Merge branch 'prep-release-3.2.11' into 3.2.x

[prep-release-3.2.11] Update changelog for 3.2.11
Merge pull request #63 from phpbb/ticket/security-265
2025-09-08 15:20:44 +02:00 · 2020-11-04 22:00:12 +01:00 · 2020-11-04 20:00:56 +01:00 · 2020-11-04 20:00:45 +01:00 · 2020-11-04 16:36:53 +01:00 · 2020-11-04 16:36:53 +01:00
166 changed files with 5421 additions and 1230 deletions
--- a/.appveyor.yml
+++ b/.appveyor.yml
@@ -6,6 +6,8 @@ services:
  - iis

 environment:
+  COMPOSER_AUTH:
+    secure: '{"github-oauth": {"github.com": "zvq38wk7sRe87Y9W2OCYXcK7WKQDsig7GRIUDHGmxm6ZQRK8JswPbi8JoJQbFhM+"}}'
  matrix:
  - db: mssql
    db_version: sql2012sp1
--- a/.gitignore
+++ b/.gitignore
@@ -17,6 +17,7 @@
 /phpBB/styles/*
 !/phpBB/styles/prosilver
 !/phpBB/styles/all
+node_modules
 /phpBB/vendor
 /tests/phpbb_unit_tests.sqlite*
 /tests/test_config*.php
@@ -24,3 +25,4 @@
 /tests/vendor
 /vagrant/phpbb-install-config.yml
 .vagrant
+.idea
--- a/build/build.xml
+++ b/build/build.xml
@@ -2,9 +2,9 @@

 <project name="phpBB" description="The phpBB forum software" default="all" basedir="../">
 	<!-- a few settings for the build -->
-	<property name="newversion" value="3.2.9-RC1" />
-	<property name="prevversion" value="3.2.8" />
-	<property name="olderversions" value="3.1.0, 3.1.1, 3.1.2, 3.1.3, 3.1.4, 3.1.5, 3.1.6, 3.1.7, 3.1.7-pl1, 3.1.8, 3.1.9, 3.1.10, 3.1.11, 3.1.12, 3.2.0-a1, 3.2.0-a2, 3.2.0-b1, 3.2.0-b2, 3.2.0-RC1, 3.2.0-RC2, 3.2.0, 3.2.1, 3.2.2, 3.2.3, 3.2.4, 3.2.5, 3.2.6, 3.2.7" />
+	<property name="newversion" value="3.2.11" />
+	<property name="prevversion" value="3.2.10" />
+	<property name="olderversions" value="3.1.0, 3.1.1, 3.1.2, 3.1.3, 3.1.4, 3.1.5, 3.1.6, 3.1.7, 3.1.7-pl1, 3.1.8, 3.1.9, 3.1.10, 3.1.11, 3.1.12, 3.2.0-a1, 3.2.0-a2, 3.2.0-b1, 3.2.0-b2, 3.2.0-RC1, 3.2.0-RC2, 3.2.0, 3.2.1, 3.2.2, 3.2.3, 3.2.4, 3.2.5, 3.2.6, 3.2.7, 3.2.8, 3.2.9" />
 	<!-- no configuration should be needed beyond this point -->

 	<property name="oldversions" value="${olderversions}, ${prevversion}" />
--- a/build/sami-all.conf.php
+++ b/build/sami-all.conf.php
@@ -26,7 +26,6 @@ $config['versions'] = Sami\Version\GitVersionCollection::create(__DIR__ . '/../'
 	->add('3.0.x')
 	->add('3.1.x')
 	->add('3.2.x')
-	->add('master')
 ;

 return new Sami\Sami($iterator, $config);
--- a/composer.phar
+++ b/composer.phar
--- a/phpBB/adm/style/acp_attachments.html
+++ b/phpBB/adm/style/acp_attachments.html
@@ -50,16 +50,21 @@
 			<dl>
 				<dt><label for="{options.KEY}">{options.TITLE}{L_COLON}</label><!-- IF options.S_EXPLAIN --><br /><span>{options.TITLE_EXPLAIN}</span><!-- ENDIF --></dt>
 				<dd>{options.CONTENT}</dd>
+				{% if (options.KEY == 'allow_attachments' and S_EMPTY_POST_GROUPS) or (options.KEY == 'allow_pm_attach' and S_EMPTY_PM_GROUPS) %}
+					<dd><span class="error">{{ lang(options.KEY == 'allow_attachments' ? 'NO_EXT_GROUP_ALLOWED_POST' : 'NO_EXT_GROUP_ALLOWED_PM', U_EXTENSION_GROUPS) }}</span></dd>
+				{% endif %}
 			</dl>

 		<!-- ENDIF -->
 	<!-- END options -->
 	</fieldset>

-	<fieldset class="submit-buttons">
-		<legend>{L_SUBMIT}</legend>
-		<input class="button1" type="submit" id="submit" name="submit" value="{L_SUBMIT}" />&nbsp;
-		<input class="button2" type="reset" id="reset" name="reset" value="{L_RESET}" />
+	<fieldset>
+		<legend>{{ lang('ACP_SUBMIT_CHANGES') }}</legend>
+		<p class="submit-buttons">
+			<input class="button1" type="submit" id="submit" name="submit" value="{L_SUBMIT}" />&nbsp;
+			<input class="button2" type="reset" id="reset" name="reset" value="{L_RESET}" />
+		</p>
 	</fieldset>

 	<!-- IF not S_SECURE_DOWNLOADS -->
@@ -204,10 +209,13 @@
 			<dd><select name="allowed_forums[]" multiple="multiple" size="8">{S_FORUM_ID_OPTIONS}</select></dd>
 		</dl>

-		<p class="submit-buttons">
-			<input class="button1" type="submit" id="submit" name="submit" value="{L_SUBMIT}" />&nbsp;
-			<input class="button2" type="reset" id="reset" name="reset" value="{L_RESET}" />
-		</p>
+		</fieldset>
+		<fieldset>
+			<legend>{L_ACP_SUBMIT_CHANGES}</legend>
+				<p class="submit-buttons">
+					<input class="button1" type="submit" id="submit" name="submit" value="{L_SUBMIT}" />&nbsp;
+					<input class="button2" type="reset" id="reset" name="reset" value="{L_RESET}" />
+				</p>
 		{S_FORM_TOKEN}
 		</fieldset>

@@ -308,10 +316,14 @@
 	</tbody>
 	</table>

-	<p class="submit-buttons">
-		<input class="button1" type="submit" id="submit" name="submit" value="{L_SUBMIT}" />&nbsp;
-		<input class="button2" type="reset" id="reset" name="reset" value="{L_RESET}" />
-	</p>
+	</fieldset>
+	<fieldset>
+		<legend>{L_ACP_SUBMIT_CHANGES}</legend>
+		<p class="submit-buttons">
+			<input class="button1" type="submit" id="submit" name="submit" value="{L_SUBMIT}" />&nbsp;
+			<input class="button2" type="reset" id="reset" name="reset" value="{L_RESET}" />
+		</p>
+
 	{S_FORM_TOKEN}
 	</fieldset>
 	</form>
@@ -382,10 +394,13 @@
 	<!-- ENDIF -->

 	<!-- IF .orphan -->
-		<p class="submit-buttons">
-			<input class="button1" type="submit" id="submit" name="submit" value="{L_SUBMIT}" />&nbsp;
-			<input class="button2" type="reset" id="reset" name="reset" value="{L_RESET}" />
-		</p>
+	</fieldset>
+	<fieldset>
+		<legend>{L_ACP_SUBMIT_CHANGES}</legend>
+			<p class="submit-buttons">
+				<input class="button1" type="submit" id="submit" name="submit" value="{L_SUBMIT}" />&nbsp;
+				<input class="button2" type="reset" id="reset" name="reset" value="{L_RESET}" />
+			</p>
 	<!-- ENDIF -->

 	{S_FORM_TOKEN}
--- a/phpBB/adm/style/acp_ban.html
+++ b/phpBB/adm/style/acp_ban.html
@@ -73,12 +73,14 @@
 	<dt><label for="bangivereason">{L_BAN_GIVE_REASON}{L_COLON}</label></dt>
 	<dd><input name="bangivereason" type="text" class="text medium" maxlength="255" id="bangivereason" /></dd>
 </dl>
-
-<p class="submit-buttons">
-	<input class="button1" type="submit" id="bansubmit" name="bansubmit" value="{L_SUBMIT}" />&nbsp;
-	<input class="button2" type="reset" id="banreset" name="banreset" value="{L_RESET}" />
-</p>
-{S_FORM_TOKEN}
+</fieldset>
+<fieldset>
+	<legend>{L_ACP_SUBMIT_CHANGES}</legend>
+	<p class="submit-buttons">
+		<input class="button1" type="submit" id="bansubmit" name="bansubmit" value="{L_SUBMIT}" />&nbsp;
+		<input class="button2" type="reset" id="banreset" name="banreset" value="{L_RESET}" />
+	</p>
+	{S_FORM_TOKEN}
 </fieldset>
 </form>

--- a/phpBB/adm/style/acp_contact.html
+++ b/phpBB/adm/style/acp_contact.html
@@ -66,9 +66,12 @@
 		</dl>
 	</fieldset>

-	<fieldset class="submit-buttons">
-		<input class="button1" type="submit" id="submit" name="submit" value="{L_SUBMIT}" />&nbsp;
-		<input class="button2" type="submit" name="preview" value="{L_PREVIEW}" />
+	<fieldset>
+		<legend>{L_ACP_SUBMIT_CHANGES}</legend>
+		<p class="submit-buttons">
+			<input class="button1" type="submit" id="submit" name="submit" value="{L_SUBMIT}" />&nbsp;
+			<input class="button2" type="reset" id="reset" name="reset" value="{L_RESET}" />
+		</p>
 		{S_FORM_TOKEN}
 	</fieldset>
 </form>
--- a/phpBB/adm/style/acp_database.html
+++ b/phpBB/adm/style/acp_database.html
@@ -76,12 +76,15 @@
 		</select></dd>
 		<dd><a href="#" onclick="selector(true); return false;">{L_SELECT_ALL}</a> :: <a href="#" onclick="selector(false); return false;">{L_DESELECT_ALL}</a></dd>
 	</dl>
+	</fieldset>

-	<p class="submit-buttons">
-		<input class="button1" type="submit" id="submit" name="submit" value="{L_SUBMIT}" />&nbsp;
-		<input class="button2" type="reset" id="reset" name="reset" value="{L_RESET}" />
-	</p>
-	{S_FORM_TOKEN}
+	<fieldset>
+		<legend>{L_ACP_SUBMIT_CHANGES}</legend>
+		<p class="submit-buttons">
+			<input class="button1" type="submit" id="submit" name="submit" value="{L_SUBMIT}" />&nbsp;
+			<input class="button2" type="reset" id="reset" name="reset" value="{L_RESET}" />
+		</p>
+		{S_FORM_TOKEN}
 	</fieldset>
 	</form>

--- a/phpBB/adm/style/acp_groups_position.html
+++ b/phpBB/adm/style/acp_groups_position.html
@@ -15,13 +15,15 @@
 				<label><input type="radio" name="legend_sort_groupname" class="radio" value="0"<!-- IF not LEGEND_SORT_GROUPNAME --> checked="checked"<!-- ENDIF --> /> {L_NO}</label>
 			</dd>
 		</dl>
-
-	<p class="submit-buttons">
-		<input class="button1" type="submit" name="update" value="{L_SUBMIT}" />&nbsp;
-		<input class="button2" type="reset" name="reset" value="{L_RESET}" />
-		<input type="hidden" name="action" value="set_config_legend" />
-		{S_FORM_TOKEN}
-	</p>
+	</fieldset>
+	<fieldset>
+		<legend>{L_ACP_SUBMIT_CHANGES}</legend>
+		<p class="submit-buttons">
+			<input class="button1" type="submit" name="update" value="{L_SUBMIT}" />&nbsp;
+			<input class="button2" type="reset" name="reset" value="{L_RESET}" />
+			<input type="hidden" name="action" value="set_config_legend" />
+			{S_FORM_TOKEN}
+		</p>
 	</fieldset>
 	</form>

--- a/phpBB/adm/style/acp_help_phpbb.html
+++ b/phpBB/adm/style/acp_help_phpbb.html
@@ -40,6 +40,7 @@
 	</div>
 	<!-- EVENT acp_help_phpbb_stats_after -->
 	<fieldset>
+		<legend>{L_ACP_SUBMIT_CHANGES}</legend>
 		<p class="submit-buttons">
 			<input type="hidden" name="systemdata" value="{RAW_DATA}" />
 			<input type="hidden" name="help_send_statistics_time" value="{COLLECT_STATS_TIME}" />
@@ -51,6 +52,7 @@
 </form>
 <form action="{U_COLLECT_STATS}" method="post" target="questionaire_result" id="questionnaire-form">
 	<fieldset>
+		<legend>{L_ACP_SUBMIT_CHANGES}</legend>
 		<p class="submit-buttons">
 			<input type="hidden" name="systemdata" value="{RAW_DATA}" />
 			<input class="button1" type="submit" id="submit_stats" name="submit" value="{L_SEND_STATISTICS}" />
--- a/phpBB/adm/style/acp_jabber.html
+++ b/phpBB/adm/style/acp_jabber.html
@@ -70,9 +70,12 @@

 </fieldset>

-<fieldset class="submit-buttons">
-	<input class="button1" type="submit" id="submit" name="submit" value="{L_SUBMIT}" />&nbsp;
-	<input class="button2" type="reset" id="reset" name="reset" value="{L_RESET}" />
+<fieldset>
+	<legend>{L_ACP_SUBMIT_CHANGES}</legend>
+	<p class="submit-buttons">
+		<input class="button1" type="submit" id="submit" name="submit" value="{L_SUBMIT}" />&nbsp;
+		<input class="button2" type="reset" id="reset" name="reset" value="{L_RESET}" />
+	</p>
 	{S_FORM_TOKEN}
 </fieldset>
 </form>
--- a/phpBB/adm/style/acp_permissions.html
+++ b/phpBB/adm/style/acp_permissions.html
@@ -340,9 +340,12 @@
 	<br class="responsive-hide" /><br class="responsive-hide" />

 	<fieldset class="quick" style="float: {S_CONTENT_FLOW_END};">
-		<input class="button1" type="submit" name="action[apply_all_permissions]" value="{L_APPLY_ALL_PERMISSIONS}" />
-		<input class="button2" type="button" name="cancel" value="{L_RESET}" onclick="document.forms['set-permissions'].reset(); init_colours(active_pmask + active_fmask);" />
-		{S_FORM_TOKEN}
+		<legend>{L_ACP_SUBMIT_CHANGES}</legend>
+		<p class="submit-buttons">
+			<input class="button1" type="submit" id="submit" name="action[apply_all_permissions]" value="{L_APPLY_ALL_PERMISSIONS}" />&nbsp;
+			<input class="button2" type="button"  id="reset" name="cancel" value="{L_RESET}" onclick="document.forms['set-permissions'].reset(); init_colours(active_pmask + active_fmask);" />
+			{S_FORM_TOKEN}
+		</p>
 	</fieldset>

 	<br class="responsive-hide" /><br class="responsive-hide" />
--- a/phpBB/adm/style/acp_posting_buttons.html
+++ b/phpBB/adm/style/acp_posting_buttons.html
@@ -44,7 +44,7 @@
 	</select>
 	<!-- EVENT acp_posting_buttons_custom_tags_before -->
 	<!-- BEGIN custom_tags -->
-	<input type="button" class="button2" name="addbbcode{custom_tags.BBCODE_ID}" value="{custom_tags.BBCODE_TAG}" onclick="bbstyle({custom_tags.BBCODE_ID})" title="{{ custom_tags.BBCODE_HELPLINE|e('html_attr') }}" />
+	<input type="button" class="button2" name="addbbcode{custom_tags.BBCODE_ID}" value="{custom_tags.BBCODE_TAG}" onclick="bbstyle({custom_tags.BBCODE_ID})" title="{{ custom_tags.BBCODE_HELPLINE }}" />
 	<!-- END custom_tags -->
 </div>
 <!-- EVENT acp_posting_buttons_after -->
--- a/phpBB/adm/style/acp_profile.html
+++ b/phpBB/adm/style/acp_profile.html
@@ -21,8 +21,11 @@

 	<!-- IF S_STEP_ONE -->

+		{% EVENT acp_profile_options_before %}
+
 		<fieldset>
 			<legend>{L_TITLE}</legend>
+		{% EVENT acp_profile_basic_options_before %}
 		<dl>
 			<dt><label>{L_FIELD_TYPE}{L_COLON}</label><br /><span>{L_FIELD_TYPE_EXPLAIN}</span></dt>
 			<dd><strong>{FIELD_TYPE}</strong></dd>
@@ -43,8 +46,11 @@
 			<dd><label><input type="radio" class="radio" id="field_no_view" name="field_no_view" value="0"<!-- IF not S_FIELD_NO_VIEW --> checked="checked"<!-- ENDIF --> /> {L_YES}</label>
 				<label><input type="radio" class="radio" name="field_no_view" value="1"<!-- IF S_FIELD_NO_VIEW --> checked="checked"<!-- ENDIF --> /> {L_NO}</label></dd>
 		</dl>
+		{% EVENT acp_profile_basic_options_after %}
 		</fieldset>

+		{% EVENT acp_profile_visibility_options_before %}
+
 		<fieldset>
 			<legend>{L_VISIBILITY_OPTION}</legend>
 		<dl>
@@ -87,8 +93,11 @@
 			<dd><input class="text medium" type="text" name="field_contact_url" id="field_contact_url" value="{FIELD_CONTACT_URL}" /> <label for="field_contact_url">{L_FIELD_CONTACT_URL}</label></dd>
 			<!-- EVENT acp_profile_contact_last -->
 		</dl>
+		{% EVENT acp_profile_contact_after %}
 		</fieldset>

+		{% EVENT acp_profile_visibility_options_after %}
+
 		<!-- IF S_EDIT_MODE -->
 			<fieldset class="quick">
 				<input class="button1" type="submit" name="save" value="{L_SAVE}" />
--- a/phpBB/adm/style/acp_prune_users.html
+++ b/phpBB/adm/style/acp_prune_users.html
@@ -7,7 +7,7 @@
 <p>{L_ACP_PRUNE_USERS_EXPLAIN}</p>

 <form id="acp_prune" method="post" action="{U_ACTION}">
-	
+
 <fieldset>
 	<legend>{L_CRITERIA}</legend>
 <dl>
@@ -66,15 +66,19 @@
 	<dd><label><input type="radio" class="radio" name="action" value="delete" /> {L_DELETE_USERS}</label>
 		<label><input type="radio" class="radio" id="deactivate" name="action" value="deactivate" checked="checked" /> {L_DEACTIVATE}</label></dd>
 </dl>
-
-<p class="submit-buttons">
-	<input type="hidden" name="prune" value="1" />
-
-	<input class="button1" type="submit" id="update" name="update" value="{L_SUBMIT}" />&nbsp;
-	<input class="button2" type="reset" id="reset" name="reset" value="{L_RESET}" />
-	{S_FORM_TOKEN}
-</p>
 </fieldset>
+
+<fieldset>
+	<legend>{L_ACP_SUBMIT_CHANGES}</legend>
+	<p class="submit-buttons">
+		<input type="hidden" name="prune" value="1" />
+
+		<input class="button1" type="submit" id="update" name="update" value="{L_SUBMIT}" />&nbsp;
+		<input class="button2" type="reset" id="reset" name="reset" value="{L_RESET}" />
+		{S_FORM_TOKEN}
+	</p>
+</fieldset>
+
 </form>

 <!-- INCLUDE overall_footer.html -->
--- a/phpBB/adm/style/acp_search.html
+++ b/phpBB/adm/style/acp_search.html
@@ -59,10 +59,12 @@

 	<!-- END backend -->

-	<fieldset class="submit-buttons">
-		<legend>{L_SUBMIT}</legend>
-		<input class="button1" type="submit" id="submit" name="submit" value="{L_SUBMIT}" />&nbsp;
-		<input class="button2" type="reset" id="reset" name="reset" value="{L_RESET}" />
+	<fieldset>
+		<legend>{L_ACP_SUBMIT_CHANGES}</legend>
+		<p class="submit-buttons">
+			<input class="button1" type="submit" id="submit" name="submit" value="{L_SUBMIT}" />&nbsp;
+			<input class="button2" type="reset" id="reset" name="reset" value="{L_RESET}" />
+		</p>
 		{S_FORM_TOKEN}
 	</fieldset>
 	</form>
@@ -89,10 +91,12 @@
 		<p>{L_CONTINUE_EXPLAIN}</p>

 		<form id="acp_search_continue" method="post" action="{U_CONTINUE_INDEXING}">
-			<fieldset class="submit-buttons">
-				<legend>{L_SUBMIT}</legend>
-				<input class="button1" type="submit" id="continue" name="continue" value="{L_CONTINUE}" onclick="popup_progress_bar('{S_CONTINUE_INDEXING}');" />&nbsp;
-				<input class="button2" type="submit" id="cancel" name="cancel" value="{L_CANCEL}" />
+			<fieldset>
+				<legend>{L_ACP_SUBMIT_CHANGES}</legend>
+				<p class="submit-buttons">
+					<input class="button1" type="submit" id="submit" name="submit" value="{L_SUBMIT}" />&nbsp;
+					<input class="button2" type="reset" id="reset" name="reset" value="{L_RESET}" />
+				</p>
 				{S_FORM_TOKEN}
 			</fieldset>
 		</form>
--- a/phpBB/adm/style/admin.css
+++ b/phpBB/adm/style/admin.css
@@ -2049,6 +2049,8 @@ fieldset.permissions .padding {
 }

 .permissions-category ul {
+	display: flex;
+	flex-wrap: wrap;
 	margin: 0;
 	padding: 0;
 	list-style: none;
@@ -2102,7 +2104,6 @@ fieldset.permissions .padding {

 .permissions-category .activetab a span.tabbg {
 	background-position: 100% 0;
-	padding-bottom: 7px;
 	color: #333333;
 }

@@ -2297,6 +2298,10 @@ fieldset.permissions .padding {
 		margin: 0 !important;
 	}

+	.permissions-category ul {
+		display: block;
+	}
+
 	.permissions-category a, .permissions-category a span.tabbg {
 		display: block;
 		float: none !important;
--- a/phpBB/adm/style/ajax.js
+++ b/phpBB/adm/style/ajax.js
@@ -173,7 +173,9 @@ function submitPermissions() {
 	var permissionSubmitSize = 0,
 		permissionRequestCount = 0,
 		forumIds = [],
-		permissionSubmitFailed = false;
+		permissionSubmitFailed = false,
+		clearIndicator = true,
+		$loadingIndicator;

 	if ($submitAllButton !== $submitButton) {
 		fieldsetList = $form.find('fieldset#' + $submitButton.closest('fieldset.permissions').id);
@@ -207,6 +209,8 @@ function submitPermissions() {
 		}
 	});

