[prep-release-3.2.9] Update changelog for 3.2.9

[prep-release-3.2.9] Add migration for 3.2.9
[prep-release-3.2.9] Update version numbers for 3.2.9
2025-09-08 07:10:51 +02:00 · 2020-01-04 11:32:26 +01:00 · 2020-01-04 10:17:57 +01:00 · 2020-01-04 10:16:06 +01:00 · 2020-01-03 17:25:12 +01:00 · 2020-01-03 17:24:33 +01:00
183 changed files with 3276 additions and 764 deletions
--- a/.appveyor.yml
+++ b/.appveyor.yml
@@ -39,7 +39,8 @@ init:
 before_test:
  - ps: |
      Set-Service wuauserv -StartupType Manual
-      cinst -y php --version ((choco search php --exact --all-versions -r | select-string -pattern $env:php | sort { [version]($_ -split '\|' | select -last 1) } -Descending | Select-Object -first 1) -replace '[php|]','')
+      choco install chocolatey -y --version 0.10.13 --allow-downgrade
+      choco install php -y --version ((choco search php --exact --all-versions -r | select-string -pattern $env:php | sort { [version]($_ -split '\|' | select -last 1) } -Descending | Select-Object -first 1) -replace '[php|]','')
      Get-ChildItem -Path "c:\tools\php$($env:php -replace '([0-9])[.]([0-9])[.]?([0-9]+)?','$1$2')" -Recurse |
          Move-Item -destination "c:\tools\php"
      cd c:\tools\php
@@ -98,7 +99,7 @@ before_test:
        $data = "<?php`n`n`$dbms = 'phpbb\\db\\driver\\postgres';`n`$dbhost = 'localhost';`n`$dbport = '';`n`$dbname = 'phpbb_test';`n`$dbuser = 'postgres';`n`$dbpasswd = 'Password12!';`n`$phpbb_functional_url = 'http://phpbb.test/';"; $data | Out-File -Encoding "Default" "c:\\projects\\phpbb\\tests\\test_config.php"
      }
      elseif ($env:db -eq "mariadb") {
-        appveyor-retry cinst -y --force mariadb
+        appveyor-retry choco install mariadb -y --force
        $env:MYSQL_PWD=""
        $cmd = '"C:\Program Files\MariaDB 10.2\bin\mysql" -e "create database phpbb_test;" --user=root'
        iex "& $cmd"
@@ -106,13 +107,13 @@ before_test:
      }
      elseif ($env:db -eq "sqlite") {
        # install sqlite
-        appveyor-retry cinst -y sqlite
+        appveyor-retry choco install sqlite -y
        sqlite3 c:\projects\test.db "create table aTable(field1 int); drop table aTable;"
        $data = "<?php`n`n`$dbms = 'phpbb\\db\\driver\\sqlite3';`n`$dbhost = 'c:\\projects\\test.db';`n`$dbport = '';`n`$dbname = '';`n`$dbuser = '';`n`$dbpasswd = '';`n`$phpbb_functional_url = 'http://phpbb.test/';"; $data | Out-File -Encoding "Default" "c:\\projects\\phpbb\\tests\\test_config.php"
      }

      # Install PhantomJS
-      cinst -y phantomjs
+      choco install phantomjs -y
      Start-Process "phantomjs" "--webdriver=8910" | Out-Null
  - ps: |
      cd c:\projects\phpbb\phpBB
@@ -120,7 +121,7 @@ before_test:
      (Get-Content c:\projects\phpbb\phpBB\web.config).replace("`t</system.webServer>", "`t`t<httpErrors errorMode=`"Detailed`" />`n`t</system.webServer>") | Set-Content c:\projects\phpbb\phpBB\web.config
  - cd c:\projects\phpbb\phpBB
  - php ..\composer.phar install
-  - choco install -y urlrewrite
+  - choco install urlrewrite -y
  - ps: New-WebSite -Name 'phpBBTest' -PhysicalPath 'c:\projects\phpbb\phpBB' -Force
  - ps: Import-Module WebAdministration; Set-ItemProperty 'IIS:\Sites\phpBBTest' -name Bindings -value @{protocol='http';bindingInformation='*:80:phpbb.test'}
  - echo Change default anonymous user AUTH to ApplicationPool
@@ -141,3 +142,4 @@ before_test:
 test_script:
  - cd c:\projects\phpbb
  - php -e phpBB\vendor\phpunit\phpunit\phpunit --verbose
+
--- a/.travis.yml
+++ b/.travis.yml
@@ -1,5 +1,5 @@
 language: php
-sudo: required
+dist: trusty

 matrix:
  include:
--- a/README.md
+++ b/README.md
@@ -31,9 +31,11 @@ Read our [Vagrant documentation](phpBB/docs/vagrant.md) to find out how to use V

 We have unit and functional tests in order to prevent regressions. You can view the bamboo continuous integration [here](https://bamboo.phpbb.com) or check our travis builds below:

-* [![Build Status](https://travis-ci.org/phpbb/phpbb.svg?branch=master)](http://travis-ci.org/phpbb/phpbb)[![Build status](https://ci.appveyor.com/api/projects/status/8g98ybngd2f3axy1/branch/master?svg=true)](https://ci.appveyor.com/project/phpBB/phpbb/branch/master) **master** - Latest development version
-* [![Build Status](https://travis-ci.org/phpbb/phpbb.svg?branch=3.2.x)](http://travis-ci.org/phpbb/phpbb)[![Build status](https://ci.appveyor.com/api/projects/status/8g98ybngd2f3axy1/branch/3.2.x?svg=true)](https://ci.appveyor.com/project/phpBB/phpbb/branch/3.2.x) **3.2.x** - Development of version 3.2.x
-* [![Build Status](https://travis-ci.org/phpbb/phpbb.svg?branch=3.1.x)](http://travis-ci.org/phpbb/phpbb) **3.1.x** - Development of version 3.1.x
+Travis CI  | AppVeyor | Branch  | Description
+---------- | -------- | ------- | -----------
+[![Build Status](https://travis-ci.org/phpbb/phpbb.svg?branch=master)](http://travis-ci.org/phpbb/phpbb) | [![Build status](https://ci.appveyor.com/api/projects/status/8g98ybngd2f3axy1/branch/master?svg=true)](https://ci.appveyor.com/project/phpBB/phpbb/branch/master) | **master** | Latest development version
+[![Build Status](https://travis-ci.org/phpbb/phpbb.svg?branch=3.3.x)](http://travis-ci.org/phpbb/phpbb) | [![Build status](https://ci.appveyor.com/api/projects/status/8g98ybngd2f3axy1/branch/3.3.x?svg=true)](https://ci.appveyor.com/project/phpBB/phpbb/branch/3.3.x) | **3.3.x** | Development of version 3.3.x
+[![Build Status](https://travis-ci.org/phpbb/phpbb.svg?branch=3.2.x)](http://travis-ci.org/phpbb/phpbb) | [![Build status](https://ci.appveyor.com/api/projects/status/8g98ybngd2f3axy1/branch/3.2.x?svg=true)](https://ci.appveyor.com/project/phpBB/phpbb/branch/3.2.x) | **3.2.x** | Development of version 3.2.x

 ## LICENSE

--- a/build/build.xml
+++ b/build/build.xml
@@ -2,9 +2,9 @@

 <project name="phpBB" description="The phpBB forum software" default="all" basedir="../">
 	<!-- a few settings for the build -->
-	<property name="newversion" value="3.2.6" />
-	<property name="prevversion" value="3.2.5" />
-	<property name="olderversions" value="3.1.0, 3.1.1, 3.1.2, 3.1.3, 3.1.4, 3.1.5, 3.1.6, 3.1.7, 3.1.7-pl1, 3.1.8, 3.1.9, 3.1.10, 3.1.11, 3.1.12, 3.2.0-a1, 3.2.0-a2, 3.2.0-b1, 3.2.0-b2, 3.2.0-RC1, 3.2.0-RC2, 3.2.0, 3.2.1, 3.2.2, 3.2.3, 3.2.4, 3.2.6-RC1" />
+	<property name="newversion" value="3.2.9" />
+	<property name="prevversion" value="3.2.8" />
+	<property name="olderversions" value="3.1.0, 3.1.1, 3.1.2, 3.1.3, 3.1.4, 3.1.5, 3.1.6, 3.1.7, 3.1.7-pl1, 3.1.8, 3.1.9, 3.1.10, 3.1.11, 3.1.12, 3.2.0-a1, 3.2.0-a2, 3.2.0-b1, 3.2.0-b2, 3.2.0-RC1, 3.2.0-RC2, 3.2.0, 3.2.1, 3.2.2, 3.2.3, 3.2.4, 3.2.5, 3.2.6, 3.2.7, 3.2.9-RC1" />
 	<!-- no configuration should be needed beyond this point -->

 	<property name="oldversions" value="${olderversions}, ${prevversion}" />
--- a/build/generate_package_json.php
+++ b/build/generate_package_json.php
@@ -0,0 +1,127 @@
+#!/usr/bin/env php
+<?php
+/**
+ *
+ * This file is part of the phpBB Forum Software package.
+ *
+ * @copyright (c) phpBB Limited <https://www.phpbb.com>
+ * @license GNU General Public License, version 2 (GPL-2.0)
+ *
+ * For full copyright and license information, please see
+ * the docs/CREDITS.txt file.
+ *
+ */
+
+if (version_compare(PHP_VERSION, '7.0-dev', '<'))
+{
+	die('generate_package_json.php requires at least PHP 7.0.');
+}
+
+define('IN_PHPBB', true);
+include_once('../phpBB/includes/functions.php');
+
+$json_data = new \stdClass();
+$json_data->metadata = new stdClass();
+
+$json_data->metadata->current_version_date = '';
+$json_data->metadata->current_version = '';
+$json_data->metadata->download_path = '';
+$json_data->metadata->show_update_package = true;
+$json_data->metadata->historic = false;
+
+$json_data->package = [];
+
+// Open build.xml
+$build_xml = simplexml_load_file('build.xml');
+$current_version = (string) $build_xml->xpath('/project/property[@name=\'newversion\']/@value')[0]->value;
+$previous_version = (string) $build_xml->xpath('/project/property[@name=\'prevversion\']/@value')[0]->value;
+$older_verions = explode(', ', (string) $build_xml->xpath('/project/property[@name=\'olderversions\']/@value')[0]->value);
+
+// Clean and sort version info
+$older_verions[] = $previous_version;
+$older_verions = array_filter($older_verions, function($version) {
+	preg_match(get_preg_expression('semantic_version'), $version, $matches);
+	return empty($matches['prerelease']) || strpos($matches['prerelease'], 'pl') !== false;
+});
+usort($older_verions, function($version_a, $version_b)
+{
+	return phpbb_version_compare($version_b, $version_a);
+});
+
+// Set metadata
+$json_data->metadata->current_version = $current_version;
+$json_data->metadata->current_version_date = date('Y-m-d');
+$json_data->metadata->download_path = 'https://download.phpbb.com/pub/release/' . preg_replace('#([0-9]+\.[0-9]+)(\..+)#', '$1', $current_version) . '/' . $current_version . '/';
+
+// Add package, patch files, and changed files
+phpbb_add_package_file(
+	$json_data->package,
+	'phpBB ' . $current_version,
+	'phpBB-' . $current_version,
+	'full',
+	''
+);
+phpbb_add_package_file(
+	$json_data->package,
+	'phpBB ' . $current_version . ' Patch Files',
+	'phpBB-' . $current_version . '-patch',
+	'update',
+	'patch'
+);
+phpbb_add_package_file(
+	$json_data->package,
+	'phpBB ' . $current_version . ' Changed Files',
+	'phpBB-' . $current_version . '-files',
+	'update',
+	'files'
+);
+
+// Loop through packages and assign to packages array
+foreach ($older_verions as $version)
+{
+	phpbb_add_package_file(
+		$json_data->package,
+		'phpBB ' . $version . ' to ' . $current_version . ' Update Package',
+		'phpBB-' . $version . '_to_' . $current_version,
+		'update',
+		'update',
+		$version
+	);
+}
+
+echo(json_encode($json_data, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES) . "\n");
+
+function phpbb_add_package_file(array &$package_list, $name, $file_name, $type, $subtype, $from = '')
+{
+	if (!file_exists(__DIR__ . '/new_version/release_files/' . $file_name . '.zip'))
+	{
+		trigger_error('File does not exist: ' . __DIR__ . '/new_version/release_files/' . $file_name . '.zip');
+		return;
+	}
+
+	$package_file = new stdClass();
+	$package_file->name = $name;
+	$package_file->filename = $file_name;
+	$package_file->type = $type;
+	if (!empty($subtype))
+	{
+		$package_file->subtype = $subtype;
+	}
+	if (!empty($from))
+	{
+		$package_file->from = $from;
+	}
+	$package_file->files = [];
+
+	foreach (['zip', 'tar.bz2'] as $extension)
+	{
+		$file_path = 'new_version/release_files/' . $file_name  . '.' . $extension;
+		$filedata = new stdClass();
+		$filedata->filesize = filesize($file_path);
+		$filedata->checksum = trim(preg_replace('/(^\w+)(.+)/', '$1', file_get_contents($file_path . '.sha256')));
+		$filedata->filetype = $extension;
+		$package_file->files[] = $filedata;
+	}
+
+	$package_list[] = $package_file;
+}
--- a/composer.phar
+++ b/composer.phar
--- a/phpBB/adm/style/acp_attachments.html
+++ b/phpBB/adm/style/acp_attachments.html
@@ -110,7 +110,7 @@
 <!-- ELSEIF S_EXTENSION_GROUPS -->

 	<!-- IF S_EDIT_GROUP -->
-		<script type="text/javascript" defer="defer">
+		<script>
 		// <![CDATA[
 			function update_image(newimage)
 			{
@@ -421,17 +421,25 @@
 	</tr>
 	</thead>
 	<tbody>
-	<!-- BEGIN attachments -->
+	{% for attachments in attachments %}
 		<tr>
 			<td>
-				<!-- IF attachments.S_IN_MESSAGE -->{L_EXTENSION_GROUP}{L_COLON} <strong><!-- IF attachments.EXT_GROUP_NAME -->{attachments.EXT_GROUP_NAME}<!-- ELSE -->{L_NO_EXT_GROUP}<!-- ENDIF --></strong><br />{attachments.L_DOWNLOAD_COUNT}<br />{L_IN} {L_PRIVATE_MESSAGE}
-				<!-- ELSE --><a href="{attachments.U_FILE}" style="font-weight: bold;">{attachments.REAL_FILENAME}</a><br /><!-- IF attachments.COMMENT -->{attachments.COMMENT}<br /><!-- ENDIF -->{attachments.L_DOWNLOAD_COUNT}<br />{L_TOPIC}{L_COLON} <a href="{attachments.U_VIEW_TOPIC}">{attachments.TOPIC_TITLE}</a><!-- ENDIF -->
+				{{ lang('EXTENSION_GROUP') ~ lang('COLON') }} <strong>{{ attachments.EXT_GROUP_NAME }}</strong>
+				{% if attachments.S_IN_MESSAGE %}
+					<br>{{ attachments.L_DOWNLOAD_COUNT }}
+					<br>{{ lang('IN') }} {{ lang('PRIVATE_MESSAGE') }}
+				{% else %}
+					<br><a href="{{ attachments.U_FILE }}"><strong>{{ attachments.REAL_FILENAME }}</strong></a>
+					{% if attachments.COMMENT %}<br>{{ attachments.COMMENT }}{% endif %}
+					<br>{{ attachments.L_DOWNLOAD_COUNT }}
+					<br>{{ lang('TOPIC') ~ lang('COLON') }} <a href="{{ attachments.U_VIEW_TOPIC }}">{{ attachments.TOPIC_TITLE }}</a>
+				{% endif %}
 			</td>
-			<td>{attachments.FILETIME}<br />{L_POST_BY_AUTHOR} {attachments.ATTACHMENT_POSTER}</td>
-			<td class="centered-text">{attachments.FILESIZE}</td>
-			<td class="centered-text"><input type="checkbox" class="radio" name="delete[{attachments.ATTACH_ID}]" /></td>
+			<td>{{ attachments.FILETIME }}<br>{{ lang('POST_BY_AUTHOR') }} {{ attachments.ATTACHMENT_POSTER }}</td>
+			<td class="centered-text">{{ attachments.FILESIZE }}</td>
+			<td class="centered-text"><input type="checkbox" class="radio" name="delete[{{ attachments.ATTACH_ID }}]" /></td>
 		</tr>
-	<!-- END attachments -->
+	{% endfor %}
 	</tbody>
 	</table>
 <!-- ELSE -->
--- a/phpBB/adm/style/acp_ban.html
+++ b/phpBB/adm/style/acp_ban.html
@@ -8,7 +8,7 @@

 <p>{L_EXPLAIN}</p>

-<script type="text/javascript">
+<script>
 // <![CDATA[

 	var ban_length = new Array();
--- a/phpBB/adm/style/acp_contact.html
+++ b/phpBB/adm/style/acp_contact.html
@@ -1,6 +1,6 @@
 <!-- INCLUDE overall_header.html -->

-<script type="text/javascript">
+<script>
 // <![CDATA[

 	var form_name = 'acp_contact';
--- a/phpBB/adm/style/acp_database.html
+++ b/phpBB/adm/style/acp_database.html
@@ -35,7 +35,7 @@

 	<p>{L_ACP_BACKUP_EXPLAIN}</p>

-	<script type="text/javascript">
+	<script>
 	// <![CDATA[

 		function selector(bool)
@@ -67,12 +67,6 @@
 		<label><input name="method"<!-- IF methods.S_FIRST_ROW --> id="method" checked="checked"<!-- ENDIF --> type="radio" class="radio" value="{methods.TYPE}" /> {methods.TYPE}</label>
 		<!-- END methods --></dd>
 	</dl>
-	<dl>
-		<dt><label for="where">{L_ACTION}{L_COLON}</label></dt>
-		<dd>
-			<label><input id="where" type="radio" class="radio" name="where" value="store" checked="checked" /> {L_STORE_LOCAL}</label>
-		</dd>
-	</dl>
 	<dl>
 		<dt><label for="table">{L_TABLE_SELECT}{L_COLON}</label></dt>
 		<dd><select id="table" name="table[]" size="10" multiple="multiple">
--- a/phpBB/adm/style/acp_forums.html
+++ b/phpBB/adm/style/acp_forums.html
@@ -4,7 +4,7 @@

 <!-- IF S_EDIT_FORUM -->

-	<script type="text/javascript">
+	<script>
 	// <![CDATA[
 		/**
 		* Handle displaying/hiding several options based on the forum type
@@ -405,7 +405,7 @@

 <!-- ELSEIF S_CONTINUE_SYNC -->

-	<script type="text/javascript">
+	<script>
 	// <![CDATA[
 		var close_waitscreen = 0;
 		// no scrollbars...
@@ -421,7 +421,7 @@

 <!-- ELSE -->

-	<script type="text/javascript">
+	<script>
 	// <![CDATA[
 		/**
 		* Popup search progress bar
@@ -447,7 +447,7 @@
 	<!-- ENDIF -->

 	<!-- IF S_RESYNCED -->
-		<script type="text/javascript">
+		<script>
 		// <![CDATA[
 			var close_waitscreen = 1;
 		// ]]>
--- a/phpBB/adm/style/acp_groups.html
+++ b/phpBB/adm/style/acp_groups.html
@@ -36,10 +36,12 @@
 		<dl>
 			<dt><label for="group_type">{L_GROUP_TYPE}{L_COLON}</label><br /><span>{L_GROUP_TYPE_EXPLAIN}</span></dt>
 			<dd>
+				{% EVENT acp_group_types_prepend %}
 				<label><input name="group_type" type="radio" class="radio" id="group_type" value="{GROUP_TYPE_FREE}"{GROUP_FREE} /> {L_GROUP_OPEN}</label>
 				<label><input name="group_type" type="radio" class="radio" value="{GROUP_TYPE_OPEN}"{GROUP_OPEN} /> {L_GROUP_REQUEST}</label>
 				<label><input name="group_type" type="radio" class="radio" value="{GROUP_TYPE_CLOSED}"{GROUP_CLOSED} /> {L_GROUP_CLOSED}</label>
 				<label><input name="group_type" type="radio" class="radio" value="{GROUP_TYPE_HIDDEN}"{GROUP_HIDDEN} /> {L_GROUP_HIDDEN}</label>
+				{% EVENT acp_group_types_append %}
 			</dd>
 		</dl>
 	<!-- ELSE -->
--- a/phpBB/adm/style/acp_icons.html
+++ b/phpBB/adm/style/acp_icons.html
@@ -4,7 +4,7 @@

 <!-- IF S_EDIT -->

-	<script type="text/javascript" defer="defer">
+	<script>
 	// <![CDATA[
 	<!-- IF S_ADD_CODE -->

--- a/phpBB/adm/style/acp_modules.html
+++ b/phpBB/adm/style/acp_modules.html
@@ -4,7 +4,7 @@

 <!-- IF S_EDIT_MODULE -->

-	<script type="text/javascript">
+	<script>
 	// <![CDATA[
 		function display_options(value)
 		{
--- a/phpBB/adm/style/acp_permission_roles.html
+++ b/phpBB/adm/style/acp_permission_roles.html
@@ -4,7 +4,7 @@

 <!-- IF S_EDIT -->

-	<script type="text/javascript">
+	<script>
 	// <![CDATA[
 		var active_pmask = '0';
 		var active_fmask = '0';
@@ -20,7 +20,7 @@
 	// ]]>
 	</script>

-	<script type="text/javascript" src="style/permissions.js"></script>
+	<script src="style/permissions.js"></script>

 	<a href="{U_BACK}" style="float: {S_CONTENT_FLOW_END};">&laquo; {L_BACK}</a>

--- a/phpBB/adm/style/acp_posting_buttons.html
+++ b/phpBB/adm/style/acp_posting_buttons.html
@@ -1,31 +1,10 @@
-<script type="text/javascript">
+<script>
 // <![CDATA[

 	// Define the bbCode tags
 	var bbcode = new Array();
 	var bbtags = new Array('[b]','[/b]','[i]','[/i]','[u]','[/u]','[quote]','[/quote]','[code]','[/code]','[list]','[/list]','[list=]','[/list]','[img]','[/img]','[url]','[/url]','[flash=]', '[/flash]','[size=]','[/size]'<!-- BEGIN custom_tags -->, {custom_tags.BBCODE_NAME}<!-- END custom_tags -->);

-	// Helpline messages
-	var help_line = {
-		b: '{LA_BBCODE_B_HELP}',
-		i: '{LA_BBCODE_I_HELP}',
-		u: '{LA_BBCODE_U_HELP}',
-		q: '{LA_BBCODE_Q_HELP}',
-		c: '{LA_BBCODE_C_HELP}',
-		l: '{LA_BBCODE_L_HELP}',
-		o: '{LA_BBCODE_O_HELP}',
-		p: '{LA_BBCODE_P_HELP}',
-		w: '{LA_BBCODE_W_HELP}',
-		a: '{LA_BBCODE_A_HELP}',
-		s: '{LA_BBCODE_S_HELP}',
-		f: '{LA_BBCODE_F_HELP}',
-		y: '{LA_BBCODE_Y_HELP}',
-		d: '{LA_BBCODE_D_HELP}'
-		<!-- BEGIN custom_tags -->
-			,cb_{custom_tags.BBCODE_ID}{L_COLON} '{custom_tags.A_BBCODE_HELPLINE}'
-		<!-- END custom_tags -->
-	}
-
 // ]]>
 </script>

@@ -65,7 +44,7 @@
 	</select>
 	<!-- EVENT acp_posting_buttons_custom_tags_before -->
 	<!-- BEGIN custom_tags -->
-	<input type="button" class="button2" name="addbbcode{custom_tags.BBCODE_ID}" value="{custom_tags.BBCODE_TAG}" onclick="bbstyle({custom_tags.BBCODE_ID})" title="{custom_tags.BBCODE_HELPLINE}" />
+	<input type="button" class="button2" name="addbbcode{custom_tags.BBCODE_ID}" value="{custom_tags.BBCODE_TAG}" onclick="bbstyle({custom_tags.BBCODE_ID})" title="{{ custom_tags.BBCODE_HELPLINE|e('html_attr') }}" />
 	<!-- END custom_tags -->
 </div>
 <!-- EVENT acp_posting_buttons_after -->
--- a/phpBB/adm/style/acp_ranks.html
+++ b/phpBB/adm/style/acp_ranks.html
@@ -6,7 +6,7 @@

 	<a href="{U_BACK}" style="float: {S_CONTENT_FLOW_END};">&laquo; {L_BACK}</a>

-	<script type="text/javascript">
+	<script>
 	// <![CDATA[
 		function update_image(newimage)
 		{
--- a/phpBB/adm/style/acp_search.html
+++ b/phpBB/adm/style/acp_search.html
@@ -69,7 +69,7 @@

 <!-- ELSEIF S_INDEX -->

-	<script type="text/javascript">
+	<script>
 	// <![CDATA[
 		/**
 		* Popup search progress bar
--- a/phpBB/adm/style/acp_styles.html
+++ b/phpBB/adm/style/acp_styles.html
@@ -146,7 +146,9 @@
 		{styles_list.EXTRA}
 		<td class="{$ROW_CLASS} mark" width="20">
 			<!-- IF styles_list.STYLE_ID -->
-				<input class="checkbox" type="checkbox" name="ids[]" value="{styles_list.STYLE_ID}" />
+				{% if styles_list.STYLE_NAME !== 'prosilver' %}
+					<input class="checkbox" type="checkbox" name="ids[]" value="{styles_list.STYLE_ID}" />
+				{% endif %}
 			<!-- ELSE -->
 				<!-- IF styles_list.COMMENT != '' -->
 					&nbsp;
--- a/phpBB/adm/style/acp_users_overview.html
+++ b/phpBB/adm/style/acp_users_overview.html
@@ -79,7 +79,7 @@

 <!-- IF not S_USER_FOUNDER or S_FOUNDER -->

-	<script type="text/javascript">
+	<script>
 	// <![CDATA[

 		function display_reason(option)
--- a/phpBB/adm/style/acp_users_prefs.html
+++ b/phpBB/adm/style/acp_users_prefs.html
@@ -1,4 +1,4 @@
-<script type="text/javascript">
+<script>
 // <![CDATA[
 	var default_dateformat = '{A_DEFAULT_DATEFORMAT}';
 // ]]>
--- a/phpBB/adm/style/acp_users_signature.html
+++ b/phpBB/adm/style/acp_users_signature.html
@@ -1,4 +1,4 @@
-<script type="text/javascript">
+<script>
 // <![CDATA[

 	var form_name = 'user_signature';
--- a/phpBB/adm/style/installer_footer.html
+++ b/phpBB/adm/style/installer_footer.html
@@ -6,12 +6,14 @@

 	<div id="page-footer">
 		<div class="copyright">
-			Powered by <a href="https://www.phpbb.com/">phpBB</a>&reg; Forum Software &copy; phpBB Limited
+			{% if S_COPYRIGHT_HTML %}
+				{{ CREDIT_LINE }}
+			{% endif %}
 		</div>
 	</div>
 </div>

