
+		* @var	string	u_action		Url we are at
+		* @var	string	ext_name		Extension name from request
+		* @var	int		safe_time_limit	Safe limit of execution time
+		* @var	int		start_time		Start time
+		* @var	string	tpl_name		Template file to load
+		* @since 3.1.11-RC1
+		*/
+		$u_action = $this->u_action;
+		$tpl_name = $this->tpl_name;
+		$vars = array('action', 'u_action', 'ext_name', 'safe_time_limit', 'start_time', 'tpl_name');
+		extract($this->phpbb_dispatcher->trigger_event('core.acp_extensions_run_action_after', compact($vars)));
+
+		// In case they have been updated by the event
+		$this->u_action = $u_action;
+		$this->tpl_name = $tpl_name;
 	}
 
 	/**
 	* Lists all the enabled extensions and dumps to the template
 	*
-	* @param  $phpbb_extension_manager     An instance of the extension manager
 	* @return null
 	*/
-	public function list_enabled_exts(\phpbb\extension\manager $phpbb_extension_manager)
+	public function list_enabled_exts()
 	{
 		$enabled_extension_meta_data = array();
 
-		foreach ($phpbb_extension_manager->all_enabled() as $name => $location)
+		foreach ($this->ext_manager->all_enabled() as $name => $location)
 		{
-			$md_manager = $phpbb_extension_manager->create_extension_metadata_manager($name, $this->template);
+			$md_manager = $this->ext_manager->create_extension_metadata_manager($name, $this->template);
 
 			try
 			{
@@ -397,16 +435,15 @@ class acp_extensions
 	/**
 	* Lists all the disabled extensions and dumps to the template
 	*
-	* @param  $phpbb_extension_manager     An instance of the extension manager
 	* @return null
 	*/
-	public function list_disabled_exts(\phpbb\extension\manager $phpbb_extension_manager)
+	public function list_disabled_exts()
 	{
 		$disabled_extension_meta_data = array();
 
-		foreach ($phpbb_extension_manager->all_disabled() as $name => $location)
+		foreach ($this->ext_manager->all_disabled() as $name => $location)
 		{
-			$md_manager = $phpbb_extension_manager->create_extension_metadata_manager($name, $this->template);
+			$md_manager = $this->ext_manager->create_extension_metadata_manager($name, $this->template);
 
 			try
 			{
@@ -455,18 +492,17 @@ class acp_extensions
 	/**
 	* Lists all the available extensions and dumps to the template
 	*
-	* @param  $phpbb_extension_manager     An instance of the extension manager
 	* @return null
 	*/
-	public function list_available_exts(\phpbb\extension\manager $phpbb_extension_manager)
+	public function list_available_exts()
 	{
-		$uninstalled = array_diff_key($phpbb_extension_manager->all_available(), $phpbb_extension_manager->all_configured());
+		$uninstalled = array_diff_key($this->ext_manager->all_available(), $this->ext_manager->all_configured());
 
 		$available_extension_meta_data = array();
 
 		foreach ($uninstalled as $name => $location)
 		{
-			$md_manager = $phpbb_extension_manager->create_extension_metadata_manager($name, $this->template);
+			$md_manager = $this->ext_manager->create_extension_metadata_manager($name, $this->template);
 
 			try
 			{
@@ -535,7 +571,7 @@ class acp_extensions
 	* @param \phpbb\extension\metadata_manager $md_manager The metadata manager for the version to check.
 	* @param bool $force_update Ignores cached data. Defaults to false.
 	* @param bool $force_cache Force the use of the cache. Override $force_update.
-	* @return string
+	* @return array
 	* @throws RuntimeException
 	*/
 	protected function version_check(\phpbb\extension\metadata_manager $md_manager, $force_update = false, $force_cache = false)
@@ -554,7 +590,7 @@ class acp_extensions
 		$version_helper->set_file_location($version_check['host'], $version_check['directory'], $version_check['filename'], isset($version_check['ssl']) ? $version_check['ssl'] : false);
 		$version_helper->force_stability($this->config['extension_force_unstable'] ? 'unstable' : null);
 
-		return $updates = $version_helper->get_suggested_updates($force_update, $force_cache);
+		return $version_helper->get_ext_update_on_branch($force_update, $force_cache);
 	}
 
 	/**

phpBB/includes/acp/acp_jabber.php

@@ -50,13 +50,16 @@ class acp_jabber
 		$this->tpl_name = 'acp_jabber';
 		$this->page_title = 'ACP_JABBER_SETTINGS';
 
-		$jab_enable			= request_var('jab_enable',			(bool) $config['jab_enable']);
-		$jab_host			= request_var('jab_host',			(string) $config['jab_host']);
-		$jab_port			= request_var('jab_port',			(int) $config['jab_port']);
-		$jab_username		= request_var('jab_username',		(string) $config['jab_username']);
-		$jab_password		= request_var('jab_password',		(string) $config['jab_password']);
-		$jab_package_size	= request_var('jab_package_size',	(int) $config['jab_package_size']);
-		$jab_use_ssl		= request_var('jab_use_ssl',		(bool) $config['jab_use_ssl']);
+		$jab_enable				= request_var('jab_enable',				(bool) $config['jab_enable']);
+		$jab_host				= request_var('jab_host',				(string) $config['jab_host']);
+		$jab_port				= request_var('jab_port',				(int) $config['jab_port']);
+		$jab_username			= request_var('jab_username',			(string) $config['jab_username']);
+		$jab_password			= request_var('jab_password',			(string) $config['jab_password']);
+		$jab_package_size		= request_var('jab_package_size',		(int) $config['jab_package_size']);
+		$jab_use_ssl			= request_var('jab_use_ssl',			(bool) $config['jab_use_ssl']);
+		$jab_verify_peer		= request_var('jab_verify_peer',		(bool) $config['jab_verify_peer']);
+		$jab_verify_peer_name	= request_var('jab_verify_peer_name',	(bool) $config['jab_verify_peer_name']);
+		$jab_allow_self_signed	= request_var('jab_allow_self_signed',	(bool) $config['jab_allow_self_signed']);
 
 		$form_name = 'acp_jabber';
 		add_form_key($form_name);
@@ -76,7 +79,7 @@ class acp_jabber
 			// Is this feature enabled? Then try to establish a connection
 			if ($jab_enable)
 			{
-				$jabber = new jabber($jab_host, $jab_port, $jab_username, $jab_password, $jab_use_ssl);
+				$jabber = new jabber($jab_host, $jab_port, $jab_username, $jab_password, $jab_use_ssl, $jab_verify_peer, $jab_verify_peer_name, $jab_allow_self_signed);
 
 				if (!$jabber->connect())
 				{
@@ -116,6 +119,9 @@ class acp_jabber
 			}
 			set_config('jab_package_size', $jab_package_size);
 			set_config('jab_use_ssl', $jab_use_ssl);
+			set_config('jab_verify_peer', $jab_verify_peer);
+			set_config('jab_verify_peer_name', $jab_verify_peer_name);
+			set_config('jab_allow_self_signed', $jab_allow_self_signed);
 
 			add_log('admin', 'LOG_' . $log);
 			trigger_error($message . adm_back_link($this->u_action));
@@ -131,6 +137,9 @@ class acp_jabber
 			'JAB_PASSWORD'			=> $jab_password !== '' ? '********' : '',
 			'JAB_PACKAGE_SIZE'		=> $jab_package_size,
 			'JAB_USE_SSL'			=> $jab_use_ssl,
+			'JAB_VERIFY_PEER'		=> $jab_verify_peer,
+			'JAB_VERIFY_PEER_NAME'	=> $jab_verify_peer_name,
+			'JAB_ALLOW_SELF_SIGNED'	=> $jab_allow_self_signed,
 			'S_CAN_USE_SSL'			=> jabber::can_use_ssl(),
 			'S_GTALK_NOTE'			=> (!@function_exists('dns_get_record')) ? true : false,
 		));

phpBB/includes/acp/acp_main.php

@@ -421,23 +421,33 @@ class acp_main
 		// Version check
 		$user->add_lang('install');
 
-		if ($auth->acl_get('a_server') && version_compare(PHP_VERSION, '5.3.3', '<'))
+		if ($auth->acl_get('a_server') && version_compare(PHP_VERSION, '5.4.0', '<'))
 		{
 			$template->assign_vars(array(
 				'S_PHP_VERSION_OLD'	=> true,
-				'L_PHP_VERSION_OLD'	=> sprintf($user->lang['PHP_VERSION_OLD'], '<a href="https://www.phpbb.com/community/viewtopic.php?f=14&amp;t=2152375">', '</a>'),
+				'L_PHP_VERSION_OLD'	=> sprintf($user->lang['PHP_VERSION_OLD'], PHP_VERSION, '5.4.0', '<a href="https://www.phpbb.com/support/docs/en/3.2/ug/quickstart/requirements">', '</a>'),
 			));
 		}
 
 		if ($auth->acl_get('a_board'))
 		{
+			/** @var \phpbb\version_helper $version_helper */
 			$version_helper = $phpbb_container->get('version_helper');
 			try
 			{
 				$recheck = $request->variable('versioncheck_force', false);
-				$updates_available = $version_helper->get_suggested_updates($recheck);
+				$updates_available = $version_helper->get_update_on_branch($recheck);
+				$upgrades_available = $version_helper->get_suggested_updates();
+				if (!empty($upgrades_available))
+				{
+					$upgrades_available = array_pop($upgrades_available);
+				}
 
-				$template->assign_var('S_VERSION_UP_TO_DATE', empty($updates_available));
+				$template->assign_vars(array(
+					'S_VERSION_UP_TO_DATE'		=> empty($updates_available),
+					'S_VERSION_UPGRADEABLE'		=> !empty($upgrades_available),
+					'UPGRADE_INSTRUCTIONS'		=> !empty($upgrades_available) ? $user->lang('UPGRADE_INSTRUCTIONS', $upgrades_available['current'], $upgrades_available['announcement']) : false,
+				));
 			}
 			catch (\RuntimeException $e)
 			{

phpBB/includes/acp/acp_styles.php

@@ -433,6 +433,9 @@ class acp_styles
 			trigger_error($this->user->lang['NO_MATCHING_STYLES_FOUND'] . adm_back_link($this->u_action), E_USER_WARNING);
 		}
 
+		// Read style configuration file
+		$style_cfg = $this->read_style_cfg($style['style_path']);
+
 		// Find all available parent styles
 		$list = $this->find_possible_parents($styles, $id);
 
@@ -579,6 +582,7 @@ class acp_styles
 			'STYLE_ID'			=> $style['style_id'],
 			'STYLE_NAME'		=> htmlspecialchars($style['style_name']),
 			'STYLE_PATH'		=> htmlspecialchars($style['style_path']),
+			'STYLE_VERSION'		=> htmlspecialchars($style_cfg['style_version']),
 			'STYLE_COPYRIGHT'	=> strip_tags($style['style_copyright']),
 			'STYLE_PARENT'		=> $style['style_parent_id'],
 			'S_STYLE_ACTIVE'	=> $style['style_active'],

phpBB/includes/acp/acp_update.php

@@ -37,7 +37,12 @@ class acp_update
 		try
 		{
 			$recheck = $request->variable('versioncheck_force', false);
-			$updates_available = $version_helper->get_suggested_updates($recheck);
+			$updates_available = $version_helper->get_update_on_branch($recheck);
+			$upgrades_available = $version_helper->get_suggested_updates();
+			if (!empty($upgrades_available))
+			{
+				$upgrades_available = array_pop($upgrades_available);
+			}
 		}
 		catch (\RuntimeException $e)
 		{
@@ -46,12 +51,9 @@ class acp_update
 			$updates_available = array();
 		}
 
-		foreach ($updates_available as $branch => $version_data)
-		{
-			$template->assign_block_vars('updates_available', $version_data);
-		}
+		$template->assign_block_vars('updates_available', $updates_available);
 
-		$update_link = append_sid($phpbb_root_path . 'install/index.' . $phpEx, 'mode=update');
+		$update_link = append_sid($phpbb_root_path . 'install/');
 
 		$template->assign_vars(array(
 			'S_UP_TO_DATE'			=> empty($updates_available),
@@ -61,6 +63,8 @@ class acp_update
 			'CURRENT_VERSION'		=> $config['version'],
 
 			'UPDATE_INSTRUCTIONS'	=> sprintf($user->lang['UPDATE_INSTRUCTIONS'], $update_link),
+			'S_VERSION_UPGRADEABLE'		=> !empty($upgrades_available),
+			'UPGRADE_INSTRUCTIONS'		=> !empty($upgrades_available) ? $user->lang('UPGRADE_INSTRUCTIONS', $upgrades_available['current'], $upgrades_available['announcement']) : false,
 		));
 
 		// Incomplete update?

phpBB/includes/acp/info/acp_logs.php

@@ -15,16 +15,31 @@ class acp_logs_info
 {
 	function module()
 	{
+		global $phpbb_dispatcher;
+
+		$modes = array(
+			'admin'		=> array('title' => 'ACP_ADMIN_LOGS', 'auth' => 'acl_a_viewlogs', 'cat' => array('ACP_FORUM_LOGS')),
+			'mod'		=> array('title' => 'ACP_MOD_LOGS', 'auth' => 'acl_a_viewlogs', 'cat' => array('ACP_FORUM_LOGS')),
+			'users'		=> array('title' => 'ACP_USERS_LOGS', 'auth' => 'acl_a_viewlogs', 'cat' => array('ACP_FORUM_LOGS')),
+			'critical'	=> array('title' => 'ACP_CRITICAL_LOGS', 'auth' => 'acl_a_viewlogs', 'cat' => array('ACP_FORUM_LOGS')),
+		);
+
+		/**
+		* Event to add or modify ACP log modulemodes
+		*
+		* @event core.acp_logs_info_modify_modes
+		* @var	array	modes	Array with modes info
+		* @since 3.1.11-RC1
+		* @since 3.2.1-RC1
+		*/
+		$vars = array('modes');
+		extract($phpbb_dispatcher->trigger_event('core.acp_logs_info_modify_modes', compact($vars)));
+
 		return array(
 			'filename'	=> 'acp_logs',
 			'title'		=> 'ACP_LOGGING',
 			'version'	=> '1.0.0',
-			'modes'		=> array(
-				'admin'		=> array('title' => 'ACP_ADMIN_LOGS', 'auth' => 'acl_a_viewlogs', 'cat' => array('ACP_FORUM_LOGS')),
-				'mod'		=> array('title' => 'ACP_MOD_LOGS', 'auth' => 'acl_a_viewlogs', 'cat' => array('ACP_FORUM_LOGS')),
-				'users'		=> array('title' => 'ACP_USERS_LOGS', 'auth' => 'acl_a_viewlogs', 'cat' => array('ACP_FORUM_LOGS')),
-				'critical'	=> array('title' => 'ACP_CRITICAL_LOGS', 'auth' => 'acl_a_viewlogs', 'cat' => array('ACP_FORUM_LOGS')),
-			),
+			'modes'		=> $modes,
 		);
 	}
 

phpBB/includes/constants.php

@@ -28,7 +28,7 @@ if (!defined('IN_PHPBB'))
 */
 
 // phpBB Version
-define('PHPBB_VERSION', '3.1.10');
+define('PHPBB_VERSION', '3.1.12');
 
 // QA-related
 // define('PHPBB_QA', 1);

phpBB/includes/functions.php

@@ -3406,12 +3406,17 @@ function get_preg_expression($mode)
 
 		case 'url':
 			// generated with regex_idn.php file in the develop folder
-			return "[a-z][a-z\d+\-.]*:/{2}(?:(?:[^\p{C}\p{Z}\p{S}\p{P}\p{Nl}\p{No}\p{Me}\x{1100}-\x{115F}\x{A960}-\x{A97C}\x{1160}-\x{11A7}\x{D7B0}-\x{D7C6}\x{20D0}-\x{20FF}\x{1D100}-\x{1D1FF}\x{1D200}-\x{1D24F}\x{0640}\x{07FA}\x{302E}\x{302F}\x{3031}-\x{3035}\x{303B}]*[\x{00B7}\x{0375}\x{05F3}\x{05F4}\x{30FB}\x{002D}\x{06FD}\x{06FE}\x{0F0B}\x{3007}\x{00DF}\x{03C2}\x{200C}\x{200D}\pL0-9\-._~!$&'()*+,;=:@|]+|%[\dA-F]{2})+|[0-9.]+|\[[a-z0-9.]+:[a-z0-9.]+:[a-z0-9.:]+\])(?::\d*)?(?:/(?:[^\p{C}\p{Z}\p{S}\p{P}\p{Nl}\p{No}\p{Me}\x{1100}-\x{115F}\x{A960}-\x{A97C}\x{1160}-\x{11A7}\x{D7B0}-\x{D7C6}\x{20D0}-\x{20FF}\x{1D100}-\x{1D1FF}\x{1D200}-\x{1D24F}\x{0640}\x{07FA}\x{302E}\x{302F}\x{3031}-\x{3035}\x{303B}]*[\x{00B7}\x{0375}\x{05F3}\x{05F4}\x{30FB}\x{002D}\x{06FD}\x{06FE}\x{0F0B}\x{3007}\x{00DF}\x{03C2}\x{200C}\x{200D}\pL0-9\-._~!$&'()*+,;=:@|]+|%[\dA-F]{2})*)*(?:\?(?:[^\p{C}\p{Z}\p{S}\p{P}\p{Nl}\p{No}\p{Me}\x{1100}-\x{115F}\x{A960}-\x{A97C}\x{1160}-\x{11A7}\x{D7B0}-\x{D7C6}\x{20D0}-\x{20FF}\x{1D100}-\x{1D1FF}\x{1D200}-\x{1D24F}\x{0640}\x{07FA}\x{302E}\x{302F}\x{3031}-\x{3035}\x{303B}]*[\x{00B7}\x{0375}\x{05F3}\x{05F4}\x{30FB}\x{002D}\x{06FD}\x{06FE}\x{0F0B}\x{3007}\x{00DF}\x{03C2}\x{200C}\x{200D}\pL0-9\-._~!$&'()*+,;=:@/?|]+|%[\dA-F]{2})*)?(?:\#(?:[^\p{C}\p{Z}\p{S}\p{P}\p{Nl}\p{No}\p{Me}\x{1100}-\x{115F}\x{A960}-\x{A97C}\x{1160}-\x{11A7}\x{D7B0}-\x{D7C6}\x{20D0}-\x{20FF}\x{1D100}-\x{1D1FF}\x{1D200}-\x{1D24F}\x{0640}\x{07FA}\x{302E}\x{302F}\x{3031}-\x{3035}\x{303B}]*[\x{00B7}\x{0375}\x{05F3}\x{05F4}\x{30FB}\x{002D}\x{06FD}\x{06FE}\x{0F0B}\x{3007}\x{00DF}\x{03C2}\x{200C}\x{200D}\pL0-9\-._~!$&'()*+,;=:@/?|]+|%[\dA-F]{2})*)?";
+			return "[a-z][a-z\d+\-.]*(?<!javascript):/{2}(?:(?:[^\p{C}\p{Z}\p{S}\p{P}\p{Nl}\p{No}\p{Me}\x{1100}-\x{115F}\x{A960}-\x{A97C}\x{1160}-\x{11A7}\x{D7B0}-\x{D7C6}\x{20D0}-\x{20FF}\x{1D100}-\x{1D1FF}\x{1D200}-\x{1D24F}\x{0640}\x{07FA}\x{302E}\x{302F}\x{3031}-\x{3035}\x{303B}]*[\x{00B7}\x{0375}\x{05F3}\x{05F4}\x{30FB}\x{002D}\x{06FD}\x{06FE}\x{0F0B}\x{3007}\x{00DF}\x{03C2}\x{200C}\x{200D}\pL0-9\-._~!$&'()*+,;=:@|]+|%[\dA-F]{2})+|[0-9.]+|\[[a-z0-9.]+:[a-z0-9.]+:[a-z0-9.:]+\])(?::\d*)?(?:/(?:[^\p{C}\p{Z}\p{S}\p{P}\p{Nl}\p{No}\p{Me}\x{1100}-\x{115F}\x{A960}-\x{A97C}\x{1160}-\x{11A7}\x{D7B0}-\x{D7C6}\x{20D0}-\x{20FF}\x{1D100}-\x{1D1FF}\x{1D200}-\x{1D24F}\x{0640}\x{07FA}\x{302E}\x{302F}\x{3031}-\x{3035}\x{303B}]*[\x{00B7}\x{0375}\x{05F3}\x{05F4}\x{30FB}\x{002D}\x{06FD}\x{06FE}\x{0F0B}\x{3007}\x{00DF}\x{03C2}\x{200C}\x{200D}\pL0-9\-._~!$&'()*+,;=:@|]+|%[\dA-F]{2})*)*(?:\?(?:[^\p{C}\p{Z}\p{S}\p{P}\p{Nl}\p{No}\p{Me}\x{1100}-\x{115F}\x{A960}-\x{A97C}\x{1160}-\x{11A7}\x{D7B0}-\x{D7C6}\x{20D0}-\x{20FF}\x{1D100}-\x{1D1FF}\x{1D200}-\x{1D24F}\x{0640}\x{07FA}\x{302E}\x{302F}\x{3031}-\x{3035}\x{303B}]*[\x{00B7}\x{0375}\x{05F3}\x{05F4}\x{30FB}\x{002D}\x{06FD}\x{06FE}\x{0F0B}\x{3007}\x{00DF}\x{03C2}\x{200C}\x{200D}\pL0-9\-._~!$&'()*+,;=:@/?|]+|%[\dA-F]{2})*)?(?:\#(?:[^\p{C}\p{Z}\p{S}\p{P}\p{Nl}\p{No}\p{Me}\x{1100}-\x{115F}\x{A960}-\x{A97C}\x{1160}-\x{11A7}\x{D7B0}-\x{D7C6}\x{20D0}-\x{20FF}\x{1D100}-\x{1D1FF}\x{1D200}-\x{1D24F}\x{0640}\x{07FA}\x{302E}\x{302F}\x{3031}-\x{3035}\x{303B}]*[\x{00B7}\x{0375}\x{05F3}\x{05F4}\x{30FB}\x{002D}\x{06FD}\x{06FE}\x{0F0B}\x{3007}\x{00DF}\x{03C2}\x{200C}\x{200D}\pL0-9\-._~!$&'()*+,;=:@/?|]+|%[\dA-F]{2})*)?";
+		break;
+
+		case 'url_http':
+			// generated with regex_idn.php file in the develop folder
+			return "http[s]?:/{2}(?:(?:[^\p{C}\p{Z}\p{S}\p{P}\p{Nl}\p{No}\p{Me}\x{1100}-\x{115F}\x{A960}-\x{A97C}\x{1160}-\x{11A7}\x{D7B0}-\x{D7C6}\x{20D0}-\x{20FF}\x{1D100}-\x{1D1FF}\x{1D200}-\x{1D24F}\x{0640}\x{07FA}\x{302E}\x{302F}\x{3031}-\x{3035}\x{303B}]*[\x{00B7}\x{0375}\x{05F3}\x{05F4}\x{30FB}\x{002D}\x{06FD}\x{06FE}\x{0F0B}\x{3007}\x{00DF}\x{03C2}\x{200C}\x{200D}\pL0-9\-._~!$&'()*+,;=:@|]+|%[\dA-F]{2})+|[0-9.]+|\[[a-z0-9.]+:[a-z0-9.]+:[a-z0-9.:]+\])(?::\d*)?(?:/(?:[^\p{C}\p{Z}\p{S}\p{P}\p{Nl}\p{No}\p{Me}\x{1100}-\x{115F}\x{A960}-\x{A97C}\x{1160}-\x{11A7}\x{D7B0}-\x{D7C6}\x{20D0}-\x{20FF}\x{1D100}-\x{1D1FF}\x{1D200}-\x{1D24F}\x{0640}\x{07FA}\x{302E}\x{302F}\x{3031}-\x{3035}\x{303B}]*[\x{00B7}\x{0375}\x{05F3}\x{05F4}\x{30FB}\x{002D}\x{06FD}\x{06FE}\x{0F0B}\x{3007}\x{00DF}\x{03C2}\x{200C}\x{200D}\pL0-9\-._~!$&'()*+,;=:@|]+|%[\dA-F]{2})*)*(?:\?(?:[^\p{C}\p{Z}\p{S}\p{P}\p{Nl}\p{No}\p{Me}\x{1100}-\x{115F}\x{A960}-\x{A97C}\x{1160}-\x{11A7}\x{D7B0}-\x{D7C6}\x{20D0}-\x{20FF}\x{1D100}-\x{1D1FF}\x{1D200}-\x{1D24F}\x{0640}\x{07FA}\x{302E}\x{302F}\x{3031}-\x{3035}\x{303B}]*[\x{00B7}\x{0375}\x{05F3}\x{05F4}\x{30FB}\x{002D}\x{06FD}\x{06FE}\x{0F0B}\x{3007}\x{00DF}\x{03C2}\x{200C}\x{200D}\pL0-9\-._~!$&'()*+,;=:@/?|]+|%[\dA-F]{2})*)?(?:\#(?:[^\p{C}\p{Z}\p{S}\p{P}\p{Nl}\p{No}\p{Me}\x{1100}-\x{115F}\x{A960}-\x{A97C}\x{1160}-\x{11A7}\x{D7B0}-\x{D7C6}\x{20D0}-\x{20FF}\x{1D100}-\x{1D1FF}\x{1D200}-\x{1D24F}\x{0640}\x{07FA}\x{302E}\x{302F}\x{3031}-\x{3035}\x{303B}]*[\x{00B7}\x{0375}\x{05F3}\x{05F4}\x{30FB}\x{002D}\x{06FD}\x{06FE}\x{0F0B}\x{3007}\x{00DF}\x{03C2}\x{200C}\x{200D}\pL0-9\-._~!$&'()*+,;=:@/?|]+|%[\dA-F]{2})*)?";
 		break;
 
