[prep-release-3.2.10] Update Changelog for 3.2.10

[ticket/security-259] Stop checking image size of images in img BBCode

.appveyor.yml

@@ -6,6 +6,8 @@ services:
   - iis
 
 environment:
+  COMPOSER_AUTH:
+    secure: '{"github-oauth": {"github.com": "zvq38wk7sRe87Y9W2OCYXcK7WKQDsig7GRIUDHGmxm6ZQRK8JswPbi8JoJQbFhM+"}}'
   matrix:
   - db: mssql
     db_version: sql2012sp1

.gitignore

@@ -17,6 +17,7 @@
 /phpBB/styles/*
 !/phpBB/styles/prosilver
 !/phpBB/styles/all
+node_modules
 /phpBB/vendor
 /tests/phpbb_unit_tests.sqlite*
 /tests/test_config*.php
@@ -24,3 +25,4 @@
 /tests/vendor
 /vagrant/phpbb-install-config.yml
 .vagrant
+.idea

README.md

@@ -31,9 +31,11 @@ Read our [Vagrant documentation](phpBB/docs/vagrant.md) to find out how to use V
 
 We have unit and functional tests in order to prevent regressions. You can view the bamboo continuous integration [here](https://bamboo.phpbb.com) or check our travis builds below:
 
-* [![Build Status](https://travis-ci.org/phpbb/phpbb.svg?branch=master)](http://travis-ci.org/phpbb/phpbb)[![Build status](https://ci.appveyor.com/api/projects/status/8g98ybngd2f3axy1/branch/master?svg=true)](https://ci.appveyor.com/project/phpBB/phpbb/branch/master) **master** - Latest development version
-* [![Build Status](https://travis-ci.org/phpbb/phpbb.svg?branch=3.2.x)](http://travis-ci.org/phpbb/phpbb)[![Build status](https://ci.appveyor.com/api/projects/status/8g98ybngd2f3axy1/branch/3.2.x?svg=true)](https://ci.appveyor.com/project/phpBB/phpbb/branch/3.2.x) **3.2.x** - Development of version 3.2.x
-* [![Build Status](https://travis-ci.org/phpbb/phpbb.svg?branch=3.1.x)](http://travis-ci.org/phpbb/phpbb) **3.1.x** - Development of version 3.1.x
+Travis CI  | AppVeyor | Branch  | Description
+---------- | -------- | ------- | -----------
+[![Build Status](https://travis-ci.org/phpbb/phpbb.svg?branch=master)](http://travis-ci.org/phpbb/phpbb) | [![Build status](https://ci.appveyor.com/api/projects/status/8g98ybngd2f3axy1/branch/master?svg=true)](https://ci.appveyor.com/project/phpBB/phpbb/branch/master) | **master** | Latest development version
+[![Build Status](https://travis-ci.org/phpbb/phpbb.svg?branch=3.3.x)](http://travis-ci.org/phpbb/phpbb) | [![Build status](https://ci.appveyor.com/api/projects/status/8g98ybngd2f3axy1/branch/3.3.x?svg=true)](https://ci.appveyor.com/project/phpBB/phpbb/branch/3.3.x) | **3.3.x** | Development of version 3.3.x
+[![Build Status](https://travis-ci.org/phpbb/phpbb.svg?branch=3.2.x)](http://travis-ci.org/phpbb/phpbb) | [![Build status](https://ci.appveyor.com/api/projects/status/8g98ybngd2f3axy1/branch/3.2.x?svg=true)](https://ci.appveyor.com/project/phpBB/phpbb/branch/3.2.x) | **3.2.x** | Development of version 3.2.x
 
 ## LICENSE
 

build/build.xml

@@ -2,9 +2,9 @@
 
 <project name="phpBB" description="The phpBB forum software" default="all" basedir="../">
 	<!-- a few settings for the build -->
-	<property name="newversion" value="3.2.8-RC1" />
-	<property name="prevversion" value="3.2.7" />
-	<property name="olderversions" value="3.1.0, 3.1.1, 3.1.2, 3.1.3, 3.1.4, 3.1.5, 3.1.6, 3.1.7, 3.1.7-pl1, 3.1.8, 3.1.9, 3.1.10, 3.1.11, 3.1.12, 3.2.0-a1, 3.2.0-a2, 3.2.0-b1, 3.2.0-b2, 3.2.0-RC1, 3.2.0-RC2, 3.2.0, 3.2.1, 3.2.2, 3.2.3, 3.2.4, 3.2.5, 3.2.6" />
+	<property name="newversion" value="3.2.10" />
+	<property name="prevversion" value="3.2.9" />
+	<property name="olderversions" value="3.1.0, 3.1.1, 3.1.2, 3.1.3, 3.1.4, 3.1.5, 3.1.6, 3.1.7, 3.1.7-pl1, 3.1.8, 3.1.9, 3.1.10, 3.1.11, 3.1.12, 3.2.0-a1, 3.2.0-a2, 3.2.0-b1, 3.2.0-b2, 3.2.0-RC1, 3.2.0-RC2, 3.2.0, 3.2.1, 3.2.2, 3.2.3, 3.2.4, 3.2.5, 3.2.6, 3.2.7, 3.2.8, 3.2.10-RC1, 3.2.10-RC2" />
 	<!-- no configuration should be needed beyond this point -->
 
 	<property name="oldversions" value="${olderversions}, ${prevversion}" />

build/generate_package_json.php

@@ -0,0 +1,127 @@
+#!/usr/bin/env php
+<?php
+/**
+ *
+ * This file is part of the phpBB Forum Software package.
+ *
+ * @copyright (c) phpBB Limited <https://www.phpbb.com>
+ * @license GNU General Public License, version 2 (GPL-2.0)
+ *
+ * For full copyright and license information, please see
+ * the docs/CREDITS.txt file.
+ *
+ */
+
+if (version_compare(PHP_VERSION, '7.0-dev', '<'))
+{
+	die('generate_package_json.php requires at least PHP 7.0.');
+}
+
+define('IN_PHPBB', true);
+include_once('../phpBB/includes/functions.php');
+
+$json_data = new \stdClass();
+$json_data->metadata = new stdClass();
+
+$json_data->metadata->current_version_date = '';
+$json_data->metadata->current_version = '';
+$json_data->metadata->download_path = '';
+$json_data->metadata->show_update_package = true;
+$json_data->metadata->historic = false;
+
+$json_data->package = [];
+
+// Open build.xml
+$build_xml = simplexml_load_file('build.xml');
+$current_version = (string) $build_xml->xpath('/project/property[@name=\'newversion\']/@value')[0]->value;
+$previous_version = (string) $build_xml->xpath('/project/property[@name=\'prevversion\']/@value')[0]->value;
+$older_verions = explode(', ', (string) $build_xml->xpath('/project/property[@name=\'olderversions\']/@value')[0]->value);
+
+// Clean and sort version info
+$older_verions[] = $previous_version;
+$older_verions = array_filter($older_verions, function($version) {
+	preg_match(get_preg_expression('semantic_version'), $version, $matches);
+	return empty($matches['prerelease']) || strpos($matches['prerelease'], 'pl') !== false;
+});
+usort($older_verions, function($version_a, $version_b)
+{
+	return phpbb_version_compare($version_b, $version_a);
+});
+
+// Set metadata
+$json_data->metadata->current_version = $current_version;
+$json_data->metadata->current_version_date = date('Y-m-d');
+$json_data->metadata->download_path = 'https://download.phpbb.com/pub/release/' . preg_replace('#([0-9]+\.[0-9]+)(\..+)#', '$1', $current_version) . '/' . $current_version . '/';
+
+// Add package, patch files, and changed files
+phpbb_add_package_file(
+	$json_data->package,
+	'phpBB ' . $current_version,
+	'phpBB-' . $current_version,
+	'full',
+	''
+);
+phpbb_add_package_file(
+	$json_data->package,
+	'phpBB ' . $current_version . ' Patch Files',
+	'phpBB-' . $current_version . '-patch',
+	'update',
+	'patch'
+);
+phpbb_add_package_file(
+	$json_data->package,
+	'phpBB ' . $current_version . ' Changed Files',
+	'phpBB-' . $current_version . '-files',
+	'update',
+	'files'
+);
+
+// Loop through packages and assign to packages array
+foreach ($older_verions as $version)
+{
+	phpbb_add_package_file(
+		$json_data->package,
+		'phpBB ' . $version . ' to ' . $current_version . ' Update Package',
+		'phpBB-' . $version . '_to_' . $current_version,
+		'update',
+		'update',
+		$version
+	);
+}
+
+echo(json_encode($json_data, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES) . "\n");
+
+function phpbb_add_package_file(array &$package_list, $name, $file_name, $type, $subtype, $from = '')
+{
+	if (!file_exists(__DIR__ . '/new_version/release_files/' . $file_name . '.zip'))
+	{
+		trigger_error('File does not exist: ' . __DIR__ . '/new_version/release_files/' . $file_name . '.zip');
+		return;
+	}
+
+	$package_file = new stdClass();
+	$package_file->name = $name;
+	$package_file->filename = $file_name;
+	$package_file->type = $type;
+	if (!empty($subtype))
+	{
+		$package_file->subtype = $subtype;
+	}
+	if (!empty($from))
+	{
+		$package_file->from = $from;
+	}
+	$package_file->files = [];
+
+	foreach (['zip', 'tar.bz2'] as $extension)
+	{
+		$file_path = 'new_version/release_files/' . $file_name  . '.' . $extension;
+		$filedata = new stdClass();
+		$filedata->filesize = filesize($file_path);
+		$filedata->checksum = trim(preg_replace('/(^\w+)(.+)/', '$1', file_get_contents($file_path . '.sha256')));
+		$filedata->filetype = $extension;
+		$package_file->files[] = $filedata;
+	}
+
+	$package_list[] = $package_file;
+}

build/sami-all.conf.php

@@ -26,6 +26,7 @@ $config['versions'] = Sami\Version\GitVersionCollection::create(__DIR__ . '/../'
 	->add('3.0.x')
 	->add('3.1.x')
 	->add('3.2.x')
+	->add('3.3.x')
 	->add('master')
 ;
 

phpBB/adm/style/acp_attachments.html

@@ -50,16 +50,21 @@
 			<dl>
 				<dt><label for="{options.KEY}">{options.TITLE}{L_COLON}</label><!-- IF options.S_EXPLAIN --><br /><span>{options.TITLE_EXPLAIN}</span><!-- ENDIF --></dt>
 				<dd>{options.CONTENT}</dd>
+				{% if (options.KEY == 'allow_attachments' and S_EMPTY_POST_GROUPS) or (options.KEY == 'allow_pm_attach' and S_EMPTY_PM_GROUPS) %}
+					<dd><span class="error">{{ lang(options.KEY == 'allow_attachments' ? 'NO_EXT_GROUP_ALLOWED_POST' : 'NO_EXT_GROUP_ALLOWED_PM', U_EXTENSION_GROUPS) }}</span></dd>
+				{% endif %}
 			</dl>
 
 		<!-- ENDIF -->
 	<!-- END options -->
 	</fieldset>
 
-	<fieldset class="submit-buttons">
-		<legend>{L_SUBMIT}</legend>
-		<input class="button1" type="submit" id="submit" name="submit" value="{L_SUBMIT}" />&nbsp;
-		<input class="button2" type="reset" id="reset" name="reset" value="{L_RESET}" />
+	<fieldset>
+		<legend>{{ lang('ACP_SUBMIT_CHANGES') }}</legend>
+		<p class="submit-buttons">
+			<input class="button1" type="submit" id="submit" name="submit" value="{L_SUBMIT}" />&nbsp;
+			<input class="button2" type="reset" id="reset" name="reset" value="{L_RESET}" />
+		</p>
 	</fieldset>
 
 	<!-- IF not S_SECURE_DOWNLOADS -->
@@ -110,7 +115,7 @@
 <!-- ELSEIF S_EXTENSION_GROUPS -->
 
 	<!-- IF S_EDIT_GROUP -->
-		<script type="text/javascript" defer="defer">
+		<script>
 		// <![CDATA[
 			function update_image(newimage)
 			{
@@ -204,10 +209,13 @@
 			<dd><select name="allowed_forums[]" multiple="multiple" size="8">{S_FORUM_ID_OPTIONS}</select></dd>
 		</dl>
 
-		<p class="submit-buttons">
-			<input class="button1" type="submit" id="submit" name="submit" value="{L_SUBMIT}" />&nbsp;
-			<input class="button2" type="reset" id="reset" name="reset" value="{L_RESET}" />
-		</p>
+		</fieldset>
+		<fieldset>
+			<legend>{L_ACP_SUBMIT_CHANGES}</legend>
+				<p class="submit-buttons">
+					<input class="button1" type="submit" id="submit" name="submit" value="{L_SUBMIT}" />&nbsp;
+					<input class="button2" type="reset" id="reset" name="reset" value="{L_RESET}" />
+				</p>
 		{S_FORM_TOKEN}
 		</fieldset>
 
@@ -308,10 +316,14 @@
 	</tbody>
 	</table>
 
-	<p class="submit-buttons">
-		<input class="button1" type="submit" id="submit" name="submit" value="{L_SUBMIT}" />&nbsp;
-		<input class="button2" type="reset" id="reset" name="reset" value="{L_RESET}" />
-	</p>
+	</fieldset>
+	<fieldset>
+		<legend>{L_ACP_SUBMIT_CHANGES}</legend>
+		<p class="submit-buttons">
+			<input class="button1" type="submit" id="submit" name="submit" value="{L_SUBMIT}" />&nbsp;
+			<input class="button2" type="reset" id="reset" name="reset" value="{L_RESET}" />
+		</p>
+
 	{S_FORM_TOKEN}
 	</fieldset>
 	</form>
@@ -382,10 +394,13 @@
 	<!-- ENDIF -->
 
 	<!-- IF .orphan -->
-		<p class="submit-buttons">
-			<input class="button1" type="submit" id="submit" name="submit" value="{L_SUBMIT}" />&nbsp;
-			<input class="button2" type="reset" id="reset" name="reset" value="{L_RESET}" />
-		</p>
+	</fieldset>
+	<fieldset>
+		<legend>{L_ACP_SUBMIT_CHANGES}</legend>
+			<p class="submit-buttons">
+				<input class="button1" type="submit" id="submit" name="submit" value="{L_SUBMIT}" />&nbsp;
+				<input class="button2" type="reset" id="reset" name="reset" value="{L_RESET}" />
+			</p>
 	<!-- ENDIF -->
 
 	{S_FORM_TOKEN}

phpBB/adm/style/acp_ban.html

@@ -8,7 +8,7 @@
 
 <p>{L_EXPLAIN}</p>
 
-<script type="text/javascript">
+<script>
 // <![CDATA[
 
 	var ban_length = new Array();
@@ -73,12 +73,14 @@
 	<dt><label for="bangivereason">{L_BAN_GIVE_REASON}{L_COLON}</label></dt>
 	<dd><input name="bangivereason" type="text" class="text medium" maxlength="255" id="bangivereason" /></dd>
 </dl>
-
-<p class="submit-buttons">
-	<input class="button1" type="submit" id="bansubmit" name="bansubmit" value="{L_SUBMIT}" />&nbsp;
-	<input class="button2" type="reset" id="banreset" name="banreset" value="{L_RESET}" />
-</p>
-{S_FORM_TOKEN}
+</fieldset>
+<fieldset>
+	<legend>{L_ACP_SUBMIT_CHANGES}</legend>
+	<p class="submit-buttons">
+		<input class="button1" type="submit" id="bansubmit" name="bansubmit" value="{L_SUBMIT}" />&nbsp;
+		<input class="button2" type="reset" id="banreset" name="banreset" value="{L_RESET}" />
+	</p>
+	{S_FORM_TOKEN}
 </fieldset>
 </form>
 

phpBB/adm/style/acp_contact.html

@@ -1,6 +1,6 @@
 <!-- INCLUDE overall_header.html -->
 
-<script type="text/javascript">
+<script>
 // <![CDATA[
 
 	var form_name = 'acp_contact';
@@ -66,9 +66,12 @@
 		</dl>
 	</fieldset>
 
-	<fieldset class="submit-buttons">
-		<input class="button1" type="submit" id="submit" name="submit" value="{L_SUBMIT}" />&nbsp;
-		<input class="button2" type="submit" name="preview" value="{L_PREVIEW}" />
+	<fieldset>
+		<legend>{L_ACP_SUBMIT_CHANGES}</legend>
+		<p class="submit-buttons">
+			<input class="button1" type="submit" id="submit" name="submit" value="{L_SUBMIT}" />&nbsp;
+			<input class="button2" type="reset" id="reset" name="reset" value="{L_RESET}" />
+		</p>
 		{S_FORM_TOKEN}
 	</fieldset>
 </form>

phpBB/adm/style/acp_database.html

@@ -35,7 +35,7 @@
 
 	<p>{L_ACP_BACKUP_EXPLAIN}</p>
 
-	<script type="text/javascript">
+	<script>
 	// <![CDATA[
 
 		function selector(bool)
@@ -67,12 +67,6 @@
 		<label><input name="method"<!-- IF methods.S_FIRST_ROW --> id="method" checked="checked"<!-- ENDIF --> type="radio" class="radio" value="{methods.TYPE}" /> {methods.TYPE}</label>
 		<!-- END methods --></dd>
 	</dl>
-	<dl>
-		<dt><label for="where">{L_ACTION}{L_COLON}</label></dt>
-		<dd>
-			<label><input id="where" type="radio" class="radio" name="where" value="store" checked="checked" /> {L_STORE_LOCAL}</label>
-		</dd>
-	</dl>
 	<dl>
 		<dt><label for="table">{L_TABLE_SELECT}{L_COLON}</label></dt>
 		<dd><select id="table" name="table[]" size="10" multiple="multiple">
@@ -82,12 +76,15 @@
 		</select></dd>
 		<dd><a href="#" onclick="selector(true); return false;">{L_SELECT_ALL}</a> :: <a href="#" onclick="selector(false); return false;">{L_DESELECT_ALL}</a></dd>
 	</dl>
+	</fieldset>
 
-	<p class="submit-buttons">
-		<input class="button1" type="submit" id="submit" name="submit" value="{L_SUBMIT}" />&nbsp;
-		<input class="button2" type="reset" id="reset" name="reset" value="{L_RESET}" />
-	</p>
-	{S_FORM_TOKEN}
+	<fieldset>
+		<legend>{L_ACP_SUBMIT_CHANGES}</legend>
+		<p class="submit-buttons">
+			<input class="button1" type="submit" id="submit" name="submit" value="{L_SUBMIT}" />&nbsp;
+			<input class="button2" type="reset" id="reset" name="reset" value="{L_RESET}" />
+		</p>
+		{S_FORM_TOKEN}
 	</fieldset>
 	</form>
 

phpBB/adm/style/acp_forums.html

@@ -4,7 +4,7 @@
 
 <!-- IF S_EDIT_FORUM -->
 
-	<script type="text/javascript">
+	<script>
 	// <![CDATA[
 		/**
 		* Handle displaying/hiding several options based on the forum type
@@ -405,7 +405,7 @@
 
 <!-- ELSEIF S_CONTINUE_SYNC -->
 
-	<script type="text/javascript">
+	<script>
 	// <![CDATA[
 		var close_waitscreen = 0;
 		// no scrollbars...
@@ -421,7 +421,7 @@
 
 <!-- ELSE -->
 
-	<script type="text/javascript">
+	<script>
 	// <![CDATA[
 		/**
 		* Popup search progress bar
@@ -447,7 +447,7 @@
 	<!-- ENDIF -->
 
 	<!-- IF S_RESYNCED -->
-		<script type="text/javascript">
+		<script>
 		// <![CDATA[
 			var close_waitscreen = 1;
 		// ]]>

phpBB/adm/style/acp_groups.html

@@ -36,10 +36,12 @@
 		<dl>
 			<dt><label for="group_type">{L_GROUP_TYPE}{L_COLON}</label><br /><span>{L_GROUP_TYPE_EXPLAIN}</span></dt>
 			<dd>
+				{% EVENT acp_group_types_prepend %}
 				<label><input name="group_type" type="radio" class="radio" id="group_type" value="{GROUP_TYPE_FREE}"{GROUP_FREE} /> {L_GROUP_OPEN}</label>
 				<label><input name="group_type" type="radio" class="radio" value="{GROUP_TYPE_OPEN}"{GROUP_OPEN} /> {L_GROUP_REQUEST}</label>
 				<label><input name="group_type" type="radio" class="radio" value="{GROUP_TYPE_CLOSED}"{GROUP_CLOSED} /> {L_GROUP_CLOSED}</label>
 				<label><input name="group_type" type="radio" class="radio" value="{GROUP_TYPE_HIDDEN}"{GROUP_HIDDEN} /> {L_GROUP_HIDDEN}</label>
+				{% EVENT acp_group_types_append %}
 			</dd>
 		</dl>
 	<!-- ELSE -->

phpBB/adm/style/acp_groups_position.html

@@ -15,13 +15,15 @@
 				<label><input type="radio" name="legend_sort_groupname" class="radio" value="0"<!-- IF not LEGEND_SORT_GROUPNAME --> checked="checked"<!-- ENDIF --> /> {L_NO}</label>
 			</dd>
 		</dl>
-
-	<p class="submit-buttons">
-		<input class="button1" type="submit" name="update" value="{L_SUBMIT}" />&nbsp;
-		<input class="button2" type="reset" name="reset" value="{L_RESET}" />
-		<input type="hidden" name="action" value="set_config_legend" />
-		{S_FORM_TOKEN}
-	</p>
+	</fieldset>
+	<fieldset>
+		<legend>{L_ACP_SUBMIT_CHANGES}</legend>
+		<p class="submit-buttons">
+			<input class="button1" type="submit" name="update" value="{L_SUBMIT}" />&nbsp;
+			<input class="button2" type="reset" name="reset" value="{L_RESET}" />
+			<input type="hidden" name="action" value="set_config_legend" />
+			{S_FORM_TOKEN}
+		</p>
 	</fieldset>
 	</form>
 

phpBB/adm/style/acp_help_phpbb.html

@@ -40,6 +40,7 @@
 	</div>
 	<!-- EVENT acp_help_phpbb_stats_after -->
 	<fieldset>
+		<legend>{L_ACP_SUBMIT_CHANGES}</legend>
 		<p class="submit-buttons">
 			<input type="hidden" name="systemdata" value="{RAW_DATA}" />
 			<input type="hidden" name="help_send_statistics_time" value="{COLLECT_STATS_TIME}" />
@@ -51,6 +52,7 @@
 </form>
 <form action="{U_COLLECT_STATS}" method="post" target="questionaire_result" id="questionnaire-form">
 	<fieldset>
+		<legend>{L_ACP_SUBMIT_CHANGES}</legend>
 		<p class="submit-buttons">
 			<input type="hidden" name="systemdata" value="{RAW_DATA}" />
 			<input class="button1" type="submit" id="submit_stats" name="submit" value="{L_SEND_STATISTICS}" />

phpBB/adm/style/acp_icons.html

@@ -4,7 +4,7 @@
 
 <!-- IF S_EDIT -->
 
-	<script type="text/javascript" defer="defer">
+	<script>
 	// <![CDATA[
 	<!-- IF S_ADD_CODE -->
 

phpBB/adm/style/acp_jabber.html

@@ -70,9 +70,12 @@
 
 </fieldset>
 
-<fieldset class="submit-buttons">
-	<input class="button1" type="submit" id="submit" name="submit" value="{L_SUBMIT}" />&nbsp;
-	<input class="button2" type="reset" id="reset" name="reset" value="{L_RESET}" />
+<fieldset>
+	<legend>{L_ACP_SUBMIT_CHANGES}</legend>
+	<p class="submit-buttons">
+		<input class="button1" type="submit" id="submit" name="submit" value="{L_SUBMIT}" />&nbsp;
+		<input class="button2" type="reset" id="reset" name="reset" value="{L_RESET}" />
+	</p>
 	{S_FORM_TOKEN}
 </fieldset>
 </form>

phpBB/adm/style/acp_modules.html

@@ -4,7 +4,7 @@
 
 <!-- IF S_EDIT_MODULE -->
 
-	<script type="text/javascript">
+	<script>
 	// <![CDATA[
 		function display_options(value)
 		{

phpBB/adm/style/acp_permission_roles.html

@@ -4,7 +4,7 @@
 
 <!-- IF S_EDIT -->
 
-	<script type="text/javascript">
+	<script>
 	// <![CDATA[
 		var active_pmask = '0';
 		var active_fmask = '0';
@@ -20,7 +20,7 @@
 	// ]]>
 	</script>
 
-	<script type="text/javascript" src="style/permissions.js"></script>
+	<script src="style/permissions.js"></script>
 
 	<a href="{U_BACK}" style="float: {S_CONTENT_FLOW_END};">&laquo; {L_BACK}</a>
 

phpBB/adm/style/acp_permissions.html

@@ -340,9 +340,12 @@
 	<br class="responsive-hide" /><br class="responsive-hide" />
 
 	<fieldset class="quick" style="float: {S_CONTENT_FLOW_END};">
-		<input class="button1" type="submit" name="action[apply_all_permissions]" value="{L_APPLY_ALL_PERMISSIONS}" />
-		<input class="button2" type="button" name="cancel" value="{L_RESET}" onclick="document.forms['set-permissions'].reset(); init_colours(active_pmask + active_fmask);" />
-		{S_FORM_TOKEN}
+		<legend>{L_ACP_SUBMIT_CHANGES}</legend>
+		<p class="submit-buttons">
+			<input class="button1" type="submit" id="submit" name="action[apply_all_permissions]" value="{L_APPLY_ALL_PERMISSIONS}" />&nbsp;
+			<input class="button2" type="button"  id="reset" name="cancel" value="{L_RESET}" onclick="document.forms['set-permissions'].reset(); init_colours(active_pmask + active_fmask);" />
+			{S_FORM_TOKEN}
+		</p>
 	</fieldset>
 
 	<br class="responsive-hide" /><br class="responsive-hide" />

phpBB/adm/style/acp_posting_buttons.html

@@ -1,31 +1,10 @@
-<script type="text/javascript">
+<script>
 // <![CDATA[
 
 	// Define the bbCode tags
 	var bbcode = new Array();
 	var bbtags = new Array('[b]','[/b]','[i]','[/i]','[u]','[/u]','[quote]','[/quote]','[code]','[/code]','[list]','[/list]','[list=]','[/list]','[img]','[/img]','[url]','[/url]','[flash=]', '[/flash]','[size=]','[/size]'<!-- BEGIN custom_tags -->, {custom_tags.BBCODE_NAME}<!-- END custom_tags -->);
 
-	// Helpline messages
-	var help_line = {
-		b: '{LA_BBCODE_B_HELP}',
-		i: '{LA_BBCODE_I_HELP}',
-		u: '{LA_BBCODE_U_HELP}',
-		q: '{LA_BBCODE_Q_HELP}',
-		c: '{LA_BBCODE_C_HELP}',
-		l: '{LA_BBCODE_L_HELP}',
-		o: '{LA_BBCODE_O_HELP}',
-		p: '{LA_BBCODE_P_HELP}',
-		w: '{LA_BBCODE_W_HELP}',
-		a: '{LA_BBCODE_A_HELP}',
-		s: '{LA_BBCODE_S_HELP}',
-		f: '{LA_BBCODE_F_HELP}',
-		y: '{LA_BBCODE_Y_HELP}',
-		d: '{LA_BBCODE_D_HELP}'
-		<!-- BEGIN custom_tags -->
-			,cb_{custom_tags.BBCODE_ID}{L_COLON} '{custom_tags.A_BBCODE_HELPLINE}'
-		<!-- END custom_tags -->
-	}
-
 // ]]>
 </script>
 
@@ -65,7 +44,7 @@
 	</select>
 	<!-- EVENT acp_posting_buttons_custom_tags_before -->
 	<!-- BEGIN custom_tags -->
-	<input type="button" class="button2" name="addbbcode{custom_tags.BBCODE_ID}" value="{custom_tags.BBCODE_TAG}" onclick="bbstyle({custom_tags.BBCODE_ID})" title="{custom_tags.BBCODE_HELPLINE}" />
+	<input type="button" class="button2" name="addbbcode{custom_tags.BBCODE_ID}" value="{custom_tags.BBCODE_TAG}" onclick="bbstyle({custom_tags.BBCODE_ID})" title="{{ custom_tags.BBCODE_HELPLINE }}" />
 	<!-- END custom_tags -->
 </div>
 <!-- EVENT acp_posting_buttons_after -->

phpBB/adm/style/acp_profile.html

@@ -21,8 +21,11 @@
 
 	<!-- IF S_STEP_ONE -->
 
+		{% EVENT acp_profile_options_before %}
+
 		<fieldset>
 			<legend>{L_TITLE}</legend>
+		{% EVENT acp_profile_basic_options_before %}
 		<dl>
 			<dt><label>{L_FIELD_TYPE}{L_COLON}</label><br /><span>{L_FIELD_TYPE_EXPLAIN}</span></dt>
 			<dd><strong>{FIELD_TYPE}</strong></dd>
@@ -43,8 +46,11 @@
 			<dd><label><input type="radio" class="radio" id="field_no_view" name="field_no_view" value="0"<!-- IF not S_FIELD_NO_VIEW --> checked="checked"<!-- ENDIF --> /> {L_YES}</label>
 				<label><input type="radio" class="radio" name="field_no_view" value="1"<!-- IF S_FIELD_NO_VIEW --> checked="checked"<!-- ENDIF --> /> {L_NO}</label></dd>
 		</dl>
+		{% EVENT acp_profile_basic_options_after %}
 		</fieldset>
 
+		{% EVENT acp_profile_visibility_options_before %}
+
 		<fieldset>
 			<legend>{L_VISIBILITY_OPTION}</legend>
 		<dl>
@@ -87,8 +93,11 @@
 			<dd><input class="text medium" type="text" name="field_contact_url" id="field_contact_url" value="{FIELD_CONTACT_URL}" /> <label for="field_contact_url">{L_FIELD_CONTACT_URL}</label></dd>
 			<!-- EVENT acp_profile_contact_last -->
 		</dl>
+		{% EVENT acp_profile_contact_after %}
 		</fieldset>
 
+		{% EVENT acp_profile_visibility_options_after %}
+
 		<!-- IF S_EDIT_MODE -->
 			<fieldset class="quick">
 				<input class="button1" type="submit" name="save" value="{L_SAVE}" />

phpBB/adm/style/acp_prune_users.html

@@ -7,7 +7,7 @@
 <p>{L_ACP_PRUNE_USERS_EXPLAIN}</p>
 
 <form id="acp_prune" method="post" action="{U_ACTION}">
-	
+
 <fieldset>
 	<legend>{L_CRITERIA}</legend>
 <dl>
@@ -66,15 +66,19 @@
 	<dd><label><input type="radio" class="radio" name="action" value="delete" /> {L_DELETE_USERS}</label>
 		<label><input type="radio" class="radio" id="deactivate" name="action" value="deactivate" checked="checked" /> {L_DEACTIVATE}</label></dd>
 </dl>
-
-<p class="submit-buttons">
-	<input type="hidden" name="prune" value="1" />
-
-	<input class="button1" type="submit" id="update" name="update" value="{L_SUBMIT}" />&nbsp;
-	<input class="button2" type="reset" id="reset" name="reset" value="{L_RESET}" />
-	{S_FORM_TOKEN}
-</p>
 </fieldset>
+
+<fieldset>
+	<legend>{L_ACP_SUBMIT_CHANGES}</legend>
+	<p class="submit-buttons">
+		<input type="hidden" name="prune" value="1" />
+
+		<input class="button1" type="submit" id="update" name="update" value="{L_SUBMIT}" />&nbsp;
+		<input class="button2" type="reset" id="reset" name="reset" value="{L_RESET}" />
+		{S_FORM_TOKEN}
+	</p>
+</fieldset>
+
 </form>
 