-<script type="text/javascript">
+<script>
 <!--
 installLang = {
 	title: '{LA_TIMEOUT_DETECTED_TITLE}',
@@ -20,9 +22,9 @@ installLang = {
 //-->
 </script>

-<script type="text/javascript" src="{T_JQUERY_LINK}"></script>
-<!-- IF S_ALLOW_CDN --><script type="text/javascript">window.jQuery || document.write('\x3Cscript src="{T_ASSETS_PATH}/javascript/jquery.min.js">\x3C/script>');</script><!-- ENDIF -->
-<script type="text/javascript" src="{T_ASSETS_PATH}/javascript/core.js?assets_version={T_ASSETS_VERSION}"></script>
+<script src="{T_JQUERY_LINK}"></script>
+<!-- IF S_ALLOW_CDN --><script>window.jQuery || document.write('\x3Cscript src="{T_ASSETS_PATH}/javascript/jquery.min.js">\x3C/script>');</script><!-- ENDIF -->
+<script src="{T_ASSETS_PATH}/javascript/core.js?assets_version={T_ASSETS_VERSION}"></script>
 <!-- INCLUDEJS admin.js -->
 {$SCRIPTS}

--- a/phpBB/adm/style/overall_footer.html
+++ b/phpBB/adm/style/overall_footer.html
@@ -33,9 +33,9 @@
 	</div>
 </div>

-<script type="text/javascript" src="{T_JQUERY_LINK}"></script>
-<!-- IF S_ALLOW_CDN --><script type="text/javascript">window.jQuery || document.write('\x3Cscript src="{T_ASSETS_PATH}/javascript/jquery.min.js?assets_version={T_ASSETS_VERSION}">\x3C/script>');</script><!-- ENDIF -->
-<script type="text/javascript" src="{T_ASSETS_PATH}/javascript/core.js?assets_version={T_ASSETS_VERSION}"></script>
+<script src="{T_JQUERY_LINK}"></script>
+<!-- IF S_ALLOW_CDN --><script>window.jQuery || document.write('\x3Cscript src="{T_ASSETS_PATH}/javascript/jquery.min.js?assets_version={T_ASSETS_VERSION}">\x3C/script>');</script><!-- ENDIF -->
+<script src="{T_ASSETS_PATH}/javascript/core.js?assets_version={T_ASSETS_VERSION}"></script>
 <!-- INCLUDEJS ajax.js -->
 <!-- INCLUDEJS admin.js -->

--- a/phpBB/adm/style/overall_header.html
+++ b/phpBB/adm/style/overall_header.html
@@ -10,7 +10,7 @@
 <link href="{T_FONT_AWESOME_LINK}" rel="stylesheet">
 <link href="style/admin.css?assets_version={T_ASSETS_VERSION}" rel="stylesheet" type="text/css" media="screen" />

-<script type="text/javascript">
+<script>
 // <![CDATA[
 var jump_page = '{LA_JUMP_PAGE}{L_COLON}';
 var on_page = '{CURRENT_PAGE}';
--- a/phpBB/adm/style/permission_mask.html
+++ b/phpBB/adm/style/permission_mask.html
@@ -1,5 +1,5 @@

-<script type="text/javascript">
+<script>
 // <![CDATA[
 	var active_pmask = '0';
 	var active_fmask = '0';
@@ -9,12 +9,14 @@

 	var role_options = new Array();

+	var no_role_assigned = "{LA_NO_ROLE_ASSIGNED}";
+
 	<!-- IF S_ROLE_JS_ARRAY -->
 		{S_ROLE_JS_ARRAY}
 	<!-- ENDIF -->
 // ]]>
 </script>
-<script type="text/javascript" src="style/permissions.js"></script>
+<script src="style/permissions.js"></script>

 <!-- BEGIN p_mask -->
 <div class="clearfix"></div>
--- a/phpBB/adm/style/permissions.js
+++ b/phpBB/adm/style/permissions.js
@@ -279,6 +279,10 @@ function reset_role(id) {
 	}

 	t.options[0].selected = true;
+
+	var parent = t.parentNode;
+	parent.querySelector('span.dropdown-trigger').innerText = no_role_assigned;
+	parent.querySelector('input[data-name^=role]').value = '0';
 }

 /**
--- a/phpBB/adm/style/progress_bar.html
+++ b/phpBB/adm/style/progress_bar.html
@@ -1,6 +1,6 @@
 <!-- INCLUDE simple_header.html -->

-<script type="text/javascript">
+<script>
 // <![CDATA[
 	/**
 	* Close previously opened popup
@@ -31,7 +31,7 @@
 	<p>{L_PROGRESS_EXPLAIN}</p>
 </div>

-<script type="text/javascript">
+<script>
 // <![CDATA[
 	close_popup();
 // ]]>
--- a/phpBB/adm/style/simple_footer.html
+++ b/phpBB/adm/style/simple_footer.html
@@ -16,9 +16,9 @@

 </div>

-<script type="text/javascript" src="{T_JQUERY_LINK}"></script>
-<!-- IF S_ALLOW_CDN --><script type="text/javascript">window.jQuery || document.write('\x3Cscript src="{T_ASSETS_PATH}/javascript/jquery.min.js?assets_version={T_ASSETS_VERSION}">\x3C/script>');</script><!-- ENDIF -->
-<script type="text/javascript" src="{T_ASSETS_PATH}/javascript/core.js?assets_version={T_ASSETS_VERSION}"></script>
+<script src="{T_JQUERY_LINK}"></script>
+<!-- IF S_ALLOW_CDN --><script>window.jQuery || document.write('\x3Cscript src="{T_ASSETS_PATH}/javascript/jquery.min.js?assets_version={T_ASSETS_VERSION}">\x3C/script>');</script><!-- ENDIF -->
+<script src="{T_ASSETS_PATH}/javascript/core.js?assets_version={T_ASSETS_VERSION}"></script>

 <!-- EVENT acp_simple_footer_after -->
 {$SCRIPTS}
--- a/phpBB/adm/style/simple_header.html
+++ b/phpBB/adm/style/simple_header.html
@@ -9,7 +9,7 @@

 <link href="style/admin.css?assets_version={T_ASSETS_VERSION}" rel="stylesheet" type="text/css" media="screen" />

-<script type="text/javascript">
+<script>
 // <![CDATA[
 var jump_page = '{LA_JUMP_PAGE}{L_COLON}';
 var on_page = '{CURRENT_PAGE}';
--- a/phpBB/assets/javascript/editor.js
+++ b/phpBB/assets/javascript/editor.js
@@ -17,17 +17,10 @@ var is_ie = ((clientPC.indexOf('msie') !== -1) && (clientPC.indexOf('opera') ===
 var is_win = ((clientPC.indexOf('win') !== -1) || (clientPC.indexOf('16bit') !== -1));
 var baseHeight;

-/**
-* Shows the help messages in the helpline window
-*/
-function helpline(help) {
-	document.forms[form_name].helpbox.value = help_line[help];
-}
-
 /**
 * Fix a bug involving the TextRange object. From
 * http://www.frostjedi.com/terra/scripts/demo/caretBug.html
-*/ 
+*/
 function initInsertions() {
 	var doc;

@@ -104,8 +97,8 @@ function bbfontstyle(bbopen, bbclose) {
 	}
 	// IE
 	else if (document.selection) {
-		var range = textarea.createTextRange(); 
-		range.move("character", new_pos); 
+		var range = textarea.createTextRange();
+		range.move("character", new_pos);
 		range.select();
 		storeCaret(textarea);
 	}
--- a/phpBB/assets/javascript/plupload.js
+++ b/phpBB/assets/javascript/plupload.js
@@ -21,7 +21,9 @@ phpbb.plupload.initialize = function() {
 	// Only execute if Plupload initialized successfully.
 	phpbb.plupload.uploader.bind('Init', function() {
 		phpbb.plupload.form = $(phpbb.plupload.config.form_hook)[0];
-		phpbb.plupload.rowTpl = $('#attach-row-tpl')[0].outerHTML;
+		let $attachRowTemplate = $('#attach-row-tpl');
+		$attachRowTemplate.removeClass('attach-row-tpl');
+		phpbb.plupload.rowTpl = $attachRowTemplate[0].outerHTML;

 		// Hide the basic upload panel and remove the attach row template.
 		$('#attach-row-tpl, #attach-panel-basic').remove();
@@ -88,6 +90,12 @@ phpbb.plupload.getSerializedData = function() {
 			obj['attachment_data[' + i + '][' + key + ']'] = datum[key];
 		}
 	}
+
+	// Insert form data
+	var $pluploadForm = $(phpbb.plupload.config.form_hook).first();
+	obj.creation_time = $pluploadForm.find('input[type=hidden][name="creation_time"]').val();
+	obj.form_token = $pluploadForm.find('input[type=hidden][name="form_token"]').val();
+
 	return obj;
 };

@@ -262,6 +270,17 @@ phpbb.plupload.deleteFile = function(row, attachId) {

 			return;
 		}
+
+		// Handle errors while deleting file
+		if (typeof response.error !== 'undefined') {
+			phpbb.alert(phpbb.plupload.lang.ERROR, response.error.message);
+
+			// We will have to assume that the deletion failed. So leave the file status as uploaded.
+			row.find('.file-status').toggleClass('file-uploaded');
+
+			return;
+		}
+
 		phpbb.plupload.update(response, 'removal', index);
 		// Check if the user can upload files now if he had reached the max files limit.
 		phpbb.plupload.handleMaxFilesReached();
@@ -444,6 +463,44 @@ phpbb.plupload.fileError = function(file, error) {
 phpbb.plupload.uploader = new plupload.Uploader(phpbb.plupload.config);
 phpbb.plupload.initialize();

+/**
+ * Add a file filter to check for max file sizes per mime type.
+ */
+plupload.addFileFilter('mime_types_max_file_size', function(types, file, callback) {
+	if (file.size !== 'undefined') {
+		$(types).each(function(i, type) {
+			let extensions = [],
+				extsArray = type.extensions.split(',');
+
+			$(extsArray).each(function(i, extension) {
+				/^\s*\*\s*$/.test(extension) ? extensions.push("\\.*") : extensions.push("\\." + extension.replace(new RegExp("[" + "/^$.*+?|()[]{}\\".replace(/./g, "\\$&") + "]", "g"), "\\$&"));
+			});
+
+			let regex = new RegExp("(" + extensions.join("|") + ")$", "i");
+
+			if (regex.test(file.name)) {
+				if (type.max_file_size !== 'undefined' && type.max_file_size) {
+					if (file.size > type.max_file_size) {
+						phpbb.plupload.uploader.trigger('Error', {
+							code: plupload.FILE_SIZE_ERROR,
+							message: plupload.translate('File size error.'),
+							file: file
+						});
+
+						callback(false);
+					} else {
+						callback(true);
+					}
+				} else {
+					callback(true);
+				}
+
+				return false;
+			}
+		});
+	}
+});
+
 var $fileList = $('#file-list');