+	$loadingIndicator = phpbb.loadingIndicator();
+
 	/**
 	 * Handler for submitted permissions form chunk
 	 *
@@ -222,6 +226,8 @@ function submitPermissions() {
 		} else if (!permissionSubmitFailed && res.S_USER_NOTICE) {
 			// Display success message at the end of submitting the form
 			if (permissionRequestCount >= permissionSubmitSize) {
+				clearIndicator = true;
+
 				var $alert = phpbb.alert(res.MESSAGE_TITLE, res.MESSAGE_TEXT);
 				var $alertBoxLink = $alert.find('p.alert_text > a');

@@ -271,6 +277,17 @@ function submitPermissions() {
 						$form.submit();
 					}, res.REFRESH_DATA.time * 1000); // Server specifies time in seconds
 				}
+			} else {
+				// Still more forms to submit, so do not clear indicator
+				clearIndicator = false;
+			}
+		}
+
+		if (clearIndicator) {
+			phpbb.clearLoadingTimeout();
+
+			if ($loadingIndicator) {
+				$loadingIndicator.fadeOut(phpbb.alertTime);
 			}
 		}
 	}
--- a/phpBB/adm/style/permissions.js
+++ b/phpBB/adm/style/permissions.js
@@ -269,8 +269,14 @@ function mark_one_option(id, field_name, s) {
 }

 /**
-* Reset role dropdown field to Select role... if an option gets changed
-*/
+ * (Re)set the permission role dropdown.
+ *
+ * Try and match the set permissions to an existing role.
+ * Otherwise reset the dropdown to "Select a role.."
+ *
+ * @param {string}	id		The fieldset identifier
+ * @returns {void}
+ */
 function reset_role(id) {
 	var t = document.getElementById(id);

@@ -278,18 +284,37 @@ function reset_role(id) {
 		return;
 	}

-	t.options[0].selected = true;
+	// Before resetting the role dropdown, try and match any permission role
+	var parent = t.parentNode,
+		roleId = match_role_settings(id.replace('role', 'perm')),
+		text = no_role_assigned,
+		index = 0;

-	var parent = t.parentNode;
-	parent.querySelector('span.dropdown-trigger').innerText = no_role_assigned;
-	parent.querySelector('input[data-name^=role]').value = '0';
+	// If a role permissions was matched, grab that option's value and index
+	if (roleId) {
+		for (var i = 0; i < t.options.length; i++) {
+			if (parseInt(t.options[i].value, 10) === roleId) {
+				text = t.options[i].text;
+				index = i;
+				break;
+			}
+		}
+	}
+
+	// Update the select's value and selected index
+	t.value = roleId;
+	t.options[index].selected = true;
+
+	// Update the dropdown trigger to show the new value
+	parent.querySelector('span.dropdown-trigger').innerText = text;
+	parent.querySelector('input[data-name^=role]').value = roleId;
 }

 /**
 * Load role and set options accordingly
 */
 function set_role_settings(role_id, target_id) {
-	settings = role_options[role_id];
+	var settings = role_options[role_id];

 	if (!settings) {
 		return;
@@ -302,3 +327,51 @@ function set_role_settings(role_id, target_id) {
 		mark_one_option(target_id, r, (settings[r] === 1) ? 'y' : 'n');
 	}
 }
+
+/**
+ * Match the set permissions against the available roles.
+ *
+ * @param {string}	id		The parent fieldset identifier
+ * @return {number}			The permission role identifier
+ */
+function match_role_settings(id) {
+	var fieldset = document.getElementById(id),
+		radios = fieldset.getElementsByTagName('input'),
+		set = {};
+
+	// Iterate over all the radio buttons
+	for (var i = 0; i < radios.length; i++) {
+		var matches = radios[i].id.match(/setting\[\d+]\[\d+]\[([a-z_]+)]/);
+
+		// Make sure the name attribute matches, the radio is checked and it is not the "No" (-1) value.
+		if (matches !== null && radios[i].checked && radios[i].value !== '-1') {
+			set[matches[1]] = parseInt(radios[i].value, 10);
+		}
+	}
+
+	// Sort and stringify the 'set permissions' object
+	set = sort_and_stringify(set);
+
+	// Iterate over the available role options and return the first match
+	for (var r in role_options)
+	{
+		if (sort_and_stringify(role_options[r]) === set) {
+			return parseInt(r, 10);
+		}
+	}
+
+	return 0;
+}
+
+/**
+ * Sort and stringify an Object so it can be easily compared against another object.
+ *
+ * @param {object}	obj		The object to sort (by key) and stringify
+ * @return {string}			The sorted object as a string
+ */
+function sort_and_stringify(obj) {
+	return JSON.stringify(Object.keys(obj).sort().reduce(function (result, key) {
+		result[key] = obj[key];
+		return result;
+	}, {}));
+}
--- a/phpBB/adm/style/tooltip.js
+++ b/phpBB/adm/style/tooltip.js
@@ -218,23 +218,6 @@ $(function() {

 	// Prepare dropdown
 	phpbb.prepareRolesDropdown();
-
-	// Reset role drop-down on modifying permissions in advanced tab
-	$('div.permissions-switch > a').on('click', function () {
-		$.each($('input[type=radio][name^="setting["]'), function () {
-			var $this = $(this);
-			$this.on('click', function () {
-				var $rolesOptions = $this.closest('fieldset.permissions').find('.roles-options'),
-					rolesSelect = $rolesOptions.find('select > option')[0];
-
-				// Set selected setting
-				$rolesOptions.children('span')
-					.text(rolesSelect.text);
-				$rolesOptions.children('input[type=hidden]')
-					.val(rolesSelect.value);
-			});
-		});
-	});
 });

 })(jQuery); // Avoid conflicts with other libraries
--- a/phpBB/assets/javascript/core.js
+++ b/phpBB/assets/javascript/core.js
@@ -853,7 +853,10 @@ phpbb.timezonePreselectSelect = function(forceSelector) {
 	var minutes = offset % 60;
 	var hours = (offset - minutes) / 60;

-	if (hours < 10) {
+	if (hours === 0) {
+		hours = '00';
+		sign = '+';
+	} else if (hours < 10) {
 		hours = '0' + hours.toString();
 	} else {
 		hours = hours.toString();
--- a/phpBB/bin/phpbbcli.php
+++ b/phpBB/bin/phpbbcli.php
@@ -84,7 +84,7 @@ $user = $phpbb_container->get('user');
 $user->data['user_id'] = ANONYMOUS;
 $user->ip = '127.0.0.1';

-$application = new \phpbb\console\application('phpBB Console', PHPBB_VERSION, $language);
+$application = new \phpbb\console\application('phpBB Console', PHPBB_VERSION, $language, $config);
 $application->setDispatcher($phpbb_container->get('dispatcher'));
 $application->register_container_commands($phpbb_container->get('console.command_collection'));
 $application->run($input);
--- a/phpBB/cache/.htaccess
+++ b/phpBB/cache/.htaccess
@@ -1,4 +1,33 @@
-<Files *>
-	Order Allow,Deny
-	Deny from All
-</Files>
+# With Apache 2.4 the "Order, Deny" syntax has been deprecated and moved from
+# module mod_authz_host to a new module called mod_access_compat (which may be
+# disabled) and a new "Require" syntax has been introduced to mod_authz_host.
+# We could just conditionally provide both versions, but unfortunately Apache
+# does not explicitly tell us its version if the module mod_version is not
+# available. In this case, we check for the availability of module
+# mod_authz_core (which should be on 2.4 or higher only) as a best guess.
+<IfModule mod_version.c>
+	<IfVersion < 2.4>
+		<Files "*">
+			Order Allow,Deny
+			Deny from All
+		</Files>
+	</IfVersion>
+	<IfVersion >= 2.4>
+		<Files "*">
+			Require all denied
+		</Files>
+	</IfVersion>
+</IfModule>
+<IfModule !mod_version.c>
+	<IfModule !mod_authz_core.c>
+		<Files "*">
+			Order Allow,Deny
+			Deny from All
+		</Files>
+	</IfModule>
+	<IfModule mod_authz_core.c>
+		<Files "*">
+			Require all denied
+		</Files>
+	</IfModule>
+</IfModule>
--- a/phpBB/composer.lock
+++ b/phpBB/composer.lock
@@ -183,6 +183,7 @@
                }
            ],
            "description": "Provides a simple API and specification that abstracts away the details of HTTP into a single PHP function.",
+            "abandoned": true,
            "time": "2018-07-31T13:22:33+00:00"
        },
        {
@@ -233,6 +234,7 @@
                "Guzzle",
                "stream"
            ],
+            "abandoned": true,
            "time": "2014-10-12T19:18:40+00:00"
        },
        {
@@ -577,16 +579,16 @@
        },
        {
            "name": "psr/log",
-            "version": "1.1.2",
+            "version": "1.1.3",
            "source": {
                "type": "git",
                "url": "https://github.com/php-fig/log.git",
-                "reference": "446d54b4cb6bf489fc9d75f55843658e6f25d801"
+                "reference": "0f73288fd15629204f9d42b7055f72dacbe811fc"
            },
            "dist": {
                "type": "zip",
-                "url": "https://api.github.com/repos/php-fig/log/zipball/446d54b4cb6bf489fc9d75f55843658e6f25d801",
-                "reference": "446d54b4cb6bf489fc9d75f55843658e6f25d801",
+                "url": "https://api.github.com/repos/php-fig/log/zipball/0f73288fd15629204f9d42b7055f72dacbe811fc",
+                "reference": "0f73288fd15629204f9d42b7055f72dacbe811fc",
                "shasum": ""
            },
            "require": {
@@ -620,27 +622,27 @@
                "psr",
                "psr-3"
            ],
-            "time": "2019-11-01T11:05:21+00:00"
+            "time": "2020-03-23T09:12:05+00:00"
        },
        {
            "name": "react/promise",
-            "version": "v2.7.1",
+            "version": "v2.8.0",
            "source": {
                "type": "git",
                "url": "https://github.com/reactphp/promise.git",
-                "reference": "31ffa96f8d2ed0341a57848cbb84d88b89dd664d"
+                "reference": "f3cff96a19736714524ca0dd1d4130de73dbbbc4"
            },
            "dist": {
                "type": "zip",
-                "url": "https://api.github.com/repos/reactphp/promise/zipball/31ffa96f8d2ed0341a57848cbb84d88b89dd664d",
-                "reference": "31ffa96f8d2ed0341a57848cbb84d88b89dd664d",
+                "url": "https://api.github.com/repos/reactphp/promise/zipball/f3cff96a19736714524ca0dd1d4130de73dbbbc4",
+                "reference": "f3cff96a19736714524ca0dd1d4130de73dbbbc4",
                "shasum": ""
            },
            "require": {
                "php": ">=5.4.0"
            },
            "require-dev": {
-                "phpunit/phpunit": "~4.8"
+                "phpunit/phpunit": "^7.0 || ^6.5 || ^5.7 || ^4.8.36"
            },
            "type": "library",
            "autoload": {
@@ -666,7 +668,7 @@
                "promise",
                "promises"
            ],
-            "time": "2019-01-07T21:25:54+00:00"
+            "time": "2020-05-12T15:16:56+00:00"
        },
        {
            "name": "s9e/text-formatter",
@@ -1273,16 +1275,16 @@
        },
        {
            "name": "symfony/polyfill-ctype",
-            "version": "v1.13.1",
+            "version": "v1.17.0",
            "source": {
                "type": "git",
                "url": "https://github.com/symfony/polyfill-ctype.git",
-                "reference": "f8f0b461be3385e56d6de3dbb5a0df24c0c275e3"
+                "reference": "e94c8b1bbe2bc77507a1056cdb06451c75b427f9"
            },
            "dist": {
                "type": "zip",
-                "url": "https://api.github.com/repos/symfony/polyfill-ctype/zipball/f8f0b461be3385e56d6de3dbb5a0df24c0c275e3",
-                "reference": "f8f0b461be3385e56d6de3dbb5a0df24c0c275e3",
+                "url": "https://api.github.com/repos/symfony/polyfill-ctype/zipball/e94c8b1bbe2bc77507a1056cdb06451c75b427f9",
+                "reference": "e94c8b1bbe2bc77507a1056cdb06451c75b427f9",
                "shasum": ""
            },
            "require": {
@@ -1294,7 +1296,7 @@
            "type": "library",
            "extra": {
                "branch-alias": {
-                    "dev-master": "1.13-dev"
+                    "dev-master": "1.17-dev"
                }
            },
            "autoload": {
@@ -1327,20 +1329,34 @@
                "polyfill",
                "portable"
            ],
-            "time": "2019-11-27T13:56:44+00:00"
+            "funding": [
+                {
+                    "url": "https://symfony.com/sponsor",
+                    "type": "custom"
+                },
+                {
+                    "url": "https://github.com/fabpot",
+                    "type": "github"
+                },
+                {
+                    "url": "https://tidelift.com/funding/github/packagist/symfony/symfony",
+                    "type": "tidelift"
+                }
+            ],
+            "time": "2020-05-12T16:14:59+00:00"
        },
        {
            "name": "symfony/polyfill-mbstring",
-            "version": "v1.13.1",
+            "version": "v1.17.0",
            "source": {
                "type": "git",
                "url": "https://github.com/symfony/polyfill-mbstring.git",
-                "reference": "7b4aab9743c30be783b73de055d24a39cf4b954f"
+                "reference": "fa79b11539418b02fc5e1897267673ba2c19419c"
            },
            "dist": {
                "type": "zip",
-                "url": "https://api.github.com/repos/symfony/polyfill-mbstring/zipball/7b4aab9743c30be783b73de055d24a39cf4b954f",
-                "reference": "7b4aab9743c30be783b73de055d24a39cf4b954f",
+                "url": "https://api.github.com/repos/symfony/polyfill-mbstring/zipball/fa79b11539418b02fc5e1897267673ba2c19419c",
+                "reference": "fa79b11539418b02fc5e1897267673ba2c19419c",
                "shasum": ""
            },
            "require": {
@@ -1352,7 +1368,7 @@
            "type": "library",
            "extra": {
                "branch-alias": {
-                    "dev-master": "1.13-dev"
+                    "dev-master": "1.17-dev"
                }
            },
            "autoload": {
@@ -1386,20 +1402,34 @@
                "portable",
                "shim"
            ],
-            "time": "2019-11-27T14:18:11+00:00"
+            "funding": [
+                {
+                    "url": "https://symfony.com/sponsor",
+                    "type": "custom"
+                },
+                {
+                    "url": "https://github.com/fabpot",
+                    "type": "github"
+                },
+                {
+                    "url": "https://tidelift.com/funding/github/packagist/symfony/symfony",
+                    "type": "tidelift"
+                }
+            ],
+            "time": "2020-05-12T16:47:27+00:00"
        },
        {
            "name": "symfony/polyfill-php54",
-            "version": "v1.13.1",
+            "version": "v1.17.0",
            "source": {
                "type": "git",
                "url": "https://github.com/symfony/polyfill-php54.git",
-                "reference": "dd1618047426412036e98d159940d58a81fc392c"
+                "reference": "3c71ff0f90fcbd00ca8966f35526e3cbad15d31d"
            },
            "dist": {
                "type": "zip",
-                "url": "https://api.github.com/repos/symfony/polyfill-php54/zipball/dd1618047426412036e98d159940d58a81fc392c",
-                "reference": "dd1618047426412036e98d159940d58a81fc392c",
+                "url": "https://api.github.com/repos/symfony/polyfill-php54/zipball/3c71ff0f90fcbd00ca8966f35526e3cbad15d31d",
+                "reference": "3c71ff0f90fcbd00ca8966f35526e3cbad15d31d",
                "shasum": ""
            },
            "require": {
@@ -1408,7 +1438,7 @@
            "type": "library",
            "extra": {
                "branch-alias": {
-                    "dev-master": "1.13-dev"
+                    "dev-master": "1.17-dev"
                }
            },
            "autoload": {
@@ -1444,20 +1474,34 @@
                "portable",
                "shim"
            ],
-            "time": "2019-11-27T13:56:44+00:00"
+            "funding": [
+                {
+                    "url": "https://symfony.com/sponsor",
+                    "type": "custom"
+                },
+                {
+                    "url": "https://github.com/fabpot",
+                    "type": "github"
+                },
+                {
+                    "url": "https://tidelift.com/funding/github/packagist/symfony/symfony",
+                    "type": "tidelift"
+                }
+            ],
+            "time": "2020-05-12T16:47:27+00:00"
        },
        {
            "name": "symfony/polyfill-php55",
-            "version": "v1.13.1",
+            "version": "v1.17.0",
            "source": {
                "type": "git",
                "url": "https://github.com/symfony/polyfill-php55.git",
-                "reference": "b0d838f225725e2951af1aafc784d2e5ea7b656e"
+                "reference": "875267200645e116261c31ff20c641dbae90fd8d"
            },
            "dist": {
                "type": "zip",
-                "url": "https://api.github.com/repos/symfony/polyfill-php55/zipball/b0d838f225725e2951af1aafc784d2e5ea7b656e",
-                "reference": "b0d838f225725e2951af1aafc784d2e5ea7b656e",
+                "url": "https://api.github.com/repos/symfony/polyfill-php55/zipball/875267200645e116261c31ff20c641dbae90fd8d",
+                "reference": "875267200645e116261c31ff20c641dbae90fd8d",
                "shasum": ""
            },
            "require": {
@@ -1467,7 +1511,7 @@
            "type": "library",
            "extra": {
                "branch-alias": {
-                    "dev-master": "1.13-dev"
+                    "dev-master": "1.17-dev"
                }
            },
            "autoload": {
@@ -1500,20 +1544,34 @@
                "portable",
                "shim"
            ],
-            "time": "2019-11-27T13:56:44+00:00"
+            "funding": [
+                {
+                    "url": "https://symfony.com/sponsor",
+                    "type": "custom"
+                },
+                {
+                    "url": "https://github.com/fabpot",
+                    "type": "github"
+                },
+                {
+                    "url": "https://tidelift.com/funding/github/packagist/symfony/symfony",
+                    "type": "tidelift"
+                }
+            ],
+            "time": "2020-05-12T16:47:27+00:00"
        },
        {
            "name": "symfony/polyfill-php56",
-            "version": "v1.13.1",
+            "version": "v1.17.0",
            "source": {
                "type": "git",
                "url": "https://github.com/symfony/polyfill-php56.git",
-                "reference": "53dd1cdf3cb986893ccf2b96665b25b3abb384f4"
+                "reference": "e3c8c138280cdfe4b81488441555583aa1984e23"
            },
            "dist": {
                "type": "zip",
-                "url": "https://api.github.com/repos/symfony/polyfill-php56/zipball/53dd1cdf3cb986893ccf2b96665b25b3abb384f4",
-                "reference": "53dd1cdf3cb986893ccf2b96665b25b3abb384f4",
+                "url": "https://api.github.com/repos/symfony/polyfill-php56/zipball/e3c8c138280cdfe4b81488441555583aa1984e23",
+                "reference": "e3c8c138280cdfe4b81488441555583aa1984e23",
                "shasum": ""
            },
            "require": {
@@ -1523,7 +1581,7 @@
            "type": "library",
            "extra": {
                "branch-alias": {
-                    "dev-master": "1.13-dev"
+                    "dev-master": "1.17-dev"
                }
            },
            "autoload": {
@@ -1556,20 +1614,34 @@
                "portable",
                "shim"
            ],
-            "time": "2019-11-27T13:56:44+00:00"
+            "funding": [
+                {
+                    "url": "https://symfony.com/sponsor",
+                    "type": "custom"
+                },
+                {
+                    "url": "https://github.com/fabpot",
+                    "type": "github"
+                },
+                {
+                    "url": "https://tidelift.com/funding/github/packagist/symfony/symfony",
+                    "type": "tidelift"
+                }
+            ],
+            "time": "2020-05-12T16:47:27+00:00"
        },
        {
            "name": "symfony/polyfill-util",
-            "version": "v1.13.1",
+            "version": "v1.17.0",
            "source": {
                "type": "git",
                "url": "https://github.com/symfony/polyfill-util.git",
-                "reference": "964a67f293b66b95883a5ed918a65354fcd2258f"
+                "reference": "4afb4110fc037752cf0ce9869f9ab8162c4e20d7"
            },
            "dist": {
                "type": "zip",
-                "url": "https://api.github.com/repos/symfony/polyfill-util/zipball/964a67f293b66b95883a5ed918a65354fcd2258f",
-                "reference": "964a67f293b66b95883a5ed918a65354fcd2258f",
+                "url": "https://api.github.com/repos/symfony/polyfill-util/zipball/4afb4110fc037752cf0ce9869f9ab8162c4e20d7",
+                "reference": "4afb4110fc037752cf0ce9869f9ab8162c4e20d7",
                "shasum": ""
            },
            "require": {
@@ -1578,7 +1650,7 @@
            "type": "library",
            "extra": {
                "branch-alias": {
-                    "dev-master": "1.13-dev"
+                    "dev-master": "1.17-dev"
                }
            },
            "autoload": {
@@ -1608,7 +1680,21 @@
                "polyfill",
                "shim"
            ],
-            "time": "2019-11-27T13:56:44+00:00"
+            "funding": [
+                {
+                    "url": "https://symfony.com/sponsor",
+                    "type": "custom"
+                },
+                {
+                    "url": "https://github.com/fabpot",
+                    "type": "github"
+                },
+                {
+                    "url": "https://tidelift.com/funding/github/packagist/symfony/symfony",
+                    "type": "tidelift"
+                }
+            ],
+            "time": "2020-05-12T16:14:59+00:00"
        },
        {
            "name": "symfony/proxy-manager-bridge",
@@ -1990,6 +2076,7 @@
                "code",
                "zf2"
            ],
+            "abandoned": "laminas/laminas-code",
            "time": "2015-06-03T15:31:59+00:00"
        },
        {
@@ -2035,6 +2122,7 @@
                "eventmanager",
                "zf2"
            ],
+            "abandoned": "laminas/laminas-eventmanager",
            "time": "2015-06-03T15:32:01+00:00"
        },
        {
@@ -2091,6 +2179,7 @@
                "stdlib",
                "zf2"
            ],
+            "abandoned": "laminas/laminas-stdlib",
            "time": "2015-06-03T15:32:03+00:00"
        }
    ],
@@ -2483,24 +2572,24 @@
        },
        {
            "name": "phpspec/prophecy",
-            "version": "1.10.1",
+            "version": "v1.10.3",
            "source": {
                "type": "git",
                "url": "https://github.com/phpspec/prophecy.git",
-                "reference": "cbe1df668b3fe136bcc909126a0f529a78d4cbbc"
+                "reference": "451c3cd1418cf640de218914901e51b064abb093"
            },
            "dist": {
                "type": "zip",
-                "url": "https://api.github.com/repos/phpspec/prophecy/zipball/cbe1df668b3fe136bcc909126a0f529a78d4cbbc",
-                "reference": "cbe1df668b3fe136bcc909126a0f529a78d4cbbc",
+                "url": "https://api.github.com/repos/phpspec/prophecy/zipball/451c3cd1418cf640de218914901e51b064abb093",
+                "reference": "451c3cd1418cf640de218914901e51b064abb093",
                "shasum": ""
            },
            "require": {
                "doctrine/instantiator": "^1.0.2",
                "php": "^5.3|^7.0",
                "phpdocumentor/reflection-docblock": "^2.0|^3.0.2|^4.0|^5.0",
-                "sebastian/comparator": "^1.2.3|^2.0|^3.0",
-                "sebastian/recursion-context": "^1.0|^2.0|^3.0"
+                "sebastian/comparator": "^1.2.3|^2.0|^3.0|^4.0",
+                "sebastian/recursion-context": "^1.0|^2.0|^3.0|^4.0"
            },
            "require-dev": {
                "phpspec/phpspec": "^2.5 || ^3.2",
@@ -2542,7 +2631,7 @@
                "spy",
                "stub"
            ],
-            "time": "2019-12-22T21:05:45+00:00"
+            "time": "2020-03-05T15:02:03+00:00"
        },
        {
            "name": "phpunit/dbunit",
@@ -3763,5 +3852,6 @@
    "platform-dev": [],
    "platform-overrides": {
        "php": "5.4.7"
-    }
+    },
+    "plugin-api-version": "1.1.0"
 }
--- a/phpBB/config/.htaccess
+++ b/phpBB/config/.htaccess
@@ -1,4 +1,33 @@
-<Files *>
-	Order Allow,Deny
-	Deny from All
-</Files>
+# With Apache 2.4 the "Order, Deny" syntax has been deprecated and moved from
+# module mod_authz_host to a new module called mod_access_compat (which may be
+# disabled) and a new "Require" syntax has been introduced to mod_authz_host.
+# We could just conditionally provide both versions, but unfortunately Apache
+# does not explicitly tell us its version if the module mod_version is not
+# available. In this case, we check for the availability of module
+# mod_authz_core (which should be on 2.4 or higher only) as a best guess.
+<IfModule mod_version.c>
+	<IfVersion < 2.4>
+		<Files "*">
+			Order Allow,Deny
+			Deny from All
+		</Files>
+	</IfVersion>
+	<IfVersion >= 2.4>
+		<Files "*">
+			Require all denied
+		</Files>
+	</IfVersion>
+</IfModule>
+<IfModule !mod_version.c>
+	<IfModule !mod_authz_core.c>
+		<Files "*">
+			Order Allow,Deny
+			Deny from All
+		</Files>
+	</IfModule>
+	<IfModule mod_authz_core.c>
+		<Files "*">
+			Require all denied
+		</Files>
+	</IfModule>
+</IfModule>
--- a/phpBB/config/default/container/services_console.yml
+++ b/phpBB/config/default/container/services_console.yml
@@ -128,6 +128,7 @@ services:
            - '@user'
            - '@ext.manager'
            - '@log'
+            - '%cache.driver.class%'
        tags:
            - { name: console.command }