 <!-- INCLUDE overall_footer.html -->

phpBB/adm/style/acp_ranks.html

@@ -6,7 +6,7 @@
 
 	<a href="{U_BACK}" style="float: {S_CONTENT_FLOW_END};">&laquo; {L_BACK}</a>
 
-	<script type="text/javascript">
+	<script>
 	// <![CDATA[
 		function update_image(newimage)
 		{

phpBB/adm/style/acp_search.html

@@ -59,17 +59,19 @@
 
 	<!-- END backend -->
 
-	<fieldset class="submit-buttons">
-		<legend>{L_SUBMIT}</legend>
-		<input class="button1" type="submit" id="submit" name="submit" value="{L_SUBMIT}" />&nbsp;
-		<input class="button2" type="reset" id="reset" name="reset" value="{L_RESET}" />
+	<fieldset>
+		<legend>{L_ACP_SUBMIT_CHANGES}</legend>
+		<p class="submit-buttons">
+			<input class="button1" type="submit" id="submit" name="submit" value="{L_SUBMIT}" />&nbsp;
+			<input class="button2" type="reset" id="reset" name="reset" value="{L_RESET}" />
+		</p>
 		{S_FORM_TOKEN}
 	</fieldset>
 	</form>
 
 <!-- ELSEIF S_INDEX -->
 
-	<script type="text/javascript">
+	<script>
 	// <![CDATA[
 		/**
 		* Popup search progress bar
@@ -89,10 +91,12 @@
 		<p>{L_CONTINUE_EXPLAIN}</p>
 
 		<form id="acp_search_continue" method="post" action="{U_CONTINUE_INDEXING}">
-			<fieldset class="submit-buttons">
-				<legend>{L_SUBMIT}</legend>
-				<input class="button1" type="submit" id="continue" name="continue" value="{L_CONTINUE}" onclick="popup_progress_bar('{S_CONTINUE_INDEXING}');" />&nbsp;
-				<input class="button2" type="submit" id="cancel" name="cancel" value="{L_CANCEL}" />
+			<fieldset>
+				<legend>{L_ACP_SUBMIT_CHANGES}</legend>
+				<p class="submit-buttons">
+					<input class="button1" type="submit" id="submit" name="submit" value="{L_SUBMIT}" />&nbsp;
+					<input class="button2" type="reset" id="reset" name="reset" value="{L_RESET}" />
+				</p>
 				{S_FORM_TOKEN}
 			</fieldset>
 		</form>

phpBB/adm/style/acp_users_overview.html

@@ -79,7 +79,7 @@
 
 <!-- IF not S_USER_FOUNDER or S_FOUNDER -->
 
-	<script type="text/javascript">
+	<script>
 	// <![CDATA[
 
 		function display_reason(option)

phpBB/adm/style/acp_users_prefs.html

@@ -1,4 +1,4 @@
-<script type="text/javascript">
+<script>
 // <![CDATA[
 	var default_dateformat = '{A_DEFAULT_DATEFORMAT}';
 // ]]>

phpBB/adm/style/acp_users_signature.html

@@ -1,4 +1,4 @@
-<script type="text/javascript">
+<script>
 // <![CDATA[
 
 	var form_name = 'user_signature';

phpBB/adm/style/admin.css

@@ -2049,6 +2049,8 @@ fieldset.permissions .padding {
 }
 
 .permissions-category ul {
+	display: flex;
+	flex-wrap: wrap;
 	margin: 0;
 	padding: 0;
 	list-style: none;
@@ -2102,7 +2104,6 @@ fieldset.permissions .padding {
 
 .permissions-category .activetab a span.tabbg {
 	background-position: 100% 0;
-	padding-bottom: 7px;
 	color: #333333;
 }
 
@@ -2297,6 +2298,10 @@ fieldset.permissions .padding {
 		margin: 0 !important;
 	}
 
+	.permissions-category ul {
+		display: block;
+	}
+
 	.permissions-category a, .permissions-category a span.tabbg {
 		display: block;
 		float: none !important;

phpBB/adm/style/ajax.js

@@ -173,7 +173,9 @@ function submitPermissions() {
 	var permissionSubmitSize = 0,
 		permissionRequestCount = 0,
 		forumIds = [],
-		permissionSubmitFailed = false;
+		permissionSubmitFailed = false,
+		clearIndicator = true,
+		$loadingIndicator;
 
 	if ($submitAllButton !== $submitButton) {
 		fieldsetList = $form.find('fieldset#' + $submitButton.closest('fieldset.permissions').id);
@@ -207,6 +209,8 @@ function submitPermissions() {
 		}
 	});
 
+	$loadingIndicator = phpbb.loadingIndicator();
+
 	/**
 	 * Handler for submitted permissions form chunk
 	 *
@@ -222,6 +226,8 @@ function submitPermissions() {
 		} else if (!permissionSubmitFailed && res.S_USER_NOTICE) {
 			// Display success message at the end of submitting the form
 			if (permissionRequestCount >= permissionSubmitSize) {
+				clearIndicator = true;
+
 				var $alert = phpbb.alert(res.MESSAGE_TITLE, res.MESSAGE_TEXT);
 				var $alertBoxLink = $alert.find('p.alert_text > a');
 
@@ -271,6 +277,17 @@ function submitPermissions() {
 						$form.submit();
 					}, res.REFRESH_DATA.time * 1000); // Server specifies time in seconds
 				}
+			} else {
+				// Still more forms to submit, so do not clear indicator
+				clearIndicator = false;
+			}
+		}
+
+		if (clearIndicator) {
+			phpbb.clearLoadingTimeout();
+
+			if ($loadingIndicator) {
+				$loadingIndicator.fadeOut(phpbb.alertTime);
 			}
 		}
 	}

phpBB/adm/style/installer_footer.html

@@ -13,7 +13,7 @@
 	</div>
 </div>
 
-<script type="text/javascript">
+<script>
 <!--
 installLang = {
 	title: '{LA_TIMEOUT_DETECTED_TITLE}',
@@ -22,9 +22,9 @@ installLang = {
 //-->
 </script>
 
-<script type="text/javascript" src="{T_JQUERY_LINK}"></script>
-<!-- IF S_ALLOW_CDN --><script type="text/javascript">window.jQuery || document.write('\x3Cscript src="{T_ASSETS_PATH}/javascript/jquery.min.js">\x3C/script>');</script><!-- ENDIF -->
-<script type="text/javascript" src="{T_ASSETS_PATH}/javascript/core.js?assets_version={T_ASSETS_VERSION}"></script>
+<script src="{T_JQUERY_LINK}"></script>
+<!-- IF S_ALLOW_CDN --><script>window.jQuery || document.write('\x3Cscript src="{T_ASSETS_PATH}/javascript/jquery.min.js">\x3C/script>');</script><!-- ENDIF -->
+<script src="{T_ASSETS_PATH}/javascript/core.js?assets_version={T_ASSETS_VERSION}"></script>
 <!-- INCLUDEJS admin.js -->
 {$SCRIPTS}
 

phpBB/adm/style/overall_footer.html

@@ -33,9 +33,9 @@
 	</div>
 </div>
 
-<script type="text/javascript" src="{T_JQUERY_LINK}"></script>
-<!-- IF S_ALLOW_CDN --><script type="text/javascript">window.jQuery || document.write('\x3Cscript src="{T_ASSETS_PATH}/javascript/jquery.min.js?assets_version={T_ASSETS_VERSION}">\x3C/script>');</script><!-- ENDIF -->
-<script type="text/javascript" src="{T_ASSETS_PATH}/javascript/core.js?assets_version={T_ASSETS_VERSION}"></script>
+<script src="{T_JQUERY_LINK}"></script>
+<!-- IF S_ALLOW_CDN --><script>window.jQuery || document.write('\x3Cscript src="{T_ASSETS_PATH}/javascript/jquery.min.js?assets_version={T_ASSETS_VERSION}">\x3C/script>');</script><!-- ENDIF -->
+<script src="{T_ASSETS_PATH}/javascript/core.js?assets_version={T_ASSETS_VERSION}"></script>
 <!-- INCLUDEJS ajax.js -->
 <!-- INCLUDEJS admin.js -->
 

phpBB/adm/style/overall_header.html

@@ -10,7 +10,7 @@
 <link href="{T_FONT_AWESOME_LINK}" rel="stylesheet">
 <link href="style/admin.css?assets_version={T_ASSETS_VERSION}" rel="stylesheet" type="text/css" media="screen" />
 
-<script type="text/javascript">
+<script>
 // <![CDATA[
 var jump_page = '{LA_JUMP_PAGE}{L_COLON}';
 var on_page = '{CURRENT_PAGE}';

phpBB/adm/style/permission_mask.html

@@ -1,5 +1,5 @@
 
-<script type="text/javascript">
+<script>
 // <![CDATA[
 	var active_pmask = '0';
 	var active_fmask = '0';
@@ -9,12 +9,14 @@
 
 	var role_options = new Array();
 
+	var no_role_assigned = "{LA_NO_ROLE_ASSIGNED}";
+
 	<!-- IF S_ROLE_JS_ARRAY -->
 		{S_ROLE_JS_ARRAY}
 	<!-- ENDIF -->
 // ]]>
 </script>
-<script type="text/javascript" src="style/permissions.js"></script>
+<script src="style/permissions.js"></script>
 
 <!-- BEGIN p_mask -->
 <div class="clearfix"></div>

phpBB/adm/style/permissions.js

@@ -269,8 +269,14 @@ function mark_one_option(id, field_name, s) {
 }
 
 /**
-* Reset role dropdown field to Select role... if an option gets changed
-*/
+ * (Re)set the permission role dropdown.
+ *
+ * Try and match the set permissions to an existing role.
+ * Otherwise reset the dropdown to "Select a role.."
+ *
+ * @param {string}	id		The fieldset identifier
+ * @returns {void}
+ */
 function reset_role(id) {
 	var t = document.getElementById(id);
 
@@ -278,14 +284,37 @@ function reset_role(id) {
 		return;
 	}
 
-	t.options[0].selected = true;
+	// Before resetting the role dropdown, try and match any permission role
+	var parent = t.parentNode,
+		roleId = match_role_settings(id.replace('role', 'perm')),
+		text = no_role_assigned,
+		index = 0;
+
+	// If a role permissions was matched, grab that option's value and index
+	if (roleId) {
+		for (var i = 0; i < t.options.length; i++) {
+			if (parseInt(t.options[i].value, 10) === roleId) {
+				text = t.options[i].text;
+				index = i;
+				break;
+			}
+		}
+	}
+
+	// Update the select's value and selected index
+	t.value = roleId;
+	t.options[index].selected = true;
+
+	// Update the dropdown trigger to show the new value
+	parent.querySelector('span.dropdown-trigger').innerText = text;
+	parent.querySelector('input[data-name^=role]').value = roleId;
 }
 
 /**
 * Load role and set options accordingly
 */
 function set_role_settings(role_id, target_id) {
-	settings = role_options[role_id];
+	var settings = role_options[role_id];
 
 	if (!settings) {
 		return;
@@ -298,3 +327,51 @@ function set_role_settings(role_id, target_id) {
 		mark_one_option(target_id, r, (settings[r] === 1) ? 'y' : 'n');
 	}
 }
+
+/**
+ * Match the set permissions against the available roles.
+ *
+ * @param {string}	id		The parent fieldset identifier
+ * @return {number}			The permission role identifier
+ */
+function match_role_settings(id) {
+	var fieldset = document.getElementById(id),
+		radios = fieldset.getElementsByTagName('input'),
+		set = {};
+
+	// Iterate over all the radio buttons
+	for (var i = 0; i < radios.length; i++) {
+		var matches = radios[i].id.match(/setting\[\d+]\[\d+]\[([a-z_]+)]/);
+
+		// Make sure the name attribute matches, the radio is checked and it is not the "No" (-1) value.
+		if (matches !== null && radios[i].checked && radios[i].value !== '-1') {
+			set[matches[1]] = parseInt(radios[i].value, 10);
+		}
+	}
+
+	// Sort and stringify the 'set permissions' object
+	set = sort_and_stringify(set);
+
+	// Iterate over the available role options and return the first match
+	for (var r in role_options)
+	{
+		if (sort_and_stringify(role_options[r]) === set) {
+			return parseInt(r, 10);
+		}
+	}
+
+	return 0;
+}
+
+/**
+ * Sort and stringify an Object so it can be easily compared against another object.
+ *
+ * @param {object}	obj		The object to sort (by key) and stringify
+ * @return {string}			The sorted object as a string
+ */
+function sort_and_stringify(obj) {
+	return JSON.stringify(Object.keys(obj).sort().reduce(function (result, key) {
+		result[key] = obj[key];
+		return result;
+	}, {}));
+}

phpBB/adm/style/progress_bar.html

@@ -1,6 +1,6 @@
 <!-- INCLUDE simple_header.html -->
 
-<script type="text/javascript">
+<script>
 // <![CDATA[
 	/**
 	* Close previously opened popup
@@ -31,7 +31,7 @@
 	<p>{L_PROGRESS_EXPLAIN}</p>
 </div>
 
-<script type="text/javascript">
+<script>
 // <![CDATA[
 	close_popup();
 // ]]>

phpBB/adm/style/simple_footer.html

@@ -16,9 +16,9 @@
 
 </div>
 
-<script type="text/javascript" src="{T_JQUERY_LINK}"></script>
-<!-- IF S_ALLOW_CDN --><script type="text/javascript">window.jQuery || document.write('\x3Cscript src="{T_ASSETS_PATH}/javascript/jquery.min.js?assets_version={T_ASSETS_VERSION}">\x3C/script>');</script><!-- ENDIF -->
-<script type="text/javascript" src="{T_ASSETS_PATH}/javascript/core.js?assets_version={T_ASSETS_VERSION}"></script>
+<script src="{T_JQUERY_LINK}"></script>
+<!-- IF S_ALLOW_CDN --><script>window.jQuery || document.write('\x3Cscript src="{T_ASSETS_PATH}/javascript/jquery.min.js?assets_version={T_ASSETS_VERSION}">\x3C/script>');</script><!-- ENDIF -->
+<script src="{T_ASSETS_PATH}/javascript/core.js?assets_version={T_ASSETS_VERSION}"></script>
 
 <!-- EVENT acp_simple_footer_after -->
 {$SCRIPTS}

phpBB/adm/style/simple_header.html

@@ -9,7 +9,7 @@
 
 <link href="style/admin.css?assets_version={T_ASSETS_VERSION}" rel="stylesheet" type="text/css" media="screen" />
 
-<script type="text/javascript">
+<script>
 // <![CDATA[
 var jump_page = '{LA_JUMP_PAGE}{L_COLON}';
 var on_page = '{CURRENT_PAGE}';

phpBB/adm/style/tooltip.js

@@ -218,23 +218,6 @@ $(function() {
 
 	// Prepare dropdown
 	phpbb.prepareRolesDropdown();
-
-	// Reset role drop-down on modifying permissions in advanced tab
-	$('div.permissions-switch > a').on('click', function () {
-		$.each($('input[type=radio][name^="setting["]'), function () {
-			var $this = $(this);
-			$this.on('click', function () {
-				var $rolesOptions = $this.closest('fieldset.permissions').find('.roles-options'),
-					rolesSelect = $rolesOptions.find('select > option')[0];
-
-				// Set selected setting
-				$rolesOptions.children('span')
-					.text(rolesSelect.text);
-				$rolesOptions.children('input[type=hidden]')
-					.val(rolesSelect.value);
-			});
-		});
-	});
 });
 
 })(jQuery); // Avoid conflicts with other libraries

phpBB/assets/javascript/core.js

@@ -853,7 +853,10 @@ phpbb.timezonePreselectSelect = function(forceSelector) {
 	var minutes = offset % 60;
 	var hours = (offset - minutes) / 60;
 
-	if (hours < 10) {
+	if (hours === 0) {
+		hours = '00';
+		sign = '+';
+	} else if (hours < 10) {
 		hours = '0' + hours.toString();
 	} else {
 		hours = hours.toString();

phpBB/assets/javascript/editor.js

@@ -17,17 +17,10 @@ var is_ie = ((clientPC.indexOf('msie') !== -1) && (clientPC.indexOf('opera') ===
 var is_win = ((clientPC.indexOf('win') !== -1) || (clientPC.indexOf('16bit') !== -1));
 var baseHeight;
 
-/**
-* Shows the help messages in the helpline window
-*/
-function helpline(help) {
-	document.forms[form_name].helpbox.value = help_line[help];
-}
-
 /**
 * Fix a bug involving the TextRange object. From
 * http://www.frostjedi.com/terra/scripts/demo/caretBug.html
-*/ 
+*/
 function initInsertions() {
 	var doc;
 
@@ -104,8 +97,8 @@ function bbfontstyle(bbopen, bbclose) {
 	}
 	// IE
 	else if (document.selection) {
-		var range = textarea.createTextRange(); 
-		range.move("character", new_pos); 
+		var range = textarea.createTextRange();
+		range.move("character", new_pos);
 		range.select();
 		storeCaret(textarea);
 	}

phpBB/assets/javascript/plupload.js

@@ -90,6 +90,12 @@ phpbb.plupload.getSerializedData = function() {
 			obj['attachment_data[' + i + '][' + key + ']'] = datum[key];
 		}
 	}
+
+	// Insert form data
+	var $pluploadForm = $(phpbb.plupload.config.form_hook).first();
+	obj.creation_time = $pluploadForm.find('input[type=hidden][name="creation_time"]').val();
+	obj.form_token = $pluploadForm.find('input[type=hidden][name="form_token"]').val();
+
 	return obj;
 };
 
@@ -264,6 +270,17 @@ phpbb.plupload.deleteFile = function(row, attachId) {
 
 			return;
 		}
+
+		// Handle errors while deleting file
+		if (typeof response.error !== 'undefined') {
+			phpbb.alert(phpbb.plupload.lang.ERROR, response.error.message);
+
+			// We will have to assume that the deletion failed. So leave the file status as uploaded.
+			row.find('.file-status').toggleClass('file-uploaded');
+
+			return;
+		}
+
 		phpbb.plupload.update(response, 'removal', index);
 		// Check if the user can upload files now if he had reached the max files limit.
 		phpbb.plupload.handleMaxFilesReached();
@@ -446,6 +463,44 @@ phpbb.plupload.fileError = function(file, error) {
 phpbb.plupload.uploader = new plupload.Uploader(phpbb.plupload.config);
 phpbb.plupload.initialize();
 
+/**
+ * Add a file filter to check for max file sizes per mime type.
+ */
+plupload.addFileFilter('mime_types_max_file_size', function(types, file, callback) {
+	if (file.size !== 'undefined') {
+		$(types).each(function(i, type) {
+			let extensions = [],
+				extsArray = type.extensions.split(',');
+
+			$(extsArray).each(function(i, extension) {
+				/^\s*\*\s*$/.test(extension) ? extensions.push("\\.*") : extensions.push("\\." + extension.replace(new RegExp("[" + "/^$.*+?|()[]{}\\".replace(/./g, "\\$&") + "]", "g"), "\\$&"));
+			});
+
+			let regex = new RegExp("(" + extensions.join("|") + ")$", "i");
+
+			if (regex.test(file.name)) {
+				if (type.max_file_size !== 'undefined' && type.max_file_size) {
+					if (file.size > type.max_file_size) {
+						phpbb.plupload.uploader.trigger('Error', {
+							code: plupload.FILE_SIZE_ERROR,
+							message: plupload.translate('File size error.'),
+							file: file
+						});
+
+						callback(false);
+					} else {
+						callback(true);
+					}
+				} else {
+					callback(true);
+				}
+
+				return false;
+			}
+		});
+	}
+});
+
 var $fileList = $('#file-list');
 
 /**

phpBB/bin/phpbbcli.php

@@ -84,7 +84,7 @@ $user = $phpbb_container->get('user');
 $user->data['user_id'] = ANONYMOUS;
 $user->ip = '127.0.0.1';
 
-$application = new \phpbb\console\application('phpBB Console', PHPBB_VERSION, $language);
+$application = new \phpbb\console\application('phpBB Console', PHPBB_VERSION, $language, $config);
 $application->setDispatcher($phpbb_container->get('dispatcher'));
 $application->register_container_commands($phpbb_container->get('console.command_collection'));
 $application->run($input);

phpBB/cache/.htaccess

@@ -1,4 +1,33 @@
-<Files *>
-	Order Allow,Deny
-	Deny from All
-</Files>
+# With Apache 2.4 the "Order, Deny" syntax has been deprecated and moved from
+# module mod_authz_host to a new module called mod_access_compat (which may be
+# disabled) and a new "Require" syntax has been introduced to mod_authz_host.
+# We could just conditionally provide both versions, but unfortunately Apache
+# does not explicitly tell us its version if the module mod_version is not
+# available. In this case, we check for the availability of module
+# mod_authz_core (which should be on 2.4 or higher only) as a best guess.
+<IfModule mod_version.c>
+	<IfVersion < 2.4>
+		<Files "*">
+			Order Allow,Deny
+			Deny from All
+		</Files>
+	</IfVersion>
+	<IfVersion >= 2.4>
+		<Files "*">
+			Require all denied
+		</Files>
+	</IfVersion>
+</IfModule>
+<IfModule !mod_version.c>
+	<IfModule !mod_authz_core.c>
+		<Files "*">
+			Order Allow,Deny
+			Deny from All
+		</Files>
+	</IfModule>
+	<IfModule mod_authz_core.c>
+		<Files "*">
+			Require all denied
+		</Files>
+	</IfModule>
+</IfModule>