 /**
--- a/phpBB/composer.json
+++ b/phpBB/composer.json
@@ -31,7 +31,7 @@
 		"guzzlehttp/guzzle": "~5.3",
 		"lusitanian/oauth": "^0.8.1",
 		"marc1706/fast-image-size": "^1.1",
-		"paragonie/random_compat": "^1.4",
+		"paragonie/random_compat": "^2.0",
 		"patchwork/utf8": "^1.1",
 		"s9e/text-formatter": "^1.3",
 		"symfony/config": "^2.8",
--- a/phpBB/composer.lock
+++ b/phpBB/composer.lock
@@ -4,7 +4,7 @@
        "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
        "This file is @generated automatically"
    ],
-    "content-hash": "6daa2f5f7a161377dee1835bd4d5b463",
+    "content-hash": "cd42964227d699a6923798e33eab3dd5",
    "packages": [
        {
            "name": "bantu/ini-get-wrapper",
@@ -83,16 +83,16 @@
        },
        {
            "name": "guzzlehttp/guzzle",
-            "version": "5.3.3",
+            "version": "5.3.4",
            "source": {
                "type": "git",
                "url": "https://github.com/guzzle/guzzle.git",
-                "reference": "93bbdb30d59be6cd9839495306c65f2907370eb9"
+                "reference": "b87eda7a7162f95574032da17e9323c9899cb6b2"
            },
            "dist": {
                "type": "zip",
-                "url": "https://api.github.com/repos/guzzle/guzzle/zipball/93bbdb30d59be6cd9839495306c65f2907370eb9",
-                "reference": "93bbdb30d59be6cd9839495306c65f2907370eb9",
+                "url": "https://api.github.com/repos/guzzle/guzzle/zipball/b87eda7a7162f95574032da17e9323c9899cb6b2",
+                "reference": "b87eda7a7162f95574032da17e9323c9899cb6b2",
                "shasum": ""
            },
            "require": {
@@ -132,7 +132,7 @@
                "rest",
                "web service"
            ],
-            "time": "2018-07-31T13:33:10+00:00"
+            "time": "2019-10-30T09:32:00+00:00"
        },
        {
            "name": "guzzlehttp/ringphp",
@@ -346,16 +346,16 @@
        },
        {
            "name": "marc1706/fast-image-size",
-            "version": "v1.1.4",
+            "version": "v1.1.6",
            "source": {
                "type": "git",
                "url": "https://github.com/marc1706/fast-image-size.git",
-                "reference": "c4ded0223a4e49ae45a2183a69f6afac5baf7250"
+                "reference": "3a3a2b036be20f43fa06ce00dfa754df503e6684"
            },
            "dist": {
                "type": "zip",
-                "url": "https://api.github.com/repos/marc1706/fast-image-size/zipball/c4ded0223a4e49ae45a2183a69f6afac5baf7250",
-                "reference": "c4ded0223a4e49ae45a2183a69f6afac5baf7250",
+                "url": "https://api.github.com/repos/marc1706/fast-image-size/zipball/3a3a2b036be20f43fa06ce00dfa754df503e6684",
+                "reference": "3a3a2b036be20f43fa06ce00dfa754df503e6684",
                "shasum": ""
            },
            "require": {
@@ -363,9 +363,14 @@
                "php": ">=5.3.0"
            },
            "require-dev": {
-                "phpunit/phpunit": "4.*"
+                "phpunit/phpunit": "^4.8"
            },
            "type": "library",
+            "extra": {
+                "branch-alias": {
+                    "dev-master": "1.1.x-dev"
+                }
+            },
            "autoload": {
                "psr-4": {
                    "FastImageSize\\": "lib",
@@ -394,7 +399,7 @@
                "php",
                "size"
            ],
-            "time": "2017-10-23T18:52:01+00:00"
+            "time": "2019-12-07T08:02:07+00:00"
        },
        {
            "name": "ocramius/proxy-manager",
@@ -461,16 +466,16 @@
        },
        {
            "name": "paragonie/random_compat",
-            "version": "v1.4.3",
+            "version": "v2.0.18",
            "source": {
                "type": "git",
                "url": "https://github.com/paragonie/random_compat.git",
-                "reference": "9b3899e3c3ddde89016f576edb8c489708ad64cd"
+                "reference": "0a58ef6e3146256cc3dc7cc393927bcc7d1b72db"
            },
            "dist": {
                "type": "zip",
-                "url": "https://api.github.com/repos/paragonie/random_compat/zipball/9b3899e3c3ddde89016f576edb8c489708ad64cd",
-                "reference": "9b3899e3c3ddde89016f576edb8c489708ad64cd",
+                "url": "https://api.github.com/repos/paragonie/random_compat/zipball/0a58ef6e3146256cc3dc7cc393927bcc7d1b72db",
+                "reference": "0a58ef6e3146256cc3dc7cc393927bcc7d1b72db",
                "shasum": ""
            },
            "require": {
@@ -502,29 +507,33 @@
            "description": "PHP 5.x polyfill for random_bytes() and random_int() from PHP 7",
            "keywords": [
                "csprng",
+                "polyfill",
                "pseudorandom",
                "random"
            ],
-            "time": "2017-03-13T16:22:52+00:00"
+            "time": "2019-01-03T20:59:08+00:00"
        },
        {
            "name": "patchwork/utf8",
-            "version": "v1.3.1",
+            "version": "v1.3.2",
            "source": {
                "type": "git",
                "url": "https://github.com/tchwork/utf8.git",
-                "reference": "30ec6451aec7d2536f0af8fe535f70c764f2c47a"
+                "reference": "d296e0026e7ce10b2a9fe594feca9628ef00e9e8"
            },
            "dist": {
                "type": "zip",
-                "url": "https://api.github.com/repos/tchwork/utf8/zipball/30ec6451aec7d2536f0af8fe535f70c764f2c47a",
-                "reference": "30ec6451aec7d2536f0af8fe535f70c764f2c47a",
+                "url": "https://api.github.com/repos/tchwork/utf8/zipball/d296e0026e7ce10b2a9fe594feca9628ef00e9e8",
+                "reference": "d296e0026e7ce10b2a9fe594feca9628ef00e9e8",
                "shasum": ""
            },
            "require": {
                "lib-pcre": ">=7.3",
                "php": ">=5.3.0"
            },
+            "require-dev": {
+                "symfony/phpunit-bridge": "^3.4|^4.4"
+            },
            "suggest": {
                "ext-iconv": "Use iconv for best performance",
                "ext-intl": "Use Intl for best performance",
@@ -564,20 +573,20 @@
                "utf-8",
                "utf8"
            ],
-            "time": "2016-05-18T13:57:10+00:00"
+            "time": "2019-12-03T14:44:12+00:00"
        },
        {
            "name": "psr/log",
-            "version": "1.1.0",
+            "version": "1.1.2",
            "source": {
                "type": "git",
                "url": "https://github.com/php-fig/log.git",
-                "reference": "6c001f1daafa3a3ac1d8ff69ee4db8e799a654dd"
+                "reference": "446d54b4cb6bf489fc9d75f55843658e6f25d801"
            },
            "dist": {
                "type": "zip",
-                "url": "https://api.github.com/repos/php-fig/log/zipball/6c001f1daafa3a3ac1d8ff69ee4db8e799a654dd",
-                "reference": "6c001f1daafa3a3ac1d8ff69ee4db8e799a654dd",
+                "url": "https://api.github.com/repos/php-fig/log/zipball/446d54b4cb6bf489fc9d75f55843658e6f25d801",
+                "reference": "446d54b4cb6bf489fc9d75f55843658e6f25d801",
                "shasum": ""
            },
            "require": {
@@ -586,7 +595,7 @@
            "type": "library",
            "extra": {
                "branch-alias": {
-                    "dev-master": "1.0.x-dev"
+                    "dev-master": "1.1.x-dev"
                }
            },
            "autoload": {
@@ -611,7 +620,7 @@
                "psr",
                "psr-3"
            ],
-            "time": "2018-11-20T15:27:04+00:00"
+            "time": "2019-11-01T11:05:21+00:00"
        },
        {
            "name": "react/promise",
@@ -661,16 +670,16 @@
        },
        {
            "name": "s9e/text-formatter",
-            "version": "1.4.2",
+            "version": "1.4.5",
            "source": {
                "type": "git",
                "url": "https://github.com/s9e/TextFormatter.git",
-                "reference": "dc7efff70b67b9cee00881ad3bef0a1da076b31e"
+                "reference": "6857c53658929b66dc0d92daece17f211c64ea61"
            },
            "dist": {
                "type": "zip",
-                "url": "https://api.github.com/repos/s9e/TextFormatter/zipball/dc7efff70b67b9cee00881ad3bef0a1da076b31e",
-                "reference": "dc7efff70b67b9cee00881ad3bef0a1da076b31e",
+                "url": "https://api.github.com/repos/s9e/TextFormatter/zipball/6857c53658929b66dc0d92daece17f211c64ea61",
+                "reference": "6857c53658929b66dc0d92daece17f211c64ea61",
                "shasum": ""
            },
            "require": {
@@ -682,6 +691,7 @@
            "require-dev": {
                "matthiasmullie/minify": "*",
                "php-coveralls/php-coveralls": "*",
+                "phpunit/phpunit": "<6",
                "s9e/regexp-builder": "1.*"
            },
            "suggest": {
@@ -722,11 +732,11 @@
                "parser",
                "shortcodes"
            ],
-            "time": "2019-03-27T14:19:41+00:00"
+            "time": "2019-06-04T15:47:55+00:00"
        },
        {
            "name": "symfony/config",
-            "version": "v2.8.49",
+            "version": "v2.8.52",
            "source": {
                "type": "git",
                "url": "https://github.com/symfony/config.git",
@@ -783,7 +793,7 @@
        },
        {
            "name": "symfony/console",
-            "version": "v2.8.49",
+            "version": "v2.8.52",
            "source": {
                "type": "git",
                "url": "https://github.com/symfony/console.git",
@@ -844,7 +854,7 @@
        },
        {
            "name": "symfony/debug",
-            "version": "v2.8.49",
+            "version": "v2.8.52",
            "source": {
                "type": "git",
                "url": "https://github.com/symfony/debug.git",
@@ -901,16 +911,16 @@
        },
        {
            "name": "symfony/dependency-injection",
-            "version": "v2.8.49",
+            "version": "v2.8.52",
            "source": {
                "type": "git",
                "url": "https://github.com/symfony/dependency-injection.git",
-                "reference": "a2f40df187f0053bc361bcea3b27ff2b85744d9f"
+                "reference": "c306198fee8f872a8f5f031e6e4f6f83086992d8"
            },
            "dist": {
                "type": "zip",
-                "url": "https://api.github.com/repos/symfony/dependency-injection/zipball/a2f40df187f0053bc361bcea3b27ff2b85744d9f",
-                "reference": "a2f40df187f0053bc361bcea3b27ff2b85744d9f",
+                "url": "https://api.github.com/repos/symfony/dependency-injection/zipball/c306198fee8f872a8f5f031e6e4f6f83086992d8",
+                "reference": "c306198fee8f872a8f5f031e6e4f6f83086992d8",
                "shasum": ""
            },
            "require": {
@@ -960,11 +970,11 @@
            ],
            "description": "Symfony DependencyInjection Component",
            "homepage": "https://symfony.com",
-            "time": "2018-11-11T11:18:13+00:00"
+            "time": "2019-04-16T11:33:46+00:00"
        },
        {
            "name": "symfony/event-dispatcher",
-            "version": "v2.8.49",
+            "version": "v2.8.52",
            "source": {
                "type": "git",
                "url": "https://github.com/symfony/event-dispatcher.git",
@@ -1024,7 +1034,7 @@
        },
        {
            "name": "symfony/filesystem",
-            "version": "v2.8.49",
+            "version": "v2.8.52",
            "source": {
                "type": "git",
                "url": "https://github.com/symfony/filesystem.git",
@@ -1074,7 +1084,7 @@
        },
        {
            "name": "symfony/finder",
-            "version": "v2.8.49",
+            "version": "v2.8.52",
            "source": {
                "type": "git",
                "url": "https://github.com/symfony/finder.git",
@@ -1123,16 +1133,16 @@
        },
        {
            "name": "symfony/http-foundation",
-            "version": "v2.8.49",
+            "version": "v2.8.52",
            "source": {
                "type": "git",
                "url": "https://github.com/symfony/http-foundation.git",
-                "reference": "d0ab719bedc9fc6748a95b2dcb04137292a27b92"
+                "reference": "3929d9fe8148d17819ad0178c748b8d339420709"
            },
            "dist": {
                "type": "zip",
-                "url": "https://api.github.com/repos/symfony/http-foundation/zipball/d0ab719bedc9fc6748a95b2dcb04137292a27b92",
-                "reference": "d0ab719bedc9fc6748a95b2dcb04137292a27b92",
+                "url": "https://api.github.com/repos/symfony/http-foundation/zipball/3929d9fe8148d17819ad0178c748b8d339420709",
+                "reference": "3929d9fe8148d17819ad0178c748b8d339420709",
                "shasum": ""
            },
            "require": {
@@ -1174,20 +1184,20 @@
            ],
            "description": "Symfony HttpFoundation Component",
            "homepage": "https://symfony.com",
-            "time": "2018-11-25T11:27:05+00:00"
+            "time": "2019-11-12T12:34:41+00:00"
        },
        {
            "name": "symfony/http-kernel",
-            "version": "v2.8.49",
+            "version": "v2.8.52",
            "source": {
                "type": "git",
                "url": "https://github.com/symfony/http-kernel.git",
-                "reference": "3df0207d4c973eb9c91b38a608aef4654dc256fa"
+                "reference": "c3be27b8627cd5ee8dfa8d1b923982f618ec521c"
            },
            "dist": {
                "type": "zip",
-                "url": "https://api.github.com/repos/symfony/http-kernel/zipball/3df0207d4c973eb9c91b38a608aef4654dc256fa",
-                "reference": "3df0207d4c973eb9c91b38a608aef4654dc256fa",
+                "url": "https://api.github.com/repos/symfony/http-kernel/zipball/c3be27b8627cd5ee8dfa8d1b923982f618ec521c",
+                "reference": "c3be27b8627cd5ee8dfa8d1b923982f618ec521c",
                "shasum": ""
            },
            "require": {
@@ -1196,7 +1206,8 @@
                "symfony/debug": "^2.6.2",
                "symfony/event-dispatcher": "^2.6.7|~3.0.0",
                "symfony/http-foundation": "~2.7.36|~2.8.29|~3.1.6",
-                "symfony/polyfill-ctype": "~1.8"
+                "symfony/polyfill-ctype": "~1.8",
+                "symfony/polyfill-php56": "~1.8"
            },
            "conflict": {
                "symfony/config": "<2.7",
@@ -1258,20 +1269,20 @@
            ],
            "description": "Symfony HttpKernel Component",
            "homepage": "https://symfony.com",
-            "time": "2018-12-06T14:45:07+00:00"
+            "time": "2019-11-13T08:36:16+00:00"
        },
        {
            "name": "symfony/polyfill-ctype",
-            "version": "v1.11.0",
+            "version": "v1.13.1",
            "source": {
                "type": "git",
                "url": "https://github.com/symfony/polyfill-ctype.git",
-                "reference": "82ebae02209c21113908c229e9883c419720738a"
+                "reference": "f8f0b461be3385e56d6de3dbb5a0df24c0c275e3"
            },
            "dist": {
                "type": "zip",
-                "url": "https://api.github.com/repos/symfony/polyfill-ctype/zipball/82ebae02209c21113908c229e9883c419720738a",
-                "reference": "82ebae02209c21113908c229e9883c419720738a",
+                "url": "https://api.github.com/repos/symfony/polyfill-ctype/zipball/f8f0b461be3385e56d6de3dbb5a0df24c0c275e3",
+                "reference": "f8f0b461be3385e56d6de3dbb5a0df24c0c275e3",
                "shasum": ""
            },
            "require": {
@@ -1283,7 +1294,7 @@
            "type": "library",
            "extra": {
                "branch-alias": {
-                    "dev-master": "1.11-dev"
+                    "dev-master": "1.13-dev"
                }
            },
            "autoload": {
@@ -1300,12 +1311,12 @@
            ],
            "authors": [
                {
-                    "name": "Symfony Community",
-                    "homepage": "https://symfony.com/contributors"
+                    "name": "Gert de Pagter",
+                    "email": "BackEndTea@gmail.com"
                },
                {
-                    "name": "Gert de Pagter",
-                    "email": "backendtea@gmail.com"
+                    "name": "Symfony Community",
+                    "homepage": "https://symfony.com/contributors"
                }
            ],
            "description": "Symfony polyfill for ctype functions",
@@ -1316,20 +1327,20 @@
                "polyfill",
                "portable"
            ],
-            "time": "2019-02-06T07:57:58+00:00"
+            "time": "2019-11-27T13:56:44+00:00"
        },
        {
            "name": "symfony/polyfill-mbstring",
-            "version": "v1.11.0",
+            "version": "v1.13.1",
            "source": {
                "type": "git",
                "url": "https://github.com/symfony/polyfill-mbstring.git",
-                "reference": "fe5e94c604826c35a32fa832f35bd036b6799609"
+                "reference": "7b4aab9743c30be783b73de055d24a39cf4b954f"
            },
            "dist": {
                "type": "zip",
-                "url": "https://api.github.com/repos/symfony/polyfill-mbstring/zipball/fe5e94c604826c35a32fa832f35bd036b6799609",
-                "reference": "fe5e94c604826c35a32fa832f35bd036b6799609",
+                "url": "https://api.github.com/repos/symfony/polyfill-mbstring/zipball/7b4aab9743c30be783b73de055d24a39cf4b954f",
+                "reference": "7b4aab9743c30be783b73de055d24a39cf4b954f",
                "shasum": ""
            },
            "require": {
@@ -1341,7 +1352,7 @@
            "type": "library",
            "extra": {
                "branch-alias": {
-                    "dev-master": "1.11-dev"
+                    "dev-master": "1.13-dev"
                }
            },
            "autoload": {
@@ -1375,20 +1386,20 @@
                "portable",
                "shim"
            ],
-            "time": "2019-02-06T07:57:58+00:00"
+            "time": "2019-11-27T14:18:11+00:00"
        },
        {
            "name": "symfony/polyfill-php54",
-            "version": "v1.11.0",
+            "version": "v1.13.1",
            "source": {
                "type": "git",
                "url": "https://github.com/symfony/polyfill-php54.git",
-                "reference": "2964b17ddc32dba7bcba009d5501c84d3fba1452"
+                "reference": "dd1618047426412036e98d159940d58a81fc392c"
            },
            "dist": {
                "type": "zip",
-                "url": "https://api.github.com/repos/symfony/polyfill-php54/zipball/2964b17ddc32dba7bcba009d5501c84d3fba1452",
-                "reference": "2964b17ddc32dba7bcba009d5501c84d3fba1452",
+                "url": "https://api.github.com/repos/symfony/polyfill-php54/zipball/dd1618047426412036e98d159940d58a81fc392c",
+                "reference": "dd1618047426412036e98d159940d58a81fc392c",
                "shasum": ""
            },
            "require": {
@@ -1397,7 +1408,7 @@
            "type": "library",
            "extra": {
                "branch-alias": {
-                    "dev-master": "1.11-dev"
+                    "dev-master": "1.13-dev"
                }
            },
            "autoload": {
@@ -1433,20 +1444,20 @@
                "portable",
                "shim"
            ],
-            "time": "2019-02-06T07:57:58+00:00"
+            "time": "2019-11-27T13:56:44+00:00"
        },
        {
            "name": "symfony/polyfill-php55",
-            "version": "v1.11.0",
+            "version": "v1.13.1",
            "source": {
                "type": "git",
                "url": "https://github.com/symfony/polyfill-php55.git",
-                "reference": "96fa25cef405ea452919559a0025d5dc16e30e4c"
+                "reference": "b0d838f225725e2951af1aafc784d2e5ea7b656e"
            },
            "dist": {
                "type": "zip",
-                "url": "https://api.github.com/repos/symfony/polyfill-php55/zipball/96fa25cef405ea452919559a0025d5dc16e30e4c",
-                "reference": "96fa25cef405ea452919559a0025d5dc16e30e4c",
+                "url": "https://api.github.com/repos/symfony/polyfill-php55/zipball/b0d838f225725e2951af1aafc784d2e5ea7b656e",
+                "reference": "b0d838f225725e2951af1aafc784d2e5ea7b656e",
                "shasum": ""
            },
            "require": {
@@ -1456,7 +1467,7 @@
            "type": "library",
            "extra": {
                "branch-alias": {
-                    "dev-master": "1.11-dev"
+                    "dev-master": "1.13-dev"
                }
            },
            "autoload": {
@@ -1489,20 +1500,128 @@
                "portable",
                "shim"
            ],
-            "time": "2019-02-06T07:57:58+00:00"
+            "time": "2019-11-27T13:56:44+00:00"
        },
        {
-            "name": "symfony/proxy-manager-bridge",
-            "version": "v2.8.49",
+            "name": "symfony/polyfill-php56",
+            "version": "v1.13.1",
            "source": {
                "type": "git",
-                "url": "https://github.com/symfony/proxy-manager-bridge.git",
-                "reference": "9c5f8d58e9c8017affdbeaec86c89d558aee4ec8"
+                "url": "https://github.com/symfony/polyfill-php56.git",
+                "reference": "53dd1cdf3cb986893ccf2b96665b25b3abb384f4"
            },
            "dist": {
                "type": "zip",
-                "url": "https://api.github.com/repos/symfony/proxy-manager-bridge/zipball/9c5f8d58e9c8017affdbeaec86c89d558aee4ec8",
-                "reference": "9c5f8d58e9c8017affdbeaec86c89d558aee4ec8",
+                "url": "https://api.github.com/repos/symfony/polyfill-php56/zipball/53dd1cdf3cb986893ccf2b96665b25b3abb384f4",
+                "reference": "53dd1cdf3cb986893ccf2b96665b25b3abb384f4",
+                "shasum": ""
+            },
+            "require": {
+                "php": ">=5.3.3",
+                "symfony/polyfill-util": "~1.0"
+            },
+            "type": "library",
+            "extra": {
+                "branch-alias": {
+                    "dev-master": "1.13-dev"
+                }
+            },
+            "autoload": {
+                "psr-4": {
+                    "Symfony\\Polyfill\\Php56\\": ""
+                },
+                "files": [
+                    "bootstrap.php"
+                ]
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "MIT"
+            ],
+            "authors": [
+                {
+                    "name": "Nicolas Grekas",
+                    "email": "p@tchwork.com"
+                },
+                {
+                    "name": "Symfony Community",
+                    "homepage": "https://symfony.com/contributors"
+                }
+            ],
+            "description": "Symfony polyfill backporting some PHP 5.6+ features to lower PHP versions",
+            "homepage": "https://symfony.com",
+            "keywords": [
+                "compatibility",
+                "polyfill",
+                "portable",
+                "shim"
+            ],
+            "time": "2019-11-27T13:56:44+00:00"
+        },
+        {
+            "name": "symfony/polyfill-util",
+            "version": "v1.13.1",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/symfony/polyfill-util.git",
+                "reference": "964a67f293b66b95883a5ed918a65354fcd2258f"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/symfony/polyfill-util/zipball/964a67f293b66b95883a5ed918a65354fcd2258f",
+                "reference": "964a67f293b66b95883a5ed918a65354fcd2258f",
+                "shasum": ""
+            },
+            "require": {
+                "php": ">=5.3.3"
+            },
+            "type": "library",
+            "extra": {
+                "branch-alias": {
+                    "dev-master": "1.13-dev"
+                }
+            },
+            "autoload": {
+                "psr-4": {
+                    "Symfony\\Polyfill\\Util\\": ""
+                }
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "MIT"
+            ],
+            "authors": [
+                {
+                    "name": "Nicolas Grekas",
+                    "email": "p@tchwork.com"
+                },
+                {
+                    "name": "Symfony Community",
+                    "homepage": "https://symfony.com/contributors"
+                }
+            ],
+            "description": "Symfony utilities for portability of PHP codes",
+            "homepage": "https://symfony.com",
+            "keywords": [
+                "compat",
+                "compatibility",
+                "polyfill",
+                "shim"
+            ],
+            "time": "2019-11-27T13:56:44+00:00"
+        },
+        {
+            "name": "symfony/proxy-manager-bridge",
+            "version": "v2.8.52",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/symfony/proxy-manager-bridge.git",
+                "reference": "40802595fea26ada845ed58124d8000a13dd4c6f"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/symfony/proxy-manager-bridge/zipball/40802595fea26ada845ed58124d8000a13dd4c6f",
+                "reference": "40802595fea26ada845ed58124d8000a13dd4c6f",
                "shasum": ""
            },
            "require": {
@@ -1543,11 +1662,11 @@
            ],
            "description": "Symfony ProxyManager Bridge",
            "homepage": "https://symfony.com",
-            "time": "2018-11-11T11:18:13+00:00"
+            "time": "2019-04-16T11:33:46+00:00"
        },
        {
            "name": "symfony/routing",
-            "version": "v2.8.49",
+            "version": "v2.8.52",
            "source": {
                "type": "git",
                "url": "https://github.com/symfony/routing.git",
@@ -1621,7 +1740,7 @@
        },
        {
            "name": "symfony/twig-bridge",
-            "version": "v2.8.49",
+            "version": "v2.8.52",
            "source": {
                "type": "git",
                "url": "https://github.com/symfony/twig-bridge.git",
@@ -1706,7 +1825,7 @@
        },
        {
            "name": "symfony/yaml",
-            "version": "v2.8.49",
+            "version": "v2.8.52",
            "source": {
                "type": "git",
                "url": "https://github.com/symfony/yaml.git",
@@ -1756,16 +1875,16 @@
        },
        {
            "name": "twig/twig",
-            "version": "v1.39.1",
+            "version": "v1.42.2",
            "source": {
                "type": "git",
                "url": "https://github.com/twigphp/Twig.git",
-                "reference": "23e7b6f0cfa1d7ba3de69f30d8e05cf957412fec"
+                "reference": "21707d6ebd05476854805e4f91b836531941bcd4"
            },
            "dist": {
                "type": "zip",
-                "url": "https://api.github.com/repos/twigphp/Twig/zipball/23e7b6f0cfa1d7ba3de69f30d8e05cf957412fec",
-                "reference": "23e7b6f0cfa1d7ba3de69f30d8e05cf957412fec",
+                "url": "https://api.github.com/repos/twigphp/Twig/zipball/21707d6ebd05476854805e4f91b836531941bcd4",
+                "reference": "21707d6ebd05476854805e4f91b836531941bcd4",
                "shasum": ""
            },
            "require": {
@@ -1775,12 +1894,12 @@
            "require-dev": {
                "psr/container": "^1.0",
                "symfony/debug": "^2.7",
-                "symfony/phpunit-bridge": "^3.4.19|^4.1.8"
+                "symfony/phpunit-bridge": "^3.4.19|^4.1.8|^5.0"
            },
            "type": "library",
            "extra": {
                "branch-alias": {
-                    "dev-master": "1.39-dev"
+                    "dev-master": "1.42-dev"
                }
            },
            "autoload": {
@@ -1818,7 +1937,7 @@
            "keywords": [
                "templating"
            ],
-            "time": "2019-04-16T17:12:57+00:00"
+            "time": "2019-06-18T15:35:16+00:00"
        },
        {
            "name": "zendframework/zend-code",
@@ -2168,21 +2287,24 @@
        },
        {
            "name": "michelf/php-markdown",
-            "version": "1.8.0",
+            "version": "1.9.0",
            "source": {
                "type": "git",
                "url": "https://github.com/michelf/php-markdown.git",
-                "reference": "01ab082b355bf188d907b9929cd99b2923053495"
+                "reference": "c83178d49e372ca967d1a8c77ae4e051b3a3c75c"
            },
            "dist": {
                "type": "zip",
-                "url": "https://api.github.com/repos/michelf/php-markdown/zipball/01ab082b355bf188d907b9929cd99b2923053495",
-                "reference": "01ab082b355bf188d907b9929cd99b2923053495",
+                "url": "https://api.github.com/repos/michelf/php-markdown/zipball/c83178d49e372ca967d1a8c77ae4e051b3a3c75c",
+                "reference": "c83178d49e372ca967d1a8c77ae4e051b3a3c75c",
                "shasum": ""
            },
            "require": {
                "php": ">=5.3.0"
            },
+            "require-dev": {
+                "phpunit/phpunit": ">=4.3 <5.8"
+            },
            "type": "library",
            "autoload": {
                "psr-4": {
@@ -2210,7 +2332,7 @@
            "keywords": [
                "markdown"
            ],
-            "time": "2018-01-15T00:49:33+00:00"
+            "time": "2019-12-02T02:32:27+00:00"
        },
        {
            "name": "nikic/php-parser",
@@ -2293,7 +2415,8 @@
            "authors": [
                {
                    "name": "Michiel Rook",
-                    "email": "mrook@php.net"
+                    "email": "mrook@php.net",
+                    "role": "Lead"
                },
                {
                    "name": "Phing Community",
@@ -2360,38 +2483,38 @@
        },
        {
            "name": "phpspec/prophecy",
-            "version": "1.8.0",
+            "version": "1.10.1",
            "source": {
                "type": "git",
                "url": "https://github.com/phpspec/prophecy.git",
-                "reference": "4ba436b55987b4bf311cb7c6ba82aa528aac0a06"
+                "reference": "cbe1df668b3fe136bcc909126a0f529a78d4cbbc"
            },
            "dist": {
                "type": "zip",
-                "url": "https://api.github.com/repos/phpspec/prophecy/zipball/4ba436b55987b4bf311cb7c6ba82aa528aac0a06",
-                "reference": "4ba436b55987b4bf311cb7c6ba82aa528aac0a06",
+                "url": "https://api.github.com/repos/phpspec/prophecy/zipball/cbe1df668b3fe136bcc909126a0f529a78d4cbbc",
+                "reference": "cbe1df668b3fe136bcc909126a0f529a78d4cbbc",
                "shasum": ""
            },
            "require": {
                "doctrine/instantiator": "^1.0.2",
                "php": "^5.3|^7.0",
-                "phpdocumentor/reflection-docblock": "^2.0|^3.0.2|^4.0",
-                "sebastian/comparator": "^1.1|^2.0|^3.0",
+                "phpdocumentor/reflection-docblock": "^2.0|^3.0.2|^4.0|^5.0",
+                "sebastian/comparator": "^1.2.3|^2.0|^3.0",
                "sebastian/recursion-context": "^1.0|^2.0|^3.0"
            },
            "require-dev": {
-                "phpspec/phpspec": "^2.5|^3.2",
+                "phpspec/phpspec": "^2.5 || ^3.2",
                "phpunit/phpunit": "^4.8.35 || ^5.7 || ^6.5 || ^7.1"
            },
            "type": "library",
            "extra": {
                "branch-alias": {
-                    "dev-master": "1.8.x-dev"
+                    "dev-master": "1.10.x-dev"
                }
            },
            "autoload": {
-                "psr-0": {
-                    "Prophecy\\": "src/"
+                "psr-4": {
+                    "Prophecy\\": "src/Prophecy"
                }
            },
            "notification-url": "https://packagist.org/downloads/",
@@ -2419,7 +2542,7 @@
                "spy",
                "stub"
            ],
-            "time": "2018-08-05T17:53:17+00:00"
+            "time": "2019-12-22T21:05:45+00:00"
        },
        {
            "name": "phpunit/dbunit",
@@ -3414,7 +3537,7 @@
        },
        {
            "name": "symfony/browser-kit",
-            "version": "v2.8.49",
+            "version": "v2.8.52",
            "source": {
                "type": "git",
                "url": "https://github.com/symfony/browser-kit.git",
@@ -3471,7 +3594,7 @@
        },
        {
            "name": "symfony/css-selector",
-            "version": "v2.8.49",
+            "version": "v2.8.52",
            "source": {
                "type": "git",
                "url": "https://github.com/symfony/css-selector.git",
@@ -3505,14 +3628,14 @@
                "MIT"
            ],
            "authors": [
-                {
-                    "name": "Jean-François Simon",
-                    "email": "jeanfrancois.simon@sensiolabs.com"
-                },
                {
                    "name": "Fabien Potencier",
                    "email": "fabien@symfony.com"
                },
+                {
+                    "name": "Jean-François Simon",
+                    "email": "jeanfrancois.simon@sensiolabs.com"
+                },
                {
                    "name": "Symfony Community",
                    "homepage": "https://symfony.com/contributors"
@@ -3524,7 +3647,7 @@
        },
        {
            "name": "symfony/dom-crawler",
-            "version": "v2.8.49",
+            "version": "v2.8.52",
            "source": {
                "type": "git",
                "url": "https://github.com/symfony/dom-crawler.git",
@@ -3581,7 +3704,7 @@
        },
        {
            "name": "symfony/process",
-            "version": "v2.8.49",
+            "version": "v2.8.52",
            "source": {
                "type": "git",
                "url": "https://github.com/symfony/process.git",
--- a/phpBB/config/default/container/services.yml
+++ b/phpBB/config/default/container/services.yml
@@ -122,7 +122,13 @@ services:
    group_helper:
        class: phpbb\group\helper
        arguments:
+            - '@auth'
+            - '@cache'
+            - '@config'
            - '@language'
+            - '@dispatcher'
+            - '@path_helper'
+            - '@user'

    log:
        class: phpbb\log\log
--- a/phpBB/develop/add_permissions.php
+++ b/phpBB/develop/add_permissions.php
@@ -156,6 +156,7 @@ $u_permissions = array(
 	'u_download'	=> array(0, 1),
 	'u_attach'		=> array(0, 1),
 	'u_sig'			=> array(0, 1),
+	'u_emoji'		=> array(0, 1),
 	'u_pm_attach'	=> array(0, 1),
 	'u_pm_bbcode'	=> array(0, 1),
 	'u_pm_smilies'	=> array(0, 1),
--- a/phpBB/docs/CHANGELOG.html
+++ b/phpBB/docs/CHANGELOG.html
@@ -50,6 +50,11 @@
 <ol>
 	<li><a href="#changelog">Changelog</a>
 	<ul>
+		<li><a href="#v329rc1">Changes since 3.2.9-RC1</a></li>
+		<li><a href="#v328">Changes since 3.2.8</a></li>
+		<li><a href="#v328rc1">Changes since 3.2.8-RC1</a></li>
+		<li><a href="#v327">Changes since 3.2.7</a></li>
+		<li><a href="#v326">Changes since 3.2.6</a></li>
 		<li><a href="#v326rc1">Changes since 3.2.6-RC1</a></li>
 		<li><a href="#v325">Changes since 3.2.5</a></li>
 		<li><a href="#v325rc1">Changes since 3.2.5-RC1</a></li>
@@ -137,6 +142,197 @@
 		<div class="inner">

 		<div class="content">
+			<a name="v329rc1"></a><h3>Changes since 3.2.9-RC1</h3>
+			<h4>Bug</h4>
+			<ul>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-15592">PHPBB3-15592</a>] - &quot;Place inline&quot; button appears when BBcode is disabled (Post settings)</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16269">PHPBB3-16269</a>] - Sphinx backend indexes HTML markup as keywords</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16282">PHPBB3-16282</a>] - Default jQuery CDN URL is outdated on new installs</li>
+			</ul>
+			<h4>Improvement</h4>
+			<ul>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16271">PHPBB3-16271</a>] - Add support for 3.3.x API documentation</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16279">PHPBB3-16279</a>] - Add permission for Emojii in topic title</li>
+			</ul>
+			<h4>Security</h4>
+			<ul>
+				<li>[SECURITY-249] - Group avatar overwrite on invalid submit</li>
+				<li>[SECURITY-250] - Group leader can be tricked into approving user</li>
+			</ul>
+			<h4>Hardening</h4>
+			<ul>
+				<li>[SECURITY-251] - Unwanted move of PMs to folders</li>
+				<li>[SECURITY-252] - PMs of unsuspecting users can be marked as important</li>
+				<li>[SECURITY-253] - PM export without proper validation</li>
+			</ul>
+
+			<a name="v328"></a><h3>Changes since 3.2.8</h3>
+			<h4>Bug</h4>
+			<ul>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14815">PHPBB3-14815</a>] - The facebook page link is not displayed properly in memberlist.php</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-15643">PHPBB3-15643</a>] - $phpbb_filesystem-&gt;resolve_path() may trigger open_basedir restriction</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-15902">PHPBB3-15902</a>] - Out of range error with Sphinx search</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16056">PHPBB3-16056</a>] - JPEG dimensions undetectable for some kind of jpeg files</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16076">PHPBB3-16076</a>] - Limit attachment size by extension group</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16141">PHPBB3-16141</a>] - plupload chunk_size calculation incorrect when one or more settings are 'unlimited'</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16150">PHPBB3-16150</a>] - Post title link urls not reliable when shared</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16156">PHPBB3-16156</a>] - Bots see both register and logout links in the navbar</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16157">PHPBB3-16157</a>] - Incorrect FORM_INVALID error message while sending email form</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16181">PHPBB3-16181</a>] - OAuth provider id needs to be quoted</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16184">PHPBB3-16184</a>] - Mark read button only works once</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16199">PHPBB3-16199</a>] - Guest posting CAPTCHA is being generated with no guest posting auth</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16209">PHPBB3-16209</a>] - Nginx example configuration file blocks an image in the ACP</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16210">PHPBB3-16210</a>] - Terms of use should not be skippable</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16211">PHPBB3-16211</a>] - COPPA should not be skippable</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16216">PHPBB3-16216</a>] - Disable xdebug in travis builds</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16217">PHPBB3-16217</a>] - Enable opcache in travis CI builds</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16228">PHPBB3-16228</a>] - BBCode definitions with an optional attribute and a non-TEXT content are not merged correctly</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16242">PHPBB3-16242</a>] - Redirect loop when install folder doesn't exist</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16252">PHPBB3-16252</a>] - Ignore non-BBCodes when looking for unauthorized markup</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16257">PHPBB3-16257</a>] - Typo in Email Settings section</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16258">PHPBB3-16258</a>] - Sample Sphinx configuration file causes delta index to only include the most recent post</li>
+			</ul>
+			<h4>Improvement</h4>
+			<ul>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16084">PHPBB3-16084</a>] - Pointless radio button for database backup in 3.2.7 </li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16139">PHPBB3-16139</a>] - Add core.viewtopic_modify_quick_reply_template_vars</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16140">PHPBB3-16140</a>] - Add new event to UCP Edit Profile Page</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16143">PHPBB3-16143</a>] - Add core events for move topics</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16144">PHPBB3-16144</a>] - NO_STYLE_DATA - Provide extra fallback to board's default style for $user.</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16146">PHPBB3-16146</a>] - Add core event for after move the forum</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16148">PHPBB3-16148</a>] - Add template events to acp_groups.html</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16151">PHPBB3-16151</a>] - Enable Emojis and rich text in forum name</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16153">PHPBB3-16153</a>] - Enable Emojis and rich text in topic title</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16159">PHPBB3-16159</a>] - Wrap post times in html time tag</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16174">PHPBB3-16174</a>] - Event for disabling cookie creation</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16182">PHPBB3-16182</a>] - Add core.generate_smilies_modify_rowset</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16183">PHPBB3-16183</a>] - Add core.generate_smilies_count_sql_before</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16203">PHPBB3-16203</a>] - Enable Emojis and rich text in sent Emails</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16247">PHPBB3-16247</a>] - Quote PM has no identifier</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16251">PHPBB3-16251</a>] - Shortened link text shouldn't override custom plugins</li>
+			</ul>
+			<h4>Task</h4>
+			<ul>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-15422">PHPBB3-15422</a>] - Remove the unnecessary helpline function and help_line variable</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16147">PHPBB3-16147</a>] - Updated tokens legend in BBCodes ACP</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16160">PHPBB3-16160</a>] - Add script for generating package json file</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16172">PHPBB3-16172</a>] - Add &quot;Rank:&quot; or &quot;Group rank:&quot; in the memberlist</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16224">PHPBB3-16224</a>] - Update composer dependencies</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16246">PHPBB3-16246</a>] - Prettify and update README Automated Testing section</li>
+			</ul>
+
+			<a name="v328rc1"></a><h3>Changes since 3.2.8-RC1</h3>
+			<h4>Bug</h4>
+			<ul>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-15467">PHPBB3-15467</a>] - Permission settings do not take affect when set using All YES/NO/NEVER</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16123">PHPBB3-16123</a>] - PHP error (Array to string conversion) on new user registration if email address is banned and &quot; Reason shown to the banned&quot; is empty</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16136">PHPBB3-16136</a>] - Missing word in 'AUTH_PROVIDER_OAUTH_ERROR_ALREADY_LINKED' </li>
+			</ul>
+			<h4>Improvement</h4>
+			<ul>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16134">PHPBB3-16134</a>] - Exclude group leaders on group member purge</li>
+			</ul>
+			<h4>Security Issue</h4>
+			<ul>
+				<li>[SECURITY-243] - CSS injection via BBCode tag</li>
+				<li>[SECURITY-244] - Missing form token check when handling attachments</li>
+				<li>[SECURITY-246] - Missing form token check when managing BBCodes</li>
+			</ul>
+			<h4>Hardening</h4>
+			<ul>
+				<li>[SECURITY-247] - Disable MySQLi local infile to prevent local file inclusion</li>
+			</ul>
+
+			<a name="v327"></a><h3>Changes since 3.2.7</h3>
+			<h4>Bug</h4>
+			<ul>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13175">PHPBB3-13175</a>] - External accounts can be linked to more than one local account</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14459">PHPBB3-14459</a>] - Check language input for group</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-15211">PHPBB3-15211</a>] - Emoji characters in forum name causing SQL errors</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-15885">PHPBB3-15885</a>] - Group rank not displaying on memberlist_body</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-15897">PHPBB3-15897</a>] - Unicode Characters in Attachment Comment Causes mySQL Error </li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-15932">PHPBB3-15932</a>] - Users can delete their attachments in the UCP, even if the post is locked</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-15961">PHPBB3-15961</a>] - SMTP support for TLS is forcing use of deprecated TLS 1.0</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-15974">PHPBB3-15974</a>] - The link &quot;Back to previous page&quot; can redirect to another page, not the previous one</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-15976">PHPBB3-15976</a>] - Changing account settings without changing password resets user_passchg</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-15982">PHPBB3-15982</a>] - Q&amp;A captcha plug-in still throws PHP 7.2.x countable warning</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16003">PHPBB3-16003</a>] - Post count not updated when deleting only post in topic</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16021">PHPBB3-16021</a>] - Recognize number of Template Event instances in events.md file</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16040">PHPBB3-16040</a>] - Topic Icon with space in filename isn't displayed by viewforum_body.html</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16048">PHPBB3-16048</a>] - Unable to restore any backup from ACP</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16050">PHPBB3-16050</a>] - PHP warning in MCP banning tab on PHP 7.2+</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16053">PHPBB3-16053</a>] - BBCodes using {TEXT} in HTML tags no longer work</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16054">PHPBB3-16054</a>] - Style templates no longer able to login &quot;from any page.&quot;</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16055">PHPBB3-16055</a>] - Unable to login using Oauth via Forums, topics or posts</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16061">PHPBB3-16061</a>] - Migrator never drops unique indexes</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16063">PHPBB3-16063</a>] - board_dst config value is not removed from config table after conversion</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16066">PHPBB3-16066</a>] - Banned or suspended user receives &quot;The submitted form was invalid. Try submitting again.&quot;</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16071">PHPBB3-16071</a>] - Undefined index for custom attachments groups</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16073">PHPBB3-16073</a>] - Fix warning in ACP version check</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16074">PHPBB3-16074</a>] - Twemoji -fe0f sequence not rendering</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16075">PHPBB3-16075</a>] - PM filter “sent to my default usergroup” triggers array to string conversion warning</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16080">PHPBB3-16080</a>] - Warnings When a Style exists on database but not on FTP</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16093">PHPBB3-16093</a>] - Attach row template always gets displayed with JS disabled</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16096">PHPBB3-16096</a>] - MySQL full text search always uses MyISAM limits</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16124">PHPBB3-16124</a>] - Incorrect users search by last visit time in memberlist.php</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16126">PHPBB3-16126</a>] - AppVeyor builds fail due to chocolatey being unable to install PHP</li>
+			</ul>
+			<h4>Improvement</h4>
+			<ul>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-15745">PHPBB3-15745</a>] - Hardcoded lang in credit line</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-15886">PHPBB3-15886</a>] - Group helper functions</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-15946">PHPBB3-15946</a>] - Add event - core.posting_modify_row_data</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-15967">PHPBB3-15967</a>] - Unambiguous wording in user activation request email to Admin/Moderator</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-15984">PHPBB3-15984</a>] - Use of 'Cache-Control: public' for serving files</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16000">PHPBB3-16000</a>] - Provide link to PHP Date Function in both ACP and UCP</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16013">PHPBB3-16013</a>] - Do not prevent username changes in ACP</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16019">PHPBB3-16019</a>] - Deny prosilver's uninstallation</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16024">PHPBB3-16024</a>] - Add core.topic_review_modify_sql_ary</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16025">PHPBB3-16025</a>] - Add 2 template events *_author_username_{append/prepend}</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16047">PHPBB3-16047</a>] - ACP Private Messages: Wording could be better</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16058">PHPBB3-16058</a>] - Remove sudo required from travis config</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16065">PHPBB3-16065</a>] - Undefined index: user_ip in oauth.php</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16068">PHPBB3-16068</a>] - Incorrect docblock parameter types</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16070">PHPBB3-16070</a>] - Remove support for WebSTAR and Xitami</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16078">PHPBB3-16078</a>] - Use chrome webdriver for UI tests</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16089">PHPBB3-16089</a>] - Add core.confirm_box_ajax_before</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16097">PHPBB3-16097</a>] - Add core.viewtopic_gen_sort_selects_before</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16102">PHPBB3-16102</a>] - Add core.posting_modify_post_subject</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16103">PHPBB3-16103</a>] - Add core.pm_modify_message_subject</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16106">PHPBB3-16106</a>] - Add core.mcp_main_before</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16107">PHPBB3-16107</a>] - Add mcp_move_destination_forum_before|after</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16108">PHPBB3-16108</a>] - Add topiclist_row_topic_by_author_before|after</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16109">PHPBB3-16109</a>] - Custom Profile Field visibility is incorrectly explained</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16111">PHPBB3-16111</a>] - Add core.message_history_modify_sql_ary</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16113">PHPBB3-16113</a>] - Add core.mcp_topic_modify_sql_ary</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16114">PHPBB3-16114</a>] - Add 2 mcp_topic_post_author_full_{append/prepend}</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16127">PHPBB3-16127</a>] - Add UI for Mass email $max_chunk_size</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16129">PHPBB3-16129</a>] - The attachment's ALT tag is supposed to describe the image, not the file.</li>
+			</ul>
+			<h4>Task</h4>
+			<ul>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16067">PHPBB3-16067</a>] - Define trusty build environment for travis builds</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16112">PHPBB3-16112</a>] - Update composer dependencies to latest</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16119">PHPBB3-16119</a>] - The text input for poll question has a too high maxlength attribute</li>
+			</ul>
+			<h4>Hardening</h4>
+			<ul>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16101">PHPBB3-16101</a>] - Add Referrer-Policy header</li>
+			</ul>
+
+			<a name="v326"></a><h3>Changes since 3.2.6</h3>
+			<h4>Bug</h4>
+			<ul>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16034">PHPBB3-16034</a>] - Links created with [url=] - are sometimes incorrectly shortened</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16036">PHPBB3-16036</a>] - Cannot login with 3.2.6</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16037">PHPBB3-16037</a>] - Private message ViewFolder Broken</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16039">PHPBB3-16039</a>] - Unable to change announcement to standard topic due to missing global</li>
+			</ul>
+			<h4>Improvement</h4>
+			<ul>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16042">PHPBB3-16042</a>] - Use S_LOGIN_REDIRECT to output login form token</li>
+			</ul>
+
 			<a name="v326rc1"></a><h3>Changes since 3.2.6-RC1</h3>
 			<h4>Bug</h4>
 			<ul>
--- a/phpBB/docs/CREDITS.txt
+++ b/phpBB/docs/CREDITS.txt
@@ -1,7 +1,7 @@
 /**
 *
-* phpBB © Copyright phpBB Limited 2003-2016
-* http://www.phpbb.com
+* phpBB © Copyright phpBB Limited 2003-2019
+* https://www.phpbb.com
 *
 * phpBB is free software. You can redistribute it and/or modify it
 * under the terms of the GNU General Public License, version 2 (GPL-2.0)
@@ -27,7 +27,6 @@ phpBB Developers:        bantu (Andreas Fischer)
                         Derky (Derk Ruitenbeek)
                         Elsensee (Oliver Schramm)
                         Hanakin (Michael Miday)
-                         MichaelC (Michael Cullum)
                         Nicofuma (Tristan Darricau)
                         rubencm (Rubén Calvo)