@@ -137,6 +138,7 @@ services:
            - '@user'
            - '@ext.manager'
            - '@log'
+            - '%cache.driver.class%'
        tags:
            - { name: console.command }

@@ -146,6 +148,7 @@ services:
            - '@user'
            - '@ext.manager'
            - '@log'
+            - '%cache.driver.class%'
        tags:
            - { name: console.command }

@@ -155,6 +158,7 @@ services:
            - '@user'
            - '@ext.manager'
            - '@log'
+            - '%cache.driver.class%'
        tags:
            - { name: console.command }

--- a/phpBB/config/default/container/services_profilefield.yml
+++ b/phpBB/config/default/container/services_profilefield.yml
@@ -3,15 +3,20 @@ services:
        class: phpbb\profilefields\manager
        arguments:
            - '@auth'
+            - '@config_text'
            - '@dbal.conn'
+            - '@dbal.tools'
            - '@dispatcher'
+            - '@language'
+            - '@log'
            - '@request'
            - '@template'
            - '@profilefields.type_collection'
            - '@user'
            - '%tables.profile_fields%'
-            - '%tables.profile_fields_language%'
            - '%tables.profile_fields_data%'
+            - '%tables.profile_fields_options_language%'
+            - '%tables.profile_fields_language%'

    profilefields.lang_helper:
        class: phpbb\profilefields\lang_helper
--- a/phpBB/develop/add_permissions.php
+++ b/phpBB/develop/add_permissions.php
@@ -156,6 +156,7 @@ $u_permissions = array(
 	'u_download'	=> array(0, 1),
 	'u_attach'		=> array(0, 1),
 	'u_sig'			=> array(0, 1),
+	'u_emoji'		=> array(0, 1),
 	'u_pm_attach'	=> array(0, 1),
 	'u_pm_bbcode'	=> array(0, 1),
 	'u_pm_smilies'	=> array(0, 1),
--- a/phpBB/docs/CHANGELOG.html
+++ b/phpBB/docs/CHANGELOG.html
@@ -50,6 +50,11 @@
 <ol>
 	<li><a href="#changelog">Changelog</a>
 	<ul>
+		<li><a href="#v3210">Changes since 3.2.10</a></li>
+		<li><a href="#v3210rc2">Changes since 3.2.10-RC2</a></li>
+		<li><a href="#v3210rc1">Changes since 3.2.10-RC1</a></li>
+		<li><a href="#v329">Changes since 3.2.9</a></li>
+		<li><a href="#v329rc1">Changes since 3.2.9-RC1</a></li>
 		<li><a href="#v328">Changes since 3.2.8</a></li>
 		<li><a href="#v328rc1">Changes since 3.2.8-RC1</a></li>
 		<li><a href="#v327">Changes since 3.2.7</a></li>
@@ -141,6 +146,184 @@
 		<div class="inner">

 		<div class="content">
+			<a name="v3210"></a><h3>Changes since 3.2.10</h3>
+			<h4>Security Issue</h4>
+			<ul>
+				<li>[SECURITY-264] - Invalid conversion of HTML entities when stripping BBCode</li>
+			</ul>
+			<h4>Hardening</h4>
+			<ul>
+				<li>[SECURITY-265] - Reduce verbosity of jabber output in ACP</li>
+			</ul>
+
+			<a name="v3210rc2"></a><h3>Changes since 3.2.10-RC2</h3>
+			<h4>Bug</h4>
+			<ul>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16417">PHPBB3-16417</a>] - SQL fatal error while updating database from older versions via CLI</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16524">PHPBB3-16524</a>] - General error (SQL ERROR) on adding emoji character to the profile field</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16534">PHPBB3-16534</a>] - Passwords converted from phpBB2 can have invalid hash</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16539">PHPBB3-16539</a>] - General error (SQL error) on posting page in smilies mode</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16550">PHPBB3-16550</a>] - compact(): Undefined variable: url - in PMs</li>
+			</ul>
+			<h4>Improvement</h4>
+			<ul>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16554">PHPBB3-16554</a>] - Align all .htaccess files to support Apache 2.4 mod_authz_core directives</li>
+			</ul>
+			<h4>Security Issue</h4>
+			<ul>
+				<li>[<a href="http://tracker.phpbb.com/browse/SECURITY-259">SECURITY-259</a>] - Server-Side Request Forgery via FastImageSize in s9e textformatter</li>
+			</ul>
+			<h4>Hardening</h4>
+			<ul>
+				<li>[<a href="http://tracker.phpbb.com/browse/SECURITY-257">SECURITY-257</a>] - Potential RCE via Phar Deserialization through Legacy BBCode Parser</li>
+			</ul>
+
+			<a name="v3210rc1"></a><h3>Changes since 3.2.10-RC1</h3>
+			<h4>Bug</h4>
+			<ul>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16505">PHPBB3-16505</a>] - PHP debug warning while using \phpbb\language\language\lang_array() function</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16507">PHPBB3-16507</a>] - White page when searching users' posts</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16508">PHPBB3-16508</a>] - Whois not working for IPv6 addresses</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16510">PHPBB3-16510</a>] - Missing rows in config table on new install</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16511">PHPBB3-16511</a>] - Fatal error when deleting user in ACP</li>
+			</ul>
+
+			<a name="v329"></a><h3>Changes since 3.2.9</h3>
+			<h4>Bug</h4>
+			<ul>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-10506">PHPBB3-10506</a>] - Not confirming &quot;Save as Draft&quot; strips attachments from PMs</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13426">PHPBB3-13426</a>] - Timezone related fatal error after upgrade to 3.1.2</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13867">PHPBB3-13867</a>] - Profile field types need an enable/disable mechanism</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-13914">PHPBB3-13914</a>] - Could not get style data via MySQL DB auto_increment_offset != 1 </li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-15194">PHPBB3-15194</a>] - Cannot remove group avatar in UCP (manage group)</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-15275">PHPBB3-15275</a>] - Post details: Look up IP links don't properly work</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-15395">PHPBB3-15395</a>] - Very slow FTS on PostgreSQL</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-15438">PHPBB3-15438</a>] - Use wrong word in ACP for logged administrators actions</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-15560">PHPBB3-15560</a>] - Wrong redirection upon hard delete after soft delete in viewtopic</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-15591">PHPBB3-15591</a>] - Users with disabled &quot;Can send instant messages&quot; permission can view jabber address</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-15712">PHPBB3-15712</a>] - Inserting an emoji in PM subject field causes errors</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-15766">PHPBB3-15766</a>] - &quot;No role assigned....&quot; for forum permissions is ambiguous</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-15887">PHPBB3-15887</a>] - Firefox confuses username and e-mail when storing passwords</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-15979">PHPBB3-15979</a>] - Restoring deleted post on edit does not update last post info</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16060">PHPBB3-16060</a>] - auto-prune of shadow topics triggered by prune_all_forums updates wrong timestamp</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16149">PHPBB3-16149</a>] - Missing profile field data</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16222">PHPBB3-16222</a>] - Timezone suggestion in UCP</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16234">PHPBB3-16234</a>] - Search syntax broken when using Sphinx Fulltext backend</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16245">PHPBB3-16245</a>] - Overflow in MSSQL attempting to manage attachments when collection &gt; 2.1 GB</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16289">PHPBB3-16289</a>] - U_VIEW_REPORT in emails is incorrectly HTML-encoded</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16291">PHPBB3-16291</a>] - MCP Front is missing report time</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16296">PHPBB3-16296</a>] - Unable to delete or mark PMs in UCP folder view</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16310">PHPBB3-16310</a>] - S_SOFTDELETE_ALLOWED condition in posting.php is wrong and causes soft delete option to appear when it should not</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16316">PHPBB3-16316</a>] - navbar_header.html of prosilver style breaks Rich-Markup</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16326">PHPBB3-16326</a>] - Passwort Reset - Template - missing class for new and confirm password</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16332">PHPBB3-16332</a>] - Language strings for CODE and QUOTE are missing in the MCP post details and in the member profiles</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16335">PHPBB3-16335</a>] - $display_cat and $download_link are undefined variables for core.parse_attachments_modify_template_data when $denied is true</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16339">PHPBB3-16339</a>] - Poll's voting options are not fully Ajaxed</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16344">PHPBB3-16344</a>] - phpbb_validate_email uses non-existent language keys</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16348">PHPBB3-16348</a>] - user_ban double free of $result when banning a non-existent or disallowed username on command line</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16356">PHPBB3-16356</a>] - Saving a draft does not delete orphaned attachments from the server</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16358">PHPBB3-16358</a>] - Attachment tab should be removed when there are no filters</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16367">PHPBB3-16367</a>] - Feed controller is not actually setting character set of response</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16377">PHPBB3-16377</a>] - Undefined index navlinks in navbar_header</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16391">PHPBB3-16391</a>] - Language file info_mcp_xxx.php from extensions should be included in ACP</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16399">PHPBB3-16399</a>] - Emoji's in topic title cause errors</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16403">PHPBB3-16403</a>] - Attachment icon always displayed in list of reported message</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16407">PHPBB3-16407</a>] - S_MESSAGE_REPORTED and L_MESSAGE_REPORTED aren't defined anywhere</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16416">PHPBB3-16416</a>] - A non-numeric value encountered in ACP attachments settings</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16418">PHPBB3-16418</a>] - A non-numeric value encountered - ACP board start date</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16422">PHPBB3-16422</a>] - bbcode URL tag breaking URL's?</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16423">PHPBB3-16423</a>] - Add Aria Engine to list of Fulltext Supported</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16428">PHPBB3-16428</a>] - Allowed schemes in links and similar fields should check field content</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16432">PHPBB3-16432</a>] - PHP Fatal error:  APCuIterator::__construct(): APC must be enabled to use APCuIterator</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16437">PHPBB3-16437</a>] - Forum permissions don't appear for logged users who cannot post a new topic</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16453">PHPBB3-16453</a>] - Always load permission lang files before core.permissions</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16467">PHPBB3-16467</a>] - phpBB3 does not work with spaces in PostgreSQL database passwords</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16480">PHPBB3-16480</a>] - Fix Emoji in report post</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16485">PHPBB3-16485</a>] - Fix Emoji in logs for warning message</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16486">PHPBB3-16486</a>] - Wrong configuration DB update in 3.2.0-a1 migration</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16487">PHPBB3-16487</a>] - Wrong CDN URL for fontawesome in 3.2.0 migration</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16500">PHPBB3-16500</a>] - Copying topics results in rearranging of inline attachments </li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16503">PHPBB3-16503</a>] - WhoIs lookup has error message in MCP</li>
+			</ul>
+			<h4>Improvement</h4>
+			<ul>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-15370">PHPBB3-15370</a>] - Spinning indicator missing when updating permissions</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-15672">PHPBB3-15672</a>] - Keep same format in Submit changes.</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16163">PHPBB3-16163</a>] - No error message when there is no displayed post in the MCP</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16328">PHPBB3-16328</a>] - Inform users about PHP requirements in PHP 3.3</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16350">PHPBB3-16350</a>] - Move acp/mcp ban code to functions_admin.php</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16351">PHPBB3-16351</a>] - Use CHMOD constants from filesystem_interface</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16352">PHPBB3-16352</a>] - Deprecate unused functions/classes</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16370">PHPBB3-16370</a>] - Add core events for Notification</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16381">PHPBB3-16381</a>] - Add core event to Modify Topics SQL</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16383">PHPBB3-16383</a>] - Add core events to modify friends list</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16384">PHPBB3-16384</a>] - Add template events friends list username {prepend/append}</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16388">PHPBB3-16388</a>] - Add new events in viewforum_body.html and viewtopic_body.html</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16406">PHPBB3-16406</a>] - Event core.notification_manager_add_notifications_for_users_modify_data incorrectly placed</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16411">PHPBB3-16411</a>] - Add vars to notification core events</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16421">PHPBB3-16421</a>] - Add contact field icon template events to viewtopic_body.html</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16424">PHPBB3-16424</a>] - Add base_url to generate_smilies events</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16425">PHPBB3-16425</a>] - Add event core.generate_smilies_modify_sql</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16429">PHPBB3-16429</a>] - Add vars to 2 ACP User core events</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16433">PHPBB3-16433</a>] - Add data array to core.ucp_register_user_row_after</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16443">PHPBB3-16443</a>] - Add event core.ucp_pm_compose_modify_parse_after</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16444">PHPBB3-16444</a>] - Add event core.ucp_pm_view_message_before</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16446">PHPBB3-16446</a>] - Add event core.message_history_modify_rowset</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16447">PHPBB3-16447</a>] - Add event core.ucp_pm_compose_compose_pm_basic_info_query_after</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16448">PHPBB3-16448</a>] - Add event core.mcp_get_post_data_after</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16450">PHPBB3-16450</a>] - ACP permission tabs don't use all available space</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16456">PHPBB3-16456</a>] - Add event core.text_formatter_s9e_get_errors</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16458">PHPBB3-16458</a>] - Add template events to acp_profile.html</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16461">PHPBB3-16461</a>] - Ignore .idea and node_modules</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16463">PHPBB3-16463</a>] - Fix &quot;acp_board.php&quot; where &quot;ACP_SUBMIT_CHANGES&quot; is not displayed.</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16468">PHPBB3-16468</a>] - Amend DocBlocks for user_delete()</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16494">PHPBB3-16494</a>] - Update composer and composer dependencies</li>
+			</ul>
+			<h4>New Feature</h4>
+			<ul>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16329">PHPBB3-16329</a>] - Strip Exif metadata from uploaded image attachments</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16330">PHPBB3-16330</a>] - Enable ACP option to specify image compression level</li>
+			</ul>
+			<h4>Sub-task</h4>
+			<ul>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16233">PHPBB3-16233</a>] - Enable exact phrase searching with Sphinx Fulltext</li>
+			</ul>
+			<h4>Task</h4>
+			<ul>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-15609">PHPBB3-15609</a>] - Discrepancy and bugs between moderation queue and reports</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16121">PHPBB3-16121</a>] - Add footer-row to simple_footer.html</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16122">PHPBB3-16122</a>] - RANK_IMG, GROUP_RANK and RANK_TITLE variables are useless in some template files</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16392">PHPBB3-16392</a>] - Update composer &amp; dependencies</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16415">PHPBB3-16415</a>] - Use API token for appveyor builds</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16419">PHPBB3-16419</a>] - Add mrgoldy to CREDITS.txt</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16496">PHPBB3-16496</a>] - The help line text for custom BBcode could be wrongly displayed</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16506">PHPBB3-16506</a>] - Update credits to latest state</li>
+			</ul>
+
+			<a name="v329rc1"></a><h3>Changes since 3.2.9-RC1</h3>
+			<h4>Bug</h4>
+			<ul>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-15592">PHPBB3-15592</a>] - &quot;Place inline&quot; button appears when BBcode is disabled (Post settings)</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16269">PHPBB3-16269</a>] - Sphinx backend indexes HTML markup as keywords</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16282">PHPBB3-16282</a>] - Default jQuery CDN URL is outdated on new installs</li>
+			</ul>
+			<h4>Improvement</h4>
+			<ul>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16271">PHPBB3-16271</a>] - Add support for 3.3.x API documentation</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16279">PHPBB3-16279</a>] - Add permission for Emojii in topic title</li>
+			</ul>
+			<h4>Security</h4>
+			<ul>
+				<li>[SECURITY-249] - Group avatar overwrite on invalid submit</li>
+				<li>[SECURITY-250] - Group leader can be tricked into approving user</li>
+			</ul>
+			<h4>Hardening</h4>
+			<ul>
+				<li>[SECURITY-251] - Unwanted move of PMs to folders</li>
+				<li>[SECURITY-252] - PMs of unsuspecting users can be marked as important</li>
+				<li>[SECURITY-253] - PM export without proper validation</li>
+			</ul>
+
 			<a name="v328"></a><h3>Changes since 3.2.8</h3>
 			<h4>Bug</h4>
 			<ul>
--- a/phpBB/docs/CREDITS.txt
+++ b/phpBB/docs/CREDITS.txt
@@ -22,16 +22,15 @@ phpBB Project Manager:   Marshalrusty (Yuriy Rusko)

 phpBB Lead Developer:    Marc (Marc Alexander)

-phpBB Developers:        bantu (Andreas Fischer)
-                         CHItA (Máté Bartus)
+phpBB Developers:        CHItA (Máté Bartus)
                         Derky (Derk Ruitenbeek)
-                         Elsensee (Oliver Schramm)
                         Hanakin (Michael Miday)
+                         mrgoldy (Gijs Martens)
                         Nicofuma (Tristan Darricau)
                         rubencm (Rubén Calvo)

 For a list of phpBB Team members, please see:
-http://www.phpbb.com/about/team/
+https://www.phpbb.com/about/team/

 For a full list of phpBB code contributors, please see:
 https://github.com/phpbb/phpbb/graphs/contributors
@@ -52,11 +51,13 @@ phpBB Developers:        A_Jelly_Doughnut (Josh Woody) [01/2010 - 11/2010]
                         APTX (Marek A. Ruszczyński)   [12/2007 - 04/2011]
                         Arty (Vjacheslav Trushkin)    [02/2012 - 07/2012]
                         Ashe (Ludovic Arnaud)         [10/2002 - 11/2003, 06/2006 - 10/2006]
+                         bantu (Andreas Fischer)       [07/2009 - 06/2020]
                         BartVB (Bart van Bragt)       [11/2000 - 03/2006]
                         ckwalsh (Cullen Walsh)        [01/2010 - 07/2011]
                         DavidMJ (David M.)            [12/2005 - 08/2009]
                         dhn (Dominik Dröscher)        [05/2007 - 01/2011]
                         dhruv.goel92 (Dhruv Goel)     [04/2013 - 05/2016]
+                         Elsensee (Oliver Schramm)     [03/2015 - 06/2020]
                         EXreaction (Nathan Guse)      [07/2012 - 05/2014]
                         GrahamJE (Graham Eames)       [09/2005 - 11/2006]
                         igorw (Igor Wiedler)          [08/2010 - 02/2013]
--- a/phpBB/docs/events.md
+++ b/phpBB/docs/events.md
@@ -410,6 +410,27 @@ acp_posting_buttons_custom_tags_before
 * Since: 3.1.10-RC1
 * Purpose: Add content before the custom BBCodes in the ACP

+acp_profile_basic_options_after
+===
+* Locations:
+    + adm/style/acp_profile.html
+* Since: 3.2.10-RC1
+* Purpose: Add content after custom profile field basic options in the ACP
+
+acp_profile_basic_options_before
+===
+* Locations:
+    + adm/style/acp_profile.html
+* Since: 3.2.10-RC1
+* Purpose: Add content before custom profile field basic options in the ACP
+
+acp_profile_contact_after
+===
+* Locations:
+    + adm/style/acp_profile.html
+* Since: 3.2.10-RC1
+* Purpose: Add content after contact specific custom profile field option in the ACP
+
 acp_profile_contact_before
 ===
 * Locations:
@@ -424,6 +445,13 @@ acp_profile_contact_last
 * Since: 3.1.11-RC1
 * Purpose: Add contact specific options to custom profile fields in the ACP

+acp_profile_options_before
+===
+* Locations:
+    + adm/style/acp_profile.html
+* Since: 3.2.10-RC1
+* Purpose: Add content before custom profile field options in the ACP
+
 acp_profile_step_one_lang_after
 ===
 * Locations:
@@ -431,6 +459,20 @@ acp_profile_step_one_lang_after
 * Since: 3.1.11-RC1
 * Purpose: Add extra lang specific options to custom profile field step one configuration in the ACP

+acp_profile_visibility_options_after
+===
+* Locations:
+    + adm/style/acp_profile.html
+* Since: 3.2.10-RC1
+* Purpose: Add content after custom profile field visibility options in the ACP
+
+acp_profile_visibility_options_before
+===
+* Locations:
+    + adm/style/acp_profile.html
+* Since: 3.2.10-RC1
+* Purpose: Add content before custom profile field visibility options in the ACP
+
 acp_prune_forums_append
 ===
 * Locations:
@@ -1894,6 +1936,34 @@ posting_editor_submit_buttons
 * Since: 3.1.6-RC1
 * Purpose: Add custom buttons in the posting editor

+posting_editor_topic_icons_after
+===
+* Locations:
+    + styles/prosilver/template/posting_editor.html
+* Since: 3.2.10-RC1
+* Purpose: Add custom data after the topic icons loop
+
+posting_editor_topic_icons_append
+===
+* Locations:
+    + styles/prosilver/template/posting_editor.html
+* Since: 3.2.10-RC1
+* Purpose: Append custom data to the topic icon
+
+posting_editor_topic_icons_before
+===
+* Locations:
+    + styles/prosilver/template/posting_editor.html
+* Since: 3.2.10-RC1
+* Purpose: Add custom data before the topic icons loop
+
+posting_editor_topic_icons_prepend
+===
+* Locations:
+    + styles/prosilver/template/posting_editor.html
+* Since: 3.2.10-RC1
+* Purpose: Prepend custom data to the topic icon
+
 posting_layout_include_panel_body
 ===
 * Locations:
@@ -2376,6 +2446,34 @@ ucp_friend_list_before
 * Since: 3.1.0-a4
 * Purpose: Add optional elements before list of friends in UCP

+ucp_header_friends_offline_username_full_append
+===
+* Locations:
+    + styles/prosilver/template/ucp_header.html
+* Since: 3.2.10-RC1
+* Purpose: Append information to offline friends username in UCP
+
+ucp_header_friends_offline_username_full_prepend
+===
+* Locations:
+    + styles/prosilver/template/ucp_header.html
+* Since: 3.2.10-RC1
+* Purpose: Prepend information to offline friends username in UCP
+
+ucp_header_friends_online_username_full_append
+===
+* Locations:
+    + styles/prosilver/template/ucp_header.html
+* Since: 3.2.10-RC1
+* Purpose: Append information to online friends username in UCP
+
+ucp_header_friends_online_username_full_prepend
+===
+* Locations:
+    + styles/prosilver/template/ucp_header.html
+* Since: 3.2.10-RC1
+* Purpose: Prepend information to online friends username in UCP
+
 ucp_main_front_user_activity_after
 ===
 * Locations:
@@ -2730,6 +2828,13 @@ viewforum_body_last_post_author_username_prepend
 * Since: 3.2.4-RC1
 * Purpose: Prepend information to last post author username of member

+viewforum_body_online_list_before
+===
+* Locations:
+    + styles/prosilver/template/viewforum_body.html
+* Since: 3.2.10-RC1
+* Purpose: Add content before the online users list
+
 viewforum_body_topic_author_username_append
 ===
 * Locations:
@@ -2879,6 +2984,20 @@ viewtopic_body_contact_fields_before
 * Purpose: Add data before the contact fields on the user profile when viewing
 a post

+viewtopic_body_contact_icon_append
+===
+* Locations:
+    + styles/prosilver/template/viewtopic_body.html
+* Since: 3.2.10-RC1
+* Purpose: Add content directly after the contact field icons in post user miniprofiles
+
+viewtopic_body_contact_icon_prepend
+===
+* Locations:
+    + styles/prosilver/template/viewtopic_body.html
+* Since: 3.2.10-RC1
+* Purpose: Add content directly before the contact field icons in post user miniprofiles
+
 viewtopic_body_footer_before
 ===
 * Locations:
@@ -2887,6 +3006,13 @@ viewtopic_body_footer_before
 * Purpose: Add content to the bottom of the View topic screen below the posts
 and quick reply, directly before the jumpbox in Prosilver.