phpBB/composer.lock

@@ -83,16 +83,16 @@
         },
         {
             "name": "guzzlehttp/guzzle",
-            "version": "5.3.3",
+            "version": "5.3.4",
             "source": {
                 "type": "git",
                 "url": "https://github.com/guzzle/guzzle.git",
-                "reference": "93bbdb30d59be6cd9839495306c65f2907370eb9"
+                "reference": "b87eda7a7162f95574032da17e9323c9899cb6b2"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/guzzle/guzzle/zipball/93bbdb30d59be6cd9839495306c65f2907370eb9",
-                "reference": "93bbdb30d59be6cd9839495306c65f2907370eb9",
+                "url": "https://api.github.com/repos/guzzle/guzzle/zipball/b87eda7a7162f95574032da17e9323c9899cb6b2",
+                "reference": "b87eda7a7162f95574032da17e9323c9899cb6b2",
                 "shasum": ""
             },
             "require": {
@@ -132,7 +132,7 @@
                 "rest",
                 "web service"
             ],
-            "time": "2018-07-31T13:33:10+00:00"
+            "time": "2019-10-30T09:32:00+00:00"
         },
         {
             "name": "guzzlehttp/ringphp",
@@ -183,6 +183,7 @@
                 }
             ],
             "description": "Provides a simple API and specification that abstracts away the details of HTTP into a single PHP function.",
+            "abandoned": true,
             "time": "2018-07-31T13:22:33+00:00"
         },
         {
@@ -233,6 +234,7 @@
                 "Guzzle",
                 "stream"
             ],
+            "abandoned": true,
             "time": "2014-10-12T19:18:40+00:00"
         },
         {
@@ -346,16 +348,16 @@
         },
         {
             "name": "marc1706/fast-image-size",
-            "version": "v1.1.4",
+            "version": "v1.1.6",
             "source": {
                 "type": "git",
                 "url": "https://github.com/marc1706/fast-image-size.git",
-                "reference": "c4ded0223a4e49ae45a2183a69f6afac5baf7250"
+                "reference": "3a3a2b036be20f43fa06ce00dfa754df503e6684"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/marc1706/fast-image-size/zipball/c4ded0223a4e49ae45a2183a69f6afac5baf7250",
-                "reference": "c4ded0223a4e49ae45a2183a69f6afac5baf7250",
+                "url": "https://api.github.com/repos/marc1706/fast-image-size/zipball/3a3a2b036be20f43fa06ce00dfa754df503e6684",
+                "reference": "3a3a2b036be20f43fa06ce00dfa754df503e6684",
                 "shasum": ""
             },
             "require": {
@@ -363,9 +365,14 @@
                 "php": ">=5.3.0"
             },
             "require-dev": {
-                "phpunit/phpunit": "4.*"
+                "phpunit/phpunit": "^4.8"
             },
             "type": "library",
+            "extra": {
+                "branch-alias": {
+                    "dev-master": "1.1.x-dev"
+                }
+            },
             "autoload": {
                 "psr-4": {
                     "FastImageSize\\": "lib",
@@ -394,7 +401,7 @@
                 "php",
                 "size"
             ],
-            "time": "2017-10-23T18:52:01+00:00"
+            "time": "2019-12-07T08:02:07+00:00"
         },
         {
             "name": "ocramius/proxy-manager",
@@ -510,22 +517,25 @@
         },
         {
             "name": "patchwork/utf8",
-            "version": "v1.3.1",
+            "version": "v1.3.2",
             "source": {
                 "type": "git",
                 "url": "https://github.com/tchwork/utf8.git",
-                "reference": "30ec6451aec7d2536f0af8fe535f70c764f2c47a"
+                "reference": "d296e0026e7ce10b2a9fe594feca9628ef00e9e8"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/tchwork/utf8/zipball/30ec6451aec7d2536f0af8fe535f70c764f2c47a",
-                "reference": "30ec6451aec7d2536f0af8fe535f70c764f2c47a",
+                "url": "https://api.github.com/repos/tchwork/utf8/zipball/d296e0026e7ce10b2a9fe594feca9628ef00e9e8",
+                "reference": "d296e0026e7ce10b2a9fe594feca9628ef00e9e8",
                 "shasum": ""
             },
             "require": {
                 "lib-pcre": ">=7.3",
                 "php": ">=5.3.0"
             },
+            "require-dev": {
+                "symfony/phpunit-bridge": "^3.4|^4.4"
+            },
             "suggest": {
                 "ext-iconv": "Use iconv for best performance",
                 "ext-intl": "Use Intl for best performance",
@@ -565,20 +575,20 @@
                 "utf-8",
                 "utf8"
             ],
-            "time": "2016-05-18T13:57:10+00:00"
+            "time": "2019-12-03T14:44:12+00:00"
         },
         {
             "name": "psr/log",
-            "version": "1.1.0",
+            "version": "1.1.3",
             "source": {
                 "type": "git",
                 "url": "https://github.com/php-fig/log.git",
-                "reference": "6c001f1daafa3a3ac1d8ff69ee4db8e799a654dd"
+                "reference": "0f73288fd15629204f9d42b7055f72dacbe811fc"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/php-fig/log/zipball/6c001f1daafa3a3ac1d8ff69ee4db8e799a654dd",
-                "reference": "6c001f1daafa3a3ac1d8ff69ee4db8e799a654dd",
+                "url": "https://api.github.com/repos/php-fig/log/zipball/0f73288fd15629204f9d42b7055f72dacbe811fc",
+                "reference": "0f73288fd15629204f9d42b7055f72dacbe811fc",
                 "shasum": ""
             },
             "require": {
@@ -587,7 +597,7 @@
             "type": "library",
             "extra": {
                 "branch-alias": {
-                    "dev-master": "1.0.x-dev"
+                    "dev-master": "1.1.x-dev"
                 }
             },
             "autoload": {
@@ -612,27 +622,27 @@
                 "psr",
                 "psr-3"
             ],
-            "time": "2018-11-20T15:27:04+00:00"
+            "time": "2020-03-23T09:12:05+00:00"
         },
         {
             "name": "react/promise",
-            "version": "v2.7.1",
+            "version": "v2.8.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/reactphp/promise.git",
-                "reference": "31ffa96f8d2ed0341a57848cbb84d88b89dd664d"
+                "reference": "f3cff96a19736714524ca0dd1d4130de73dbbbc4"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/reactphp/promise/zipball/31ffa96f8d2ed0341a57848cbb84d88b89dd664d",
-                "reference": "31ffa96f8d2ed0341a57848cbb84d88b89dd664d",
+                "url": "https://api.github.com/repos/reactphp/promise/zipball/f3cff96a19736714524ca0dd1d4130de73dbbbc4",
+                "reference": "f3cff96a19736714524ca0dd1d4130de73dbbbc4",
                 "shasum": ""
             },
             "require": {
                 "php": ">=5.4.0"
             },
             "require-dev": {
-                "phpunit/phpunit": "~4.8"
+                "phpunit/phpunit": "^7.0 || ^6.5 || ^5.7 || ^4.8.36"
             },
             "type": "library",
             "autoload": {
@@ -658,7 +668,7 @@
                 "promise",
                 "promises"
             ],
-            "time": "2019-01-07T21:25:54+00:00"
+            "time": "2020-05-12T15:16:56+00:00"
         },
         {
             "name": "s9e/text-formatter",
@@ -728,7 +738,7 @@
         },
         {
             "name": "symfony/config",
-            "version": "v2.8.50",
+            "version": "v2.8.52",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/config.git",
@@ -785,7 +795,7 @@
         },
         {
             "name": "symfony/console",
-            "version": "v2.8.50",
+            "version": "v2.8.52",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/console.git",
@@ -846,7 +856,7 @@
         },
         {
             "name": "symfony/debug",
-            "version": "v2.8.50",
+            "version": "v2.8.52",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/debug.git",
@@ -903,7 +913,7 @@
         },
         {
             "name": "symfony/dependency-injection",
-            "version": "v2.8.50",
+            "version": "v2.8.52",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/dependency-injection.git",
@@ -966,7 +976,7 @@
         },
         {
             "name": "symfony/event-dispatcher",
-            "version": "v2.8.50",
+            "version": "v2.8.52",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/event-dispatcher.git",
@@ -1026,7 +1036,7 @@
         },
         {
             "name": "symfony/filesystem",
-            "version": "v2.8.50",
+            "version": "v2.8.52",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/filesystem.git",
@@ -1076,7 +1086,7 @@
         },
         {
             "name": "symfony/finder",
-            "version": "v2.8.50",
+            "version": "v2.8.52",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/finder.git",
@@ -1125,16 +1135,16 @@
         },
         {
             "name": "symfony/http-foundation",
-            "version": "v2.8.50",
+            "version": "v2.8.52",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/http-foundation.git",
-                "reference": "746f8d3638bf46ee8b202e62f2b214c3d61fb06a"
+                "reference": "3929d9fe8148d17819ad0178c748b8d339420709"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/http-foundation/zipball/746f8d3638bf46ee8b202e62f2b214c3d61fb06a",
-                "reference": "746f8d3638bf46ee8b202e62f2b214c3d61fb06a",
+                "url": "https://api.github.com/repos/symfony/http-foundation/zipball/3929d9fe8148d17819ad0178c748b8d339420709",
+                "reference": "3929d9fe8148d17819ad0178c748b8d339420709",
                 "shasum": ""
             },
             "require": {
@@ -1176,20 +1186,20 @@
             ],
             "description": "Symfony HttpFoundation Component",
             "homepage": "https://symfony.com",
-            "time": "2019-04-16T10:00:53+00:00"
+            "time": "2019-11-12T12:34:41+00:00"
         },
         {
             "name": "symfony/http-kernel",
-            "version": "v2.8.51",
+            "version": "v2.8.52",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/http-kernel.git",
-                "reference": "a01e2b4b267fda24dba9b06cd1c575ca87a51ad2"
+                "reference": "c3be27b8627cd5ee8dfa8d1b923982f618ec521c"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/http-kernel/zipball/a01e2b4b267fda24dba9b06cd1c575ca87a51ad2",
-                "reference": "a01e2b4b267fda24dba9b06cd1c575ca87a51ad2",
+                "url": "https://api.github.com/repos/symfony/http-kernel/zipball/c3be27b8627cd5ee8dfa8d1b923982f618ec521c",
+                "reference": "c3be27b8627cd5ee8dfa8d1b923982f618ec521c",
                 "shasum": ""
             },
             "require": {
@@ -1198,7 +1208,8 @@
                 "symfony/debug": "^2.6.2",
                 "symfony/event-dispatcher": "^2.6.7|~3.0.0",
                 "symfony/http-foundation": "~2.7.36|~2.8.29|~3.1.6",
-                "symfony/polyfill-ctype": "~1.8"
+                "symfony/polyfill-ctype": "~1.8",
+                "symfony/polyfill-php56": "~1.8"
             },
             "conflict": {
                 "symfony/config": "<2.7",
@@ -1260,20 +1271,20 @@
             ],
             "description": "Symfony HttpKernel Component",
             "homepage": "https://symfony.com",
-            "time": "2019-04-17T16:42:28+00:00"
+            "time": "2019-11-13T08:36:16+00:00"
         },
         {
             "name": "symfony/polyfill-ctype",
-            "version": "v1.11.0",
+            "version": "v1.17.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/polyfill-ctype.git",
-                "reference": "82ebae02209c21113908c229e9883c419720738a"
+                "reference": "e94c8b1bbe2bc77507a1056cdb06451c75b427f9"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/polyfill-ctype/zipball/82ebae02209c21113908c229e9883c419720738a",
-                "reference": "82ebae02209c21113908c229e9883c419720738a",
+                "url": "https://api.github.com/repos/symfony/polyfill-ctype/zipball/e94c8b1bbe2bc77507a1056cdb06451c75b427f9",
+                "reference": "e94c8b1bbe2bc77507a1056cdb06451c75b427f9",
                 "shasum": ""
             },
             "require": {
@@ -1285,7 +1296,7 @@
             "type": "library",
             "extra": {
                 "branch-alias": {
-                    "dev-master": "1.11-dev"
+                    "dev-master": "1.17-dev"
                 }
             },
             "autoload": {
@@ -1302,12 +1313,12 @@
             ],
             "authors": [
                 {
-                    "name": "Symfony Community",
-                    "homepage": "https://symfony.com/contributors"
+                    "name": "Gert de Pagter",
+                    "email": "BackEndTea@gmail.com"
                 },
                 {
-                    "name": "Gert de Pagter",
-                    "email": "backendtea@gmail.com"
+                    "name": "Symfony Community",
+                    "homepage": "https://symfony.com/contributors"
                 }
             ],
             "description": "Symfony polyfill for ctype functions",
@@ -1318,20 +1329,34 @@
                 "polyfill",
                 "portable"
             ],
-            "time": "2019-02-06T07:57:58+00:00"
+            "funding": [
+                {
+                    "url": "https://symfony.com/sponsor",
+                    "type": "custom"
+                },
+                {
+                    "url": "https://github.com/fabpot",
+                    "type": "github"
+                },
+                {
+                    "url": "https://tidelift.com/funding/github/packagist/symfony/symfony",
+                    "type": "tidelift"
+                }
+            ],
+            "time": "2020-05-12T16:14:59+00:00"
         },
         {
             "name": "symfony/polyfill-mbstring",
-            "version": "v1.11.0",
+            "version": "v1.17.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/polyfill-mbstring.git",
-                "reference": "fe5e94c604826c35a32fa832f35bd036b6799609"
+                "reference": "fa79b11539418b02fc5e1897267673ba2c19419c"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/polyfill-mbstring/zipball/fe5e94c604826c35a32fa832f35bd036b6799609",
-                "reference": "fe5e94c604826c35a32fa832f35bd036b6799609",
+                "url": "https://api.github.com/repos/symfony/polyfill-mbstring/zipball/fa79b11539418b02fc5e1897267673ba2c19419c",
+                "reference": "fa79b11539418b02fc5e1897267673ba2c19419c",
                 "shasum": ""
             },
             "require": {
@@ -1343,7 +1368,7 @@
             "type": "library",
             "extra": {
                 "branch-alias": {
-                    "dev-master": "1.11-dev"
+                    "dev-master": "1.17-dev"
                 }
             },
             "autoload": {
@@ -1377,20 +1402,34 @@
                 "portable",
                 "shim"
             ],
-            "time": "2019-02-06T07:57:58+00:00"
+            "funding": [
+                {
+                    "url": "https://symfony.com/sponsor",
+                    "type": "custom"
+                },
+                {
+                    "url": "https://github.com/fabpot",
+                    "type": "github"
+                },
+                {
+                    "url": "https://tidelift.com/funding/github/packagist/symfony/symfony",
+                    "type": "tidelift"
+                }
+            ],
+            "time": "2020-05-12T16:47:27+00:00"
         },
         {
             "name": "symfony/polyfill-php54",
-            "version": "v1.11.0",
+            "version": "v1.17.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/polyfill-php54.git",
-                "reference": "2964b17ddc32dba7bcba009d5501c84d3fba1452"
+                "reference": "3c71ff0f90fcbd00ca8966f35526e3cbad15d31d"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/polyfill-php54/zipball/2964b17ddc32dba7bcba009d5501c84d3fba1452",
-                "reference": "2964b17ddc32dba7bcba009d5501c84d3fba1452",
+                "url": "https://api.github.com/repos/symfony/polyfill-php54/zipball/3c71ff0f90fcbd00ca8966f35526e3cbad15d31d",
+                "reference": "3c71ff0f90fcbd00ca8966f35526e3cbad15d31d",
                 "shasum": ""
             },
             "require": {
@@ -1399,7 +1438,7 @@
             "type": "library",
             "extra": {
                 "branch-alias": {
-                    "dev-master": "1.11-dev"
+                    "dev-master": "1.17-dev"
                 }
             },
             "autoload": {
@@ -1435,20 +1474,34 @@
                 "portable",
                 "shim"
             ],
-            "time": "2019-02-06T07:57:58+00:00"
+            "funding": [
+                {
+                    "url": "https://symfony.com/sponsor",
+                    "type": "custom"
+                },
+                {
+                    "url": "https://github.com/fabpot",
+                    "type": "github"
+                },
+                {
+                    "url": "https://tidelift.com/funding/github/packagist/symfony/symfony",
+                    "type": "tidelift"
+                }
+            ],
+            "time": "2020-05-12T16:47:27+00:00"
         },
         {
             "name": "symfony/polyfill-php55",
-            "version": "v1.11.0",
+            "version": "v1.17.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/polyfill-php55.git",
-                "reference": "96fa25cef405ea452919559a0025d5dc16e30e4c"
+                "reference": "875267200645e116261c31ff20c641dbae90fd8d"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/polyfill-php55/zipball/96fa25cef405ea452919559a0025d5dc16e30e4c",
-                "reference": "96fa25cef405ea452919559a0025d5dc16e30e4c",
+                "url": "https://api.github.com/repos/symfony/polyfill-php55/zipball/875267200645e116261c31ff20c641dbae90fd8d",
+                "reference": "875267200645e116261c31ff20c641dbae90fd8d",
                 "shasum": ""
             },
             "require": {
@@ -1458,7 +1511,7 @@
             "type": "library",
             "extra": {
                 "branch-alias": {
-                    "dev-master": "1.11-dev"
+                    "dev-master": "1.17-dev"
                 }
             },
             "autoload": {
@@ -1491,11 +1544,161 @@
                 "portable",
                 "shim"
             ],
-            "time": "2019-02-06T07:57:58+00:00"
+            "funding": [
+                {
+                    "url": "https://symfony.com/sponsor",
+                    "type": "custom"
+                },
+                {
+                    "url": "https://github.com/fabpot",
+                    "type": "github"
+                },
+                {
+                    "url": "https://tidelift.com/funding/github/packagist/symfony/symfony",
+                    "type": "tidelift"
+                }
+            ],
+            "time": "2020-05-12T16:47:27+00:00"
+        },
+        {
+            "name": "symfony/polyfill-php56",
+            "version": "v1.17.0",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/symfony/polyfill-php56.git",
+                "reference": "e3c8c138280cdfe4b81488441555583aa1984e23"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/symfony/polyfill-php56/zipball/e3c8c138280cdfe4b81488441555583aa1984e23",
+                "reference": "e3c8c138280cdfe4b81488441555583aa1984e23",
+                "shasum": ""
+            },
+            "require": {
+                "php": ">=5.3.3",
+                "symfony/polyfill-util": "~1.0"
+            },
+            "type": "library",
+            "extra": {
+                "branch-alias": {
+                    "dev-master": "1.17-dev"
+                }
+            },
+            "autoload": {
+                "psr-4": {
+                    "Symfony\\Polyfill\\Php56\\": ""
+                },
+                "files": [
+                    "bootstrap.php"
+                ]
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "MIT"
+            ],
+            "authors": [
+                {
+                    "name": "Nicolas Grekas",
+                    "email": "p@tchwork.com"
+                },
+                {
+                    "name": "Symfony Community",
+                    "homepage": "https://symfony.com/contributors"
+                }
+            ],
+            "description": "Symfony polyfill backporting some PHP 5.6+ features to lower PHP versions",
+            "homepage": "https://symfony.com",
+            "keywords": [
+                "compatibility",
+                "polyfill",
+                "portable",
+                "shim"
+            ],
+            "funding": [
+                {
+                    "url": "https://symfony.com/sponsor",
+                    "type": "custom"
+                },
+                {
+                    "url": "https://github.com/fabpot",
+                    "type": "github"
+                },
+                {
+                    "url": "https://tidelift.com/funding/github/packagist/symfony/symfony",
+                    "type": "tidelift"
+                }
+            ],
+            "time": "2020-05-12T16:47:27+00:00"
+        },
+        {
+            "name": "symfony/polyfill-util",
+            "version": "v1.17.0",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/symfony/polyfill-util.git",
+                "reference": "4afb4110fc037752cf0ce9869f9ab8162c4e20d7"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/symfony/polyfill-util/zipball/4afb4110fc037752cf0ce9869f9ab8162c4e20d7",
+                "reference": "4afb4110fc037752cf0ce9869f9ab8162c4e20d7",
+                "shasum": ""
+            },
+            "require": {
+                "php": ">=5.3.3"
+            },
+            "type": "library",
+            "extra": {
+                "branch-alias": {
+                    "dev-master": "1.17-dev"
+                }
+            },
+            "autoload": {
+                "psr-4": {
+                    "Symfony\\Polyfill\\Util\\": ""
+                }
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "MIT"
+            ],
+            "authors": [
+                {
+                    "name": "Nicolas Grekas",
+                    "email": "p@tchwork.com"
+                },
+                {
+                    "name": "Symfony Community",
+                    "homepage": "https://symfony.com/contributors"
+                }
+            ],
+            "description": "Symfony utilities for portability of PHP codes",
+            "homepage": "https://symfony.com",
+            "keywords": [
+                "compat",
+                "compatibility",
+                "polyfill",
+                "shim"
+            ],
+            "funding": [
+                {
+                    "url": "https://symfony.com/sponsor",
+                    "type": "custom"
+                },
+                {
+                    "url": "https://github.com/fabpot",
+                    "type": "github"
+                },
+                {
+                    "url": "https://tidelift.com/funding/github/packagist/symfony/symfony",
+                    "type": "tidelift"
+                }
+            ],
+            "time": "2020-05-12T16:14:59+00:00"
         },
         {
             "name": "symfony/proxy-manager-bridge",
-            "version": "v2.8.50",
+            "version": "v2.8.52",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/proxy-manager-bridge.git",
@@ -1549,7 +1752,7 @@
         },
         {
             "name": "symfony/routing",
-            "version": "v2.8.50",
+            "version": "v2.8.52",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/routing.git",
@@ -1623,7 +1826,7 @@
         },
         {
             "name": "symfony/twig-bridge",
-            "version": "v2.8.50",
+            "version": "v2.8.52",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/twig-bridge.git",
@@ -1708,7 +1911,7 @@
         },
         {
             "name": "symfony/yaml",
-            "version": "v2.8.50",
+            "version": "v2.8.52",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/yaml.git",
@@ -1873,6 +2076,7 @@
                 "code",
                 "zf2"
             ],
+            "abandoned": "laminas/laminas-code",
             "time": "2015-06-03T15:31:59+00:00"
         },
         {
@@ -1918,6 +2122,7 @@
                 "eventmanager",
                 "zf2"
             ],
+            "abandoned": "laminas/laminas-eventmanager",
             "time": "2015-06-03T15:32:01+00:00"
         },
         {
@@ -1974,6 +2179,7 @@
                 "stdlib",
                 "zf2"
             ],
+            "abandoned": "laminas/laminas-stdlib",
             "time": "2015-06-03T15:32:03+00:00"
         }
     ],
@@ -2170,21 +2376,24 @@
         },
         {
             "name": "michelf/php-markdown",
-            "version": "1.8.0",
+            "version": "1.9.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/michelf/php-markdown.git",
-                "reference": "01ab082b355bf188d907b9929cd99b2923053495"
+                "reference": "c83178d49e372ca967d1a8c77ae4e051b3a3c75c"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/michelf/php-markdown/zipball/01ab082b355bf188d907b9929cd99b2923053495",
-                "reference": "01ab082b355bf188d907b9929cd99b2923053495",
+                "url": "https://api.github.com/repos/michelf/php-markdown/zipball/c83178d49e372ca967d1a8c77ae4e051b3a3c75c",
+                "reference": "c83178d49e372ca967d1a8c77ae4e051b3a3c75c",
                 "shasum": ""
             },
             "require": {
                 "php": ">=5.3.0"
             },
+            "require-dev": {
+                "phpunit/phpunit": ">=4.3 <5.8"
+            },
             "type": "library",
             "autoload": {
                 "psr-4": {
@@ -2212,7 +2421,7 @@
             "keywords": [
                 "markdown"
             ],
-            "time": "2018-01-15T00:49:33+00:00"
+            "time": "2019-12-02T02:32:27+00:00"
         },
         {
             "name": "nikic/php-parser",
@@ -2363,33 +2572,33 @@
         },
         {
             "name": "phpspec/prophecy",
-            "version": "1.8.1",
+            "version": "v1.10.3",
             "source": {
                 "type": "git",
                 "url": "https://github.com/phpspec/prophecy.git",
-                "reference": "1927e75f4ed19131ec9bcc3b002e07fb1173ee76"
+                "reference": "451c3cd1418cf640de218914901e51b064abb093"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/phpspec/prophecy/zipball/1927e75f4ed19131ec9bcc3b002e07fb1173ee76",
-                "reference": "1927e75f4ed19131ec9bcc3b002e07fb1173ee76",
+                "url": "https://api.github.com/repos/phpspec/prophecy/zipball/451c3cd1418cf640de218914901e51b064abb093",
+                "reference": "451c3cd1418cf640de218914901e51b064abb093",
                 "shasum": ""
             },
             "require": {
                 "doctrine/instantiator": "^1.0.2",
                 "php": "^5.3|^7.0",
-                "phpdocumentor/reflection-docblock": "^2.0|^3.0.2|^4.0",
-                "sebastian/comparator": "^1.1|^2.0|^3.0",
-                "sebastian/recursion-context": "^1.0|^2.0|^3.0"
+                "phpdocumentor/reflection-docblock": "^2.0|^3.0.2|^4.0|^5.0",
+                "sebastian/comparator": "^1.2.3|^2.0|^3.0|^4.0",
+                "sebastian/recursion-context": "^1.0|^2.0|^3.0|^4.0"
             },
             "require-dev": {
-                "phpspec/phpspec": "^2.5|^3.2",
+                "phpspec/phpspec": "^2.5 || ^3.2",
                 "phpunit/phpunit": "^4.8.35 || ^5.7 || ^6.5 || ^7.1"
             },
             "type": "library",
             "extra": {
                 "branch-alias": {
-                    "dev-master": "1.8.x-dev"
+                    "dev-master": "1.10.x-dev"
                 }
             },
             "autoload": {
@@ -2422,7 +2631,7 @@
                 "spy",
                 "stub"
             ],
-            "time": "2019-06-13T12:50:23+00:00"
+            "time": "2020-03-05T15:02:03+00:00"
         },
         {
             "name": "phpunit/dbunit",
@@ -3417,7 +3626,7 @@
         },
         {
             "name": "symfony/browser-kit",
-            "version": "v2.8.50",
+            "version": "v2.8.52",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/browser-kit.git",
@@ -3474,7 +3683,7 @@
         },
         {
             "name": "symfony/css-selector",
-            "version": "v2.8.50",
+            "version": "v2.8.52",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/css-selector.git",
@@ -3508,14 +3717,14 @@
                 "MIT"
             ],
             "authors": [
-                {
-                    "name": "Jean-François Simon",
-                    "email": "jeanfrancois.simon@sensiolabs.com"
-                },
                 {
                     "name": "Fabien Potencier",
                     "email": "fabien@symfony.com"
                 },
+                {
+                    "name": "Jean-François Simon",
+                    "email": "jeanfrancois.simon@sensiolabs.com"
+                },
                 {
                     "name": "Symfony Community",
                     "homepage": "https://symfony.com/contributors"
@@ -3527,7 +3736,7 @@
         },
         {
             "name": "symfony/dom-crawler",
-            "version": "v2.8.50",
+            "version": "v2.8.52",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/dom-crawler.git",
@@ -3584,7 +3793,7 @@
         },
         {
             "name": "symfony/process",
-            "version": "v2.8.50",
+            "version": "v2.8.52",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/process.git",
@@ -3643,5 +3852,6 @@
     "platform-dev": [],
     "platform-overrides": {
         "php": "5.4.7"
-    }
+    },
+    "plugin-api-version": "1.1.0"
 }

phpBB/config/.htaccess

@@ -1,4 +1,33 @@
-<Files *>
-	Order Allow,Deny
-	Deny from All
-</Files>
+# With Apache 2.4 the "Order, Deny" syntax has been deprecated and moved from
+# module mod_authz_host to a new module called mod_access_compat (which may be
+# disabled) and a new "Require" syntax has been introduced to mod_authz_host.
+# We could just conditionally provide both versions, but unfortunately Apache
+# does not explicitly tell us its version if the module mod_version is not
+# available. In this case, we check for the availability of module
+# mod_authz_core (which should be on 2.4 or higher only) as a best guess.
+<IfModule mod_version.c>
+	<IfVersion < 2.4>
+		<Files "*">
+			Order Allow,Deny
+			Deny from All
+		</Files>
+	</IfVersion>
+	<IfVersion >= 2.4>
+		<Files "*">
+			Require all denied
+		</Files>
+	</IfVersion>
+</IfModule>
+<IfModule !mod_version.c>
+	<IfModule !mod_authz_core.c>
+		<Files "*">
+			Order Allow,Deny
+			Deny from All
+		</Files>
+	</IfModule>
+	<IfModule mod_authz_core.c>
+		<Files "*">
+			Require all denied
+		</Files>
+	</IfModule>
+</IfModule>

phpBB/config/default/container/services_console.yml

@@ -128,6 +128,7 @@ services:
             - '@user'
             - '@ext.manager'
             - '@log'
+            - '%cache.driver.class%'
         tags:
             - { name: console.command }
 
@@ -137,6 +138,7 @@ services:
             - '@user'
             - '@ext.manager'
             - '@log'
+            - '%cache.driver.class%'
         tags:
             - { name: console.command }
 
@@ -146,6 +148,7 @@ services:
             - '@user'
             - '@ext.manager'
             - '@log'
+            - '%cache.driver.class%'
         tags:
             - { name: console.command }
 
@@ -155,6 +158,7 @@ services:
             - '@user'
             - '@ext.manager'
             - '@log'
+            - '%cache.driver.class%'
         tags:
             - { name: console.command }
 

phpBB/config/default/container/services_profilefield.yml

@@ -3,15 +3,20 @@ services:
         class: phpbb\profilefields\manager
         arguments:
             - '@auth'
+            - '@config_text'
             - '@dbal.conn'
+            - '@dbal.tools'
             - '@dispatcher'
+            - '@language'
+            - '@log'
             - '@request'
             - '@template'
             - '@profilefields.type_collection'
             - '@user'
             - '%tables.profile_fields%'
-            - '%tables.profile_fields_language%'
             - '%tables.profile_fields_data%'
+            - '%tables.profile_fields_options_language%'
+            - '%tables.profile_fields_language%'
 
     profilefields.lang_helper:
         class: phpbb\profilefields\lang_helper

phpBB/develop/add_permissions.php

@@ -156,6 +156,7 @@ $u_permissions = array(
 	'u_download'	=> array(0, 1),
 	'u_attach'		=> array(0, 1),
 	'u_sig'			=> array(0, 1),
+	'u_emoji'		=> array(0, 1),
 	'u_pm_attach'	=> array(0, 1),
 	'u_pm_bbcode'	=> array(0, 1),
 	'u_pm_smilies'	=> array(0, 1),

phpBB/docs/CHANGELOG.html

@@ -50,6 +50,12 @@
 <ol>
 	<li><a href="#changelog">Changelog</a>
 	<ul>
+		<li><a href="#v3210rc2">Changes since 3.2.10-RC2</a></li>
+		<li><a href="#v3210rc1">Changes since 3.2.10-RC1</a></li>
+		<li><a href="#v329">Changes since 3.2.9</a></li>
+		<li><a href="#v329rc1">Changes since 3.2.9-RC1</a></li>
+		<li><a href="#v328">Changes since 3.2.8</a></li>
+		<li><a href="#v328rc1">Changes since 3.2.8-RC1</a></li>
 		<li><a href="#v327">Changes since 3.2.7</a></li>
 		<li><a href="#v326">Changes since 3.2.6</a></li>
 		<li><a href="#v326rc1">Changes since 3.2.6-RC1</a></li>
@@ -139,6 +145,251 @@
 		<div class="inner">
 