@@ -63,6 +62,7 @@ phpBB Developers:        A_Jelly_Doughnut (Josh Woody) [01/2010 - 11/2010]
                         igorw (Igor Wiedler)          [08/2010 - 02/2013]
                         imkingdavid (David King)      [11/2012 - 06/2014]
                         kellanved (Henry Sudhof)      [04/2007 - 03/2011]
+                         MichaelC (Michael Cullum)     [11/2017 - 09/2019]
                         nickvergessen (Joas Schilling)[04/2010 - 12/2015]
                         Oleg (Oleg Pudeyev)           [01/2011 - 05/2013]
                         prototech (Cesar Gallegos)    [01/2014 - 12/2016]
--- a/phpBB/docs/events.md
+++ b/phpBB/docs/events.md
@@ -172,6 +172,18 @@ acp_group_options_before
 * Since: 3.1.0-b4
 * Purpose: Add additional options to group settings (before GROUP_FOUNDER_MANAGE)

+acp_group_types_append
+===
+* Location: adm/style/acp_groups.html
+* Since: 3.2.9-RC1
+* Purpose: Add additional group type options to group settings (append the list)
+
+acp_group_types_prepend
+===
+* Location: adm/style/acp_groups.html
+* Since: 3.2.9-RC1
+* Purpose: Add additional group type options to group settings (prepend the list)
+
 acp_groups_find_username_append
 ===
 * Location: adm/style/acp_groups.html
@@ -988,6 +1000,20 @@ mcp_move_before
 * Since: 3.1.10-RC1
 * Purpose: Add content before move topic/post form

+mcp_move_destination_forum_after
+===
+* Locations:
+    + styles/prosilver/template/mcp_move.html
+* Since: 3.2.8-RC1
+* Purpose: Add content after the destination select element in the move topic/post form
+
+mcp_move_destination_forum_before
+===
+* Locations:
+    + styles/prosilver/template/mcp_move.html
+* Since: 3.2.8-RC1
+* Purpose: Add content before the destination select element in the move topic/post form
+
 mcp_post_additional_options
 ===
 * Locations:
@@ -1037,6 +1063,20 @@ mcp_topic_options_before
 * Since: 3.1.6-RC1
 * Purpose: Add some options (field, checkbox, ...) before the subject field when split a subject

+mcp_topic_post_author_full_append
+===
+* Locations:
+    + styles/prosilver/template/mcp_topic.html
+* Since: 3.2.8-RC1
+* Purpose: Append information to message author username for post details in topic moderation
+
+mcp_topic_post_author_full_prepend
+===
+* Locations:
+    + styles/prosilver/template/mcp_topic.html
+* Since: 3.2.8-RC1
+* Purpose: Prepend information to message author username for post details in topic moderation
+
 mcp_topic_postrow_attachments_after
 ===
 * Locations:
@@ -1740,14 +1780,14 @@ posting_attach_body_file_list_after
 * Locations:
    + styles/prosilver/template/posting_attach_body.html
 * Since: 3.2.6-RC1
-* Purpose: Add content after attachments list 
+* Purpose: Add content after attachments list

 posting_attach_body_file_list_before
 ===
 * Locations:
    + styles/prosilver/template/posting_attach_body.html
 * Since: 3.2.6-RC1
-* Purpose: Add content before attachments list 
+* Purpose: Add content before attachments list

 posting_editor_add_panel_tab
 ===
@@ -1910,6 +1950,20 @@ posting_preview_poll_after
 * Since: 3.1.7-RC1
 * Purpose: Add content after the poll preview block

+posting_review_row_post_author_username_append
+===
+* Locations:
+    + styles/prosilver/template/posting_review.html
+* Since: 3.2.8-RC1
+* Purpose: Append information to post author username of member
+
+posting_review_row_post_author_username_prepend
+===
+* Locations:
+    + styles/prosilver/template/posting_review.html
+* Since: 3.2.8-RC1
+* Purpose: Prepend information to post author username of member
+
 posting_topic_review_row_content_after
 ===
 * Locations:
@@ -1917,6 +1971,20 @@ posting_topic_review_row_content_after
 * Since: 3.2.4-RC1
 * Purpose: Add content after the message content in topic review

+posting_topic_review_row_post_author_username_append
+===
+* Locations:
+    + styles/prosilver/template/posting_topic_review.html
+* Since: 3.2.8-RC1
+* Purpose: Append information to post author username of member
+
+posting_topic_review_row_post_author_username_prepend
+===
+* Locations:
+    + styles/prosilver/template/posting_topic_review.html
+* Since: 3.2.8-RC1
+* Purpose: Prepend information to post author username of member
+
 posting_topic_review_row_post_details_after
 ===
 * Locations:
@@ -2102,14 +2170,14 @@ search_results_header_before
 search_results_last_post_author_username_append
 ===
 * Locations:
-    + styles/prosilver/template/search_results.html
+    + styles/prosilver/template/search_results.html (2)
 * Since: 3.2.4-RC1
 * Purpose: Append information to last post author username of member

 search_results_last_post_author_username_prepend
 ===
 * Locations:
-    + styles/prosilver/template/search_results.html
+    + styles/prosilver/template/search_results.html (2)
 * Since: 3.2.4-RC1
 * Purpose: Prepend information to last post author username of member

@@ -2253,6 +2321,24 @@ topiclist_row_prepend
 * Changed: 3.1.6-RC1 Added event to mcp_forum.html
 * Purpose: Add content into topic rows (inside the elements containing topic titles)

+topiclist_row_topic_by_author_after
+===
+* Locations:
+    + styles/prosilver/template/search_results.html
+    + styles/prosilver/template/viewforum_body.html
+    + styles/prosilver/template/mcp_forum.html
+* Since: 3.2.8-RC1
+* Purpose: Add content into topic rows (after the "by topic author" row)
+
+topiclist_row_topic_by_author_before
+===
+* Locations:
+    + styles/prosilver/template/search_results.html
+    + styles/prosilver/template/viewforum_body.html
+    + styles/prosilver/template/mcp_forum.html
+* Since: 3.2.8-RC1
+* Purpose: Add content into topic rows (before the "by topic author" row)
+
 topiclist_row_topic_title_after
 ===
 * Locations:
@@ -2364,6 +2450,20 @@ ucp_pm_history_review_before
 * Since: 3.1.6-RC1
 * Purpose: Add content before the private messages history review.

+ucp_pm_history_row_message_author_username_append
+===
+* Locations:
+    + styles/prosilver/template/ucp_pm_history.html
+* Since: 3.2.8-RC1
+* Purpose: Append information to message author username of member
+
+ucp_pm_history_row_message_author_username_prepend
+===
+* Locations:
+    + styles/prosilver/template/ucp_pm_history.html
+* Since: 3.2.8-RC1
+* Purpose: Prepend information to message author username of member
+
 ucp_pm_viewmessage_avatar_after
 ===
 * Locations:
@@ -2546,6 +2646,13 @@ ucp_profile_profile_info_before
 * Since: 3.1.4-RC1
 * Purpose: Add options in profile page fieldset - before jabber field.

+ucp_profile_profile_info_birthday_label_append
+===
+* Locations:
+    + styles/prosilver/template/ucp_profile_profile_info.html
+* Since: 3.2.9-RC1
+* Purpose: Add more text to birthday label, such as required asterisk
+
 ucp_profile_register_details_after
 ===
 * Locations:
@@ -2612,14 +2719,14 @@ ucp_register_profile_fields_before
 viewforum_body_last_post_author_username_append
 ===
 * Locations:
-    + styles/prosilver/template/viewforum_body.html
+    + styles/prosilver/template/viewforum_body.html (2)
 * Since: 3.2.4-RC1
 * Purpose: Append information to last post author username of member

 viewforum_body_last_post_author_username_prepend
 ===
 * Locations:
-    + styles/prosilver/template/viewforum_body.html
+    + styles/prosilver/template/viewforum_body.html (2)
 * Since: 3.2.4-RC1
 * Purpose: Prepend information to last post author username of member

--- a/phpBB/docs/nginx.sample.conf
+++ b/phpBB/docs/nginx.sample.conf
@@ -70,7 +70,7 @@ http {
        }

        # Deny access to internal phpbb files.
-        location ~ /(config\.php|common\.php|cache|files|images/avatars/upload|includes|(?<!ext/)phpbb|store|vendor) {
+        location ~ /(config\.php|common\.php|cache|files|images/avatars/upload|includes|(?<!ext/)phpbb(?!\w+)|store|vendor) {
            deny all;
            # deny was ignored before 0.8.40 for connections over IPv6.
            # Use internal directive to prohibit access on older versions.
@@ -93,7 +93,7 @@ http {
        # Correctly pass scripts for installer
        location /install/ {
            # phpBB uses index.htm
-            try_files $uri $uri/ @rewrite_installapp;
+            try_files $uri $uri/ @rewrite_installapp =404;

            # Pass the php scripts to fastcgi server specified in upstream declaration.
            location ~ \.php(/|$) {
@@ -104,7 +104,7 @@ http {
                fastcgi_param PATH_INFO $fastcgi_path_info;
                fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
                fastcgi_param DOCUMENT_ROOT $realpath_root;
-                try_files $uri $uri/ /install/app.php$is_args$args;
+                try_files $uri $uri/ /install/app.php$is_args$args =404;
                fastcgi_pass php;
            }
        }
--- a/phpBB/docs/sphinx.sample.conf
+++ b/phpBB/docs/sphinx.sample.conf
@@ -41,7 +41,7 @@ source source_phpbb_{SPHINX_ID}_main
 }
 source source_phpbb_{SPHINX_ID}_delta : source_phpbb_{SPHINX_ID}_main
 {
-	sql_query_pre =
+	sql_query_pre = SET NAMES 'utf8'
 	sql_query_range =
 	sql_range_step =
 	sql_query = SELECT \
@@ -61,7 +61,7 @@ source source_phpbb_{SPHINX_ID}_delta : source_phpbb_{SPHINX_ID}_main
 						WHERE \
 							p.topic_id = t.topic_id \
 							AND p.post_id >= ( SELECT max_doc_id FROM phpbb_sphinx WHERE counter_id=1 )
-	sql_query_pre =
+	sql_query_post_index =
 }
 index index_phpbb_{SPHINX_ID}_main
 {
@@ -74,6 +74,7 @@ index index_phpbb_{SPHINX_ID}_main
 	charset_table = U+FF10..U+FF19->0..9, 0..9, U+FF41..U+FF5A->a..z, U+FF21..U+FF3A->a..z, A..Z->a..z, a..z, U+0149, U+017F, U+0138, U+00DF, U+00FF, U+00C0..U+00D6->U+00E0..U+00F6, U+00E0..U+00F6, U+00D8..U+00DE->U+00F8..U+00FE, U+00F8..U+00FE, U+0100->U+0101, U+0101, U+0102->U+0103, U+0103, U+0104->U+0105, U+0105, U+0106->U+0107, U+0107, U+0108->U+0109, U+0109, U+010A->U+010B, U+010B, U+010C->U+010D, U+010D, U+010E->U+010F, U+010F, U+0110->U+0111, U+0111, U+0112->U+0113, U+0113, U+0114->U+0115, U+0115, U+0116->U+0117, U+0117, U+0118->U+0119, U+0119, U+011A->U+011B, U+011B, U+011C->U+011D, U+011D, U+011E->U+011F, U+011F, U+0130->U+0131, U+0131, U+0132->U+0133, U+0133, U+0134->U+0135, U+0135, U+0136->U+0137, U+0137, U+0139->U+013A, U+013A, U+013B->U+013C, U+013C, U+013D->U+013E, U+013E, U+013F->U+0140, U+0140, U+0141->U+0142, U+0142, U+0143->U+0144, U+0144, U+0145->U+0146, U+0146, U+0147->U+0148, U+0148, U+014A->U+014B, U+014B, U+014C->U+014D, U+014D, U+014E->U+014F, U+014F, U+0150->U+0151, U+0151, U+0152->U+0153, U+0153, U+0154->U+0155, U+0155, U+0156->U+0157, U+0157, U+0158->U+0159, U+0159, U+015A->U+015B, U+015B, U+015C->U+015D, U+015D, U+015E->U+015F, U+015F, U+0160->U+0161, U+0161, U+0162->U+0163, U+0163, U+0164->U+0165, U+0165, U+0166->U+0167, U+0167, U+0168->U+0169, U+0169, U+016A->U+016B, U+016B, U+016C->U+016D, U+016D, U+016E->U+016F, U+016F, U+0170->U+0171, U+0171, U+0172->U+0173, U+0173, U+0174->U+0175, U+0175, U+0176->U+0177, U+0177, U+0178->U+00FF, U+00FF, U+0179->U+017A, U+017A, U+017B->U+017C, U+017C, U+017D->U+017E, U+017E, U+0410..U+042F->U+0430..U+044F, U+0430..U+044F, U+4E00..U+9FFF
 	min_prefix_len = 0
 	min_infix_len = 0
+	html_strip = 1
 }
 index index_phpbb_{SPHINX_ID}_delta : index_phpbb_{SPHINX_ID}_main
 {
--- a/phpBB/includes/acp/acp_attachments.php
+++ b/phpBB/includes/acp/acp_attachments.php
@@ -27,6 +27,9 @@ class acp_attachments
 	/** @var \phpbb\config\config */
 	protected $config;

+	/** @var \phpbb\language\language */
+	protected $language;
+
 	/** @var ContainerBuilder */
 	protected $phpbb_container;

@@ -54,6 +57,7 @@ class acp_attachments
 		$this->id = $id;
 		$this->db = $db;
 		$this->config = $config;
+		$this->language = $phpbb_container->get('language');
 		$this->template = $template;
 		$this->user = $user;
 		$this->phpbb_container = $phpbb_container;
@@ -128,7 +132,7 @@ class acp_attachments
 				$s_assigned_groups = array();
 				while ($row = $db->sql_fetchrow($result))
 				{
-					$row['group_name'] = (isset($user->lang['EXT_GROUP_' . $row['group_name']])) ? $user->lang['EXT_GROUP_' . $row['group_name']] : $row['group_name'];
+					$row['group_name'] = $this->language->is_set('EXT_GROUP_' . utf8_strtoupper($row['group_name'])) ? $this->language->lang('EXT_GROUP_' . utf8_strtoupper($row['group_name'])) : $row['group_name'];
 					$s_assigned_groups[$row['cat_id']][] = $row['group_name'];
 				}
 				$db->sql_freeresult($result);
@@ -573,7 +577,7 @@ class acp_attachments
 							$group_id = $db->sql_nextid();
 						}

-						$group_name = (isset($user->lang['EXT_GROUP_' . $group_name])) ? $user->lang['EXT_GROUP_' . $group_name] : $group_name;
+						$group_name = $this->language->is_set('EXT_GROUP_' . utf8_strtoupper($group_name)) ? $this->language->lang('EXT_GROUP_' . utf8_strtoupper($group_name)) : $group_name;
 						$phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_ATTACH_EXTGROUP_' . strtoupper($action), false, array($group_name));
 					}

@@ -875,7 +879,7 @@ class acp_attachments
 						'U_EDIT'		=> $this->u_action . "&amp;action=edit&amp;g={$row['group_id']}",
 						'U_DELETE'		=> $this->u_action . "&amp;action=delete&amp;g={$row['group_id']}",

-						'GROUP_NAME'	=> (isset($user->lang['EXT_GROUP_' . $row['group_name']])) ? $user->lang['EXT_GROUP_' . $row['group_name']] : $row['group_name'],
+						'GROUP_NAME'	=> $this->language->is_set('EXT_GROUP_' . utf8_strtoupper($row['group_name'])) ? $this->language->lang('EXT_GROUP_' . utf8_strtoupper($row['group_name'])) : $row['group_name'],
 						'CATEGORY'		=> $cat_lang[$row['cat_id']],
 						)
 					);
@@ -1244,15 +1248,11 @@ class acp_attachments
 						'ATTACHMENT_POSTER'	=> get_username_string('full', (int) $row['poster_id'], (string) $row['username'], (string) $row['user_colour'], (string) $row['username']),
 						'FILESIZE'			=> get_formatted_filesize((int) $row['filesize']),
 						'FILETIME'			=> $user->format_date((int) $row['filetime']),
-						'REAL_FILENAME'		=> (!$row['in_message']) ? utf8_basename((string) $row['real_filename']) : '',
-						'PHYSICAL_FILENAME'	=> utf8_basename((string) $row['physical_filename']),
-						'EXT_GROUP_NAME'	=> (!empty($extensions[$row['extension']]['group_name'])) ? $user->lang['EXT_GROUP_' . $extensions[$row['extension']]['group_name']] : '',
+						'REAL_FILENAME'		=> utf8_basename((string) $row['real_filename']),
+						'EXT_GROUP_NAME'	=> $this->language->is_set('EXT_GROUP_' . utf8_strtoupper($extensions[$row['extension']]['group_name'])) ?  $this->language->lang('EXT_GROUP_' . utf8_strtoupper($extensions[$row['extension']]['group_name'])) : $extensions[$row['extension']]['group_name'],
 						'COMMENT'			=> $comment,
 						'TOPIC_TITLE'		=> (!$row['in_message']) ? (string) $row['topic_title'] : '',
 						'ATTACH_ID'			=> (int) $row['attach_id'],
-						'POST_ID'			=> (int) $row['post_msg_id'],
-						'TOPIC_ID'			=> (int) $row['topic_id'],
-						'POST_IDS'			=> (!empty($post_ids[$row['attach_id']])) ? (int) $post_ids[$row['attach_id']] : '',

 						'L_DOWNLOAD_COUNT'	=> $user->lang($l_downloaded_viewed, (int) $row['download_count']),

@@ -1434,7 +1434,7 @@ class acp_attachments
 		$group_name = array();
 		while ($row = $db->sql_fetchrow($result))
 		{
-			$row['group_name'] = (isset($user->lang['EXT_GROUP_' . $row['group_name']])) ? $user->lang['EXT_GROUP_' . $row['group_name']] : $row['group_name'];
+			$row['group_name'] = $this->language->is_set('EXT_GROUP_' . utf8_strtoupper($row['group_name'])) ? $this->language->lang('EXT_GROUP_' . utf8_strtoupper($row['group_name'])) : $row['group_name'];
 			$group_name[] = $row;
 		}
 		$db->sql_freeresult($result);
--- a/phpBB/includes/acp/acp_bbcodes.php
+++ b/phpBB/includes/acp/acp_bbcodes.php
@@ -33,7 +33,6 @@ class acp_bbcodes
 		// Set up general vars
 		$action	= $request->variable('action', '');
 		$bbcode_id = $request->variable('bbcode', 0);
-		$submit = $request->is_set_post('submit');

 		$this->tpl_name = 'acp_bbcodes';
 		$this->page_title = 'ACP_BBCODES';
@@ -41,11 +40,6 @@ class acp_bbcodes

 		add_form_key($form_key);

-		if ($submit && !check_form_key($form_key))
-		{
-			trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING);
-		}
-
 		// Set up mode-specific vars
 		switch ($action)
 		{
@@ -179,6 +173,12 @@ class acp_bbcodes
 				extract($phpbb_dispatcher->trigger_event('core.acp_bbcodes_modify_create', compact($vars)));

 				$warn_text = preg_match('%<[^>]*\{text[\d]*\}[^>]*>%i', $bbcode_tpl);
+
+				if (!$warn_text && !check_form_key($form_key))
+				{
+					trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING);
+				}
+
 				if (!$warn_text || confirm_box(true))
 				{
 					$data = $this->build_regexp($bbcode_match, $bbcode_tpl);
@@ -211,11 +211,6 @@ class acp_bbcodes
 						$test = $data['bbcode_tag'];
 					}

-					if (!preg_match('%\\[' . $test . '[^]]*].*?\\[/' . $test . ']%s', $bbcode_match))
-					{
-						trigger_error($user->lang['BBCODE_OPEN_ENDED_TAG'] . adm_back_link($this->u_action), E_USER_WARNING);
-					}
-
 					if (strlen($data['bbcode_tag']) > 16)
 					{
 						trigger_error($user->lang['BBCODE_TAG_TOO_LONG'] . adm_back_link($this->u_action), E_USER_WARNING);
--- a/phpBB/includes/acp/acp_board.php
+++ b/phpBB/includes/acp/acp_board.php
@@ -450,6 +450,7 @@ class acp_board
 						'email_enable'			=> array('lang' => 'ENABLE_EMAIL',			'validate' => 'bool',	'type' => 'radio:enabled_disabled', 'explain' => true),
 						'board_email_form'		=> array('lang' => 'BOARD_EMAIL_FORM',		'validate' => 'bool',	'type' => 'radio:enabled_disabled', 'explain' => true),
 						'email_package_size'	=> array('lang' => 'EMAIL_PACKAGE_SIZE',	'validate' => 'int:0',	'type' => 'number:0:99999', 'explain' => true),
+						'email_max_chunk_size'	=> array('lang' => 'EMAIL_MAX_CHUNK_SIZE',	'validate' => 'int:1:99999',	'type' => 'number:1:99999', 'explain' => true),
 						'board_contact'			=> array('lang' => 'CONTACT_EMAIL',			'validate' => 'email',	'type' => 'email:25:100', 'explain' => true),
 						'board_contact_name'	=> array('lang' => 'CONTACT_EMAIL_NAME',	'validate' => 'string',	'type' => 'text:25:50', 'explain' => true),
 						'board_email'			=> array('lang' => 'ADMIN_EMAIL',			'validate' => 'email',	'type' => 'email:25:100', 'explain' => true),
--- a/phpBB/includes/acp/acp_database.php
+++ b/phpBB/includes/acp/acp_database.php
@@ -58,7 +58,6 @@ class acp_database
 						$type	= $request->variable('type', '');
 						$table	= array_intersect($this->db_tools->sql_list_tables(), $request->variable('table', array('')));
 						$format	= $request->variable('method', '');
-						$where	= $request->variable('where', '');

 						if (!count($table))
 						{
@@ -70,12 +69,9 @@ class acp_database
 							trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING);
 						}