 		case 'url_inline':
 			// generated with regex_idn.php file in the develop folder
-			return "[a-z][a-z\d+]*:/{2}(?:(?:[^\p{C}\p{Z}\p{S}\p{P}\p{Nl}\p{No}\p{Me}\x{1100}-\x{115F}\x{A960}-\x{A97C}\x{1160}-\x{11A7}\x{D7B0}-\x{D7C6}\x{20D0}-\x{20FF}\x{1D100}-\x{1D1FF}\x{1D200}-\x{1D24F}\x{0640}\x{07FA}\x{302E}\x{302F}\x{3031}-\x{3035}\x{303B}]*[\x{00B7}\x{0375}\x{05F3}\x{05F4}\x{30FB}\x{002D}\x{06FD}\x{06FE}\x{0F0B}\x{3007}\x{00DF}\x{03C2}\x{200C}\x{200D}\pL0-9\-._~!$&'(*+,;=:@|]+|%[\dA-F]{2})+|[0-9.]+|\[[a-z0-9.]+:[a-z0-9.]+:[a-z0-9.:]+\])(?::\d*)?(?:/(?:[^\p{C}\p{Z}\p{S}\p{P}\p{Nl}\p{No}\p{Me}\x{1100}-\x{115F}\x{A960}-\x{A97C}\x{1160}-\x{11A7}\x{D7B0}-\x{D7C6}\x{20D0}-\x{20FF}\x{1D100}-\x{1D1FF}\x{1D200}-\x{1D24F}\x{0640}\x{07FA}\x{302E}\x{302F}\x{3031}-\x{3035}\x{303B}]*[\x{00B7}\x{0375}\x{05F3}\x{05F4}\x{30FB}\x{002D}\x{06FD}\x{06FE}\x{0F0B}\x{3007}\x{00DF}\x{03C2}\x{200C}\x{200D}\pL0-9\-._~!$&'(*+,;=:@|]+|%[\dA-F]{2})*)*(?:\?(?:[^\p{C}\p{Z}\p{S}\p{P}\p{Nl}\p{No}\p{Me}\x{1100}-\x{115F}\x{A960}-\x{A97C}\x{1160}-\x{11A7}\x{D7B0}-\x{D7C6}\x{20D0}-\x{20FF}\x{1D100}-\x{1D1FF}\x{1D200}-\x{1D24F}\x{0640}\x{07FA}\x{302E}\x{302F}\x{3031}-\x{3035}\x{303B}]*[\x{00B7}\x{0375}\x{05F3}\x{05F4}\x{30FB}\x{002D}\x{06FD}\x{06FE}\x{0F0B}\x{3007}\x{00DF}\x{03C2}\x{200C}\x{200D}\pL0-9\-._~!$&'(*+,;=:@/?|]+|%[\dA-F]{2})*)?(?:\#(?:[^\p{C}\p{Z}\p{S}\p{P}\p{Nl}\p{No}\p{Me}\x{1100}-\x{115F}\x{A960}-\x{A97C}\x{1160}-\x{11A7}\x{D7B0}-\x{D7C6}\x{20D0}-\x{20FF}\x{1D100}-\x{1D1FF}\x{1D200}-\x{1D24F}\x{0640}\x{07FA}\x{302E}\x{302F}\x{3031}-\x{3035}\x{303B}]*[\x{00B7}\x{0375}\x{05F3}\x{05F4}\x{30FB}\x{002D}\x{06FD}\x{06FE}\x{0F0B}\x{3007}\x{00DF}\x{03C2}\x{200C}\x{200D}\pL0-9\-._~!$&'(*+,;=:@/?|]+|%[\dA-F]{2})*)?";
+			return "[a-z][a-z\d+]*(?<!javascript):/{2}(?:(?:[^\p{C}\p{Z}\p{S}\p{P}\p{Nl}\p{No}\p{Me}\x{1100}-\x{115F}\x{A960}-\x{A97C}\x{1160}-\x{11A7}\x{D7B0}-\x{D7C6}\x{20D0}-\x{20FF}\x{1D100}-\x{1D1FF}\x{1D200}-\x{1D24F}\x{0640}\x{07FA}\x{302E}\x{302F}\x{3031}-\x{3035}\x{303B}]*[\x{00B7}\x{0375}\x{05F3}\x{05F4}\x{30FB}\x{002D}\x{06FD}\x{06FE}\x{0F0B}\x{3007}\x{00DF}\x{03C2}\x{200C}\x{200D}\pL0-9\-._~!$&'(*+,;=:@|]+|%[\dA-F]{2})+|[0-9.]+|\[[a-z0-9.]+:[a-z0-9.]+:[a-z0-9.:]+\])(?::\d*)?(?:/(?:[^\p{C}\p{Z}\p{S}\p{P}\p{Nl}\p{No}\p{Me}\x{1100}-\x{115F}\x{A960}-\x{A97C}\x{1160}-\x{11A7}\x{D7B0}-\x{D7C6}\x{20D0}-\x{20FF}\x{1D100}-\x{1D1FF}\x{1D200}-\x{1D24F}\x{0640}\x{07FA}\x{302E}\x{302F}\x{3031}-\x{3035}\x{303B}]*[\x{00B7}\x{0375}\x{05F3}\x{05F4}\x{30FB}\x{002D}\x{06FD}\x{06FE}\x{0F0B}\x{3007}\x{00DF}\x{03C2}\x{200C}\x{200D}\pL0-9\-._~!$&'(*+,;=:@|]+|%[\dA-F]{2})*)*(?:\?(?:[^\p{C}\p{Z}\p{S}\p{P}\p{Nl}\p{No}\p{Me}\x{1100}-\x{115F}\x{A960}-\x{A97C}\x{1160}-\x{11A7}\x{D7B0}-\x{D7C6}\x{20D0}-\x{20FF}\x{1D100}-\x{1D1FF}\x{1D200}-\x{1D24F}\x{0640}\x{07FA}\x{302E}\x{302F}\x{3031}-\x{3035}\x{303B}]*[\x{00B7}\x{0375}\x{05F3}\x{05F4}\x{30FB}\x{002D}\x{06FD}\x{06FE}\x{0F0B}\x{3007}\x{00DF}\x{03C2}\x{200C}\x{200D}\pL0-9\-._~!$&'(*+,;=:@/?|]+|%[\dA-F]{2})*)?(?:\#(?:[^\p{C}\p{Z}\p{S}\p{P}\p{Nl}\p{No}\p{Me}\x{1100}-\x{115F}\x{A960}-\x{A97C}\x{1160}-\x{11A7}\x{D7B0}-\x{D7C6}\x{20D0}-\x{20FF}\x{1D100}-\x{1D1FF}\x{1D200}-\x{1D24F}\x{0640}\x{07FA}\x{302E}\x{302F}\x{3031}-\x{3035}\x{303B}]*[\x{00B7}\x{0375}\x{05F3}\x{05F4}\x{30FB}\x{002D}\x{06FD}\x{06FE}\x{0F0B}\x{3007}\x{00DF}\x{03C2}\x{200C}\x{200D}\pL0-9\-._~!$&'(*+,;=:@/?|]+|%[\dA-F]{2})*)?";
 		break;
 
 		case 'www_url':
@@ -3442,6 +3447,11 @@ function get_preg_expression($mode)
 		case 'path_remove_dot_trailing_slash':
 			return '#^(?:(\.)?)+(?:(.+)?)+(?:([\\/\\\])$)#';
 		break;
+
+		case 'semantic_version':
+			// Regular expression to match semantic versions by http://rgxdb.com/
+			return '/(?<=^[Vv]|^)(?:(?<major>(?:0|[1-9](?:(?:0|[1-9])+)*))[.](?<minor>(?:0|[1-9](?:(?:0|[1-9])+)*))[.](?<patch>(?:0|[1-9](?:(?:0|[1-9])+)*))(?:-(?<prerelease>(?:(?:(?:[A-Za-z]|-)(?:(?:(?:0|[1-9])|(?:[A-Za-z]|-))+)?|(?:(?:(?:0|[1-9])|(?:[A-Za-z]|-))+)(?:[A-Za-z]|-)(?:(?:(?:0|[1-9])|(?:[A-Za-z]|-))+)?)|(?:0|[1-9](?:(?:0|[1-9])+)*))(?:[.](?:(?:(?:[A-Za-z]|-)(?:(?:(?:0|[1-9])|(?:[A-Za-z]|-))+)?|(?:(?:(?:0|[1-9])|(?:[A-Za-z]|-))+)(?:[A-Za-z]|-)(?:(?:(?:0|[1-9])|(?:[A-Za-z]|-))+)?)|(?:0|[1-9](?:(?:0|[1-9])+)*)))*))?(?:[+](?<build>(?:(?:(?:[A-Za-z]|-)(?:(?:(?:0|[1-9])|(?:[A-Za-z]|-))+)?|(?:(?:(?:0|[1-9])|(?:[A-Za-z]|-))+)(?:[A-Za-z]|-)(?:(?:(?:0|[1-9])|(?:[A-Za-z]|-))+)?)|(?:(?:0|[1-9])+))(?:[.](?:(?:(?:[A-Za-z]|-)(?:(?:(?:0|[1-9])|(?:[A-Za-z]|-))+)?|(?:(?:(?:0|[1-9])|(?:[A-Za-z]|-))+)(?:[A-Za-z]|-)(?:(?:(?:0|[1-9])|(?:[A-Za-z]|-))+)?)|(?:(?:0|[1-9])+)))*))?)$/';
+		break;
 	}
 
 	return '';

phpBB/includes/functions_content.php

@@ -679,9 +679,11 @@ function generate_text_for_storage(&$text, &$uid, &$bitfield, &$flags, $allow_bb
 	* @var string	uid				The BBCode UID
 	* @var string	bitfield		The BBCode Bitfield
 	* @var int		flags			The BBCode Flags
+	* @var string	message_parser	The message_parser object
 	* @since 3.1.0-a1
+	* @changed 3.1.11-RC1			Added message_parser to vars
 	*/
-	$vars = array('text', 'uid', 'bitfield', 'flags');
+	$vars = array('text', 'uid', 'bitfield', 'flags', 'message_parser');
 	extract($phpbb_dispatcher->trigger_event('core.modify_text_for_storage_after', compact($vars)));
 
 	return $message_parser->warn_msg;

phpBB/includes/functions_convert.php

@@ -249,7 +249,7 @@ function validate_website($url)
 	{
 		return '';
 	}
-	else if (!preg_match('#^[a-z0-9]+://#i', $url) && strlen($url) > 0)
+	else if (!preg_match('#^http[s]?://#i', $url) && strlen($url) > 0)
 	{
 		return 'http://' . $url;
 	}

phpBB/includes/functions_display.php

@@ -646,7 +646,7 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod
 		* @var	array	row				The data of the forum
 		* @var	array	subforums_row	Template data of subforums
 		* @since 3.1.0-a1
-		* @change 3.1.0-b5 Added var subforums_row
+		* @changed 3.1.0-b5 Added var subforums_row
 		*/
 		$vars = array('forum_row', 'row', 'subforums_row');
 		extract($phpbb_dispatcher->trigger_event('core.display_forums_modify_template_vars', compact($vars)));

phpBB/includes/functions_jabber.php

@@ -41,6 +41,9 @@ class jabber
 	var $username;
 	var $password;
 	var $use_ssl;
+	var $verify_peer;
+	var $verify_peer_name;
+	var $allow_self_signed;
 	var $resource = 'functions_jabber.phpbb.php';
 
 	var $enable_logging;
@@ -49,8 +52,18 @@ class jabber
 	var $features = array();
 
 	/**
+	* Constructor
+	*
+	* @param string $server Jabber server
+	* @param int $port Jabber server port
+	* @param string $username Jabber username or JID
+	* @param string $password Jabber password
+	* @param boold $use_ssl Use ssl
+	* @param bool $verify_peer Verify SSL certificate
+	* @param bool $verify_peer_name Verify Jabber peer name
+	* @param bool $allow_self_signed Allow self signed certificates
 	*/
-	function jabber($server, $port, $username, $password, $use_ssl = false)
+	function __construct($server, $port, $username, $password, $use_ssl = false, $verify_peer = true, $verify_peer_name = true, $allow_self_signed = false)
 	{
 		$this->connect_server		= ($server) ? $server : 'localhost';
 		$this->port					= ($port) ? $port : 5222;
@@ -71,6 +84,9 @@ class jabber
 
 		$this->password				= $password;
 		$this->use_ssl				= ($use_ssl && self::can_use_ssl()) ? true : false;
+		$this->verify_peer			= $verify_peer;
+		$this->verify_peer_name		= $verify_peer_name;
+		$this->allow_self_signed	= $allow_self_signed;
 
 		// Change port if we use SSL
 		if ($this->port == 5222 && $this->use_ssl)
@@ -96,7 +112,7 @@ class jabber
 	*/
 	static public function can_use_tls()
 	{
-		if (!@extension_loaded('openssl') || !function_exists('stream_socket_enable_crypto') || !function_exists('stream_get_meta_data') || !function_exists('socket_set_blocking') || !function_exists('stream_get_wrappers'))
+		if (!@extension_loaded('openssl') || !function_exists('stream_socket_enable_crypto') || !function_exists('stream_get_meta_data') || !function_exists('stream_set_blocking') || !function_exists('stream_get_wrappers'))
 		{
 			return false;
 		}
@@ -139,7 +155,7 @@ class jabber
 
 		$this->session['ssl'] = $this->use_ssl;
 
-		if ($this->open_socket($this->connect_server, $this->port, $this->use_ssl))
+		if ($this->open_socket($this->connect_server, $this->port, $this->use_ssl, $this->verify_peer, $this->verify_peer_name, $this->allow_self_signed))
 		{
 			$this->send("<?xml version='1.0' encoding='UTF-8' ?" . ">\n");
 			$this->send("<stream:stream to='{$this->server}' xmlns='jabber:client' xmlns:stream='http://etherx.jabber.org/streams' version='1.0'>\n");
@@ -227,10 +243,13 @@ class jabber
 	* @param string $server host to connect to
 	* @param int $port port number
 	* @param bool $use_ssl use ssl or not
+	* @param bool $verify_peer verify ssl certificate
+	* @param bool $verify_peer_name verify peer name
+	* @param bool $allow_self_signed allow self-signed ssl certificates
 	* @access public
 	* @return bool
 	*/
-	function open_socket($server, $port, $use_ssl = false)
+	function open_socket($server, $port, $use_ssl, $verify_peer, $verify_peer_name, $allow_self_signed)
 	{
 		if (@function_exists('dns_get_record'))
 		{
@@ -241,12 +260,26 @@ class jabber
 			}
 		}
 
-		$server = $use_ssl ? 'ssl://' . $server : $server;
+		$options = array();
 
-		if ($this->connection = @fsockopen($server, $port, $errorno, $errorstr, $this->timeout))
+		if ($use_ssl)
 		{
-			socket_set_blocking($this->connection, 0);
-			socket_set_timeout($this->connection, 60);
+			$remote_socket = 'ssl://' . $server . ':' . $port;
+
+			// Set ssl context options, see http://php.net/manual/en/context.ssl.php
+			$options['ssl'] = array('verify_peer' => $verify_peer, 'verify_peer_name' => $verify_peer_name, 'allow_self_signed' => $allow_self_signed);
+		}
+		else
+		{
+			$remote_socket = $server . ':' . $port;
+		}
+
+		$socket_context = stream_context_create($options);
+
+		if ($this->connection = @stream_socket_client($remote_socket, $errorno, $errorstr, $this->timeout, STREAM_CLIENT_CONNECT, $socket_context))
+		{
+			stream_set_blocking($this->connection, 0);
+			stream_set_timeout($this->connection, 60);
 
 			return true;
 		}
@@ -563,7 +596,7 @@ class jabber
 			case 'proceed':
 				// continue switching to TLS
 				$meta = stream_get_meta_data($this->connection);
-				socket_set_blocking($this->connection, 1);
+				stream_set_blocking($this->connection, 1);
 
 				if (!stream_socket_enable_crypto($this->connection, true, STREAM_CRYPTO_METHOD_TLS_CLIENT))
 				{
@@ -571,7 +604,7 @@ class jabber
 					return false;
 				}
 
-				socket_set_blocking($this->connection, $meta['blocked']);
+				stream_set_blocking($this->connection, $meta['blocked']);
 				$this->session['tls'] = true;
 
 				// new stream

phpBB/includes/functions_messenger.php

@@ -312,10 +312,16 @@ class messenger
 
 	/**
 	* Send the mail out to the recipients set previously in var $this->addresses
+	*
+	* @param int	$method	User notification method NOTIFY_EMAIL|NOTIFY_IM|NOTIFY_BOTH
+	* @param bool	$break	Flag indicating if the function only formats the subject
+	*						and the message without sending it
+	*
+	* @return bool
 	*/
 	function send($method = NOTIFY_EMAIL, $break = false)
 	{
-		global $config, $user;
+		global $config, $user, $phpbb_dispatcher;
 