 		<div class="content">
+			<a name="v3210rc2"></a><h3>Changes since 3.2.10-RC2</h3>
+			<h4>Bug</h4>
+			<ul>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16417">PHPBB3-16417</a>] - SQL fatal error while updating database from older versions via CLI</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16524">PHPBB3-16524</a>] - General error (SQL ERROR) on adding emoji character to the profile field</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16534">PHPBB3-16534</a>] - Passwords converted from phpBB2 can have invalid hash</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16539">PHPBB3-16539</a>] - General error (SQL error) on posting page in smilies mode</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16550">PHPBB3-16550</a>] - compact(): Undefined variable: url - in PMs</li>
+			</ul>
+			<h4>Improvement</h4>
+			<ul>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16554">PHPBB3-16554</a>] - Align all .htaccess files to support Apache 2.4 mod_authz_core directives</li>
+			</ul>
+			<h4>Security Issue</h4>
+			<ul>
+				<li>[<a href="http://tracker.phpbb.com/browse/SECURITY-259">SECURITY-259</a>] - Server-Side Request Forgery via FastImageSize in s9e textformatter</li>
+			</ul>
+			<h4>Hardening</h4>
+			<ul>
+				<li>[<a href="http://tracker.phpbb.com/browse/SECURITY-257">SECURITY-257</a>] - Potential RCE via Phar Deserialization through Legacy BBCode Parser</li>
+			</ul>
+
+			<a name="v3210rc1"></a><h3>Changes since 3.2.10-RC1</h3>
+			<h4>Bug</h4>
+			<ul>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16505">PHPBB3-16505</a>] - PHP debug warning while using \phpbb\language\language\lang_array() function</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16507">PHPBB3-16507</a>] - White page when searching users' posts</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16508">PHPBB3-16508</a>] - Whois not working for IPv6 addresses</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16510">PHPBB3-16510</a>] - Missing rows in config table on new install</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16511">PHPBB3-16511</a>] - Fatal error when deleting user in ACP</li>
+			</ul>
+
+			<a name="v329"></a><h3>Changes since 3.2.9</h3>
+			<h4>Bug</h4>
+			<ul>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10506">PHPBB3-10506</a>] - Not confirming &quot;Save as Draft&quot; strips attachments from PMs</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13426">PHPBB3-13426</a>] - Timezone related fatal error after upgrade to 3.1.2</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13867">PHPBB3-13867</a>] - Profile field types need an enable/disable mechanism</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13914">PHPBB3-13914</a>] - Could not get style data via MySQL DB auto_increment_offset != 1 </li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-15194">PHPBB3-15194</a>] - Cannot remove group avatar in UCP (manage group)</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-15275">PHPBB3-15275</a>] - Post details: Look up IP links don't properly work</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-15395">PHPBB3-15395</a>] - Very slow FTS on PostgreSQL</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-15438">PHPBB3-15438</a>] - Use wrong word in ACP for logged administrators actions</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-15560">PHPBB3-15560</a>] - Wrong redirection upon hard delete after soft delete in viewtopic</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-15591">PHPBB3-15591</a>] - Users with disabled &quot;Can send instant messages&quot; permission can view jabber address</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-15712">PHPBB3-15712</a>] - Inserting an emoji in PM subject field causes errors</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-15766">PHPBB3-15766</a>] - &quot;No role assigned....&quot; for forum permissions is ambiguous</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-15887">PHPBB3-15887</a>] - Firefox confuses username and e-mail when storing passwords</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-15979">PHPBB3-15979</a>] - Restoring deleted post on edit does not update last post info</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16060">PHPBB3-16060</a>] - auto-prune of shadow topics triggered by prune_all_forums updates wrong timestamp</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16149">PHPBB3-16149</a>] - Missing profile field data</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16222">PHPBB3-16222</a>] - Timezone suggestion in UCP</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16234">PHPBB3-16234</a>] - Search syntax broken when using Sphinx Fulltext backend</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16245">PHPBB3-16245</a>] - Overflow in MSSQL attempting to manage attachments when collection &gt; 2.1 GB</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16289">PHPBB3-16289</a>] - U_VIEW_REPORT in emails is incorrectly HTML-encoded</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16291">PHPBB3-16291</a>] - MCP Front is missing report time</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16296">PHPBB3-16296</a>] - Unable to delete or mark PMs in UCP folder view</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16310">PHPBB3-16310</a>] - S_SOFTDELETE_ALLOWED condition in posting.php is wrong and causes soft delete option to appear when it should not</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16316">PHPBB3-16316</a>] - navbar_header.html of prosilver style breaks Rich-Markup</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16326">PHPBB3-16326</a>] - Passwort Reset - Template - missing class for new and confirm password</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16332">PHPBB3-16332</a>] - Language strings for CODE and QUOTE are missing in the MCP post details and in the member profiles</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16335">PHPBB3-16335</a>] - $display_cat and $download_link are undefined variables for core.parse_attachments_modify_template_data when $denied is true</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16339">PHPBB3-16339</a>] - Poll's voting options are not fully Ajaxed</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16344">PHPBB3-16344</a>] - phpbb_validate_email uses non-existent language keys</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16348">PHPBB3-16348</a>] - user_ban double free of $result when banning a non-existent or disallowed username on command line</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16356">PHPBB3-16356</a>] - Saving a draft does not delete orphaned attachments from the server</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16358">PHPBB3-16358</a>] - Attachment tab should be removed when there are no filters</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16367">PHPBB3-16367</a>] - Feed controller is not actually setting character set of response</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16377">PHPBB3-16377</a>] - Undefined index navlinks in navbar_header</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16391">PHPBB3-16391</a>] - Language file info_mcp_xxx.php from extensions should be included in ACP</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16399">PHPBB3-16399</a>] - Emoji's in topic title cause errors</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16403">PHPBB3-16403</a>] - Attachment icon always displayed in list of reported message</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16407">PHPBB3-16407</a>] - S_MESSAGE_REPORTED and L_MESSAGE_REPORTED aren't defined anywhere</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16416">PHPBB3-16416</a>] - A non-numeric value encountered in ACP attachments settings</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16418">PHPBB3-16418</a>] - A non-numeric value encountered - ACP board start date</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16422">PHPBB3-16422</a>] - bbcode URL tag breaking URL's?</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16423">PHPBB3-16423</a>] - Add Aria Engine to list of Fulltext Supported</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16428">PHPBB3-16428</a>] - Allowed schemes in links and similar fields should check field content</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16432">PHPBB3-16432</a>] - PHP Fatal error:  APCuIterator::__construct(): APC must be enabled to use APCuIterator</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16437">PHPBB3-16437</a>] - Forum permissions don't appear for logged users who cannot post a new topic</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16453">PHPBB3-16453</a>] - Always load permission lang files before core.permissions</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16467">PHPBB3-16467</a>] - phpBB3 does not work with spaces in PostgreSQL database passwords</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16480">PHPBB3-16480</a>] - Fix Emoji in report post</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16485">PHPBB3-16485</a>] - Fix Emoji in logs for warning message</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16486">PHPBB3-16486</a>] - Wrong configuration DB update in 3.2.0-a1 migration</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16487">PHPBB3-16487</a>] - Wrong CDN URL for fontawesome in 3.2.0 migration</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16500">PHPBB3-16500</a>] - Copying topics results in rearranging of inline attachments </li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16503">PHPBB3-16503</a>] - WhoIs lookup has error message in MCP</li>
+			</ul>
+			<h4>Improvement</h4>
+			<ul>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-15370">PHPBB3-15370</a>] - Spinning indicator missing when updating permissions</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-15672">PHPBB3-15672</a>] - Keep same format in Submit changes.</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16163">PHPBB3-16163</a>] - No error message when there is no displayed post in the MCP</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16328">PHPBB3-16328</a>] - Inform users about PHP requirements in PHP 3.3</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16350">PHPBB3-16350</a>] - Move acp/mcp ban code to functions_admin.php</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16351">PHPBB3-16351</a>] - Use CHMOD constants from filesystem_interface</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16352">PHPBB3-16352</a>] - Deprecate unused functions/classes</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16370">PHPBB3-16370</a>] - Add core events for Notification</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16381">PHPBB3-16381</a>] - Add core event to Modify Topics SQL</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16383">PHPBB3-16383</a>] - Add core events to modify friends list</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16384">PHPBB3-16384</a>] - Add template events friends list username {prepend/append}</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16388">PHPBB3-16388</a>] - Add new events in viewforum_body.html and viewtopic_body.html</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16406">PHPBB3-16406</a>] - Event core.notification_manager_add_notifications_for_users_modify_data incorrectly placed</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16411">PHPBB3-16411</a>] - Add vars to notification core events</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16421">PHPBB3-16421</a>] - Add contact field icon template events to viewtopic_body.html</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16424">PHPBB3-16424</a>] - Add base_url to generate_smilies events</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16425">PHPBB3-16425</a>] - Add event core.generate_smilies_modify_sql</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16429">PHPBB3-16429</a>] - Add vars to 2 ACP User core events</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16433">PHPBB3-16433</a>] - Add data array to core.ucp_register_user_row_after</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16443">PHPBB3-16443</a>] - Add event core.ucp_pm_compose_modify_parse_after</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16444">PHPBB3-16444</a>] - Add event core.ucp_pm_view_message_before</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16446">PHPBB3-16446</a>] - Add event core.message_history_modify_rowset</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16447">PHPBB3-16447</a>] - Add event core.ucp_pm_compose_compose_pm_basic_info_query_after</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16448">PHPBB3-16448</a>] - Add event core.mcp_get_post_data_after</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16450">PHPBB3-16450</a>] - ACP permission tabs don't use all available space</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16456">PHPBB3-16456</a>] - Add event core.text_formatter_s9e_get_errors</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16458">PHPBB3-16458</a>] - Add template events to acp_profile.html</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16461">PHPBB3-16461</a>] - Ignore .idea and node_modules</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16463">PHPBB3-16463</a>] - Fix &quot;acp_board.php&quot; where &quot;ACP_SUBMIT_CHANGES&quot; is not displayed.</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16468">PHPBB3-16468</a>] - Amend DocBlocks for user_delete()</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16494">PHPBB3-16494</a>] - Update composer and composer dependencies</li>
+			</ul>
+			<h4>New Feature</h4>
+			<ul>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16329">PHPBB3-16329</a>] - Strip Exif metadata from uploaded image attachments</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16330">PHPBB3-16330</a>] - Enable ACP option to specify image compression level</li>
+			</ul>
+			<h4>Sub-task</h4>
+			<ul>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16233">PHPBB3-16233</a>] - Enable exact phrase searching with Sphinx Fulltext</li>
+			</ul>
+			<h4>Task</h4>
+			<ul>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-15609">PHPBB3-15609</a>] - Discrepancy and bugs between moderation queue and reports</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16121">PHPBB3-16121</a>] - Add footer-row to simple_footer.html</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16122">PHPBB3-16122</a>] - RANK_IMG, GROUP_RANK and RANK_TITLE variables are useless in some template files</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16392">PHPBB3-16392</a>] - Update composer &amp; dependencies</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16415">PHPBB3-16415</a>] - Use API token for appveyor builds</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16419">PHPBB3-16419</a>] - Add mrgoldy to CREDITS.txt</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16496">PHPBB3-16496</a>] - The help line text for custom BBcode could be wrongly displayed</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16506">PHPBB3-16506</a>] - Update credits to latest state</li>
+			</ul>
+
+			<a name="v329rc1"></a><h3>Changes since 3.2.9-RC1</h3>
+			<h4>Bug</h4>
+			<ul>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-15592">PHPBB3-15592</a>] - &quot;Place inline&quot; button appears when BBcode is disabled (Post settings)</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16269">PHPBB3-16269</a>] - Sphinx backend indexes HTML markup as keywords</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16282">PHPBB3-16282</a>] - Default jQuery CDN URL is outdated on new installs</li>
+			</ul>
+			<h4>Improvement</h4>
+			<ul>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16271">PHPBB3-16271</a>] - Add support for 3.3.x API documentation</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16279">PHPBB3-16279</a>] - Add permission for Emojii in topic title</li>
+			</ul>
+			<h4>Security</h4>
+			<ul>
+				<li>[SECURITY-249] - Group avatar overwrite on invalid submit</li>
+				<li>[SECURITY-250] - Group leader can be tricked into approving user</li>
+			</ul>
+			<h4>Hardening</h4>
+			<ul>
+				<li>[SECURITY-251] - Unwanted move of PMs to folders</li>
+				<li>[SECURITY-252] - PMs of unsuspecting users can be marked as important</li>
+				<li>[SECURITY-253] - PM export without proper validation</li>
+			</ul>
+
+			<a name="v328"></a><h3>Changes since 3.2.8</h3>
+			<h4>Bug</h4>
+			<ul>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-14815">PHPBB3-14815</a>] - The facebook page link is not displayed properly in memberlist.php</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-15643">PHPBB3-15643</a>] - $phpbb_filesystem-&gt;resolve_path() may trigger open_basedir restriction</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-15902">PHPBB3-15902</a>] - Out of range error with Sphinx search</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16056">PHPBB3-16056</a>] - JPEG dimensions undetectable for some kind of jpeg files</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16076">PHPBB3-16076</a>] - Limit attachment size by extension group</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16141">PHPBB3-16141</a>] - plupload chunk_size calculation incorrect when one or more settings are 'unlimited'</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16150">PHPBB3-16150</a>] - Post title link urls not reliable when shared</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16156">PHPBB3-16156</a>] - Bots see both register and logout links in the navbar</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16157">PHPBB3-16157</a>] - Incorrect FORM_INVALID error message while sending email form</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16181">PHPBB3-16181</a>] - OAuth provider id needs to be quoted</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16184">PHPBB3-16184</a>] - Mark read button only works once</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16199">PHPBB3-16199</a>] - Guest posting CAPTCHA is being generated with no guest posting auth</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16209">PHPBB3-16209</a>] - Nginx example configuration file blocks an image in the ACP</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16210">PHPBB3-16210</a>] - Terms of use should not be skippable</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16211">PHPBB3-16211</a>] - COPPA should not be skippable</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16216">PHPBB3-16216</a>] - Disable xdebug in travis builds</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16217">PHPBB3-16217</a>] - Enable opcache in travis CI builds</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16228">PHPBB3-16228</a>] - BBCode definitions with an optional attribute and a non-TEXT content are not merged correctly</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16242">PHPBB3-16242</a>] - Redirect loop when install folder doesn't exist</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16252">PHPBB3-16252</a>] - Ignore non-BBCodes when looking for unauthorized markup</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16257">PHPBB3-16257</a>] - Typo in Email Settings section</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16258">PHPBB3-16258</a>] - Sample Sphinx configuration file causes delta index to only include the most recent post</li>
+			</ul>
+			<h4>Improvement</h4>
+			<ul>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16084">PHPBB3-16084</a>] - Pointless radio button for database backup in 3.2.7 </li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16139">PHPBB3-16139</a>] - Add core.viewtopic_modify_quick_reply_template_vars</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16140">PHPBB3-16140</a>] - Add new event to UCP Edit Profile Page</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16143">PHPBB3-16143</a>] - Add core events for move topics</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16144">PHPBB3-16144</a>] - NO_STYLE_DATA - Provide extra fallback to board's default style for $user.</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16146">PHPBB3-16146</a>] - Add core event for after move the forum</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16148">PHPBB3-16148</a>] - Add template events to acp_groups.html</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16151">PHPBB3-16151</a>] - Enable Emojis and rich text in forum name</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16153">PHPBB3-16153</a>] - Enable Emojis and rich text in topic title</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16159">PHPBB3-16159</a>] - Wrap post times in html time tag</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16174">PHPBB3-16174</a>] - Event for disabling cookie creation</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16182">PHPBB3-16182</a>] - Add core.generate_smilies_modify_rowset</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16183">PHPBB3-16183</a>] - Add core.generate_smilies_count_sql_before</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16203">PHPBB3-16203</a>] - Enable Emojis and rich text in sent Emails</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16247">PHPBB3-16247</a>] - Quote PM has no identifier</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16251">PHPBB3-16251</a>] - Shortened link text shouldn't override custom plugins</li>
+			</ul>
+			<h4>Task</h4>
+			<ul>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-15422">PHPBB3-15422</a>] - Remove the unnecessary helpline function and help_line variable</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16147">PHPBB3-16147</a>] - Updated tokens legend in BBCodes ACP</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16160">PHPBB3-16160</a>] - Add script for generating package json file</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16172">PHPBB3-16172</a>] - Add &quot;Rank:&quot; or &quot;Group rank:&quot; in the memberlist</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16224">PHPBB3-16224</a>] - Update composer dependencies</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16246">PHPBB3-16246</a>] - Prettify and update README Automated Testing section</li>
+			</ul>
+
+			<a name="v328rc1"></a><h3>Changes since 3.2.8-RC1</h3>
+			<h4>Bug</h4>
+			<ul>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-15467">PHPBB3-15467</a>] - Permission settings do not take affect when set using All YES/NO/NEVER</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16123">PHPBB3-16123</a>] - PHP error (Array to string conversion) on new user registration if email address is banned and &quot; Reason shown to the banned&quot; is empty</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16136">PHPBB3-16136</a>] - Missing word in 'AUTH_PROVIDER_OAUTH_ERROR_ALREADY_LINKED' </li>
+			</ul>
+			<h4>Improvement</h4>
+			<ul>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16134">PHPBB3-16134</a>] - Exclude group leaders on group member purge</li>
+			</ul>
+			<h4>Security Issue</h4>
+			<ul>
+				<li>[SECURITY-243] - CSS injection via BBCode tag</li>
+				<li>[SECURITY-244] - Missing form token check when handling attachments</li>
+				<li>[SECURITY-246] - Missing form token check when managing BBCodes</li>
+			</ul>
+			<h4>Hardening</h4>
+			<ul>
+				<li>[SECURITY-247] - Disable MySQLi local infile to prevent local file inclusion</li>
+			</ul>
+
 			<a name="v327"></a><h3>Changes since 3.2.7</h3>
 			<h4>Bug</h4>
 			<ul>
@@ -193,7 +444,6 @@
 				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16078">PHPBB3-16078</a>] - Use chrome webdriver for UI tests</li>
 				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16089">PHPBB3-16089</a>] - Add core.confirm_box_ajax_before</li>
 				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16097">PHPBB3-16097</a>] - Add core.viewtopic_gen_sort_selects_before</li>
-				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16101">PHPBB3-16101</a>] - Add Referrer-Policy header</li>
 				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16102">PHPBB3-16102</a>] - Add core.posting_modify_post_subject</li>
 				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16103">PHPBB3-16103</a>] - Add core.pm_modify_message_subject</li>
 				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16106">PHPBB3-16106</a>] - Add core.mcp_main_before</li>
@@ -212,6 +462,10 @@
 				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16112">PHPBB3-16112</a>] - Update composer dependencies to latest</li>
 				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16119">PHPBB3-16119</a>] - The text input for poll question has a too high maxlength attribute</li>
 			</ul>
+			<h4>Hardening</h4>
+			<ul>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16101">PHPBB3-16101</a>] - Add Referrer-Policy header</li>
+			</ul>
 
 			<a name="v326"></a><h3>Changes since 3.2.6</h3>
 			<h4>Bug</h4>

phpBB/docs/CREDITS.txt

@@ -1,7 +1,7 @@
 /**
 *
-* phpBB © Copyright phpBB Limited 2003-2016
-* http://www.phpbb.com
+* phpBB © Copyright phpBB Limited 2003-2019
+* https://www.phpbb.com
 *
 * phpBB is free software. You can redistribute it and/or modify it
 * under the terms of the GNU General Public License, version 2 (GPL-2.0)
@@ -22,17 +22,15 @@ phpBB Project Manager:   Marshalrusty (Yuriy Rusko)
 
 phpBB Lead Developer:    Marc (Marc Alexander)
 
-phpBB Developers:        bantu (Andreas Fischer)
-                         CHItA (Máté Bartus)
+phpBB Developers:        CHItA (Máté Bartus)
                          Derky (Derk Ruitenbeek)
-                         Elsensee (Oliver Schramm)
                          Hanakin (Michael Miday)
-                         MichaelC (Michael Cullum)
+                         mrgoldy (Gijs Martens)
                          Nicofuma (Tristan Darricau)
                          rubencm (Rubén Calvo)
 
 For a list of phpBB Team members, please see:
-http://www.phpbb.com/about/team/
+https://www.phpbb.com/about/team/
 
 For a full list of phpBB code contributors, please see:
 https://github.com/phpbb/phpbb/graphs/contributors
@@ -53,16 +51,19 @@ phpBB Developers:        A_Jelly_Doughnut (Josh Woody) [01/2010 - 11/2010]
                          APTX (Marek A. Ruszczyński)   [12/2007 - 04/2011]
                          Arty (Vjacheslav Trushkin)    [02/2012 - 07/2012]
                          Ashe (Ludovic Arnaud)         [10/2002 - 11/2003, 06/2006 - 10/2006]
+                         bantu (Andreas Fischer)       [07/2009 - 06/2020]
                          BartVB (Bart van Bragt)       [11/2000 - 03/2006]
                          ckwalsh (Cullen Walsh)        [01/2010 - 07/2011]
                          DavidMJ (David M.)            [12/2005 - 08/2009]
                          dhn (Dominik Dröscher)        [05/2007 - 01/2011]
                          dhruv.goel92 (Dhruv Goel)     [04/2013 - 05/2016]
+                         Elsensee (Oliver Schramm)     [03/2015 - 06/2020]
                          EXreaction (Nathan Guse)      [07/2012 - 05/2014]
                          GrahamJE (Graham Eames)       [09/2005 - 11/2006]
                          igorw (Igor Wiedler)          [08/2010 - 02/2013]
                          imkingdavid (David King)      [11/2012 - 06/2014]
                          kellanved (Henry Sudhof)      [04/2007 - 03/2011]
+                         MichaelC (Michael Cullum)     [11/2017 - 09/2019]
                          nickvergessen (Joas Schilling)[04/2010 - 12/2015]
                          Oleg (Oleg Pudeyev)           [01/2011 - 05/2013]
                          prototech (Cesar Gallegos)    [01/2014 - 12/2016]

phpBB/docs/events.md

@@ -172,6 +172,18 @@ acp_group_options_before
 * Since: 3.1.0-b4
 * Purpose: Add additional options to group settings (before GROUP_FOUNDER_MANAGE)
 
+acp_group_types_append
+===
+* Location: adm/style/acp_groups.html
+* Since: 3.2.9-RC1
+* Purpose: Add additional group type options to group settings (append the list)
+
+acp_group_types_prepend
+===
+* Location: adm/style/acp_groups.html
+* Since: 3.2.9-RC1
+* Purpose: Add additional group type options to group settings (prepend the list)
+
 acp_groups_find_username_append
 ===
 * Location: adm/style/acp_groups.html
@@ -398,6 +410,27 @@ acp_posting_buttons_custom_tags_before
 * Since: 3.1.10-RC1
 * Purpose: Add content before the custom BBCodes in the ACP
 
+acp_profile_basic_options_after
+===
+* Locations:
+    + adm/style/acp_profile.html
+* Since: 3.2.10-RC1
+* Purpose: Add content after custom profile field basic options in the ACP
+
+acp_profile_basic_options_before
+===
+* Locations:
+    + adm/style/acp_profile.html
+* Since: 3.2.10-RC1
+* Purpose: Add content before custom profile field basic options in the ACP
+
+acp_profile_contact_after
+===
+* Locations:
+    + adm/style/acp_profile.html
+* Since: 3.2.10-RC1
+* Purpose: Add content after contact specific custom profile field option in the ACP
+
 acp_profile_contact_before
 ===
 * Locations:
@@ -412,6 +445,13 @@ acp_profile_contact_last
 * Since: 3.1.11-RC1
 * Purpose: Add contact specific options to custom profile fields in the ACP
 
+acp_profile_options_before
+===
+* Locations:
+    + adm/style/acp_profile.html
+* Since: 3.2.10-RC1
+* Purpose: Add content before custom profile field options in the ACP
+
 acp_profile_step_one_lang_after
 ===
 * Locations:
@@ -419,6 +459,20 @@ acp_profile_step_one_lang_after
 * Since: 3.1.11-RC1
 * Purpose: Add extra lang specific options to custom profile field step one configuration in the ACP
 
+acp_profile_visibility_options_after
+===
+* Locations:
+    + adm/style/acp_profile.html
+* Since: 3.2.10-RC1
+* Purpose: Add content after custom profile field visibility options in the ACP
+
+acp_profile_visibility_options_before
+===
+* Locations:
+    + adm/style/acp_profile.html
+* Since: 3.2.10-RC1
+* Purpose: Add content before custom profile field visibility options in the ACP
+
 acp_prune_forums_append
 ===
 * Locations:
@@ -1882,6 +1936,34 @@ posting_editor_submit_buttons
 * Since: 3.1.6-RC1
 * Purpose: Add custom buttons in the posting editor
 
+posting_editor_topic_icons_after
+===
+* Locations:
+    + styles/prosilver/template/posting_editor.html
+* Since: 3.2.10-RC1
+* Purpose: Add custom data after the topic icons loop
+
+posting_editor_topic_icons_append
+===
+* Locations:
+    + styles/prosilver/template/posting_editor.html
+* Since: 3.2.10-RC1
+* Purpose: Append custom data to the topic icon
+
+posting_editor_topic_icons_before
+===
+* Locations:
+    + styles/prosilver/template/posting_editor.html
+* Since: 3.2.10-RC1
+* Purpose: Add custom data before the topic icons loop
+
+posting_editor_topic_icons_prepend
+===
+* Locations:
+    + styles/prosilver/template/posting_editor.html
+* Since: 3.2.10-RC1
+* Purpose: Prepend custom data to the topic icon
+
 posting_layout_include_panel_body
 ===
 * Locations:
@@ -2364,6 +2446,34 @@ ucp_friend_list_before
 * Since: 3.1.0-a4
 * Purpose: Add optional elements before list of friends in UCP
 
+ucp_header_friends_offline_username_full_append
+===
+* Locations:
+    + styles/prosilver/template/ucp_header.html
+* Since: 3.2.10-RC1
+* Purpose: Append information to offline friends username in UCP
+
+ucp_header_friends_offline_username_full_prepend
+===
+* Locations:
+    + styles/prosilver/template/ucp_header.html
+* Since: 3.2.10-RC1
+* Purpose: Prepend information to offline friends username in UCP
+
+ucp_header_friends_online_username_full_append
+===
+* Locations:
+    + styles/prosilver/template/ucp_header.html
+* Since: 3.2.10-RC1
+* Purpose: Append information to online friends username in UCP
+
+ucp_header_friends_online_username_full_prepend
+===
+* Locations:
+    + styles/prosilver/template/ucp_header.html
+* Since: 3.2.10-RC1
+* Purpose: Prepend information to online friends username in UCP
+
 ucp_main_front_user_activity_after
 ===
 * Locations:
@@ -2634,6 +2744,13 @@ ucp_profile_profile_info_before
 * Since: 3.1.4-RC1
 * Purpose: Add options in profile page fieldset - before jabber field.
 
+ucp_profile_profile_info_birthday_label_append
+===
+* Locations:
+    + styles/prosilver/template/ucp_profile_profile_info.html
+* Since: 3.2.9-RC1
+* Purpose: Add more text to birthday label, such as required asterisk
+
 ucp_profile_register_details_after
 ===
 * Locations:
@@ -2711,6 +2828,13 @@ viewforum_body_last_post_author_username_prepend
 * Since: 3.2.4-RC1
 * Purpose: Prepend information to last post author username of member
 
+viewforum_body_online_list_before
+===
+* Locations:
+    + styles/prosilver/template/viewforum_body.html
+* Since: 3.2.10-RC1
+* Purpose: Add content before the online users list
+
 viewforum_body_topic_author_username_append
 ===
 * Locations:
@@ -2860,6 +2984,20 @@ viewtopic_body_contact_fields_before
 * Purpose: Add data before the contact fields on the user profile when viewing
 a post
 
+viewtopic_body_contact_icon_append
+===
+* Locations:
+    + styles/prosilver/template/viewtopic_body.html
+* Since: 3.2.10-RC1
+* Purpose: Add content directly after the contact field icons in post user miniprofiles
+
+viewtopic_body_contact_icon_prepend
+===
+* Locations:
+    + styles/prosilver/template/viewtopic_body.html
+* Since: 3.2.10-RC1
+* Purpose: Add content directly before the contact field icons in post user miniprofiles
+
 viewtopic_body_footer_before
 ===
 * Locations:
@@ -2868,6 +3006,13 @@ viewtopic_body_footer_before
 * Purpose: Add content to the bottom of the View topic screen below the posts
 and quick reply, directly before the jumpbox in Prosilver.
 
+viewtopic_body_online_list_before
+===
+* Locations:
+    + styles/prosilver/template/viewtopic_body.html
+* Since: 3.2.10-RC1
+* Purpose: Add content before the online users list
+
 viewtopic_body_pagination_top_after
 ===
 * Locations:

phpBB/docs/nginx.sample.conf

@@ -70,7 +70,7 @@ http {
         }
 
         # Deny access to internal phpbb files.
-        location ~ /(config\.php|common\.php|cache|files|images/avatars/upload|includes|(?<!ext/)phpbb|store|vendor) {
+        location ~ /(config\.php|common\.php|cache|files|images/avatars/upload|includes|(?<!ext/)phpbb(?!\w+)|store|vendor) {
             deny all;
             # deny was ignored before 0.8.40 for connections over IPv6.
             # Use internal directive to prohibit access on older versions.
@@ -93,7 +93,7 @@ http {
         # Correctly pass scripts for installer
         location /install/ {
             # phpBB uses index.htm
-            try_files $uri $uri/ @rewrite_installapp;
+            try_files $uri $uri/ @rewrite_installapp =404;
 
             # Pass the php scripts to fastcgi server specified in upstream declaration.
             location ~ \.php(/|$) {
@@ -104,7 +104,7 @@ http {
                 fastcgi_param PATH_INFO $fastcgi_path_info;
                 fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
                 fastcgi_param DOCUMENT_ROOT $realpath_root;
-                try_files $uri $uri/ /install/app.php$is_args$args;
+                try_files $uri $uri/ /install/app.php$is_args$args =404;
                 fastcgi_pass php;
             }
         }

phpBB/docs/sphinx.sample.conf

@@ -41,7 +41,7 @@ source source_phpbb_{SPHINX_ID}_main
 }
 source source_phpbb_{SPHINX_ID}_delta : source_phpbb_{SPHINX_ID}_main
 {
-	sql_query_pre =
+	sql_query_pre = SET NAMES 'utf8'
 	sql_query_range =
 	sql_range_step =
 	sql_query = SELECT \
@@ -61,7 +61,7 @@ source source_phpbb_{SPHINX_ID}_delta : source_phpbb_{SPHINX_ID}_main
 						WHERE \
 							p.topic_id = t.topic_id \
 							AND p.post_id >= ( SELECT max_doc_id FROM phpbb_sphinx WHERE counter_id=1 )
-	sql_query_pre =
+	sql_query_post_index =
 }
 index index_phpbb_{SPHINX_ID}_main
 {
@@ -70,10 +70,16 @@ index index_phpbb_{SPHINX_ID}_main
 	docinfo = extern
 	morphology = none
 	stopwords =
+	wordforms =  # optional, specify path to wordforms file. See ./docs/sphinx_wordforms.txt for example
+	exceptions =  # optional, specify path to exceptions file. See ./docs/sphinx_exceptions.txt for example
 	min_word_len = 2
 	charset_table = U+FF10..U+FF19->0..9, 0..9, U+FF41..U+FF5A->a..z, U+FF21..U+FF3A->a..z, A..Z->a..z, a..z, U+0149, U+017F, U+0138, U+00DF, U+00FF, U+00C0..U+00D6->U+00E0..U+00F6, U+00E0..U+00F6, U+00D8..U+00DE->U+00F8..U+00FE, U+00F8..U+00FE, U+0100->U+0101, U+0101, U+0102->U+0103, U+0103, U+0104->U+0105, U+0105, U+0106->U+0107, U+0107, U+0108->U+0109, U+0109, U+010A->U+010B, U+010B, U+010C->U+010D, U+010D, U+010E->U+010F, U+010F, U+0110->U+0111, U+0111, U+0112->U+0113, U+0113, U+0114->U+0115, U+0115, U+0116->U+0117, U+0117, U+0118->U+0119, U+0119, U+011A->U+011B, U+011B, U+011C->U+011D, U+011D, U+011E->U+011F, U+011F, U+0130->U+0131, U+0131, U+0132->U+0133, U+0133, U+0134->U+0135, U+0135, U+0136->U+0137, U+0137, U+0139->U+013A, U+013A, U+013B->U+013C, U+013C, U+013D->U+013E, U+013E, U+013F->U+0140, U+0140, U+0141->U+0142, U+0142, U+0143->U+0144, U+0144, U+0145->U+0146, U+0146, U+0147->U+0148, U+0148, U+014A->U+014B, U+014B, U+014C->U+014D, U+014D, U+014E->U+014F, U+014F, U+0150->U+0151, U+0151, U+0152->U+0153, U+0153, U+0154->U+0155, U+0155, U+0156->U+0157, U+0157, U+0158->U+0159, U+0159, U+015A->U+015B, U+015B, U+015C->U+015D, U+015D, U+015E->U+015F, U+015F, U+0160->U+0161, U+0161, U+0162->U+0163, U+0163, U+0164->U+0165, U+0165, U+0166->U+0167, U+0167, U+0168->U+0169, U+0169, U+016A->U+016B, U+016B, U+016C->U+016D, U+016D, U+016E->U+016F, U+016F, U+0170->U+0171, U+0171, U+0172->U+0173, U+0173, U+0174->U+0175, U+0175, U+0176->U+0177, U+0177, U+0178->U+00FF, U+00FF, U+0179->U+017A, U+017A, U+017B->U+017C, U+017C, U+017D->U+017E, U+017E, U+0410..U+042F->U+0430..U+044F, U+0430..U+044F, U+4E00..U+9FFF
-	min_prefix_len = 0
-	min_infix_len = 0
+	ignore_chars = U+0027, U+002C
+	min_prefix_len = 3 # Minimum number of characters for wildcard searches by prefix (min 1). Default is 3. If specified, set min_infix_len to 0
+	min_infix_len = 0 # Minimum number of characters for wildcard searches by infix (min 2). If specified, set min_prefix_len to 0
+	html_strip = 1
+	index_exact_words = 0 # Set to 1 to enable exact search operator. Requires wordforms or morphology
+	blend_chars = U+23, U+24, U+25, U+26, U+40
 }
 index index_phpbb_{SPHINX_ID}_delta : index_phpbb_{SPHINX_ID}_main
 {

phpBB/docs/sphinx_exceptions.txt

@@ -0,0 +1,97 @@
+# Sample tokenised exception file for phpBB using Sphinx search engine
+#
+# Exceptions allow one or more tokens to be mapped to a single keyword. 
+# Exceptions are defined BEFORE tokenisation and are therefore case sensitive and accept characters that would normally be excluded such as punctuation.
+# Exceptions are applied to both indexing and searching, such that search queries for one mapped variation will find all others.
+# List needs to be customised according to board and language requirements.
+# Please remove all commented lines before use.
+#
+# See Sphinx documentation for further details: http://sphinxsearch.com/docs/current/conf-exceptions.html
+#
+# Examples:
+#
+# Acronyms and initialisms
+U.S.A. => usa
+u.s.a. => usa
+U.S.A => usa
+u.s.a => usa
+USA => usa
+U.S. => usa
+u.s. => usa
+U.S => usa
+u.s => usa
+US => usa
+# Abbreviations using ampersand
+profit & loss => p&l
+profit and loss => p&l
+P & L => p&l
+P and L => p&l
+p & l => p&l
+p and l => p&l
+# Ampersands
+& => and
+# Ordinals
+1st => first
+1ST => first
+2nd => second
+2ND => second
+3rd => third
+3RD => third
+4th => fourth
+4TH => fourth
+5th => fifth
+5TH => fifth
+6th => sixth
+6TH => sixth
+7th => seventh
+7TH => seventh
+8th => eighth
+8TH => eighth
+9th => ninth
+9TH => ninth
+10th => tenth
+10TH => tenth
+# Numerals
+1 => one
+2 => two
+3 => three
+4 => four
+5 => five
+6 => six
+7 => seven
+8 => eight
+9 => nine
+10 => ten
+11 => eleven
+12 => twelve
+13 => thirteen
+14 => fourteen
+15 => fifteen
+16 => sixteen
+17 => seventeen
+18 => eighteen
+19 => nineteen
+20 => twenty
+30 => thirty
+40 => forty
+50 => fifty
+60 => sixty
+70 => seventy
+80 => eighty
+90 => ninety
+100 => one hundred
+1000 => one thousand
+10000 => ten thousand
+100000 => one hundred thousand
+1000000 => one million
+1000000000 => one billion
+# Numbered groupings / decades
+10s => tens
+20s => twenties
+30s => thirties
+40s => forties
+50s => fifties
+60s => sixties
+70s => seventies
+80s => eighties
+90s => nineties

phpBB/files/.htaccess

@@ -1,4 +1,33 @@
-<Files *>
-	Order Allow,Deny
-	Deny from All
-</Files>
+# With Apache 2.4 the "Order, Deny" syntax has been deprecated and moved from
+# module mod_authz_host to a new module called mod_access_compat (which may be
+# disabled) and a new "Require" syntax has been introduced to mod_authz_host.
+# We could just conditionally provide both versions, but unfortunately Apache
+# does not explicitly tell us its version if the module mod_version is not
+# available. In this case, we check for the availability of module
+# mod_authz_core (which should be on 2.4 or higher only) as a best guess.
+<IfModule mod_version.c>
+	<IfVersion < 2.4>
+		<Files "*">
+			Order Allow,Deny
+			Deny from All
+		</Files>
+	</IfVersion>
+	<IfVersion >= 2.4>
+		<Files "*">
+			Require all denied
+		</Files>
+	</IfVersion>
+</IfModule>
+<IfModule !mod_version.c>
+	<IfModule !mod_authz_core.c>
+		<Files "*">
+			Order Allow,Deny
+			Deny from All
+		</Files>
+	</IfModule>
+	<IfModule mod_authz_core.c>
+		<Files "*">
+			Require all denied
+		</Files>
+	</IfModule>
+</IfModule>

phpBB/images/avatars/upload/.htaccess

@@ -1,4 +1,33 @@
-<Files *>
-	Order Allow,Deny
-	Deny from All
-</Files>
+# With Apache 2.4 the "Order, Deny" syntax has been deprecated and moved from
+# module mod_authz_host to a new module called mod_access_compat (which may be
+# disabled) and a new "Require" syntax has been introduced to mod_authz_host.
+# We could just conditionally provide both versions, but unfortunately Apache
+# does not explicitly tell us its version if the module mod_version is not
+# available. In this case, we check for the availability of module
+# mod_authz_core (which should be on 2.4 or higher only) as a best guess.
+<IfModule mod_version.c>
+	<IfVersion < 2.4>
+		<Files "*">
+			Order Allow,Deny
+			Deny from All
+		</Files>
+	</IfVersion>
+	<IfVersion >= 2.4>
+		<Files "*">
+			Require all denied
+		</Files>
+	</IfVersion>
+</IfModule>
+<IfModule !mod_version.c>
+	<IfModule !mod_authz_core.c>
+		<Files "*">
+			Order Allow,Deny
+			Deny from All
+		</Files>
+	</IfModule>
+	<IfModule mod_authz_core.c>
+		<Files "*">
+			Require all denied
+		</Files>
+	</IfModule>
+</IfModule>

phpBB/includes/.htaccess

@@ -1,4 +1,33 @@
-<Files *>
-	Order Allow,Deny
-	Deny from All
-</Files>
+# With Apache 2.4 the "Order, Deny" syntax has been deprecated and moved from
+# module mod_authz_host to a new module called mod_access_compat (which may be
+# disabled) and a new "Require" syntax has been introduced to mod_authz_host.
+# We could just conditionally provide both versions, but unfortunately Apache
+# does not explicitly tell us its version if the module mod_version is not
+# available. In this case, we check for the availability of module
+# mod_authz_core (which should be on 2.4 or higher only) as a best guess.
+<IfModule mod_version.c>
+	<IfVersion < 2.4>
+		<Files "*">
+			Order Allow,Deny
+			Deny from All
+		</Files>
+	</IfVersion>
+	<IfVersion >= 2.4>
+		<Files "*">
+			Require all denied
+		</Files>
+	</IfVersion>
+</IfModule>
+<IfModule !mod_version.c>
+	<IfModule !mod_authz_core.c>
+		<Files "*">
+			Order Allow,Deny
+			Deny from All
+		</Files>
+	</IfModule>
+	<IfModule mod_authz_core.c>
+		<Files "*">
+			Require all denied
+		</Files>
+	</IfModule>
+</IfModule>

phpBB/includes/acp/acp_attachments.php

@@ -123,17 +123,29 @@ class acp_attachments
 					include($phpbb_root_path . 'includes/functions_posting.' . $phpEx);
 				}
 