-						$store = $structure = $schema_data = false;
-
-						if ($where == 'store')
-						{
-							$store = true;
-						}
+						$store = true;
+						$structure = false;
+						$schema_data = false;

 						if ($type == 'full' || $type == 'structure')
 						{
@@ -216,7 +212,7 @@ class acp_database
 						}
 						else if (confirm_box(true))
 						{
-							switch ($backup_info['extensions'])
+							switch ($backup_info['extension'])
 							{
 								case 'sql':
 									$fp = fopen($backup_info['file_name'], 'rb');
--- a/phpBB/includes/acp/acp_forums.php
+++ b/phpBB/includes/acp/acp_forums.php
@@ -986,6 +986,23 @@ class acp_forums
 			$errors[] = $user->lang['FORUM_NAME_EMPTY'];
 		}

+		/**
+		 * Replace Emojis and other 4bit UTF-8 chars not allowed by MySql to UCR / NCR.
+		 * Using their Numeric Character Reference's Hexadecimal notation.
+		 */
+		$forum_data_ary['forum_name'] = utf8_encode_ucr($forum_data_ary['forum_name']);
+
+		/**
+		 * This should never happen again.
+		 * Leaving the fallback here just in case there will be the need of it.
+		 */
+		if (preg_match_all('/[\x{10000}-\x{10FFFF}]/u', $forum_data_ary['forum_name'], $matches))
+		{
+			$character_list = implode('<br>', $matches[0]);
+
+			$errors[] = $user->lang('FORUM_NAME_EMOJI', $character_list);
+		}
+
 		if (utf8_strlen($forum_data_ary['forum_desc']) > 4000)
 		{
 			$errors[] = $user->lang['FORUM_DESC_TOO_LONG'];
@@ -1416,8 +1433,8 @@ class acp_forums
 		* This event may be triggered, when a forum is deleted
 		*
 		* @event core.acp_manage_forums_move_children
-		* @var	int		from_id		If of the current parent forum
-		* @var	int		to_id		If of the new parent forum
+		* @var	int		from_id		Id of the current parent forum
+		* @var	int		to_id		Id of the new parent forum
 		* @var	array	errors		Array of errors, should be strings and not
 		*							language key.
 		* @since 3.1.0-a1
@@ -1522,8 +1539,8 @@ class acp_forums
 		* Event when we move content from one forum to another
 		*
 		* @event core.acp_manage_forums_move_content
-		* @var	int		from_id		If of the current parent forum
-		* @var	int		to_id		If of the new parent forum
+		* @var	int		from_id		Id of the current parent forum
+		* @var	int		to_id		Id of the new parent forum
 		* @var	bool	sync		Shall we sync the "to"-forum's data
 		* @var	array	errors		Array of errors, should be strings and not
 		*							language key. If this array is not empty,
@@ -1569,6 +1586,19 @@ class acp_forums
 			$db->sql_query($sql);
 		}

+		/**
+		 * Event when content has been moved from one forum to another
+		 *
+		 * @event core.acp_manage_forums_move_content_after
+		 * @var	int		from_id		Id of the current parent forum
+		 * @var	int		to_id		Id of the new parent forum
+		 * @var	bool	sync		Shall we sync the "to"-forum's data
+		 *
+		 * @since 3.2.9-RC1
+		 */
+		$vars = array('from_id', 'to_id', 'sync');
+		extract($phpbb_dispatcher->trigger_event('core.acp_manage_forums_move_content_after', compact($vars)));
+
 		if ($sync)
 		{
 			// Delete ghost topics that link back to the same forum then resync counters
--- a/phpBB/includes/acp/acp_prune.php
+++ b/phpBB/includes/acp/acp_prune.php
@@ -537,6 +537,7 @@ class acp_prune
 					AND ug.user_id <> ' . ANONYMOUS . '
 					AND u.user_type <> ' . USER_FOUNDER . '
 					AND ug.user_pending = 0
+					AND ug.group_leader = 0
 					AND u.user_id = ug.user_id
 					' . (!empty($user_ids) ? ' AND ' . $db->sql_in_set('ug.user_id', $user_ids) : '');
 			$result = $db->sql_query($sql);
--- a/phpBB/includes/acp/acp_styles.php
+++ b/phpBB/includes/acp/acp_styles.php
@@ -259,6 +259,19 @@ class acp_styles
 		// Get list of styles to uninstall
 		$ids = $this->request_vars('id', 0, true);

+		// Don't remove prosilver, you can still deactivate it.
+		$sql = 'SELECT style_id
+			FROM ' . STYLES_TABLE . "
+			WHERE style_name = '" . $this->db->sql_escape('prosilver') . "'";
+		$result = $this->db->sql_query($sql);
+		$prosilver_id = (int) $this->db->sql_fetchfield('style_id');
+		$this->db->sql_freeresult($result);
+
+		if ($prosilver_id && in_array($prosilver_id, $ids))
+		{
+			trigger_error($this->user->lang('UNINSTALL_PROSILVER') . adm_back_link($this->u_action), E_USER_WARNING);
+		}
+
 		// Check if confirmation box was submitted
 		if (confirm_box(true))
 		{
@@ -998,11 +1011,14 @@ class acp_styles
 				'L_ACTION'	=> $this->user->lang['EXPORT']
 			); */

-			// Uninstall
-			$actions[] = array(
-				'U_ACTION'	=> $this->u_action . '&amp;action=uninstall&amp;hash=' . generate_link_hash('uninstall') . '&amp;id=' . $style['style_id'],
-				'L_ACTION'	=> $this->user->lang['STYLE_UNINSTALL']
-			);
+			if ($style['style_name'] !== 'prosilver')
+			{
+				// Uninstall
+				$actions[] = array(
+					'U_ACTION'	=> $this->u_action . '&amp;action=uninstall&amp;hash=' . generate_link_hash('uninstall') . '&amp;id=' . $style['style_id'],
+					'L_ACTION'	=> $this->user->lang['STYLE_UNINSTALL']
+				);
+			}

 			// Preview
 			$actions[] = array(
@@ -1123,7 +1139,14 @@ class acp_styles
 	*/
 	protected function read_style_cfg($dir)
 	{
+		// This should never happen, we give them a red warning because of its relevance.
+		if (!file_exists($this->styles_path . $dir . '/style.cfg'))
+		{
+			trigger_error($this->user->lang('NO_STYLE_CFG', $dir), E_USER_WARNING);
+		}
+
 		static $required = array('name', 'phpbb_version', 'copyright');
+
 		$cfg = parse_cfg_file($this->styles_path . $dir . '/style.cfg');

 		// Check if it is a valid file
--- a/phpBB/includes/acp/acp_update.php
+++ b/phpBB/includes/acp/acp_update.php
@@ -59,17 +59,19 @@ class acp_update

 		$update_link = $phpbb_root_path . 'install/app.' . $phpEx;

-		$template->assign_vars(array(
-			'S_UP_TO_DATE'			=> empty($updates_available),
-			'U_ACTION'				=> $this->u_action,
-			'U_VERSIONCHECK_FORCE'	=> append_sid($this->u_action . '&amp;versioncheck_force=1'),
+		$template_ary = [
+			'S_UP_TO_DATE'				=> empty($updates_available),
+			'U_ACTION'					=> $this->u_action,
+			'U_VERSIONCHECK_FORCE'		=> append_sid($this->u_action . '&amp;versioncheck_force=1'),

-			'CURRENT_VERSION'		=> $config['version'],
+			'CURRENT_VERSION'			=> $config['version'],

-			'UPDATE_INSTRUCTIONS'	=> sprintf($user->lang['UPDATE_INSTRUCTIONS'], $update_link),
+			'UPDATE_INSTRUCTIONS'		=> $user->lang('UPDATE_INSTRUCTIONS', $update_link),
 			'S_VERSION_UPGRADEABLE'		=> !empty($upgrades_available),
 			'UPGRADE_INSTRUCTIONS'		=> !empty($upgrades_available) ? $user->lang('UPGRADE_INSTRUCTIONS', $upgrades_available['current'], $upgrades_available['announcement']) : false,
-		));
+		];
+
+		$template->assign_vars($template_ary);

 		// Incomplete update?
 		if (phpbb_version_compare($config['version'], PHPBB_VERSION, '<'))
--- a/phpBB/includes/acp/acp_users.php
+++ b/phpBB/includes/acp/acp_users.php
@@ -855,7 +855,7 @@ class acp_users
 						$check_ary += array(
 							'username'			=> array(
 								array('string', false, $config['min_name_chars'], $config['max_name_chars']),
-								array('username', $user_row['username'])
+								array('username', $user_row['username'], true)
 							),
 						);
 					}
--- a/phpBB/includes/constants.php
+++ b/phpBB/includes/constants.php
@@ -28,7 +28,7 @@ if (!defined('IN_PHPBB'))
 */

 // phpBB Version
-@define('PHPBB_VERSION', '3.2.6');
+@define('PHPBB_VERSION', '3.2.9');

 // QA-related
 // define('PHPBB_QA', 1);
--- a/phpBB/includes/functions.php
+++ b/phpBB/includes/functions.php
@@ -1843,27 +1843,6 @@ function redirect($url, $return = false, $disable_cd_check = false)
 		garbage_collection();
 	}

-	// Redirect via an HTML form for PITA webservers
-	if (@preg_match('#WebSTAR|Xitami#', getenv('SERVER_SOFTWARE')))
-	{
-		header('Refresh: 0; URL=' . $url);
-
-		echo '<!DOCTYPE html>';
-		echo '<html dir="' . $user->lang['DIRECTION'] . '" lang="' . $user->lang['USER_LANG'] . '">';
-		echo '<head>';
-		echo '<meta charset="utf-8">';
-		echo '<meta http-equiv="X-UA-Compatible" content="IE=edge">';
-		echo '<meta http-equiv="refresh" content="0; url=' . str_replace('&', '&amp;', $url) . '" />';
-		echo '<title>' . $user->lang['REDIRECT'] . '</title>';
-		echo '</head>';
-		echo '<body>';
-		echo '<div style="text-align: center;">' . sprintf($user->lang['URL_REDIRECT'], '<a href="' . str_replace('&', '&amp;', $url) . '">', '</a>') . '</div>';
-		echo '</body>';
-		echo '</html>';
-
-		exit;
-	}
-
 	// Behave as per HTTP/1.1 spec for others
 	header('Location: ' . $url);
 	exit;
@@ -2158,7 +2137,7 @@ function check_form_key($form_name, $timespan = false)
 function confirm_box($check, $title = '', $hidden = '', $html_body = 'confirm_body.html', $u_action = '')
 {
 	global $user, $template, $db, $request;
-	global $config, $language, $phpbb_path_helper;
+	global $config, $language, $phpbb_path_helper, $phpbb_dispatcher;

 	if (isset($_POST['cancel']))
 	{
@@ -2255,8 +2234,7 @@ function confirm_box($check, $title = '', $hidden = '', $html_body = 'confirm_bo
 	if ($request->is_ajax())
 	{
 		$u_action .= '&confirm_uid=' . $user->data['user_id'] . '&sess=' . $user->session_id . '&sid=' . $user->session_id;
-		$json_response = new \phpbb\json_response;
-		$json_response->send(array(
+		$data = array(
 			'MESSAGE_BODY'		=> $template->assign_display('body'),
 			'MESSAGE_TITLE'		=> $confirm_title,
 			'MESSAGE_TEXT'		=> $confirm_text,
@@ -2264,7 +2242,28 @@ function confirm_box($check, $title = '', $hidden = '', $html_body = 'confirm_bo
 			'YES_VALUE'			=> $language->lang('YES'),
 			'S_CONFIRM_ACTION'	=> str_replace('&amp;', '&', $u_action), //inefficient, rewrite whole function
 			'S_HIDDEN_FIELDS'	=> $hidden . $s_hidden_fields
-		));
+		);
+
+		/**
+		 * This event allows an extension to modify the ajax output of confirm box.
+		 *
+		 * @event core.confirm_box_ajax_before
+		 * @var string	u_action		Action of the form
+		 * @var array	data			Data to be sent
+		 * @var string	hidden			Hidden fields generated by caller
+		 * @var string	s_hidden_fields	Hidden fields generated by this function
+		 * @since 3.2.8-RC1
+		 */
+		$vars = array(
+			'u_action',
+			'data',
+			'hidden',
+			's_hidden_fields',
+		);
+		extract($phpbb_dispatcher->trigger_event('core.confirm_box_ajax_before', compact($vars)));
+
+		$json_response = new \phpbb\json_response;
+		$json_response->send($data);
 	}

 	if (defined('IN_ADMIN') && isset($user->data['session_admin']) && $user->data['session_admin'])
@@ -2365,7 +2364,7 @@ function login_box($redirect = '', $l_explain = '', $l_success = '', $admin = fa
 		}

 		// Check form key
-		if ($password && !check_form_key($form_name))
+		if ($password && !defined('IN_CHECK_BAN') && !check_form_key($form_name))
 		{
 			$result = array(
 				'status' => false,
@@ -2527,9 +2526,6 @@ function login_box($redirect = '', $l_explain = '', $l_success = '', $admin = fa
 		));
 	}

-	// Add form token for login box
-	add_form_key($form_name, '_LOGIN');
-
 	$s_hidden_fields = build_hidden_fields($s_hidden_fields);

 	$login_box_template_data = array(
@@ -4129,9 +4125,9 @@ function phpbb_get_user_avatar($user_row, $alt = 'USER_AVATAR', $ignore_config =
 *
 * @return string Avatar html
 */
-function phpbb_get_group_avatar($user_row, $alt = 'GROUP_AVATAR', $ignore_config = false, $lazy = false)
+function phpbb_get_group_avatar($group_row, $alt = 'GROUP_AVATAR', $ignore_config = false, $lazy = false)
 {
-	$row = \phpbb\avatar\manager::clean_row($user_row, 'group');
+	$row = \phpbb\avatar\manager::clean_row($group_row, 'group');
 	return phpbb_get_avatar($row, $alt, $ignore_config, $lazy);
 }

@@ -4436,6 +4432,23 @@ function page_header($page_title = '', $display_online_list = false, $item_id =
 	$controller_helper = $phpbb_container->get('controller.helper');
 	$notification_mark_hash = generate_link_hash('mark_all_notifications_read');

+	$s_login_redirect = build_hidden_fields(array('redirect' => $phpbb_path_helper->remove_web_root_path(build_url())));
+
+	// Add form token for login box, in case page is presenting a login form.
+	add_form_key('login', '_LOGIN');
+
+	/**
+	 * Workaround for missing template variable in pre phpBB 3.2.6 styles.
+	 * @deprecated 3.2.7 (To be removed: 3.3.0-a1)
+	 */
+	$form_token_login = $template->retrieve_var('S_FORM_TOKEN_LOGIN');
+	if (!empty($form_token_login))
+	{
+		$s_login_redirect .= $form_token_login;
+		// Remove S_FORM_TOKEN_LOGIN as it's already appended to S_LOGIN_REDIRECT
+		$template->assign_var('S_FORM_TOKEN_LOGIN', '');
+	}
+
 	// The following assigns all _common_ variables that may be used at any point in a template.
 	$template->assign_vars(array(
 		'SITENAME'						=> $config['sitename'],
@@ -4525,7 +4538,7 @@ function page_header($page_title = '', $display_online_list = false, $item_id =
 		'S_TOPIC_ID'			=> $topic_id,

 		'S_LOGIN_ACTION'		=> ((!defined('ADMIN_START')) ? append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=login') : append_sid("{$phpbb_admin_path}index.$phpEx", false, true, $user->session_id)),
-		'S_LOGIN_REDIRECT'		=> build_hidden_fields(array('redirect' => $phpbb_path_helper->remove_web_root_path(build_url()))),
+		'S_LOGIN_REDIRECT'		=> $s_login_redirect,

 		'S_ENABLE_FEEDS'			=> ($config['feed_enable']) ? true : false,
 		'S_ENABLE_FEEDS_OVERALL'	=> ($config['feed_overall']) ? true : false,
@@ -4576,12 +4589,13 @@ function page_header($page_title = '', $display_online_list = false, $item_id =

 	if ($send_headers)
 	{
-		// An array of http headers that phpbb will set. The following event may override these.
+		// An array of http headers that phpBB will set. The following event may override these.
 		$http_headers += array(
 			// application/xhtml+xml not used because of IE
 			'Content-type' => 'text/html; charset=UTF-8',
 			'Cache-Control' => 'private, no-cache="set-cookie"',
 			'Expires' => gmdate('D, d M Y H:i:s', time()) . ' GMT',
+			'Referrer-Policy' => 'strict-origin-when-cross-origin',
 		);
 		if (!empty($user->data['is_bot']))
 		{
--- a/phpBB/includes/functions_acp.php
+++ b/phpBB/includes/functions_acp.php
@@ -112,12 +112,13 @@ function adm_page_header($page_title)
 		'CONTAINER_EXCEPTION'	=> $phpbb_container->hasParameter('container_exception') ? $phpbb_container->getParameter('container_exception') : false,
 	));

-	// An array of http headers that phpbb will set. The following event may override these.
+	// An array of http headers that phpBB will set. The following event may override these.
 	$http_headers = array(
 		// application/xhtml+xml not used because of IE
 		'Content-type' => 'text/html; charset=UTF-8',
 		'Cache-Control' => 'private, no-cache="set-cookie"',
 		'Expires' => gmdate('D, d M Y H:i:s', time()) . ' GMT',
+		'Referrer-Policy' => 'strict-origin-when-cross-origin',
 	);

 	/**
--- a/phpBB/includes/functions_admin.php
+++ b/phpBB/includes/functions_admin.php
@@ -543,6 +543,20 @@ function move_topics($topic_ids, $forum_id, $auto_sync = true)
 		$topic_ids = array($topic_ids);
 	}

+	/**
+	 * Perform additional actions before topics move
+	 *
+	 * @event core.move_topics_before
+	 * @var	array	topic_ids	Array of the moved topic ids
+	 * @var	string	forum_id	The forum id from where the topics are moved
+	 * @since 3.2.9-RC1
+	 */
+	$vars = array(
+		'topic_ids',
+		'forum_id',
+	);
+	extract($phpbb_dispatcher->trigger_event('core.move_topics_before', compact($vars)));
+
 	$sql = 'DELETE FROM ' . TOPICS_TABLE . '
 		WHERE ' . $db->sql_in_set('topic_moved_id', $topic_ids) . '
 			AND forum_id = ' . $forum_id;
@@ -593,6 +607,22 @@ function move_topics($topic_ids, $forum_id, $auto_sync = true)
 	}
 	unset($table_ary);

+	/**
+	 * Perform additional actions after topics move
+	 *
+	 * @event core.move_topics_after
+	 * @var	array	topic_ids	Array of the moved topic ids
+	 * @var	string	forum_id	The forum id from where the topics were moved
+	 * @var	array	forum_ids	Array of the forums where the topics were moved (includes also forum_id)
+	 * @since 3.2.9-RC1
+	 */
+	$vars = array(
+		'topic_ids',
+		'forum_id',
+		'forum_ids',
+	);
+	extract($phpbb_dispatcher->trigger_event('core.move_topics_after', compact($vars)));
+
 	if ($auto_sync)
 	{
 		sync('forum', 'forum_id', $forum_ids, true, true);
--- a/phpBB/includes/functions_content.php
+++ b/phpBB/includes/functions_content.php
@@ -1482,6 +1482,8 @@ function truncate_string($string, $max_length = 60, $max_store_length = 255, $al
 * Get username details for placing into templates.
 * This function caches all modes on first call, except for no_profile and anonymous user - determined by $user_id.
 *
+* @html Username spans and links
+*
 * @param string $mode Can be profile (for getting an url to the profile), username (for obtaining the username), colour (for obtaining the user colour), full (for obtaining a html string representing a coloured link to the users profile) or no_profile (the same as full but forcing no profile link)
 * @param int $user_id The users id
 * @param string $username The users name
@@ -1501,6 +1503,7 @@ function get_username_string($mode, $user_id, $username, $username_colour = '',
 	{
 		global $phpbb_root_path, $phpEx;

+		/** @html Username spans and links for usage in the template */
 		$_profile_cache['base_url'] = append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=viewprofile&amp;u={USER_ID}');
 		$_profile_cache['tpl_noprofile'] = '<span class="username">{USERNAME}</span>';
 		$_profile_cache['tpl_noprofile_colour'] = '<span style="color: {USERNAME_COLOUR};" class="username-coloured">{USERNAME}</span>';
--- a/phpBB/includes/functions_display.php
+++ b/phpBB/includes/functions_display.php
@@ -70,7 +70,7 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod
 				$data = array(
 					'NO_UNREAD_POSTS'	=> $user->lang['NO_UNREAD_POSTS'],
 					'UNREAD_POSTS'		=> $user->lang['UNREAD_POSTS'],
-					'U_MARK_FORUMS'		=> ($user->data['is_registered'] || $config['load_anon_lastread']) ? append_sid("{$phpbb_root_path}index.$phpEx", 'hash=' . generate_link_hash('global') . '&mark=forums&mark_time=' . time()) : '',
+					'U_MARK_FORUMS'		=> ($user->data['is_registered'] || $config['load_anon_lastread']) ? append_sid("{$phpbb_root_path}index.$phpEx", 'hash=' . generate_link_hash('global') . '&mark=forums&mark_time=' . time(), false) : '',
 					'MESSAGE_TITLE'		=> $user->lang['INFORMATION'],
 					'MESSAGE_TEXT'		=> $user->lang['FORUMS_MARKED']
 				);
@@ -355,7 +355,7 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod
 				$data = array(
 					'NO_UNREAD_POSTS'	=> $user->lang['NO_UNREAD_POSTS'],
 					'UNREAD_POSTS'		=> $user->lang['UNREAD_POSTS'],
-					'U_MARK_FORUMS'		=> ($user->data['is_registered'] || $config['load_anon_lastread']) ? append_sid("{$phpbb_root_path}viewforum.$phpEx", 'hash=' . generate_link_hash('global') . '&f=' . $root_data['forum_id'] . '&mark=forums&mark_time=' . time()) : '',
+					'U_MARK_FORUMS'		=> ($user->data['is_registered'] || $config['load_anon_lastread']) ? append_sid("{$phpbb_root_path}viewforum.$phpEx", 'hash=' . generate_link_hash('global') . '&f=' . $root_data['forum_id'] . '&mark=forums&mark_time=' . time(), false) : '',
 					'MESSAGE_TITLE'		=> $user->lang['INFORMATION'],
 					'MESSAGE_TEXT'		=> $user->lang['FORUMS_MARKED']
 				);
@@ -539,7 +539,8 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod
 		{
 			if ($row['forum_password_last_post'] === '' && $auth->acl_gets('f_read', 'f_list_topics', $row['forum_id_last_post']))
 			{
-				$last_post_subject = censor_text($row['forum_last_post_subject']);
+				$last_post_subject = utf8_decode_ncr(censor_text($row['forum_last_post_subject']));
+
 				$last_post_subject_truncated = truncate_string($last_post_subject, 30, 255, false, $user->lang['ELLIPSIS']);
 			}
 			else
@@ -547,11 +548,12 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod
 				$last_post_subject = $last_post_subject_truncated = '';
 			}
 			$last_post_time = $user->format_date($row['forum_last_post_time']);
+			$last_post_time_rfc3339 = gmdate(DATE_RFC3339, $row['forum_last_post_time']);
 			$last_post_url = append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'f=' . $row['forum_id_last_post'] . '&amp;p=' . $row['forum_last_post_id']) . '#p' . $row['forum_last_post_id'];
 		}
 		else
 		{
-			$last_post_subject = $last_post_time = $last_post_url = $last_post_subject_truncated = '';
+			$last_post_subject = $last_post_time = $last_post_time_rfc3339 = $last_post_url = $last_post_subject_truncated = '';
 		}

 		// Output moderator listing ... if applicable
@@ -622,6 +624,7 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod
 			'LAST_POST_SUBJECT'		=> $last_post_subject,
 			'LAST_POST_SUBJECT_TRUNCATED'	=> $last_post_subject_truncated,
 			'LAST_POST_TIME'		=> $last_post_time,
+			'LAST_POST_TIME_RFC3339'=> $last_post_time_rfc3339,
 			'LAST_POSTER'			=> get_username_string('username', $row['forum_last_poster_id'], $row['forum_last_poster_name'], $row['forum_last_poster_colour']),
 			'LAST_POSTER_COLOUR'	=> get_username_string('colour', $row['forum_last_poster_id'], $row['forum_last_poster_name'], $row['forum_last_poster_colour']),
 			'LAST_POSTER_FULL'		=> get_username_string('full', $row['forum_last_poster_id'], $row['forum_last_poster_name'], $row['forum_last_poster_colour']),
@@ -1117,7 +1120,6 @@ function display_custom_bbcodes()
 			'BBCODE_TAG'		=> $row['bbcode_tag'],
 			'BBCODE_TAG_CLEAN'	=> str_replace('=', '-', $row['bbcode_tag']),
 			'BBCODE_HELPLINE'	=> $row['bbcode_helpline'],
-			'A_BBCODE_HELPLINE'	=> str_replace(array('&amp;', '&quot;', "'", '&lt;', '&gt;'), array('&', '"', "\'", '<', '>'), $row['bbcode_helpline']),
 		);

 		/**
--- a/phpBB/includes/functions_download.php
+++ b/phpBB/includes/functions_download.php
@@ -196,7 +196,7 @@ function send_file_to_browser($attachment, $upload_dir, $category)
 	}

 	// Now the tricky part... let's dance
-	header('Cache-Control: public');
+	header('Cache-Control: private');