+viewtopic_body_online_list_before
+===
+* Locations:
+    + styles/prosilver/template/viewtopic_body.html
+* Since: 3.2.10-RC1
+* Purpose: Add content before the online users list
+
 viewtopic_body_pagination_top_after
 ===
 * Locations:
--- a/phpBB/docs/sphinx.sample.conf
+++ b/phpBB/docs/sphinx.sample.conf
@@ -70,10 +70,16 @@ index index_phpbb_{SPHINX_ID}_main
 	docinfo = extern
 	morphology = none
 	stopwords =
+	wordforms =  # optional, specify path to wordforms file. See ./docs/sphinx_wordforms.txt for example
+	exceptions =  # optional, specify path to exceptions file. See ./docs/sphinx_exceptions.txt for example
 	min_word_len = 2
 	charset_table = U+FF10..U+FF19->0..9, 0..9, U+FF41..U+FF5A->a..z, U+FF21..U+FF3A->a..z, A..Z->a..z, a..z, U+0149, U+017F, U+0138, U+00DF, U+00FF, U+00C0..U+00D6->U+00E0..U+00F6, U+00E0..U+00F6, U+00D8..U+00DE->U+00F8..U+00FE, U+00F8..U+00FE, U+0100->U+0101, U+0101, U+0102->U+0103, U+0103, U+0104->U+0105, U+0105, U+0106->U+0107, U+0107, U+0108->U+0109, U+0109, U+010A->U+010B, U+010B, U+010C->U+010D, U+010D, U+010E->U+010F, U+010F, U+0110->U+0111, U+0111, U+0112->U+0113, U+0113, U+0114->U+0115, U+0115, U+0116->U+0117, U+0117, U+0118->U+0119, U+0119, U+011A->U+011B, U+011B, U+011C->U+011D, U+011D, U+011E->U+011F, U+011F, U+0130->U+0131, U+0131, U+0132->U+0133, U+0133, U+0134->U+0135, U+0135, U+0136->U+0137, U+0137, U+0139->U+013A, U+013A, U+013B->U+013C, U+013C, U+013D->U+013E, U+013E, U+013F->U+0140, U+0140, U+0141->U+0142, U+0142, U+0143->U+0144, U+0144, U+0145->U+0146, U+0146, U+0147->U+0148, U+0148, U+014A->U+014B, U+014B, U+014C->U+014D, U+014D, U+014E->U+014F, U+014F, U+0150->U+0151, U+0151, U+0152->U+0153, U+0153, U+0154->U+0155, U+0155, U+0156->U+0157, U+0157, U+0158->U+0159, U+0159, U+015A->U+015B, U+015B, U+015C->U+015D, U+015D, U+015E->U+015F, U+015F, U+0160->U+0161, U+0161, U+0162->U+0163, U+0163, U+0164->U+0165, U+0165, U+0166->U+0167, U+0167, U+0168->U+0169, U+0169, U+016A->U+016B, U+016B, U+016C->U+016D, U+016D, U+016E->U+016F, U+016F, U+0170->U+0171, U+0171, U+0172->U+0173, U+0173, U+0174->U+0175, U+0175, U+0176->U+0177, U+0177, U+0178->U+00FF, U+00FF, U+0179->U+017A, U+017A, U+017B->U+017C, U+017C, U+017D->U+017E, U+017E, U+0410..U+042F->U+0430..U+044F, U+0430..U+044F, U+4E00..U+9FFF
-	min_prefix_len = 0
-	min_infix_len = 0
+	ignore_chars = U+0027, U+002C
+	min_prefix_len = 3 # Minimum number of characters for wildcard searches by prefix (min 1). Default is 3. If specified, set min_infix_len to 0
+	min_infix_len = 0 # Minimum number of characters for wildcard searches by infix (min 2). If specified, set min_prefix_len to 0
+	html_strip = 1
+	index_exact_words = 0 # Set to 1 to enable exact search operator. Requires wordforms or morphology
+	blend_chars = U+23, U+24, U+25, U+26, U+40
 }
 index index_phpbb_{SPHINX_ID}_delta : index_phpbb_{SPHINX_ID}_main
 {
--- a/phpBB/docs/sphinx_exceptions.txt
+++ b/phpBB/docs/sphinx_exceptions.txt
@@ -0,0 +1,97 @@
+# Sample tokenised exception file for phpBB using Sphinx search engine
+#
+# Exceptions allow one or more tokens to be mapped to a single keyword. 
+# Exceptions are defined BEFORE tokenisation and are therefore case sensitive and accept characters that would normally be excluded such as punctuation.
+# Exceptions are applied to both indexing and searching, such that search queries for one mapped variation will find all others.
+# List needs to be customised according to board and language requirements.
+# Please remove all commented lines before use.
+#
+# See Sphinx documentation for further details: http://sphinxsearch.com/docs/current/conf-exceptions.html
+#
+# Examples:
+#
+# Acronyms and initialisms
+U.S.A. => usa
+u.s.a. => usa
+U.S.A => usa
+u.s.a => usa
+USA => usa
+U.S. => usa
+u.s. => usa
+U.S => usa
+u.s => usa
+US => usa
+# Abbreviations using ampersand
+profit & loss => p&l
+profit and loss => p&l
+P & L => p&l
+P and L => p&l
+p & l => p&l
+p and l => p&l
+# Ampersands
+& => and
+# Ordinals
+1st => first
+1ST => first
+2nd => second
+2ND => second
+3rd => third
+3RD => third
+4th => fourth
+4TH => fourth
+5th => fifth
+5TH => fifth
+6th => sixth
+6TH => sixth
+7th => seventh
+7TH => seventh
+8th => eighth
+8TH => eighth
+9th => ninth
+9TH => ninth
+10th => tenth
+10TH => tenth
+# Numerals
+1 => one
+2 => two
+3 => three
+4 => four
+5 => five
+6 => six
+7 => seven
+8 => eight
+9 => nine
+10 => ten
+11 => eleven
+12 => twelve
+13 => thirteen
+14 => fourteen
+15 => fifteen
+16 => sixteen
+17 => seventeen
+18 => eighteen
+19 => nineteen
+20 => twenty
+30 => thirty
+40 => forty
+50 => fifty
+60 => sixty
+70 => seventy
+80 => eighty
+90 => ninety
+100 => one hundred
+1000 => one thousand
+10000 => ten thousand
+100000 => one hundred thousand
+1000000 => one million
+1000000000 => one billion
+# Numbered groupings / decades
+10s => tens
+20s => twenties
+30s => thirties
+40s => forties
+50s => fifties
+60s => sixties
+70s => seventies
+80s => eighties
+90s => nineties
--- a/phpBB/docs/sphinx_wordforms.txt
+++ b/phpBB/docs/sphinx_wordforms.txt
--- a/phpBB/files/.htaccess
+++ b/phpBB/files/.htaccess
@@ -1,4 +1,33 @@
-<Files *>
-	Order Allow,Deny
-	Deny from All
-</Files>
+# With Apache 2.4 the "Order, Deny" syntax has been deprecated and moved from
+# module mod_authz_host to a new module called mod_access_compat (which may be
+# disabled) and a new "Require" syntax has been introduced to mod_authz_host.
+# We could just conditionally provide both versions, but unfortunately Apache
+# does not explicitly tell us its version if the module mod_version is not
+# available. In this case, we check for the availability of module
+# mod_authz_core (which should be on 2.4 or higher only) as a best guess.
+<IfModule mod_version.c>
+	<IfVersion < 2.4>
+		<Files "*">
+			Order Allow,Deny
+			Deny from All
+		</Files>
+	</IfVersion>
+	<IfVersion >= 2.4>
+		<Files "*">
+			Require all denied
+		</Files>
+	</IfVersion>
+</IfModule>
+<IfModule !mod_version.c>
+	<IfModule !mod_authz_core.c>
+		<Files "*">
+			Order Allow,Deny
+			Deny from All
+		</Files>
+	</IfModule>
+	<IfModule mod_authz_core.c>
+		<Files "*">
+			Require all denied
+		</Files>
+	</IfModule>
+</IfModule>
--- a/phpBB/images/avatars/upload/.htaccess
+++ b/phpBB/images/avatars/upload/.htaccess
@@ -1,4 +1,33 @@
-<Files *>
-	Order Allow,Deny
-	Deny from All
-</Files>
+# With Apache 2.4 the "Order, Deny" syntax has been deprecated and moved from
+# module mod_authz_host to a new module called mod_access_compat (which may be
+# disabled) and a new "Require" syntax has been introduced to mod_authz_host.
+# We could just conditionally provide both versions, but unfortunately Apache
+# does not explicitly tell us its version if the module mod_version is not
+# available. In this case, we check for the availability of module
+# mod_authz_core (which should be on 2.4 or higher only) as a best guess.
+<IfModule mod_version.c>
+	<IfVersion < 2.4>
+		<Files "*">
+			Order Allow,Deny
+			Deny from All
+		</Files>
+	</IfVersion>
+	<IfVersion >= 2.4>
+		<Files "*">
+			Require all denied
+		</Files>
+	</IfVersion>
+</IfModule>
+<IfModule !mod_version.c>
+	<IfModule !mod_authz_core.c>
+		<Files "*">
+			Order Allow,Deny
+			Deny from All
+		</Files>
+	</IfModule>
+	<IfModule mod_authz_core.c>
+		<Files "*">
+			Require all denied
+		</Files>
+	</IfModule>
+</IfModule>
--- a/phpBB/includes/.htaccess
+++ b/phpBB/includes/.htaccess
@@ -1,4 +1,33 @@
-<Files *>
-	Order Allow,Deny
-	Deny from All
-</Files>
+# With Apache 2.4 the "Order, Deny" syntax has been deprecated and moved from
+# module mod_authz_host to a new module called mod_access_compat (which may be
+# disabled) and a new "Require" syntax has been introduced to mod_authz_host.
+# We could just conditionally provide both versions, but unfortunately Apache
+# does not explicitly tell us its version if the module mod_version is not
+# available. In this case, we check for the availability of module
+# mod_authz_core (which should be on 2.4 or higher only) as a best guess.
+<IfModule mod_version.c>
+	<IfVersion < 2.4>
+		<Files "*">
+			Order Allow,Deny
+			Deny from All
+		</Files>
+	</IfVersion>
+	<IfVersion >= 2.4>
+		<Files "*">
+			Require all denied
+		</Files>
+	</IfVersion>
+</IfModule>
+<IfModule !mod_version.c>
+	<IfModule !mod_authz_core.c>
+		<Files "*">
+			Order Allow,Deny
+			Deny from All
+		</Files>
+	</IfModule>
+	<IfModule mod_authz_core.c>
+		<Files "*">
+			Require all denied
+		</Files>
+	</IfModule>
+</IfModule>
--- a/phpBB/includes/acp/acp_attachments.php
+++ b/phpBB/includes/acp/acp_attachments.php
@@ -123,17 +123,29 @@ class acp_attachments
 					include($phpbb_root_path . 'includes/functions_posting.' . $phpEx);
 				}

-				$sql = 'SELECT group_name, cat_id
+				$allowed_pm_groups = [];
+				$allowed_post_groups = [];
+				$s_assigned_groups = [];
+
+				$sql = 'SELECT group_id, group_name, cat_id, allow_group, allow_in_pm
 					FROM ' . EXTENSION_GROUPS_TABLE . '
 					WHERE cat_id > 0
 					ORDER BY cat_id';
 				$result = $db->sql_query($sql);
-
-				$s_assigned_groups = array();
 				while ($row = $db->sql_fetchrow($result))
 				{
 					$row['group_name'] = $this->language->is_set('EXT_GROUP_' . utf8_strtoupper($row['group_name'])) ? $this->language->lang('EXT_GROUP_' . utf8_strtoupper($row['group_name'])) : $row['group_name'];
 					$s_assigned_groups[$row['cat_id']][] = $row['group_name'];
+
+					if ($row['allow_group'])
+					{
+						$allowed_post_groups[] = $row['group_id'];
+					}
+
+					if ($row['allow_in_pm'])
+					{
+						$allowed_pm_groups[] = $row['group_id'];
+					}
 				}
 				$db->sql_freeresult($result);

@@ -151,13 +163,13 @@ class acp_attachments

 						'allow_attachments'		=> array('lang' => 'ALLOW_ATTACHMENTS',		'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => false),
 						'allow_pm_attach'		=> array('lang' => 'ALLOW_PM_ATTACHMENTS',	'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => false),
+						'max_attachments'		=> array('lang' => 'MAX_ATTACHMENTS',		'validate' => 'int:0:999',	'type' => 'number:0:999', 'explain' => false),
+						'max_attachments_pm'	=> array('lang' => 'MAX_ATTACHMENTS_PM',	'validate' => 'int:0:999',	'type' => 'number:0:999', 'explain' => false),
 						'upload_path'			=> array('lang' => 'UPLOAD_DIR',			'validate' => 'wpath',	'type' => 'text:25:100', 'explain' => true),
 						'display_order'			=> array('lang' => 'DISPLAY_ORDER',			'validate' => 'bool',	'type' => 'custom', 'method' => 'display_order', 'explain' => true),
 						'attachment_quota'		=> array('lang' => 'ATTACH_QUOTA',			'validate' => 'string',	'type' => 'custom', 'method' => 'max_filesize', 'explain' => true),
 						'max_filesize'			=> array('lang' => 'ATTACH_MAX_FILESIZE',	'validate' => 'string',	'type' => 'custom', 'method' => 'max_filesize', 'explain' => true),
 						'max_filesize_pm'		=> array('lang' => 'ATTACH_MAX_PM_FILESIZE','validate' => 'string',	'type' => 'custom', 'method' => 'max_filesize', 'explain' => true),
-						'max_attachments'		=> array('lang' => 'MAX_ATTACHMENTS',		'validate' => 'int:0:999',	'type' => 'number:0:999', 'explain' => false),
-						'max_attachments_pm'	=> array('lang' => 'MAX_ATTACHMENTS_PM',	'validate' => 'int:0:999',	'type' => 'number:0:999', 'explain' => false),
 						'secure_downloads'		=> array('lang' => 'SECURE_DOWNLOADS',		'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
 						'secure_allow_deny'		=> array('lang' => 'SECURE_ALLOW_DENY',		'validate' => 'int',	'type' => 'custom', 'method' => 'select_allow_deny', 'explain' => true),
 						'secure_allow_empty_referer'	=> array('lang' => 'SECURE_EMPTY_REFERRER', 'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
@@ -169,6 +181,8 @@ class acp_attachments
 						'img_max_thumb_width'		=> array('lang' => 'MAX_THUMB_WIDTH',		'validate' => 'int:0:999999999999999',	'type' => 'number:0:999999999999999', 'explain' => true, 'append' => ' ' . $user->lang['PIXEL']),
 						'img_min_thumb_filesize'	=> array('lang' => 'MIN_THUMB_FILESIZE',	'validate' => 'int:0:999999999999999',	'type' => 'number:0:999999999999999', 'explain' => true, 'append' => ' ' . $user->lang['BYTES']),
 						'img_max'					=> array('lang' => 'MAX_IMAGE_SIZE',		'validate' => 'int:0:9999',	'type' => 'dimension:0:9999', 'explain' => true, 'append' => ' ' . $user->lang['PIXEL']),
+						'img_strip_metadata'		=> array('lang' => 'IMAGE_STRIP_METADATA',	'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
+						'img_quality'				=> array('lang' => 'IMAGE_QUALITY',			'validate' => 'int:50:90',	'type' => 'number:50:90', 'explain' => true, 'append' => ' &percnt;'),
 						'img_link'					=> array('lang' => 'IMAGE_LINK_SIZE',		'validate' => 'int:0:9999',	'type' => 'dimension:0:9999', 'explain' => true, 'append' => ' ' . $user->lang['PIXEL']),
 					)
 				);
@@ -211,6 +225,9 @@ class acp_attachments
 					if (in_array($config_name, array('attachment_quota', 'max_filesize', 'max_filesize_pm')))
 					{
 						$size_var = $request->variable($config_name, '');
+
+						$config_value = (int) $config_value;
+
 						$this->new_config[$config_name] = $config_value = ($size_var == 'kb') ? round($config_value * 1024) : (($size_var == 'mb') ? round($config_value * 1048576) : $config_value);
 					}

@@ -259,10 +276,14 @@ class acp_attachments
 				$db->sql_freeresult($result);

 				$template->assign_vars(array(
+					'S_EMPTY_PM_GROUPS'		=> empty($allowed_pm_groups),
+					'S_EMPTY_POST_GROUPS'	=> empty($allowed_post_groups),
 					'S_SECURE_DOWNLOADS'	=> $this->new_config['secure_downloads'],
 					'S_DEFINED_IPS'			=> ($defined_ips != '') ? true : false,
 					'S_WARNING'				=> (count($error)) ? true : false,

+					'U_EXTENSION_GROUPS'	=> append_sid("{$phpbb_admin_path}index.$phpEx", "i=$id&amp;mode=ext_groups"),
+
 					'WARNING_MSG'			=> implode('<br />', $error),
 					'DEFINED_IPS'			=> $defined_ips,

@@ -1291,7 +1312,7 @@ class acp_attachments
 	*/
 	public function get_attachment_stats($limit = '')
 	{
-		$sql = 'SELECT COUNT(a.attach_id) AS num_files, SUM(a.filesize) AS upload_dir_size
+		$sql = 'SELECT COUNT(a.attach_id) AS num_files, SUM(' . $this->db->cast_expr_to_bigint('a.filesize') . ') AS upload_dir_size
 			FROM ' . ATTACHMENTS_TABLE . " a
 			WHERE a.is_orphan = 0
 				$limit";
@@ -1478,7 +1499,7 @@ class acp_attachments

 				try
 				{
-					$this->filesystem->phpbb_chmod($phpbb_root_path . $upload_dir, CHMOD_READ | CHMOD_WRITE);
+					$this->filesystem->phpbb_chmod($phpbb_root_path . $upload_dir, \phpbb\filesystem\filesystem_interface::CHMOD_READ | \phpbb\filesystem\filesystem_interface::CHMOD_WRITE);
 				}
 				catch (\phpbb\filesystem\exception\filesystem_exception $e)
 				{
--- a/phpBB/includes/acp/acp_ban.php
+++ b/phpBB/includes/acp/acp_ban.php
@@ -156,7 +156,8 @@ class acp_ban
 			break;
 		}

-		self::display_ban_options($mode);
+		display_ban_end_options();
+		display_ban_options($mode);