 		// We add some standard variables we always use, no need to specify them always
 		$this->assign_vars(array(
@@ -324,6 +330,30 @@ class messenger
 			'SITENAME'	=> htmlspecialchars_decode($config['sitename']),
 		));
 
+		$subject = $this->subject;
+		$message = $this->msg;
+		/**
+		* Event to modify notification message text before parsing
+		*
+		* @event core.modify_notification_message
+		* @var	int		method	User notification method NOTIFY_EMAIL|NOTIFY_IM|NOTIFY_BOTH
+		* @var	bool	break	Flag indicating if the function only formats the subject
+		*						and the message without sending it
+		* @var	string	subject	The message subject
+		* @var	string	message	The message text
+		* @since 3.1.11-RC1
+		*/
+		$vars = array(
+			'method',
+			'break',
+			'subject',
+			'message',
+		);
+		extract($phpbb_dispatcher->trigger_event('core.modify_notification_message', compact($vars)));
+		$this->subject = $subject;
+		$this->msg = $message;
+		unset($subject, $message);
+
 		// Parse message through template
 		$this->msg = trim($this->template->assign_display('body'));
 
@@ -625,7 +655,7 @@ class messenger
 		if (!$use_queue)
 		{
 			include_once($phpbb_root_path . 'includes/functions_jabber.' . $phpEx);
-			$this->jabber = new jabber($config['jab_host'], $config['jab_port'], $config['jab_username'], htmlspecialchars_decode($config['jab_password']), $config['jab_use_ssl']);
+			$this->jabber = new jabber($config['jab_host'], $config['jab_port'], $config['jab_username'], htmlspecialchars_decode($config['jab_password']), $config['jab_use_ssl'], $config['jab_verify_peer'], $config['jab_verify_peer_name'], $config['jab_allow_self_signed']);
 
 			if (!$this->jabber->connect())
 			{
@@ -800,7 +830,7 @@ class queue
 					}
 
 					include_once($phpbb_root_path . 'includes/functions_jabber.' . $phpEx);
-					$this->jabber = new jabber($config['jab_host'], $config['jab_port'], $config['jab_username'], htmlspecialchars_decode($config['jab_password']), $config['jab_use_ssl']);
+					$this->jabber = new jabber($config['jab_host'], $config['jab_port'], $config['jab_username'], htmlspecialchars_decode($config['jab_password']), $config['jab_use_ssl'], $config['jab_verify_peer'], $config['jab_verify_peer_name'], $config['jab_allow_self_signed']);
 
 					if (!$this->jabber->connect())
 					{
@@ -1046,7 +1076,18 @@ function smtpmail($addresses, $subject, $message, &$err_msg, $headers = false)
 	}
 	$collector = new \phpbb\error_collector;
 	$collector->install();
-	$smtp->socket = fsockopen($config['smtp_host'], $config['smtp_port'], $errno, $errstr, 20);
+
+	$options = array();
+	$verify_peer = (bool) $config['smtp_verify_peer'];
+	$verify_peer_name = (bool) $config['smtp_verify_peer_name'];
+	$allow_self_signed = (bool) $config['smtp_allow_self_signed'];
+	$remote_socket = $config['smtp_host'] . ':' . $config['smtp_port'];
+
+	// Set ssl context options, see http://php.net/manual/en/context.ssl.php
+	$options['ssl'] = array('verify_peer' => $verify_peer, 'verify_peer_name' => $verify_peer_name, 'allow_self_signed' => $allow_self_signed);
+	$socket_context = stream_context_create($options);
+
+	$smtp->socket = @stream_socket_client($remote_socket, $errno, $errstr, 20, STREAM_CLIENT_CONNECT, $socket_context);
 	$collector->uninstall();
 	$error_contents = $collector->format_errors();
 

phpBB/includes/functions_posting.php

@@ -1315,7 +1315,7 @@ function topic_review($topic_id, $forum_id, $mode = 'topic_review', $cur_post_id
 */
 function delete_post($forum_id, $topic_id, $post_id, &$data, $is_soft = false, $softdelete_reason = '')
 {
-	global $db, $user, $auth, $phpbb_container;
+	global $db, $user, $auth, $phpbb_container, $phpbb_dispatcher;
 	global $config, $phpEx, $phpbb_root_path;
 
 	// Specify our post mode
@@ -1566,6 +1566,34 @@ function delete_post($forum_id, $topic_id, $post_id, &$data, $is_soft = false, $
 		sync('topic_reported', 'topic_id', array($topic_id));
 	}
 
+	/**
+	* This event is used for performing actions directly after a post or topic
+	* has been deleted.
+	*
+	* @event core.delete_post_after
+	* @var	int		forum_id			Post forum ID
+	* @var	int		topic_id			Post topic ID
+	* @var	int		post_id				Post ID
+	* @var	array	data				Post data
+	* @var	bool	is_soft				Soft delete flag
+	* @var	string	softdelete_reason	Soft delete reason
+	* @var	string	post_mode			delete_topic, delete_first_post, delete_last_post or delete
+	* @var	mixed	next_post_id		Next post ID in the topic (post ID or false)
+	*
+	* @since 3.1.11-RC1
+	*/
+	$vars = array(
+		'forum_id',
+		'topic_id',
+		'post_id',
+		'data',
+		'is_soft',
+		'softdelete_reason',
+		'post_mode',
+		'next_post_id',
+	);
+	extract($phpbb_dispatcher->trigger_event('core.delete_post_after', compact($vars)));
+
 	return $next_post_id;
 }
 
@@ -2514,7 +2542,7 @@ function submit_post($mode, $subject, $username, $topic_type, &$poll, &$data, $u
 	* @var	string	url					The "Return to topic" URL
 	*
 	* @since 3.1.0-a3
-	* @change 3.1.0-RC3 Added vars mode, subject, username, topic_type,
+	* @changed 3.1.0-RC3 Added vars mode, subject, username, topic_type,
 	*		poll, update_message, update_search_index
 	*/
 	$vars = array(
@@ -2663,16 +2691,54 @@ function phpbb_upload_popup($forum_style = 0)
 
 /**
 * Do the various checks required for removing posts as well as removing it
+*
+* @param int		$forum_id		The id of the forum
+* @param int		$topic_id		The id of the topic
+* @param int		$post_id		The id of the post
+* @param array		$post_data		Array with the post data
+* @param bool		$is_soft		The flag indicating whether it is the soft delete mode
+* @param string		$delete_reason	Description for the post deletion reason
+*
+* @return null
 */
 function phpbb_handle_post_delete($forum_id, $topic_id, $post_id, &$post_data, $is_soft = false, $delete_reason = '')
 {
 	global $user, $auth, $config, $request;
-	global $phpbb_root_path, $phpEx;
+	global $phpbb_root_path, $phpEx, $phpbb_dispatcher;
 
+	$force_delete_allowed = $force_softdelete_allowed = false;
 	$perm_check = ($is_soft) ? 'softdelete' : 'delete';
 
+	/**
+	* This event allows to modify the conditions for the post deletion
+	*
+	* @event core.handle_post_delete_conditions
+	* @var	int		forum_id		The id of the forum
+	* @var	int		topic_id		The id of the topic
+	* @var	int		post_id			The id of the post
+	* @var	array	post_data		Array with the post data
+	* @var	bool	is_soft			The flag indicating whether it is the soft delete mode
+	* @var	string	delete_reason	Description for the post deletion reason
+	* @var	bool	force_delete_allowed		Allow the user to delete the post (all permissions and conditions are ignored)
+	* @var	bool	force_softdelete_allowed	Allow the user to softdelete the post (all permissions and conditions are ignored)
+	* @var	string	perm_check		The deletion mode softdelete|delete
+	* @since 3.1.11-RC1
+	*/
+	$vars = array(
+		'forum_id',
+		'topic_id',
+		'post_id',
+		'post_data',
+		'is_soft',
+		'delete_reason',
+		'force_delete_allowed',
+		'force_softdelete_allowed',
+		'perm_check',
+	);
+	extract($phpbb_dispatcher->trigger_event('core.handle_post_delete_conditions', compact($vars)));
+
 	// If moderator removing post or user itself removing post, present a confirmation screen
-	if ($auth->acl_get("m_$perm_check", $forum_id) || ($post_data['poster_id'] == $user->data['user_id'] && $user->data['is_registered'] && $auth->acl_get("f_$perm_check", $forum_id) && $post_id == $post_data['topic_last_post_id'] && !$post_data['post_edit_locked'] && ($post_data['post_time'] > time() - ($config['delete_time'] * 60) || !$config['delete_time'])))
+	if ($force_delete_allowed || ($is_soft && $force_softdelete_allowed) || $auth->acl_get("m_$perm_check", $forum_id) || ($post_data['poster_id'] == $user->data['user_id'] && $user->data['is_registered'] && $auth->acl_get("f_$perm_check", $forum_id) && $post_id == $post_data['topic_last_post_id'] && !$post_data['post_edit_locked'] && ($post_data['post_time'] > time() - ($config['delete_time'] * 60) || !$config['delete_time'])))
 	{
 		$s_hidden_fields = array(
 			'p'		=> $post_id,
@@ -2729,10 +2795,10 @@ function phpbb_handle_post_delete($forum_id, $topic_id, $post_id, &$post_data, $
 		}
 		else
 		{
-			global $user, $template, $request;
+			global $template;
 
-			$can_delete = $auth->acl_get('m_delete', $forum_id) || ($post_data['poster_id'] == $user->data['user_id'] && $user->data['is_registered'] && $auth->acl_get('f_delete', $forum_id));
-			$can_softdelete = $auth->acl_get('m_softdelete', $forum_id) || ($post_data['poster_id'] == $user->data['user_id'] && $user->data['is_registered'] && $auth->acl_get('f_softdelete', $forum_id));
+			$can_delete = $force_delete_allowed || ($auth->acl_get('m_delete', $forum_id) || ($post_data['poster_id'] == $user->data['user_id'] && $user->data['is_registered'] && $auth->acl_get('f_delete', $forum_id)));
+			$can_softdelete = $force_softdelete_allowed || ($auth->acl_get('m_softdelete', $forum_id) || ($post_data['poster_id'] == $user->data['user_id'] && $user->data['is_registered'] && $auth->acl_get('f_softdelete', $forum_id)));
 
 			$template->assign_vars(array(
 				'S_SOFTDELETED'			=> $post_data['post_visibility'] == ITEM_DELETED,

phpBB/includes/functions_user.php

@@ -272,13 +272,15 @@ function user_add($user_row, $cp_data = false, $notifications_data = null)
 	* Use this event to modify the values to be inserted when a user is added
 	*
 	* @event core.user_add_modify_data
-	* @var array	user_row		Array of user details submited to user_add
-	* @var array	cp_data			Array of Custom profile fields submited to user_add
-	* @var array	sql_ary		Array of data to be inserted when a user is added
+	* @var array	user_row			Array of user details submited to user_add
+	* @var array	cp_data				Array of Custom profile fields submited to user_add
+	* @var array	sql_ary				Array of data to be inserted when a user is added
+	* @var array	notifications_data	Array of notification data to be inserted when a user is added
 	* @since 3.1.0-a1
-	* @change 3.1.0-b5
+	* @changed 3.1.0-b5 Added user_row and cp_data
+	* @changed 3.1.11-RC1 Added notifications_data
 	*/
-	$vars = array('user_row', 'cp_data', 'sql_ary');
+	$vars = array('user_row', 'cp_data', 'sql_ary', 'notifications_data');
 	extract($phpbb_dispatcher->trigger_event('core.user_add_modify_data', compact($vars)));
 
 	$sql = 'INSERT INTO ' . USERS_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary);

phpBB/includes/mcp/mcp_ban.php

@@ -28,7 +28,10 @@ class mcp_ban
 		global $db, $user, $auth, $template, $request, $phpbb_dispatcher;
 		global $phpbb_root_path, $phpEx;
 
-		include($phpbb_root_path . 'includes/functions_user.' . $phpEx);
+		if (!function_exists('user_ban'))
+		{
+			include($phpbb_root_path . 'includes/functions_user.' . $phpEx);
+		}
 
 		// Include the admin banning interface...
 		include($phpbb_root_path . 'includes/acp/acp_ban.' . $phpEx);

phpBB/includes/mcp/mcp_main.php

@@ -164,7 +164,7 @@ class mcp_main
 				* @var	string	action		Topic quick moderation action name
 				* @var	bool	quickmod	Flag indicating whether MCP is in quick moderation mode
 				* @since 3.1.0-a4
-				* @change 3.1.0-RC4 Added variables: action, quickmod
+				* @changed 3.1.0-RC4 Added variables: action, quickmod
 				*/
 				$vars = array('action', 'quickmod');
 				extract($phpbb_dispatcher->trigger_event('core.modify_quickmod_actions', compact($vars)));
@@ -630,10 +630,13 @@ function mcp_move_topic($topic_ids)
 				*
 				* @event core.mcp_main_modify_shadow_sql
 				* @var	array	shadow	SQL array to be used by $db->sql_build_array
+				* @var	array	row		Topic data
 				* @since 3.1.11-RC1
+				* @changed 3.1.11-RC1 Added variable: row
 				*/
 				$vars = array(
 					'shadow',
+					'row',
 				);
 				extract($phpbb_dispatcher->trigger_event('core.mcp_main_modify_shadow_sql', compact($vars)));
 
@@ -1297,11 +1300,14 @@ function mcp_fork_topic($topic_ids)
 			* Perform actions before forked topic is created.
 			*
 			* @event core.mcp_main_modify_fork_sql
-			* @var	array	sql_ary	SQL array to be used by $db->sql_build_array
+			* @var	array	sql_ary		SQL array to be used by $db->sql_build_array
+			* @var	array	topic_row	Topic data
 			* @since 3.1.11-RC1
+			* @changed 3.1.11-RC1 Added variable: topic_row
 			*/
 			$vars = array(
 				'sql_ary',
+				'topic_row',
 			);
 			extract($phpbb_dispatcher->trigger_event('core.mcp_main_modify_fork_sql', compact($vars)));
 

phpBB/includes/mcp/mcp_post.php

@@ -24,8 +24,8 @@ if (!defined('IN_PHPBB'))
 */
 function mcp_post_details($id, $mode, $action)
 {
-	global $phpEx, $phpbb_root_path, $config;
-	global $template, $db, $user, $auth, $cache;
+	global $phpEx, $phpbb_root_path, $config, $request;
+	global $template, $db, $user, $auth, $cache, $phpbb_container;
 	global $phpbb_dispatcher;
 
 	$user->add_lang('posting');
@@ -53,7 +53,10 @@ function mcp_post_details($id, $mode, $action)
 			if ($auth->acl_get('m_info', $post_info['forum_id']))
 			{
 				$ip = request_var('ip', '');
-				include($phpbb_root_path . 'includes/functions_user.' . $phpEx);
+				if (!function_exists('user_ipwhois'))
+				{
+					include($phpbb_root_path . 'includes/functions_user.' . $phpEx);
+				}
 
 				$template->assign_vars(array(
 					'RETURN_POST'	=> sprintf($user->lang['RETURN_POST'], '<a href="' . append_sid("{$phpbb_root_path}mcp.$phpEx", "i=$id&amp;mode=$mode&amp;p=$post_id") . '">', '</a>'),
@@ -355,7 +358,11 @@ function mcp_post_details($id, $mode, $action)
 	// Get IP
 	if ($auth->acl_get('m_info', $post_info['forum_id']))
 	{
-		$rdns_ip_num = request_var('rdns', '');
+		/** @var \phpbb\pagination $pagination */
+		$pagination = $phpbb_container->get('pagination');
+
+		$rdns_ip_num = $request->variable('rdns', '');
+		$start_users = $request->variable('start_users', 0);
 
 		if ($rdns_ip_num != 'all')
 		{
@@ -364,24 +371,47 @@ function mcp_post_details($id, $mode, $action)
 			);
 		}
 
+		$num_users = false;
+		if ($start_users)
+		{
+			$num_users = phpbb_get_num_posters_for_ip($db, $post_info['poster_ip']);
+			$start_users = $pagination->validate_start($start_users, $config['posts_per_page'], $num_users);
+		}
+
 		// Get other users who've posted under this IP
 		$sql = 'SELECT poster_id, COUNT(poster_id) as postings
 			FROM ' . POSTS_TABLE . "
 			WHERE poster_ip = '" . $db->sql_escape($post_info['poster_ip']) . "'
+				AND poster_id <> " . (int) $post_info['poster_id'] . "
 			GROUP BY poster_id
-			ORDER BY postings DESC";
-		$result = $db->sql_query($sql);
+			ORDER BY postings DESC, poster_id ASC";
+		$result = $db->sql_query_limit($sql, $config['posts_per_page'], $start_users);
 
+		$page_users = 0;
 		while ($row = $db->sql_fetchrow($result))
 		{
-			// Fill the user select list with users who have posted under this IP
-			if ($row['poster_id'] != $post_info['poster_id'])
-			{
-				$users_ary[$row['poster_id']] = $row;
-			}
+			$page_users++;
+			$users_ary[$row['poster_id']] = $row;
 		}
 		$db->sql_freeresult($result);
 
+		if ($page_users == $config['posts_per_page'] || $start_users)
+		{
+			if ($num_users === false)
+			{
+				$num_users = phpbb_get_num_posters_for_ip($db, $post_info['poster_ip']);
+			}
+
+			$pagination->generate_template_pagination(
+				$url . '&amp;i=main&amp;mode=post_details',
+				'pagination',
+				'start_users',
+				$num_users,
+				$config['posts_per_page'],
+				$start_users
+			);
+		}
+
 		if (sizeof($users_ary))
 		{
 			// Get the usernames
@@ -415,16 +445,26 @@ function mcp_post_details($id, $mode, $action)
 		// A compound index on poster_id, poster_ip (posts table) would help speed up this query a lot,
 		// but the extra size is only valuable if there are persons having more than a thousands posts.
 		// This is better left to the really really big forums.
+		$start_ips = $request->variable('start_ips', 0);
+
+		$num_ips = false;
+		if ($start_ips)
+		{
+			$num_ips = phpbb_get_num_ips_for_poster($db, $post_info['poster_id']);
+			$start_ips = $pagination->validate_start($start_ips, $config['posts_per_page'], $num_ips);
+		}
 
 		$sql = 'SELECT poster_ip, COUNT(poster_ip) AS postings
 			FROM ' . POSTS_TABLE . '
 			WHERE poster_id = ' . $post_info['poster_id'] . "
 			GROUP BY poster_ip
-			ORDER BY postings DESC";
-		$result = $db->sql_query($sql);
+			ORDER BY postings DESC, poster_ip ASC";
+		$result = $db->sql_query_limit($sql, $config['posts_per_page'], $start_ips);
 
+		$page_ips = 0;
 		while ($row = $db->sql_fetchrow($result))
 		{
+			$page_ips++;
 			$hostname = (($rdns_ip_num == $row['poster_ip'] || $rdns_ip_num == 'all') && $row['poster_ip']) ? @gethostbyaddr($row['poster_ip']) : '';
 
 			$template->assign_block_vars('iprow', array(
@@ -439,6 +479,23 @@ function mcp_post_details($id, $mode, $action)
 		}
 		$db->sql_freeresult($result);
 
+		if ($page_ips == $config['posts_per_page'] || $start_ips)
+		{
+			if ($num_ips === false)
+			{
+				$num_ips = phpbb_get_num_ips_for_poster($db, $post_info['poster_id']);
+			}
+
+			$pagination->generate_template_pagination(
+				$url . '&amp;i=main&amp;mode=post_details',
+				'pagination_ips',
+				'start_ips',
+				$num_ips,
+				$config['posts_per_page'],
+				$start_ips
+			);
+		}
+
 		$user_select = '';
 
 		if (sizeof($usernames_ary))
@@ -456,6 +513,44 @@ function mcp_post_details($id, $mode, $action)
 
 }
 
+/**
+ * Get the number of posters for a given ip
+ *
+ * @param \phpbb\db\driver\driver_interface $db DBAL interface
+ * @param string $poster_ip IP
+ * @return int Number of posters
+ */
+function phpbb_get_num_posters_for_ip(\phpbb\db\driver\driver_interface $db, $poster_ip)
+{
+	$sql = 'SELECT COUNT(DISTINCT poster_id) as num_users
+		FROM ' . POSTS_TABLE . "
+		WHERE poster_ip = '" . $db->sql_escape($poster_ip) . "'";
+	$result = $db->sql_query($sql);
+	$num_users = (int) $db->sql_fetchfield('num_users');
+	$db->sql_freeresult($result);
+
+	return $num_users;
+}
+
+/**
+ * Get the number of ips for a given poster
+ *
+ * @param \phpbb\db\driver\driver_interface $db
+ * @param int $poster_id Poster user ID
+ * @return int Number of IPs for given poster
+ */
+function phpbb_get_num_ips_for_poster(\phpbb\db\driver\driver_interface $db, $poster_id)
+{
+	$sql = 'SELECT COUNT(DISTINCT poster_ip) as num_ips
+		FROM ' . POSTS_TABLE . '
+		WHERE poster_id = ' . (int) $poster_id;
+	$result = $db->sql_query($sql);
+	$num_ips = (int) $db->sql_fetchfield('num_ips');
+	$db->sql_freeresult($result);
+
+	return $num_ips;
+}
+
 /**
 * Change a post's poster
 */

phpBB/includes/mcp/mcp_topic.php

@@ -407,6 +407,7 @@ function mcp_topic_view($id, $mode, $action)
 function split_topic($action, $topic_id, $to_forum_id, $subject)
 {
 	global $db, $template, $user, $phpEx, $phpbb_root_path, $auth, $config;
+	global $phpbb_dispatcher;
 