 	// Send out the Headers. Do not set Content-Disposition to inline please, it is a security measure for users using the Internet Explorer.
 	header('Content-Type: ' . $attachment['mimetype']);
@@ -451,7 +451,7 @@ function set_modified_headers($stamp, $browser)
 		{
 			send_status_line(304, 'Not Modified');
 			// seems that we need those too ... browsers
-			header('Cache-Control: public');
+			header('Cache-Control: private');
 			header('Expires: ' . gmdate('D, d M Y H:i:s', time() + 31536000) . ' GMT');
 			return true;
 		}
--- a/phpBB/includes/functions_messenger.php
+++ b/phpBB/includes/functions_messenger.php
@@ -181,10 +181,9 @@ class messenger
 	/**
 	* Adds X-AntiAbuse headers
 	*
-	* @param array $config		Configuration array
-	* @param user $user			A user object
-	*
-	* @return null
+	* @param \phpbb\config\config	$config		Config object
+	* @param \phpbb\user			$user		User object
+	* @return void
 	*/
 	function anti_abuse_headers($config, $user)
 	{
@@ -1582,6 +1581,14 @@ class smtp_class
 	*/
 	protected function starttls()
 	{
+		global $config;
+
+		// allow SMTPS (what was used by phpBB 3.0) if hostname is prefixed with tls:// or ssl://
+		if (strpos($config['smtp_host'], 'tls://') === 0 || strpos($config['smtp_host'], 'ssl://') === 0)
+		{
+			return true;
+		}
+
 		if (!function_exists('stream_socket_enable_crypto'))
 		{
 			return false;
@@ -1604,7 +1611,9 @@ class smtp_class

 		if (socket_set_blocking($this->socket, 1))
 		{
-			$result = stream_socket_enable_crypto($this->socket, true, STREAM_CRYPTO_METHOD_TLS_CLIENT);
+			// https://secure.php.net/manual/en/function.stream-socket-enable-crypto.php#119122
+			$crypto = (phpbb_version_compare(PHP_VERSION, '5.6.7', '<')) ? STREAM_CRYPTO_METHOD_TLS_CLIENT : STREAM_CRYPTO_METHOD_SSLv23_CLIENT;
+			$result = stream_socket_enable_crypto($this->socket, true, $crypto);
 			socket_set_blocking($this->socket, (int) $stream_meta['blocked']);
 		}

@@ -1884,14 +1893,21 @@ function mail_encode($str, $eol = "\r\n")
 }

 /**
-* Wrapper for sending out emails with the PHP's mail function
-*/
+ * Wrapper for sending out emails with the PHP's mail function
+ */
 function phpbb_mail($to, $subject, $msg, $headers, $eol, &$err_msg)
 {
 	global $config, $phpbb_root_path, $phpEx;

-	// We use the EOL character for the OS here because the PHP mail function does not correctly transform line endings. On Windows SMTP is used (SMTP is \r\n), on UNIX a command is used...
-	// Reference: http://bugs.php.net/bug.php?id=15841
+	// Convert Numeric Character References to UTF-8 chars (ie. Emojis)
+	$subject = utf8_decode_ncr($subject);
+	$msg = utf8_decode_ncr($msg);
+
+	/**
+	 * We use the EOL character for the OS here because the PHP mail function does not correctly transform line endings.
+	 * On Windows SMTP is used (SMTP is \r\n), on UNIX a command is used...
+	 * Reference: http://bugs.php.net/bug.php?id=15841
+	 */
 	$headers = implode($eol, $headers);

 	if (!class_exists('\phpbb\error_collector'))
@@ -1902,10 +1918,14 @@ function phpbb_mail($to, $subject, $msg, $headers, $eol, &$err_msg)
 	$collector = new \phpbb\error_collector;
 	$collector->install();

-	// On some PHP Versions mail() *may* fail if there are newlines within the subject.
-	// Newlines are used as a delimiter for lines in mail_encode() according to RFC 2045 section 6.8.
-	// Because PHP can't decide what is wanted we revert back to the non-RFC-compliant way of separating by one space (Use '' as parameter to mail_encode() results in SPACE used)
+	/**
+	 * On some PHP Versions mail() *may* fail if there are newlines within the subject.
+	 * Newlines are used as a delimiter for lines in mail_encode() according to RFC 2045 section 6.8.
+	 * Because PHP can't decide what is wanted we revert back to the non-RFC-compliant way of separating by one space
+	 * (Use '' as parameter to mail_encode() results in SPACE used)
+	 */
 	$additional_parameters = $config['email_force_sender'] ? '-f' . $config['board_email'] : '';
+
 	$result = mail($to, mail_encode($subject, ''), wordwrap(utf8_wordwrap($msg), 997, "\n", true), $headers, $additional_parameters);

 	$collector->uninstall();
--- a/phpBB/includes/functions_posting.php
+++ b/phpBB/includes/functions_posting.php
@@ -52,9 +52,29 @@ function generate_smilies($mode, $forum_id)

 		page_header($user->lang['SMILIES']);

-		$sql = 'SELECT COUNT(smiley_id) AS item_count
-			FROM ' . SMILIES_TABLE . '
-			GROUP BY smiley_url';
+		$sql_ary = [
+			'SELECT'	=> 'COUNT(s.smiley_id) AS item_count',
+			'FROM'		=> [
+				SMILIES_TABLE => 's',
+			],
+			'GROUP_BY'	=> 's.smiley_url',
+		];
+
+		/**
+		* Modify SQL query that fetches the total number of smilies in window mode
+		*
+		* @event core.generate_smilies_count_sql_before
+		* @var int		forum_id	Forum where smilies are generated
+		* @var array	sql_ary		Array with the SQL query
+		* @since 3.2.9-RC1
+		*/
+		$vars = [
+			'forum_id',
+			'sql_ary',
+		];
+		extract($phpbb_dispatcher->trigger_event('core.generate_smilies_count_sql_before', compact($vars)));
+
+		$sql = $db->sql_build_query('SELECT', $sql_ary);
 		$result = $db->sql_query($sql, 3600);

 		$smiley_count = 0;
@@ -114,6 +134,22 @@ function generate_smilies($mode, $forum_id)
 	}
 	$db->sql_freeresult($result);

+	/**
+	* Modify smilies before they are assigned to the template
+	*
+	* @event core.generate_smilies_modify_rowset
+	* @var string	mode		Smiley mode, either window or inline
+	* @var int		forum_id	Forum where smilies are generated
+	* @var array	smilies		Smiley rows fetched from the database
+	* @since 3.2.9-RC1
+	*/
+	$vars = [
+		'mode',
+		'forum_id',
+		'smilies',
+	];
+	extract($phpbb_dispatcher->trigger_event('core.generate_smilies_modify_rowset', compact($vars)));
+
 	if (count($smilies))
 	{
 		$root_path = (defined('PHPBB_USE_BOARD_URL_PATH') && PHPBB_USE_BOARD_URL_PATH) ? generate_board_url() . '/' : $phpbb_path_helper->get_web_root_path();
@@ -978,6 +1014,30 @@ function topic_review($topic_id, $forum_id, $mode = 'topic_review', $cur_post_id
 			AND u.user_id = p.poster_id',
 	);

+	/**
+	* Event to modify the SQL query for topic reviews
+	*
+	* @event core.topic_review_modify_sql_ary
+	* @var	int		topic_id			The topic ID that is being reviewed
+	* @var	int		forum_id			The topic's forum ID
+	* @var	string	mode				The topic review mode
+	* @var	int		cur_post_id			Post offset ID
+	* @var	bool	show_quote_button	Flag indicating if the quote button should be displayed
+	* @var	array	post_list			Array with the post IDs
+	* @var	array	sql_ary				Array with the SQL query
+	* @since 3.2.8-RC1
+	*/
+	$vars = array(
+		'topic_id',
+		'forum_id',
+		'mode',
+		'cur_post_id',
+		'show_quote_button',
+		'post_list',
+		'sql_ary',
+	);
+	extract($phpbb_dispatcher->trigger_event('core.topic_review_modify_sql_ary', compact($vars)));
+
 	$sql = $db->sql_build_query('SELECT', $sql_ary);
 	$result = $db->sql_query($sql);

@@ -1284,6 +1344,7 @@ function delete_post($forum_id, $topic_id, $post_id, &$data, $is_soft = false, $
 				delete_topics('topic_id', array($topic_id), false);

 				$phpbb_content_visibility->remove_topic_from_statistic($data, $sql_data);
+				$config->increment('num_posts', -1, false);

 				$update_sql = update_post_information('forum', $forum_id, true);
 				if (count($update_sql))
@@ -2054,6 +2115,11 @@ function submit_post($mode, $subject, $username, $topic_type, &$poll_ary, &$data
 				continue;
 			}

+			if (preg_match('/[\x{10000}-\x{10FFFF}]/u', $attach_row['attach_comment']))
+			{
+				trigger_error('ATTACH_COMMENT_NO_EMOJIS');
+			}
+
 			if (!$attach_row['is_orphan'])
 			{
 				// update entry in db if attachment already stored in db and filespace
--- a/phpBB/includes/functions_privmsgs.php
+++ b/phpBB/includes/functions_privmsgs.php
@@ -490,7 +490,7 @@ function place_pm_into_folder(&$global_privmsgs_rules, $release = false)
 				'bcc'				=> explode(':', $row['bcc_address']),
 				'friend'			=> (isset($zebra[$row['author_id']])) ? $zebra[$row['author_id']]['friend'] : 0,
 				'foe'				=> (isset($zebra[$row['author_id']])) ? $zebra[$row['author_id']]['foe'] : 0,
-				'user_in_group'		=> array($user->data['group_id']),
+				'user_in_group'		=> $user->data['group_id'],
 				'author_in_group'	=> array())
 			);

@@ -1966,7 +1966,7 @@ function submit_pm($mode, $subject, &$data_ary, $put_in_outbox = true)
 */
 function message_history($msg_id, $user_id, $message_row, $folder, $in_post_mode = false)
 {
-	global $db, $user, $template, $phpbb_root_path, $phpEx, $auth;
+	global $db, $user, $template, $phpbb_root_path, $phpEx, $auth, $phpbb_dispatcher;

 	// Select all receipts and the author from the pm we currently view, to only display their pm-history
 	$sql = 'SELECT author_id, user_id
@@ -1985,9 +1985,7 @@ function message_history($msg_id, $user_id, $message_row, $folder, $in_post_mode
 	$recipients = array_unique($recipients);

 	// Get History Messages (could be newer)
-	$sql = 'SELECT t.*, p.*, u.*
-		FROM ' . PRIVMSGS_TABLE . ' p, ' . PRIVMSGS_TO_TABLE . ' t, ' . USERS_TABLE . ' u
-		WHERE t.msg_id = p.msg_id
+	$sql_where = 't.msg_id = p.msg_id
 			AND p.author_id = u.user_id
 			AND t.folder_id NOT IN (' . PRIVMSGS_NO_BOX . ', ' . PRIVMSGS_HOLD_BOX . ')
 			AND ' . $db->sql_in_set('t.author_id', $recipients, false, true) . "
@@ -1998,13 +1996,37 @@ function message_history($msg_id, $user_id, $message_row, $folder, $in_post_mode

 	if (!$message_row['root_level'])
 	{
-		$sql .= " AND (p.root_level = $msg_id OR (p.root_level = 0 AND p.msg_id = $msg_id))";
+		$sql_where .= " AND (p.root_level = $msg_id OR (p.root_level = 0 AND p.msg_id = $msg_id))";
 	}
 	else
 	{
-		$sql .= " AND (p.root_level = " . $message_row['root_level'] . ' OR p.msg_id = ' . $message_row['root_level'] . ')';
+		$sql_where .= " AND (p.root_level = " . $message_row['root_level'] . ' OR p.msg_id = ' . $message_row['root_level'] . ')';
 	}
-	$sql .= ' ORDER BY p.message_time DESC';
+
+	$sql_ary = array(
+		'SELECT'	=> 't.*, p.*, u.*',
+		'FROM'		=> array(
+			PRIVMSGS_TABLE		=> 'p',
+			PRIVMSGS_TO_TABLE	=> 't',
+			USERS_TABLE			=> 'u'
+		),
+		'LEFT_JOIN'	=> array(),
+		'WHERE'		=> $sql_where,
+		'ORDER_BY'	=> 'p.message_time DESC',
+	);
+
+	/**
+	* Event to modify the SQL query before the message history in private message is queried
+	*
+	* @event core.message_history_modify_sql_ary
+	* @var	array	sql_ary		The SQL array to get the data of the message history in private message
+	* @since 3.2.8-RC1
+	*/
+	$vars = array('sql_ary');
+	extract($phpbb_dispatcher->trigger_event('core.message_history_modify_sql_ary', compact($vars)));
+
+	$sql = $db->sql_build_query('SELECT', $sql_ary);
+	unset($sql_ary);

 	$result = $db->sql_query($sql);
 	$row = $db->sql_fetchrow($result);
@@ -2087,7 +2109,7 @@ function message_history($msg_id, $user_id, $message_row, $folder, $in_post_mode
 			$previous_history_pm = $prev_id;
 		}

-		$template->assign_block_vars('history_row', array(
+		$template_vars = array(
 			'MESSAGE_AUTHOR_QUOTE'		=> (($decoded_message) ? addslashes(get_username_string('username', $author_id, $row['username'], $row['user_colour'], $row['username'])) : ''),
 			'MESSAGE_AUTHOR_FULL'		=> get_username_string('full', $author_id, $row['username'], $row['user_colour'], $row['username']),
 			'MESSAGE_AUTHOR_COLOUR'		=> get_username_string('colour', $author_id, $row['username'], $row['user_colour'], $row['username']),
@@ -2109,8 +2131,25 @@ function message_history($msg_id, $user_id, $message_row, $folder, $in_post_mode
 			'USER_ID'			=> $row['user_id'],
 			'U_VIEW_MESSAGE'	=> "$url&amp;f=$folder_id&amp;p=" . $row['msg_id'],
 			'U_QUOTE'			=> (!$in_post_mode && $auth->acl_get('u_sendpm') && $author_id != ANONYMOUS) ? "$url&amp;mode=compose&amp;action=quote&amp;f=" . $folder_id . "&amp;p=" . $row['msg_id'] : '',
-			'U_POST_REPLY_PM'	=> ($author_id != $user->data['user_id'] && $author_id != ANONYMOUS && $auth->acl_get('u_sendpm')) ? "$url&amp;mode=compose&amp;action=reply&amp;f=$folder_id&amp;p=" . $row['msg_id'] : '')
+			'U_POST_REPLY_PM'	=> ($author_id != $user->data['user_id'] && $author_id != ANONYMOUS && $auth->acl_get('u_sendpm')) ? "$url&amp;mode=compose&amp;action=reply&amp;f=$folder_id&amp;p=" . $row['msg_id'] : ''
 		);
+
+		/**
+		* Modify the template vars for displaying the message history in private message
+		*
+		* @event core.message_history_modify_template_vars
+		* @var array	template_vars		Array containing the query
+		* @var array	row					Array containing the action user row
+		* @since 3.2.8-RC1
+		*/
+		$vars = array(
+			'template_vars',
+			'row',
+		);
+		extract($phpbb_dispatcher->trigger_event('core.message_history_modify_template_vars', compact($vars)));
+
+		$template->assign_block_vars('history_row', $template_vars);
+
 		unset($rowset[$i]);
 		$prev_id = $id;
 	}
--- a/phpBB/includes/functions_user.php
+++ b/phpBB/includes/functions_user.php
@@ -1732,7 +1732,7 @@ function phpbb_validate_timezone($timezone)
 * @return mixed							Either false if validation succeeded or a string which will be
 *											used as the error message (with the variable name appended)
 */
-function validate_username($username, $allowed_username = false)
+function validate_username($username, $allowed_username = false, $allow_all_names = false)
 {
 	global $config, $db, $user, $cache;

@@ -1815,13 +1815,16 @@ function validate_username($username, $allowed_username = false)
 		return 'USERNAME_TAKEN';
 	}

-	$bad_usernames = $cache->obtain_disallowed_usernames();
-
-	foreach ($bad_usernames as $bad_username)
+	if (!$allow_all_names)
 	{
-		if (preg_match('#^' . $bad_username . '$#', $clean_username))
+		$bad_usernames = $cache->obtain_disallowed_usernames();
+
+		foreach ($bad_usernames as $bad_username)
 		{
-			return 'USERNAME_DISALLOWED';
+			if (preg_match('#^' . $bad_username . '$#', $clean_username))
+			{
+				return 'USERNAME_DISALLOWED';
+			}
 		}
 	}

@@ -1942,9 +1945,10 @@ function validate_user_email($email, $allowed_email = false)
 		return $validate_email;
 	}

-	if (($ban = $user->check_ban(false, false, $email, true)) !== false)
+	$ban = $user->check_ban(false, false, $email, true);
+	if (!empty($ban))
 	{
-		return ($ban === true) ? 'EMAIL_BANNED' : (!empty($ban['ban_give_reason']) ? $ban['ban_give_reason'] : $ban);
+		return !empty($ban['ban_give_reason']) ? $ban['ban_give_reason'] : 'EMAIL_BANNED';
 	}

 	if (!$config['allow_emailreuse'])
--- a/phpBB/includes/mcp/mcp_ban.php
+++ b/phpBB/includes/mcp/mcp_ban.php
@@ -269,7 +269,7 @@ class mcp_ban
 		}
 		else if ($post_id)
 		{
-			$post_info = phpbb_get_post_data($post_id, 'm_ban');
+			$post_info = phpbb_get_post_data(array($post_id), 'm_ban');

 			if (count($post_info) && !empty($post_info[$post_id]))
 			{
--- a/phpBB/includes/mcp/mcp_main.php
+++ b/phpBB/includes/mcp/mcp_main.php
@@ -41,6 +41,22 @@ class mcp_main

 		$quickmod = ($mode == 'quickmod') ? true : false;

+		/**
+		* Event to perform additional actions before an MCP action is executed.
+		*
+		* @event core.mcp_main_before
+		* @var	string	action				The action that is about to be performed
+		* @var	string	mode				The mode in which the MCP is accessed, e.g. front, forum_view, topic_view, post_details, quickmod
+		* @var	boolean	quickmod			Whether or not the action is performed via QuickMod
+		* @since 3.2.8-RC1
+		*/
+		$vars = [
+			'action',
+			'mode',
+			'quickmod',
+		];
+		extract($phpbb_dispatcher->trigger_event('core.mcp_main_before', compact($vars)));
+
 		switch ($action)
 		{
 			case 'lock':
@@ -378,7 +394,7 @@ function lock_unlock($action, $ids)
 */
 function change_topic_type($action, $topic_ids)
 {
-	global $user, $db, $request, $phpbb_log;
+	global $user, $db, $request, $phpbb_log, $phpbb_dispatcher;

 	switch ($action)
 	{
--- a/phpBB/includes/mcp/mcp_topic.php
+++ b/phpBB/includes/mcp/mcp_topic.php
@@ -142,14 +142,36 @@ function mcp_topic_view($id, $mode, $action)
 	}
 	$start = $pagination->validate_start($start, $posts_per_page, $total);

-	$sql = 'SELECT u.username, u.username_clean, u.user_colour, p.*
-		FROM ' . POSTS_TABLE . ' p, ' . USERS_TABLE . ' u
-		WHERE ' . (($action == 'reports') ? 'p.post_reported = 1 AND ' : '') . '
+	$sql_where = (($action == 'reports') ? 'p.post_reported = 1 AND ' : '') . '
 			p.topic_id = ' . $topic_id . '
 			AND ' .	$phpbb_content_visibility->get_visibility_sql('post', $topic_info['forum_id'], 'p.') . '
 			AND p.poster_id = u.user_id ' .
-			$limit_time_sql . '
-		ORDER BY ' . $sort_order_sql;
+			$limit_time_sql;
+
+	$sql_ary = array(
+		'SELECT'	=> 'u.username, u.username_clean, u.user_colour, p.*',
+		'FROM'		=> array(
+			POSTS_TABLE		=> 'p',
+			USERS_TABLE		=> 'u'
+		),
+		'LEFT_JOIN'	=> array(),
+		'WHERE'		=> $sql_where,
+		'ORDER_BY'	=> $sort_order_sql,
+	);
+
+	/**
+	* Event to modify the SQL query before the MCP topic review posts is queried
+	*
+	* @event core.mcp_topic_modify_sql_ary
+	* @var	array	sql_ary		The SQL array to get the data of the MCP topic review posts
+	* @since 3.2.8-RC1
+	*/
+	$vars = array('sql_ary');
+	extract($phpbb_dispatcher->trigger_event('core.mcp_topic_modify_sql_ary', compact($vars)));
+
+	$sql = $db->sql_build_query('SELECT', $sql_ary);
+	unset($sql_ary);
+
 	$result = $db->sql_query_limit($sql, $posts_per_page, $start);

 	$rowset = $post_id_list = array();
--- a/phpBB/includes/message_parser.php
+++ b/phpBB/includes/message_parser.php
@@ -1524,6 +1524,35 @@ class parse_message extends bbcode_firstpass
 		}
 	}

+	/**
+	 * Check attachment form token depending on submit type
+	 *
+	 * @param \phpbb\language\language $language Language
+	 * @param \phpbb\request\request_interface $request Request
+	 * @param string $form_name Form name for checking form key
+	 *
+	 * @return bool True if form token is not needed or valid, false if needed and invalid
+	 */
+	function check_attachment_form_token(\phpbb\language\language $language, \phpbb\request\request_interface $request, $form_name)
+	{
+		$add_file = $request->is_set_post('add_file');
+		$delete_file = $request->is_set_post('delete_file');
+
+		if (($add_file || $delete_file) && !check_form_key($form_name))
+		{
+			$this->warn_msg[] = $language->lang('FORM_INVALID');
+
+			if ($request->is_ajax() && $this->plupload)
+			{
+				$this->plupload->emit_error(-400, 'FORM_INVALID');
+			}
+
+			return false;
+		}
+
+		return true;
+	}
+
 	/**
 	* Parse Attachments
 	*/
--- a/phpBB/includes/ucp/ucp_attachments.php
+++ b/phpBB/includes/ucp/ucp_attachments.php
@@ -29,7 +29,7 @@ class ucp_attachments

 	function main($id, $mode)
 	{
-		global $template, $user, $db, $config, $phpEx, $phpbb_root_path, $phpbb_container, $request;
+		global $template, $user, $db, $config, $phpEx, $phpbb_root_path, $phpbb_container, $request, $auth;

 		$start		= $request->variable('start', 0);
 		$sort_key	= $request->variable('sk', 'a');
@@ -41,16 +41,27 @@ class ucp_attachments
 		if ($delete && count($delete_ids))
 		{
 			// Validate $delete_ids...
-			$sql = 'SELECT attach_id
-				FROM ' . ATTACHMENTS_TABLE . '
-				WHERE poster_id = ' . $user->data['user_id'] . '
-					AND is_orphan = 0
-					AND ' . $db->sql_in_set('attach_id', $delete_ids);
+			$sql = 'SELECT a.attach_id, p.post_edit_locked, t.topic_status, f.forum_id, f.forum_status
+				FROM ' . ATTACHMENTS_TABLE . ' a
+				LEFT JOIN ' . POSTS_TABLE . ' p
+					ON (a.post_msg_id = p.post_id AND a.in_message = 0)
+				LEFT JOIN ' . TOPICS_TABLE . ' t
+					ON (t.topic_id = p.topic_id AND a.in_message = 0)
+				LEFT JOIN ' . FORUMS_TABLE . ' f
+					ON (f.forum_id = t.forum_id AND a.in_message = 0)
+				WHERE a.poster_id = ' . $user->data['user_id'] . '
+					AND a.is_orphan = 0
+					AND ' . $db->sql_in_set('a.attach_id', $delete_ids);
 			$result = $db->sql_query($sql);

 			$delete_ids = array();
 			while ($row = $db->sql_fetchrow($result))
 			{
+				if (!$auth->acl_get('m_edit', $row['forum_id']) && ($row['forum_status'] == ITEM_LOCKED || $row['topic_status'] == ITEM_LOCKED || $row['post_edit_locked']))
+				{
+					continue;
+				}
+
 				$delete_ids[] = $row['attach_id'];
 			}
 			$db->sql_freeresult($result);
@@ -124,10 +135,12 @@ class ucp_attachments
 		$pagination = $phpbb_container->get('pagination');
 		$start = $pagination->validate_start($start, $config['topics_per_page'], $num_attachments);

-		$sql = 'SELECT a.*, t.topic_title, p.message_subject as message_title
+		$sql = 'SELECT a.*, t.topic_title, pr.message_subject as message_title, p.post_edit_locked, t.topic_status, f.forum_id, f.forum_status
 			FROM ' . ATTACHMENTS_TABLE . ' a
+				LEFT JOIN ' . POSTS_TABLE . ' p ON (a.post_msg_id = p.post_id AND a.in_message = 0)
 				LEFT JOIN ' . TOPICS_TABLE . ' t ON (a.topic_id = t.topic_id AND a.in_message = 0)
-				LEFT JOIN ' . PRIVMSGS_TABLE . ' p ON (a.post_msg_id = p.msg_id AND a.in_message = 1)
+				LEFT JOIN ' . FORUMS_TABLE . ' f ON (f.forum_id = t.forum_id AND a.in_message = 0)
+				LEFT JOIN ' . PRIVMSGS_TABLE . ' pr ON (a.post_msg_id = pr.msg_id AND a.in_message = 1)
 			WHERE a.poster_id = ' . $user->data['user_id'] . "
 				AND a.is_orphan = 0
 			ORDER BY $order_by";
@@ -164,6 +177,7 @@ class ucp_attachments
 					'TOPIC_ID'			=> $row['topic_id'],

 					'S_IN_MESSAGE'		=> $row['in_message'],
+					'S_LOCKED'			=> !$row['in_message'] && !$auth->acl_get('m_edit', $row['forum_id']) && ($row['forum_status'] == ITEM_LOCKED || $row['topic_status'] == ITEM_LOCKED || $row['post_edit_locked']),

 					'U_VIEW_ATTACHMENT'	=> append_sid("{$phpbb_root_path}download/file.$phpEx", 'id=' . $row['attach_id']),
 					'U_VIEW_TOPIC'		=> $view_topic)
--- a/phpBB/includes/ucp/ucp_groups.php
+++ b/phpBB/includes/ucp/ucp_groups.php
@@ -534,7 +534,12 @@ class ucp_groups
 								'teampage'	=> $group_row['group_teampage'],
 							);

-							if ($config['allow_avatar'])
+							if (!check_form_key('ucp_groups'))
+							{
+								$error[] = $user->lang['FORM_INVALID'];
+							}
+
+							if (!count($error) && $config['allow_avatar'])
 							{
 								// Handle avatar
 								$driver_name = $phpbb_avatar_manager->clean_driver_name($request->variable('avatar_driver', ''));
@@ -556,11 +561,6 @@ class ucp_groups
 								$error = array_merge($error, $phpbb_avatar_manager->localize_errors($user, $avatar_error));
 							}

-							if (!check_form_key('ucp_groups'))
-							{
-								$error[] = $user->lang['FORM_INVALID'];
-							}
-
 							// Validate submitted colour value
 							if ($colour_error = validate_data($submit_ary, array('colour'	=> array('hex_colour', true))))
 							{
@@ -875,6 +875,11 @@ class ucp_groups
 							trigger_error($user->lang['NO_GROUP'] . $return_page);
 						}

+						if (!check_form_key('ucp_groups'))
+						{
+							trigger_error($user->lang('FORM_INVALID') . $return_page);
+						}
+
 						if (!($row = group_memberships($group_id, $user->data['user_id'])))
 						{
 							trigger_error($user->lang['NOT_MEMBER_OF_GROUP'] . $return_page);
--- a/phpBB/includes/ucp/ucp_pm.php
+++ b/phpBB/includes/ucp/ucp_pm.php
@@ -193,6 +193,8 @@ class ucp_pm
 					trigger_error('NO_AUTH_READ_HOLD_MESSAGE');
 				}