 		$template->assign_vars(array(
 			'L_TITLE'				=> $this->page_title,
@@ -173,126 +174,4 @@ class acp_ban
 			'U_FIND_USERNAME'	=> append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=searchuser&amp;form=acp_ban&amp;field=ban'),
 		));
 	}
-
-	/**
-	* Display ban options
-	*/
-	static public function display_ban_options($mode)
-	{
-		global $user, $db, $template;
-
-		// Ban length options
-		$ban_end_text = array(0 => $user->lang['PERMANENT'], 30 => $user->lang['30_MINS'], 60 => $user->lang['1_HOUR'], 360 => $user->lang['6_HOURS'], 1440 => $user->lang['1_DAY'], 10080 => $user->lang['7_DAYS'], 20160 => $user->lang['2_WEEKS'], 40320 => $user->lang['1_MONTH'], -1 => $user->lang['UNTIL'] . ' -&gt; ');
-
-		$ban_end_options = '';
-		foreach ($ban_end_text as $length => $text)
-		{
-			$ban_end_options .= '<option value="' . $length . '">' . $text . '</option>';
-		}
-
-		switch ($mode)
-		{
-			case 'user':
-
-				$field = 'username';
-
-				$sql = 'SELECT b.*, u.user_id, u.username, u.username_clean
-					FROM ' . BANLIST_TABLE . ' b, ' . USERS_TABLE . ' u
-					WHERE (b.ban_end >= ' . time() . '
-							OR b.ban_end = 0)
-						AND u.user_id = b.ban_userid
-					ORDER BY u.username_clean ASC';
-			break;
-
-			case 'ip':
-
-				$field = 'ban_ip';
-
-				$sql = 'SELECT *
-					FROM ' . BANLIST_TABLE . '
-					WHERE (ban_end >= ' . time() . "
-							OR ban_end = 0)
-						AND ban_ip <> ''
-					ORDER BY ban_ip";
-			break;
-
-			case 'email':
-
-				$field = 'ban_email';
-
-				$sql = 'SELECT *
-					FROM ' . BANLIST_TABLE . '
-					WHERE (ban_end >= ' . time() . "
-							OR ban_end = 0)
-						AND ban_email <> ''
-					ORDER BY ban_email";
-			break;
-		}
-		$result = $db->sql_query($sql);
-
-		$banned_options = $excluded_options = array();
-		while ($row = $db->sql_fetchrow($result))
-		{
-			$option = '<option value="' . $row['ban_id'] . '">' . $row[$field] . '</option>';
-
-			if ($row['ban_exclude'])
-			{
-				$excluded_options[] = $option;
-			}
-			else
-			{
-				$banned_options[] = $option;
-			}
-
-			$time_length = ($row['ban_end']) ? ($row['ban_end'] - $row['ban_start']) / 60 : 0;
-
-			if ($time_length == 0)
-			{
-				// Banned permanently
-				$ban_length = $user->lang['PERMANENT'];
-			}
-			else if (isset($ban_end_text[$time_length]))
-			{
-				// Banned for a given duration
-				$ban_length = $user->lang('BANNED_UNTIL_DURATION', $ban_end_text[$time_length], $user->format_date($row['ban_end'], false, true));
-			}
-			else
-			{
-				// Banned until given date
-				$ban_length = $user->lang('BANNED_UNTIL_DATE', $user->format_date($row['ban_end'], false, true));
-			}
-
-			$template->assign_block_vars('bans', array(
-				'BAN_ID'		=> (int) $row['ban_id'],
-				'LENGTH'		=> $ban_length,
-				'A_LENGTH'		=> addslashes($ban_length),
-				'REASON'		=> $row['ban_reason'],
-				'A_REASON'		=> addslashes($row['ban_reason']),
-				'GIVE_REASON'	=> $row['ban_give_reason'],
-				'A_GIVE_REASON'	=> addslashes($row['ban_give_reason']),
-			));
-		}
-		$db->sql_freeresult($result);
-
-		$options = '';
-		if ($excluded_options)
-		{
-			$options .= '<optgroup label="' . $user->lang['OPTIONS_EXCLUDED'] . '">';
-			$options .= implode('', $excluded_options);
-			$options .= '</optgroup>';
-		}
-
-		if ($banned_options)
-		{
-			$options .= '<optgroup label="' . $user->lang['OPTIONS_BANNED'] . '">';
-			$options .= implode('', $banned_options);
-			$options .= '</optgroup>';
-		}
-
-		$template->assign_vars(array(
-			'S_BAN_END_OPTIONS'	=> $ban_end_options,
-			'S_BANNED_OPTIONS'	=> ($banned_options || $excluded_options) ? true : false,
-			'BANNED_OPTIONS'	=> $options,
-		));
-	}
 }
--- a/phpBB/includes/acp/acp_bbcodes.php
+++ b/phpBB/includes/acp/acp_bbcodes.php
@@ -226,6 +226,12 @@ class acp_bbcodes
 						trigger_error($user->lang['BBCODE_HELPLINE_TOO_LONG'] . adm_back_link($this->u_action), E_USER_WARNING);
 					}

+					/**
+					 * Replace Emojis and other 4bit UTF-8 chars not allowed by MySQL to UCR/NCR.
+					 * Using their Numeric Character Reference's Hexadecimal notation.
+					 */
+					$bbcode_helpline = utf8_encode_ucr($bbcode_helpline);
+
 					$sql_ary = array_merge($sql_ary, array(
 						'bbcode_tag'				=> $data['bbcode_tag'],
 						'bbcode_match'				=> $bbcode_match,
--- a/phpBB/includes/acp/acp_board.php
+++ b/phpBB/includes/acp/acp_board.php
@@ -76,7 +76,7 @@ class acp_board
 						'legend3'				=> 'WARNINGS',
 						'warnings_expire_days'	=> array('lang' => 'WARNINGS_EXPIRE',		'validate' => 'int:0:9999',	'type' => 'number:0:9999', 'explain' => true, 'append' => ' ' . $user->lang['DAYS']),

-						'legend4'					=> 'ACP_SUBMIT_CHANGES',
+						'legend4'				=> 'ACP_SUBMIT_CHANGES',
 					)
 				);
 			break;
@@ -112,7 +112,7 @@ class acp_board
 						'load_cpf_viewprofile'	=> array('lang' => 'LOAD_CPF_VIEWPROFILE',	'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => false),
 						'load_cpf_viewtopic'	=> array('lang' => 'LOAD_CPF_VIEWTOPIC',	'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => false),

-						'legend3'					=> 'ACP_SUBMIT_CHANGES',
+						'legend3'				=> 'ACP_SUBMIT_CHANGES',
 					)
 				);
 			break;
@@ -141,12 +141,10 @@ class acp_board
 					'title'	=> 'ACP_AVATAR_SETTINGS',
 					'vars'	=> array(
 						'legend1'				=> 'ACP_AVATAR_SETTINGS',
-
 						'avatar_min_width'		=> array('lang' => 'MIN_AVATAR_SIZE', 'validate' => 'int:0', 'type' => false, 'method' => false, 'explain' => false),
 						'avatar_min_height'		=> array('lang' => 'MIN_AVATAR_SIZE', 'validate' => 'int:0', 'type' => false, 'method' => false, 'explain' => false),
 						'avatar_max_width'		=> array('lang' => 'MAX_AVATAR_SIZE', 'validate' => 'int:0', 'type' => false, 'method' => false, 'explain' => false),
 						'avatar_max_height'		=> array('lang' => 'MAX_AVATAR_SIZE', 'validate' => 'int:0', 'type' => false, 'method' => false, 'explain' => false),
-
 						'allow_avatar'			=> array('lang' => 'ALLOW_AVATARS',			'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
 						'avatar_min'			=> array('lang' => 'MIN_AVATAR_SIZE',		'validate' => 'int:0',	'type' => 'dimension:0', 'explain' => true, 'append' => ' ' . $user->lang['PIXEL']),
 						'avatar_max'			=> array('lang' => 'MAX_AVATAR_SIZE',		'validate' => 'int:0',	'type' => 'dimension:0', 'explain' => true, 'append' => ' ' . $user->lang['PIXEL']),
@@ -157,6 +155,8 @@ class acp_board
 				{
 					$display_vars['vars'] += $avatar_vars;
 				}
+
+				$display_vars['vars']['legend2'] = 'ACP_SUBMIT_CHANGES';
 			break;

 			case 'message':
@@ -184,7 +184,7 @@ class acp_board
 						'auth_flash_pm'			=> array('lang' => 'ALLOW_FLASH_PM',		'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
 						'enable_pm_icons'		=> array('lang' => 'ENABLE_PM_ICONS',		'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => false),

-						'legend3'					=> 'ACP_SUBMIT_CHANGES',
+						'legend3'				=> 'ACP_SUBMIT_CHANGES',
 					)
 				);
 			break;
@@ -227,7 +227,7 @@ class acp_board
 						'max_post_img_width'	=> array('lang' => 'MAX_POST_IMG_WIDTH',	'validate' => 'int:0:9999',		'type' => 'number:0:9999', 'explain' => true, 'append' => ' ' . $user->lang['PIXEL']),
 						'max_post_img_height'	=> array('lang' => 'MAX_POST_IMG_HEIGHT',	'validate' => 'int:0:9999',		'type' => 'number:0:9999', 'explain' => true, 'append' => ' ' . $user->lang['PIXEL']),

-						'legend3'					=> 'ACP_SUBMIT_CHANGES',
+						'legend3'				=> 'ACP_SUBMIT_CHANGES',
 					)
 				);
 			break;
@@ -252,7 +252,7 @@ class acp_board
 						'max_sig_img_width'		=> array('lang' => 'MAX_SIG_IMG_WIDTH',		'validate' => 'int:0:9999',	'type' => 'number:0:9999', 'explain' => true, 'append' => ' ' . $user->lang['PIXEL']),
 						'max_sig_img_height'	=> array('lang' => 'MAX_SIG_IMG_HEIGHT',	'validate' => 'int:0:9999',	'type' => 'number:0:9999', 'explain' => true, 'append' => ' ' . $user->lang['PIXEL']),

-						'legend3'					=> 'ACP_SUBMIT_CHANGES',
+						'legend3'				=> 'ACP_SUBMIT_CHANGES',
 					)
 				);
 			break;
@@ -315,6 +315,8 @@ class acp_board
 						'legend4'					=> 'ACP_FEED_SETTINGS_OTHER',
 						'feed_overall_forums'		=> array('lang'	=> 'ACP_FEED_OVERALL_FORUMS',		'validate' => 'bool',	'type' => 'radio:enabled_disabled',	'explain' => true ),
 						'feed_exclude_id'			=> array('lang' => 'ACP_FEED_EXCLUDE_ID',			'validate' => 'string',	'type' => 'custom', 'method' => 'select_exclude_forums', 'explain' => true),
+
+						'legend5'					=> 'ACP_SUBMIT_CHANGES',
 					)
 				);
 			break;
@@ -329,6 +331,8 @@ class acp_board
 						'cookie_path'	=> array('lang'	=> 'COOKIE_PATH',	'validate' => 'string',	'type' => 'text::255', 'explain' => true),
 						'cookie_secure'	=> array('lang' => 'COOKIE_SECURE',	'validate' => 'bool',	'type' => 'radio:enabled_disabled', 'explain' => true),
 						'cookie_notice'	=> array('lang' => 'COOKIE_NOTICE',	'validate' => 'bool',	'type' => 'radio:enabled_disabled', 'explain' => true),
+
+						'legend2'		=> 'ACP_SUBMIT_CHANGES',
 					)
 				);
 			break;
@@ -369,7 +373,7 @@ class acp_board
 						'load_cpf_viewprofile'	=> array('lang' => 'LOAD_CPF_VIEWPROFILE',	'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => false),
 						'load_cpf_viewtopic'	=> array('lang' => 'LOAD_CPF_VIEWTOPIC',	'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => false),

-						'legend4'					=> 'ACP_SUBMIT_CHANGES',
+						'legend4'				=> 'ACP_SUBMIT_CHANGES',
 					)
 				);
 			break;
@@ -406,7 +410,7 @@ class acp_board
 						'server_port'			=> array('lang' => 'SERVER_PORT',		'validate' => 'int:0:99999',			'type' => 'number:0:99999', 'explain' => true),
 						'script_path'			=> array('lang' => 'SCRIPT_PATH',		'validate' => 'script_path',	'type' => 'text::255', 'explain' => true),

-						'legend4'					=> 'ACP_SUBMIT_CHANGES',
+						'legend4'				=> 'ACP_SUBMIT_CHANGES',
 					)
 				);
 			break;
@@ -438,6 +442,7 @@ class acp_board
 						'form_token_lifetime'	=> array('lang' => 'FORM_TIME_MAX',			'validate' => 'int:-1:99999',	'type' => 'number:-1:99999', 'explain' => true, 'append' => ' ' . $user->lang['SECONDS']),
 						'form_token_sid_guests'	=> array('lang' => 'FORM_SID_GUESTS',		'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),

+						'legend2'				=> 'ACP_SUBMIT_CHANGES',
 					)
 				);
 			break;
@@ -470,7 +475,7 @@ class acp_board
 						'smtp_verify_peer_name'	=> array('lang' => 'SMTP_VERIFY_PEER_NAME',	'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
 						'smtp_allow_self_signed'=> array('lang' => 'SMTP_ALLOW_SELF_SIGNED','validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),

-						'legend3'					=> 'ACP_SUBMIT_CHANGES',
+						'legend3'				=> 'ACP_SUBMIT_CHANGES',
 					)
 				);
 			break;
--- a/phpBB/includes/acp/acp_main.php
+++ b/phpBB/includes/acp/acp_main.php
@@ -429,11 +429,11 @@ class acp_main
 		// Version check
 		$user->add_lang('install');

-		if ($auth->acl_get('a_server') && version_compare(PHP_VERSION, '5.4.0', '<'))
+		if ($auth->acl_get('a_server') && version_compare(PHP_VERSION, '7.1.3', '<'))
 		{
 			$template->assign_vars(array(
 				'S_PHP_VERSION_OLD'	=> true,
-				'L_PHP_VERSION_OLD'	=> sprintf($user->lang['PHP_VERSION_OLD'], PHP_VERSION, '5.4.0', '<a href="https://www.phpbb.com/support/docs/en/3.2/ug/quickstart/requirements">', '</a>'),
+				'L_PHP_VERSION_OLD'	=> sprintf($user->lang['PHP_VERSION_OLD'], PHP_VERSION, '7.1.3', '<a href="https://www.phpbb.com/support/docs/en/3.3/ug/quickstart/requirements">', '</a>'),
 			));
 		}

@@ -493,7 +493,7 @@ class acp_main

 		$start_date = $user->format_date($config['board_startdate']);

-		$boarddays = (time() - $config['board_startdate']) / 86400;
+		$boarddays = (time() - (int) $config['board_startdate']) / 86400;

 		$posts_per_day = sprintf('%.2f', $total_posts / $boarddays);
 		$topics_per_day = sprintf('%.2f', $total_topics / $boarddays);
--- a/phpBB/includes/acp/acp_permissions.php
+++ b/phpBB/includes/acp/acp_permissions.php
@@ -44,8 +44,6 @@ class acp_permissions
 			include($phpbb_root_path . 'includes/acp/auth.' . $phpEx);
 		}

-		$this->permissions = $phpbb_container->get('acl.permissions');
-
 		$auth_admin = new auth_admin();

 		$user->add_lang('acp/permissions');
@@ -53,6 +51,8 @@ class acp_permissions

 		$this->tpl_name = 'acp_permissions';

+		$this->permissions = $phpbb_container->get('acl.permissions');
+
 		// Trace has other vars
 		if ($mode == 'trace')
 		{
--- a/phpBB/includes/acp/acp_users.php
+++ b/phpBB/includes/acp/acp_users.php
@@ -822,10 +822,12 @@ class acp_users
 							* @var	string	action		Quick tool that should be run
 							* @var	array	user_row	Current user data
 							* @var	string	u_action	The u_action link
+							* @var	int		user_id		User id of the user to manage
 							* @since 3.1.0-a1
 							* @changed 3.2.2-RC1 Added u_action
+							* @changed 3.2.10-RC1 Added user_id
 							*/
-							$vars = array('action', 'user_row', 'u_action');
+							$vars = array('action', 'user_row', 'u_action', 'user_id');
 							extract($phpbb_dispatcher->trigger_event('core.acp_users_overview_run_quicktool', compact($vars)));

 							unset($u_action);
@@ -2607,6 +2609,7 @@ class acp_users
 			break;

 			default:
+				$u_action = $this->u_action;

 				/**
 				* Additional modes provided by extensions
@@ -2616,11 +2619,14 @@ class acp_users
 				* @var	int		user_id			User id of the user to manage
 				* @var	array	user_row		Array with user data
 				* @var	array	error			Array with errors data
+				* @var	string	u_action		The u_action link
 				* @since 3.2.2-RC1
+				* @changed 3.2.10-RC1 Added u_action
 				*/
-				$vars = array('mode', 'user_id', 'user_row', 'error');
+				$vars = array('mode', 'user_id', 'user_row', 'error', 'u_action');
 				extract($phpbb_dispatcher->trigger_event('core.acp_users_mode_add', compact($vars)));

+				unset($u_action);
 			break;
 		}

--- a/phpBB/includes/bbcode.php
+++ b/phpBB/includes/bbcode.php
@@ -221,8 +221,6 @@ class bbcode
 			$db->sql_freeresult($result);
 		}

-		// To perform custom second pass in extension, use $this->bbcode_second_pass_by_extension()
-		// method which accepts variable number of parameters
 		foreach ($bbcode_ids as $bbcode_id)
 		{
 			switch ($bbcode_id)
@@ -681,6 +679,8 @@ class bbcode
 	* Accepts variable number of parameters
 	*
 	* @return mixed Second pass result
+	*
+	* @deprecated 3.2.10 (To be removed 4.0.0)
 	*/
 	function bbcode_second_pass_by_extension()
 	{
--- a/phpBB/includes/constants.php
+++ b/phpBB/includes/constants.php
@@ -28,7 +28,7 @@ if (!defined('IN_PHPBB'))
 */

 // phpBB Version
-@define('PHPBB_VERSION', '3.2.9-RC1');
+@define('PHPBB_VERSION', '3.2.11');

 // QA-related
 // define('PHPBB_QA', 1);
@@ -225,10 +225,10 @@ define('REFERER_VALIDATE_HOST', 1);
 define('REFERER_VALIDATE_PATH', 2);

 // phpbb_chmod() permissions
-@define('CHMOD_ALL', 7);
-@define('CHMOD_READ', 4);
-@define('CHMOD_WRITE', 2);
-@define('CHMOD_EXECUTE', 1);
+@define('CHMOD_ALL', 7); // @deprecated 3.2.10
+@define('CHMOD_READ', 4); // @deprecated 3.2.10
+@define('CHMOD_WRITE', 2); // @deprecated 3.2.10
+@define('CHMOD_EXECUTE', 1); // @deprecated 3.2.10

 // Captcha code length
 define('CAPTCHA_MIN_CHARS', 4);
--- a/phpBB/includes/functions.php
+++ b/phpBB/includes/functions.php
@@ -20,49 +20,6 @@ if (!defined('IN_PHPBB'))
 }

 // Common global functions
-/**
-* Load the autoloaders added by the extensions.
-*
-* @param string $phpbb_root_path Path to the phpbb root directory.
-*/
-function phpbb_load_extensions_autoloaders($phpbb_root_path)
-{
-	$iterator = new \RecursiveIteratorIterator(
-		new \phpbb\recursive_dot_prefix_filter_iterator(
-			new \RecursiveDirectoryIterator(
-				$phpbb_root_path . 'ext/',
-				\FilesystemIterator::SKIP_DOTS | \FilesystemIterator::FOLLOW_SYMLINKS
-			)
-		),
-		\RecursiveIteratorIterator::SELF_FIRST
-	);
-	$iterator->setMaxDepth(2);
-
-	foreach ($iterator as $file_info)
-	{
-		if ($file_info->getFilename() === 'vendor' && $iterator->getDepth() === 2)
-		{
-			$filename = $file_info->getRealPath() . '/autoload.php';
-			if (file_exists($filename))
-			{
-				require $filename;
-			}
-		}
-	}
-}
-
-/**
-* Casts a variable to the given type.
-*
-* @deprecated
-*/
-function set_var(&$result, $var, $type, $multibyte = false)
-{
-	// no need for dependency injection here, if you have the object, call the method yourself!
-	$type_cast_helper = new \phpbb\request\type_cast_helper();
-	$type_cast_helper->set_var($result, $var, $type, $multibyte);
-}
-
 /**
 * Generates an alphanumeric random string of given length
 *
@@ -3901,108 +3858,6 @@ function phpbb_optionset($bit, $set, $data)
 	return $data;
 }

-/**
-* Login using http authenticate.
-*
-* @param array	$param		Parameter array, see $param_defaults array.
-*
-* @return null
-*/
-function phpbb_http_login($param)
-{
-	global $auth, $user, $request;
-	global $config;
-
-	$param_defaults = array(
-		'auth_message'	=> '',
-
-		'autologin'		=> false,
-		'viewonline'	=> true,
-		'admin'			=> false,
-	);
-
-	// Overwrite default values with passed values
-	$param = array_merge($param_defaults, $param);
-
-	// User is already logged in
-	// We will not overwrite his session
-	if (!empty($user->data['is_registered']))
-	{
-		return;
-	}
-
-	// $_SERVER keys to check
-	$username_keys = array(
-		'PHP_AUTH_USER',
-		'Authorization',
-		'REMOTE_USER', 'REDIRECT_REMOTE_USER',
-		'HTTP_AUTHORIZATION', 'REDIRECT_HTTP_AUTHORIZATION',
-		'REMOTE_AUTHORIZATION', 'REDIRECT_REMOTE_AUTHORIZATION',
-		'AUTH_USER',
-	);
-
-	$password_keys = array(
-		'PHP_AUTH_PW',
-		'REMOTE_PASSWORD',
-		'AUTH_PASSWORD',
-	);
-
-	$username = null;
-	foreach ($username_keys as $k)
-	{
-		if ($request->is_set($k, \phpbb\request\request_interface::SERVER))
-		{
-			$username = htmlspecialchars_decode($request->server($k));
-			break;
-		}
-	}
-
-	$password = null;
-	foreach ($password_keys as $k)
-	{
-		if ($request->is_set($k, \phpbb\request\request_interface::SERVER))
-		{
-			$password = htmlspecialchars_decode($request->server($k));
-			break;
-		}
-	}
-
-	// Decode encoded information (IIS, CGI, FastCGI etc.)
-	if (!is_null($username) && is_null($password) && strpos($username, 'Basic ') === 0)
-	{
-		list($username, $password) = explode(':', base64_decode(substr($username, 6)), 2);
-	}
-
-	if (!is_null($username) && !is_null($password))
-	{
-		set_var($username, $username, 'string', true);
-		set_var($password, $password, 'string', true);
-
-		$auth_result = $auth->login($username, $password, $param['autologin'], $param['viewonline'], $param['admin']);
-
-		if ($auth_result['status'] == LOGIN_SUCCESS)
-		{
-			return;
-		}
-		else if ($auth_result['status'] == LOGIN_ERROR_ATTEMPTS)
-		{
-			send_status_line(401, 'Unauthorized');
-
-			trigger_error('NOT_AUTHORISED');
-		}
-	}
-
-	// Prepend sitename to auth_message
-	$param['auth_message'] = ($param['auth_message'] === '') ? $config['sitename'] : $config['sitename'] . ' - ' . $param['auth_message'];
-
-	// We should probably filter out non-ASCII characters - RFC2616
-	$param['auth_message'] = preg_replace('/[\x80-\xFF]/', '?', $param['auth_message']);
-
-	header('WWW-Authenticate: Basic realm="' . $param['auth_message'] . '"');
-	send_status_line(401, 'Unauthorized');
-
-	trigger_error('NOT_AUTHORISED');
-}

 /**
 * Escapes and quotes a string for use as an HTML/XML attribute value.
@@ -4051,54 +3906,6 @@ function phpbb_quoteattr($data, $entities = null)
 	return $data;
 }