-				$sql = 'SELECT group_name, cat_id
+				$allowed_pm_groups = [];
+				$allowed_post_groups = [];
+				$s_assigned_groups = [];
+
+				$sql = 'SELECT group_id, group_name, cat_id, allow_group, allow_in_pm
 					FROM ' . EXTENSION_GROUPS_TABLE . '
 					WHERE cat_id > 0
 					ORDER BY cat_id';
 				$result = $db->sql_query($sql);
-
-				$s_assigned_groups = array();
 				while ($row = $db->sql_fetchrow($result))
 				{
 					$row['group_name'] = $this->language->is_set('EXT_GROUP_' . utf8_strtoupper($row['group_name'])) ? $this->language->lang('EXT_GROUP_' . utf8_strtoupper($row['group_name'])) : $row['group_name'];
 					$s_assigned_groups[$row['cat_id']][] = $row['group_name'];
+
+					if ($row['allow_group'])
+					{
+						$allowed_post_groups[] = $row['group_id'];
+					}
+
+					if ($row['allow_in_pm'])
+					{
+						$allowed_pm_groups[] = $row['group_id'];
+					}
 				}
 				$db->sql_freeresult($result);
 
@@ -151,13 +163,13 @@ class acp_attachments
 
 						'allow_attachments'		=> array('lang' => 'ALLOW_ATTACHMENTS',		'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => false),
 						'allow_pm_attach'		=> array('lang' => 'ALLOW_PM_ATTACHMENTS',	'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => false),
+						'max_attachments'		=> array('lang' => 'MAX_ATTACHMENTS',		'validate' => 'int:0:999',	'type' => 'number:0:999', 'explain' => false),
+						'max_attachments_pm'	=> array('lang' => 'MAX_ATTACHMENTS_PM',	'validate' => 'int:0:999',	'type' => 'number:0:999', 'explain' => false),
 						'upload_path'			=> array('lang' => 'UPLOAD_DIR',			'validate' => 'wpath',	'type' => 'text:25:100', 'explain' => true),
 						'display_order'			=> array('lang' => 'DISPLAY_ORDER',			'validate' => 'bool',	'type' => 'custom', 'method' => 'display_order', 'explain' => true),
 						'attachment_quota'		=> array('lang' => 'ATTACH_QUOTA',			'validate' => 'string',	'type' => 'custom', 'method' => 'max_filesize', 'explain' => true),
 						'max_filesize'			=> array('lang' => 'ATTACH_MAX_FILESIZE',	'validate' => 'string',	'type' => 'custom', 'method' => 'max_filesize', 'explain' => true),
 						'max_filesize_pm'		=> array('lang' => 'ATTACH_MAX_PM_FILESIZE','validate' => 'string',	'type' => 'custom', 'method' => 'max_filesize', 'explain' => true),
-						'max_attachments'		=> array('lang' => 'MAX_ATTACHMENTS',		'validate' => 'int:0:999',	'type' => 'number:0:999', 'explain' => false),
-						'max_attachments_pm'	=> array('lang' => 'MAX_ATTACHMENTS_PM',	'validate' => 'int:0:999',	'type' => 'number:0:999', 'explain' => false),
 						'secure_downloads'		=> array('lang' => 'SECURE_DOWNLOADS',		'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
 						'secure_allow_deny'		=> array('lang' => 'SECURE_ALLOW_DENY',		'validate' => 'int',	'type' => 'custom', 'method' => 'select_allow_deny', 'explain' => true),
 						'secure_allow_empty_referer'	=> array('lang' => 'SECURE_EMPTY_REFERRER', 'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
@@ -169,6 +181,8 @@ class acp_attachments
 						'img_max_thumb_width'		=> array('lang' => 'MAX_THUMB_WIDTH',		'validate' => 'int:0:999999999999999',	'type' => 'number:0:999999999999999', 'explain' => true, 'append' => ' ' . $user->lang['PIXEL']),
 						'img_min_thumb_filesize'	=> array('lang' => 'MIN_THUMB_FILESIZE',	'validate' => 'int:0:999999999999999',	'type' => 'number:0:999999999999999', 'explain' => true, 'append' => ' ' . $user->lang['BYTES']),
 						'img_max'					=> array('lang' => 'MAX_IMAGE_SIZE',		'validate' => 'int:0:9999',	'type' => 'dimension:0:9999', 'explain' => true, 'append' => ' ' . $user->lang['PIXEL']),
+						'img_strip_metadata'		=> array('lang' => 'IMAGE_STRIP_METADATA',	'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
+						'img_quality'				=> array('lang' => 'IMAGE_QUALITY',			'validate' => 'int:50:90',	'type' => 'number:50:90', 'explain' => true, 'append' => ' %'),
 						'img_link'					=> array('lang' => 'IMAGE_LINK_SIZE',		'validate' => 'int:0:9999',	'type' => 'dimension:0:9999', 'explain' => true, 'append' => ' ' . $user->lang['PIXEL']),
 					)
 				);
@@ -211,6 +225,9 @@ class acp_attachments
 					if (in_array($config_name, array('attachment_quota', 'max_filesize', 'max_filesize_pm')))
 					{
 						$size_var = $request->variable($config_name, '');
+
+						$config_value = (int) $config_value;
+
 						$this->new_config[$config_name] = $config_value = ($size_var == 'kb') ? round($config_value * 1024) : (($size_var == 'mb') ? round($config_value * 1048576) : $config_value);
 					}
 
@@ -259,10 +276,14 @@ class acp_attachments
 				$db->sql_freeresult($result);
 
 				$template->assign_vars(array(
+					'S_EMPTY_PM_GROUPS'		=> empty($allowed_pm_groups),
+					'S_EMPTY_POST_GROUPS'	=> empty($allowed_post_groups),
 					'S_SECURE_DOWNLOADS'	=> $this->new_config['secure_downloads'],
 					'S_DEFINED_IPS'			=> ($defined_ips != '') ? true : false,
 					'S_WARNING'				=> (count($error)) ? true : false,
 
+					'U_EXTENSION_GROUPS'	=> append_sid("{$phpbb_admin_path}index.$phpEx", "i=$id&mode=ext_groups"),
+
 					'WARNING_MSG'			=> implode('<br />', $error),
 					'DEFINED_IPS'			=> $defined_ips,
 
@@ -1291,7 +1312,7 @@ class acp_attachments
 	*/
 	public function get_attachment_stats($limit = '')
 	{
-		$sql = 'SELECT COUNT(a.attach_id) AS num_files, SUM(a.filesize) AS upload_dir_size
+		$sql = 'SELECT COUNT(a.attach_id) AS num_files, SUM(' . $this->db->cast_expr_to_bigint('a.filesize') . ') AS upload_dir_size
 			FROM ' . ATTACHMENTS_TABLE . " a
 			WHERE a.is_orphan = 0
 				$limit";
@@ -1478,7 +1499,7 @@ class acp_attachments
 
 				try
 				{
-					$this->filesystem->phpbb_chmod($phpbb_root_path . $upload_dir, CHMOD_READ | CHMOD_WRITE);
+					$this->filesystem->phpbb_chmod($phpbb_root_path . $upload_dir, \phpbb\filesystem\filesystem_interface::CHMOD_READ | \phpbb\filesystem\filesystem_interface::CHMOD_WRITE);
 				}
 				catch (\phpbb\filesystem\exception\filesystem_exception $e)
 				{

phpBB/includes/acp/acp_ban.php

@@ -156,7 +156,8 @@ class acp_ban
 			break;
 		}
 
-		self::display_ban_options($mode);
+		display_ban_end_options();
+		display_ban_options($mode);
 
 		$template->assign_vars(array(
 			'L_TITLE'				=> $this->page_title,
@@ -173,126 +174,4 @@ class acp_ban
 			'U_FIND_USERNAME'	=> append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=searchuser&form=acp_ban&field=ban'),
 		));
 	}
-
-	/**
-	* Display ban options
-	*/
-	static public function display_ban_options($mode)
-	{
-		global $user, $db, $template;
-
-		// Ban length options
-		$ban_end_text = array(0 => $user->lang['PERMANENT'], 30 => $user->lang['30_MINS'], 60 => $user->lang['1_HOUR'], 360 => $user->lang['6_HOURS'], 1440 => $user->lang['1_DAY'], 10080 => $user->lang['7_DAYS'], 20160 => $user->lang['2_WEEKS'], 40320 => $user->lang['1_MONTH'], -1 => $user->lang['UNTIL'] . ' -> ');
-
-		$ban_end_options = '';
-		foreach ($ban_end_text as $length => $text)
-		{
-			$ban_end_options .= '<option value="' . $length . '">' . $text . '</option>';
-		}
-
-		switch ($mode)
-		{
-			case 'user':
-
-				$field = 'username';
-
-				$sql = 'SELECT b.*, u.user_id, u.username, u.username_clean
-					FROM ' . BANLIST_TABLE . ' b, ' . USERS_TABLE . ' u
-					WHERE (b.ban_end >= ' . time() . '
-							OR b.ban_end = 0)
-						AND u.user_id = b.ban_userid
-					ORDER BY u.username_clean ASC';
-			break;
-
-			case 'ip':
-
-				$field = 'ban_ip';
-
-				$sql = 'SELECT *
-					FROM ' . BANLIST_TABLE . '
-					WHERE (ban_end >= ' . time() . "
-							OR ban_end = 0)
-						AND ban_ip <> ''
-					ORDER BY ban_ip";
-			break;
-
-			case 'email':
-
-				$field = 'ban_email';
-
-				$sql = 'SELECT *
-					FROM ' . BANLIST_TABLE . '
-					WHERE (ban_end >= ' . time() . "
-							OR ban_end = 0)
-						AND ban_email <> ''
-					ORDER BY ban_email";
-			break;
-		}
-		$result = $db->sql_query($sql);
-
-		$banned_options = $excluded_options = array();
-		while ($row = $db->sql_fetchrow($result))
-		{
-			$option = '<option value="' . $row['ban_id'] . '">' . $row[$field] . '</option>';
-
-			if ($row['ban_exclude'])
-			{
-				$excluded_options[] = $option;
-			}
-			else
-			{
-				$banned_options[] = $option;
-			}
-
-			$time_length = ($row['ban_end']) ? ($row['ban_end'] - $row['ban_start']) / 60 : 0;
-
-			if ($time_length == 0)
-			{
-				// Banned permanently
-				$ban_length = $user->lang['PERMANENT'];
-			}
-			else if (isset($ban_end_text[$time_length]))
-			{
-				// Banned for a given duration
-				$ban_length = $user->lang('BANNED_UNTIL_DURATION', $ban_end_text[$time_length], $user->format_date($row['ban_end'], false, true));
-			}
-			else
-			{
-				// Banned until given date
-				$ban_length = $user->lang('BANNED_UNTIL_DATE', $user->format_date($row['ban_end'], false, true));
-			}
-
-			$template->assign_block_vars('bans', array(
-				'BAN_ID'		=> (int) $row['ban_id'],
-				'LENGTH'		=> $ban_length,
-				'A_LENGTH'		=> addslashes($ban_length),
-				'REASON'		=> $row['ban_reason'],
-				'A_REASON'		=> addslashes($row['ban_reason']),
-				'GIVE_REASON'	=> $row['ban_give_reason'],
-				'A_GIVE_REASON'	=> addslashes($row['ban_give_reason']),
-			));
-		}
-		$db->sql_freeresult($result);
-
-		$options = '';
-		if ($excluded_options)
-		{
-			$options .= '<optgroup label="' . $user->lang['OPTIONS_EXCLUDED'] . '">';
-			$options .= implode('', $excluded_options);
-			$options .= '</optgroup>';
-		}
-
-		if ($banned_options)
-		{
-			$options .= '<optgroup label="' . $user->lang['OPTIONS_BANNED'] . '">';
-			$options .= implode('', $banned_options);
-			$options .= '</optgroup>';
-		}
-
-		$template->assign_vars(array(
-			'S_BAN_END_OPTIONS'	=> $ban_end_options,
-			'S_BANNED_OPTIONS'	=> ($banned_options || $excluded_options) ? true : false,
-			'BANNED_OPTIONS'	=> $options,
-		));
-	}
 }

phpBB/includes/acp/acp_bbcodes.php

@@ -33,7 +33,6 @@ class acp_bbcodes
 		// Set up general vars
 		$action	= $request->variable('action', '');
 		$bbcode_id = $request->variable('bbcode', 0);
-		$submit = $request->is_set_post('submit');
 
 		$this->tpl_name = 'acp_bbcodes';
 		$this->page_title = 'ACP_BBCODES';
@@ -41,11 +40,6 @@ class acp_bbcodes
 
 		add_form_key($form_key);
 
-		if ($submit && !check_form_key($form_key))
-		{
-			trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING);
-		}
-
 		// Set up mode-specific vars
 		switch ($action)
 		{
@@ -179,6 +173,12 @@ class acp_bbcodes
 				extract($phpbb_dispatcher->trigger_event('core.acp_bbcodes_modify_create', compact($vars)));
 
 				$warn_text = preg_match('%<[^>]*\{text[\d]*\}[^>]*>%i', $bbcode_tpl);
+
+				if (!$warn_text && !check_form_key($form_key))
+				{
+					trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING);
+				}
+
 				if (!$warn_text || confirm_box(true))
 				{
 					$data = $this->build_regexp($bbcode_match, $bbcode_tpl);
@@ -211,11 +211,6 @@ class acp_bbcodes
 						$test = $data['bbcode_tag'];
 					}
 
-					if (!preg_match('%\\[' . $test . '[^]]*].*?\\[/' . $test . ']%s', $bbcode_match))
-					{
-						trigger_error($user->lang['BBCODE_OPEN_ENDED_TAG'] . adm_back_link($this->u_action), E_USER_WARNING);
-					}
-
 					if (strlen($data['bbcode_tag']) > 16)
 					{
 						trigger_error($user->lang['BBCODE_TAG_TOO_LONG'] . adm_back_link($this->u_action), E_USER_WARNING);
@@ -231,6 +226,12 @@ class acp_bbcodes
 						trigger_error($user->lang['BBCODE_HELPLINE_TOO_LONG'] . adm_back_link($this->u_action), E_USER_WARNING);
 					}
 
+					/**
+					 * Replace Emojis and other 4bit UTF-8 chars not allowed by MySQL to UCR/NCR.
+					 * Using their Numeric Character Reference's Hexadecimal notation.
+					 */
+					$bbcode_helpline = utf8_encode_ucr($bbcode_helpline);
+
 					$sql_ary = array_merge($sql_ary, array(
 						'bbcode_tag'				=> $data['bbcode_tag'],
 						'bbcode_match'				=> $bbcode_match,

phpBB/includes/acp/acp_board.php

@@ -76,7 +76,7 @@ class acp_board
 						'legend3'				=> 'WARNINGS',
 						'warnings_expire_days'	=> array('lang' => 'WARNINGS_EXPIRE',		'validate' => 'int:0:9999',	'type' => 'number:0:9999', 'explain' => true, 'append' => ' ' . $user->lang['DAYS']),
 
-						'legend4'					=> 'ACP_SUBMIT_CHANGES',
+						'legend4'				=> 'ACP_SUBMIT_CHANGES',
 					)
 				);
 			break;
@@ -112,7 +112,7 @@ class acp_board
 						'load_cpf_viewprofile'	=> array('lang' => 'LOAD_CPF_VIEWPROFILE',	'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => false),
 						'load_cpf_viewtopic'	=> array('lang' => 'LOAD_CPF_VIEWTOPIC',	'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => false),
 
-						'legend3'					=> 'ACP_SUBMIT_CHANGES',
+						'legend3'				=> 'ACP_SUBMIT_CHANGES',
 					)
 				);
 			break;
@@ -141,12 +141,10 @@ class acp_board
 					'title'	=> 'ACP_AVATAR_SETTINGS',
 					'vars'	=> array(
 						'legend1'				=> 'ACP_AVATAR_SETTINGS',
-
 						'avatar_min_width'		=> array('lang' => 'MIN_AVATAR_SIZE', 'validate' => 'int:0', 'type' => false, 'method' => false, 'explain' => false),
 						'avatar_min_height'		=> array('lang' => 'MIN_AVATAR_SIZE', 'validate' => 'int:0', 'type' => false, 'method' => false, 'explain' => false),
 						'avatar_max_width'		=> array('lang' => 'MAX_AVATAR_SIZE', 'validate' => 'int:0', 'type' => false, 'method' => false, 'explain' => false),
 						'avatar_max_height'		=> array('lang' => 'MAX_AVATAR_SIZE', 'validate' => 'int:0', 'type' => false, 'method' => false, 'explain' => false),
-
 						'allow_avatar'			=> array('lang' => 'ALLOW_AVATARS',			'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
 						'avatar_min'			=> array('lang' => 'MIN_AVATAR_SIZE',		'validate' => 'int:0',	'type' => 'dimension:0', 'explain' => true, 'append' => ' ' . $user->lang['PIXEL']),
 						'avatar_max'			=> array('lang' => 'MAX_AVATAR_SIZE',		'validate' => 'int:0',	'type' => 'dimension:0', 'explain' => true, 'append' => ' ' . $user->lang['PIXEL']),
@@ -157,6 +155,8 @@ class acp_board
 				{
 					$display_vars['vars'] += $avatar_vars;
 				}
+
+				$display_vars['vars']['legend2'] = 'ACP_SUBMIT_CHANGES';
 			break;
 
 			case 'message':
@@ -184,7 +184,7 @@ class acp_board
 						'auth_flash_pm'			=> array('lang' => 'ALLOW_FLASH_PM',		'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
 						'enable_pm_icons'		=> array('lang' => 'ENABLE_PM_ICONS',		'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => false),
 
-						'legend3'					=> 'ACP_SUBMIT_CHANGES',
+						'legend3'				=> 'ACP_SUBMIT_CHANGES',
 					)
 				);
 			break;
@@ -227,7 +227,7 @@ class acp_board
 						'max_post_img_width'	=> array('lang' => 'MAX_POST_IMG_WIDTH',	'validate' => 'int:0:9999',		'type' => 'number:0:9999', 'explain' => true, 'append' => ' ' . $user->lang['PIXEL']),
 						'max_post_img_height'	=> array('lang' => 'MAX_POST_IMG_HEIGHT',	'validate' => 'int:0:9999',		'type' => 'number:0:9999', 'explain' => true, 'append' => ' ' . $user->lang['PIXEL']),
 
-						'legend3'					=> 'ACP_SUBMIT_CHANGES',
+						'legend3'				=> 'ACP_SUBMIT_CHANGES',
 					)
 				);
 			break;
@@ -252,7 +252,7 @@ class acp_board
 						'max_sig_img_width'		=> array('lang' => 'MAX_SIG_IMG_WIDTH',		'validate' => 'int:0:9999',	'type' => 'number:0:9999', 'explain' => true, 'append' => ' ' . $user->lang['PIXEL']),
 						'max_sig_img_height'	=> array('lang' => 'MAX_SIG_IMG_HEIGHT',	'validate' => 'int:0:9999',	'type' => 'number:0:9999', 'explain' => true, 'append' => ' ' . $user->lang['PIXEL']),
 
-						'legend3'					=> 'ACP_SUBMIT_CHANGES',
+						'legend3'				=> 'ACP_SUBMIT_CHANGES',
 					)
 				);
 			break;
@@ -315,6 +315,8 @@ class acp_board
 						'legend4'					=> 'ACP_FEED_SETTINGS_OTHER',
 						'feed_overall_forums'		=> array('lang'	=> 'ACP_FEED_OVERALL_FORUMS',		'validate' => 'bool',	'type' => 'radio:enabled_disabled',	'explain' => true ),
 						'feed_exclude_id'			=> array('lang' => 'ACP_FEED_EXCLUDE_ID',			'validate' => 'string',	'type' => 'custom', 'method' => 'select_exclude_forums', 'explain' => true),
+
+						'legend5'					=> 'ACP_SUBMIT_CHANGES',
 					)
 				);
 			break;
@@ -329,6 +331,8 @@ class acp_board
 						'cookie_path'	=> array('lang'	=> 'COOKIE_PATH',	'validate' => 'string',	'type' => 'text::255', 'explain' => true),
 						'cookie_secure'	=> array('lang' => 'COOKIE_SECURE',	'validate' => 'bool',	'type' => 'radio:enabled_disabled', 'explain' => true),
 						'cookie_notice'	=> array('lang' => 'COOKIE_NOTICE',	'validate' => 'bool',	'type' => 'radio:enabled_disabled', 'explain' => true),
+
+						'legend2'		=> 'ACP_SUBMIT_CHANGES',
 					)
 				);
 			break;
@@ -369,7 +373,7 @@ class acp_board
 						'load_cpf_viewprofile'	=> array('lang' => 'LOAD_CPF_VIEWPROFILE',	'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => false),
 						'load_cpf_viewtopic'	=> array('lang' => 'LOAD_CPF_VIEWTOPIC',	'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => false),
 
-						'legend4'					=> 'ACP_SUBMIT_CHANGES',
+						'legend4'				=> 'ACP_SUBMIT_CHANGES',
 					)
 				);
 			break;
@@ -406,7 +410,7 @@ class acp_board
 						'server_port'			=> array('lang' => 'SERVER_PORT',		'validate' => 'int:0:99999',			'type' => 'number:0:99999', 'explain' => true),
 						'script_path'			=> array('lang' => 'SCRIPT_PATH',		'validate' => 'script_path',	'type' => 'text::255', 'explain' => true),
 
-						'legend4'					=> 'ACP_SUBMIT_CHANGES',
+						'legend4'				=> 'ACP_SUBMIT_CHANGES',
 					)
 				);
 			break;
@@ -438,6 +442,7 @@ class acp_board
 						'form_token_lifetime'	=> array('lang' => 'FORM_TIME_MAX',			'validate' => 'int:-1:99999',	'type' => 'number:-1:99999', 'explain' => true, 'append' => ' ' . $user->lang['SECONDS']),
 						'form_token_sid_guests'	=> array('lang' => 'FORM_SID_GUESTS',		'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
 
+						'legend2'				=> 'ACP_SUBMIT_CHANGES',
 					)
 				);
 			break;
@@ -470,7 +475,7 @@ class acp_board
 						'smtp_verify_peer_name'	=> array('lang' => 'SMTP_VERIFY_PEER_NAME',	'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
 						'smtp_allow_self_signed'=> array('lang' => 'SMTP_ALLOW_SELF_SIGNED','validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
 
-						'legend3'					=> 'ACP_SUBMIT_CHANGES',
+						'legend3'				=> 'ACP_SUBMIT_CHANGES',
 					)
 				);
 			break;

phpBB/includes/acp/acp_database.php

@@ -58,7 +58,6 @@ class acp_database
 						$type	= $request->variable('type', '');
 						$table	= array_intersect($this->db_tools->sql_list_tables(), $request->variable('table', array('')));
 						$format	= $request->variable('method', '');
-						$where	= $request->variable('where', '');
 
 						if (!count($table))
 						{
@@ -70,12 +69,9 @@ class acp_database
 							trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING);
 						}
 
-						$store = $structure = $schema_data = false;
-
-						if ($where == 'store')
-						{
-							$store = true;
-						}
+						$store = true;
+						$structure = false;
+						$schema_data = false;
 
 						if ($type == 'full' || $type == 'structure')
 						{

phpBB/includes/acp/acp_forums.php

@@ -986,10 +986,20 @@ class acp_forums
 			$errors[] = $user->lang['FORUM_NAME_EMPTY'];
 		}
 
-		// No Emojis
+		/**
+		 * Replace Emojis and other 4bit UTF-8 chars not allowed by MySql to UCR / NCR.
+		 * Using their Numeric Character Reference's Hexadecimal notation.
+		 */
+		$forum_data_ary['forum_name'] = utf8_encode_ucr($forum_data_ary['forum_name']);
+
+		/**
+		 * This should never happen again.
+		 * Leaving the fallback here just in case there will be the need of it.
+		 */
 		if (preg_match_all('/[\x{10000}-\x{10FFFF}]/u', $forum_data_ary['forum_name'], $matches))
 		{
 			$character_list = implode('<br>', $matches[0]);
+
 			$errors[] = $user->lang('FORUM_NAME_EMOJI', $character_list);
 		}
 
@@ -1423,8 +1433,8 @@ class acp_forums
 		* This event may be triggered, when a forum is deleted
 		*
 		* @event core.acp_manage_forums_move_children
-		* @var	int		from_id		If of the current parent forum
-		* @var	int		to_id		If of the new parent forum
+		* @var	int		from_id		Id of the current parent forum
+		* @var	int		to_id		Id of the new parent forum
 		* @var	array	errors		Array of errors, should be strings and not
 		*							language key.
 		* @since 3.1.0-a1
@@ -1529,8 +1539,8 @@ class acp_forums
 		* Event when we move content from one forum to another
 		*
 		* @event core.acp_manage_forums_move_content
-		* @var	int		from_id		If of the current parent forum
-		* @var	int		to_id		If of the new parent forum
+		* @var	int		from_id		Id of the current parent forum
+		* @var	int		to_id		Id of the new parent forum
 		* @var	bool	sync		Shall we sync the "to"-forum's data
 		* @var	array	errors		Array of errors, should be strings and not
 		*							language key. If this array is not empty,
@@ -1576,6 +1586,19 @@ class acp_forums
 			$db->sql_query($sql);
 		}
 
+		/**
+		 * Event when content has been moved from one forum to another
+		 *
+		 * @event core.acp_manage_forums_move_content_after
+		 * @var	int		from_id		Id of the current parent forum
+		 * @var	int		to_id		Id of the new parent forum
+		 * @var	bool	sync		Shall we sync the "to"-forum's data
+		 *
+		 * @since 3.2.9-RC1
+		 */
+		$vars = array('from_id', 'to_id', 'sync');
+		extract($phpbb_dispatcher->trigger_event('core.acp_manage_forums_move_content_after', compact($vars)));
+
 		if ($sync)
 		{
 			// Delete ghost topics that link back to the same forum then resync counters

phpBB/includes/acp/acp_main.php

@@ -429,11 +429,11 @@ class acp_main
 		// Version check
 		$user->add_lang('install');
 
-		if ($auth->acl_get('a_server') && version_compare(PHP_VERSION, '5.4.0', '<'))
+		if ($auth->acl_get('a_server') && version_compare(PHP_VERSION, '7.1.3', '<'))
 		{
 			$template->assign_vars(array(
 				'S_PHP_VERSION_OLD'	=> true,
-				'L_PHP_VERSION_OLD'	=> sprintf($user->lang['PHP_VERSION_OLD'], PHP_VERSION, '5.4.0', '<a href="https://www.phpbb.com/support/docs/en/3.2/ug/quickstart/requirements">', '</a>'),
+				'L_PHP_VERSION_OLD'	=> sprintf($user->lang['PHP_VERSION_OLD'], PHP_VERSION, '7.1.3', '<a href="https://www.phpbb.com/support/docs/en/3.3/ug/quickstart/requirements">', '</a>'),
 			));
 		}
 
@@ -493,7 +493,7 @@ class acp_main
 
 		$start_date = $user->format_date($config['board_startdate']);
 
-		$boarddays = (time() - $config['board_startdate']) / 86400;
+		$boarddays = (time() - (int) $config['board_startdate']) / 86400;
 
 		$posts_per_day = sprintf('%.2f', $total_posts / $boarddays);
 		$topics_per_day = sprintf('%.2f', $total_topics / $boarddays);

phpBB/includes/acp/acp_permissions.php

@@ -44,8 +44,6 @@ class acp_permissions
 			include($phpbb_root_path . 'includes/acp/auth.' . $phpEx);
 		}
 
-		$this->permissions = $phpbb_container->get('acl.permissions');
-
 		$auth_admin = new auth_admin();
 
 		$user->add_lang('acp/permissions');
@@ -53,6 +51,8 @@ class acp_permissions
 
 		$this->tpl_name = 'acp_permissions';
 
+		$this->permissions = $phpbb_container->get('acl.permissions');
+
 		// Trace has other vars
 		if ($mode == 'trace')
 		{

phpBB/includes/acp/acp_prune.php

@@ -537,6 +537,7 @@ class acp_prune
 					AND ug.user_id <> ' . ANONYMOUS . '
 					AND u.user_type <> ' . USER_FOUNDER . '
 					AND ug.user_pending = 0
+					AND ug.group_leader = 0
 					AND u.user_id = ug.user_id
 					' . (!empty($user_ids) ? ' AND ' . $db->sql_in_set('ug.user_id', $user_ids) : '');
 			$result = $db->sql_query($sql);

phpBB/includes/acp/acp_users.php

@@ -822,10 +822,12 @@ class acp_users
 							* @var	string	action		Quick tool that should be run
 							* @var	array	user_row	Current user data
 							* @var	string	u_action	The u_action link
+							* @var	int		user_id		User id of the user to manage
 							* @since 3.1.0-a1
 							* @changed 3.2.2-RC1 Added u_action
+							* @changed 3.2.10-RC1 Added user_id
 							*/
-							$vars = array('action', 'user_row', 'u_action');
+							$vars = array('action', 'user_row', 'u_action', 'user_id');
 							extract($phpbb_dispatcher->trigger_event('core.acp_users_overview_run_quicktool', compact($vars)));
 
 							unset($u_action);
@@ -2607,6 +2609,7 @@ class acp_users
 			break;
 
 			default:
+				$u_action = $this->u_action;
 