 	$post_id_list	= request_var('post_id_list', array(0));
 	$forum_id		= request_var('forum_id', 0);
@@ -567,6 +568,47 @@ function split_topic($action, $topic_id, $to_forum_id, $subject)
 			WHERE post_id = {$post_id_list[0]}";
 		$db->sql_query($sql);
 
+		// Grab data for first post in split topic
+		$sql_array = array(
+			'SELECT'  => 'p.post_id, p.forum_id, p.poster_id, p.post_text, f.enable_indexing',
+			'FROM' => array(
+				POSTS_TABLE => 'p',
+			),
+			'LEFT_JOIN' => array(
+				array(
+					'FROM' => array(FORUMS_TABLE => 'f'),
+					'ON' => 'p.forum_id = f.forum_id',
+				)
+			),
+			'WHERE' => "post_id = {$post_id_list[0]}",
+		);
+		$sql = $db->sql_build_query('SELECT', $sql_array);
+		$result = $db->sql_query($sql);
+		$first_post_data = $db->sql_fetchrow($result);
+		$db->sql_freeresult($result);
+
+		// Index first post as if it were edited
+		if ($first_post_data['enable_indexing'])
+		{
+			// Select the search method and do some additional checks to ensure it can actually be utilised
+			$search_type = $config['search_type'];
+
+			if (!class_exists($search_type))
+			{
+				trigger_error('NO_SUCH_SEARCH_MODULE');
+			}
+
+			$error = false;
+			$search = new $search_type($error, $phpbb_root_path, $phpEx, $auth, $config, $db, $user, $phpbb_dispatcher);
+
+			if ($error)
+			{
+				trigger_error($error);
+			}
+
+			$search->index('edit', $first_post_data['post_id'], $first_post_data['post_text'], $subject, $first_post_data['poster_id'], $first_post_data['forum_id']);
+		}
+
 		// Copy topic subscriptions to new topic
 		$sql = 'SELECT user_id, notify_status
 			FROM ' . TOPICS_WATCH_TABLE . '
@@ -634,7 +676,7 @@ function split_topic($action, $topic_id, $to_forum_id, $subject)
 */
 function merge_posts($topic_id, $to_topic_id)
 {
-	global $db, $template, $user, $phpEx, $phpbb_root_path, $auth;
+	global $db, $template, $user, $phpEx, $phpbb_root_path, $auth, $phpbb_dispatcher;
 
 	if (!$to_topic_id)
 	{
@@ -735,6 +777,20 @@ function merge_posts($topic_id, $to_topic_id)
 		$redirect = request_var('redirect', "{$phpbb_root_path}viewtopic.$phpEx?f=$to_forum_id&t=$to_topic_id");
 		$redirect = reapply_sid($redirect);
 
+		/**
+		 * Perform additional actions after merging posts.
+		 *
+		 * @event core.mcp_topics_merge_posts_after
+		 * @var	int		topic_id		The topic ID from which posts are being moved
+		 * @var	int		to_topic_id		The topic ID to which posts are being moved
+		 * @since 3.1.11-RC1
+		 */
+		$vars = array(
+			'topic_id',
+			'to_topic_id',
+		);
+		extract($phpbb_dispatcher->trigger_event('core.mcp_topics_merge_posts_after', compact($vars)));
+
 		meta_refresh(3, $redirect);
 		trigger_error($user->lang[$success_msg] . '<br /><br />' . $return_link);
 	}

phpBB/includes/message_parser.php

@@ -1171,7 +1171,7 @@ class parse_message extends bbcode_firstpass
 		* @var bool		return					Do we return after the event is triggered if $warn_msg is not empty
 		* @var array	warn_msg				Array of the warning messages
 		* @since 3.1.2-RC1
-		* @change 3.1.3-RC1 Added vars $bbcode_bitfield and $bbcode_uid
+		* @changed 3.1.3-RC1 Added vars $bbcode_bitfield and $bbcode_uid
 		*/
 		$message = $this->message;
 		$warn_msg = $this->warn_msg;

phpBB/includes/ucp/ucp_pm_compose.php

@@ -450,6 +450,17 @@ function compose_pm($id, $mode, $action, $user_folders = array())
 		$message_attachment = 0;
 		$message_text = $message_subject = '';
 
+		/**
+		* Predefine message text and subject
+		*
+		* @event core.ucp_pm_compose_predefined_message
+		* @var	string	message_text	Message text
+		* @var	string	message_subject	Messate subject
+		* @since 3.1.11-RC1
+		*/
+		$vars = array('message_text', 'message_subject');
+		extract($phpbb_dispatcher->trigger_event('core.ucp_pm_compose_predefined_message', compact($vars)));
+
 		if ($to_user_id && $to_user_id != ANONYMOUS && $action == 'post')
 		{
 			$address_list['u'][$to_user_id] = 'to';

phpBB/includes/ucp/ucp_remind.php

@@ -41,8 +41,15 @@ class ucp_remind
 		$email		= strtolower(request_var('email', ''));
 		$submit		= (isset($_POST['submit'])) ? true : false;
 
+		add_form_key('ucp_remind');
+
 		if ($submit)
 		{
+			if (!check_form_key('ucp_remind'))
+			{
+				trigger_error('FORM_INVALID');
+			}
+
 			$sql_array = array(
 				'SELECT'	=> 'user_id, username, user_permissions, user_email, user_jabber, user_notify_type, user_type, user_lang, user_inactive_reason',
 				'FROM'		=> array(USERS_TABLE => 'u'),

phpBB/install/convertors/convert_phpbb20.php

@@ -38,7 +38,7 @@ $dbms = $phpbb_config_php_file->convert_30_dbms_to_31($dbms);
 $convertor_data = array(
 	'forum_name'	=> 'phpBB 2.0.x',
 	'version'		=> '1.0.3',
-	'phpbb_version'	=> '3.1.10',
+	'phpbb_version'	=> '3.1.12',
 	'author'		=> '<a href="https://www.phpbb.com/">phpBB Limited</a>',
 	'dbms'			=> $dbms,
 	'dbhost'		=> $dbhost,

phpBB/install/schemas/schema_data.sql

@@ -273,7 +273,7 @@ INSERT INTO phpbb_config (config_name, config_value) VALUES ('tpl_allow_php', '0
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('upload_icons_path', 'images/upload_icons');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('upload_path', 'files');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('use_system_cron', '0');
-INSERT INTO phpbb_config (config_name, config_value) VALUES ('version', '3.1.10');
+INSERT INTO phpbb_config (config_name, config_value) VALUES ('version', '3.1.12');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('warnings_expire_days', '90');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('warnings_gc', '14400');
 

phpBB/language/en/acp/attachments.php

@@ -125,7 +125,7 @@ $lang = array_merge($lang, array(
 	'MAX_EXTGROUP_FILESIZE'			=> 'Maximum file size',
 	'MAX_IMAGE_SIZE'				=> 'Maximum image dimensions',
 	'MAX_IMAGE_SIZE_EXPLAIN'		=> 'Maximum size of image attachments. Set both values to 0px by 0px to disable dimension checking.',
-	'MAX_THUMB_WIDTH'				=> 'Maximum thumbnail width in pixel',
+	'MAX_THUMB_WIDTH'				=> 'Maximum thumbnail width/height in pixel',
 	'MAX_THUMB_WIDTH_EXPLAIN'		=> 'A generated thumbnail will not exceed the width set here.',
 	'MIN_THUMB_FILESIZE'			=> 'Minimum thumbnail file size',
 	'MIN_THUMB_FILESIZE_EXPLAIN'	=> 'Do not create a thumbnail for images smaller than this.',

phpBB/language/en/acp/board.php

@@ -345,11 +345,14 @@ $lang = array_merge($lang, array(
 
 // Cookie Settings
 $lang = array_merge($lang, array(
-	'ACP_COOKIE_SETTINGS_EXPLAIN'		=> 'These details define the data used to send cookies to your users browsers. In most cases the default values for the cookie settings should be sufficient. If you do need to change any do so with care, incorrect settings can prevent users logging in.',
+	'ACP_COOKIE_SETTINGS_EXPLAIN'		=> 'These details define the data used to send cookies to your users browsers. In most cases the default values for the cookie settings should be sufficient. If you do need to change any do so with care, incorrect settings can prevent users logging in. If you have problems with users staying logging in to your board, visit the <b><a href="https://www.phpbb.com/support/go/cookie-settings/">phpBB.com Knowledge Base - Fixing incorrect cookie settings</a></b>.',
 
 	'COOKIE_DOMAIN'				=> 'Cookie domain',
+	'COOKIE_DOMAIN_EXPLAIN'		=> 'In most cases the cookie domain is optional. Leave it blank if you are unsure.<br /><br /> In the case where you have a board integrated with other software or have multiple domains, then to determine the cookie domain you need to do the following. If you have something like <i>example.com</i> and <i>forums.example.com</i>, or perhaps <i>forums.example.com</i> and <i>blog.example.com</i>. Remove the subdomains until you find the common domain, <i>example.com</i>. Now add a dot in front of the common domain and you would enter .example.com (note the dot at the beginning).',
 	'COOKIE_NAME'				=> 'Cookie name',
+	'COOKIE_NAME_EXPLAIN'		=> 'This can be anything what you want, make it original. Whenever the cookie settings are changed the name of the cookie should be changed.',
 	'COOKIE_PATH'				=> 'Cookie path',
+	'COOKIE_PATH_EXPLAIN'		=> 'Note that this is always a slash, it does not matter what your board URL is.',
 	'COOKIE_SECURE'				=> 'Cookie secure',
 	'COOKIE_SECURE_EXPLAIN'		=> 'If your server is running via SSL set this to enabled else leave as disabled. Having this enabled and not running via SSL will result in server errors during redirects.',
 	'ONLINE_LENGTH'				=> 'View online time span',
@@ -558,6 +561,8 @@ $lang = array_merge($lang, array(
 	'EMAIL_SIG_EXPLAIN'				=> 'This text will be attached to all emails the board sends.',
 	'ENABLE_EMAIL'					=> 'Enable board-wide emails',
 	'ENABLE_EMAIL_EXPLAIN'			=> 'If this is set to disabled no emails will be sent by the board at all. <em>Note the user and admin account activation settings require this setting to be enabled. If currently using “user” or “admin” activation in the activation settings, disabling this setting will disable registration.</em>',
+	'SMTP_ALLOW_SELF_SIGNED'		=> 'Allow self-signed SSL certificates',
+	'SMTP_ALLOW_SELF_SIGNED_EXPLAIN'=> 'Allow connections to SMTP server with self-signed SSL certificate.<em><strong>Warning:</strong> Allowing self-signed SSL certificates may cause security implications.</em>',
 	'SMTP_AUTH_METHOD'				=> 'Authentication method for SMTP',
 	'SMTP_AUTH_METHOD_EXPLAIN'		=> 'Only used if a username/password is set, ask your provider if you are unsure which method to use.',
 	'SMTP_CRAM_MD5'					=> 'CRAM-MD5',
@@ -574,6 +579,11 @@ $lang = array_merge($lang, array(
 	'SMTP_SETTINGS'					=> 'SMTP settings',
 	'SMTP_USERNAME'					=> 'SMTP username',
 	'SMTP_USERNAME_EXPLAIN'			=> 'Only enter a username if your SMTP server requires it.',
+	'SMTP_VERIFY_PEER'				=> 'Verify SSL certificate',
+	'SMTP_VERIFY_PEER_EXPLAIN'		=> 'Require verification of SSL certificate used by SMTP server.<em><strong>Warning:</strong> Connecting peers with unverified SSL certificates may cause security implications.</em>',
+	'SMTP_VERIFY_PEER_NAME'			=> 'Verify SMTP peer name',
+	'SMTP_VERIFY_PEER_NAME_EXPLAIN'	=> 'Require verification of peer name for SMTP servers using SSL / TLS connections.<em><strong>Warning:</strong> Connecting to unverified peers may cause security implications.</em>',
+
 	'USE_SMTP'						=> 'Use SMTP server for email',
 	'USE_SMTP_EXPLAIN'				=> 'Select “Yes” if you want or have to send email via a named server instead of the local mail function.',
 ));
@@ -582,20 +592,26 @@ $lang = array_merge($lang, array(
 $lang = array_merge($lang, array(
 	'ACP_JABBER_SETTINGS_EXPLAIN'	=> 'Here you can enable and control the use of Jabber for instant messaging and board notifications. Jabber is an open source protocol and therefore available for use by anyone. Some Jabber servers include gateways or transports which allow you to contact users on other networks. Not all servers offer all transports and changes in protocols can prevent transports from operating. Please be sure to enter already registered account details - phpBB will use the details you enter here as is.',
 
-	'JAB_ENABLE'				=> 'Enable Jabber',
-	'JAB_ENABLE_EXPLAIN'		=> 'Enables use of Jabber messaging and notifications.',
-	'JAB_GTALK_NOTE'			=> 'Please note that GTalk will not work because the <samp>dns_get_record</samp> function could not be found. This function is not available in PHP4, and is not implemented on Windows platforms. It currently does not work on BSD-based systems, including Mac OS.',
-	'JAB_PACKAGE_SIZE'			=> 'Jabber package size',
-	'JAB_PACKAGE_SIZE_EXPLAIN'	=> 'This is the number of messages sent in one package. If set to 0 the message is sent immediately and will not be queued for later sending.',
-	'JAB_PASSWORD'				=> 'Jabber password',
-	'JAB_PASSWORD_EXPLAIN'		=> '<em><strong>Warning:</strong> This password will be stored as plain text in the database, visible to everybody who can access your database or who can view this configuration page.</em>',
-	'JAB_PORT'					=> 'Jabber port',
-	'JAB_PORT_EXPLAIN'			=> 'Leave blank unless you know it is not port 5222.',
-	'JAB_SERVER'				=> 'Jabber server',
-	'JAB_SERVER_EXPLAIN'		=> 'See %sjabber.org%s for a list of servers.',
-	'JAB_SETTINGS_CHANGED'		=> 'Jabber settings changed successfully.',
-	'JAB_USE_SSL'				=> 'Use SSL to connect',
-	'JAB_USE_SSL_EXPLAIN'		=> 'If enabled a secure connection is tried to be established. The Jabber port will be modified to 5223 if port 5222 is specified.',
-	'JAB_USERNAME'				=> 'Jabber username or JID',
-	'JAB_USERNAME_EXPLAIN'		=> 'Specify a registered username or a valid JID. The username will not be checked for validity. If you only specify a username, then your JID will be the username and the server you specified above. Else, specify a valid JID, for example user@jabber.org.',
+	'JAB_ALLOW_SELF_SIGNED'			=> 'Allow self-signed SSL certificates',
+	'JAB_ALLOW_SELF_SIGNED_EXPLAIN'	=> 'Allow connections to Jabber server with self-signed SSL certificate.<em><strong>Warning:</strong> Allowing self-signed SSL certificates may cause security implications.</em>',
+	'JAB_ENABLE'					=> 'Enable Jabber',
+	'JAB_ENABLE_EXPLAIN'			=> 'Enables use of Jabber messaging and notifications.',
+	'JAB_GTALK_NOTE'				=> 'Please note that GTalk will not work because the <samp>dns_get_record</samp> function could not be found. This function is not available in PHP4, and is not implemented on Windows platforms. It currently does not work on BSD-based systems, including Mac OS.',
+	'JAB_PACKAGE_SIZE'				=> 'Jabber package size',
+	'JAB_PACKAGE_SIZE_EXPLAIN'		=> 'This is the number of messages sent in one package. If set to 0 the message is sent immediately and will not be queued for later sending.',
+	'JAB_PASSWORD'					=> 'Jabber password',
+	'JAB_PASSWORD_EXPLAIN'			=> '<em><strong>Warning:</strong> This password will be stored as plain text in the database, visible to everybody who can access your database or who can view this configuration page.</em>',
+	'JAB_PORT'						=> 'Jabber port',
+	'JAB_PORT_EXPLAIN'				=> 'Leave blank unless you know it is not port 5222.',
+	'JAB_SERVER'					=> 'Jabber server',
+	'JAB_SERVER_EXPLAIN'			=> 'See %sjabber.org%s for a list of servers.',
+	'JAB_SETTINGS_CHANGED'			=> 'Jabber settings changed successfully.',
+	'JAB_USE_SSL'					=> 'Use SSL to connect',
+	'JAB_USE_SSL_EXPLAIN'			=> 'If enabled a secure connection is tried to be established. The Jabber port will be modified to 5223 if port 5222 is specified.',
+	'JAB_USERNAME'					=> 'Jabber username or JID',
+	'JAB_USERNAME_EXPLAIN'			=> 'Specify a registered username or a valid JID. The username will not be checked for validity. If you only specify a username, then your JID will be the username and the server you specified above. Else, specify a valid JID, for example user@jabber.org.',
+	'JAB_VERIFY_PEER'				=> 'Verify SSL certificate',
+	'JAB_VERIFY_PEER_EXPLAIN'		=> 'Require verification of SSL certificate used by Jabber server.<em><strong>Warning:</strong> Connecting peers with unverified SSL certificates may cause security implications.</em>',
+	'JAB_VERIFY_PEER_NAME'			=> 'Verify Jabber peer name',
+	'JAB_VERIFY_PEER_NAME_EXPLAIN'	=> 'Require verification of peer name for Jabber servers using SSL / TLS connections.<em><strong>Warning:</strong> Connecting to unverified peers may cause security implications.</em>',
 ));

phpBB/language/en/acp/common.php

@@ -373,7 +373,7 @@ $lang = array_merge($lang, array(
 	'NUMBER_USERS'		=> 'Number of users',
 	'NUMBER_ORPHAN'		=> 'Orphan attachments',
 
-	'PHP_VERSION_OLD'	=> 'The version of PHP on this server will no longer be supported by future versions of phpBB. %sDetails%s',
+	'PHP_VERSION_OLD'	=> 'The version of PHP on this server (%1$s) will no longer be supported by future versions of phpBB. The minimum required version will be PHP %2$s. %3$sDetails%4$s',
 
 	'POSTS_PER_DAY'		=> 'Posts per day',
 
@@ -417,11 +417,14 @@ $lang = array_merge($lang, array(
 	'UPLOAD_DIR_SIZE'	=> 'Size of posted attachments',
 	'USERS_PER_DAY'		=> 'Users per day',
 
-	'VALUE'						=> 'Value',
-	'VERSIONCHECK_FAIL'			=> 'Failed to obtain latest version information.',
-	'VERSIONCHECK_FORCE_UPDATE'	=> 'Re-Check version',
-	'VIEW_ADMIN_LOG'			=> 'View administrator log',
-	'VIEW_INACTIVE_USERS'		=> 'View inactive users',
+	'VALUE'							=> 'Value',
+	'VERSIONCHECK_FAIL'				=> 'Failed to obtain latest version information.',
+	'VERSIONCHECK_FORCE_UPDATE'		=> 'Re-Check version',
+	'VERSIONCHECK_INVALID_ENTRY'	=> 'Latest version information contains an unsupported entry.',
+	'VERSIONCHECK_INVALID_URL'		=> 'Latest version information contains invalid URL.',
+	'VERSIONCHECK_INVALID_VERSION'	=> 'Latest version information contains an invalid version.',
+	'VIEW_ADMIN_LOG'				=> 'View administrator log',
+	'VIEW_INACTIVE_USERS'			=> 'View inactive users',
 
 	'WELCOME_PHPBB'			=> 'Welcome to phpBB',
 	'WRITABLE_CONFIG'		=> 'Your config file (config.php) is currently world-writable. We strongly encourage you to change the permissions to 640 or at least to 644 (for example: <a href="http://en.wikipedia.org/wiki/Chmod" rel="external">chmod</a> 640 config.php).',

phpBB/language/en/acp/styles.php

@@ -81,6 +81,7 @@ $lang = array_merge($lang, array(
 	'STYLE_UNINSTALL_DEPENDENT'	=> 'Style "%s" cannot be uninstalled because it has one or more child styles.',
 	'STYLE_UNINSTALLED'			=> 'Style "%s" uninstalled successfully.',
 	'STYLE_USED_BY'				=> 'Used by (including robots)',
+	'STYLE_VERSION'				=> 'Style version',
 
 	'UNINSTALL_DEFAULT'		=> 'You cannot uninstall the default style.',
 

phpBB/language/en/cli.php

@@ -55,6 +55,7 @@ $lang = array_merge($lang, array(
 	'CLI_DESCRIPTION_DISABLE_EXTENSION'			=> 'Disables the specified extension.',
 	'CLI_DESCRIPTION_ENABLE_EXTENSION'			=> 'Enables the specified extension.',
 	'CLI_DESCRIPTION_FIND_MIGRATIONS'			=> 'Finds migrations that are not depended upon.',
+	'CLI_DESCRIPTION_FIX_LEFT_RIGHT_IDS'		=> 'Repairs the tree structure of the forums and modules.',
 	'CLI_DESCRIPTION_GET_CONFIG'				=> 'Gets a configuration option’s value',
 	'CLI_DESCRIPTION_INCREMENT_CONFIG'			=> 'Increments a configuration option’s integer value',
 	'CLI_DESCRIPTION_LIST_EXTENSIONS'			=> 'Lists all extensions in the database and on the filesystem.',
@@ -64,6 +65,7 @@ $lang = array_merge($lang, array(
 	'CLI_DESCRIPTION_RECALCULATE_EMAIL_HASH'	=> 'Recalculates the user_email_hash column of the users table.',
 	'CLI_DESCRIPTION_SET_ATOMIC_CONFIG'			=> 'Sets a configuration option’s value only if the old matches the current value',
 	'CLI_DESCRIPTION_SET_CONFIG'				=> 'Sets a configuration option’s value',
+	'CLI_DESCRIPTION_UPDATE_HASH_BCRYPT'		=> 'Updates outdated password hashes to be hashed with bcrypt.',
 