-/**
-* Converts query string (GET) parameters in request into hidden fields.
-*
-* Useful for forwarding GET parameters when submitting forms with GET method.
-*
-* It is possible to omit some of the GET parameters, which is useful if
-* they are specified in the form being submitted.
-*
-* sid is always omitted.
-*
-* @param \phpbb\request\request $request Request object
-* @param array $exclude A list of variable names that should not be forwarded
-* @return string HTML with hidden fields
-*/
-function phpbb_build_hidden_fields_for_query_params($request, $exclude = null)
-{
-	$names = $request->variable_names(\phpbb\request\request_interface::GET);
-	$hidden = '';
-	foreach ($names as $name)
-	{
-		// Sessions are dealt with elsewhere, omit sid always
-		if ($name == 'sid')
-		{
-			continue;
-		}
-
-		// Omit any additional parameters requested
-		if (!empty($exclude) && in_array($name, $exclude))
-		{
-			continue;
-		}
-
-		$escaped_name = phpbb_quoteattr($name);
-
-		// Note: we might retrieve the variable from POST or cookies
-		// here. To avoid exposing cookies, skip variables that are
-		// overwritten somewhere other than GET entirely.
-		$value = $request->variable($name, '', true);
-		$get_value = $request->variable($name, '', true, \phpbb\request\request_interface::GET);
-		if ($value === $get_value)
-		{
-			$escaped_value = phpbb_quoteattr($value);
-			$hidden .= "<input type='hidden' name=$escaped_name value=$escaped_value />";
-		}
-	}
-	return $hidden;
-}
-
 /**
 * Get user avatar
 *
--- a/phpBB/includes/functions_admin.php
+++ b/phpBB/includes/functions_admin.php
@@ -2415,7 +2415,7 @@ function prune($forum_id, $prune_mode, $prune_date, $prune_flags = 0, $auto_sync
 /**
 * Function auto_prune(), this function now relies on passed vars
 */
-function auto_prune($forum_id, $prune_mode, $prune_flags, $prune_days, $prune_freq)
+function auto_prune($forum_id, $prune_mode, $prune_flags, $prune_days, $prune_freq, $log_prune = true)
 {
 	global $db, $user, $phpbb_log;

@@ -2435,13 +2435,18 @@ function auto_prune($forum_id, $prune_mode, $prune_flags, $prune_days, $prune_fr

 		if ($result['topics'] == 0 && $result['posts'] == 0)
 		{
+			$column = $prune_mode === 'shadow' ? 'prune_shadow_next' : 'prune_next';
+
 			$sql = 'UPDATE ' . FORUMS_TABLE . "
-				SET prune_next = $next_prune
+				SET $column = $next_prune
 				WHERE forum_id = $forum_id";
 			$db->sql_query($sql);
 		}

-		$phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_AUTO_PRUNE', false, array($row['forum_name']));
+		if ($log_prune)
+		{
+			$phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_AUTO_PRUNE', false, [$row['forum_name']]);
+		}
 	}

 	return;
@@ -3137,3 +3142,133 @@ function enable_bitfield_column_flag($table_name, $column_name, $flag, $sql_more
 		' . $sql_more;
 	$db->sql_query($sql);
 }
+
+function display_ban_end_options()
+{
+	global $user, $template;
+
+	// Ban length options
+	$ban_end_text = array(0 => $user->lang['PERMANENT'], 30 => $user->lang['30_MINS'], 60 => $user->lang['1_HOUR'], 360 => $user->lang['6_HOURS'], 1440 => $user->lang['1_DAY'], 10080 => $user->lang['7_DAYS'], 20160 => $user->lang['2_WEEKS'], 40320 => $user->lang['1_MONTH'], -1 => $user->lang['UNTIL'] . ' -&gt; ');
+
+	$ban_end_options = '';
+	foreach ($ban_end_text as $length => $text)
+	{
+		$ban_end_options .= '<option value="' . $length . '">' . $text . '</option>';
+	}
+
+	$template->assign_vars(array(
+		'S_BAN_END_OPTIONS'	=> $ban_end_options
+	));
+}
+
+/**
+* Display ban options
+*/
+function display_ban_options($mode)
+{
+	global $user, $db, $template;
+
+	switch ($mode)
+	{
+		case 'user':
+
+			$field = 'username';
+
+			$sql = 'SELECT b.*, u.user_id, u.username, u.username_clean
+				FROM ' . BANLIST_TABLE . ' b, ' . USERS_TABLE . ' u
+				WHERE (b.ban_end >= ' . time() . '
+						OR b.ban_end = 0)
+					AND u.user_id = b.ban_userid
+				ORDER BY u.username_clean ASC';
+		break;
+
+		case 'ip':
+
+			$field = 'ban_ip';
+
+			$sql = 'SELECT *
+				FROM ' . BANLIST_TABLE . '
+				WHERE (ban_end >= ' . time() . "
+						OR ban_end = 0)
+					AND ban_ip <> ''
+				ORDER BY ban_ip";
+		break;
+
+		case 'email':
+
+			$field = 'ban_email';
+
+			$sql = 'SELECT *
+				FROM ' . BANLIST_TABLE . '
+				WHERE (ban_end >= ' . time() . "
+						OR ban_end = 0)
+					AND ban_email <> ''
+				ORDER BY ban_email";
+		break;
+	}
+	$result = $db->sql_query($sql);
+
+	$banned_options = $excluded_options = array();
+	while ($row = $db->sql_fetchrow($result))
+	{
+		$option = '<option value="' . $row['ban_id'] . '">' . $row[$field] . '</option>';
+
+		if ($row['ban_exclude'])
+		{
+			$excluded_options[] = $option;
+		}
+		else
+		{
+			$banned_options[] = $option;
+		}
+
+		$time_length = ($row['ban_end']) ? ($row['ban_end'] - $row['ban_start']) / 60 : 0;
+
+		if ($time_length == 0)
+		{
+			// Banned permanently
+			$ban_length = $user->lang['PERMANENT'];
+		}
+		else if (isset($ban_end_text[$time_length]))
+		{
+			// Banned for a given duration
+			$ban_length = $user->lang('BANNED_UNTIL_DURATION', $ban_end_text[$time_length], $user->format_date($row['ban_end'], false, true));
+		}
+		else
+		{
+			// Banned until given date
+			$ban_length = $user->lang('BANNED_UNTIL_DATE', $user->format_date($row['ban_end'], false, true));
+		}
+
+		$template->assign_block_vars('bans', array(
+			'BAN_ID'		=> (int) $row['ban_id'],
+			'LENGTH'		=> $ban_length,
+			'A_LENGTH'		=> addslashes($ban_length),
+			'REASON'		=> $row['ban_reason'],
+			'A_REASON'		=> addslashes($row['ban_reason']),
+			'GIVE_REASON'	=> $row['ban_give_reason'],
+			'A_GIVE_REASON'	=> addslashes($row['ban_give_reason']),
+		));
+	}
+	$db->sql_freeresult($result);
+
+	$options = '';
+	if ($excluded_options)
+	{
+		$options .= '<optgroup label="' . $user->lang['OPTIONS_EXCLUDED'] . '">';
+		$options .= implode('', $excluded_options);
+		$options .= '</optgroup>';
+	}
+
+	if ($banned_options)
+	{
+		$options .= '<optgroup label="' . $user->lang['OPTIONS_BANNED'] . '">';
+		$options .= implode('', $banned_options);
+		$options .= '</optgroup>';
+	}
+
+	$template->assign_vars(array(
+		'S_BANNED_OPTIONS'	=> ($banned_options || $excluded_options) ? true : false,
+		'BANNED_OPTIONS'	=> $options,
+	));
+}
--- a/phpBB/includes/functions_compatibility.php
+++ b/phpBB/includes/functions_compatibility.php
@@ -511,3 +511,225 @@ function phpbb_pcre_utf8_support()
 {
 	return true;
 }
+
+/**
+* Load the autoloaders added by the extensions.
+*
+* @param string $phpbb_root_path Path to the phpbb root directory.
+*
+* @deprecated 3.2.10 (To be removed 4.0.0)
+*/
+function phpbb_load_extensions_autoloaders($phpbb_root_path)
+{
+	$iterator = new \RecursiveIteratorIterator(
+		new \phpbb\recursive_dot_prefix_filter_iterator(
+			new \RecursiveDirectoryIterator(
+				$phpbb_root_path . 'ext/',
+				\FilesystemIterator::SKIP_DOTS | \FilesystemIterator::FOLLOW_SYMLINKS
+			)
+		),
+		\RecursiveIteratorIterator::SELF_FIRST
+	);
+	$iterator->setMaxDepth(2);
+
+	foreach ($iterator as $file_info)
+	{
+		if ($file_info->getFilename() === 'vendor' && $iterator->getDepth() === 2)
+		{
+			$filename = $file_info->getRealPath() . '/autoload.php';
+			if (file_exists($filename))
+			{
+				require $filename;
+			}
+		}
+	}
+}
+
+/**
+* Casts a variable to the given type.
+*
+* @deprecated
+*/
+function set_var(&$result, $var, $type, $multibyte = false)
+{
+	// no need for dependency injection here, if you have the object, call the method yourself!
+	$type_cast_helper = new \phpbb\request\type_cast_helper();
+	$type_cast_helper->set_var($result, $var, $type, $multibyte);
+}
+
+
+/**
+* Login using http authenticate.
+*
+* @param array	$param		Parameter array, see $param_defaults array.
+*
+* @return null
+*
+* @deprecated 3.2.10 (To be removed 4.0.0)
+*/
+function phpbb_http_login($param)
+{
+	global $auth, $user, $request;
+	global $config;
+
+	$param_defaults = array(
+		'auth_message'	=> '',
+
+		'autologin'		=> false,
+		'viewonline'	=> true,
+		'admin'			=> false,
+	);
+
+	// Overwrite default values with passed values
+	$param = array_merge($param_defaults, $param);
+
+	// User is already logged in
+	// We will not overwrite his session
+	if (!empty($user->data['is_registered']))
+	{
+		return;
+	}
+
+	// $_SERVER keys to check
+	$username_keys = array(
+		'PHP_AUTH_USER',
+		'Authorization',
+		'REMOTE_USER', 'REDIRECT_REMOTE_USER',
+		'HTTP_AUTHORIZATION', 'REDIRECT_HTTP_AUTHORIZATION',
+		'REMOTE_AUTHORIZATION', 'REDIRECT_REMOTE_AUTHORIZATION',
+		'AUTH_USER',
+	);
+
+	$password_keys = array(
+		'PHP_AUTH_PW',
+		'REMOTE_PASSWORD',
+		'AUTH_PASSWORD',
+	);
+
+	$username = null;
+	foreach ($username_keys as $k)
+	{
+		if ($request->is_set($k, \phpbb\request\request_interface::SERVER))
+		{
+			$username = htmlspecialchars_decode($request->server($k));
+			break;
+		}
+	}
+
+	$password = null;
+	foreach ($password_keys as $k)
+	{
+		if ($request->is_set($k, \phpbb\request\request_interface::SERVER))
+		{
+			$password = htmlspecialchars_decode($request->server($k));
+			break;
+		}
+	}
+
+	// Decode encoded information (IIS, CGI, FastCGI etc.)
+	if (!is_null($username) && is_null($password) && strpos($username, 'Basic ') === 0)
+	{
+		list($username, $password) = explode(':', base64_decode(substr($username, 6)), 2);
+	}
+
+	if (!is_null($username) && !is_null($password))
+	{
+		set_var($username, $username, 'string', true);
+		set_var($password, $password, 'string', true);
+
+		$auth_result = $auth->login($username, $password, $param['autologin'], $param['viewonline'], $param['admin']);
+
+		if ($auth_result['status'] == LOGIN_SUCCESS)
+		{
+			return;
+		}
+		else if ($auth_result['status'] == LOGIN_ERROR_ATTEMPTS)
+		{
+			send_status_line(401, 'Unauthorized');
+
+			trigger_error('NOT_AUTHORISED');
+		}
+	}
+
+	// Prepend sitename to auth_message
+	$param['auth_message'] = ($param['auth_message'] === '') ? $config['sitename'] : $config['sitename'] . ' - ' . $param['auth_message'];
+
+	// We should probably filter out non-ASCII characters - RFC2616
+	$param['auth_message'] = preg_replace('/[\x80-\xFF]/', '?', $param['auth_message']);
+
+	header('WWW-Authenticate: Basic realm="' . $param['auth_message'] . '"');
+	send_status_line(401, 'Unauthorized');
+
+	trigger_error('NOT_AUTHORISED');
+}
+
+/**
+* Converts query string (GET) parameters in request into hidden fields.
+*
+* Useful for forwarding GET parameters when submitting forms with GET method.
+*
+* It is possible to omit some of the GET parameters, which is useful if
+* they are specified in the form being submitted.
+*
+* sid is always omitted.
+*
+* @param \phpbb\request\request $request Request object
+* @param array $exclude A list of variable names that should not be forwarded
+* @return string HTML with hidden fields
+*
+* @deprecated 3.2.10 (To be removed 4.0.0)
+*/
+function phpbb_build_hidden_fields_for_query_params($request, $exclude = null)
+{
+	$names = $request->variable_names(\phpbb\request\request_interface::GET);
+	$hidden = '';
+	foreach ($names as $name)
+	{
+		// Sessions are dealt with elsewhere, omit sid always
+		if ($name == 'sid')
+		{
+			continue;
+		}
+
+		// Omit any additional parameters requested
+		if (!empty($exclude) && in_array($name, $exclude))
+		{
+			continue;
+		}
+
+		$escaped_name = phpbb_quoteattr($name);
+
+		// Note: we might retrieve the variable from POST or cookies
+		// here. To avoid exposing cookies, skip variables that are
+		// overwritten somewhere other than GET entirely.
+		$value = $request->variable($name, '', true);
+		$get_value = $request->variable($name, '', true, \phpbb\request\request_interface::GET);
+		if ($value === $get_value)
+		{
+			$escaped_value = phpbb_quoteattr($value);
+			$hidden .= "<input type='hidden' name=$escaped_name value=$escaped_value />";
+		}
+	}
+	return $hidden;
+}
+
+/**
+* Delete all PM(s) for a given user and delete the ones without references
+*
+* @param	int		$user_id	ID of the user whose private messages we want to delete
+*
+* @return	boolean		False if there were no pms found, true otherwise.
+*
+* @deprecated 3.2.10 (To be removed 4.0.0)
+*/
+function phpbb_delete_user_pms($user_id)
+{
+	$user_id = (int) $user_id;
+
+	if (!$user_id)
+	{
+		return false;
+	}
+
+	return phpbb_delete_users_pms(array($user_id));
+}
--- a/phpBB/includes/functions_compress.php
+++ b/phpBB/includes/functions_compress.php
@@ -296,7 +296,7 @@ class compress_zip extends compress

 									try
 									{
-										$this->filesystem->phpbb_chmod($str, CHMOD_READ | CHMOD_WRITE);
+										$this->filesystem->phpbb_chmod($str, \phpbb\filesystem\filesystem_interface::CHMOD_READ | \phpbb\filesystem\filesystem_interface::CHMOD_WRITE);
 									}
 									catch (\phpbb\filesystem\exception\filesystem_exception $e)
 									{
@@ -333,7 +333,7 @@ class compress_zip extends compress

 								try
 								{
-									$this->filesystem->phpbb_chmod($str, CHMOD_READ | CHMOD_WRITE);
+									$this->filesystem->phpbb_chmod($str, \phpbb\filesystem\filesystem_interface::CHMOD_READ | \phpbb\filesystem\filesystem_interface::CHMOD_WRITE);
 								}
 								catch (\phpbb\filesystem\exception\filesystem_exception $e)
 								{
@@ -636,7 +636,7 @@ class compress_tar extends compress

 								try
 								{
-									$this->filesystem->phpbb_chmod($str, CHMOD_READ | CHMOD_WRITE);
+									$this->filesystem->phpbb_chmod($str, \phpbb\filesystem\filesystem_interface::CHMOD_READ | \phpbb\filesystem\filesystem_interface::CHMOD_WRITE);
 								}
 								catch (\phpbb\filesystem\exception\filesystem_exception $e)
 								{
@@ -671,7 +671,7 @@ class compress_tar extends compress

 							try
 							{
-								$this->filesystem->phpbb_chmod($str, CHMOD_READ | CHMOD_WRITE);
+								$this->filesystem->phpbb_chmod($str, \phpbb\filesystem\filesystem_interface::CHMOD_READ | \phpbb\filesystem\filesystem_interface::CHMOD_WRITE);
 							}
 							catch (\phpbb\filesystem\exception\filesystem_exception $e)
 							{
@@ -688,7 +688,7 @@ class compress_tar extends compress

 					try
 					{
-						$this->filesystem->phpbb_chmod($target_filename, CHMOD_READ);
+						$this->filesystem->phpbb_chmod($target_filename, \phpbb\filesystem\filesystem_interface::CHMOD_READ);
 					}
 					catch (\phpbb\filesystem\exception\filesystem_exception $e)
 					{
--- a/phpBB/includes/functions_content.php
+++ b/phpBB/includes/functions_content.php
@@ -1166,6 +1166,8 @@ function parse_attachments($forum_id, &$message, &$attachments, &$update_count_a
 		$filename = $phpbb_root_path . $config['upload_path'] . '/' . utf8_basename($attachment['physical_filename']);

 		$upload_icon = '';
+		$download_link = '';
+		$display_cat = false;

 		if (isset($extensions[$attachment['extension']]))
 		{
@@ -1345,7 +1347,7 @@ function parse_attachments($forum_id, &$message, &$attachments, &$update_count_a
 		);
 		extract($phpbb_dispatcher->trigger_event('core.parse_attachments_modify_template_data', compact($vars)));
 		$update_count_ary = $update_count;
-		unset($update_count);
+		unset($update_count, $display_cat, $download_link);

 		$template->assign_block_vars('_file', $block_array);

--- a/phpBB/includes/functions_display.php
+++ b/phpBB/includes/functions_display.php
@@ -1114,6 +1114,9 @@ function display_custom_bbcodes()
 			$row['bbcode_helpline'] = $user->lang[strtoupper($row['bbcode_helpline'])];
 		}

+		// Convert Numeric Character References to UTF-8 chars.
+		$row['bbcode_helpline'] = utf8_decode_ncr($row['bbcode_helpline']);
+
 		$custom_tags = array(
 			'BBCODE_NAME'		=> "'[{$row['bbcode_tag']}]', '[/" . str_replace('=', '', $row['bbcode_tag']) . "]'",
 			'BBCODE_ID'			=> $num_predefined_bbcodes + ($i * 2),
@@ -1692,8 +1695,8 @@ function phpbb_show_profile($data, $user_notes_enabled = false, $warn_user_enabl
 		'U_EMAIL'		=> $email,
 		'U_JABBER'		=> ($data['user_jabber'] && $auth->acl_get('u_sendim')) ? append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=contact&amp;action=jabber&amp;u=' . $user_id) : '',

-		'USER_JABBER'		=> ($config['jab_enable']) ? $data['user_jabber'] : '',
-		'USER_JABBER_IMG'	=> ($config['jab_enable'] && $data['user_jabber']) ? $user->img('icon_contact_jabber', $data['user_jabber']) : '',
+		'USER_JABBER'		=> ($config['jab_enable'] && $auth->acl_get('u_sendim')) ? $data['user_jabber'] : '',
+		'USER_JABBER_IMG'	=> ($config['jab_enable'] && $auth->acl_get('u_sendim') && $data['user_jabber']) ? $user->img('icon_contact_jabber', $data['user_jabber']) : '',

 		'L_SEND_EMAIL_USER' => $user->lang('SEND_EMAIL_USER', $username),
 		'L_CONTACT_USER'	=> $user->lang('CONTACT_USER', $username),
--- a/phpBB/includes/functions_jabber.php
+++ b/phpBB/includes/functions_jabber.php
@@ -207,7 +207,7 @@ class jabber
 	*/
 	function login()
 	{
-		if (!count($this->features))
+		if (empty($this->features))
 		{
 			$this->add_to_log('Error: No feature information from server available.');
 			return false;
@@ -227,7 +227,6 @@ class jabber
 		if ($this->connected())
 		{
 			$xml = trim($xml);
-			$this->add_to_log('SEND: '. $xml);
 			return fwrite($this->connection, $xml);
 		}
 		else
@@ -338,7 +337,6 @@ class jabber

 		if ($data != '')
 		{
-			$this->add_to_log('RECV: '. $data);
 			return $this->xmlize($data);
 		}
 		else
@@ -419,7 +417,7 @@ class jabber
 		{
 			// or even multiple elements of the same type?
 			// array('message' => array(0 => ..., 1 => ...))
-			if (count(reset($xml)) > 1)
+			if (is_array(reset($xml)) && count(reset($xml)) > 1)
 			{
 				foreach (reset($xml) as $value)
 				{
@@ -445,7 +443,7 @@ class jabber
 				}

 				$second_time = isset($this->session['id']);
-				$this->session['id'] = $xml['stream:stream'][0]['@']['id'];
+				$this->session['id'] = isset($xml['stream:stream'][0]['@']['id']) ? $xml['stream:stream'][0]['@']['id'] : '';

 				if ($second_time)
 				{
@@ -701,7 +699,7 @@ class jabber

 			default:
 				// hm...don't know this response
-				$this->add_to_log('Notice: Unknown server response (' . key($xml) . ')');
+				$this->add_to_log('Notice: Unknown server response');
 				return false;
 			break;
 		}
--- a/phpBB/includes/functions_mcp.php
+++ b/phpBB/includes/functions_mcp.php
@@ -197,7 +197,7 @@ function phpbb_get_topic_data($topic_ids, $acl_list = false, $read_tracking = fa
 */
 function phpbb_get_post_data($post_ids, $acl_list = false, $read_tracking = false)
 {
-	global $db, $auth, $config, $user, $phpbb_container;
+	global $db, $auth, $config, $user, $phpbb_dispatcher, $phpbb_container;

 	$rowset = array();

@@ -265,6 +265,25 @@ function phpbb_get_post_data($post_ids, $acl_list = false, $read_tracking = fals
 	}
 	$db->sql_freeresult($result);

+	/**
+	* This event allows you to modify post data displayed in the MCP
+	*
+	* @event core.mcp_get_post_data_after
+	* @var array	post_ids		Array with post ids that have been fetched
+	* @var mixed	acl_list		Either false or an array with permission strings to check
+	* @var bool		read_tracking	Whether or not to take last mark read time into account
+	* @var array	rowset			The array of posts to be returned
+	* @since 3.2.10-RC1
+	* @since 3.3.1-RC1
+	*/
+	$vars = [
+		'post_ids',
+		'acl_list',
+		'read_tracking',
+		'rowset',
+	];
+	extract($phpbb_dispatcher->trigger_event('core.mcp_get_post_data_after', compact($vars)));
+
 	return $rowset;
 }