 				/**
 				* Additional modes provided by extensions
@@ -2616,11 +2619,14 @@ class acp_users
 				* @var	int		user_id			User id of the user to manage
 				* @var	array	user_row		Array with user data
 				* @var	array	error			Array with errors data
+				* @var	string	u_action		The u_action link
 				* @since 3.2.2-RC1
+				* @changed 3.2.10-RC1 Added u_action
 				*/
-				$vars = array('mode', 'user_id', 'user_row', 'error');
+				$vars = array('mode', 'user_id', 'user_row', 'error', 'u_action');
 				extract($phpbb_dispatcher->trigger_event('core.acp_users_mode_add', compact($vars)));
 
+				unset($u_action);
 			break;
 		}
 

phpBB/includes/bbcode.php

@@ -221,8 +221,6 @@ class bbcode
 			$db->sql_freeresult($result);
 		}
 
-		// To perform custom second pass in extension, use $this->bbcode_second_pass_by_extension()
-		// method which accepts variable number of parameters
 		foreach ($bbcode_ids as $bbcode_id)
 		{
 			switch ($bbcode_id)
@@ -681,6 +679,8 @@ class bbcode
 	* Accepts variable number of parameters
 	*
 	* @return mixed Second pass result
+	*
+	* @deprecated 3.2.10 (To be removed 4.0.0)
 	*/
 	function bbcode_second_pass_by_extension()
 	{

phpBB/includes/constants.php

@@ -28,7 +28,7 @@ if (!defined('IN_PHPBB'))
 */
 
 // phpBB Version
-@define('PHPBB_VERSION', '3.2.8-RC1');
+@define('PHPBB_VERSION', '3.2.10');
 
 // QA-related
 // define('PHPBB_QA', 1);
@@ -225,10 +225,10 @@ define('REFERER_VALIDATE_HOST', 1);
 define('REFERER_VALIDATE_PATH', 2);
 
 // phpbb_chmod() permissions
-@define('CHMOD_ALL', 7);
-@define('CHMOD_READ', 4);
-@define('CHMOD_WRITE', 2);
-@define('CHMOD_EXECUTE', 1);
+@define('CHMOD_ALL', 7); // @deprecated 3.2.10
+@define('CHMOD_READ', 4); // @deprecated 3.2.10
+@define('CHMOD_WRITE', 2); // @deprecated 3.2.10
+@define('CHMOD_EXECUTE', 1); // @deprecated 3.2.10
 
 // Captcha code length
 define('CAPTCHA_MIN_CHARS', 4);

phpBB/includes/functions.php

@@ -20,49 +20,6 @@ if (!defined('IN_PHPBB'))
 }
 
 // Common global functions
-/**
-* Load the autoloaders added by the extensions.
-*
-* @param string $phpbb_root_path Path to the phpbb root directory.
-*/
-function phpbb_load_extensions_autoloaders($phpbb_root_path)
-{
-	$iterator = new \RecursiveIteratorIterator(
-		new \phpbb\recursive_dot_prefix_filter_iterator(
-			new \RecursiveDirectoryIterator(
-				$phpbb_root_path . 'ext/',
-				\FilesystemIterator::SKIP_DOTS | \FilesystemIterator::FOLLOW_SYMLINKS
-			)
-		),
-		\RecursiveIteratorIterator::SELF_FIRST
-	);
-	$iterator->setMaxDepth(2);
-
-	foreach ($iterator as $file_info)
-	{
-		if ($file_info->getFilename() === 'vendor' && $iterator->getDepth() === 2)
-		{
-			$filename = $file_info->getRealPath() . '/autoload.php';
-			if (file_exists($filename))
-			{
-				require $filename;
-			}
-		}
-	}
-}
-
-/**
-* Casts a variable to the given type.
-*
-* @deprecated
-*/
-function set_var(&$result, $var, $type, $multibyte = false)
-{
-	// no need for dependency injection here, if you have the object, call the method yourself!
-	$type_cast_helper = new \phpbb\request\type_cast_helper();
-	$type_cast_helper->set_var($result, $var, $type, $multibyte);
-}
-
 /**
 * Generates an alphanumeric random string of given length
 *
@@ -3901,108 +3858,6 @@ function phpbb_optionset($bit, $set, $data)
 	return $data;
 }
 
-/**
-* Login using http authenticate.
-*
-* @param array	$param		Parameter array, see $param_defaults array.
-*
-* @return null
-*/
-function phpbb_http_login($param)
-{
-	global $auth, $user, $request;
-	global $config;
-
-	$param_defaults = array(
-		'auth_message'	=> '',
-
-		'autologin'		=> false,
-		'viewonline'	=> true,
-		'admin'			=> false,
-	);
-
-	// Overwrite default values with passed values
-	$param = array_merge($param_defaults, $param);
-
-	// User is already logged in
-	// We will not overwrite his session
-	if (!empty($user->data['is_registered']))
-	{
-		return;
-	}
-
-	// $_SERVER keys to check
-	$username_keys = array(
-		'PHP_AUTH_USER',
-		'Authorization',
-		'REMOTE_USER', 'REDIRECT_REMOTE_USER',
-		'HTTP_AUTHORIZATION', 'REDIRECT_HTTP_AUTHORIZATION',
-		'REMOTE_AUTHORIZATION', 'REDIRECT_REMOTE_AUTHORIZATION',
-		'AUTH_USER',
-	);
-
-	$password_keys = array(
-		'PHP_AUTH_PW',
-		'REMOTE_PASSWORD',
-		'AUTH_PASSWORD',
-	);
-
-	$username = null;
-	foreach ($username_keys as $k)
-	{
-		if ($request->is_set($k, \phpbb\request\request_interface::SERVER))
-		{
-			$username = htmlspecialchars_decode($request->server($k));
-			break;
-		}
-	}
-
-	$password = null;
-	foreach ($password_keys as $k)
-	{
-		if ($request->is_set($k, \phpbb\request\request_interface::SERVER))
-		{
-			$password = htmlspecialchars_decode($request->server($k));
-			break;
-		}
-	}
-
-	// Decode encoded information (IIS, CGI, FastCGI etc.)
-	if (!is_null($username) && is_null($password) && strpos($username, 'Basic ') === 0)
-	{
-		list($username, $password) = explode(':', base64_decode(substr($username, 6)), 2);
-	}
-
-	if (!is_null($username) && !is_null($password))
-	{
-		set_var($username, $username, 'string', true);
-		set_var($password, $password, 'string', true);
-
-		$auth_result = $auth->login($username, $password, $param['autologin'], $param['viewonline'], $param['admin']);
-
-		if ($auth_result['status'] == LOGIN_SUCCESS)
-		{
-			return;
-		}
-		else if ($auth_result['status'] == LOGIN_ERROR_ATTEMPTS)
-		{
-			send_status_line(401, 'Unauthorized');
-
-			trigger_error('NOT_AUTHORISED');
-		}
-	}
-
-	// Prepend sitename to auth_message
-	$param['auth_message'] = ($param['auth_message'] === '') ? $config['sitename'] : $config['sitename'] . ' - ' . $param['auth_message'];
-
-	// We should probably filter out non-ASCII characters - RFC2616
-	$param['auth_message'] = preg_replace('/[\x80-\xFF]/', '?', $param['auth_message']);
-
-	header('WWW-Authenticate: Basic realm="' . $param['auth_message'] . '"');
-	send_status_line(401, 'Unauthorized');
-
-	trigger_error('NOT_AUTHORISED');
-}
 
 /**
 * Escapes and quotes a string for use as an HTML/XML attribute value.
@@ -4051,54 +3906,6 @@ function phpbb_quoteattr($data, $entities = null)
 	return $data;
 }
 
-/**
-* Converts query string (GET) parameters in request into hidden fields.
-*
-* Useful for forwarding GET parameters when submitting forms with GET method.
-*
-* It is possible to omit some of the GET parameters, which is useful if
-* they are specified in the form being submitted.
-*
-* sid is always omitted.
-*
-* @param \phpbb\request\request $request Request object
-* @param array $exclude A list of variable names that should not be forwarded
-* @return string HTML with hidden fields
-*/
-function phpbb_build_hidden_fields_for_query_params($request, $exclude = null)
-{
-	$names = $request->variable_names(\phpbb\request\request_interface::GET);
-	$hidden = '';
-	foreach ($names as $name)
-	{
-		// Sessions are dealt with elsewhere, omit sid always
-		if ($name == 'sid')
-		{
-			continue;
-		}
-
-		// Omit any additional parameters requested
-		if (!empty($exclude) && in_array($name, $exclude))
-		{
-			continue;
-		}
-
-		$escaped_name = phpbb_quoteattr($name);
-
-		// Note: we might retrieve the variable from POST or cookies
-		// here. To avoid exposing cookies, skip variables that are
-		// overwritten somewhere other than GET entirely.
-		$value = $request->variable($name, '', true);
-		$get_value = $request->variable($name, '', true, \phpbb\request\request_interface::GET);
-		if ($value === $get_value)
-		{
-			$escaped_value = phpbb_quoteattr($value);
-			$hidden .= "<input type='hidden' name=$escaped_name value=$escaped_value />";
-		}
-	}
-	return $hidden;
-}
-
 /**
 * Get user avatar
 *

phpBB/includes/functions_admin.php

@@ -543,6 +543,20 @@ function move_topics($topic_ids, $forum_id, $auto_sync = true)
 		$topic_ids = array($topic_ids);
 	}
 
+	/**
+	 * Perform additional actions before topics move
+	 *
+	 * @event core.move_topics_before
+	 * @var	array	topic_ids	Array of the moved topic ids
+	 * @var	string	forum_id	The forum id from where the topics are moved
+	 * @since 3.2.9-RC1
+	 */
+	$vars = array(
+		'topic_ids',
+		'forum_id',
+	);
+	extract($phpbb_dispatcher->trigger_event('core.move_topics_before', compact($vars)));
+
 	$sql = 'DELETE FROM ' . TOPICS_TABLE . '
 		WHERE ' . $db->sql_in_set('topic_moved_id', $topic_ids) . '
 			AND forum_id = ' . $forum_id;
@@ -593,6 +607,22 @@ function move_topics($topic_ids, $forum_id, $auto_sync = true)
 	}
 	unset($table_ary);
 
+	/**
+	 * Perform additional actions after topics move
+	 *
+	 * @event core.move_topics_after
+	 * @var	array	topic_ids	Array of the moved topic ids
+	 * @var	string	forum_id	The forum id from where the topics were moved
+	 * @var	array	forum_ids	Array of the forums where the topics were moved (includes also forum_id)
+	 * @since 3.2.9-RC1
+	 */
+	$vars = array(
+		'topic_ids',
+		'forum_id',
+		'forum_ids',
+	);
+	extract($phpbb_dispatcher->trigger_event('core.move_topics_after', compact($vars)));
+
 	if ($auto_sync)
 	{
 		sync('forum', 'forum_id', $forum_ids, true, true);
@@ -2385,7 +2415,7 @@ function prune($forum_id, $prune_mode, $prune_date, $prune_flags = 0, $auto_sync
 /**
 * Function auto_prune(), this function now relies on passed vars
 */
-function auto_prune($forum_id, $prune_mode, $prune_flags, $prune_days, $prune_freq)
+function auto_prune($forum_id, $prune_mode, $prune_flags, $prune_days, $prune_freq, $log_prune = true)
 {
 	global $db, $user, $phpbb_log;
 
@@ -2405,13 +2435,18 @@ function auto_prune($forum_id, $prune_mode, $prune_flags, $prune_days, $prune_fr
 
 		if ($result['topics'] == 0 && $result['posts'] == 0)
 		{
+			$column = $prune_mode === 'shadow' ? 'prune_shadow_next' : 'prune_next';
+
 			$sql = 'UPDATE ' . FORUMS_TABLE . "
-				SET prune_next = $next_prune
+				SET $column = $next_prune
 				WHERE forum_id = $forum_id";
 			$db->sql_query($sql);
 		}
 
-		$phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_AUTO_PRUNE', false, array($row['forum_name']));
+		if ($log_prune)
+		{
+			$phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_AUTO_PRUNE', false, [$row['forum_name']]);
+		}
 	}
 
 	return;
@@ -3107,3 +3142,133 @@ function enable_bitfield_column_flag($table_name, $column_name, $flag, $sql_more
 		' . $sql_more;
 	$db->sql_query($sql);
 }
+
+function display_ban_end_options()
+{
+	global $user, $template;
+
+	// Ban length options
+	$ban_end_text = array(0 => $user->lang['PERMANENT'], 30 => $user->lang['30_MINS'], 60 => $user->lang['1_HOUR'], 360 => $user->lang['6_HOURS'], 1440 => $user->lang['1_DAY'], 10080 => $user->lang['7_DAYS'], 20160 => $user->lang['2_WEEKS'], 40320 => $user->lang['1_MONTH'], -1 => $user->lang['UNTIL'] . ' -> ');
+
+	$ban_end_options = '';
+	foreach ($ban_end_text as $length => $text)
+	{
+		$ban_end_options .= '<option value="' . $length . '">' . $text . '</option>';
+	}
+
+	$template->assign_vars(array(
+		'S_BAN_END_OPTIONS'	=> $ban_end_options
+	));
+}
+
+/**
+* Display ban options
+*/
+function display_ban_options($mode)
+{
+	global $user, $db, $template;
+
+	switch ($mode)
+	{
+		case 'user':
+
+			$field = 'username';
+
+			$sql = 'SELECT b.*, u.user_id, u.username, u.username_clean
+				FROM ' . BANLIST_TABLE . ' b, ' . USERS_TABLE . ' u
+				WHERE (b.ban_end >= ' . time() . '
+						OR b.ban_end = 0)
+					AND u.user_id = b.ban_userid
+				ORDER BY u.username_clean ASC';
+		break;
+
+		case 'ip':
+
+			$field = 'ban_ip';
+
+			$sql = 'SELECT *
+				FROM ' . BANLIST_TABLE . '
+				WHERE (ban_end >= ' . time() . "
+						OR ban_end = 0)
+					AND ban_ip <> ''
+				ORDER BY ban_ip";
+		break;
+
+		case 'email':
+
+			$field = 'ban_email';
+
+			$sql = 'SELECT *
+				FROM ' . BANLIST_TABLE . '
+				WHERE (ban_end >= ' . time() . "
+						OR ban_end = 0)
+					AND ban_email <> ''
+				ORDER BY ban_email";
+		break;
+	}
+	$result = $db->sql_query($sql);
+
+	$banned_options = $excluded_options = array();
+	while ($row = $db->sql_fetchrow($result))
+	{
+		$option = '<option value="' . $row['ban_id'] . '">' . $row[$field] . '</option>';
+
+		if ($row['ban_exclude'])
+		{
+			$excluded_options[] = $option;
+		}
+		else
+		{
+			$banned_options[] = $option;
+		}
+
+		$time_length = ($row['ban_end']) ? ($row['ban_end'] - $row['ban_start']) / 60 : 0;
+
+		if ($time_length == 0)
+		{
+			// Banned permanently
+			$ban_length = $user->lang['PERMANENT'];
+		}
+		else if (isset($ban_end_text[$time_length]))
+		{
+			// Banned for a given duration
+			$ban_length = $user->lang('BANNED_UNTIL_DURATION', $ban_end_text[$time_length], $user->format_date($row['ban_end'], false, true));
+		}
+		else
+		{
+			// Banned until given date
+			$ban_length = $user->lang('BANNED_UNTIL_DATE', $user->format_date($row['ban_end'], false, true));
+		}
+
+		$template->assign_block_vars('bans', array(
+			'BAN_ID'		=> (int) $row['ban_id'],
+			'LENGTH'		=> $ban_length,
+			'A_LENGTH'		=> addslashes($ban_length),
+			'REASON'		=> $row['ban_reason'],
+			'A_REASON'		=> addslashes($row['ban_reason']),
+			'GIVE_REASON'	=> $row['ban_give_reason'],
+			'A_GIVE_REASON'	=> addslashes($row['ban_give_reason']),
+		));
+	}
+	$db->sql_freeresult($result);
+
+	$options = '';
+	if ($excluded_options)
+	{
+		$options .= '<optgroup label="' . $user->lang['OPTIONS_EXCLUDED'] . '">';
+		$options .= implode('', $excluded_options);
+		$options .= '</optgroup>';
+	}
+
+	if ($banned_options)
+	{
+		$options .= '<optgroup label="' . $user->lang['OPTIONS_BANNED'] . '">';
+		$options .= implode('', $banned_options);
+		$options .= '</optgroup>';
+	}
+
+	$template->assign_vars(array(
+		'S_BANNED_OPTIONS'	=> ($banned_options || $excluded_options) ? true : false,
+		'BANNED_OPTIONS'	=> $options,
+	));
+}

phpBB/includes/functions_compatibility.php

@@ -511,3 +511,225 @@ function phpbb_pcre_utf8_support()
 {
 	return true;
 }
+
+/**
+* Load the autoloaders added by the extensions.
+*
+* @param string $phpbb_root_path Path to the phpbb root directory.
+*
+* @deprecated 3.2.10 (To be removed 4.0.0)
+*/
+function phpbb_load_extensions_autoloaders($phpbb_root_path)
+{
+	$iterator = new \RecursiveIteratorIterator(
+		new \phpbb\recursive_dot_prefix_filter_iterator(
+			new \RecursiveDirectoryIterator(
+				$phpbb_root_path . 'ext/',
+				\FilesystemIterator::SKIP_DOTS | \FilesystemIterator::FOLLOW_SYMLINKS
+			)
+		),
+		\RecursiveIteratorIterator::SELF_FIRST
+	);
+	$iterator->setMaxDepth(2);
+
+	foreach ($iterator as $file_info)
+	{
+		if ($file_info->getFilename() === 'vendor' && $iterator->getDepth() === 2)
+		{
+			$filename = $file_info->getRealPath() . '/autoload.php';
+			if (file_exists($filename))
+			{
+				require $filename;
+			}
+		}
+	}
+}
+
+/**
+* Casts a variable to the given type.
+*
+* @deprecated
+*/
+function set_var(&$result, $var, $type, $multibyte = false)
+{
+	// no need for dependency injection here, if you have the object, call the method yourself!
+	$type_cast_helper = new \phpbb\request\type_cast_helper();
+	$type_cast_helper->set_var($result, $var, $type, $multibyte);
+}
+
+
+/**
+* Login using http authenticate.
+*
+* @param array	$param		Parameter array, see $param_defaults array.
+*
+* @return null
+*
+* @deprecated 3.2.10 (To be removed 4.0.0)
+*/
+function phpbb_http_login($param)
+{
+	global $auth, $user, $request;
+	global $config;
+
+	$param_defaults = array(
+		'auth_message'	=> '',
+
+		'autologin'		=> false,
+		'viewonline'	=> true,
+		'admin'			=> false,
+	);
+
+	// Overwrite default values with passed values
+	$param = array_merge($param_defaults, $param);
+
+	// User is already logged in
+	// We will not overwrite his session
+	if (!empty($user->data['is_registered']))
+	{
+		return;
+	}
+
+	// $_SERVER keys to check
+	$username_keys = array(
+		'PHP_AUTH_USER',
+		'Authorization',
+		'REMOTE_USER', 'REDIRECT_REMOTE_USER',
+		'HTTP_AUTHORIZATION', 'REDIRECT_HTTP_AUTHORIZATION',
+		'REMOTE_AUTHORIZATION', 'REDIRECT_REMOTE_AUTHORIZATION',
+		'AUTH_USER',
+	);
+
+	$password_keys = array(
+		'PHP_AUTH_PW',
+		'REMOTE_PASSWORD',
+		'AUTH_PASSWORD',
+	);
+
+	$username = null;
+	foreach ($username_keys as $k)
+	{
+		if ($request->is_set($k, \phpbb\request\request_interface::SERVER))
+		{
+			$username = htmlspecialchars_decode($request->server($k));
+			break;
+		}
+	}
+
+	$password = null;
+	foreach ($password_keys as $k)
+	{
+		if ($request->is_set($k, \phpbb\request\request_interface::SERVER))
+		{
+			$password = htmlspecialchars_decode($request->server($k));
+			break;
+		}
+	}
+
+	// Decode encoded information (IIS, CGI, FastCGI etc.)
+	if (!is_null($username) && is_null($password) && strpos($username, 'Basic ') === 0)
+	{
+		list($username, $password) = explode(':', base64_decode(substr($username, 6)), 2);
+	}
+
+	if (!is_null($username) && !is_null($password))
+	{
+		set_var($username, $username, 'string', true);
+		set_var($password, $password, 'string', true);
+
+		$auth_result = $auth->login($username, $password, $param['autologin'], $param['viewonline'], $param['admin']);
+
+		if ($auth_result['status'] == LOGIN_SUCCESS)
+		{
+			return;
+		}
+		else if ($auth_result['status'] == LOGIN_ERROR_ATTEMPTS)
+		{
+			send_status_line(401, 'Unauthorized');
+
+			trigger_error('NOT_AUTHORISED');
+		}
+	}
+
+	// Prepend sitename to auth_message
+	$param['auth_message'] = ($param['auth_message'] === '') ? $config['sitename'] : $config['sitename'] . ' - ' . $param['auth_message'];
+
+	// We should probably filter out non-ASCII characters - RFC2616
+	$param['auth_message'] = preg_replace('/[\x80-\xFF]/', '?', $param['auth_message']);
+
+	header('WWW-Authenticate: Basic realm="' . $param['auth_message'] . '"');
+	send_status_line(401, 'Unauthorized');
+
+	trigger_error('NOT_AUTHORISED');
+}
+
+/**
+* Converts query string (GET) parameters in request into hidden fields.
+*
+* Useful for forwarding GET parameters when submitting forms with GET method.
+*
+* It is possible to omit some of the GET parameters, which is useful if
+* they are specified in the form being submitted.
+*
+* sid is always omitted.
+*
+* @param \phpbb\request\request $request Request object
+* @param array $exclude A list of variable names that should not be forwarded
+* @return string HTML with hidden fields
+*
+* @deprecated 3.2.10 (To be removed 4.0.0)
+*/
+function phpbb_build_hidden_fields_for_query_params($request, $exclude = null)
+{
+	$names = $request->variable_names(\phpbb\request\request_interface::GET);
+	$hidden = '';
+	foreach ($names as $name)
+	{
+		// Sessions are dealt with elsewhere, omit sid always
+		if ($name == 'sid')
+		{
+			continue;
+		}
+
+		// Omit any additional parameters requested
+		if (!empty($exclude) && in_array($name, $exclude))
+		{
+			continue;
+		}
+
+		$escaped_name = phpbb_quoteattr($name);
+
+		// Note: we might retrieve the variable from POST or cookies
+		// here. To avoid exposing cookies, skip variables that are
+		// overwritten somewhere other than GET entirely.
+		$value = $request->variable($name, '', true);
+		$get_value = $request->variable($name, '', true, \phpbb\request\request_interface::GET);
+		if ($value === $get_value)
+		{
+			$escaped_value = phpbb_quoteattr($value);
+			$hidden .= "<input type='hidden' name=$escaped_name value=$escaped_value />";
+		}
+	}
+	return $hidden;
+}
+
+/**
+* Delete all PM(s) for a given user and delete the ones without references
+*
+* @param	int		$user_id	ID of the user whose private messages we want to delete
+*
+* @return	boolean		False if there were no pms found, true otherwise.
+*
+* @deprecated 3.2.10 (To be removed 4.0.0)
+*/
+function phpbb_delete_user_pms($user_id)
+{
+	$user_id = (int) $user_id;
+
+	if (!$user_id)
+	{
+		return false;
+	}
+
+	return phpbb_delete_users_pms(array($user_id));
+}

phpBB/includes/functions_compress.php

@@ -296,7 +296,7 @@ class compress_zip extends compress
 
 									try
 									{
-										$this->filesystem->phpbb_chmod($str, CHMOD_READ | CHMOD_WRITE);
+										$this->filesystem->phpbb_chmod($str, \phpbb\filesystem\filesystem_interface::CHMOD_READ | \phpbb\filesystem\filesystem_interface::CHMOD_WRITE);
 									}
 									catch (\phpbb\filesystem\exception\filesystem_exception $e)
 									{
@@ -333,7 +333,7 @@ class compress_zip extends compress
 
 								try
 								{
-									$this->filesystem->phpbb_chmod($str, CHMOD_READ | CHMOD_WRITE);
+									$this->filesystem->phpbb_chmod($str, \phpbb\filesystem\filesystem_interface::CHMOD_READ | \phpbb\filesystem\filesystem_interface::CHMOD_WRITE);
 								}
 								catch (\phpbb\filesystem\exception\filesystem_exception $e)
 								{
@@ -636,7 +636,7 @@ class compress_tar extends compress
 
 								try
 								{
-									$this->filesystem->phpbb_chmod($str, CHMOD_READ | CHMOD_WRITE);
+									$this->filesystem->phpbb_chmod($str, \phpbb\filesystem\filesystem_interface::CHMOD_READ | \phpbb\filesystem\filesystem_interface::CHMOD_WRITE);
 								}
 								catch (\phpbb\filesystem\exception\filesystem_exception $e)
 								{
@@ -671,7 +671,7 @@ class compress_tar extends compress
 
 							try
 							{
-								$this->filesystem->phpbb_chmod($str, CHMOD_READ | CHMOD_WRITE);
+								$this->filesystem->phpbb_chmod($str, \phpbb\filesystem\filesystem_interface::CHMOD_READ | \phpbb\filesystem\filesystem_interface::CHMOD_WRITE);
 							}
 							catch (\phpbb\filesystem\exception\filesystem_exception $e)
 							{
@@ -688,7 +688,7 @@ class compress_tar extends compress
 
 					try
 					{
-						$this->filesystem->phpbb_chmod($target_filename, CHMOD_READ);
+						$this->filesystem->phpbb_chmod($target_filename, \phpbb\filesystem\filesystem_interface::CHMOD_READ);
 					}
 					catch (\phpbb\filesystem\exception\filesystem_exception $e)
 					{

phpBB/includes/functions_content.php

@@ -1166,6 +1166,8 @@ function parse_attachments($forum_id, &$message, &$attachments, &$update_count_a
 		$filename = $phpbb_root_path . $config['upload_path'] . '/' . utf8_basename($attachment['physical_filename']);
 
 		$upload_icon = '';
+		$download_link = '';
+		$display_cat = false;
 
 		if (isset($extensions[$attachment['extension']]))
 		{
@@ -1345,7 +1347,7 @@ function parse_attachments($forum_id, &$message, &$attachments, &$update_count_a
 		);
 		extract($phpbb_dispatcher->trigger_event('core.parse_attachments_modify_template_data', compact($vars)));
 		$update_count_ary = $update_count;
-		unset($update_count);
+		unset($update_count, $display_cat, $download_link);
 
 		$template->assign_block_vars('_file', $block_array);
 

phpBB/includes/functions_display.php

@@ -70,7 +70,7 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod
 				$data = array(
 					'NO_UNREAD_POSTS'	=> $user->lang['NO_UNREAD_POSTS'],
 					'UNREAD_POSTS'		=> $user->lang['UNREAD_POSTS'],
-					'U_MARK_FORUMS'		=> ($user->data['is_registered'] || $config['load_anon_lastread']) ? append_sid("{$phpbb_root_path}index.$phpEx", 'hash=' . generate_link_hash('global') . '&mark=forums&mark_time=' . time()) : '',
+					'U_MARK_FORUMS'		=> ($user->data['is_registered'] || $config['load_anon_lastread']) ? append_sid("{$phpbb_root_path}index.$phpEx", 'hash=' . generate_link_hash('global') . '&mark=forums&mark_time=' . time(), false) : '',
 					'MESSAGE_TITLE'		=> $user->lang['INFORMATION'],
 					'MESSAGE_TEXT'		=> $user->lang['FORUMS_MARKED']
 				);
@@ -355,7 +355,7 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod
 				$data = array(
 					'NO_UNREAD_POSTS'	=> $user->lang['NO_UNREAD_POSTS'],
 					'UNREAD_POSTS'		=> $user->lang['UNREAD_POSTS'],
-					'U_MARK_FORUMS'		=> ($user->data['is_registered'] || $config['load_anon_lastread']) ? append_sid("{$phpbb_root_path}viewforum.$phpEx", 'hash=' . generate_link_hash('global') . '&f=' . $root_data['forum_id'] . '&mark=forums&mark_time=' . time()) : '',
+					'U_MARK_FORUMS'		=> ($user->data['is_registered'] || $config['load_anon_lastread']) ? append_sid("{$phpbb_root_path}viewforum.$phpEx", 'hash=' . generate_link_hash('global') . '&f=' . $root_data['forum_id'] . '&mark=forums&mark_time=' . time(), false) : '',
 					'MESSAGE_TITLE'		=> $user->lang['INFORMATION'],
 					'MESSAGE_TEXT'		=> $user->lang['FORUMS_MARKED']
 				);
@@ -539,7 +539,8 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod
 		{
 			if ($row['forum_password_last_post'] === '' && $auth->acl_gets('f_read', 'f_list_topics', $row['forum_id_last_post']))
 			{
-				$last_post_subject = censor_text($row['forum_last_post_subject']);
+				$last_post_subject = utf8_decode_ncr(censor_text($row['forum_last_post_subject']));
+
 				$last_post_subject_truncated = truncate_string($last_post_subject, 30, 255, false, $user->lang['ELLIPSIS']);
 			}
 			else
@@ -547,11 +548,12 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod
 				$last_post_subject = $last_post_subject_truncated = '';
 			}
 			$last_post_time = $user->format_date($row['forum_last_post_time']);
+			$last_post_time_rfc3339 = gmdate(DATE_RFC3339, $row['forum_last_post_time']);
 			$last_post_url = append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'f=' . $row['forum_id_last_post'] . '&p=' . $row['forum_last_post_id']) . '#p' . $row['forum_last_post_id'];
 		}
 		else
 		{
-			$last_post_subject = $last_post_time = $last_post_url = $last_post_subject_truncated = '';
+			$last_post_subject = $last_post_time = $last_post_time_rfc3339 = $last_post_url = $last_post_subject_truncated = '';
 		}
 
 		// Output moderator listing ... if applicable
@@ -622,6 +624,7 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod
 			'LAST_POST_SUBJECT'		=> $last_post_subject,
 			'LAST_POST_SUBJECT_TRUNCATED'	=> $last_post_subject_truncated,
 			'LAST_POST_TIME'		=> $last_post_time,
+			'LAST_POST_TIME_RFC3339'=> $last_post_time_rfc3339,
 			'LAST_POSTER'			=> get_username_string('username', $row['forum_last_poster_id'], $row['forum_last_poster_name'], $row['forum_last_poster_colour']),
 			'LAST_POSTER_COLOUR'	=> get_username_string('colour', $row['forum_last_poster_id'], $row['forum_last_poster_name'], $row['forum_last_poster_colour']),
 			'LAST_POSTER_FULL'		=> get_username_string('full', $row['forum_last_poster_id'], $row['forum_last_poster_name'], $row['forum_last_poster_colour']),
@@ -1111,13 +1114,15 @@ function display_custom_bbcodes()
 			$row['bbcode_helpline'] = $user->lang[strtoupper($row['bbcode_helpline'])];
 		}
 