 	'CLI_EXTENSION_DISABLE_FAILURE'		=> 'Could not disable extension %s',
 	'CLI_EXTENSION_DISABLE_SUCCESS'		=> 'Successfully disabled extension %s',
@@ -77,7 +79,9 @@ $lang = array_merge($lang, array(
 	'CLI_EXTENSIONS_DISABLED'			=> 'Disabled',
 	'CLI_EXTENSIONS_ENABLED'			=> 'Enabled',
 
+	'CLI_FIXUP_FIX_LEFT_RIGHT_IDS_SUCCESS'		=> 'Successfully repaired the tree structure of the forums and modules.',
 	'CLI_FIXUP_RECALCULATE_EMAIL_HASH_SUCCESS'	=> 'Successfully recalculated all email hashes.',
+	'CLI_FIXUP_UPDATE_HASH_BCRYPT_SUCCESS'		=> 'Successfully updated outdated password hashes to bcrypt.'
 ));
 
 // Additional help for commands.

phpBB/language/en/install.php

@@ -574,6 +574,7 @@ $lang = array_merge($lang, array(
 	'UPDATING_DATA'					=> 'Updating data',
 	'UPDATING_TO_LATEST_STABLE'		=> 'Updating database to latest stable release',
 	'UPDATED_VERSION'				=> 'Updated version',
+	'UPGRADE_INSTRUCTIONS'			=> 'A new feature release <strong>%1$s</strong> is available. Please read <a href="%2$s" title="%2$s"><strong>the release announcement</strong></a> to learn about what it has to offer, and how to upgrade.',
 	'UPLOAD_METHOD'					=> 'Upload method',
 
 	'UPDATE_DB_SUCCESS'				=> 'Database update was successful.',

phpBB/memberlist.php

@@ -101,7 +101,10 @@ switch ($mode)
 {
 	case 'team':
 		// Display a listing of board admins, moderators
-		include($phpbb_root_path . 'includes/functions_user.' . $phpEx);
+		if (!function_exists('user_get_id_name'))
+		{
+			include($phpbb_root_path . 'includes/functions_user.' . $phpEx);
+		}
 
 		$page_title = $user->lang['THE_TEAM'];
 		$template_html = 'memberlist_team.html';

phpBB/phpbb/auth/auth.php

@@ -514,7 +514,7 @@ class auth
 	*/
 	function acl_clear_prefetch($user_id = false)
 	{
-		global $db, $cache;
+		global $db, $cache, $phpbb_dispatcher;
 
 		// Rebuild options cache
 		$cache->destroy('_role_cache');
@@ -553,6 +553,16 @@ class auth
 			$where_sql";
 		$db->sql_query($sql);
 
+		/**
+		* Event is triggered after user(s) permission settings cache has been cleared
+		*
+		* @event core.acl_clear_prefetch_after
+		* @var	mixed	user_id	User ID(s)
+		* @since 3.1.11-RC1
+		*/
+		$vars = array('user_id');
+		extract($phpbb_dispatcher->trigger_event('core.acl_clear_prefetch_after', compact($vars)));
+
 		return;
 	}
 

phpBB/phpbb/avatar/driver/remote.php

@@ -85,8 +85,11 @@ class remote extends \phpbb\avatar\driver\driver
 		}
 
 		// Check if this url looks alright
-		// This isn't perfect, but it's what phpBB 3.0 did, and might as well make sure everything is compatible
-		if (!preg_match('#^(http|https|ftp)://(?:(.*?\.)*?[a-z0-9\-]+?\.[a-z]{2,4}|(?:\d{1,3}\.){3,5}\d{1,3}):?([0-9]*?).*?\.('. implode('|', $this->allowed_extensions) . ')$#i', $url))
+		// Do not allow specifying the port (see RFC 3986) or IP addresses
+		if (!preg_match('#^(http|https|ftp)://(?:(.*?\.)*?[a-z0-9\-]+?\.[a-z]{2,4}|(?:\d{1,3}\.){3,5}\d{1,3}):?([0-9]*?).*?\.('. implode('|', $this->allowed_extensions) . ')$#i', $url) ||
+			preg_match('@^(http|https|ftp)://[^/:?#]+:[0-9]+[/:?#]@i', $url) ||
+			preg_match('#^(http|https|ftp)://(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])#i', $url) ||
+			preg_match('#^(http|https|ftp)://(?:(?:(?:[\dA-F]{1,4}:){6}(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:::(?:[\dA-F]{1,4}:){0,5}(?:[\dA-F]{1,4}(?::[\dA-F]{1,4})?|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:):(?:[\dA-F]{1,4}:){4}(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,2}:(?:[\dA-F]{1,4}:){3}(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,3}:(?:[\dA-F]{1,4}:){2}(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,4}:(?:[\dA-F]{1,4}:)(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,5}:(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,6}:[\dA-F]{1,4})|(?:(?:[\dA-F]{1,4}:){1,7}:)|(?:::))#i', $url))
 		{
 			$error[] = 'AVATAR_URL_INVALID';
 			return false;

phpBB/phpbb/avatar/driver/upload.php

@@ -134,6 +134,16 @@ class upload extends \phpbb\avatar\driver\driver
 				return false;
 			}
 
+			// Do not allow specifying the port (see RFC 3986) or IP addresses
+			// remote_upload() will do its own check for allowed filetypes
+			if (preg_match('@^(http|https|ftp)://[^/:?#]+:[0-9]+[/:?#]@i', $url) ||
+				preg_match('#^(http|https|ftp)://(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])#i', $url) ||
+				preg_match('#^(http|https|ftp)://(?:(?:(?:[\dA-F]{1,4}:){6}(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:::(?:[\dA-F]{1,4}:){0,5}(?:[\dA-F]{1,4}(?::[\dA-F]{1,4})?|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:):(?:[\dA-F]{1,4}:){4}(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,2}:(?:[\dA-F]{1,4}:){3}(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,3}:(?:[\dA-F]{1,4}:){2}(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,4}:(?:[\dA-F]{1,4}:)(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,5}:(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,6}:[\dA-F]{1,4})|(?:(?:[\dA-F]{1,4}:){1,7}:)|(?:::))#i', $url))
+			{
+				$error[] = 'AVATAR_URL_INVALID';
+				return false;
+			}
+
 			$file = $upload->remote_upload($url, $this->mimetype_guesser);
 		}
 		else

phpBB/phpbb/cache/driver/file.php

@@ -601,6 +601,6 @@ class file extends \phpbb\cache\driver\base
 	*/
 	protected function clean_varname($varname)
 	{
-		return str_replace('/', '-', $varname);
+		return str_replace(array('/', '\\'), '-', $varname);
 	}
 }

phpBB/phpbb/cache/driver/memcache.php

@@ -52,8 +52,8 @@ class memcache extends \phpbb\cache\driver\memory
 		$this->memcache = new \Memcache;
 		foreach (explode(',', PHPBB_ACM_MEMCACHE) as $u)
 		{
-			$parts = explode('/', $u);
-			$this->memcache->addServer(trim($parts[0]), trim($parts[1]));
+			preg_match('#(.*)/(\d+)#', $u, $parts);
+			$this->memcache->addServer(trim($parts[1]), (int) trim($parts[2]));
 		}
 		$this->flags = (PHPBB_ACM_MEMCACHE_COMPRESS) ? MEMCACHE_COMPRESSED : 0;
 	}

phpBB/phpbb/cache/driver/memcached.php

@@ -0,0 +1,134 @@
+<?php
+/**
+*
+* This file is part of the phpBB Forum Software package.
+*
+* @copyright (c) phpBB Limited <https://www.phpbb.com>
+* @license GNU General Public License, version 2 (GPL-2.0)
+*
+* For full copyright and license information, please see
+* the docs/CREDITS.txt file.
+*
+*/
+
+namespace phpbb\cache\driver;
+
+if (!defined('PHPBB_ACM_MEMCACHED_PORT'))
+{
+	define('PHPBB_ACM_MEMCACHED_PORT', 11211);
+}
+
+if (!defined('PHPBB_ACM_MEMCACHED_COMPRESS'))
+{
+	define('PHPBB_ACM_MEMCACHED_COMPRESS', true);
+}
+
+if (!defined('PHPBB_ACM_MEMCACHED_HOST'))
+{
+	define('PHPBB_ACM_MEMCACHED_HOST', 'localhost');
+}
+
+if (!defined('PHPBB_ACM_MEMCACHED'))
+{
+	//can define multiple servers with host1/port1,host2/port2 format
+	define('PHPBB_ACM_MEMCACHED', PHPBB_ACM_MEMCACHED_HOST . '/' . PHPBB_ACM_MEMCACHED_PORT);
+}
+
+/**
+* ACM for Memcached
+*/
+class memcached extends \phpbb\cache\driver\memory
+{
+	/** @var string Extension to use */
+	protected $extension = 'memcached';
+
+	/** @var \Memcached Memcached class */
+	protected $memcached;
+
+	/** @var int Flags */
+	protected $flags = 0;
+
+	/**
+	 * Memcached constructor
+	 */
+	public function __construct()
+	{
+		// Call the parent constructor
+		parent::__construct();
+
+		$this->memcached = new \Memcached();
+		$this->memcached->setOption(\Memcached::OPT_BINARY_PROTOCOL, true);
+		// Memcached defaults to using compression, disable if we don't want
+		// to use it
+		if (!PHPBB_ACM_MEMCACHED_COMPRESS)
+		{
+			$this->memcached->setOption(\Memcached::OPT_COMPRESSION, false);
+		}
+
+		foreach (explode(',', PHPBB_ACM_MEMCACHE) as $u)
+		{
+			preg_match('#(.*)/(\d+)#', $u, $parts);
+			$this->memcached->addServer(trim($parts[1]), (int) trim($parts[2]));
+		}
+	}
+
+	/**
+	* {@inheritDoc}
+	*/
+	public function unload()
+	{
+		parent::unload();
+
+		unset($this->memcached);
+	}
+
+	/**
+	* {@inheritDoc}
+	*/
+	public function purge()
+	{
+		$this->memcached->flush();
+
+		parent::purge();
+	}
+
+	/**
+	* Fetch an item from the cache
+	*
+	* @param string $var Cache key
+	*
+	* @return mixed Cached data
+	*/
+	protected function _read($var)
+	{
+		return $this->memcached->get($this->key_prefix . $var);
+	}
+
+	/**
+	* Store data in the cache
+	*
+	* @param string $var Cache key
+	* @param mixed $data Data to store
+	* @param int $ttl Time-to-live of cached data
+	* @return bool True if the operation succeeded
+	*/
+	protected function _write($var, $data, $ttl = 2592000)
+	{
+		if (!$this->memcached->replace($this->key_prefix . $var, $data, $ttl))
+		{
+			return $this->memcached->set($this->key_prefix . $var, $data, $ttl);
+		}
+		return true;
+	}
+
+	/**
+	* Remove an item from the cache
+	*
+	* @param string $var Cache key
+	* @return bool True if the operation succeeded
+	*/
+	protected function _delete($var)
+	{
+		return $this->memcached->delete($this->key_prefix . $var);
+	}
+}

phpBB/phpbb/console/command/fixup/fix_left_right_ids.php

@@ -0,0 +1,134 @@
+<?php
+/**
+*
+* This file is part of the phpBB Forum Software package.
+*
+* @copyright (c) phpBB Limited <https://www.phpbb.com>
+* @license GNU General Public License, version 2 (GPL-2.0)
+*
+* For full copyright and license information, please see
+* the docs/CREDITS.txt file.
+*
+*/
+
+namespace phpbb\console\command\fixup;
+
+use Symfony\Component\Console\Input\InputInterface;
+use Symfony\Component\Console\Output\OutputInterface;
+
+class fix_left_right_ids extends \phpbb\console\command\command
+{
+	/** @var \phpbb\user */
+	protected $user;
+
+	/** @var \phpbb\db\driver\driver_interface */
+	protected $db;
+
+	/** @var \phpbb\cache\driver\driver_interface */
+	protected $cache;
+
+	/**
+	* Constructor
+	*
+	* @param \phpbb\user							$user	User instance
+	* @param \phpbb\db\driver\driver_interface		$db		Database connection
+	* @param \phpbb\cache\driver\driver_interface	$cache	Cache instance
+	*/
+	public function __construct(\phpbb\user $user, \phpbb\db\driver\driver_interface $db, \phpbb\cache\driver\driver_interface $cache)
+	{
+		$this->user = $user;
+		$this->db = $db;
+		$this->cache = $cache;
+
+		parent::__construct($user);
+	}
+
+	/**
+	* {@inheritdoc}
+	*/
+	protected function configure()
+	{
+		$this
+			->setName('fixup:fix-left-right-ids')
+			->setDescription($this->user->lang('CLI_DESCRIPTION_FIX_LEFT_RIGHT_IDS'))
+		;
+	}
+
+	/**
+	* Executes the command fixup:fix-left-right-ids.
+	*
+	* Repairs the tree structure of the forums and modules.
+	* The code is mainly borrowed from Support toolkit for phpBB Olympus
+	*
+	* @param InputInterface  $input  An InputInterface instance
+	* @param OutputInterface $output An OutputInterface instance
+	*
+	* @return void
+	*/
+	protected function execute(InputInterface $input, OutputInterface $output)
+	{
+		// Fix Left/Right IDs for the modules table
+		$result = $this->db->sql_query('SELECT DISTINCT(module_class) FROM ' . MODULES_TABLE);
+		while ($row = $this->db->sql_fetchrow($result))
+		{
+			$i = 1;
+			$where = array("module_class = '" . $this->db->sql_escape($row['module_class']) . "'");
+			$this->fix_ids_tree($i, 'module_id', MODULES_TABLE, 0, $where);
+		}
+		$this->db->sql_freeresult($result);
+
+		// Fix the Left/Right IDs for the forums table
+		$i = 1;
+		$this->fix_ids_tree($i, 'forum_id', FORUMS_TABLE);
+
+		$this->cache->purge();
+
+		$output->writeln('<info>' . $this->user->lang('CLI_FIXUP_FIX_LEFT_RIGHT_IDS_SUCCESS') . '</info>');
+	}
+
+	/**
+	 * Item's tree structure rebuild helper
+	 * The item is either forum or ACP/MCP/UCP module
+	 *
+	 * @param int		$i			Item id offset index
+	 * @param string	$field		The key field to fix, forum_id|module_id
+	 * @param string	$table		The table name to perform, FORUMS_TABLE|MODULES_TABLE
+	 * @param int		$parent_id	Parent item id
+	 * @param array		$where		Additional WHERE clause condition
+	 *
+	 * @return bool	True on rebuild success, false otherwise
+	 */
+	protected function fix_ids_tree(&$i, $field, $table, $parent_id = 0, $where = array())
+	{
+		$changes_made = false;
+		$sql = 'SELECT * FROM ' . $table . '
+			WHERE parent_id = ' . (int) $parent_id .
+			((!empty($where)) ? ' AND ' . implode(' AND ', $where) : '') . '
+			ORDER BY left_id ASC';
+		$result = $this->db->sql_query($sql);
+		while ($row = $this->db->sql_fetchrow($result))
+		{
+			// Update the left_id for the item
+			if ($row['left_id'] != $i)
+			{
+				$this->db->sql_query('UPDATE ' . $table . ' SET ' . $this->db->sql_build_array('UPDATE', array('left_id' => $i)) . " WHERE $field = " . (int) $row[$field]);
+				$changes_made = true;
+			}
+			$i++;
+
+			// Go through children and update their left/right IDs
+			$changes_made = (($this->fix_ids_tree($i, $field, $table, $row[$field], $where)) || $changes_made) ? true : false;
+
+			// Update the right_id for the item
+			if ($row['right_id'] != $i)
+			{
+				$this->db->sql_query('UPDATE ' . $table . ' SET ' . $this->db->sql_build_array('UPDATE', array('right_id' => $i)) . " WHERE $field = " . (int) $row[$field]);
+				$changes_made = true;
+			}
+			$i++;
+		}
+		$this->db->sql_freeresult($result);
+
+		return $changes_made;
+	}
+}

phpBB/phpbb/console/command/fixup/update_hashes.php

@@ -0,0 +1,117 @@
+<?php
+/**
+*
+* This file is part of the phpBB Forum Software package.
+*
+* @copyright (c) phpBB Limited <https://www.phpbb.com>
+* @license GNU General Public License, version 2 (GPL-2.0)
+*
+* For full copyright and license information, please see
+* the docs/CREDITS.txt file.
+*
+*/
+namespace phpbb\console\command\fixup;
+
+use Symfony\Component\Console\Input\InputInterface;
+use Symfony\Component\Console\Output\OutputInterface;
+use Symfony\Component\Console\Helper\ProgressBar;
+
+class update_hashes extends \phpbb\console\command\command
+{
+	/** @var \phpbb\config\config */
+	protected $config;
+
+	/** @var \phpbb\db\driver\driver_interface */
+	protected $db;
+
+	/** @var \phpbb\passwords\manager */
+	protected $passwords_manager;
+
+	/** @var string Default hashing type */
+	protected $default_type;
+
+	/**
+	 * Update_hashes constructor
+	 *
+	 * @param \phpbb\config\config $config
+	 * @param \phpbb\user $user
+	 * @param \phpbb\db\driver\driver_interface $db
+	 * @param \phpbb\passwords\manager $passwords_manager
+	 * @param array $hashing_algorithms Hashing driver
+	 *			service collection
+	 * @param array $defaults Default password types
+	 */
+	public function __construct(\phpbb\config\config $config, \phpbb\user $user,
+								\phpbb\db\driver\driver_interface $db, \phpbb\passwords\manager $passwords_manager,
+								$hashing_algorithms, $defaults)
+	{
+		$this->config = $config;
+		$this->db = $db;
+
+		$this->passwords_manager = $passwords_manager;
+
+		foreach ($defaults as $type)
+		{
+			if ($hashing_algorithms[$type]->is_supported())
+			{
+				$this->default_type = $type;
+				break;
+			}
+		}
+
+		parent::__construct($user);
+	}
+
+	/**
+	 * {@inheritdoc}
+	 */
+	protected function configure()
+	{
+		$this
+			->setName('fixup:update-hashes')
+			->setDescription($this->user->lang('CLI_DESCRIPTION_UPDATE_HASH_BCRYPT'))
+		;
+	}
+
+	/**
+	 * {@inheritdoc}
+	 */
+	protected function execute(InputInterface $input, OutputInterface $output)
+	{
+		// Get count to be able to display progress
+		$sql = 'SELECT COUNT(user_id) AS count
+				FROM ' . USERS_TABLE . '
+				WHERE user_password ' . $this->db->sql_like_expression('$H$' . $this->db->get_any_char()) . '
+					OR user_password ' . $this->db->sql_like_expression('$CP$' . $this->db->get_any_char());
+		$result = $this->db->sql_query($sql);
+		$total_update_passwords = $this->db->sql_fetchfield('count');
+		$this->db->sql_freeresult($result);
+
+		// Create progress bar
+		$progress_bar = new ProgressBar($output, $total_update_passwords);
+		$progress_bar->start();
+
+		$sql = 'SELECT user_id, user_password
+				FROM ' . USERS_TABLE . '
+				WHERE user_password ' . $this->db->sql_like_expression('$H$' . $this->db->get_any_char()) . '
+					OR user_password ' . $this->db->sql_like_expression('$CP$' . $this->db->get_any_char());
+		$result = $this->db->sql_query($sql);
+
+		while ($row = $this->db->sql_fetchrow($result))
+		{
+			$new_hash = $this->passwords_manager->hash($row['user_password'], array($this->default_type));
+
+			$sql = 'UPDATE ' . USERS_TABLE . "
+					SET user_password = '" . $this->db->sql_escape($new_hash) . "'
+					WHERE user_id = " . (int) $row['user_id'];
+			$this->db->sql_query($sql);
+			$progress_bar->advance();
+		}
+
+		$this->config->set('update_hashes_last_cron', time());
+
+		$progress_bar->finish();
+
+		$output->writeln('<info>' . $this->user->lang('CLI_FIXUP_UPDATE_HASH_BCRYPT_SUCCESS') . '</info>');
+	}
+}