--- a/phpBB/includes/functions_messenger.php
+++ b/phpBB/includes/functions_messenger.php
@@ -1013,7 +1013,7 @@ class queue

 				try
 				{
-					$this->filesystem->phpbb_chmod($this->cache_file, CHMOD_READ | CHMOD_WRITE);
+					$this->filesystem->phpbb_chmod($this->cache_file, \phpbb\filesystem\filesystem_interface::CHMOD_READ | \phpbb\filesystem\filesystem_interface::CHMOD_WRITE);
 				}
 				catch (\phpbb\filesystem\exception\filesystem_exception $e)
 				{
@@ -1067,7 +1067,7 @@ class queue

 			try
 			{
-				$this->filesystem->phpbb_chmod($this->cache_file, CHMOD_READ | CHMOD_WRITE);
+				$this->filesystem->phpbb_chmod($this->cache_file, \phpbb\filesystem\filesystem_interface::CHMOD_READ | \phpbb\filesystem\filesystem_interface::CHMOD_WRITE);
 			}
 			catch (\phpbb\filesystem\exception\filesystem_exception $e)
 			{
--- a/phpBB/includes/functions_posting.php
+++ b/phpBB/includes/functions_posting.php
@@ -66,11 +66,14 @@ function generate_smilies($mode, $forum_id)
 		* @event core.generate_smilies_count_sql_before
 		* @var int		forum_id	Forum where smilies are generated
 		* @var array	sql_ary		Array with the SQL query
+		* @var string	base_url	URL for the "More smilies" link and its pagination
 		* @since 3.2.9-RC1
+		* @changed 3.2.10-RC1 Added base_url
 		*/
 		$vars = [
 			'forum_id',
 			'sql_ary',
+			'base_url',
 		];
 		extract($phpbb_dispatcher->trigger_event('core.generate_smilies_count_sql_before', compact($vars)));

@@ -109,18 +112,52 @@ function generate_smilies($mode, $forum_id)

 	if ($mode == 'window')
 	{
-		$sql = 'SELECT smiley_url, MIN(emotion) as emotion, MIN(code) AS code, smiley_width, smiley_height, MIN(smiley_order) AS min_smiley_order
-			FROM ' . SMILIES_TABLE . '
-			GROUP BY smiley_url, smiley_width, smiley_height
-			ORDER BY min_smiley_order';
+		$sql_ary = [
+			'SELECT'	=> 's.smiley_url, MIN(s.emotion) AS emotion, MIN(s.code) AS code, s.smiley_width, s.smiley_height, MIN(s.smiley_order) AS min_smiley_order',
+			'FROM'		=> [
+				SMILIES_TABLE => 's',
+			],
+			'GROUP_BY'	=> 's.smiley_url, s.smiley_width, s.smiley_height',
+			'ORDER_BY'	=> 'min_smiley_order',
+		];
+	}
+	else
+	{
+		$sql_ary = [
+			'SELECT'	=> 's.*',
+			'FROM'		=> [
+				SMILIES_TABLE => 's',
+			],
+			'WHERE'		=> 's.display_on_posting = 1',
+			'ORDER_BY'	=> 's.smiley_order',
+		];
+	}
+
+	/**
+	* Modify the SQL query that fetches the smilies
+	*
+	* @event core.generate_smilies_modify_sql
+	* @var string	mode		Smiley mode, either window or inline
+	* @var int		forum_id	Forum where smilies are generated, or 0 if composing a private message
+	* @var array	sql_ary		Array with SQL query data
+	* @since 3.2.10-RC1
+	* @since 3.3.1-RC1
+	*/
+	$vars = [
+		'mode',
+		'forum_id',
+		'sql_ary',
+	];
+	extract($phpbb_dispatcher->trigger_event('core.generate_smilies_modify_sql', compact($vars)));
+
+	$sql = $db->sql_build_query('SELECT', $sql_ary);
+
+	if ($mode == 'window')
+	{
 		$result = $db->sql_query_limit($sql, $config['smilies_per_page'], $start, 3600);
 	}
 	else
 	{
-		$sql = 'SELECT *
-			FROM ' . SMILIES_TABLE . '
-			WHERE display_on_posting = 1
-			ORDER BY smiley_order';
 		$result = $db->sql_query($sql, 3600);
 	}

@@ -139,7 +176,7 @@ function generate_smilies($mode, $forum_id)
 	*
 	* @event core.generate_smilies_modify_rowset
 	* @var string	mode		Smiley mode, either window or inline
-	* @var int		forum_id	Forum where smilies are generated
+	* @var int		forum_id	Forum where smilies are generated, or 0 if composing a private message
 	* @var array	smilies		Smiley rows fetched from the database
 	* @since 3.2.9-RC1
 	*/
@@ -183,9 +220,16 @@ function generate_smilies($mode, $forum_id)
 	* @var	string	mode			Mode of the smilies: window|inline
 	* @var	int		forum_id		The forum ID we are currently in
 	* @var	bool	display_link	Shall we display the "more smilies" link?
+	* @var string	base_url		URL for the "More smilies" link and its pagination
 	* @since 3.1.0-a1
+	* @changed 3.2.10-RC1 Added base_url
 	*/
-	$vars = array('mode', 'forum_id', 'display_link');
+	$vars = [
+		'mode',
+		'forum_id',
+		'display_link',
+		'base_url',
+	];
 	extract($phpbb_dispatcher->trigger_event('core.generate_smilies_after', compact($vars)));

 	if ($mode == 'inline' && $display_link)
@@ -717,7 +761,7 @@ function create_thumbnail($source, $destination, $mimetype)

 	try
 	{
-		$phpbb_filesystem->phpbb_chmod($destination, CHMOD_READ | CHMOD_WRITE);
+		$phpbb_filesystem->phpbb_chmod($destination, \phpbb\filesystem\filesystem_interface::CHMOD_READ | \phpbb\filesystem\filesystem_interface::CHMOD_WRITE);
 	}
 	catch (\phpbb\filesystem\exception\filesystem_exception $e)
 	{
@@ -2819,7 +2863,7 @@ function phpbb_handle_post_delete($forum_id, $topic_id, $post_id, &$post_data, $
 				$s_hidden_fields['delete_permanent'] = '1';
 			}

-			confirm_box(false, $l_confirm, build_hidden_fields($s_hidden_fields), 'confirm_delete_body.html');
+			confirm_box(false, [$l_confirm, 1], build_hidden_fields($s_hidden_fields), 'confirm_delete_body.html');
 		}
 	}

--- a/phpBB/includes/functions_privmsgs.php
+++ b/phpBB/includes/functions_privmsgs.php
@@ -958,6 +958,11 @@ function handle_mark_actions($user_id, $mark_action)
 	{
 		case 'mark_important':

+			if (!check_form_key('ucp_pm_view'))
+			{
+				trigger_error('FORM_INVALID');
+			}
+
 			$sql = 'UPDATE ' . PRIVMSGS_TO_TABLE . "
 				SET pm_marked = 1 - pm_marked
 				WHERE folder_id = $cur_folder_id
@@ -1174,25 +1179,6 @@ function delete_pm($user_id, $msg_ids, $folder_id)
 	return true;
 }

-/**
-* Delete all PM(s) for a given user and delete the ones without references
-*
-* @param	int		$user_id	ID of the user whose private messages we want to delete
-*
-* @return	boolean		False if there were no pms found, true otherwise.
-*/
-function phpbb_delete_user_pms($user_id)
-{
-	$user_id = (int) $user_id;
-
-	if (!$user_id)
-	{
-		return false;
-	}
-
-	return phpbb_delete_users_pms(array($user_id));
-}
-
 /**
 * Delete all PM(s) for given users and delete the ones without references
 *
@@ -2060,6 +2046,35 @@ function message_history($msg_id, $user_id, $message_row, $folder, $in_post_mode
 	while ($row = $db->sql_fetchrow($result));
 	$db->sql_freeresult($result);

+	$url = append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=pm');
+
+	/**
+	* Modify message rows before displaying the history in private messages
+	*
+	* @event core.message_history_modify_rowset
+	* @var int		msg_id			ID of the private message
+	* @var int		user_id			ID of the message author
+	* @var array	message_row		Array with message data
+	* @var array	folder			Array with data of user's message folders
+	* @var bool		in_post_mode	Whether or not we are viewing or composing
+	* @var array	rowset			Array with message history data
+	* @var string	url				Base URL used to generate links to private messages
+	* @var string	title			Subject of the private message
+	* @since 3.2.10-RC1
+	* @since 3.3.1-RC1
+	*/
+	$vars = [
+		'msg_id',
+		'user_id',
+		'message_row',
+		'folder',
+		'in_post_mode',
+		'rowset',
+		'url',
+		'title',
+	];
+	extract($phpbb_dispatcher->trigger_event('core.message_history_modify_rowset', compact($vars)));
+
 	if (count($rowset) == 1 && !$in_post_mode)
 	{
 		return false;
@@ -2067,7 +2082,6 @@ function message_history($msg_id, $user_id, $message_row, $folder, $in_post_mode

 	$title = censor_text($title);

-	$url = append_sid("{$phpbb_root_path}ucp.$phpEx", 'i=pm');
 	$next_history_pm = $previous_history_pm = $prev_id = 0;

 	// Re-order rowset to be able to get the next/prev message rows...
--- a/phpBB/includes/functions_user.php
+++ b/phpBB/includes/functions_user.php
@@ -424,11 +424,11 @@ function user_add($user_row, $cp_data = false, $notifications_data = null)
 }

 /**
- * Remove User
+ * Delete user(s) and their related data
 *
- * @param string	$mode		Either 'retain' or 'remove'
- * @param mixed		$user_ids	Either an array of integers or an integer
- * @param bool		$retain_username
+ * @param string	$mode				Mode of posts deletion (retain|delete)
+ * @param mixed		$user_ids			Either an array of integers or an integer
+ * @param bool		$retain_username	True if username should be retained, false otherwise
 * @return bool
 */
 function user_delete($mode, $user_ids, $retain_username = true)
@@ -462,17 +462,16 @@ function user_delete($mode, $user_ids, $retain_username = true)
 	}

 	/**
-	* Event before a user is deleted
-	*
-	* @event core.delete_user_before
-	* @var	string	mode		Mode of deletion (retain/delete posts)
-	* @var	array	user_ids	IDs of the deleted user
-	* @var	mixed	retain_username	True if username should be retained
-	*				or false if not
-	* @var	array	user_rows	Array containing data of the deleted users
-	* @since 3.1.0-a1
-	* @changed 3.2.4-RC1 Added user_rows
-	*/
+	 * Event before of the performing of the user(s) delete action
+	 *
+	 * @event core.delete_user_before
+	 * @var string	mode				Mode of posts deletion (retain|delete)
+	 * @var array	user_ids			ID(s) of the user(s) bound to be deleted
+	 * @var bool	retain_username		True if username should be retained, false otherwise
+	 * @var array	user_rows			Array containing data of the user(s) bound to be deleted
+	 * @since 3.1.0-a1
+	 * @changed 3.2.4-RC1 Added user_rows
+	 */
 	$vars = array('mode', 'user_ids', 'retain_username', 'user_rows');
 	extract($phpbb_dispatcher->trigger_event('core.delete_user_before', compact($vars)));

@@ -761,7 +760,7 @@ function user_delete($mode, $user_ids, $retain_username = true)
 	$db->sql_query($sql);

 	// Clean the private messages tables from the user
-	if (!function_exists('phpbb_delete_user_pms'))
+	if (!function_exists('phpbb_delete_users_pms'))
 	{
 		include($phpbb_root_path . 'includes/functions_privmsgs.' . $phpEx);
 	}
@@ -773,17 +772,16 @@ function user_delete($mode, $user_ids, $retain_username = true)
 	$db->sql_transaction('commit');

 	/**
-	* Event after a user is deleted
-	*
-	* @event core.delete_user_after
-	* @var	string	mode		Mode of deletion (retain/delete posts)
-	* @var	array	user_ids	IDs of the deleted user
-	* @var	mixed	retain_username	True if username should be retained
-	*				or false if not
-	* @var	array	user_rows	Array containing data of the deleted users
-	* @since 3.1.0-a1
-	* @changed 3.2.2-RC1 Added user_rows
-	*/
+	 * Event after the user(s) delete action has been performed
+	 *
+	 * @event core.delete_user_after
+	 * @var string	mode				Mode of posts deletion (retain|delete)
+	 * @var array	user_ids			ID(s) of the deleted user(s)
+	 * @var bool	retain_username		True if username should be retained, false otherwise
+	 * @var array	user_rows			Array containing data of the deleted user(s)
+	 * @since 3.1.0-a1
+	 * @changed 3.2.2-RC1 Added user_rows
+	 */
 	$vars = array('mode', 'user_ids', 'retain_username', 'user_rows');
 	extract($phpbb_dispatcher->trigger_event('core.delete_user_after', compact($vars)));

@@ -1046,13 +1044,15 @@ function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reas
 					$banlist_ary[] = (int) $row['user_id'];
 				}
 				while ($row = $db->sql_fetchrow($result));
+
+				$db->sql_freeresult($result);
 			}
 			else
 			{
 				$db->sql_freeresult($result);
+
 				trigger_error('NO_USERS', E_USER_WARNING);
 			}
-			$db->sql_freeresult($result);
 		break;

 		case 'ip':
@@ -1473,7 +1473,8 @@ function user_ipwhois($ip)
 	if (($fsk = @fsockopen($whois_host, 43)))
 	{
 		// CRLF as per RFC3912
-		fputs($fsk, "$ip\r\n");
+		// Z to limit the query to all possible flags (whois.arin.net)
+		fputs($fsk, "z $ip\r\n");
 		while (!feof($fsk))
 		{
 			$ipwhois .= fgets($fsk, 1024);
--- a/phpBB/includes/mcp/mcp_ban.php
+++ b/phpBB/includes/mcp/mcp_ban.php
@@ -185,15 +185,6 @@ class mcp_ban
 			}
 		}

-		// Ban length options
-		$ban_end_text = array(0 => $user->lang['PERMANENT'], 30 => $user->lang['30_MINS'], 60 => $user->lang['1_HOUR'], 360 => $user->lang['6_HOURS'], 1440 => $user->lang['1_DAY'], 10080 => $user->lang['7_DAYS'], 20160 => $user->lang['2_WEEKS'], 40320 => $user->lang['1_MONTH'], -1 => $user->lang['UNTIL'] . ' -&gt; ');
-
-		$ban_end_options = '';
-		foreach ($ban_end_text as $length => $text)
-		{
-			$ban_end_options .= '<option value="' . $length . '">' . $text . '</option>';
-		}
-
 		// Define language vars
 		$this->page_title = $user->lang[strtoupper($mode) . '_BAN'];

@@ -218,7 +209,8 @@ class mcp_ban
 			break;
 		}

-		acp_ban::display_ban_options($mode);
+		display_ban_end_options();
+		display_ban_options($mode);

 		$template->assign_vars(array(
 			'L_TITLE'				=> $this->page_title,
--- a/phpBB/includes/mcp/mcp_logs.php
+++ b/phpBB/includes/mcp/mcp_logs.php
@@ -39,6 +39,7 @@ class mcp_logs
 		global $config, $phpbb_container, $phpbb_log;

 		$user->add_lang('acp/common');
+		$this->p_master->add_mod_info('acp');

 		$action = $request->variable('action', array('' => ''));

--- a/phpBB/includes/mcp/mcp_main.php
+++ b/phpBB/includes/mcp/mcp_main.php
@@ -1049,6 +1049,7 @@ function mcp_delete_post($post_ids, $is_soft = false, $soft_delete_reason = '',

 	$redirect = $request->variable('redirect', build_url(array('action', 'quickmod')));
 	$forum_id = $request->variable('f', 0);
+	$topic_id = 0;

 	$s_hidden_fields = array(
 		'post_id_list'	=> $post_ids,
@@ -1122,8 +1123,6 @@ function mcp_delete_post($post_ids, $is_soft = false, $soft_delete_reason = '',
 			));
 		}

-		$topic_id = $request->variable('t', 0);
-
 		// Return links
 		$return_link = array();
 		if ($affected_topics == 1 && $topic_id)
@@ -1152,7 +1151,7 @@ function mcp_delete_post($post_ids, $is_soft = false, $soft_delete_reason = '',
 		$topic_id_list = array();
 		while ($row = $db->sql_fetchrow($result))
 		{
-			$topic_id_list[] = $row['topic_id'];
+			$topic_id_list[] = $topic_id = $row['topic_id'];
 		}
 		$affected_topics = count($topic_id_list);
 		$db->sql_freeresult($result);
@@ -1183,8 +1182,6 @@ function mcp_delete_post($post_ids, $is_soft = false, $soft_delete_reason = '',
 		$deleted_topics = ($row = $db->sql_fetchrow($result)) ? ($affected_topics - $row['topics_left']) : $affected_topics;
 		$db->sql_freeresult($result);

-		$topic_id = $request->variable('t', 0);
-
 		// Return links
 		$return_link = array();
 		if ($affected_topics == 1 && !$deleted_topics && $topic_id)
@@ -1203,6 +1200,12 @@ function mcp_delete_post($post_ids, $is_soft = false, $soft_delete_reason = '',
 			}
 			else
 			{
+				// Remove any post id anchor
+				if ($anchor_pos = (strrpos($redirect, '#p')) !== false)
+				{
+					$redirect = substr($redirect, 0, $anchor_pos);
+				}
+
 				$success_msg = $user->lang['POST_DELETED_SUCCESS'];
 			}
 		}
@@ -1260,7 +1263,6 @@ function mcp_delete_post($post_ids, $is_soft = false, $soft_delete_reason = '',
 		confirm_box(false, $l_confirm, build_hidden_fields($s_hidden_fields), 'confirm_delete_body.html');
 	}

-	$redirect = $request->variable('redirect', "index.$phpEx");
 	$redirect = reapply_sid($redirect);

 	if (!$success_msg)
@@ -1564,10 +1566,11 @@ function mcp_fork_topic($topic_ids)
 				// Copy Attachments
 				if ($row['post_attachment'])
 				{
-					$sql = 'SELECT * FROM ' . ATTACHMENTS_TABLE . "
-						WHERE post_msg_id = {$row['post_id']}
-							AND topic_id = $topic_id
-							AND in_message = 0";
+					$sql = 'SELECT * FROM ' . ATTACHMENTS_TABLE . '
+						WHERE post_msg_id = ' . (int) $row['post_id'] . '
+							AND topic_id = ' . (int) $topic_id . '
+							AND in_message = 0
+						ORDER BY attach_id ASC';
 					$result = $db->sql_query($sql);

 					$sql_ary = array();
--- a/phpBB/includes/mcp/mcp_notes.php
+++ b/phpBB/includes/mcp/mcp_notes.php
@@ -74,7 +74,7 @@ class mcp_notes
 	*/
 	function mcp_notes_user_view($action)
 	{
-		global $config, $phpbb_log, $request;
+		global $config, $phpbb_log, $request, $phpbb_root_path, $phpEx;
 		global $template, $db, $user, $auth, $phpbb_container;

 		$user_id = $request->variable('u', 0);
@@ -185,9 +185,13 @@ class mcp_notes
 			trigger_error($msg .  '<br /><br />' . sprintf($user->lang['RETURN_PAGE'], '<a href="' . $redirect . '">', '</a>'));
 		}

-		// Generate the appropriate user information for the user we are looking at
+		if (!function_exists('phpbb_get_user_rank'))
+		{
+			include($phpbb_root_path . 'includes/functions_display.' . $phpEx);
+		}

-		$rank_title = $rank_img = '';
+		// Generate the appropriate user information for the user we are looking at
+		$rank_data = phpbb_get_user_rank($userrow, $userrow['user_posts']);
 		$avatar_img = phpbb_get_user_avatar($userrow);

 		$limit_days = array(0 => $user->lang['ALL_ENTRIES'], 1 => $user->lang['1_DAY'], 7 => $user->lang['7_DAYS'], 14 => $user->lang['2_WEEKS'], 30 => $user->lang['1_MONTH'], 90 => $user->lang['3_MONTHS'], 180 => $user->lang['6_MONTHS'], 365 => $user->lang['1_YEAR']);
@@ -239,7 +243,6 @@ class mcp_notes

 			'TOTAL_REPORTS'		=> $user->lang('LIST_REPORTS', (int) $log_count),

-			'RANK_TITLE'		=> $rank_title,
 			'JOINED'			=> $user->format_date($userrow['user_regdate']),
 			'POSTS'				=> ($userrow['user_posts']) ? $userrow['user_posts'] : 0,
 			'WARNINGS'			=> ($userrow['user_warnings']) ? $userrow['user_warnings'] : 0,
@@ -250,9 +253,9 @@ class mcp_notes
 			'U_PROFILE'			=> get_username_string('profile', $userrow['user_id'], $userrow['username'], $userrow['user_colour']),

 			'AVATAR_IMG'		=> $avatar_img,
-			'RANK_IMG'			=> $rank_img,
-			)
-		);
+			'RANK_IMG'			=> $rank_data['img'],
+			'RANK_TITLE'		=> $rank_data['title'],
+		));
 	}

 }
--- a/phpBB/includes/mcp/mcp_post.php
+++ b/phpBB/includes/mcp/mcp_post.php
@@ -363,14 +363,16 @@ function mcp_post_details($id, $mode, $action)
 		/** @var \phpbb\pagination $pagination */
 		$pagination = $phpbb_container->get('pagination');

-		$rdns_ip_num = $request->variable('rdns', '');
 		$start_users = $request->variable('start_users', 0);
+		$rdns_ip_num = $request->variable('rdns', '');
+		$lookup_all = $rdns_ip_num === 'all';

-		if ($rdns_ip_num != 'all')
+		$base_url = $url . '&amp;i=main&amp;mode=post_details';
+		$base_url .= $lookup_all ? '&amp;rdns=all' : '';
+
+		if (!$lookup_all)
 		{
-			$template->assign_vars(array(
-				'U_LOOKUP_ALL'	=> "$url&amp;i=main&amp;mode=post_details&amp;rdns=all")
-			);
+			$template->assign_var('U_LOOKUP_ALL', $base_url . '&amp;rdns=all');
 		}

 		$num_users = false;
@@ -405,7 +407,7 @@ function mcp_post_details($id, $mode, $action)
 			}

 			$pagination->generate_template_pagination(
-				$url . '&amp;i=main&amp;mode=post_details',
+				$base_url,
 				'pagination',
 				'start_users',
 				$num_users,
@@ -475,7 +477,7 @@ function mcp_post_details($id, $mode, $action)
 				'NUM_POSTS'		=> $row['postings'],
 				'L_POST_S'		=> ($row['postings'] == 1) ? $user->lang['POST'] : $user->lang['POSTS'],

-				'U_LOOKUP_IP'	=> ($rdns_ip_num == $row['poster_ip'] || $rdns_ip_num == 'all') ? '' : "$url&amp;i=$id&amp;mode=post_details&amp;rdns={$row['poster_ip']}#ip",
+				'U_LOOKUP_IP'	=> (!$lookup_all && $rdns_ip_num != $row['poster_ip']) ? "$base_url&amp;start_ips={$start_ips}&amp;rdns={$row['poster_ip']}#ip" : '',
 				'U_WHOIS'		=> append_sid("{$phpbb_root_path}mcp.$phpEx", "i=$id&amp;mode=$mode&amp;action=whois&amp;p=$post_id&amp;ip={$row['poster_ip']}"))
 			);
 		}
@@ -489,7 +491,7 @@ function mcp_post_details($id, $mode, $action)
 			}