+		// Convert Numeric Character References to UTF-8 chars.
+		$row['bbcode_helpline'] = utf8_decode_ncr($row['bbcode_helpline']);
+
 		$custom_tags = array(
 			'BBCODE_NAME'		=> "'[{$row['bbcode_tag']}]', '[/" . str_replace('=', '', $row['bbcode_tag']) . "]'",
 			'BBCODE_ID'			=> $num_predefined_bbcodes + ($i * 2),
 			'BBCODE_TAG'		=> $row['bbcode_tag'],
 			'BBCODE_TAG_CLEAN'	=> str_replace('=', '-', $row['bbcode_tag']),
 			'BBCODE_HELPLINE'	=> $row['bbcode_helpline'],
-			'A_BBCODE_HELPLINE'	=> str_replace(array('&amp;', '&quot;', "'", '&lt;', '&gt;'), array('&', '"', "\'", '<', '>'), $row['bbcode_helpline']),
 		);
 
 		/**
@@ -1690,8 +1695,8 @@ function phpbb_show_profile($data, $user_notes_enabled = false, $warn_user_enabl
 		'U_EMAIL'		=> $email,
 		'U_JABBER'		=> ($data['user_jabber'] && $auth->acl_get('u_sendim')) ? append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=contact&amp;action=jabber&amp;u=' . $user_id) : '',
 
-		'USER_JABBER'		=> ($config['jab_enable']) ? $data['user_jabber'] : '',
-		'USER_JABBER_IMG'	=> ($config['jab_enable'] && $data['user_jabber']) ? $user->img('icon_contact_jabber', $data['user_jabber']) : '',
+		'USER_JABBER'		=> ($config['jab_enable'] && $auth->acl_get('u_sendim')) ? $data['user_jabber'] : '',
+		'USER_JABBER_IMG'	=> ($config['jab_enable'] && $auth->acl_get('u_sendim') && $data['user_jabber']) ? $user->img('icon_contact_jabber', $data['user_jabber']) : '',
 
 		'L_SEND_EMAIL_USER' => $user->lang('SEND_EMAIL_USER', $username),
 		'L_CONTACT_USER'	=> $user->lang('CONTACT_USER', $username),

phpBB/includes/functions_mcp.php

@@ -197,7 +197,7 @@ function phpbb_get_topic_data($topic_ids, $acl_list = false, $read_tracking = fa
 */
 function phpbb_get_post_data($post_ids, $acl_list = false, $read_tracking = false)
 {
-	global $db, $auth, $config, $user, $phpbb_container;
+	global $db, $auth, $config, $user, $phpbb_dispatcher, $phpbb_container;
 
 	$rowset = array();
 
@@ -265,6 +265,25 @@ function phpbb_get_post_data($post_ids, $acl_list = false, $read_tracking = fals
 	}
 	$db->sql_freeresult($result);
 
+	/**
+	* This event allows you to modify post data displayed in the MCP
+	*
+	* @event core.mcp_get_post_data_after
+	* @var array	post_ids		Array with post ids that have been fetched
+	* @var mixed	acl_list		Either false or an array with permission strings to check
+	* @var bool		read_tracking	Whether or not to take last mark read time into account
+	* @var array	rowset			The array of posts to be returned
+	* @since 3.2.10-RC1
+	* @since 3.3.1-RC1
+	*/
+	$vars = [
+		'post_ids',
+		'acl_list',
+		'read_tracking',
+		'rowset',
+	];
+	extract($phpbb_dispatcher->trigger_event('core.mcp_get_post_data_after', compact($vars)));
+
 	return $rowset;
 }
 

phpBB/includes/functions_messenger.php

@@ -1013,7 +1013,7 @@ class queue
 
 				try
 				{
-					$this->filesystem->phpbb_chmod($this->cache_file, CHMOD_READ | CHMOD_WRITE);
+					$this->filesystem->phpbb_chmod($this->cache_file, \phpbb\filesystem\filesystem_interface::CHMOD_READ | \phpbb\filesystem\filesystem_interface::CHMOD_WRITE);
 				}
 				catch (\phpbb\filesystem\exception\filesystem_exception $e)
 				{
@@ -1067,7 +1067,7 @@ class queue
 
 			try
 			{
-				$this->filesystem->phpbb_chmod($this->cache_file, CHMOD_READ | CHMOD_WRITE);
+				$this->filesystem->phpbb_chmod($this->cache_file, \phpbb\filesystem\filesystem_interface::CHMOD_READ | \phpbb\filesystem\filesystem_interface::CHMOD_WRITE);
 			}
 			catch (\phpbb\filesystem\exception\filesystem_exception $e)
 			{
@@ -1893,14 +1893,21 @@ function mail_encode($str, $eol = "\r\n")
 }
 
 /**
-* Wrapper for sending out emails with the PHP's mail function
-*/
+ * Wrapper for sending out emails with the PHP's mail function
+ */
 function phpbb_mail($to, $subject, $msg, $headers, $eol, &$err_msg)
 {
 	global $config, $phpbb_root_path, $phpEx;
 
-	// We use the EOL character for the OS here because the PHP mail function does not correctly transform line endings. On Windows SMTP is used (SMTP is \r\n), on UNIX a command is used...
-	// Reference: http://bugs.php.net/bug.php?id=15841
+	// Convert Numeric Character References to UTF-8 chars (ie. Emojis)
+	$subject = utf8_decode_ncr($subject);
+	$msg = utf8_decode_ncr($msg);
+
+	/**
+	 * We use the EOL character for the OS here because the PHP mail function does not correctly transform line endings.
+	 * On Windows SMTP is used (SMTP is \r\n), on UNIX a command is used...
+	 * Reference: http://bugs.php.net/bug.php?id=15841
+	 */
 	$headers = implode($eol, $headers);
 
 	if (!class_exists('\phpbb\error_collector'))
@@ -1911,10 +1918,14 @@ function phpbb_mail($to, $subject, $msg, $headers, $eol, &$err_msg)
 	$collector = new \phpbb\error_collector;
 	$collector->install();
 
-	// On some PHP Versions mail() *may* fail if there are newlines within the subject.
-	// Newlines are used as a delimiter for lines in mail_encode() according to RFC 2045 section 6.8.
-	// Because PHP can't decide what is wanted we revert back to the non-RFC-compliant way of separating by one space (Use '' as parameter to mail_encode() results in SPACE used)
+	/**
+	 * On some PHP Versions mail() *may* fail if there are newlines within the subject.
+	 * Newlines are used as a delimiter for lines in mail_encode() according to RFC 2045 section 6.8.
+	 * Because PHP can't decide what is wanted we revert back to the non-RFC-compliant way of separating by one space
+	 * (Use '' as parameter to mail_encode() results in SPACE used)
+	 */
 	$additional_parameters = $config['email_force_sender'] ? '-f' . $config['board_email'] : '';
+
 	$result = mail($to, mail_encode($subject, ''), wordwrap(utf8_wordwrap($msg), 997, "\n", true), $headers, $additional_parameters);
 
 	$collector->uninstall();

phpBB/includes/functions_posting.php

@@ -52,9 +52,32 @@ function generate_smilies($mode, $forum_id)
 
 		page_header($user->lang['SMILIES']);
 
-		$sql = 'SELECT COUNT(smiley_id) AS item_count
-			FROM ' . SMILIES_TABLE . '
-			GROUP BY smiley_url';
+		$sql_ary = [
+			'SELECT'	=> 'COUNT(s.smiley_id) AS item_count',
+			'FROM'		=> [
+				SMILIES_TABLE => 's',
+			],
+			'GROUP_BY'	=> 's.smiley_url',
+		];
+
+		/**
+		* Modify SQL query that fetches the total number of smilies in window mode
+		*
+		* @event core.generate_smilies_count_sql_before
+		* @var int		forum_id	Forum where smilies are generated
+		* @var array	sql_ary		Array with the SQL query
+		* @var string	base_url	URL for the "More smilies" link and its pagination
+		* @since 3.2.9-RC1
+		* @changed 3.2.10-RC1 Added base_url
+		*/
+		$vars = [
+			'forum_id',
+			'sql_ary',
+			'base_url',
+		];
+		extract($phpbb_dispatcher->trigger_event('core.generate_smilies_count_sql_before', compact($vars)));
+
+		$sql = $db->sql_build_query('SELECT', $sql_ary);
 		$result = $db->sql_query($sql, 3600);
 
 		$smiley_count = 0;
@@ -89,18 +112,52 @@ function generate_smilies($mode, $forum_id)
 
 	if ($mode == 'window')
 	{
-		$sql = 'SELECT smiley_url, MIN(emotion) as emotion, MIN(code) AS code, smiley_width, smiley_height, MIN(smiley_order) AS min_smiley_order
-			FROM ' . SMILIES_TABLE . '
-			GROUP BY smiley_url, smiley_width, smiley_height
-			ORDER BY min_smiley_order';
+		$sql_ary = [
+			'SELECT'	=> 's.smiley_url, MIN(s.emotion) AS emotion, MIN(s.code) AS code, s.smiley_width, s.smiley_height, MIN(s.smiley_order) AS min_smiley_order',
+			'FROM'		=> [
+				SMILIES_TABLE => 's',
+			],
+			'GROUP_BY'	=> 's.smiley_url, s.smiley_width, s.smiley_height',
+			'ORDER_BY'	=> 'min_smiley_order',
+		];
+	}
+	else
+	{
+		$sql_ary = [
+			'SELECT'	=> 's.*',
+			'FROM'		=> [
+				SMILIES_TABLE => 's',
+			],
+			'WHERE'		=> 's.display_on_posting = 1',
+			'ORDER_BY'	=> 's.smiley_order',
+		];
+	}
+
+	/**
+	* Modify the SQL query that fetches the smilies
+	*
+	* @event core.generate_smilies_modify_sql
+	* @var string	mode		Smiley mode, either window or inline
+	* @var int		forum_id	Forum where smilies are generated, or 0 if composing a private message
+	* @var array	sql_ary		Array with SQL query data
+	* @since 3.2.10-RC1
+	* @since 3.3.1-RC1
+	*/
+	$vars = [
+		'mode',
+		'forum_id',
+		'sql_ary',
+	];
+	extract($phpbb_dispatcher->trigger_event('core.generate_smilies_modify_sql', compact($vars)));
+
+	$sql = $db->sql_build_query('SELECT', $sql_ary);
+
+	if ($mode == 'window')
+	{
 		$result = $db->sql_query_limit($sql, $config['smilies_per_page'], $start, 3600);
 	}
 	else
 	{
-		$sql = 'SELECT *
-			FROM ' . SMILIES_TABLE . '
-			WHERE display_on_posting = 1
-			ORDER BY smiley_order';
 		$result = $db->sql_query($sql, 3600);
 	}
 
@@ -114,6 +171,22 @@ function generate_smilies($mode, $forum_id)
 	}
 	$db->sql_freeresult($result);
 
+	/**
+	* Modify smilies before they are assigned to the template
+	*
+	* @event core.generate_smilies_modify_rowset
+	* @var string	mode		Smiley mode, either window or inline
+	* @var int		forum_id	Forum where smilies are generated, or 0 if composing a private message
+	* @var array	smilies		Smiley rows fetched from the database
+	* @since 3.2.9-RC1
+	*/
+	$vars = [
+		'mode',
+		'forum_id',
+		'smilies',
+	];
+	extract($phpbb_dispatcher->trigger_event('core.generate_smilies_modify_rowset', compact($vars)));
+
 	if (count($smilies))
 	{
 		$root_path = (defined('PHPBB_USE_BOARD_URL_PATH') && PHPBB_USE_BOARD_URL_PATH) ? generate_board_url() . '/' : $phpbb_path_helper->get_web_root_path();
@@ -147,9 +220,16 @@ function generate_smilies($mode, $forum_id)
 	* @var	string	mode			Mode of the smilies: window|inline
 	* @var	int		forum_id		The forum ID we are currently in
 	* @var	bool	display_link	Shall we display the "more smilies" link?
+	* @var string	base_url		URL for the "More smilies" link and its pagination
 	* @since 3.1.0-a1
+	* @changed 3.2.10-RC1 Added base_url
 	*/
-	$vars = array('mode', 'forum_id', 'display_link');
+	$vars = [
+		'mode',
+		'forum_id',
+		'display_link',
+		'base_url',
+	];
 	extract($phpbb_dispatcher->trigger_event('core.generate_smilies_after', compact($vars)));
 
 	if ($mode == 'inline' && $display_link)
@@ -681,7 +761,7 @@ function create_thumbnail($source, $destination, $mimetype)
 
 	try
 	{
-		$phpbb_filesystem->phpbb_chmod($destination, CHMOD_READ | CHMOD_WRITE);
+		$phpbb_filesystem->phpbb_chmod($destination, \phpbb\filesystem\filesystem_interface::CHMOD_READ | \phpbb\filesystem\filesystem_interface::CHMOD_WRITE);
 	}
 	catch (\phpbb\filesystem\exception\filesystem_exception $e)
 	{
@@ -2783,7 +2863,7 @@ function phpbb_handle_post_delete($forum_id, $topic_id, $post_id, &$post_data, $
 				$s_hidden_fields['delete_permanent'] = '1';
 			}
 
-			confirm_box(false, $l_confirm, build_hidden_fields($s_hidden_fields), 'confirm_delete_body.html');
+			confirm_box(false, [$l_confirm, 1], build_hidden_fields($s_hidden_fields), 'confirm_delete_body.html');
 		}
 	}
 

phpBB/includes/functions_privmsgs.php

@@ -958,6 +958,11 @@ function handle_mark_actions($user_id, $mark_action)
 	{
 		case 'mark_important':
 
+			if (!check_form_key('ucp_pm_view'))
+			{
+				trigger_error('FORM_INVALID');
+			}
+
 			$sql = 'UPDATE ' . PRIVMSGS_TO_TABLE . "
 				SET pm_marked = 1 - pm_marked
 				WHERE folder_id = $cur_folder_id
@@ -1174,25 +1179,6 @@ function delete_pm($user_id, $msg_ids, $folder_id)
 	return true;
 }
 
-/**
-* Delete all PM(s) for a given user and delete the ones without references
-*
-* @param	int		$user_id	ID of the user whose private messages we want to delete
-*
-* @return	boolean		False if there were no pms found, true otherwise.
-*/
-function phpbb_delete_user_pms($user_id)
-{
-	$user_id = (int) $user_id;
-
-	if (!$user_id)
-	{
-		return false;
-	}
-
-	return phpbb_delete_users_pms(array($user_id));
-}
-
 /**
 * Delete all PM(s) for given users and delete the ones without references
 *
@@ -2060,6 +2046,35 @@ function message_history($msg_id, $user_id, $message_row, $folder, $in_post_mode
 	while ($row = $db->sql_fetchrow($result));
 	$db->sql_freeresult($result);
 
+	$url = append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=pm');
+
+	/**
+	* Modify message rows before displaying the history in private messages
+	*
+	* @event core.message_history_modify_rowset
+	* @var int		msg_id			ID of the private message
+	* @var int		user_id			ID of the message author
+	* @var array	message_row		Array with message data
+	* @var array	folder			Array with data of user's message folders
+	* @var bool		in_post_mode	Whether or not we are viewing or composing
+	* @var array	rowset			Array with message history data
+	* @var string	url				Base URL used to generate links to private messages
+	* @var string	title			Subject of the private message
+	* @since 3.2.10-RC1
+	* @since 3.3.1-RC1
+	*/
+	$vars = [
+		'msg_id',
+		'user_id',
+		'message_row',
+		'folder',
+		'in_post_mode',
+		'rowset',
+		'url',
+		'title',
+	];
+	extract($phpbb_dispatcher->trigger_event('core.message_history_modify_rowset', compact($vars)));
+
 	if (count($rowset) == 1 && !$in_post_mode)
 	{
 		return false;
@@ -2067,7 +2082,6 @@ function message_history($msg_id, $user_id, $message_row, $folder, $in_post_mode
 
 	$title = censor_text($title);
 
-	$url = append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=pm');
 	$next_history_pm = $previous_history_pm = $prev_id = 0;
 
 	// Re-order rowset to be able to get the next/prev message rows...

phpBB/includes/functions_user.php

@@ -424,11 +424,11 @@ function user_add($user_row, $cp_data = false, $notifications_data = null)
 }
 
 /**
- * Remove User
+ * Delete user(s) and their related data
  *
- * @param string	$mode		Either 'retain' or 'remove'
- * @param mixed		$user_ids	Either an array of integers or an integer
- * @param bool		$retain_username
+ * @param string	$mode				Mode of posts deletion (retain|delete)
+ * @param mixed		$user_ids			Either an array of integers or an integer
+ * @param bool		$retain_username	True if username should be retained, false otherwise
  * @return bool
  */
 function user_delete($mode, $user_ids, $retain_username = true)
@@ -462,17 +462,16 @@ function user_delete($mode, $user_ids, $retain_username = true)
 	}
 
 	/**
-	* Event before a user is deleted
-	*
-	* @event core.delete_user_before
-	* @var	string	mode		Mode of deletion (retain/delete posts)
-	* @var	array	user_ids	IDs of the deleted user
-	* @var	mixed	retain_username	True if username should be retained
-	*				or false if not
-	* @var	array	user_rows	Array containing data of the deleted users
-	* @since 3.1.0-a1
-	* @changed 3.2.4-RC1 Added user_rows
-	*/
+	 * Event before of the performing of the user(s) delete action
+	 *
+	 * @event core.delete_user_before
+	 * @var string	mode				Mode of posts deletion (retain|delete)
+	 * @var array	user_ids			ID(s) of the user(s) bound to be deleted
+	 * @var bool	retain_username		True if username should be retained, false otherwise
+	 * @var array	user_rows			Array containing data of the user(s) bound to be deleted
+	 * @since 3.1.0-a1
+	 * @changed 3.2.4-RC1 Added user_rows
+	 */
 	$vars = array('mode', 'user_ids', 'retain_username', 'user_rows');
 	extract($phpbb_dispatcher->trigger_event('core.delete_user_before', compact($vars)));
 
@@ -761,7 +760,7 @@ function user_delete($mode, $user_ids, $retain_username = true)
 	$db->sql_query($sql);
 
 	// Clean the private messages tables from the user
-	if (!function_exists('phpbb_delete_user_pms'))
+	if (!function_exists('phpbb_delete_users_pms'))
 	{
 		include($phpbb_root_path . 'includes/functions_privmsgs.' . $phpEx);
 	}
@@ -773,17 +772,16 @@ function user_delete($mode, $user_ids, $retain_username = true)
 	$db->sql_transaction('commit');
 
 	/**
-	* Event after a user is deleted
-	*
-	* @event core.delete_user_after
-	* @var	string	mode		Mode of deletion (retain/delete posts)
-	* @var	array	user_ids	IDs of the deleted user
-	* @var	mixed	retain_username	True if username should be retained
-	*				or false if not
-	* @var	array	user_rows	Array containing data of the deleted users
-	* @since 3.1.0-a1
-	* @changed 3.2.2-RC1 Added user_rows
-	*/
+	 * Event after the user(s) delete action has been performed
+	 *
+	 * @event core.delete_user_after
+	 * @var string	mode				Mode of posts deletion (retain|delete)
+	 * @var array	user_ids			ID(s) of the deleted user(s)
+	 * @var bool	retain_username		True if username should be retained, false otherwise
+	 * @var array	user_rows			Array containing data of the deleted user(s)
+	 * @since 3.1.0-a1
+	 * @changed 3.2.2-RC1 Added user_rows
+	 */
 	$vars = array('mode', 'user_ids', 'retain_username', 'user_rows');
 	extract($phpbb_dispatcher->trigger_event('core.delete_user_after', compact($vars)));
 
@@ -1046,13 +1044,15 @@ function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reas
 					$banlist_ary[] = (int) $row['user_id'];
 				}
 				while ($row = $db->sql_fetchrow($result));
+
+				$db->sql_freeresult($result);
 			}
 			else
 			{
 				$db->sql_freeresult($result);
+
 				trigger_error('NO_USERS', E_USER_WARNING);
 			}
-			$db->sql_freeresult($result);
 		break;
 
 		case 'ip':
@@ -1473,7 +1473,8 @@ function user_ipwhois($ip)
 	if (($fsk = @fsockopen($whois_host, 43)))
 	{
 		// CRLF as per RFC3912
-		fputs($fsk, "$ip\r\n");
+		// Z to limit the query to all possible flags (whois.arin.net)
+		fputs($fsk, "z $ip\r\n");
 		while (!feof($fsk))
 		{
 			$ipwhois .= fgets($fsk, 1024);
@@ -1945,9 +1946,10 @@ function validate_user_email($email, $allowed_email = false)
 		return $validate_email;
 	}
 
-	if (($ban = $user->check_ban(false, false, $email, true)) !== false)
+	$ban = $user->check_ban(false, false, $email, true);
+	if (!empty($ban))
 	{
-		return ($ban === true) ? 'EMAIL_BANNED' : (!empty($ban['ban_give_reason']) ? $ban['ban_give_reason'] : $ban);
+		return !empty($ban['ban_give_reason']) ? $ban['ban_give_reason'] : 'EMAIL_BANNED';
 	}
 
 	if (!$config['allow_emailreuse'])

phpBB/includes/mcp/mcp_ban.php

@@ -185,15 +185,6 @@ class mcp_ban
 			}
 		}
 
-		// Ban length options
-		$ban_end_text = array(0 => $user->lang['PERMANENT'], 30 => $user->lang['30_MINS'], 60 => $user->lang['1_HOUR'], 360 => $user->lang['6_HOURS'], 1440 => $user->lang['1_DAY'], 10080 => $user->lang['7_DAYS'], 20160 => $user->lang['2_WEEKS'], 40320 => $user->lang['1_MONTH'], -1 => $user->lang['UNTIL'] . ' -> ');
-
-		$ban_end_options = '';
-		foreach ($ban_end_text as $length => $text)
-		{
-			$ban_end_options .= '<option value="' . $length . '">' . $text . '</option>';
-		}
-
 		// Define language vars
 		$this->page_title = $user->lang[strtoupper($mode) . '_BAN'];
 
@@ -218,7 +209,8 @@ class mcp_ban
 			break;
 		}
 
-		acp_ban::display_ban_options($mode);
+		display_ban_end_options();
+		display_ban_options($mode);
 
 		$template->assign_vars(array(
 			'L_TITLE'				=> $this->page_title,

phpBB/includes/mcp/mcp_logs.php

@@ -39,6 +39,7 @@ class mcp_logs
 		global $config, $phpbb_container, $phpbb_log;
 
 		$user->add_lang('acp/common');
+		$this->p_master->add_mod_info('acp');
 
 		$action = $request->variable('action', array('' => ''));
 

phpBB/includes/mcp/mcp_main.php

@@ -1049,6 +1049,7 @@ function mcp_delete_post($post_ids, $is_soft = false, $soft_delete_reason = '',
 
 	$redirect = $request->variable('redirect', build_url(array('action', 'quickmod')));
 	$forum_id = $request->variable('f', 0);
+	$topic_id = 0;
 
 	$s_hidden_fields = array(
 		'post_id_list'	=> $post_ids,
@@ -1122,8 +1123,6 @@ function mcp_delete_post($post_ids, $is_soft = false, $soft_delete_reason = '',
 			));
 		}
 
-		$topic_id = $request->variable('t', 0);
-
 		// Return links
 		$return_link = array();
 		if ($affected_topics == 1 && $topic_id)
@@ -1152,7 +1151,7 @@ function mcp_delete_post($post_ids, $is_soft = false, $soft_delete_reason = '',
 		$topic_id_list = array();
 		while ($row = $db->sql_fetchrow($result))
 		{
-			$topic_id_list[] = $row['topic_id'];
+			$topic_id_list[] = $topic_id = $row['topic_id'];
 		}
 		$affected_topics = count($topic_id_list);
 		$db->sql_freeresult($result);
@@ -1183,8 +1182,6 @@ function mcp_delete_post($post_ids, $is_soft = false, $soft_delete_reason = '',
 		$deleted_topics = ($row = $db->sql_fetchrow($result)) ? ($affected_topics - $row['topics_left']) : $affected_topics;
 		$db->sql_freeresult($result);
 
-		$topic_id = $request->variable('t', 0);
-
 		// Return links
 		$return_link = array();
 		if ($affected_topics == 1 && !$deleted_topics && $topic_id)
@@ -1203,6 +1200,12 @@ function mcp_delete_post($post_ids, $is_soft = false, $soft_delete_reason = '',
 			}
 			else
 			{
+				// Remove any post id anchor
+				if ($anchor_pos = (strrpos($redirect, '#p')) !== false)
+				{
+					$redirect = substr($redirect, 0, $anchor_pos);
+				}
+
 				$success_msg = $user->lang['POST_DELETED_SUCCESS'];
 			}
 		}
@@ -1260,7 +1263,6 @@ function mcp_delete_post($post_ids, $is_soft = false, $soft_delete_reason = '',
 		confirm_box(false, $l_confirm, build_hidden_fields($s_hidden_fields), 'confirm_delete_body.html');
 	}
 
-	$redirect = $request->variable('redirect', "index.$phpEx");
 	$redirect = reapply_sid($redirect);
 
 	if (!$success_msg)
@@ -1564,10 +1566,11 @@ function mcp_fork_topic($topic_ids)
 				// Copy Attachments
 				if ($row['post_attachment'])
 				{
-					$sql = 'SELECT * FROM ' . ATTACHMENTS_TABLE . "
-						WHERE post_msg_id = {$row['post_id']}
-							AND topic_id = $topic_id
-							AND in_message = 0";
+					$sql = 'SELECT * FROM ' . ATTACHMENTS_TABLE . '
+						WHERE post_msg_id = ' . (int) $row['post_id'] . '
+							AND topic_id = ' . (int) $topic_id . '
+							AND in_message = 0
+						ORDER BY attach_id ASC';
 					$result = $db->sql_query($sql);
 
 					$sql_ary = array();

phpBB/includes/mcp/mcp_notes.php

@@ -74,7 +74,7 @@ class mcp_notes
 	*/
 	function mcp_notes_user_view($action)
 	{
-		global $config, $phpbb_log, $request;
+		global $config, $phpbb_log, $request, $phpbb_root_path, $phpEx;
 		global $template, $db, $user, $auth, $phpbb_container;
 
 		$user_id = $request->variable('u', 0);
@@ -185,9 +185,13 @@ class mcp_notes
 			trigger_error($msg .  '<br /><br />' . sprintf($user->lang['RETURN_PAGE'], '<a href="' . $redirect . '">', '</a>'));
 		}
 
-		// Generate the appropriate user information for the user we are looking at
+		if (!function_exists('phpbb_get_user_rank'))
+		{
+			include($phpbb_root_path . 'includes/functions_display.' . $phpEx);
+		}
 
-		$rank_title = $rank_img = '';
+		// Generate the appropriate user information for the user we are looking at
+		$rank_data = phpbb_get_user_rank($userrow, $userrow['user_posts']);
 		$avatar_img = phpbb_get_user_avatar($userrow);
 
 		$limit_days = array(0 => $user->lang['ALL_ENTRIES'], 1 => $user->lang['1_DAY'], 7 => $user->lang['7_DAYS'], 14 => $user->lang['2_WEEKS'], 30 => $user->lang['1_MONTH'], 90 => $user->lang['3_MONTHS'], 180 => $user->lang['6_MONTHS'], 365 => $user->lang['1_YEAR']);
@@ -239,7 +243,6 @@ class mcp_notes
 
 			'TOTAL_REPORTS'		=> $user->lang('LIST_REPORTS', (int) $log_count),
 
-			'RANK_TITLE'		=> $rank_title,
 			'JOINED'			=> $user->format_date($userrow['user_regdate']),
 			'POSTS'				=> ($userrow['user_posts']) ? $userrow['user_posts'] : 0,
 			'WARNINGS'			=> ($userrow['user_warnings']) ? $userrow['user_warnings'] : 0,
@@ -250,9 +253,9 @@ class mcp_notes
 			'U_PROFILE'			=> get_username_string('profile', $userrow['user_id'], $userrow['username'], $userrow['user_colour']),
 
 			'AVATAR_IMG'		=> $avatar_img,
-			'RANK_IMG'			=> $rank_img,
-			)
-		);
+			'RANK_IMG'			=> $rank_data['img'],
+			'RANK_TITLE'		=> $rank_data['title'],
+		));
 	}
 
 }

phpBB/includes/mcp/mcp_post.php

@@ -363,14 +363,16 @@ function mcp_post_details($id, $mode, $action)
 		/** @var \phpbb\pagination $pagination */
 		$pagination = $phpbb_container->get('pagination');
 
-		$rdns_ip_num = $request->variable('rdns', '');
 		$start_users = $request->variable('start_users', 0);
+		$rdns_ip_num = $request->variable('rdns', '');
+		$lookup_all = $rdns_ip_num === 'all';
 
-		if ($rdns_ip_num != 'all')
+		$base_url = $url . '&i=main&mode=post_details';
+		$base_url .= $lookup_all ? '&rdns=all' : '';
+
+		if (!$lookup_all)
 		{
-			$template->assign_vars(array(
-				'U_LOOKUP_ALL'	=> "$url&i=main&mode=post_details&rdns=all")
-			);
+			$template->assign_var('U_LOOKUP_ALL', $base_url . '&rdns=all');
 		}
 
 		$num_users = false;
@@ -405,7 +407,7 @@ function mcp_post_details($id, $mode, $action)
 			}
 
 			$pagination->generate_template_pagination(
-				$url . '&i=main&mode=post_details',
+				$base_url,
 				'pagination',
 				'start_users',
 				$num_users,
@@ -475,7 +477,7 @@ function mcp_post_details($id, $mode, $action)
 				'NUM_POSTS'		=> $row['postings'],
 				'L_POST_S'		=> ($row['postings'] == 1) ? $user->lang['POST'] : $user->lang['POSTS'],
 
-				'U_LOOKUP_IP'	=> ($rdns_ip_num == $row['poster_ip'] || $rdns_ip_num == 'all') ? '' : "$url&i=$id&mode=post_details&rdns={$row['poster_ip']}#ip",
+				'U_LOOKUP_IP'	=> (!$lookup_all && $rdns_ip_num != $row['poster_ip']) ? "$base_url&start_ips={$start_ips}&rdns={$row['poster_ip']}#ip" : '',
 				'U_WHOIS'		=> append_sid("{$phpbb_root_path}mcp.$phpEx", "i=$id&mode=$mode&action=whois&p=$post_id&ip={$row['poster_ip']}"))
 			);
 		}
@@ -489,7 +491,7 @@ function mcp_post_details($id, $mode, $action)
 			}
 
 			$pagination->generate_template_pagination(
-				$url . '&i=main&mode=post_details',
+				$base_url,
 				'pagination_ips',
 				'start_ips',
 				$num_ips,

phpBB/includes/mcp/mcp_queue.php

@@ -370,8 +370,9 @@ class mcp_queue
 				$topic_id = $request->variable('t', 0);
 				$forum_info = array();
 