phpBB/phpbb/cron/task/core/update_hashes.php

@@ -0,0 +1,130 @@
+<?php
+/**
+ *
+ * This file is part of the phpBB Forum Software package.
+ *
+ * @copyright (c) phpBB Limited <https://www.phpbb.com>
+ * @license GNU General Public License, version 2 (GPL-2.0)
+ *
+ * For full copyright and license information, please see
+ * the docs/CREDITS.txt file.
+ *
+ */
+
+namespace phpbb\cron\task\core;
+
+/**
+ * Update old hashes to the current default hashing algorithm
+ *
+ * It is intended to gradually update all "old" style hashes to the
+ * current default hashing algorithm.
+ */
+class update_hashes extends \phpbb\cron\task\base
+{
+	/** @var \phpbb\config\config */
+	protected $config;
+
+	/** @var \phpbb\db\driver\driver_interface */
+	protected $db;
+
+	/** @var \phpbb\lock\db */
+	protected $update_lock;
+
+	/** @var \phpbb\passwords\manager */
+	protected $passwords_manager;
+
+	/** @var string Default hashing type */
+	protected $default_type;
+
+	/**
+	 * Constructor.
+	 *
+	 * @param \phpbb\config\config $config
+	 * @param \phpbb\db\driver\driver_interface $db
+	 * @param \phpbb\lock\db $update_lock
+	 * @param \phpbb\passwords\manager $passwords_manager
+	 * @param array $hashing_algorithms Hashing driver
+	 *			service collection
+	 * @param array $defaults Default password types
+	 */
+	public function __construct(\phpbb\config\config $config, \phpbb\db\driver\driver_interface $db, \phpbb\lock\db $update_lock, \phpbb\passwords\manager $passwords_manager, $hashing_algorithms, $defaults)
+	{
+		$this->config = $config;
+		$this->db = $db;
+		$this->passwords_manager = $passwords_manager;
+		$this->update_lock = $update_lock;
+
+		foreach ($defaults as $type)
+		{
+			if ($hashing_algorithms[$type]->is_supported())
+			{
+				$this->default_type = $type;
+				break;
+			}
+		}
+	}
+
+	/**
+	 * {@inheritdoc}
+	 */
+	public function is_runnable()
+	{
+		return !$this->config['use_system_cron'];
+	}
+
+	/**
+	 * {@inheritdoc}
+	 */
+	public function should_run()
+	{
+		if (!empty($this->config['update_hashes_lock']))
+		{
+			$last_run = explode(' ', $this->config['update_hashes_lock']);
+			if ($last_run[0] + 60 >= time())
+			{
+				return false;
+			}
+		}
+
+		return $this->config['enable_update_hashes'] && $this->config['update_hashes_last_cron'] < (time() - 60);
+	}
+
+	/**
+	 * {@inheritdoc}
+	 */
+	public function run()
+	{
+		if ($this->update_lock->acquire())
+		{
+			$sql = 'SELECT user_id, user_password
+				FROM ' . USERS_TABLE . '
+				WHERE user_password ' . $this->db->sql_like_expression('$H$' . $this->db->get_any_char()) . '
+				OR user_password ' . $this->db->sql_like_expression('$CP$' . $this->db->get_any_char());
+			$result = $this->db->sql_query_limit($sql, 20);
+
+			$affected_rows = 0;
+
+			while ($row = $this->db->sql_fetchrow($result))
+			{
+				$new_hash = $this->passwords_manager->hash($row['user_password'], array($this->default_type));
+
+				// Increase number so we know that users were selected from the database
+				$affected_rows++;
+
+				$sql = 'UPDATE ' . USERS_TABLE . "
+					SET user_password = '" . $this->db->sql_escape($new_hash) . "'
+					WHERE user_id = " . (int) $row['user_id'];
+				$this->db->sql_query($sql);
+			}
+
+			$this->config->set('update_hashes_last_cron', time());
+			$this->update_lock->release();
+
+			// Stop cron for good once all hashes are converted
+			if ($affected_rows === 0)
+			{
+				$this->config->set('enable_update_hashes', '0');
+			}
+		}
+	}
+}

phpBB/phpbb/db/migration/data/v30x/.htaccess

@@ -0,0 +1,33 @@
+# With Apache 2.4 the "Order, Deny" syntax has been deprecated and moved from
+# module mod_authz_host to a new module called mod_access_compat (which may be
+# disabled) and a new "Require" syntax has been introduced to mod_authz_host.
+# We could just conditionally provide both versions, but unfortunately Apache
+# does not explicitly tell us its version if the module mod_version is not
+# available. In this case, we check for the availability of module
+# mod_authz_core (which should be on 2.4 or higher only) as a best guess.
+<IfModule mod_version.c>
+	<IfVersion < 2.4>
+		<Files "*">
+			Order Allow,Deny
+			Deny from All
+		</Files>
+	</IfVersion>
+	<IfVersion >= 2.4>
+		<Files "*">
+			Require all denied
+		</Files>
+	</IfVersion>
+</IfModule>
+<IfModule !mod_version.c>
+	<IfModule !mod_authz_core.c>
+		<Files "*">
+			Order Allow,Deny
+			Deny from All
+		</Files>
+	</IfModule>
+	<IfModule mod_authz_core.c>
+		<Files "*">
+			Require all denied
+		</Files>
+	</IfModule>
+</IfModule>

phpBB/phpbb/db/migration/data/v310/.htaccess

@@ -0,0 +1,33 @@
+# With Apache 2.4 the "Order, Deny" syntax has been deprecated and moved from
+# module mod_authz_host to a new module called mod_access_compat (which may be
+# disabled) and a new "Require" syntax has been introduced to mod_authz_host.
+# We could just conditionally provide both versions, but unfortunately Apache
+# does not explicitly tell us its version if the module mod_version is not
+# available. In this case, we check for the availability of module
+# mod_authz_core (which should be on 2.4 or higher only) as a best guess.
+<IfModule mod_version.c>
+	<IfVersion < 2.4>
+		<Files "*">
+			Order Allow,Deny
+			Deny from All
+		</Files>
+	</IfVersion>
+	<IfVersion >= 2.4>
+		<Files "*">
+			Require all denied
+		</Files>
+	</IfVersion>
+</IfModule>
+<IfModule !mod_version.c>
+	<IfModule !mod_authz_core.c>
+		<Files "*">
+			Order Allow,Deny
+			Deny from All
+		</Files>
+	</IfModule>
+	<IfModule mod_authz_core.c>
+		<Files "*">
+			Require all denied
+		</Files>
+	</IfModule>
+</IfModule>

phpBB/phpbb/db/migration/data/v31x/.htaccess

@@ -0,0 +1,33 @@
+# With Apache 2.4 the "Order, Deny" syntax has been deprecated and moved from
+# module mod_authz_host to a new module called mod_access_compat (which may be
+# disabled) and a new "Require" syntax has been introduced to mod_authz_host.
+# We could just conditionally provide both versions, but unfortunately Apache
+# does not explicitly tell us its version if the module mod_version is not
+# available. In this case, we check for the availability of module
+# mod_authz_core (which should be on 2.4 or higher only) as a best guess.
+<IfModule mod_version.c>
+	<IfVersion < 2.4>
+		<Files "*">
+			Order Allow,Deny
+			Deny from All
+		</Files>
+	</IfVersion>
+	<IfVersion >= 2.4>
+		<Files "*">
+			Require all denied
+		</Files>
+	</IfVersion>
+</IfModule>
+<IfModule !mod_version.c>
+	<IfModule !mod_authz_core.c>
+		<Files "*">
+			Order Allow,Deny
+			Deny from All
+		</Files>
+	</IfModule>
+	<IfModule mod_authz_core.c>
+		<Files "*">
+			Require all denied
+		</Files>
+	</IfModule>
+</IfModule>

phpBB/phpbb/db/migration/data/v31x/add_jabber_ssl_context_config_options.php

@@ -0,0 +1,32 @@
+<?php
+/**
+*
+* This file is part of the phpBB Forum Software package.
+*
+* @copyright (c) phpBB Limited <https://www.phpbb.com>
+* @license GNU General Public License, version 2 (GPL-2.0)
+*
+* For full copyright and license information, please see
+* the docs/CREDITS.txt file.
+*
+*/
+
+namespace phpbb\db\migration\data\v31x;
+
+class add_jabber_ssl_context_config_options extends \phpbb\db\migration\migration
+{
+	static public function depends_on()
+	{
+		return array('\phpbb\db\migration\data\v31x\v3110');
+	}
+
+	public function update_data()
+	{
+		return array(
+			// See http://php.net/manual/en/context.ssl.php
+			array('config.add', array('jab_verify_peer', 1)),
+			array('config.add', array('jab_verify_peer_name', 1)),
+			array('config.add', array('jab_allow_self_signed', 0)),
+		);
+	}
+}

phpBB/phpbb/db/migration/data/v31x/add_latest_topics_index.php

@@ -0,0 +1,51 @@
+<?php
+/**
+ *
+ * This file is part of the phpBB Forum Software package.
+ *
+ * @copyright (c) phpBB Limited <https://www.phpbb.com>
+ * @license GNU General Public License, version 2 (GPL-2.0)
+ *
+ * For full copyright and license information, please see
+ * the docs/CREDITS.txt file.
+ *
+ */
+
+namespace phpbb\db\migration\data\v31x;
+
+class add_latest_topics_index extends \phpbb\db\migration\migration
+{
+	static public function depends_on()
+	{
+		return array(
+			'\phpbb\db\migration\data\v31x\v3110',
+		);
+	}
+
+	public function update_schema()
+	{
+		return array(
+			'add_index' => array(
+				$this->table_prefix . 'topics' => array(
+					'latest_topics'	=> array(
+						'forum_id',
+						'topic_last_post_time',
+						'topic_last_post_id',
+						'topic_moved_id',
+					),
+				),
+			),
+		);
+	}
+
+	public function revert_schema()
+	{
+		return array(
+			'drop_keys' => array(
+				$this->table_prefix . 'topics' => array(
+					'latest_topics',
+				),
+			),
+		);
+	}
+}

phpBB/phpbb/db/migration/data/v31x/add_smtp_ssl_context_config_options.php

@@ -0,0 +1,32 @@
+<?php
+/**
+*
+* This file is part of the phpBB Forum Software package.
+*
+* @copyright (c) phpBB Limited <https://www.phpbb.com>
+* @license GNU General Public License, version 2 (GPL-2.0)
+*
+* For full copyright and license information, please see
+* the docs/CREDITS.txt file.
+*
+*/
+
+namespace phpbb\db\migration\data\v31x;
+
+class add_smtp_ssl_context_config_options extends \phpbb\db\migration\migration
+{
+	static public function depends_on()
+	{
+		return array('\phpbb\db\migration\data\v31x\v3110');
+	}
+
+	public function update_data()
+	{
+		return array(
+			// See http://php.net/manual/en/context.ssl.php
+			array('config.add', array('smtp_verify_peer', 1)),
+			array('config.add', array('smtp_verify_peer_name', 1)),
+			array('config.add', array('smtp_allow_self_signed', 0)),
+		);
+	}
+}

phpBB/phpbb/db/migration/data/v31x/update_hashes.php

@@ -0,0 +1,33 @@
+<?php
+/**
+ *
+ * This file is part of the phpBB Forum Software package.
+ *
+ * @copyright (c) phpBB Limited <https://www.phpbb.com>
+ * @license GNU General Public License, version 2 (GPL-2.0)
+ *
+ * For full copyright and license information, please see
+ * the docs/CREDITS.txt file.
+ *
+ */
+
+namespace phpbb\db\migration\data\v31x;
+
+class update_hashes extends \phpbb\db\migration\migration
+{
+	static public function depends_on()
+	{
+		return array(
+			'\phpbb\db\migration\data\v31x\v3110',
+		);
+	}
+
+	public function update_data()
+	{
+		return array(
+			array('config.add', array('enable_update_hashes', '1')),
+			array('config.add', array('update_hashes_lock', '')),
+			array('config.add', array('update_hashes_last_cron', '0'))
+		);
+	}
+}

phpBB/phpbb/db/migration/data/v31x/v3111.php

@@ -0,0 +1,36 @@
+<?php
+/**
+*
+* This file is part of the phpBB Forum Software package.
+*
+* @copyright (c) phpBB Limited <https://www.phpbb.com>
+* @license GNU General Public License, version 2 (GPL-2.0)
+*
+* For full copyright and license information, please see
+* the docs/CREDITS.txt file.
+*
+*/
+
+namespace phpbb\db\migration\data\v31x;
+
+class v3111 extends \phpbb\db\migration\migration
+{
+	public function effectively_installed()
+	{
+		return phpbb_version_compare($this->config['version'], '3.1.11', '>=');
+	}
+
+	static public function depends_on()
+	{
+		return array(
+			'\phpbb\db\migration\data\v31x\v3111rc1',
+		);
+	}
+
+	public function update_data()
+	{
+		return array(
+			array('config.update', array('version', '3.1.11')),
+		);
+	}
+}

phpBB/phpbb/db/migration/data/v31x/v3111rc1.php

@@ -0,0 +1,43 @@
+<?php
+/**
+*
+* This file is part of the phpBB Forum Software package.
+*
+* @copyright (c) phpBB Limited <https://www.phpbb.com>
+* @license GNU General Public License, version 2 (GPL-2.0)
+*
+* For full copyright and license information, please see
+* the docs/CREDITS.txt file.
+*
+*/
+
+namespace phpbb\db\migration\data\v31x;
+
+class v3111rc1 extends \phpbb\db\migration\migration
+{
+	public function effectively_installed()
+	{
+		return phpbb_version_compare($this->config['version'], '3.1.11-RC1', '>=');
+	}
+
+	static public function depends_on()
+	{
+		return array(
+			'\phpbb\db\migration\data\v31x\v3110',
+			'\phpbb\db\migration\data\v31x\add_log_time_index',
+			'\phpbb\db\migration\data\v31x\increase_size_of_emotion',
+			'\phpbb\db\migration\data\v31x\add_jabber_ssl_context_config_options',
+			'\phpbb\db\migration\data\v31x\add_smtp_ssl_context_config_options',
+			'\phpbb\db\migration\data\v31x\update_hashes',
+			'\phpbb\db\migration\data\v31x\remove_duplicate_migrations',
+			'\phpbb\db\migration\data\v31x\add_latest_topics_index',
+		);
+	}
+
+	public function update_data()
+	{
+		return array(
+			array('config.update', array('version', '3.1.11-RC1')),
+		);
+	}
+}

phpBB/phpbb/db/migration/data/v31x/v3112.php

@@ -0,0 +1,36 @@
+<?php
+/**
+*
+* This file is part of the phpBB Forum Software package.
+*
+* @copyright (c) phpBB Limited <https://www.phpbb.com>
+* @license GNU General Public License, version 2 (GPL-2.0)
+*
+* For full copyright and license information, please see
+* the docs/CREDITS.txt file.
+*
+*/
+
+namespace phpbb\db\migration\data\v31x;
+
+class v3112 extends \phpbb\db\migration\migration
+{
+	public function effectively_installed()
+	{
+		return phpbb_version_compare($this->config['version'], '3.1.12', '>=');
+	}
+
+	static public function depends_on()
+	{
+		return array(
+			'\phpbb\db\migration\data\v31x\v3111',
+		);
+	}
+
+	public function update_data()
+	{
+		return array(
+			array('config.update', array('version', '3.1.12')),
+		);
+	}
+}

phpBB/phpbb/event/php_exporter.php

@@ -510,7 +510,7 @@ class php_exporter
 	/**
 	* Find the "@changed" Information lines
 	*
-	* @param string $tag_name Should be 'changed' or 'change'
+	* @param string $tag_name Should be 'change', not 'changed'
 	* @return array Absolute line numbers
 	* @throws \LogicException
 	*/
@@ -658,7 +658,7 @@ class php_exporter
 	{
 		$match = array();
 		$line = str_replace("\t", ' ', ltrim($line, "\t "));
-		preg_match('#^\* @change(d)? (\d+\.\d+\.\d+(?:-(?:a|b|RC|pl)\d+)?)( (?:.*))?$#', $line, $match);
+		preg_match('#^\* @changed (\d+\.\d+\.\d+(?:-(?:a|b|RC|pl)\d+)?)( (?:.*))?$#', $line, $match);
 		if (!isset($match[2]))
 		{
 			throw new \LogicException("Invalid '@changed' information for event "

phpBB/phpbb/extension/manager.php

@@ -149,10 +149,10 @@ class manager
 	* Instantiates the metadata manager for the extension with the given name
 	*
 	* @param string $name The extension name
-	* @param \phpbb\template\template $template The template manager
+	* @param \phpbb\template\template $template The template manager or null
 	* @return \phpbb\extension\metadata_manager Instance of the metadata manager
 	*/
-	public function create_extension_metadata_manager($name, \phpbb\template\template $template)
+	public function create_extension_metadata_manager($name, \phpbb\template\template $template = null)
 	{
 		return new \phpbb\extension\metadata_manager($name, $this->config, $this, $template, $this->user, $this->phpbb_root_path);
 	}
@@ -433,25 +433,11 @@ class manager
 			if ($file_info->isFile() && $file_info->getFilename() == 'composer.json')
 			{
 				$ext_name = $iterator->getInnerIterator()->getSubPath();
-				$composer_file = $iterator->getPath() . '/composer.json';
-
-				// Ignore the extension if there is no composer.json.
-				if (!is_readable($composer_file) || !($ext_info = file_get_contents($composer_file)))
-				{
-					continue;
-				}
-
-				$ext_info = json_decode($ext_info, true);
 				$ext_name = str_replace(DIRECTORY_SEPARATOR, '/', $ext_name);
-
-				// Ignore the extension if directory depth is not correct or if the directory structure
-				// does not match the name value specified in composer.json.
-				if (substr_count($ext_name, '/') !== 1 || !isset($ext_info['name']) || $ext_name != $ext_info['name'])
+				if ($this->is_available($ext_name))
 				{
-					continue;
+					$available[$ext_name] = $this->phpbb_root_path . 'ext/' . $ext_name . '/';
 				}
-
-				$available[$ext_name] = $this->phpbb_root_path . 'ext/' . $ext_name . '/';
 			}
 		}
 		ksort($available);
@@ -524,7 +510,15 @@ class manager
 	*/
 	public function is_available($name)
 	{
-		return file_exists($this->get_extension_path($name, true));
+		$md_manager = $this->create_extension_metadata_manager($name);
+		try
+		{
+			return $md_manager->get_metadata('all') && $md_manager->validate_enable();
+		}
+		catch (\phpbb\extension\exception $e)
+		{
+			return false;
+		}
 	}
 
 	/**

phpBB/phpbb/extension/metadata_manager.php

@@ -66,17 +66,18 @@ class metadata_manager
 	*/
 	protected $metadata_file;
 
+	// @codingStandardsIgnoreStart
 	/**
 	* Creates the metadata manager
 	*
 	* @param string				$ext_name			Name (including vendor) of the extension
 	* @param \phpbb\config\config		$config				phpBB Config instance
 	* @param \phpbb\extension\manager	$extension_manager	An instance of the phpBB extension manager
-	* @param \phpbb\template\template	$template			phpBB Template instance
+	* @param \phpbb\template\template	$template			phpBB Template instance or null
 	* @param \phpbb\user 		$user 				User instance
 	* @param string				$phpbb_root_path	Path to the phpbb includes directory.
 	*/
-	public function __construct($ext_name, \phpbb\config\config $config, \phpbb\extension\manager $extension_manager, \phpbb\template\template $template, \phpbb\user $user, $phpbb_root_path)
+	public function __construct($ext_name, \phpbb\config\config $config, \phpbb\extension\manager $extension_manager, \phpbb\template\template $template = null, \phpbb\user $user, $phpbb_root_path)
 	{
 		$this->config = $config;
 		$this->extension_manager = $extension_manager;
@@ -88,6 +89,7 @@ class metadata_manager
 		$this->metadata = array();
 		$this->metadata_file = '';
 	}
+	// @codingStandardsIgnoreEnd
 
 	/**
 	* Processes and gets the metadata requested
@@ -97,51 +99,38 @@ class metadata_manager
 	*/
 	public function get_metadata($element = 'all')
 	{
-		$this->set_metadata_file();
-
-		// Fetch the metadata
-		$this->fetch_metadata();
-
-		// Clean the metadata
-		$this->clean_metadata_array();
+		// Fetch and clean the metadata if not done yet
+		if ($this->metadata_file === '')
+		{
+			$this->fetch_metadata_from_file();
+		}
 
 		switch ($element)
 		{
 			case 'all':
 			default:
-				// Validate the metadata
-				if (!$this->validate())
-				{
-					return false;
-				}
-
+				$this->validate();
 				return $this->metadata;
 			break;
 
 			case 'version':
 			case 'name':
-				return ($this->validate($element)) ? $this->metadata[$element] : false;
+				$this->validate($element);
+				return $this->metadata[$element];
 			break;
 
 			case 'display-name':
-				if (isset($this->metadata['extra']['display-name']))
-				{
-					return $this->metadata['extra']['display-name'];
-				}
-				else
-				{
-					return ($this->validate('name')) ? $this->metadata['name'] : false;
-				}
+				return (isset($this->metadata['extra']['display-name'])) ? $this->metadata['extra']['display-name'] : $this->get_metadata('name');
 			break;
 		}
 	}
 
 	/**
-	* Sets the filepath of the metadata file
+	* Sets the path of the metadata file, gets its contents and cleans loaded file
 	*
 	* @throws \phpbb\extension\exception
 	*/
-	private function set_metadata_file()
+	private function fetch_metadata_from_file()
 	{
 		$ext_filepath = $this->extension_manager->get_extension_path($this->ext_name);
 		$metadata_filepath = $this->phpbb_root_path . $ext_filepath . 'composer.json';
@@ -152,37 +141,19 @@ class metadata_manager
 		{
 			throw new \phpbb\extension\exception($this->user->lang('FILE_NOT_FOUND', $this->metadata_file));
 		}
-	}
 