+				add_form_key('ucp_pm_view');
+
 				// First Handle Mark actions and moving messages
 				$submit_mark	= (isset($_POST['submit_mark'])) ? true : false;
 				$move_pm		= (isset($_POST['move_pm'])) ? true : false;
@@ -207,6 +209,11 @@ class ucp_pm
 					$submit_mark = false;
 				}

+				if (($move_pm || $submit_mark) && !check_form_key('ucp_pm_view'))
+				{
+					trigger_error('FORM_INVALID');
+				}
+
 				// Move PM
 				if ($move_pm)
 				{
--- a/phpBB/includes/ucp/ucp_pm_compose.php
+++ b/phpBB/includes/ucp/ucp_pm_compose.php
@@ -26,7 +26,7 @@ if (!defined('IN_PHPBB'))
 function compose_pm($id, $mode, $action, $user_folders = array())
 {
 	global $template, $db, $auth, $user, $cache;
-	global $phpbb_root_path, $phpEx, $config;
+	global $phpbb_root_path, $phpEx, $config, $language;
 	global $request, $phpbb_dispatcher, $phpbb_container;

 	// Damn php and globals - i know, this is horrible
@@ -799,7 +799,10 @@ function compose_pm($id, $mode, $action, $user_folders = array())
 		extract($phpbb_dispatcher->trigger_event('core.ucp_pm_compose_modify_parse_before', compact($vars)));

 		// Parse Attachments - before checksum is calculated
-		$message_parser->parse_attachments('fileupload', $action, 0, $submit, $preview, $refresh, true);
+		if ($message_parser->check_attachment_form_token($language, $request, 'ucp_pm_compose'))
+		{
+			$message_parser->parse_attachments('fileupload', $action, 0, $submit, $preview, $refresh, true);
+		}

 		if (count($message_parser->warn_msg) && !($remove_u || $remove_g || $add_to || $add_bcc))
 		{
@@ -996,7 +999,10 @@ function compose_pm($id, $mode, $action, $user_folders = array())
 		{
 			$quote_attributes['post_id'] = $post['msg_id'];
 		}
-
+		if ($action === 'quote')
+		{
+			$quote_attributes['msg_id'] = $post['msg_id'];
+		}
 		/** @var \phpbb\language\language $language */
 		$language = $phpbb_container->get('language');
 		/** @var \phpbb\textformatter\utils_interface $text_formatter_utils */
@@ -1007,6 +1013,16 @@ function compose_pm($id, $mode, $action, $user_folders = array())
 	if (($action == 'reply' || $action == 'quote' || $action == 'quotepost') && !$preview && !$refresh)
 	{
 		$message_subject = ((!preg_match('/^Re:/', $message_subject)) ? 'Re: ' : '') . censor_text($message_subject);
+
+		/**
+		* This event allows you to modify the PM subject of the PM being quoted
+		*
+		* @event core.pm_modify_message_subject
+		* @var	string		message_subject		String with the PM subject already censored.
+		* @since 3.2.8-RC1
+		*/
+		$vars = array('message_subject');
+		extract($phpbb_dispatcher->trigger_event('core.pm_modify_message_subject', compact($vars)));
 	}

 	if ($action == 'forward' && !$preview && !$refresh && !$submit)
--- a/phpBB/includes/ucp/ucp_pm_viewfolder.php
+++ b/phpBB/includes/ucp/ucp_pm_viewfolder.php
@@ -32,6 +32,8 @@ function view_folder($id, $mode, $folder_id, $folder)

 	$folder_info = get_pm_from($folder_id, $folder, $user->data['user_id']);

+	add_form_key('ucp_pm_view_folder');
+
 	if (!$submit_export)
 	{
 		$user->add_lang('viewforum');
@@ -138,9 +140,9 @@ function view_folder($id, $mode, $folder_id, $folder)
 				$row_indicator = '';
 				foreach ($color_rows as $var)
 				{
-					if (($var != 'friend' && $var != 'foe' && $row['pm_' . $var])
+					if (($var !== 'friend' && $var !== 'foe' && $row[($var === 'message_reported') ? $var : "pm_{$var}"])
 						||
-						(($var == 'friend' || $var == 'foe') && isset(${$var}[$row['author_id']]) && ${$var}[$row['author_id']]))
+						(($var === 'friend' || $var === 'foe') && isset(${$var}[$row['author_id']]) && ${$var}[$row['author_id']]))
 					{
 						$row_indicator = $var;
 						break;
@@ -197,6 +199,11 @@ function view_folder($id, $mode, $folder_id, $folder)
 		$enclosure = $request->variable('enclosure', '');
 		$delimiter = $request->variable('delimiter', '');

+		if (!check_form_key('ucp_pm_view_folder'))
+		{
+			trigger_error('FORM_INVALID');
+		}
+
 		if ($export_type == 'CSV' && ($delimiter === '' || $enclosure === ''))
 		{
 			$template->assign_var('PROMPT', true);
--- a/phpBB/includes/ucp/ucp_profile.php
+++ b/phpBB/includes/ucp/ucp_profile.php
@@ -133,7 +133,6 @@ class ucp_profile
 							'user_email'		=> ($auth->acl_get('u_chgemail')) ? $data['email'] : $user->data['user_email'],
 							'user_email_hash'	=> ($auth->acl_get('u_chgemail')) ? phpbb_email_hash($data['email']) : $user->data['user_email_hash'],
 							'user_password'		=> ($auth->acl_get('u_chgpasswd') && $data['new_password']) ? $passwords_manager->hash($data['new_password']) : $user->data['user_password'],
-							'user_passchg'		=> ($auth->acl_get('u_chgpasswd') && $data['new_password']) ? time() : 0,
 						);

 						if ($auth->acl_get('u_chgname') && $config['allow_namechange'] && $data['username'] != $user->data['username'])
@@ -147,6 +146,8 @@ class ucp_profile

 						if ($auth->acl_get('u_chgpasswd') && $data['new_password'] && !$passwords_manager->check($data['new_password'], $user->data['user_password']))
 						{
+							$sql_ary['user_passchg'] = time();
+
 							$user->reset_login_keys();
 							$phpbb_log->add('user', $user->data['user_id'], $user->ip, 'LOG_USER_NEW_PASSWORD', false, array(
 								'reportee_id' => $user->data['user_id'],
--- a/phpBB/includes/ucp/ucp_register.php
+++ b/phpBB/includes/ucp/ucp_register.php
@@ -39,12 +39,23 @@ class ucp_register
 			trigger_error('UCP_REGISTER_DISABLE');
 		}

-		$coppa			= $request->is_set('coppa') ? (int) $request->variable('coppa', false) : false;
+		$coppa			= $request->is_set('coppa_yes') ? 1 : ($request->is_set('coppa_no') ? 0 : false);
+		$coppa			= $request->is_set('coppa') ? $request->variable('coppa', 0) : $coppa;
 		$agreed			= $request->variable('agreed', false);
 		$submit			= $request->is_set_post('submit');
 		$change_lang	= $request->variable('change_lang', '');
 		$user_lang		= $request->variable('lang', $user->lang_name);

+		if ($agreed && !check_form_key('ucp_register'))
+		{
+			$agreed = false;
+		}
+
+		if ($coppa !== false && !check_form_key('ucp_register'))
+		{
+			$coppa = false;
+		}
+
 		/**
 		* Add UCP register data before they are assigned to the template or submitted
 		*
@@ -67,14 +78,7 @@ class ucp_register
 		);
 		extract($phpbb_dispatcher->trigger_event('core.ucp_register_requests_after', compact($vars)));

-		if ($agreed)
-		{
-			add_form_key('ucp_register');
-		}
-		else
-		{
-			add_form_key('ucp_register_terms');
-		}
+		add_form_key('ucp_register');

 		if ($change_lang || $user_lang != $config['default_lang'])
 		{
@@ -168,11 +172,8 @@ class ucp_register

 				$template_vars = array(
 					'S_LANG_OPTIONS'	=> (count($lang_row) > 1) ? language_select($user_lang) : '',
-					'L_COPPA_NO'		=> sprintf($user->lang['UCP_COPPA_BEFORE'], $coppa_birthday),
-					'L_COPPA_YES'		=> sprintf($user->lang['UCP_COPPA_ON_AFTER'], $coppa_birthday),
-
-					'U_COPPA_NO'		=> append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=register&amp;coppa=0'),
-					'U_COPPA_YES'		=> append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=register&amp;coppa=1'),
+					'L_COPPA_NO'		=> $user->lang('UCP_COPPA_BEFORE', $coppa_birthday),
+					'L_COPPA_YES'		=> $user->lang('UCP_COPPA_ON_AFTER', $coppa_birthday),

 					'S_SHOW_COPPA'		=> true,
 					'S_HIDDEN_FIELDS'	=> build_hidden_fields($s_hidden_fields),
--- a/phpBB/includes/utf/utf_tools.php
+++ b/phpBB/includes/utf/utf_tools.php
@@ -418,24 +418,43 @@ function utf8_recode($string, $encoding)
 }

 /**
-* Replace all UTF-8 chars that are not in ASCII with their NCR
-*
-* @param	string	$text		UTF-8 string in NFC
-* @return	string				ASCII string using NCRs for non-ASCII chars
-*/
+ * Replace some special UTF-8 chars that are not in ASCII with their UCR.
+ * using their Numeric Character Reference's Hexadecimal notation.
+ *
+ * Doesn't interfere with Japanese or Cyrillic etc.
+ * Unicode character visualization will depend on the character support
+ * of your web browser and the fonts installed on your system.
+ *
+ * @see https://en.wikibooks.org/wiki/Unicode/Character_reference/1F000-1FFFF
+ *
+ * @param	string	$text		UTF-8 string in NFC
+ * @return	string				ASCII string using NCR for non-ASCII chars
+ */
+function utf8_encode_ucr($text)
+{
+	return preg_replace_callback('/[\\xF0-\\xF4].../', 'utf8_encode_ncr_callback', $text);
+}
+
+/**
+ * Replace all UTF-8 chars that are not in ASCII with their NCR
+ * using their Numeric Character Reference's Hexadecimal notation.
+ *
+ * @param	string	$text		UTF-8 string in NFC
+ * @return	string				ASCII string using NCRs for non-ASCII chars
+ */
 function utf8_encode_ncr($text)
 {
 	return preg_replace_callback('#[\\xC2-\\xF4][\\x80-\\xBF]{1,3}#', 'utf8_encode_ncr_callback', $text);
 }

 /**
-* Callback used in encode_ncr()
-*
-* Takes a UTF-8 char and replaces it with its NCR. Attention, $m is an array
-*
-* @param	array	$m			0-based numerically indexed array passed by preg_replace_callback()
-* @return	string				A HTML NCR if the character is valid, or the original string otherwise
-*/
+ * Callback used in utf8_encode_ncr() and utf8_encode_ucr()
+ *
+ * Takes a UTF-8 char and replaces it with its NCR. Attention, $m is an array
+ *
+ * @param	array	$m			0-based numerically indexed array passed by preg_replace_callback()
+ * @return	string				A HTML NCR if the character is valid, or the original string otherwise
+ */
 function utf8_encode_ncr_callback($m)
 {
 	return '&#' . utf8_ord($m[0]) . ';';
--- a/phpBB/index.php
+++ b/phpBB/index.php
@@ -211,9 +211,6 @@ if ($show_birthdays)
 	$template->assign_block_vars_array('birthdays', $birthdays);
 }

-// Add form token for login box
-add_form_key('login', '_LOGIN');
-
 // Assign index specific vars
 $template->assign_vars(array(
 	'TOTAL_POSTS'	=> $user->lang('TOTAL_POSTS_COUNT', (int) $config['num_posts']),
--- a/phpBB/install/convertors/convert_phpbb20.php
+++ b/phpBB/install/convertors/convert_phpbb20.php
@@ -38,7 +38,7 @@ $dbms = $phpbb_config_php_file->convert_30_dbms_to_31($dbms);
 $convertor_data = array(
 	'forum_name'	=> 'phpBB 2.0.x',
 	'version'		=> '1.0.3',
-	'phpbb_version'	=> '3.2.6',
+	'phpbb_version'	=> '3.2.9',
 	'author'		=> '<a href="https://www.phpbb.com/">phpBB Limited</a>',
 	'dbms'			=> $dbms,
 	'dbhost'		=> $dbhost,
--- a/phpBB/install/phpbbcli.php
+++ b/phpBB/install/phpbbcli.php
@@ -23,7 +23,7 @@ if (php_sapi_name() !== 'cli')
 define('IN_PHPBB', true);
 define('IN_INSTALL', true);
 define('PHPBB_ENVIRONMENT', 'production');
-define('PHPBB_VERSION', '3.2.6');
+define('PHPBB_VERSION', '3.2.9');
 $phpbb_root_path = __DIR__ . '/../';
 $phpEx = substr(strrchr(__FILE__, '.'), 1);

--- a/phpBB/install/schemas/schema_data.sql
+++ b/phpBB/install/schemas/schema_data.sql
@@ -185,7 +185,7 @@ INSERT INTO phpbb_config (config_name, config_value) VALUES ('load_cpf_viewprofi
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('load_cpf_viewtopic', '1');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('load_db_lastread', '1');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('load_db_track', '1');
-INSERT INTO phpbb_config (config_name, config_value) VALUES ('load_jquery_url', '//ajax.googleapis.com/ajax/libs/jquery/1.11.0/jquery.min.js');
+INSERT INTO phpbb_config (config_name, config_value) VALUES ('load_jquery_url', '//ajax.googleapis.com/ajax/libs/jquery/1.12.4/jquery.min.js');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('load_jumpbox', '1');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('load_moderators', '1');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('load_notifications', '1');
@@ -279,7 +279,7 @@ INSERT INTO phpbb_config (config_name, config_value) VALUES ('tpl_allow_php', '0
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('upload_icons_path', 'images/upload_icons');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('upload_path', 'files');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('use_system_cron', '0');
-INSERT INTO phpbb_config (config_name, config_value) VALUES ('version', '3.2.6');
+INSERT INTO phpbb_config (config_name, config_value) VALUES ('version', '3.2.9');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('warnings_expire_days', '90');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('warnings_gc', '14400');

@@ -421,6 +421,7 @@ INSERT INTO phpbb_acl_options (auth_option, is_global) VALUES ('u_chgname', 1);
 INSERT INTO phpbb_acl_options (auth_option, is_global) VALUES ('u_chgpasswd', 1);
 INSERT INTO phpbb_acl_options (auth_option, is_global) VALUES ('u_chgprofileinfo', 1);
 INSERT INTO phpbb_acl_options (auth_option, is_global) VALUES ('u_download', 1);
+INSERT INTO phpbb_acl_options (auth_option, is_global) VALUES ('u_emoji', 1);
 INSERT INTO phpbb_acl_options (auth_option, is_global) VALUES ('u_hideonline', 1);
 INSERT INTO phpbb_acl_options (auth_option, is_global) VALUES ('u_ignoreflood', 1);
 INSERT INTO phpbb_acl_options (auth_option, is_global) VALUES ('u_masspm', 1);
--- a/phpBB/language/en/acp/board.php
+++ b/phpBB/language/en/acp/board.php
@@ -44,7 +44,7 @@ $lang = array_merge($lang, array(
 	'BOARD_STYLE'					=> 'Board style',
 	'CUSTOM_DATEFORMAT'				=> 'Custom…',
 	'DEFAULT_DATE_FORMAT'			=> 'Date format',
-	'DEFAULT_DATE_FORMAT_EXPLAIN'	=> 'The date format is the same as the PHP <code>date</code> function.',
+	'DEFAULT_DATE_FORMAT_EXPLAIN'	=> 'The date format is the same as the PHP <code><a href="https://secure.php.net/manual/function.date.php">date()</a></code> function.',
 	'DEFAULT_LANGUAGE'				=> 'Default language',
 	'DEFAULT_STYLE'					=> 'Default style',
 	'DEFAULT_STYLE_EXPLAIN'			=> 'The default style for new users.',
@@ -568,6 +568,8 @@ $lang = array_merge($lang, array(
 	'EMAIL_FORCE_SENDER_EXPLAIN'	=> 'This will set the <samp>Return-Path</samp> to the from email address instead of using the local user and hostname of the server. This setting does not apply when using SMTP.<br><em><strong>Warning:</strong> Requires the user that the webserver runs as to be added as trusted user to the sendmail configuration.</em>',
 	'EMAIL_PACKAGE_SIZE'			=> 'Email package size',
 	'EMAIL_PACKAGE_SIZE_EXPLAIN'	=> 'This is the number of maximum emails sent out in one package. This setting is applied to the internal message queue; set this value to 0 if you have problems with non-delivered notification emails.',
+	'EMAIL_MAX_CHUNK_SIZE'			=> 'Maximum allowed email recipients',
+	'EMAIL_MAX_CHUNK_SIZE_EXPLAIN'	=> 'If necessary, set this to not exceed the maximum number of recipients that your email server will allow in one email message.',
 	'EMAIL_SIG'						=> 'Email signature',
 	'EMAIL_SIG_EXPLAIN'				=> 'This text will be attached to all emails the board sends.',
 	'ENABLE_EMAIL'					=> 'Enable board-wide emails',
@@ -587,8 +589,8 @@ $lang = array_merge($lang, array(
 	'SMTP_POP_BEFORE_SMTP'			=> 'POP-BEFORE-SMTP',
 	'SMTP_PORT'						=> 'SMTP server port',
 	'SMTP_PORT_EXPLAIN'				=> 'Only change this if you know your SMTP server is on a different port.',
-	'SMTP_SERVER'					=> 'SMTP server address and protocol',
-	'SMTP_SERVER_EXPLAIN'			=> 'Note that you have to provide the protocol that your server uses. If you are using SSL, this has to be "ssl://your.mailserver.com"',
+	'SMTP_SERVER'					=> 'SMTP server address',
+	'SMTP_SERVER_EXPLAIN'			=> 'Do not provide a protocol (<samp>ssl://</samp> or <samp>tls://</samp>) unless your mail host tells you to do so.',
 	'SMTP_SETTINGS'					=> 'SMTP settings',
 	'SMTP_USERNAME'					=> 'SMTP username',
 	'SMTP_USERNAME_EXPLAIN'			=> 'Only enter a username if your SMTP server requires it.',
--- a/phpBB/language/en/acp/forums.php
+++ b/phpBB/language/en/acp/forums.php
@@ -97,6 +97,7 @@ $lang = array_merge($lang, array(
 	'FORUM_LINK_TRACK_EXPLAIN'			=> 'Records the number of times a forum link was clicked.',
 	'FORUM_NAME'						=> 'Forum name',
 	'FORUM_NAME_EMPTY'					=> 'You must enter a name for this forum.',
+	'FORUM_NAME_EMOJI'					=> 'The forum name you entered is invalid.<br>It contains the following unsupported characters:<br>%s',
 	'FORUM_PARENT'						=> 'Parent forum',
 	'FORUM_PASSWORD'					=> 'Forum password',
 	'FORUM_PASSWORD_CONFIRM'			=> 'Confirm forum password',
--- a/phpBB/language/en/acp/permissions_phpbb.php
+++ b/phpBB/language/en/acp/permissions_phpbb.php
@@ -79,10 +79,11 @@ $lang = array_merge($lang, array(
 	'ACL_U_SAVEDRAFTS'	=> 'Can save drafts',
 	'ACL_U_CHGCENSORS'	=> 'Can disable word censors',
 	'ACL_U_SIG'			=> 'Can use signature',
+	'ACL_U_EMOJI'		=> 'Can use emoji and rich text characters in topic title',

 	'ACL_U_SENDPM'		=> 'Can send private messages',
-	'ACL_U_MASSPM'		=> 'Can send messages to multiple users',
-	'ACL_U_MASSPM_GROUP'=> 'Can send messages to groups',
+	'ACL_U_MASSPM'		=> 'Can send private messages to multiple users',
+	'ACL_U_MASSPM_GROUP'=> 'Can send private messages to groups',
 	'ACL_U_READPM'		=> 'Can read private messages',
 	'ACL_U_PM_EDIT'		=> 'Can edit own private messages',
 	'ACL_U_PM_DELETE'	=> 'Can remove private messages from own folder',
--- a/phpBB/language/en/acp/posting.php
+++ b/phpBB/language/en/acp/posting.php
@@ -56,7 +56,6 @@ $lang = array_merge($lang, array(

 	'BBCODE_INVALID_TAG_NAME'	=> 'The BBCode tag name that you selected already exists.',
 	'BBCODE_INVALID'			=> 'Your BBCode is constructed in an invalid form.',
-	'BBCODE_OPEN_ENDED_TAG'		=> 'Your custom BBCode must contain both an opening and a closing tag.',
 	'BBCODE_TAG'				=> 'Tag',
 	'BBCODE_TAG_TOO_LONG'		=> 'The tag name you selected is too long.',
 	'BBCODE_TAG_DEF_TOO_LONG'	=> 'The tag definition that you have entered is too long, please shorten your tag definition.',
@@ -78,13 +77,13 @@ $lang = array_merge($lang, array(
 	'TOO_MANY_BBCODES'		=> 'You cannot create any more BBCodes. Please remove one or more BBCodes then try again.',

 	'tokens'	=>	array(
-		'TEXT'			=> 'Any text, including foreign characters, numbers, etc… You should not use this token in HTML tags. Instead try to use IDENTIFIER, INTTEXT or SIMPLETEXT.',
+		'TEXT'			=> 'Any text, including foreign characters, numbers, etc…',
 		'SIMPLETEXT'	=> 'Characters from the latin alphabet (A-Z), numbers, spaces, commas, dots, minus, plus, hyphen and underscore',
 		'INTTEXT'		=> 'Unicode letter characters, numbers, spaces, commas, dots, minus, plus, hyphen, underscore and whitespaces.',
 		'IDENTIFIER'	=> 'Characters from the latin alphabet (A-Z), numbers, hyphen and underscore',
 		'NUMBER'		=> 'Any series of digits',
 		'EMAIL'			=> 'A valid email address',
-		'URL'			=> 'A valid URL using any protocol (http, ftp, etc… cannot be used for javascript exploits). If none is given, “http://” is prefixed to the string.',
+		'URL'			=> 'A valid URL using any allowed protocol (http, ftp, etc… cannot be used for javascript exploits). If none is given, “http://” is prefixed to the string.',
 		'LOCAL_URL'		=> 'A local URL. The URL must be relative to the topic page and cannot contain a server name or protocol, as links are prefixed with “%s”',
 		'RELATIVE_URL'	=> 'A relative URL. You can use this to match parts of a URL, but be careful: a full URL is a valid relative URL. When you want to use relative URLs of your board, use the LOCAL_URL token.',
 		'COLOR'			=> 'A HTML colour, can be either in the numeric form <samp>#FF1234</samp> or a <a href="http://www.w3.org/TR/CSS21/syndata.html#value-def-color">CSS colour keyword</a> such as <samp>fuchsia</samp> or <samp>InactiveBorder</samp>',
--- a/phpBB/language/en/acp/profile.php
+++ b/phpBB/language/en/acp/profile.php
@@ -111,7 +111,7 @@ $lang = array_merge($lang, array(
 	'FIRST_OPTION'				=> 'First option',

 	'HIDE_PROFILE_FIELD'			=> 'Hide profile field',
-	'HIDE_PROFILE_FIELD_EXPLAIN'	=> 'Hide the profile field from all other users except the user, administrators and moderators who are still able to see this field. If the Display in user control panel option is disabled, the user will not be able to see or change this field and the field can only be changed by administrators.',
+	'HIDE_PROFILE_FIELD_EXPLAIN'	=> 'Hide the profile field from all users except administrators and moderators, who are still able to see this field. If the Display in user control panel option is disabled, the user will not be able to see or change this field and the field can only be changed by administrators.',

 	'INVALID_CHARS_FIELD_IDENT'	=> 'Field identification can only contain lowercase a-z and _',
 	'INVALID_FIELD_IDENT_LEN'	=> 'Field identification can only be 17 characters long',
--- a/phpBB/language/en/acp/styles.php
+++ b/phpBB/language/en/acp/styles.php
@@ -21,7 +21,7 @@ if (!defined('IN_PHPBB'))

 if (empty($lang) || !is_array($lang))
 {
-	$lang = array();
+	$lang = [];
 }

 // DEVELOPERS PLEASE NOTE
@@ -36,55 +36,56 @@ if (empty($lang) || !is_array($lang))
 // equally where a string contains only two placeholders which are used to wrap text
 // in a url you again do not need to specify an order e.g., 'Click %sHERE%s' is fine

-$lang = array_merge($lang, array(
-	'ACP_STYLES_EXPLAIN'	=> 'Here you can manage the available styles on your board. You may alter existing styles, delete, deactivate, reactivate, install new ones. You can also see what a style will look like using the preview function. Also listed is the total user count for each style, note that overriding user styles will not be reflected here.',
+$lang = array_merge($lang, [
+	'ACP_STYLES_EXPLAIN'						=> 'Here you can manage the styles available on your board.<br>Please note you cannot uninstall the “<strong>prosilver</strong>” style as it is phpBB’s default and primary parent style.',

-	'CANNOT_BE_INSTALLED'			=> 'Cannot be installed',
-	'CONFIRM_UNINSTALL_STYLES'		=> 'Are you sure you wish to uninstall selected styles?',
-	'COPYRIGHT'						=> 'Copyright',
+	'CANNOT_BE_INSTALLED'						=> 'Cannot be installed',
+	'CONFIRM_UNINSTALL_STYLES'					=> 'Are you sure you wish to uninstall selected styles?',
+	'COPYRIGHT'									=> 'Copyright',

-	'DEACTIVATE_DEFAULT'		=> 'You cannot deactivate the default style.',
-	'DELETE_FROM_FS'			=> 'Delete from filesystem',
-	'DELETE_STYLE_FILES_FAILED'	=> 'Error deleting files for style "%s".',
-	'DELETE_STYLE_FILES_SUCCESS'	=> 'Files for style "%s" have been deleted.',
-	'DETAILS'					=> 'Details',
+	'DEACTIVATE_DEFAULT'						=> 'You cannot deactivate the default style.',
+	'DELETE_FROM_FS'							=> 'Delete from filesystem',
+	'DELETE_STYLE_FILES_FAILED'					=> 'Error deleting files for style "%s".',
+	'DELETE_STYLE_FILES_SUCCESS'				=> 'Files for style "%s" have been deleted.',
+	'DETAILS'									=> 'Details',