-				/* @var $pagination \phpbb\pagination */
-				$pagination = $phpbb_container->get('pagination');
+				// If 'sort' is set, "Go" was pressed which is located behind the forums <select> box
+				// Then, unset the topic id so it does not override the forum id
+				$topic_id = $request->is_set_post('sort') ? 0 : $topic_id;
 
 				if ($topic_id)
 				{
@@ -651,6 +652,9 @@ class mcp_queue
 				}
 				unset($rowset, $forum_names);
 
+				/* @var \phpbb\pagination $pagination */
+				$pagination = $phpbb_container->get('pagination');
+
 				$base_url = $this->u_action . "&amp;f=$forum_id&amp;st=$sort_days&amp;sk=$sort_key&amp;sd=$sort_dir";
 				$pagination->generate_template_pagination($base_url, 'pagination', 'start', $total, $config['topics_per_page'], $start);
 

phpBB/includes/mcp/mcp_reports.php

@@ -337,6 +337,11 @@ class mcp_reports
 			case 'reports_closed':
 				$topic_id = $request->variable('t', 0);
 
+				if ($request->is_set_post('t'))
+				{
+					$topic_id = $request->variable('t', 0, false, \phpbb\request\request_interface::POST);
+				}
+
 				$forum_info = array();
 				$forum_list_reports = get_forum_list('m_report', false, true);
 				$forum_list_read = array_flip(get_forum_list('f_read', true, true)); // Flipped so we can isset() the forum IDs
@@ -412,7 +417,7 @@ class mcp_reports
 				$forum_options = '<option value="0"' . (($forum_id == 0) ? ' selected="selected"' : '') . '>' . $user->lang['ALL_FORUMS'] . '</option>';
 				foreach ($forum_list_reports as $row)
 				{
-					$forum_options .= '<option value="' . $row['forum_id'] . '"' . (($forum_id == $row['forum_id']) ? ' selected="selected"' : '') . '>' . str_repeat('&nbsp; &nbsp;', $row['padding']) . $row['forum_name'] . '</option>';
+					$forum_options .= '<option value="' . $row['forum_id'] . '"' . (($forum_id == $row['forum_id']) ? ' selected="selected"' : '') . '>' . str_repeat('&nbsp; &nbsp;', $row['padding']) . truncate_string($row['forum_name'], 30, 255, false, $user->lang('ELLIPSIS')) . '</option>';
 					$forum_data[$row['forum_id']] = $row;
 				}
 				unset($forum_list_reports);

phpBB/includes/mcp/mcp_topic.php

@@ -457,6 +457,12 @@ function split_topic($action, $topic_id, $to_forum_id, $subject)
 	$post_info = $post_info[$post_id];
 	$subject = trim($subject);
 
+	/**
+	 * Replace Emojis and other 4bit UTF-8 chars not allowed by MySQL to UCR/NCR.
+	 * Using their Numeric Character Reference's Hexadecimal notation.
+	 */
+	$subject = utf8_encode_ucr($subject);
+
 	// Make some tests
 	if (!$subject)
 	{

phpBB/includes/mcp/mcp_warn.php

@@ -572,11 +572,12 @@ function add_warning($user_row, $warning, $send_pm = true, $post_id = 0)
 		submit_pm('post', $warn_pm_subject, $pm_data, false);
 	}
 
-	$phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_USER_WARNING', false, array($user_row['username']));
-	$log_id = $phpbb_log->add('user', $user->data['user_id'], $user->ip, 'LOG_USER_WARNING_BODY', false, array(
+	$phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_USER_WARNING', false, [$user_row['username']]);
+
+	$log_id = $phpbb_log->add('user', $user->data['user_id'], $user->ip, 'LOG_USER_WARNING_BODY', false, [
 		'reportee_id' => $user_row['user_id'],
-		$warning
-	));
+		utf8_encode_ucr($warning)
+	]);
 
 	$sql_ary = array(
 		'user_id'		=> $user_row['user_id'],

phpBB/includes/message_parser.php

@@ -390,7 +390,7 @@ class bbcode_firstpass extends bbcode
 		$in = str_replace(' ', '%20', $in);
 
 		// Checking urls
-		if (!preg_match('#^' . get_preg_expression('url') . '$#iu', $in) && !preg_match('#^' . get_preg_expression('www_url') . '$#iu', $in))
+		if (!preg_match('#^' . get_preg_expression('url_http') . '$#iu', $in) && !preg_match('#^' . get_preg_expression('www_url') . '$#iu', $in))
 		{
 			return '[img]' . $in . '[/img]';
 		}
@@ -401,32 +401,6 @@ class bbcode_firstpass extends bbcode
 			$in = 'http://' . $in;
 		}
 
-		if ($config['max_' . $this->mode . '_img_height'] || $config['max_' . $this->mode . '_img_width'])
-		{
-			$imagesize = new \FastImageSize\FastImageSize();
-			$size_info = $imagesize->getImageSize(htmlspecialchars_decode($in));
-
-			if ($size_info === false)
-			{
-				$error = true;
-				$this->warn_msg[] = $user->lang['UNABLE_GET_IMAGE_SIZE'];
-			}
-			else
-			{
-				if ($config['max_' . $this->mode . '_img_height'] && $config['max_' . $this->mode . '_img_height'] < $size_info['height'])
-				{
-					$error = true;
-					$this->warn_msg[] = $user->lang('MAX_IMG_HEIGHT_EXCEEDED', (int) $config['max_' . $this->mode . '_img_height']);
-				}
-
-				if ($config['max_' . $this->mode . '_img_width'] && $config['max_' . $this->mode . '_img_width'] < $size_info['width'])
-				{
-					$error = true;
-					$this->warn_msg[] = $user->lang('MAX_IMG_WIDTH_EXCEEDED', (int) $config['max_' . $this->mode . '_img_width']);
-				}
-			}
-		}
-
 		if ($error || $this->path_in_domain($in))
 		{
 			return '[img]' . $in . '[/img]';
@@ -1524,6 +1498,35 @@ class parse_message extends bbcode_firstpass
 		}
 	}
 
+	/**
+	 * Check attachment form token depending on submit type
+	 *
+	 * @param \phpbb\language\language $language Language
+	 * @param \phpbb\request\request_interface $request Request
+	 * @param string $form_name Form name for checking form key
+	 *
+	 * @return bool True if form token is not needed or valid, false if needed and invalid
+	 */
+	function check_attachment_form_token(\phpbb\language\language $language, \phpbb\request\request_interface $request, $form_name)
+	{
+		$add_file = $request->is_set_post('add_file');
+		$delete_file = $request->is_set_post('delete_file');
+
+		if (($add_file || $delete_file) && !check_form_key($form_name))
+		{
+			$this->warn_msg[] = $language->lang('FORM_INVALID');
+
+			if ($request->is_ajax() && $this->plupload)
+			{
+				$this->plupload->emit_error(-400, 'FORM_INVALID');
+			}
+
+			return false;
+		}
+
+		return true;
+	}
+
 	/**
 	* Parse Attachments
 	*/

phpBB/includes/ucp/ucp_groups.php

@@ -440,10 +440,10 @@ class ucp_groups
 						'GROUP_DESC_DISP'		=> generate_text_for_display($group_row['group_desc'], $group_row['group_desc_uid'], $group_row['group_desc_bitfield'], $group_row['group_desc_options']),
 						'GROUP_TYPE'			=> $group_row['group_type'],
 
-						'AVATAR'				=> (empty($avatar) ? '<img src="' . $phpbb_admin_path . 'images/no_avatar.gif" alt="" />' : $avatar),
-						'AVATAR_IMAGE'			=> (empty($avatar) ? '<img src="' . $phpbb_admin_path . 'images/no_avatar.gif" alt="" />' : $avatar),
-						'AVATAR_WIDTH'			=> (isset($group_row['group_avatar_width'])) ? $group_row['group_avatar_width'] : '',
-						'AVATAR_HEIGHT'			=> (isset($group_row['group_avatar_height'])) ? $group_row['group_avatar_height'] : '',
+						'AVATAR'				=> !empty($avatar) ? $avatar : '',
+						'AVATAR_IMAGE'			=> !empty($avatar) ? $avatar : '',
+						'AVATAR_WIDTH'			=> isset($group_row['group_avatar_width']) ? $group_row['group_avatar_width'] : '',
+						'AVATAR_HEIGHT'			=> isset($group_row['group_avatar_height']) ? $group_row['group_avatar_height'] : '',
 					));
 				}
 
@@ -495,21 +495,22 @@ class ucp_groups
 						{
 							if (confirm_box(true))
 							{
+								$avatar_data['id'] = substr($avatar_data['id'], 1);
 								$phpbb_avatar_manager->handle_avatar_delete($db, $user, $avatar_data, GROUPS_TABLE, 'group_');
 								$cache->destroy('sql', GROUPS_TABLE);
 
-								$message = ($action == 'edit') ? 'GROUP_UPDATED' : 'GROUP_CREATED';
+								$message = $action === 'edit' ? 'GROUP_UPDATED' : 'GROUP_CREATED';
 								trigger_error($user->lang[$message] . $return_page);
 							}
 							else
 							{
 								confirm_box(false, $user->lang('CONFIRM_AVATAR_DELETE'), build_hidden_fields(array(
-										'avatar_delete'     => true,
-										'i'                 => $id,
-										'mode'              => $mode,
-										'g'			        => $group_id,
-										'action'            => $action))
-								);
+									'avatar_delete'     => true,
+									'i'                 => $id,
+									'mode'              => $mode,
+									'g'			        => $group_id,
+									'action'            => $action,
+								)));
 							}
 						}
 
@@ -534,7 +535,12 @@ class ucp_groups
 								'teampage'	=> $group_row['group_teampage'],
 							);
 
-							if ($config['allow_avatar'])
+							if (!check_form_key('ucp_groups'))
+							{
+								$error[] = $user->lang['FORM_INVALID'];
+							}
+
+							if (!count($error) && $config['allow_avatar'])
 							{
 								// Handle avatar
 								$driver_name = $phpbb_avatar_manager->clean_driver_name($request->variable('avatar_driver', ''));
@@ -556,11 +562,6 @@ class ucp_groups
 								$error = array_merge($error, $phpbb_avatar_manager->localize_errors($user, $avatar_error));
 							}
 
-							if (!check_form_key('ucp_groups'))
-							{
-								$error[] = $user->lang['FORM_INVALID'];
-							}
-
 							// Validate submitted colour value
 							if ($colour_error = validate_data($submit_ary, array('colour'	=> array('hex_colour', true))))
 							{
@@ -875,6 +876,11 @@ class ucp_groups
 							trigger_error($user->lang['NO_GROUP'] . $return_page);
 						}
 
+						if (!check_form_key('ucp_groups'))
+						{
+							trigger_error($user->lang('FORM_INVALID') . $return_page);
+						}
+
 						if (!($row = group_memberships($group_id, $user->data['user_id'])))
 						{
 							trigger_error($user->lang['NOT_MEMBER_OF_GROUP'] . $return_page);

phpBB/includes/ucp/ucp_notifications.php

@@ -25,7 +25,7 @@ class ucp_notifications
 
 	public function main($id, $mode)
 	{
-		global $config, $template, $user, $request, $phpbb_container;
+		global $config, $template, $user, $request, $phpbb_container, $phpbb_dispatcher;
 		global $phpbb_root_path, $phpEx;
 
 		add_form_key('ucp_notification');
@@ -57,15 +57,40 @@ class ucp_notifications
 
 					foreach ($phpbb_notifications->get_subscription_types() as $group => $subscription_types)
 					{
-						foreach ($subscription_types as $type => $data)
+						foreach ($subscription_types as $type => $type_data)
 						{
 							foreach ($notification_methods as $method => $method_data)
 							{
-								if ($request->is_set_post(str_replace('.', '_', $type . '_' . $method_data['id'])) && (!isset($subscriptions[$type]) || !in_array($method_data['id'], $subscriptions[$type])))
+								$is_set_notify = $request->is_set_post(str_replace('.', '_', $type . '_' . $method_data['id']));
+								$is_available = $method_data['method']->is_available($type_data['type']);
+
+								/**
+								* Event to perform additional actions before ucp_notifications is submitted
+								*
+								* @event core.ucp_notifications_submit_notification_is_set
+								* @var	array	type_data		The notification type data
+								* @var	array	method_data		The notification method data
+								* @var	bool	is_set_notify	The notification is set or not
+								* @var	bool	is_available	The notification is available or not
+								* @var	array	subscriptions	The subscriptions data
+								*
+								* @since 3.2.10-RC1
+								* @since 3.3.1-RC1
+								*/
+								$vars = [
+									'type_data',
+									'method_data',
+									'is_set_notify',
+									'is_available',
+									'subscriptions',
+								];
+								extract($phpbb_dispatcher->trigger_event('core.ucp_notifications_submit_notification_is_set', compact($vars)));
+
+								if ($is_set_notify && $is_available && (!isset($subscriptions[$type]) || !in_array($method_data['id'], $subscriptions[$type])))
 								{
 									$phpbb_notifications->add_subscription($type, 0, $method_data['id']);
 								}
-								else if (!$request->is_set_post(str_replace('.', '_', $type . '_' . $method_data['id'])) && isset($subscriptions[$type]) && in_array($method_data['id'], $subscriptions[$type]))
+								else if ((!$is_set_notify || !$is_available) && isset($subscriptions[$type]) && in_array($method_data['id'], $subscriptions[$type]))
 								{
 									$phpbb_notifications->delete_subscription($type, 0, $method_data['id']);
 								}
@@ -80,7 +105,7 @@ class ucp_notifications
 
 				$this->output_notification_methods($phpbb_notifications, $template, $user, 'notification_methods');
 
-				$this->output_notification_types($subscriptions, $phpbb_notifications, $template, $user, 'notification_types');
+				$this->output_notification_types($subscriptions, $phpbb_notifications, $template, $user, $phpbb_dispatcher, 'notification_types');
 
 				$this->tpl_name = 'ucp_notifications';
 				$this->page_title = 'UCP_NOTIFICATION_OPTIONS';
@@ -168,9 +193,10 @@ class ucp_notifications
 	* @param \phpbb\notification\manager $phpbb_notifications
 	* @param \phpbb\template\template $template
 	* @param \phpbb\user $user
+	* @param \phpbb\event\dispatcher_interface $phpbb_dispatcher
 	* @param string $block
 	*/
-	public function output_notification_types($subscriptions, \phpbb\notification\manager $phpbb_notifications, \phpbb\template\template $template, \phpbb\user $user, $block = 'notification_types')
+	public function output_notification_types($subscriptions, \phpbb\notification\manager $phpbb_notifications, \phpbb\template\template $template, \phpbb\user $user, \phpbb\event\dispatcher_interface $phpbb_dispatcher, $block = 'notification_types')
 	{
 		$notification_methods = $phpbb_notifications->get_subscription_methods();
 
@@ -191,15 +217,34 @@ class ucp_notifications
 
 				foreach ($notification_methods as $method => $method_data)
 				{
-					$template->assign_block_vars($block . '.notification_methods', array(
+					$tpl_ary = [
 						'METHOD'			=> $method_data['id'],
-
 						'NAME'				=> $user->lang($method_data['lang']),
-
 						'AVAILABLE'			=> $method_data['method']->is_available($type_data['type']),
-
 						'SUBSCRIBED'		=> (isset($subscriptions[$type]) && in_array($method_data['id'], $subscriptions[$type])) ? true : false,
-					));
+					];
+
+					/**
+					* Event to perform additional actions before ucp_notifications is displayed
+					*
+					* @event core.ucp_notifications_output_notification_types_modify_template_vars
+					* @var	array	type_data		The notification type data
+					* @var	array	method_data		The notification method data
+					* @var	array	tpl_ary			The template variables
+					* @var	array	subscriptions	The subscriptions data
+					*
+					* @since 3.2.10-RC1
+					* @since 3.3.1-RC1
+					*/
+					$vars = [
+						'type_data',
+						'method_data',
+						'tpl_ary',
+						'subscriptions',
+					];
+					extract($phpbb_dispatcher->trigger_event('core.ucp_notifications_output_notification_types_modify_template_vars', compact($vars)));
+
+					$template->assign_block_vars($block . '.notification_methods', $tpl_ary);
 				}
 			}
 		}

phpBB/includes/ucp/ucp_pm.php

@@ -193,6 +193,8 @@ class ucp_pm
 					trigger_error('NO_AUTH_READ_HOLD_MESSAGE');
 				}
 
+				add_form_key('ucp_pm_view');
+
 				// First Handle Mark actions and moving messages
 				$submit_mark	= (isset($_POST['submit_mark'])) ? true : false;
 				$move_pm		= (isset($_POST['move_pm'])) ? true : false;
@@ -210,6 +212,11 @@ class ucp_pm
 				// Move PM
 				if ($move_pm)
 				{
+					if (!check_form_key('ucp_pm_view'))
+					{
+						trigger_error('FORM_INVALID');
+					}
+
 					$move_msg_ids	= (isset($_POST['marked_msg_id'])) ? $request->variable('marked_msg_id', array(0)) : array();
 					$cur_folder_id	= $request->variable('cur_folder_id', PRIVMSGS_NO_BOX);
 

phpBB/includes/ucp/ucp_pm_compose.php

@@ -26,7 +26,7 @@ if (!defined('IN_PHPBB'))
 function compose_pm($id, $mode, $action, $user_folders = array())
 {
 	global $template, $db, $auth, $user, $cache;
-	global $phpbb_root_path, $phpEx, $config;
+	global $phpbb_root_path, $phpEx, $config, $language;
 	global $request, $phpbb_dispatcher, $phpbb_container;
 
 	// Damn php and globals - i know, this is horrible
@@ -309,6 +309,35 @@ function compose_pm($id, $mode, $action, $user_folders = array())
 		$post = $db->sql_fetchrow($result);
 		$db->sql_freeresult($result);
 
+		/**
+		* Alter the row of the post being quoted when composing a private message
+		*
+		* @event core.ucp_pm_compose_compose_pm_basic_info_query_after
+		* @var	array	post			Array with data of the post being quoted
+		* @var	int		msg_id			topic_id in the page request
+		* @var	int		to_user_id		The id of whom the message is to
+		* @var	int		to_group_id		The id of the group whom the message is to
+		* @var	bool	submit			Whether the user is sending the PM or not
+		* @var	bool	preview			Whether the user is previewing the PM or not
+		* @var	string	action			One of: post, reply, quote, forward, quotepost, edit, delete, smilies
+		* @var	bool	delete			Whether the user is deleting the PM
+		* @var	int		reply_to_all	Value of reply_to_all request variable.
+		* @since 3.2.10-RC1
+		* @since 3.3.1-RC1
+		*/
+		$vars = [
+			'post',
+			'msg_id',
+			'to_user_id',
+			'to_group_id',
+			'submit',
+			'preview',
+			'action',
+			'delete',
+			'reply_to_all',
+		];
+		extract($phpbb_dispatcher->trigger_event('core.ucp_pm_compose_compose_pm_basic_info_query_after', compact($vars)));
+
 		if (!$post)
 		{
 			// If editing it could be the recipient already read the message...
@@ -665,6 +694,12 @@ function compose_pm($id, $mode, $action, $user_folders = array())
 		$subject = (!$subject && $action != 'post') ? $user->lang['NEW_MESSAGE'] : $subject;
 		$message = $request->variable('message', '', true);
 
+		/**
+		 * Replace Emojis and other 4bit UTF-8 chars not allowed by MySQL to UCR/NCR.
+		 * Using their Numeric Character Reference's Hexadecimal notation.
+		 */
+		$subject = utf8_encode_ucr($subject);
+
 		if ($subject && $message)
 		{
 			if (confirm_box(true))
@@ -683,6 +718,10 @@ function compose_pm($id, $mode, $action, $user_folders = array())
 				);
 				$db->sql_query($sql);
 
+				/** @var \phpbb\attachment\manager $attachment_manager */
+				$attachment_manager = $phpbb_container->get('attachment.manager');
+				$attachment_manager->delete('attach', array_column($message_parser->attachment_data, 'attach_id'));
+
 				$redirect_url = append_sid("{$phpbb_root_path}ucp.$phpEx", "i=pm&mode=$mode");
 
 				meta_refresh(3, $redirect_url);
@@ -700,8 +739,9 @@ function compose_pm($id, $mode, $action, $user_folders = array())
 					'message'	=> $message,
 					'u'			=> $to_user_id,
 					'g'			=> $to_group_id,
-					'p'			=> $msg_id)
-				);
+					'p'			=> $msg_id,
+					'attachment_data' => $message_parser->attachment_data,
+				));
 				$s_hidden_fields .= build_address_field($address_list);
 
 				confirm_box(false, 'SAVE_DRAFT', $s_hidden_fields);
@@ -799,7 +839,10 @@ function compose_pm($id, $mode, $action, $user_folders = array())
 		extract($phpbb_dispatcher->trigger_event('core.ucp_pm_compose_modify_parse_before', compact($vars)));
 
 		// Parse Attachments - before checksum is calculated
-		$message_parser->parse_attachments('fileupload', $action, 0, $submit, $preview, $refresh, true);
+		if ($message_parser->check_attachment_form_token($language, $request, 'ucp_pm_compose'))
+		{
+			$message_parser->parse_attachments('fileupload', $action, 0, $submit, $preview, $refresh, true);
+		}
 
 		if (count($message_parser->warn_msg) && !($remove_u || $remove_g || $add_to || $add_bcc))
 		{
@@ -844,6 +887,35 @@ function compose_pm($id, $mode, $action, $user_folders = array())
 			}
 		}
 
+		/**
+		* Modify private message
+		*
+		* @event core.ucp_pm_compose_modify_parse_after
+		* @var	bool	enable_bbcode		Whether or not bbcode is enabled
+		* @var	bool	enable_smilies		Whether or not smilies are enabled
+		* @var	bool	enable_urls			Whether or not urls are enabled
+		* @var	bool	enable_sig			Whether or not signature is enabled
+		* @var	string	subject				PM subject text
+		* @var	object	message_parser		The message parser object
+		* @var	bool	submit				Whether or not the form has been sumitted
+		* @var	bool	preview				Whether or not the signature is being previewed
+		* @var	array	error				Any error strings
+		* @since 3.2.10-RC1
+		* @since 3.3.1-RC1
+		*/
+		$vars = [
+			'enable_bbcode',
+			'enable_smilies',
+			'enable_urls',
+			'enable_sig',
+			'subject',
+			'message_parser',
+			'submit',
+			'preview',
+			'error',
+		];
+		extract($phpbb_dispatcher->trigger_event('core.ucp_pm_compose_modify_parse_after', compact($vars)));
+
 		// Store message, sync counters
 		if (!count($error) && $submit)
 		{
@@ -867,6 +939,12 @@ function compose_pm($id, $mode, $action, $user_folders = array())
 				'address_list'			=> $address_list
 			);
 
+			/**
+			 * Replace Emojis and other 4bit UTF-8 chars not allowed by MySQL to UCR/NCR.
+			 * Using their Numeric Character Reference's Hexadecimal notation.
+			 */
+			$subject = utf8_encode_ucr($subject);
+
 			// ((!$message_subject) ? $subject : $message_subject)
 			$msg_id = submit_pm($action, $subject, $pm_data);
 
@@ -996,7 +1074,10 @@ function compose_pm($id, $mode, $action, $user_folders = array())
 		{
 			$quote_attributes['post_id'] = $post['msg_id'];
 		}
-
+		if ($action === 'quote')
+		{
+			$quote_attributes['msg_id'] = $post['msg_id'];
+		}
 		/** @var \phpbb\language\language $language */
 		$language = $phpbb_container->get('language');
 		/** @var \phpbb\textformatter\utils_interface $text_formatter_utils */

phpBB/includes/ucp/ucp_pm_viewfolder.php

@@ -32,6 +32,8 @@ function view_folder($id, $mode, $folder_id, $folder)
 
 	$folder_info = get_pm_from($folder_id, $folder, $user->data['user_id']);
 
+	add_form_key('ucp_pm_view');
+
 	if (!$submit_export)
 	{
 		$user->add_lang('viewforum');
@@ -197,6 +199,11 @@ function view_folder($id, $mode, $folder_id, $folder)
 		$enclosure = $request->variable('enclosure', '');
 		$delimiter = $request->variable('delimiter', '');
 
+		if (!check_form_key('ucp_pm_view'))
+		{
+			trigger_error('FORM_INVALID');
+		}
+
 		if ($export_type == 'CSV' && ($delimiter === '' || $enclosure === ''))
 		{
 			$template->assign_var('PROMPT', true);

phpBB/includes/ucp/ucp_pm_viewmessage.php

@@ -34,6 +34,27 @@ function view_message($id, $mode, $folder_id, $msg_id, $folder, $message_row)
 	$author_id	= (int) $message_row['author_id'];
 	$view		= $request->variable('view', '');
 
+	/**
+	* Modify private message data before it is prepared to be displayed
+	*
+	* @event core.ucp_pm_view_message_before
+	* @var int		folder_id		ID of the folder the message is in
+	* @var array	folder			Array with data of user's message folders
+	* @var int		msg_id			ID of the private message
+	* @var array	message_row		Array with message data
+	* @var int		author_id		ID of the message author
+	* @since 3.2.10-RC1
+	* @since 3.3.1-RC1
+	*/
+	$vars = [
+		'folder_id',
+		'folder',
+		'msg_id',
+		'message_row',
+		'author_id',
+	];
+	extract($phpbb_dispatcher->trigger_event('core.ucp_pm_view_message_before', compact($vars)));
+
 	// Not able to view message, it was deleted by the sender
 	if ($message_row['pm_deleted'])
 	{

phpBB/includes/ucp/ucp_register.php

@@ -39,12 +39,23 @@ class ucp_register
 			trigger_error('UCP_REGISTER_DISABLE');
 		}
 
-		$coppa			= $request->is_set('coppa') ? (int) $request->variable('coppa', false) : false;
+		$coppa			= $request->is_set('coppa_yes') ? 1 : ($request->is_set('coppa_no') ? 0 : false);
+		$coppa			= $request->is_set('coppa') ? $request->variable('coppa', 0) : $coppa;
 		$agreed			= $request->variable('agreed', false);
 		$submit			= $request->is_set_post('submit');
 		$change_lang	= $request->variable('change_lang', '');
 		$user_lang		= $request->variable('lang', $user->lang_name);
 
+		if ($agreed && !check_form_key('ucp_register'))
+		{
+			$agreed = false;
+		}
+
+		if ($coppa !== false && !check_form_key('ucp_register'))
+		{
+			$coppa = false;
+		}
+
 		/**
 		* Add UCP register data before they are assigned to the template or submitted
 		*
@@ -67,14 +78,7 @@ class ucp_register
 		);
 		extract($phpbb_dispatcher->trigger_event('core.ucp_register_requests_after', compact($vars)));
 
-		if ($agreed)
-		{
-			add_form_key('ucp_register');
-		}
-		else
-		{
-			add_form_key('ucp_register_terms');
-		}
+		add_form_key('ucp_register');
 
 		if ($change_lang || $user_lang != $config['default_lang'])
 		{
@@ -168,11 +172,8 @@ class ucp_register
 
 				$template_vars = array(
 					'S_LANG_OPTIONS'	=> (count($lang_row) > 1) ? language_select($user_lang) : '',
-					'L_COPPA_NO'		=> sprintf($user->lang['UCP_COPPA_BEFORE'], $coppa_birthday),
-					'L_COPPA_YES'		=> sprintf($user->lang['UCP_COPPA_ON_AFTER'], $coppa_birthday),
-
-					'U_COPPA_NO'		=> append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=register&coppa=0'),
-					'U_COPPA_YES'		=> append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=register&coppa=1'),
+					'L_COPPA_NO'		=> $user->lang('UCP_COPPA_BEFORE', $coppa_birthday),
+					'L_COPPA_YES'		=> $user->lang('UCP_COPPA_ON_AFTER', $coppa_birthday),
 
 					'S_SHOW_COPPA'		=> true,
 					'S_HIDDEN_FIELDS'	=> build_hidden_fields($s_hidden_fields),
@@ -410,11 +411,13 @@ class ucp_register
 				* @event core.ucp_register_user_row_after
 				* @var	bool	submit		Do we display the form only
 				*							or did the user press submit
+				* @var	array	data		Array with current ucp registration data
 				* @var	array	cp_data		Array with custom profile fields data
-				* @var	array	user_row	Array with current ucp registration data
+				* @var	array	user_row	Array with user data that will be inserted
 				* @since 3.1.4-RC1
+				* @changed 3.2.10-RC1 Added data array
 				*/
-				$vars = array('submit', 'cp_data', 'user_row');
+				$vars = array('submit', 'data', 'cp_data', 'user_row');
 				extract($phpbb_dispatcher->trigger_event('core.ucp_register_user_row_after', compact($vars)));
 
 				// Register user...

phpBB/includes/utf/utf_tools.php

@@ -418,24 +418,43 @@ function utf8_recode($string, $encoding)
 }
 
 /**
-* Replace all UTF-8 chars that are not in ASCII with their NCR
-*
-* @param	string	$text		UTF-8 string in NFC
-* @return	string				ASCII string using NCRs for non-ASCII chars
-*/
+ * Replace some special UTF-8 chars that are not in ASCII with their UCR.
+ * using their Numeric Character Reference's Hexadecimal notation.
+ *
+ * Doesn't interfere with Japanese or Cyrillic etc.
+ * Unicode character visualization will depend on the character support
+ * of your web browser and the fonts installed on your system.
+ *
+ * @see https://en.wikibooks.org/wiki/Unicode/Character_reference/1F000-1FFFF
+ *
+ * @param	string	$text		UTF-8 string in NFC
+ * @return	string				ASCII string using NCR for non-ASCII chars
+ */
+function utf8_encode_ucr($text)
+{
+	return preg_replace_callback('/[\\xF0-\\xF4].../', 'utf8_encode_ncr_callback', $text);
+}
+
+/**
+ * Replace all UTF-8 chars that are not in ASCII with their NCR
+ * using their Numeric Character Reference's Hexadecimal notation.
+ *
+ * @param	string	$text		UTF-8 string in NFC
+ * @return	string				ASCII string using NCRs for non-ASCII chars
+ */
 function utf8_encode_ncr($text)
 {
 	return preg_replace_callback('#[\\xC2-\\xF4][\\x80-\\xBF]{1,3}#', 'utf8_encode_ncr_callback', $text);
 }
 
 /**
-* Callback used in encode_ncr()
-*
-* Takes a UTF-8 char and replaces it with its NCR. Attention, $m is an array
-*
-* @param	array	$m			0-based numerically indexed array passed by preg_replace_callback()
-* @return	string				A HTML NCR if the character is valid, or the original string otherwise
-*/
+ * Callback used in utf8_encode_ncr() and utf8_encode_ucr()
+ *
+ * Takes a UTF-8 char and replaces it with its NCR. Attention, $m is an array
+ *
+ * @param	array	$m			0-based numerically indexed array passed by preg_replace_callback()
+ * @return	string				A HTML NCR if the character is valid, or the original string otherwise
+ */
 function utf8_encode_ncr_callback($m)
 {
 	return '&#' . utf8_ord($m[0]) . ';';