-	/**
-	* Gets the contents of the composer.json file
-	*
-	* @return bool True if success, throws an exception on failure
-	* @throws \phpbb\extension\exception
-	*/
-	private function fetch_metadata()
-	{
-		if (!file_exists($this->metadata_file))
+		if (!($file_contents = file_get_contents($this->metadata_file)))
 		{
-			throw new \phpbb\extension\exception($this->user->lang('FILE_NOT_FOUND', $this->metadata_file));
+			throw new \phpbb\extension\exception($this->user->lang('FILE_CONTENT_ERR', $this->metadata_file));
 		}
-		else
+
+		if (($metadata = json_decode($file_contents, true)) === null)
 		{
-			if (!($file_contents = file_get_contents($this->metadata_file)))
-			{
-				throw new \phpbb\extension\exception($this->user->lang('FILE_CONTENT_ERR', $this->metadata_file));
-			}
-
-			if (($metadata = json_decode($file_contents, true)) === null)
-			{
-				throw new \phpbb\extension\exception($this->user->lang('FILE_JSON_DECODE_ERR', $this->metadata_file));
-			}
-
-			array_walk_recursive($metadata, array($this, 'sanitize_json'));
-			$this->metadata = $metadata;
-
-			return true;
+			throw new \phpbb\extension\exception($this->user->lang('FILE_JSON_DECODE_ERR', $this->metadata_file));
 		}
+
+		array_walk_recursive($metadata, array($this, 'sanitize_json'));
+		$this->metadata = $metadata;
 	}
 
 	/**
@@ -196,16 +167,6 @@ class metadata_manager
 		$value = htmlspecialchars($value);
 	}
 
-	/**
-	* This array handles the cleaning of the array
-	*
-	* @return array Contains the cleaned metadata array
-	*/
-	private function clean_metadata_array()
-	{
-		return $this->metadata;
-	}
-
 	/**
 	* Validate fields
 	*
@@ -228,10 +189,8 @@ class metadata_manager
 		switch ($name)
 		{
 			case 'all':
-				$this->validate('display');
-
 				$this->validate_enable();
-			break;
+				// no break
 
 			case 'display':
 				foreach ($fields as $field => $data)
@@ -288,40 +247,43 @@ class metadata_manager
 	/**
 	* This array handles the verification that this extension can be enabled on this board
 	*
-	* @return bool True if validation succeeded, False if failed
+	* @return bool True if validation succeeded, throws an exception if invalid
+	* @throws \phpbb\extension\exception
 	*/
 	public function validate_enable()
 	{
 		// Check for valid directory & phpBB, PHP versions
-		if (!$this->validate_dir() || !$this->validate_require_phpbb() || !$this->validate_require_php())
-		{
-			return false;
-		}
-
-		return true;
+		return $this->validate_dir() && $this->validate_require_phpbb() && $this->validate_require_php();
 	}
 
 	/**
 	* Validates the most basic directory structure to ensure it follows <vendor>/<ext> convention.
 	*
-	* @return boolean True when passes validation
+	* @return boolean True when passes validation, throws an exception if invalid
+	* @throws \phpbb\extension\exception
 	*/
 	public function validate_dir()
 	{
-		return (substr_count($this->ext_name, '/') === 1 && $this->ext_name == $this->get_metadata('name'));
+		if (substr_count($this->ext_name, '/') !== 1 || $this->ext_name != $this->get_metadata('name'))
+		{
+			throw new \phpbb\extension\exception($this->user->lang('EXTENSION_DIR_INVALID'));
+		}
+
+		return true;
 	}
 
 
 	/**
 	* Validates the contents of the phpbb requirement field
 	*
-	* @return boolean True when passes validation
+	* @return boolean True when passes validation, throws an exception if invalid
+	* @throws \phpbb\extension\exception
 	*/
 	public function validate_require_phpbb()
 	{
 		if (!isset($this->metadata['extra']['soft-require']['phpbb/phpbb']))
 		{
-			return false;
+			throw new \phpbb\extension\exception($this->user->lang('META_FIELD_NOT_SET', 'soft-require'));
 		}
 
 		return true;
@@ -330,13 +292,14 @@ class metadata_manager
 	/**
 	* Validates the contents of the php requirement field
 	*
-	* @return boolean True when passes validation
+	* @return boolean True when passes validation, throws an exception if invalid
+	* @throws \phpbb\extension\exception
 	*/
 	public function validate_require_php()
 	{
 		if (!isset($this->metadata['require']['php']))
 		{
-			return false;
+			throw new \phpbb\extension\exception($this->user->lang('META_FIELD_NOT_SET', 'require php'));
 		}
 
 		return true;
@@ -359,10 +322,10 @@ class metadata_manager
 			'META_LICENSE'		=> $this->metadata['license'],
 
 			'META_REQUIRE_PHP'		=> (isset($this->metadata['require']['php'])) ? $this->metadata['require']['php'] : '',
-			'META_REQUIRE_PHP_FAIL'	=> !$this->validate_require_php(),
+			'META_REQUIRE_PHP_FAIL'	=> (isset($this->metadata['require']['php'])) ? false : true,
 
 			'META_REQUIRE_PHPBB'		=> (isset($this->metadata['extra']['soft-require']['phpbb/phpbb'])) ? $this->metadata['extra']['soft-require']['phpbb/phpbb'] : '',
-			'META_REQUIRE_PHPBB_FAIL'	=> !$this->validate_require_phpbb(),
+			'META_REQUIRE_PHPBB_FAIL'	=> (isset($this->metadata['extra']['soft-require']['phpbb/phpbb'])) ? false : true,
 
 			'META_DISPLAY_NAME'	=> (isset($this->metadata['extra']['display-name'])) ? $this->metadata['extra']['display-name'] : '',
 		));

phpBB/phpbb/profilefields/type/type_date.php

@@ -264,7 +264,7 @@ class type_date extends type_base
 		}
 
 		$profile_row['s_year_options'] = '<option value="0"' . ((!$year) ? ' selected="selected"' : '') . '>--</option>';
-		for ($i = $now['year'] - 100; $i <= $now['year'] + 100; $i++)
+		for ($i = 1901; $i <= $now['year'] + 50; $i++)
 		{
 			$profile_row['s_year_options'] .= '<option value="' . $i . '"' . (($i == $year) ? ' selected="selected"' : '') . ">$i</option>";
 		}

phpBB/phpbb/profilefields/type/type_url.php

@@ -64,11 +64,24 @@ class type_url extends type_string
 			return false;
 		}
 
-		if (!preg_match('#^' . get_preg_expression('url') . '$#iu', $field_value))
+		if (!preg_match('#^' . get_preg_expression('url_http') . '$#iu', $field_value))
 		{
 			return $this->user->lang('FIELD_INVALID_URL', $this->get_field_name($field_data['lang_name']));
 		}
 
 		return false;
 	}
+
+	/**
+	 * {@inheritDoc}
+	 */
+	public function get_profile_value($field_value, $field_data)
+	{
+		if (!preg_match('#^' . get_preg_expression('url_http') . '$#iu', $field_value))
+		{
+			return null;
+		}
+
+		return parent::get_profile_value($field_value, $field_data);
+	}
 }

phpBB/phpbb/request/request.php

@@ -169,12 +169,6 @@ class request implements \phpbb\request\request_interface
 				$GLOBALS[$this->super_globals[$super_global]][$var_name] = $value;
 			}
 		}
-
-		if (!$this->super_globals_disabled())
-		{
-			unset($GLOBALS[$this->super_globals[$super_global]][$var_name]);
-			$GLOBALS[$this->super_globals[$super_global]][$var_name] = $value;
-		}
 	}
 
 	/**

phpBB/phpbb/search/fulltext_mysql.php

@@ -272,6 +272,27 @@ class fulltext_mysql extends \phpbb\search\base
 
 		foreach ($this->split_words as $i => $word)
 		{
+			// Check for not allowed search queries for InnoDB.
+			// We assume similar restrictions for MyISAM, which is usually even
+			// slower but not as restrictive as InnoDB.
+			// InnoDB full-text search does not support the use of a leading
+			// plus sign with wildcard ('+*'), a plus and minus sign
+			// combination ('+-'), or leading a plus and minus sign combination.
+			// InnoDB full-text search only supports leading plus or minus signs.
+			// For example, InnoDB supports '+apple' but does not support 'apple+'.
+			// Specifying a trailing plus or minus sign causes InnoDB to report
+			// a syntax error. InnoDB full-text search does not support the use
+			// of multiple operators on a single search word, as in this example:
+			// '++apple'. Use of multiple operators on a single search word
+			// returns a syntax error to standard out.
+			// Also, ensure that the wildcard character is only used at the
+			// end of the line as it's intended by MySQL.
+			if (preg_match('#^(\+[+-]|\+\*|.+[+-]$|.+\*(?!$))#', $word))
+			{
+				unset($this->split_words[$i]);
+				continue;
+			}
+
 			$clean_word = preg_replace('#^[+\-|"]#', '', $word);
 
 			// check word length

phpBB/phpbb/session.php

@@ -460,6 +460,9 @@ class session
 						$this->data['is_bot'] = (!$this->data['is_registered'] && $this->data['user_id'] != ANONYMOUS) ? true : false;
 						$this->data['user_lang'] = basename($this->data['user_lang']);
 
+						// Is user banned? Are they excluded? Won't return on ban, exists within method
+						$this->check_ban_for_current_session($config);
+
 						return true;
 					}
 				}
@@ -666,19 +669,7 @@ class session
 		// session exists in which case session_id will also be set
 
 		// Is user banned? Are they excluded? Won't return on ban, exists within method
-		if ($this->data['user_type'] != USER_FOUNDER)
-		{
-			if (!$config['forwarded_for_check'])
-			{
-				$this->check_ban($this->data['user_id'], $this->ip);
-			}
-			else
-			{
-				$ips = explode(' ', $this->forwarded_for);
-				$ips[] = $this->ip;
-				$this->check_ban($this->data['user_id'], $ips);
-			}
-		}
+		$this->check_ban_for_current_session($config);
 
 		$this->data['is_registered'] = (!$bot && $this->data['user_id'] != ANONYMOUS && ($this->data['user_type'] == USER_NORMAL || $this->data['user_type'] == USER_FOUNDER)) ? true : false;
 		$this->data['is_bot'] = ($bot) ? true : false;
@@ -1268,9 +1259,6 @@ class session
 			$message .= ($ban_row['ban_give_reason']) ? '<br /><br />' . sprintf($this->lang['BOARD_BAN_REASON'], $ban_row['ban_give_reason']) : '';
 			$message .= '<br /><br /><em>' . $this->lang['BAN_TRIGGERED_BY_' . strtoupper($ban_triggered_by)] . '</em>';
 
-			// To circumvent session_begin returning a valid value and the check_ban() not called on second page view, we kill the session again
-			$this->session_kill(false);
-
 			// A very special case... we are within the cron script which is not supposed to print out the ban message... show blank page
 			if (defined('IN_CRON'))
 			{
@@ -1279,12 +1267,37 @@ class session
 				exit;
 			}
 
+			// To circumvent session_begin returning a valid value and the check_ban() not called on second page view, we kill the session again
+			$this->session_kill(false);
+
 			trigger_error($message);
 		}
 
 		return ($banned && $ban_row['ban_give_reason']) ? $ban_row['ban_give_reason'] : $banned;
 	}
 
+	/**
+	 * Check the current session for bans
+	 *
+	 * @return true if session user is banned.
+	 */
+	protected function check_ban_for_current_session($config)
+	{
+		if (!defined('SKIP_CHECK_BAN') && $this->data['user_type'] != USER_FOUNDER)
+		{
+			if (!$config['forwarded_for_check'])
+			{
+				$this->check_ban($this->data['user_id'], $this->ip);
+			}
+			else
+			{
+				$ips = explode(' ', $this->forwarded_for);
+				$ips[] = $this->ip;
+				$this->check_ban($this->data['user_id'], $ips);
+			}
+		}
+	}
+
 	/**
 	* Check if ip is blacklisted
 	* This should be called only where absolutely necessary
@@ -1576,7 +1589,7 @@ class session
 		}
 
 		// Only update session DB a minute or so after last update or if page changes
-		if ($this->time_now - $this->data['session_time'] > 60 || ($this->update_session_page && $this->data['session_page'] != $this->page['page']))
+		if ($this->time_now - ((isset($this->data['session_time'])) ? $this->data['session_time'] : 0) > 60 || ($this->update_session_page && $this->data['session_page'] != $this->page['page']))
 		{
 			$sql_ary = array('session_time' => $this->time_now);
 

phpBB/phpbb/template/base.php

@@ -132,6 +132,14 @@ abstract class base implements template
 		return $this->context->alter_block_array($blockname, $vararray, $key, $mode);
 	}
 
+	/**
+	* {@inheritdoc}
+	*/
+	public function find_key_index($blockname, $key)
+	{
+		return $this->context->find_key_index($blockname, $key);
+	}
+
 	/**
 	* Calls hook if any is defined.
 	*

phpBB/phpbb/template/context.php

@@ -263,6 +263,89 @@ class context
 		return true;
 	}
 
+	/**
+	* Find the index for a specified key in the innermost specified block
+	*
+	* @param	string	$blockname	the blockname, for example 'loop'
+	* @param	mixed	$key		Key to search for
+	*
+	* array: KEY => VALUE [the key/value pair to search for within the loop to determine the correct position]
+	*
+	* int: Position [the position to search for]
+	*
+	* If key is false the position is set to 0
+	* If key is true the position is set to the last entry
+	*
+	* @return mixed false if not found, index position otherwise; be sure to test with ===
+	*/
+	public function find_key_index($blockname, $key)
+	{
+		// For nested block, $blockcount > 0, for top-level block, $blockcount == 0
+		$blocks = explode('.', $blockname);
+		$blockcount = sizeof($blocks) - 1;
+
+		$block = $this->tpldata;
+		for ($i = 0; $i < $blockcount; $i++)
+		{
+			if (($pos = strpos($blocks[$i], '[')) !== false)
+			{
+				$name = substr($blocks[$i], 0, $pos);
+
+				if (strpos($blocks[$i], '[]') === $pos)
+				{
+					$index = sizeof($block[$name]) - 1;
+				}
+				else
+				{
+					$index = min((int) substr($blocks[$i], $pos + 1, -1), sizeof($block[$name]) - 1);
+				}
+			}
+			else
+			{
+				$name = $blocks[$i];
+				$index = sizeof($block[$name]) - 1;
+			}
+			if (!isset($block[$name]))
+			{
+				return false;
+			}
+			$block = $block[$name];
+			if (!isset($block[$index]))
+			{
+				return false;
+			}
+			$block = $block[$index];
+		}
+
+		if (!isset($block[$blocks[$i]]))
+		{
+			return false;
+		}
+		$block = $block[$blocks[$i]]; // Traverse the last block
+
+		// Change key to zero (change first position) if false and to last position if true
+		if ($key === false || $key === true)
+		{
+			return ($key === false) ? 0 : sizeof($block) - 1;
+		}
+
+		// Get correct position if array given
+		if (is_array($key))
+		{
+			// Search array to get correct position
+			list($search_key, $search_value) = @each($key);
+			foreach ($block as $i => $val_ary)
+			{
+				if ($val_ary[$search_key] === $search_value)
+				{
+					return $i;
+				}
+			}
+		}
+
+		return (is_int($key) && ((0 <= $key) && ($key < sizeof($block)))) ? $key : false;
+	}
+
 	/**
 	* Change already assigned key variable pair (one-dimensional - single loop entry)
 	*
@@ -293,45 +376,49 @@ class context
 	public function alter_block_array($blockname, array $vararray, $key = false, $mode = 'insert')
 	{
 		$this->num_rows_is_set = false;
-		if (strpos($blockname, '.') !== false)
+
+		// For nested block, $blockcount > 0, for top-level block, $blockcount == 0
+		$blocks = explode('.', $blockname);
+		$blockcount = sizeof($blocks) - 1;
+
+		$block = &$this->tpldata;
+		for ($i = 0; $i < $blockcount; $i++)
 		{
-			// Nested block.
-			$blocks = explode('.', $blockname);
-			$blockcount = sizeof($blocks) - 1;
-
-			$block = &$this->tpldata;
-			for ($i = 0; $i < $blockcount; $i++)
+			if (($pos = strpos($blocks[$i], '[')) !== false)
 			{
-				if (($pos = strpos($blocks[$i], '[')) !== false)
-				{
-					$name = substr($blocks[$i], 0, $pos);
+				$name = substr($blocks[$i], 0, $pos);
 
-					if (strpos($blocks[$i], '[]') === $pos)
-					{
-						$index = sizeof($block[$name]) - 1;
-					}
-					else
-					{
-						$index = min((int) substr($blocks[$i], $pos + 1, -1), sizeof($block[$name]) - 1);
-					}
+				if (strpos($blocks[$i], '[]') === $pos)
+				{
+					$index = sizeof($block[$name]) - 1;
 				}
 				else
 				{
-					$name = $blocks[$i];
-					$index = sizeof($block[$name]) - 1;
+					$index = min((int) substr($blocks[$i], $pos + 1, -1), sizeof($block[$name]) - 1);
 				}
-				$block = &$block[$name];
-				$block = &$block[$index];
 			}
+			else
+			{
+				$name = $blocks[$i];
+				$index = sizeof($block[$name]) - 1;
+			}
+			$block = &$block[$name];
+			$block = &$block[$index];
+		}
+		$name = $blocks[$i];
 
-			$block = &$block[$blocks[$i]]; // Traverse the last block
-		}
-		else
+		// If last block does not exist and we are inserting, and not searching for key, we create it empty; otherwise, nothing to do
+		if (!isset($block[$name]))
 		{
-			// Top-level block.
-			$block = &$this->tpldata[$blockname];
+			if ($mode != 'insert' || is_array($key))
+			{
+				return false;
+			}
+			$block[$name] = array();
 		}
 
+		$block = &$block[$name]; // Now we can traverse the last block
+
 		// Change key to zero (change first position) if false and to last position if true
 		if ($key === false || $key === true)
 		{
@@ -371,14 +458,15 @@ class context
 				unset($block[($key - 1)]['S_LAST_ROW']);
 				$vararray['S_LAST_ROW'] = true;
 			}
-			else if ($key === 0)
+			if ($key <= 0)
 			{
+				$key = 0;
 				unset($block[0]['S_FIRST_ROW']);
 				$vararray['S_FIRST_ROW'] = true;
 			}
 
 			// Assign S_BLOCK_NAME
-			$vararray['S_BLOCK_NAME'] = $blockname;
+			$vararray['S_BLOCK_NAME'] = $name;
 
 			// Re-position template blocks
 			for ($i = sizeof($block); $i > $key; $i--)
@@ -398,6 +486,12 @@ class context
 		// Which block to change?
 		if ($mode == 'change')
 		{
+			// If key is out of bounds, do not change anything
+			if ($key > sizeof($block) || $key < 0)
+			{
+				return false;
+			}
+
 			if ($key == sizeof($block))
 			{
 				$key--;

phpBB/phpbb/template/template.php

@@ -172,6 +172,23 @@ interface template
 	*/
 	public function alter_block_array($blockname, array $vararray, $key = false, $mode = 'insert');
 
+	/**
+	* Find the index for a specified key in the innermost specified block
+	*
+	* @param	string	$blockname	the blockname, for example 'loop'
+	* @param	mixed	$key		Key to search for
+	*
+	* array: KEY => VALUE [the key/value pair to search for within the loop to determine the correct position]
+	*
+	* int: Position [the position to search for]
+	*
+	* If key is false the position is set to 0
+	* If key is true the position is set to the last entry
+	*
+	* @return mixed false if not found, index position otherwise; be sure to test with ===
+	*/
+	public function find_key_index($blockname, $key);
+
 	/**
 	* Get path to template for handle (required for BBCode parser)
 	*

phpBB/phpbb/version_helper.php

@@ -61,6 +61,23 @@ class version_helper
 	/** @var \phpbb\user */
 	protected $user;
 
+	protected $version_schema = array(
+		'stable' => array(
+			'current'		=> 'version',
+			'download'		=> 'url',
+			'announcement'	=> 'url',
+			'eol'			=> 'url',
+			'security'		=> 'bool',
+		),
+		'unstable' => array(
+			'current'		=> 'version',
+			'download'		=> 'url',
+			'announcement'	=> 'url',
+			'eol'			=> 'url',
+			'security'		=> 'bool',
+		),
+	);
+
 	/**
 	 * Constructor
 	 *
@@ -184,7 +201,7 @@ class version_helper
 		$self = $this;
 		$current_version = $this->current_version;
 
-		// Filter out any versions less than to the current version
+		// Filter out any versions less than the current version
 		$versions = array_filter($versions, function($data) use ($self, $current_version) {
 			return $self->compare($data['current'], $current_version, '>=');
 		});
@@ -200,12 +217,118 @@ class version_helper
 		});
 	}
 