-	'INHERITING_FROM'			=> 'Inherits from',
-	'INSTALL_STYLE'				=> 'Install style',
-	'INSTALL_STYLES'			=> 'Install styles',
-	'INSTALL_STYLES_EXPLAIN'	=> 'Here you can install new styles.<br />If you cannot find a specific style in list below, check to make sure style is already installed. If it is not installed, check if it was uploaded correctly.',
-	'INVALID_STYLE_ID'			=> 'Invalid style ID.',
+	'INHERITING_FROM'							=> 'Inherits from',
+	'INSTALL_STYLE'								=> 'Install style',
+	'INSTALL_STYLES'							=> 'Install styles',
+	'INSTALL_STYLES_EXPLAIN'					=> 'Here you can install new styles.<br>If you cannot find a specific style in list below, check to make sure style is already installed. If it is not installed, check if it was uploaded correctly.',
+	'INVALID_STYLE_ID'							=> 'Invalid style ID.',

-	'NO_MATCHING_STYLES_FOUND'	=> 'No styles match your query.',
-	'NO_UNINSTALLED_STYLE'		=> 'No uninstalled styles detected.',
+	'NO_MATCHING_STYLES_FOUND'					=> 'No styles match your query.',
+	'NO_UNINSTALLED_STYLE'						=> 'No uninstalled styles detected.',

-	'PURGED_CACHE'				=> 'Cache was purged.',
+	'PURGED_CACHE'								=> 'Cache was purged.',

-	'REQUIRES_STYLE'			=> 'This style requires the style "%s" to be installed.',
+	'REQUIRES_STYLE'							=> 'This style requires the style "%s" to be installed.',

-	'STYLE_ACTIVATE'			=> 'Activate',
-	'STYLE_ACTIVE'				=> 'Active',
-	'STYLE_DEACTIVATE'			=> 'Deactivate',
-	'STYLE_DEFAULT'				=> 'Make default style',
-	'STYLE_DEFAULT_CHANGE_INACTIVE'	=> 'You must activate style before making it default style.',
-	'STYLE_ERR_INVALID_PARENT'	=> 'Invalid parent style.',
-	'STYLE_ERR_NAME_EXIST'		=> 'A style with that name already exists.',
-	'STYLE_ERR_STYLE_NAME'		=> 'You must supply a name for this style.',
-	'STYLE_INSTALLED'			=> 'Style "%s" has been installed.',
+	'STYLE_ACTIVATE'							=> 'Activate',
+	'STYLE_ACTIVE'								=> 'Active',
+	'STYLE_DEACTIVATE'							=> 'Deactivate',
+	'STYLE_DEFAULT'								=> 'Make default style',
+	'STYLE_DEFAULT_CHANGE_INACTIVE'				=> 'You must activate style before making it default style.',
+	'STYLE_ERR_INVALID_PARENT'					=> 'Invalid parent style.',
+	'STYLE_ERR_NAME_EXIST'						=> 'A style with that name already exists.',
+	'STYLE_ERR_STYLE_NAME'						=> 'You must supply a name for this style.',
+	'STYLE_INSTALLED'							=> 'Style "%s" has been installed.',
 	'STYLE_INSTALLED_RETURN_INSTALLED_STYLES'	=> 'Return to installed styles list',
 	'STYLE_INSTALLED_RETURN_UNINSTALLED_STYLES'	=> 'Install more styles',
-	'STYLE_NAME'				=> 'Style name',
-	'STYLE_NAME_RESERVED'		=> 'Style "%s" can not be installed, because the name is reserved.',
-	'STYLE_NOT_INSTALLED'		=> 'Style "%s" was not installed.',
-	'STYLE_PATH'				=> 'Style path',
-	'STYLE_UNINSTALL'			=> 'Uninstall',
-	'STYLE_UNINSTALL_DEPENDENT'	=> 'Style "%s" cannot be uninstalled because it has one or more child styles.',
-	'STYLE_UNINSTALLED'			=> 'Style "%s" uninstalled successfully.',
-	'STYLE_PHPBB_VERSION'		=> 'phpBB Version',
-	'STYLE_USED_BY'				=> 'Used by (including robots)',
-	'STYLE_VERSION'				=> 'Style version',
+	'STYLE_NAME'								=> 'Style name',
+	'STYLE_NAME_RESERVED'						=> 'Style "%s" can not be installed, because the name is reserved.',
+	'STYLE_NOT_INSTALLED'						=> 'Style "%s" was not installed.',
+	'STYLE_PATH'								=> 'Style path',
+	'STYLE_UNINSTALL'							=> 'Uninstall',
+	'STYLE_UNINSTALL_DEPENDENT'					=> 'Style "%s" cannot be uninstalled because it has one or more child styles.',
+	'STYLE_UNINSTALLED'							=> 'Style "%s" uninstalled successfully.',
+	'STYLE_PHPBB_VERSION'						=> 'phpBB Version',
+	'STYLE_USED_BY'								=> 'Used by (including robots)',
+	'STYLE_VERSION'								=> 'Style version',

-	'UNINSTALL_DEFAULT'		=> 'You cannot uninstall the default style.',
+	'UNINSTALL_PROSILVER'						=> 'You cannot uninstall the style “prosilver”.',
+	'UNINSTALL_DEFAULT'							=> 'You cannot uninstall the default style.',

-	'BROWSE_STYLES_DATABASE'	=> 'Browse styles database',
-));
+	'BROWSE_STYLES_DATABASE'					=> 'Browse styles database',
+]);
--- a/phpBB/language/en/common.php
+++ b/phpBB/language/en/common.php
@@ -91,6 +91,7 @@ $lang = array_merge($lang, array(
 	'ATTACHED_IMAGE_NOT_IMAGE'		=> 'The image file you tried to attach is invalid.',
 	'AUTHOR'						=> 'Author',
 	'AUTH_NO_PROFILE_CREATED'		=> 'The creation of a user profile was unsuccessful.',
+	'AUTH_PROVIDER_OAUTH_ERROR_ALREADY_LINKED'				=> 'This external service is already associated with another board account.',
 	'AUTH_PROVIDER_OAUTH_ERROR_INVALID_ENTRY'				=> 'Invalid database entry.',
 	'AUTH_PROVIDER_OAUTH_ERROR_INVALID_SERVICE_TYPE'		=> 'Invalid service type provided to OAuth service handler.',
 	'AUTH_PROVIDER_OAUTH_ERROR_SERVICE_NOT_CREATED'			=> 'OAuth service not created',
@@ -518,7 +519,8 @@ $lang = array_merge($lang, array(
 	'NO_POSTS_TIME_FRAME'		=> 'No posts exist inside this topic for the selected time frame.',
 	'NO_FEED_ENABLED'			=> 'Feeds are not available on this board.',
 	'NO_FEED'					=> 'The requested feed is not available.',
-	'NO_STYLE_DATA'				=> 'Could not get style data',
+	'NO_STYLE_DATA'				=> 'Could not get style data for user_style %s and set for user_id %s',
+	'NO_STYLE_CFG'				=> 'Could not get the style configuration file for: %s',
 	'NO_SUBJECT'				=> 'No subject specified',								// Used for posts having no subject defined but displayed within management pages.
 	'NO_SUCH_SEARCH_MODULE'		=> 'The specified search backend doesn’t exist.',
 	'NO_SUPPORTED_AUTH_METHODS'	=> 'No supported authentication methods.',
--- a/phpBB/language/en/email/admin_activate.txt
+++ b/phpBB/language/en/email/admin_activate.txt
@@ -7,7 +7,7 @@ The account owned by "{USERNAME}" has been deactivated or newly created, you sho
 Use this link to view the user's profile:
 {U_USER_DETAILS}

-Use this link to activate the account:
+You may activate the account immediately by clicking on this link:
 {U_ACTIVATE}

 {EMAIL_SIG}
--- a/phpBB/language/en/posting.php
+++ b/phpBB/language/en/posting.php
@@ -43,6 +43,7 @@ $lang = array_merge($lang, array(
 	'ADD_POLL'					=> 'Poll creation',
 	'ADD_POLL_EXPLAIN'			=> 'If you do not want to add a poll to your topic leave the fields blank.',
 	'ALREADY_DELETED'			=> 'Sorry but this message is already deleted.',
+	'ATTACH_COMMENT_NO_EMOJIS'	=> 'The attachment comment contains forbidden characters (Emoji).',
 	'ATTACH_DISK_FULL'			=> 'There is not enough free disk space to post this attachment.',
 	'ATTACH_QUOTA_REACHED'		=> 'Sorry, the board attachment quota has been reached.',
 	'ATTACH_SIG'				=> 'Attach a signature (signatures can be altered via the UCP)',
--- a/phpBB/language/en/ucp.php
+++ b/phpBB/language/en/ucp.php
@@ -89,6 +89,7 @@ $lang = array_merge($lang, array(
 	'ATTACHMENTS_EXPLAIN'			=> 'This is a list of attachments you have made in posts to this board.',
 	'ATTACHMENTS_DELETED'			=> 'Attachments successfully deleted.',
 	'ATTACHMENT_DELETED'			=> 'Attachment successfully deleted.',
+	'ATTACHMENT_LOCKED'				=> 'This topic is locked, you cannot delete the attachment.',
 	'AUTOLOGIN_SESSION_KEYS_DELETED'=> 'The selected "Remember Me" login keys were successfully deleted.',
 	'AVATAR_CATEGORY'				=> 'Category',
 	'AVATAR_DRIVER_GRAVATAR_TITLE'	=> 'Gravatar',
@@ -115,7 +116,7 @@ $lang = array_merge($lang, array(
 	'BIRTHDAY'					=> 'Birthday',
 	'BIRTHDAY_EXPLAIN'			=> 'Setting a year will list your age when it is your birthday.',
 	'BOARD_DATE_FORMAT'			=> 'My date format',
-	'BOARD_DATE_FORMAT_EXPLAIN'	=> 'The syntax used is identical to the PHP <a href="http://www.php.net/date">date()</a> function.',
+	'BOARD_DATE_FORMAT_EXPLAIN'	=> 'The syntax used is identical to the PHP <a href="https://secure.php.net/manual/function.date.php">date()</a> function.',
 	'BOARD_LANGUAGE'			=> 'My language',
 	'BOARD_STYLE'				=> 'My board style',
 	'BOARD_TIMEZONE'			=> 'My timezone',
--- a/phpBB/memberlist.php
+++ b/phpBB/memberlist.php
@@ -1073,7 +1073,18 @@ switch ($mode)

 				if ($active_time !== false)
 				{
-					$sql_where .= " AND u.user_lastvisit " . $find_key_match[$active_select] . ' ' . $active_time;
+					if ($active_select === 'lt' && (int) $active[0] == 0 && (int) $active[1] == 0 && (int) $active[2] == 0)
+					{
+						$sql_where .= ' AND u.user_lastvisit = 0';
+					}
+					else if ($active_select === 'gt')
+					{
+						$sql_where .= ' AND u.user_lastvisit ' . $find_key_match[$active_select] . ' ' . $active_time;
+					}
+					else
+					{
+						$sql_where .= ' AND (u.user_lastvisit > 0 AND u.user_lastvisit < ' . $active_time . ')';
+					}
 				}
 			}

@@ -1223,18 +1234,18 @@ switch ($mode)
 			$avatar_img = phpbb_get_group_avatar($group_row);

 			// ... same for group rank
-			$user_rank_data = array(
+			$group_rank_data = array(
 				'title'		=> null,
 				'img'		=> null,
 				'img_src'	=> null,
 			);
 			if ($group_row['group_rank'])
 			{
-				$user_rank_data = phpbb_get_user_rank($group_row, false);
+				$group_rank_data = $group_helper->get_rank($group_row);

-				if ($user_rank_data['img'])
+				if ($group_rank_data['img'])
 				{
-					$user_rank_data['img'] .= '<br />';
+					$group_rank_data['img'] .= '<br />';
 				}
 			}
 			// include modules for manage groups link display or not
@@ -1261,11 +1272,11 @@ switch ($mode)
 				'GROUP_NAME'	=> $group_helper->get_name($group_row['group_name']),
 				'GROUP_COLOR'	=> $group_row['group_colour'],
 				'GROUP_TYPE'	=> $user->lang['GROUP_IS_' . $group_row['l_group_type']],
-				'GROUP_RANK'	=> $user_rank_data['title'],
+				'GROUP_RANK'	=> $group_rank_data['title'],

 				'AVATAR_IMG'	=> $avatar_img,
-				'RANK_IMG'		=> $user_rank_data['img'],
-				'RANK_IMG_SRC'	=> $user_rank_data['img_src'],
+				'RANK_IMG'		=> $group_rank_data['img'],
+				'RANK_IMG_SRC'	=> $group_rank_data['img_src'],

 				'U_PM'			=> ($auth->acl_get('u_sendpm') && $auth->acl_get('u_masspm_group') && $group_row['group_receive_pm'] && $config['allow_privmsg'] && $config['allow_mass_pm']) ? append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=pm&amp;mode=compose&amp;g=' . $group_id) : '',
 				'U_MANAGE'		=> ($can_manage_group) ? append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=ucp_groups&amp;mode=manage') : false,)
@@ -1664,7 +1675,7 @@ switch ($mode)
 			}

 			// do we need to display contact fields as such
-			$use_contact_fields = false;
+			$use_contact_fields = true;

 			/**
 			 * Modify list of users before member row is created
--- a/phpBB/phpbb/auth/provider/oauth/oauth.php
+++ b/phpBB/phpbb/auth/provider/oauth/oauth.php
@@ -216,10 +216,15 @@ class oauth extends \phpbb\auth\provider\base
 			$this->service_providers[$service_name]->set_external_service_provider($service);
 			$unique_id = $this->service_providers[$service_name]->perform_auth_login();

-			// Check to see if this provider is already assosciated with an account
+			/**
+			 * Check to see if this provider is already associated with an account.
+			 *
+			 * Enforcing a data type to make data contains strings and not integers,
+			 * so values are quoted in the SQL WHERE statement.
+			 */
 			$data = array(
-				'provider'	=> $service_name_original,
-				'oauth_provider_id'	=> $unique_id
+				'provider'			=> (string) $service_name_original,
+				'oauth_provider_id'	=> (string) $unique_id
 			);

 			$sql = 'SELECT user_id FROM ' . $this->auth_provider_oauth_token_account_assoc . '
@@ -264,7 +269,7 @@ class oauth extends \phpbb\auth\provider\base
 			}

 			// Retrieve the user's account
-			$sql = 'SELECT user_id, username, user_password, user_passchg, user_email, user_type, user_login_attempts
+			$sql = 'SELECT user_id, username, user_password, user_passchg, user_email, user_ip, user_type, user_login_attempts
 				FROM ' . $this->users_table . '
 					WHERE user_id = ' . (int) $row['user_id'];
 			$result = $this->db->sql_query($sql);
@@ -423,7 +428,7 @@ class oauth extends \phpbb\auth\provider\base
 			if ($credentials['key'] && $credentials['secret'])
 			{
 				$actual_name = str_replace('auth.provider.oauth.service.', '', $service_name);
-				$redirect_url = build_url(false) . '&login=external&oauth_service=' . $actual_name;
+				$redirect_url = generate_board_url() . '/ucp.' . $this->php_ext . '?mode=login&login=external&oauth_service=' . $actual_name;
 				$login_data['BLOCK_VARS'][$service_name] = array(
 					'REDIRECT_URL'	=> redirect($redirect_url, true),
 					'SERVICE_NAME'	=> $this->user->lang['AUTH_PROVIDER_OAUTH_SERVICE_' . strtoupper($actual_name)],
@@ -634,6 +639,21 @@ class oauth extends \phpbb\auth\provider\base
 	*/
 	protected function link_account_perform_link(array $data)
 	{
+		// Check if the external account is already associated with other user
+		$sql = 'SELECT user_id
+			FROM ' . $this->auth_provider_oauth_token_account_assoc . "
+			WHERE provider = '" . $this->db->sql_escape($data['provider']) . "'
+				AND oauth_provider_id = '" . $this->db->sql_escape($data['oauth_provider_id']) . "'";
+		$result = $this->db->sql_query($sql);
+		$row = $this->db->sql_fetchrow($result);
+		$this->db->sql_freeresult($result);
+
+		if ($row)
+		{
+			trigger_error('AUTH_PROVIDER_OAUTH_ERROR_ALREADY_LINKED');
+		}
+
+		// Link account
 		$sql = 'INSERT INTO ' . $this->auth_provider_oauth_token_account_assoc . '
 			' . $this->db->sql_build_array('INSERT', $data);
 		$this->db->sql_query($sql);
--- a/phpBB/phpbb/auth/provider/provider_interface.php
+++ b/phpBB/phpbb/auth/provider/provider_interface.php
@@ -71,9 +71,10 @@ interface provider_interface
 	 * options with whatever configuraton values are passed to it as an array.
 	 * It then returns the name of the acp file related to this authentication
 	 * provider.
-	 * @param	array	$new_config Contains the new configuration values that
-	 *								have been set in acp_board.
-	 * @return	array|null		Returns null if not implemented or an array with
+	 *
+	 * @param \phpbb\config\config	$new_config	Contains the new configuration values
+	 * 											that have been set in acp_board.
+	 * @return array|null		Returns null if not implemented or an array with
 	 *							the template file name and an array of the vars
 	 *							that the template needs that must conform to the
 	 *							following example:
--- a/phpBB/phpbb/avatar/driver/remote.php
+++ b/phpBB/phpbb/avatar/driver/remote.php
@@ -49,6 +49,8 @@ class remote extends \phpbb\avatar\driver\driver
 	*/
 	public function process_form($request, $template, $user, $row, &$error)
 	{
+		global $phpbb_dispatcher;
+
 		$url = $request->variable('avatar_remote_url', '');
 		$width = $request->variable('avatar_remote_width', 0);
 		$height = $request->variable('avatar_remote_height', 0);
@@ -84,6 +86,24 @@ class remote extends \phpbb\avatar\driver\driver
 			return false;
 		}

+		/**
+		 * Event to make custom validation of avatar upload
+		 *
+		 * @event core.ucp_profile_avatar_upload_validation
+		 * @var	string	url		Image url
+		 * @var	string	width	Image width
+		 * @var	string	height	Image height
+		 * @var	array	error	Error message array
+		 * @since 3.2.9-RC1
+		 */
+		$vars = array('url', 'width', 'height', 'error');
+		extract($phpbb_dispatcher->trigger_event('core.ucp_profile_avatar_upload_validation', compact($vars)));
+
+		if (!empty($error))
+		{
+			return false;
+		}
+
 		// Check if this url looks alright
 		// Do not allow specifying the port (see RFC 3986) or IP addresses
 		if (!preg_match('#^(http|https|ftp)://(?:(.*?\.)*?[a-z0-9\-]+?\.[a-z]{2,4}|(?:\d{1,3}\.){3,5}\d{1,3}):?([0-9]*?).*?\.('. implode('|', $this->allowed_extensions) . ')$#i', $url) ||
--- a/phpBB/phpbb/captcha/plugins/qa.php
+++ b/phpBB/phpbb/captcha/plugins/qa.php
@@ -21,7 +21,7 @@ class qa
 {
 	var $confirm_id;
 	var $answer;
-	var $question_ids;
+	var $question_ids = [];
 	var $question_text;
 	var $question_lang;
 	var $question_strict;
--- a/phpBB/phpbb/db/driver/mysqli.php
+++ b/phpBB/phpbb/db/driver/mysqli.php
@@ -68,6 +68,9 @@ class mysqli extends \phpbb\db\driver\mysql_base

 		if ($this->db_connect_id && $this->dbname != '')
 		{
+			// Disable loading local files on client side
+			@mysqli_options($this->db_connect_id, MYSQLI_OPT_LOCAL_INFILE, false);
+
 			@mysqli_query($this->db_connect_id, "SET NAMES 'utf8'");

 			// enforce strict mode on databases that support it
--- a/phpBB/phpbb/db/migration/data/v32x/timezone_p3.php
+++ b/phpBB/phpbb/db/migration/data/v32x/timezone_p3.php
@@ -0,0 +1,29 @@
+<?php
+/**
+*
+* This file is part of the phpBB Forum Software package.
+*
+* @copyright (c) phpBB Limited <https://www.phpbb.com>
+* @license GNU General Public License, version 2 (GPL-2.0)
+*
+* For full copyright and license information, please see
+* the docs/CREDITS.txt file.
+*
+*/
+
+namespace phpbb\db\migration\data\v32x;
+
+class timezone_p3 extends \phpbb\db\migration\migration
+{
+	static public function depends_on()
+	{
+		return array('\phpbb\db\migration\data\v310\timezone');
+	}
+
+	public function update_data()
+	{
+		return array(
+			array('config.remove', array('board_dst')),
+		);
+	}
+}
--- a/phpBB/phpbb/db/migration/data/v32x/user_emoji_permission.php
+++ b/phpBB/phpbb/db/migration/data/v32x/user_emoji_permission.php
@@ -0,0 +1,44 @@
+<?php
+/**
+*
+* This file is part of the phpBB Forum Software package.
+*
+* @copyright (c) phpBB Limited <https://www.phpbb.com>
+* @license GNU General Public License, version 2 (GPL-2.0)
+*
+* For full copyright and license information, please see
+* the docs/CREDITS.txt file.
+*
+*/
+
+namespace phpbb\db\migration\data\v32x;
+
+class user_emoji_permission extends \phpbb\db\migration\migration
+{
+	public function effectively_installed()
+	{
+		$sql = 'SELECT auth_option_id
+			FROM ' . ACL_OPTIONS_TABLE . "
+			WHERE auth_option = 'u_emoji'";
+		$result = $this->db->sql_query($sql);
+		$auth_option_id = $this->db->sql_fetchfield('auth_option_id');
+		$this->db->sql_freeresult($result);
+
+		return $auth_option_id !== false;
+	}
+
+	static public function depends_on()
+	{
+		return [
+			'\phpbb\db\migration\data\v32x\v329rc1',
+		];
+	}
+
+	public function update_data()
+	{
+		return [
+			['permission.add', ['u_emoji']],
+			['permission.permission_set', ['REGISTERED', 'u_emoji', 'group']],
+		];
+	}
+}
--- a/phpBB/phpbb/db/migration/data/v32x/v327.php
+++ b/phpBB/phpbb/db/migration/data/v32x/v327.php
@@ -0,0 +1,37 @@
+<?php
+/**
+*
+* This file is part of the phpBB Forum Software package.
+*
+* @copyright (c) phpBB Limited <https://www.phpbb.com>
+* @license GNU General Public License, version 2 (GPL-2.0)
+*
+* For full copyright and license information, please see
+* the docs/CREDITS.txt file.
+*
+*/
+
+namespace phpbb\db\migration\data\v32x;
+
+class v327 extends \phpbb\db\migration\migration
+{
+	public function effectively_installed()
+	{
+		return phpbb_version_compare($this->config['version'], '3.2.7', '>=');
+	}
+
+	static public function depends_on()
+	{
+		return array(
+			'\phpbb\db\migration\data\v32x\v327rc1',
+		);
+
+	}
+
+	public function update_data()
+	{
+		return array(
+			array('config.update', array('version', '3.2.7')),
+		);
+	}
+}
--- a/phpBB/phpbb/db/migration/data/v32x/v327rc1.php
+++ b/phpBB/phpbb/db/migration/data/v32x/v327rc1.php
@@ -0,0 +1,36 @@
+<?php
+/**
+*
+* This file is part of the phpBB Forum Software package.
+*
+* @copyright (c) phpBB Limited <https://www.phpbb.com>
+* @license GNU General Public License, version 2 (GPL-2.0)
+*
+* For full copyright and license information, please see
+* the docs/CREDITS.txt file.
+*
+*/
+
+namespace phpbb\db\migration\data\v32x;
+
+class v327rc1 extends \phpbb\db\migration\migration
+{
+	public function effectively_installed()
+	{
+		return phpbb_version_compare($this->config['version'], '3.2.7-RC1', '>=');
+	}
+
+	static public function depends_on()
+	{
+		return array(
+			'\phpbb\db\migration\data\v32x\v326',
+		);
+	}
+
+	public function update_data()
+	{
+		return array(
+			array('config.update', array('version', '3.2.7-RC1')),
+		);
+	}
+}
--- a/phpBB/phpbb/db/migration/data/v32x/v328.php
+++ b/phpBB/phpbb/db/migration/data/v32x/v328.php
@@ -0,0 +1,36 @@
+<?php
+/**
+*
+* This file is part of the phpBB Forum Software package.
+*
+* @copyright (c) phpBB Limited <https://www.phpbb.com>
+* @license GNU General Public License, version 2 (GPL-2.0)
+*
+* For full copyright and license information, please see
+* the docs/CREDITS.txt file.
+*
+*/
+
+namespace phpbb\db\migration\data\v32x;
+
+class v328 extends \phpbb\db\migration\migration
+{
+	public function effectively_installed()
+	{
+		return phpbb_version_compare($this->config['version'], '3.2.8', '>=');
+	}
+
+	static public function depends_on()
+	{
+		return array(
+			'\phpbb\db\migration\data\v32x\v328rc1',
+		);
+	}
+
+	public function update_data()
+	{
+		return array(
+			array('config.update', array('version', '3.2.8')),
+		);
+	}
+}
--- a/phpBB/phpbb/db/migration/data/v32x/v328rc1.php
+++ b/phpBB/phpbb/db/migration/data/v32x/v328rc1.php
@@ -0,0 +1,37 @@
+<?php
+/**
+*
+* This file is part of the phpBB Forum Software package.
+*
+* @copyright (c) phpBB Limited <https://www.phpbb.com>
+* @license GNU General Public License, version 2 (GPL-2.0)
+*
+* For full copyright and license information, please see
+* the docs/CREDITS.txt file.
+*
+*/
+
+namespace phpbb\db\migration\data\v32x;
+
+class v328rc1 extends \phpbb\db\migration\migration
+{
+	public function effectively_installed()
+	{
+		return phpbb_version_compare($this->config['version'], '3.2.8-RC1', '>=');
+	}
+
+	static public function depends_on()
+	{
+		return array(
+			'\phpbb\db\migration\data\v32x\timezone_p3',
+			'\phpbb\db\migration\data\v32x\v327',
+		);
+	}
+
+	public function update_data()
+	{
+		return array(
+			array('config.update', array('version', '3.2.8-RC1')),
+		);
+	}
+}
--- a/phpBB/phpbb/db/migration/data/v32x/v329.php
+++ b/phpBB/phpbb/db/migration/data/v32x/v329.php
@@ -0,0 +1,37 @@
+<?php
+/**
+*
+* This file is part of the phpBB Forum Software package.
+*
+* @copyright (c) phpBB Limited <https://www.phpbb.com>
+* @license GNU General Public License, version 2 (GPL-2.0)
+*
+* For full copyright and license information, please see
+* the docs/CREDITS.txt file.
+*
+*/
+
+namespace phpbb\db\migration\data\v32x;
+
+class v329 extends \phpbb\db\migration\migration
+{
+	public function effectively_installed()
+	{
+		return phpbb_version_compare($this->config['version'], '3.2.9', '>=');
+	}
+
+	static public function depends_on()
+	{
+		return array(
+			'\phpbb\db\migration\data\v32x\v329rc1',
+			'\phpbb\db\migration\data\v32x\user_emoji_permission',
+		);
+	}
+
+	public function update_data()
+	{
+		return array(
+			array('config.update', array('version', '3.2.9')),
+		);
+	}
+}
--- a/Show More
+++ b/Show More