+	/**
+	 * Gets the latest update for the current branch the user is on
+	 * Will suggest versions from newer branches when EoL has been reached
+	 * and/or version from newer branch is needed for having all known security
+	 * issues fixed.
+	 *
+	 * @param bool $force_update Ignores cached data. Defaults to false.
+	 * @param bool $force_cache Force the use of the cache. Override $force_update.
+	 * @return array Version info or empty array if there are no updates
+	 * @throws \RuntimeException
+	 */
+	public function get_update_on_branch($force_update = false, $force_cache = false)
+	{
+		$versions = $this->get_versions_matching_stability($force_update, $force_cache);
+
+		$self = $this;
+		$current_version = $this->current_version;
+
+		// Filter out any versions less than the current version
+		$versions = array_filter($versions, function($data) use ($self, $current_version) {
+			return $self->compare($data['current'], $current_version, '>=');
+		});
+
+		// Get the lowest version from the previous list.
+		$update_info = array_reduce($versions, function($value, $data) use ($self, $current_version) {
+			if ($value === null && $self->compare($data['current'], $current_version, '>='))
+			{
+				if (!$data['eol'] && (!$data['security'] || $self->compare($data['security'], $data['current'], '<=')))
+				{
+					return ($self->compare($data['current'], $current_version, '>')) ? $data : array();
+				}
+				else
+				{
+					return null;
+				}
+			}
+
+			return $value;
+		});
+
+		return $update_info === null ? array() : $update_info;
+	}
+
+	/**
+	 * Gets the latest extension update for the current phpBB branch the user is on
+	 * Will suggest versions from newer branches when EoL has been reached
+	 * and/or version from newer branch is needed for having all known security
+	 * issues fixed.
+	 *
+	 * @param bool $force_update Ignores cached data. Defaults to false.
+	 * @param bool $force_cache Force the use of the cache. Override $force_update.
+	 * @return array Version info or empty array if there are no updates
+	 * @throws \RuntimeException
+	 */
+	public function get_ext_update_on_branch($force_update = false, $force_cache = false)
+	{
+		$versions = $this->get_versions_matching_stability($force_update, $force_cache);
+
+		$self = $this;
+		$current_version = $this->current_version;
+
+		// Get current phpBB branch from version, e.g.: 3.2
+		preg_match('/^(\d+\.\d+).*$/', $this->config['version'], $matches);
+		$current_branch = $matches[1];
+
+		// Filter out any versions less than the current version
+		$versions = array_filter($versions, function($data) use ($self, $current_version) {
+			return $self->compare($data['current'], $current_version, '>=');
+		});
+
+		// Filter out any phpbb branches less than the current version
+		$branches = array_filter(array_keys($versions), function($branch) use ($self, $current_branch) {
+			return $self->compare($branch, $current_branch, '>=');
+		});
+		if (!empty($branches))
+		{
+			$versions = array_intersect_key($versions, array_flip($branches));
+		}
+		else
+		{
+			// If branches are empty, it means the current phpBB branch is newer than any branch the
+			// extension was validated against. Reverse sort the versions array so we get the newest
+			// validated release available.
+			krsort($versions);
+		}
+
+		// Get the first available version from the previous list.
+		$update_info = array_reduce($versions, function($value, $data) use ($self, $current_version) {
+			if ($value === null && $self->compare($data['current'], $current_version, '>='))
+			{
+				if (!$data['eol'] && (!$data['security'] || $self->compare($data['security'], $data['current'], '<=')))
+				{
+					return $self->compare($data['current'], $current_version, '>') ? $data : array();
+				}
+				else
+				{
+					return null;
+				}
+			}
+
+			return $value;
+		});
+
+		return $update_info === null ? array() : $update_info;
+	}
+
 	/**
 	* Obtains the latest version information
 	*
 	* @param bool $force_update Ignores cached data. Defaults to false.
 	* @param bool $force_cache Force the use of the cache. Override $force_update.
-	* @return string
+	* @return array
 	* @throws \RuntimeException
 	*/
 	public function get_suggested_updates($force_update = false, $force_cache = false)
@@ -226,7 +349,7 @@ class version_helper
 	*
 	* @param bool $force_update Ignores cached data. Defaults to false.
 	* @param bool $force_cache Force the use of the cache. Override $force_update.
-	* @return string Version info
+	* @return array Version info
 	* @throws \RuntimeException
 	*/
 	public function get_versions_matching_stability($force_update = false, $force_cache = false)
@@ -246,7 +369,7 @@ class version_helper
 	*
 	* @param bool $force_update Ignores cached data. Defaults to false.
 	* @param bool $force_cache Force the use of the cache. Override $force_update.
-	* @return string Version info, includes stable and unstable data
+	* @return array Version info, includes stable and unstable data
 	* @throws \RuntimeException
 	*/
 	public function get_versions($force_update = false, $force_cache = false)
@@ -298,9 +421,100 @@ class version_helper
 			$info['stable'] = (empty($info['stable'])) ? array() : $info['stable'];
 			$info['unstable'] = (empty($info['unstable'])) ? $info['stable'] : $info['unstable'];
 
+			$info = $this->validate_versions($info);
+
 			$this->cache->put($cache_file, $info, 86400); // 24 hours
 		}
 
 		return $info;
 	}
+
+	/**
+	 * Validate versions info input
+	 *
+	 * @param array $versions_info Decoded json data array. Will be modified
+	 *		and cleaned by this method
+	 *
+	 * @return array Versions info array
+	 */
+	public function validate_versions($versions_info)
+	{
+		$array_diff = array_diff_key($versions_info, array($this->version_schema));
+
+		// Remove excessive data
+		if (count($array_diff) > 0)
+		{
+			$old_versions_info = $versions_info;
+			$versions_info = array(
+				'stable'	=> !empty($old_versions_info['stable']) ? $old_versions_info['stable'] : array(),
+				'unstable'	=> !empty($old_versions_info['unstable']) ? $old_versions_info['unstable'] : array(),
+			);
+			unset($old_versions_info);
+		}
+
+		foreach ($versions_info as $stability_type => &$versions_data)
+		{
+			foreach ($versions_data as $branch => &$version_data)
+			{
+				if (!preg_match('/^[0-9a-z\-\.]+$/i', $branch))
+				{
+					unset($versions_data[$branch]);
+					continue;
+				}
+
+				$stability_diff = array_diff_key($version_data, $this->version_schema[$stability_type]);
+
+				if (count($stability_diff) > 0)
+				{
+					$old_version_data = $version_data;
+					$version_data = array();
+					foreach ($this->version_schema[$stability_type] as $key => $value)
+					{
+						if (isset($old_version_data[$key]))
+						{
+							$version_data[$key] = $old_version_data[$key];
+						}
+					}
+					unset($old_version_data);
+				}
+
+				foreach ($version_data as $key => &$value)
+				{
+					if (!isset($this->version_schema[$stability_type][$key]))
+					{
+						unset($version_data[$key]);
+						throw new \RuntimeException($this->user->lang('VERSIONCHECK_INVALID_ENTRY'));
+					}
+
+					switch ($this->version_schema[$stability_type][$key])
+					{
+						case 'bool':
+							$value = (bool) $value;
+						break;
+
+						case 'url':
+							if (!empty($value) && !preg_match('#^' . get_preg_expression('url') . '$#iu', $value) &&
+								!preg_match('#^' . get_preg_expression('www_url') . '$#iu', $value))
+							{
+								throw new \RuntimeException($this->user->lang('VERSIONCHECK_INVALID_URL'));
+							}
+						break;
+
+						case 'version':
+							if (!empty($value) && !preg_match(get_preg_expression('semantic_version'), $value))
+							{
+								throw new \RuntimeException($this->user->lang('VERSIONCHECK_INVALID_VERSION'));
+							}
+						break;
+
+						default:
+							// Shouldn't be possible to trigger this
+							throw new \RuntimeException($this->user->lang('VERSIONCHECK_INVALID_ENTRY'));
+					}
+				}
+			}
+		}
+
+		return $versions_info;
+	}
 }

phpBB/posting.php

@@ -84,7 +84,7 @@ $current_time = time();
 *							NOTE: Should be actual language strings, NOT
 *							language keys.
 * @since 3.1.0-a1
-* @change 3.1.2-RC1			Removed 'delete' var as it does not exist
+* @changed 3.1.2-RC1			Removed 'delete' var as it does not exist
 */
 $vars = array(
 	'post_id',
@@ -340,11 +340,6 @@ switch ($mode)
 			$is_authed = true;
 			$mode = 'soft_delete';
 		}
-		else if (!$is_authed)
-		{
-			// Display the same error message for softdelete we use for delete
-			$mode = 'delete';
-		}
 	break;
 }
 /**
@@ -393,13 +388,13 @@ $vars = array(
 );
 extract($phpbb_dispatcher->trigger_event('core.modify_posting_auth', compact($vars)));
 
-if (!$is_authed)
+if (!$is_authed || !empty($error))
 {
-	$check_auth = ($mode == 'quote') ? 'reply' : $mode;
+	$check_auth = ($mode == 'quote') ? 'reply' : (($mode == 'soft_delete') ? 'delete' : $mode);
 
 	if ($user->data['is_registered'])
 	{
-		trigger_error('USER_CANNOT_' . strtoupper($check_auth));
+		trigger_error(empty($error) ? 'USER_CANNOT_' . strtoupper($check_auth) : implode('<br/>', $error));
 	}
 	$message = $user->lang['LOGIN_EXPLAIN_' . strtoupper($mode)];
 
@@ -941,7 +936,9 @@ if ($submit || $preview || $refresh)
 	*				is posting a new topic or editing a post)
 	* @var	bool	refresh		Whether or not to retain previously submitted data
 	* @var	object	message_parser	The message parser object
+	* @var	array	error		Array of errors
 	* @since 3.1.2-RC1
+	* @changed 3.1.11-RC1 Added error
 	*/
 	$vars = array(
 		'post_data',
@@ -956,6 +953,7 @@ if ($submit || $preview || $refresh)
 		'cancel',
 		'refresh',
 		'message_parser',
+		'error',
 	);
 	extract($phpbb_dispatcher->trigger_event('core.posting_modify_message_text', compact($vars)));
 
@@ -1063,7 +1061,10 @@ if ($submit || $preview || $refresh)
 	// Validate username
 	if (($post_data['username'] && !$user->data['is_registered']) || ($mode == 'edit' && $post_data['poster_id'] == ANONYMOUS && $post_data['username'] && $post_data['post_username'] && $post_data['post_username'] != $post_data['username']))
 	{
-		include($phpbb_root_path . 'includes/functions_user.' . $phpEx);
+		if (!function_exists('validate_username'))
+		{
+			include($phpbb_root_path . 'includes/functions_user.' . $phpEx);
+		}
 
 		$user->add_lang('ucp');
 
@@ -1261,7 +1262,7 @@ if ($submit || $preview || $refresh)
 	* @var	array	error		Any error strings; a non-empty array aborts form submission.
 	*				NOTE: Should be actual language strings, NOT language keys.
 	* @since 3.1.0-RC5
-	* @change 3.1.5-RC1 Added poll array to the event
+	* @changed 3.1.5-RC1 Added poll array to the event
 	*/
 	$vars = array(
 		'post_data',
@@ -1869,13 +1870,13 @@ if (($mode == 'post' || ($mode == 'edit' && $post_id == $post_data['topic_first_
 *				posting page via $template->assign_vars()
 * @var	object	message_parser	The message parser object
 * @since 3.1.0-a1
-* @change 3.1.0-b3 Added vars post_data, moderators, mode, page_title,
+* @changed 3.1.0-b3 Added vars post_data, moderators, mode, page_title,
 *		s_topic_icons, form_enctype, s_action, s_hidden_fields,
 *		post_id, topic_id, forum_id, submit, preview, save, load,
 *		delete, cancel, refresh, error, page_data, message_parser
-* @change 3.1.2-RC1 Removed 'delete' var as it does not exist
-* @change 3.1.5-RC1 Added poll variables to the page_data array
-* @change 3.1.6-RC1 Added 'draft_id' var
+* @changed 3.1.2-RC1 Removed 'delete' var as it does not exist
+* @changed 3.1.5-RC1 Added poll variables to the page_data array
+* @changed 3.1.6-RC1 Added 'draft_id' var
 */
 $vars = array(
 	'post_data',

phpBB/styles/prosilver/style.cfg

@@ -21,8 +21,8 @@
 # General Information about this style
 name = prosilver
 copyright = © phpBB Limited, 2007
-style_version = 3.1.10
-phpbb_version = 3.1.10
+style_version = 3.1.12
+phpbb_version = 3.1.12
 
 # Defining a different template bitfield
 # template_bitfield = lNg=

phpBB/styles/prosilver/template/bbcode.html

@@ -18,13 +18,13 @@
 <!-- BEGIN inline_attachment_open --><div class="inline-attachment"><!-- END inline_attachment_open -->
 <!-- BEGIN inline_attachment_close --></div><!-- END inline_attachment_close -->
 
-<!-- BEGIN b_open --><strong><!-- END b_open -->
+<!-- BEGIN b_open --><strong class="text-strong"><!-- END b_open -->
 <!-- BEGIN b_close --></strong><!-- END b_close -->
 
 <!-- BEGIN u_open --><span style="text-decoration: underline"><!-- END u_open -->
 <!-- BEGIN u_close --></span><!-- END u_close -->
 
-<!-- BEGIN i_open --><em><!-- END i_open -->
+<!-- BEGIN i_open --><em class="text-italics"><!-- END i_open -->
 <!-- BEGIN i_close --></em><!-- END i_close -->
 
 <!-- BEGIN color --><span style="color: {COLOR}">{TEXT}</span><!-- END color -->

phpBB/styles/prosilver/template/forum_fn.js

@@ -57,7 +57,7 @@ function marklist(id, name, state) {
 
 	jQuery('#' + id + ' input[type=checkbox][name]').each(function() {
 		var $this = jQuery(this);
-		if ($this.attr('name').substr(0, name.length) === name) {
+		if ($this.attr('name').substr(0, name.length) === name && !$this.prop('disabled')) {
 			$this.prop('checked', state);
 		}
 	});

phpBB/styles/prosilver/template/forumlist_body.html

@@ -47,7 +47,7 @@
 							<!-- EVENT forumlist_body_subforums_before -->
 							<br /><strong>{forumrow.L_SUBFORUM_STR}{L_COLON}</strong>
 							<!-- BEGIN subforum -->
-								<a href="{forumrow.subforum.U_SUBFORUM}" class="subforum<!-- IF forumrow.subforum.S_UNREAD --> unread<!-- ELSE --> read<!-- ENDIF -->" title="<!-- IF forumrow.subforum.S_UNREAD -->{L_UNREAD_POSTS}<!-- ELSE -->{L_NO_UNREAD_POSTS}<!-- ENDIF -->">{forumrow.subforum.SUBFORUM_NAME}</a><!-- IF not forumrow.subforum.S_LAST_ROW -->{L_COMMA_SEPARATOR}<!-- ENDIF -->
+								<!-- EVENT forumlist_body_subforum_link_prepend --><a href="{forumrow.subforum.U_SUBFORUM}" class="subforum<!-- IF forumrow.subforum.S_UNREAD --> unread<!-- ELSE --> read<!-- ENDIF -->" title="<!-- IF forumrow.subforum.S_UNREAD -->{L_UNREAD_POSTS}<!-- ELSE -->{L_NO_UNREAD_POSTS}<!-- ENDIF -->">{forumrow.subforum.SUBFORUM_NAME}</a><!-- IF not forumrow.subforum.S_LAST_ROW -->{L_COMMA_SEPARATOR}<!-- ENDIF --><!-- EVENT forumlist_body_subforum_link_append -->
 							<!-- END subforum -->
 							<!-- EVENT forumlist_body_subforums_after -->
 						<!-- ENDIF -->

phpBB/styles/prosilver/template/index_body.html

@@ -40,13 +40,18 @@
 		<!-- IF U_VIEWONLINE --><h3><a href="{U_VIEWONLINE}">{L_WHO_IS_ONLINE}</a></h3><!-- ELSE --><h3>{L_WHO_IS_ONLINE}</h3><!-- ENDIF -->
 		<p>
 			<!-- EVENT index_body_block_online_prepend -->
-			{TOTAL_USERS_ONLINE} ({L_ONLINE_EXPLAIN})<br />{RECORD_USERS}<br /> <br />{LOGGED_IN_USER_LIST}
-			<!-- IF LEGEND --><br /><em>{L_LEGEND}{L_COLON} {LEGEND}</em><!-- ENDIF -->
+			{TOTAL_USERS_ONLINE} ({L_ONLINE_EXPLAIN})<br />{RECORD_USERS}<br /> 
+			<!-- IF U_VIEWONLINE -->
+				<br />{LOGGED_IN_USER_LIST}
+				<!-- IF LEGEND --><br /><em>{L_LEGEND}{L_COLON} {LEGEND}</em><!-- ENDIF -->
+			<!-- ENDIF -->
 			<!-- EVENT index_body_block_online_append -->
 		</p>
 	</div>
 <!-- ENDIF -->
 
+<!-- EVENT index_body_birthday_block_before -->
+
 <!-- IF S_DISPLAY_BIRTHDAY_LIST -->
 	<div class="stat-block birthday-list">
 		<h3>{L_BIRTHDAYS}</h3>

phpBB/styles/prosilver/template/mcp_post.html

@@ -294,6 +294,14 @@
 			</tbody>
 			</table>
 
+			<div class="pagination">
+				<!-- INCLUDE pagination.html -->
+			</div>
+			</div>
+		</div>
+
+		<div class="panel">
+			<div class="inner">
 			<table class="table1">
 			<thead>
 			<tr>
@@ -315,7 +323,27 @@
 			</tbody>
 			</table>
 
-			<p><a href="{U_LOOKUP_ALL}#ip">{L_LOOKUP_ALL}</a></p>
+			<div class="buttons">
+				<p><a href="{U_LOOKUP_ALL}#ip">{L_LOOKUP_ALL}</a></p>
+			</div>
+
+			<div class="pagination">
+				<ul>
+				<!-- BEGIN pagination_ips -->
+					<!-- IF pagination_ips.S_IS_PREV -->
+						<li class="previous"><a href="{pagination_ips.PAGE_URL}" rel="prev" role="button">{L_PREVIOUS}</a></li>
+					<!-- ELSEIF pagination_ips.S_IS_CURRENT -->
+						<li class="active"><span>{pagination_ips.PAGE_NUMBER}</span></li>
+					<!-- ELSEIF pagination_ips.S_IS_ELLIPSIS -->
+						<li class="ellipsis" role="separator"><span>{L_ELLIPSIS}</span></li>
+					<!-- ELSEIF pagination_ips.S_IS_NEXT -->
+						<li class="next"><a href="{pagination_ips.PAGE_URL}" rel="next" role="button">{L_NEXT}</a></li>
+					<!-- ELSE -->
+						<li><a href="{pagination_ips.PAGE_URL}" role="button">{pagination_ips.PAGE_NUMBER}</a></li>
+					<!-- ENDIF -->
+				<!-- END pagination_ips -->
+				</ul>
+			</div>
 
 			</div>
 		</div>

phpBB/styles/prosilver/template/mcp_topic.html

@@ -111,7 +111,9 @@
 					</li>
 				</ul>
 
+				<!-- EVENT mcp_topic_postrow_post_subject_before -->
 				<h3><a href="{postrow.U_POST_DETAILS}">{postrow.POST_SUBJECT}</a></h3>
+				<!-- EVENT mcp_topic_postrow_post_subject_after -->
 
 				<!-- EVENT mcp_topic_postrow_post_details_before -->
 				<p class="author"><a href="#pr{postrow.POST_ID}">{postrow.MINI_POST_IMG}</a> {L_POSTED} {postrow.POST_DATE} {L_POST_BY_AUTHOR} <strong>{postrow.POST_AUTHOR_FULL}</strong><!-- IF postrow.U_MCP_DETAILS --> [ <a href="{postrow.U_MCP_DETAILS}">{L_POST_DETAILS}</a> ]<!-- ENDIF --></p>

phpBB/styles/prosilver/template/search_results.html

@@ -76,6 +76,7 @@
 							<!-- IF searchresults.S_TOPIC_UNAPPROVED or searchresults.S_POSTS_UNAPPROVED --><a href="{searchresults.U_MCP_QUEUE}">{searchresults.UNAPPROVED_IMG}</a> <!-- ENDIF -->
 							<!-- IF searchresults.S_TOPIC_DELETED --><a href="{searchresults.U_MCP_QUEUE}">{DELETED_IMG}</a> <!-- ENDIF -->
 							<!-- IF searchresults.S_TOPIC_REPORTED --><a href="{searchresults.U_MCP_REPORT}">{REPORTED_IMG}</a><!-- ENDIF --><br />
+							<!-- EVENT topiclist_row_topic_title_after -->
 							<!-- IF .searchresults.pagination -->
 							<div class="pagination">
 								<ul>
@@ -91,7 +92,6 @@
 							</div>
 							<!-- ENDIF -->
 							<!-- IF searchresults.S_HAS_POLL -->{POLL_IMG} <!-- ENDIF -->
-							<!-- EVENT topiclist_row_topic_title_after -->
 							{L_POST_BY_AUTHOR} {searchresults.TOPIC_AUTHOR_FULL} &raquo; {searchresults.FIRST_POST_TIME} &raquo; {L_IN} <a href="{searchresults.U_VIEW_FORUM}">{searchresults.FORUM_TITLE}</a>
 							<!-- EVENT topiclist_row_append -->
 
@@ -137,6 +137,7 @@
 			<dd class="search-result-date">{searchresults.POST_DATE}</dd>
 			<dd>{L_FORUM}{L_COLON} <a href="{searchresults.U_VIEW_FORUM}">{searchresults.FORUM_TITLE}</a></dd>
 			<dd>{L_TOPIC}{L_COLON} <a href="{searchresults.U_VIEW_TOPIC}">{searchresults.TOPIC_TITLE}</a></dd>
+			<!-- EVENT search_results_topic_title_after -->
 			<dd>{L_REPLIES}{L_COLON} <strong>{searchresults.TOPIC_REPLIES}</strong></dd>
 			<dd>{L_VIEWS}{L_COLON} <strong>{searchresults.TOPIC_VIEWS}</strong></dd>
 			<!-- EVENT search_results_postprofile_after -->