 			$pagination->generate_template_pagination(
-				$url . '&amp;i=main&amp;mode=post_details',
+				$base_url,
 				'pagination_ips',
 				'start_ips',
 				$num_ips,
--- a/phpBB/includes/mcp/mcp_queue.php
+++ b/phpBB/includes/mcp/mcp_queue.php
@@ -370,8 +370,9 @@ class mcp_queue
 				$topic_id = $request->variable('t', 0);
 				$forum_info = array();

-				/* @var $pagination \phpbb\pagination */
-				$pagination = $phpbb_container->get('pagination');
+				// If 'sort' is set, "Go" was pressed which is located behind the forums <select> box
+				// Then, unset the topic id so it does not override the forum id
+				$topic_id = $request->is_set_post('sort') ? 0 : $topic_id;

 				if ($topic_id)
 				{
@@ -651,6 +652,9 @@ class mcp_queue
 				}
 				unset($rowset, $forum_names);

+				/* @var \phpbb\pagination $pagination */
+				$pagination = $phpbb_container->get('pagination');
+
 				$base_url = $this->u_action . "&amp;f=$forum_id&amp;st=$sort_days&amp;sk=$sort_key&amp;sd=$sort_dir";
 				$pagination->generate_template_pagination($base_url, 'pagination', 'start', $total, $config['topics_per_page'], $start);

--- a/phpBB/includes/mcp/mcp_reports.php
+++ b/phpBB/includes/mcp/mcp_reports.php
@@ -337,6 +337,11 @@ class mcp_reports
 			case 'reports_closed':
 				$topic_id = $request->variable('t', 0);

+				if ($request->is_set_post('t'))
+				{
+					$topic_id = $request->variable('t', 0, false, \phpbb\request\request_interface::POST);
+				}
+
 				$forum_info = array();
 				$forum_list_reports = get_forum_list('m_report', false, true);
 				$forum_list_read = array_flip(get_forum_list('f_read', true, true)); // Flipped so we can isset() the forum IDs
@@ -412,7 +417,7 @@ class mcp_reports
 				$forum_options = '<option value="0"' . (($forum_id == 0) ? ' selected="selected"' : '') . '>' . $user->lang['ALL_FORUMS'] . '</option>';
 				foreach ($forum_list_reports as $row)
 				{
-					$forum_options .= '<option value="' . $row['forum_id'] . '"' . (($forum_id == $row['forum_id']) ? ' selected="selected"' : '') . '>' . str_repeat('&nbsp; &nbsp;', $row['padding']) . $row['forum_name'] . '</option>';
+					$forum_options .= '<option value="' . $row['forum_id'] . '"' . (($forum_id == $row['forum_id']) ? ' selected="selected"' : '') . '>' . str_repeat('&nbsp; &nbsp;', $row['padding']) . truncate_string($row['forum_name'], 30, 255, false, $user->lang('ELLIPSIS')) . '</option>';
 					$forum_data[$row['forum_id']] = $row;
 				}
 				unset($forum_list_reports);
--- a/phpBB/includes/mcp/mcp_topic.php
+++ b/phpBB/includes/mcp/mcp_topic.php
@@ -457,6 +457,12 @@ function split_topic($action, $topic_id, $to_forum_id, $subject)
 	$post_info = $post_info[$post_id];
 	$subject = trim($subject);

+	/**
+	 * Replace Emojis and other 4bit UTF-8 chars not allowed by MySQL to UCR/NCR.
+	 * Using their Numeric Character Reference's Hexadecimal notation.
+	 */
+	$subject = utf8_encode_ucr($subject);
+
 	// Make some tests
 	if (!$subject)
 	{
--- a/phpBB/includes/mcp/mcp_warn.php
+++ b/phpBB/includes/mcp/mcp_warn.php
@@ -572,11 +572,12 @@ function add_warning($user_row, $warning, $send_pm = true, $post_id = 0)
 		submit_pm('post', $warn_pm_subject, $pm_data, false);
 	}

-	$phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_USER_WARNING', false, array($user_row['username']));
-	$log_id = $phpbb_log->add('user', $user->data['user_id'], $user->ip, 'LOG_USER_WARNING_BODY', false, array(
+	$phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_USER_WARNING', false, [$user_row['username']]);
+
+	$log_id = $phpbb_log->add('user', $user->data['user_id'], $user->ip, 'LOG_USER_WARNING_BODY', false, [
 		'reportee_id' => $user_row['user_id'],
-		$warning
-	));
+		utf8_encode_ucr($warning)
+	]);

 	$sql_ary = array(
 		'user_id'		=> $user_row['user_id'],
--- a/phpBB/includes/message_parser.php
+++ b/phpBB/includes/message_parser.php
@@ -390,7 +390,7 @@ class bbcode_firstpass extends bbcode
 		$in = str_replace(' ', '%20', $in);

 		// Checking urls
-		if (!preg_match('#^' . get_preg_expression('url') . '$#iu', $in) && !preg_match('#^' . get_preg_expression('www_url') . '$#iu', $in))
+		if (!preg_match('#^' . get_preg_expression('url_http') . '$#iu', $in) && !preg_match('#^' . get_preg_expression('www_url') . '$#iu', $in))
 		{
 			return '[img]' . $in . '[/img]';
 		}
@@ -401,32 +401,6 @@ class bbcode_firstpass extends bbcode
 			$in = 'http://' . $in;
 		}

-		if ($config['max_' . $this->mode . '_img_height'] || $config['max_' . $this->mode . '_img_width'])
-		{
-			$imagesize = new \FastImageSize\FastImageSize();
-			$size_info = $imagesize->getImageSize(htmlspecialchars_decode($in));
-
-			if ($size_info === false)
-			{
-				$error = true;
-				$this->warn_msg[] = $user->lang['UNABLE_GET_IMAGE_SIZE'];
-			}
-			else
-			{
-				if ($config['max_' . $this->mode . '_img_height'] && $config['max_' . $this->mode . '_img_height'] < $size_info['height'])
-				{
-					$error = true;
-					$this->warn_msg[] = $user->lang('MAX_IMG_HEIGHT_EXCEEDED', (int) $config['max_' . $this->mode . '_img_height']);
-				}
-
-				if ($config['max_' . $this->mode . '_img_width'] && $config['max_' . $this->mode . '_img_width'] < $size_info['width'])
-				{
-					$error = true;
-					$this->warn_msg[] = $user->lang('MAX_IMG_WIDTH_EXCEEDED', (int) $config['max_' . $this->mode . '_img_width']);
-				}
-			}
-		}
-
 		if ($error || $this->path_in_domain($in))
 		{
 			return '[img]' . $in . '[/img]';
--- a/phpBB/includes/ucp/ucp_groups.php
+++ b/phpBB/includes/ucp/ucp_groups.php
@@ -440,10 +440,10 @@ class ucp_groups
 						'GROUP_DESC_DISP'		=> generate_text_for_display($group_row['group_desc'], $group_row['group_desc_uid'], $group_row['group_desc_bitfield'], $group_row['group_desc_options']),
 						'GROUP_TYPE'			=> $group_row['group_type'],

-						'AVATAR'				=> (empty($avatar) ? '<img src="' . $phpbb_admin_path . 'images/no_avatar.gif" alt="" />' : $avatar),
-						'AVATAR_IMAGE'			=> (empty($avatar) ? '<img src="' . $phpbb_admin_path . 'images/no_avatar.gif" alt="" />' : $avatar),
-						'AVATAR_WIDTH'			=> (isset($group_row['group_avatar_width'])) ? $group_row['group_avatar_width'] : '',
-						'AVATAR_HEIGHT'			=> (isset($group_row['group_avatar_height'])) ? $group_row['group_avatar_height'] : '',
+						'AVATAR'				=> !empty($avatar) ? $avatar : '',
+						'AVATAR_IMAGE'			=> !empty($avatar) ? $avatar : '',
+						'AVATAR_WIDTH'			=> isset($group_row['group_avatar_width']) ? $group_row['group_avatar_width'] : '',
+						'AVATAR_HEIGHT'			=> isset($group_row['group_avatar_height']) ? $group_row['group_avatar_height'] : '',
 					));
 				}

@@ -495,21 +495,22 @@ class ucp_groups
 						{
 							if (confirm_box(true))
 							{
+								$avatar_data['id'] = substr($avatar_data['id'], 1);
 								$phpbb_avatar_manager->handle_avatar_delete($db, $user, $avatar_data, GROUPS_TABLE, 'group_');
 								$cache->destroy('sql', GROUPS_TABLE);

-								$message = ($action == 'edit') ? 'GROUP_UPDATED' : 'GROUP_CREATED';
+								$message = $action === 'edit' ? 'GROUP_UPDATED' : 'GROUP_CREATED';
 								trigger_error($user->lang[$message] . $return_page);
 							}
 							else
 							{
 								confirm_box(false, $user->lang('CONFIRM_AVATAR_DELETE'), build_hidden_fields(array(
-										'avatar_delete'     => true,
-										'i'                 => $id,
-										'mode'              => $mode,
-										'g'			        => $group_id,
-										'action'            => $action))
-								);
+									'avatar_delete'     => true,
+									'i'                 => $id,
+									'mode'              => $mode,
+									'g'			        => $group_id,
+									'action'            => $action,
+								)));
 							}
 						}

@@ -534,7 +535,12 @@ class ucp_groups
 								'teampage'	=> $group_row['group_teampage'],
 							);

-							if ($config['allow_avatar'])
+							if (!check_form_key('ucp_groups'))
+							{
+								$error[] = $user->lang['FORM_INVALID'];
+							}
+
+							if (!count($error) && $config['allow_avatar'])
 							{
 								// Handle avatar
 								$driver_name = $phpbb_avatar_manager->clean_driver_name($request->variable('avatar_driver', ''));
@@ -556,11 +562,6 @@ class ucp_groups
 								$error = array_merge($error, $phpbb_avatar_manager->localize_errors($user, $avatar_error));
 							}

-							if (!check_form_key('ucp_groups'))
-							{
-								$error[] = $user->lang['FORM_INVALID'];
-							}
-
 							// Validate submitted colour value
 							if ($colour_error = validate_data($submit_ary, array('colour'	=> array('hex_colour', true))))
 							{
@@ -875,6 +876,11 @@ class ucp_groups
 							trigger_error($user->lang['NO_GROUP'] . $return_page);
 						}

+						if (!check_form_key('ucp_groups'))
+						{
+							trigger_error($user->lang('FORM_INVALID') . $return_page);
+						}
+
 						if (!($row = group_memberships($group_id, $user->data['user_id'])))
 						{
 							trigger_error($user->lang['NOT_MEMBER_OF_GROUP'] . $return_page);
--- a/phpBB/includes/ucp/ucp_notifications.php
+++ b/phpBB/includes/ucp/ucp_notifications.php
@@ -25,7 +25,7 @@ class ucp_notifications

 	public function main($id, $mode)
 	{
-		global $config, $template, $user, $request, $phpbb_container;
+		global $config, $template, $user, $request, $phpbb_container, $phpbb_dispatcher;
 		global $phpbb_root_path, $phpEx;

 		add_form_key('ucp_notification');
@@ -57,15 +57,40 @@ class ucp_notifications

 					foreach ($phpbb_notifications->get_subscription_types() as $group => $subscription_types)
 					{
-						foreach ($subscription_types as $type => $data)
+						foreach ($subscription_types as $type => $type_data)
 						{
 							foreach ($notification_methods as $method => $method_data)
 							{
-								if ($request->is_set_post(str_replace('.', '_', $type . '_' . $method_data['id'])) && (!isset($subscriptions[$type]) || !in_array($method_data['id'], $subscriptions[$type])))
+								$is_set_notify = $request->is_set_post(str_replace('.', '_', $type . '_' . $method_data['id']));
+								$is_available = $method_data['method']->is_available($type_data['type']);
+
+								/**
+								* Event to perform additional actions before ucp_notifications is submitted
+								*
+								* @event core.ucp_notifications_submit_notification_is_set
+								* @var	array	type_data		The notification type data
+								* @var	array	method_data		The notification method data
+								* @var	bool	is_set_notify	The notification is set or not
+								* @var	bool	is_available	The notification is available or not
+								* @var	array	subscriptions	The subscriptions data
+								*
+								* @since 3.2.10-RC1
+								* @since 3.3.1-RC1
+								*/
+								$vars = [
+									'type_data',
+									'method_data',
+									'is_set_notify',
+									'is_available',
+									'subscriptions',
+								];
+								extract($phpbb_dispatcher->trigger_event('core.ucp_notifications_submit_notification_is_set', compact($vars)));
+
+								if ($is_set_notify && $is_available && (!isset($subscriptions[$type]) || !in_array($method_data['id'], $subscriptions[$type])))
 								{
 									$phpbb_notifications->add_subscription($type, 0, $method_data['id']);
 								}
-								else if (!$request->is_set_post(str_replace('.', '_', $type . '_' . $method_data['id'])) && isset($subscriptions[$type]) && in_array($method_data['id'], $subscriptions[$type]))
+								else if ((!$is_set_notify || !$is_available) && isset($subscriptions[$type]) && in_array($method_data['id'], $subscriptions[$type]))
 								{
 									$phpbb_notifications->delete_subscription($type, 0, $method_data['id']);
 								}
@@ -80,7 +105,7 @@ class ucp_notifications

 				$this->output_notification_methods($phpbb_notifications, $template, $user, 'notification_methods');

-				$this->output_notification_types($subscriptions, $phpbb_notifications, $template, $user, 'notification_types');
+				$this->output_notification_types($subscriptions, $phpbb_notifications, $template, $user, $phpbb_dispatcher, 'notification_types');

 				$this->tpl_name = 'ucp_notifications';
 				$this->page_title = 'UCP_NOTIFICATION_OPTIONS';
@@ -168,9 +193,10 @@ class ucp_notifications
 	* @param \phpbb\notification\manager $phpbb_notifications
 	* @param \phpbb\template\template $template
 	* @param \phpbb\user $user
+	* @param \phpbb\event\dispatcher_interface $phpbb_dispatcher
 	* @param string $block
 	*/
-	public function output_notification_types($subscriptions, \phpbb\notification\manager $phpbb_notifications, \phpbb\template\template $template, \phpbb\user $user, $block = 'notification_types')
+	public function output_notification_types($subscriptions, \phpbb\notification\manager $phpbb_notifications, \phpbb\template\template $template, \phpbb\user $user, \phpbb\event\dispatcher_interface $phpbb_dispatcher, $block = 'notification_types')
 	{
 		$notification_methods = $phpbb_notifications->get_subscription_methods();

@@ -191,15 +217,34 @@ class ucp_notifications

 				foreach ($notification_methods as $method => $method_data)
 				{
-					$template->assign_block_vars($block . '.notification_methods', array(
+					$tpl_ary = [
 						'METHOD'			=> $method_data['id'],
-
 						'NAME'				=> $user->lang($method_data['lang']),
-
 						'AVAILABLE'			=> $method_data['method']->is_available($type_data['type']),
-
 						'SUBSCRIBED'		=> (isset($subscriptions[$type]) && in_array($method_data['id'], $subscriptions[$type])) ? true : false,
-					));
+					];
+
+					/**
+					* Event to perform additional actions before ucp_notifications is displayed
+					*
+					* @event core.ucp_notifications_output_notification_types_modify_template_vars
+					* @var	array	type_data		The notification type data
+					* @var	array	method_data		The notification method data
+					* @var	array	tpl_ary			The template variables
+					* @var	array	subscriptions	The subscriptions data
+					*
+					* @since 3.2.10-RC1
+					* @since 3.3.1-RC1
+					*/
+					$vars = [
+						'type_data',
+						'method_data',
+						'tpl_ary',
+						'subscriptions',
+					];
+					extract($phpbb_dispatcher->trigger_event('core.ucp_notifications_output_notification_types_modify_template_vars', compact($vars)));
+
+					$template->assign_block_vars($block . '.notification_methods', $tpl_ary);
 				}
 			}
 		}
--- a/phpBB/includes/ucp/ucp_pm.php
+++ b/phpBB/includes/ucp/ucp_pm.php
@@ -193,6 +193,8 @@ class ucp_pm
 					trigger_error('NO_AUTH_READ_HOLD_MESSAGE');
 				}

+				add_form_key('ucp_pm_view');
+
 				// First Handle Mark actions and moving messages
 				$submit_mark	= (isset($_POST['submit_mark'])) ? true : false;
 				$move_pm		= (isset($_POST['move_pm'])) ? true : false;
@@ -210,6 +212,11 @@ class ucp_pm
 				// Move PM
 				if ($move_pm)
 				{
+					if (!check_form_key('ucp_pm_view'))
+					{
+						trigger_error('FORM_INVALID');
+					}
+
 					$move_msg_ids	= (isset($_POST['marked_msg_id'])) ? $request->variable('marked_msg_id', array(0)) : array();
 					$cur_folder_id	= $request->variable('cur_folder_id', PRIVMSGS_NO_BOX);

--- a/phpBB/includes/ucp/ucp_pm_compose.php
+++ b/phpBB/includes/ucp/ucp_pm_compose.php
@@ -309,6 +309,35 @@ function compose_pm($id, $mode, $action, $user_folders = array())
 		$post = $db->sql_fetchrow($result);
 		$db->sql_freeresult($result);

+		/**
+		* Alter the row of the post being quoted when composing a private message
+		*
+		* @event core.ucp_pm_compose_compose_pm_basic_info_query_after
+		* @var	array	post			Array with data of the post being quoted
+		* @var	int		msg_id			topic_id in the page request
+		* @var	int		to_user_id		The id of whom the message is to
+		* @var	int		to_group_id		The id of the group whom the message is to
+		* @var	bool	submit			Whether the user is sending the PM or not
+		* @var	bool	preview			Whether the user is previewing the PM or not
+		* @var	string	action			One of: post, reply, quote, forward, quotepost, edit, delete, smilies
+		* @var	bool	delete			Whether the user is deleting the PM
+		* @var	int		reply_to_all	Value of reply_to_all request variable.
+		* @since 3.2.10-RC1
+		* @since 3.3.1-RC1
+		*/
+		$vars = [
+			'post',
+			'msg_id',
+			'to_user_id',
+			'to_group_id',
+			'submit',
+			'preview',
+			'action',
+			'delete',
+			'reply_to_all',
+		];
+		extract($phpbb_dispatcher->trigger_event('core.ucp_pm_compose_compose_pm_basic_info_query_after', compact($vars)));
+
 		if (!$post)
 		{
 			// If editing it could be the recipient already read the message...
@@ -665,6 +694,12 @@ function compose_pm($id, $mode, $action, $user_folders = array())
 		$subject = (!$subject && $action != 'post') ? $user->lang['NEW_MESSAGE'] : $subject;
 		$message = $request->variable('message', '', true);

+		/**
+		 * Replace Emojis and other 4bit UTF-8 chars not allowed by MySQL to UCR/NCR.
+		 * Using their Numeric Character Reference's Hexadecimal notation.
+		 */
+		$subject = utf8_encode_ucr($subject);
+
 		if ($subject && $message)
 		{
 			if (confirm_box(true))
@@ -683,6 +718,10 @@ function compose_pm($id, $mode, $action, $user_folders = array())
 				);
 				$db->sql_query($sql);

+				/** @var \phpbb\attachment\manager $attachment_manager */
+				$attachment_manager = $phpbb_container->get('attachment.manager');
+				$attachment_manager->delete('attach', array_column($message_parser->attachment_data, 'attach_id'));
+
 				$redirect_url = append_sid("{$phpbb_root_path}ucp.$phpEx", "i=pm&amp;mode=$mode");

 				meta_refresh(3, $redirect_url);
@@ -700,8 +739,9 @@ function compose_pm($id, $mode, $action, $user_folders = array())
 					'message'	=> $message,
 					'u'			=> $to_user_id,
 					'g'			=> $to_group_id,
-					'p'			=> $msg_id)
-				);
+					'p'			=> $msg_id,
+					'attachment_data' => $message_parser->attachment_data,
+				));
 				$s_hidden_fields .= build_address_field($address_list);

 				confirm_box(false, 'SAVE_DRAFT', $s_hidden_fields);
@@ -847,6 +887,35 @@ function compose_pm($id, $mode, $action, $user_folders = array())
 			}
 		}

+		/**
+		* Modify private message
+		*
+		* @event core.ucp_pm_compose_modify_parse_after
+		* @var	bool	enable_bbcode		Whether or not bbcode is enabled
+		* @var	bool	enable_smilies		Whether or not smilies are enabled
+		* @var	bool	enable_urls			Whether or not urls are enabled
+		* @var	bool	enable_sig			Whether or not signature is enabled
+		* @var	string	subject				PM subject text
+		* @var	object	message_parser		The message parser object
+		* @var	bool	submit				Whether or not the form has been sumitted
+		* @var	bool	preview				Whether or not the signature is being previewed
+		* @var	array	error				Any error strings
+		* @since 3.2.10-RC1
+		* @since 3.3.1-RC1
+		*/
+		$vars = [
+			'enable_bbcode',
+			'enable_smilies',
+			'enable_urls',
+			'enable_sig',
+			'subject',
+			'message_parser',
+			'submit',
+			'preview',
+			'error',
+		];
+		extract($phpbb_dispatcher->trigger_event('core.ucp_pm_compose_modify_parse_after', compact($vars)));
+
 		// Store message, sync counters
 		if (!count($error) && $submit)
 		{
@@ -870,6 +939,12 @@ function compose_pm($id, $mode, $action, $user_folders = array())
 				'address_list'			=> $address_list
 			);

+			/**
+			 * Replace Emojis and other 4bit UTF-8 chars not allowed by MySQL to UCR/NCR.
+			 * Using their Numeric Character Reference's Hexadecimal notation.
+			 */
+			$subject = utf8_encode_ucr($subject);
+
 			// ((!$message_subject) ? $subject : $message_subject)
 			$msg_id = submit_pm($action, $subject, $pm_data);

--- a/phpBB/includes/ucp/ucp_pm_viewfolder.php
+++ b/phpBB/includes/ucp/ucp_pm_viewfolder.php
@@ -32,6 +32,8 @@ function view_folder($id, $mode, $folder_id, $folder)

 	$folder_info = get_pm_from($folder_id, $folder, $user->data['user_id']);

+	add_form_key('ucp_pm_view');
+
 	if (!$submit_export)
 	{
 		$user->add_lang('viewforum');
@@ -197,6 +199,11 @@ function view_folder($id, $mode, $folder_id, $folder)
 		$enclosure = $request->variable('enclosure', '');
 		$delimiter = $request->variable('delimiter', '');

+		if (!check_form_key('ucp_pm_view'))
+		{
+			trigger_error('FORM_INVALID');
+		}
+
 		if ($export_type == 'CSV' && ($delimiter === '' || $enclosure === ''))
 		{
 			$template->assign_var('PROMPT', true);
--- a/phpBB/includes/ucp/ucp_pm_viewmessage.php
+++ b/phpBB/includes/ucp/ucp_pm_viewmessage.php
@@ -34,6 +34,27 @@ function view_message($id, $mode, $folder_id, $msg_id, $folder, $message_row)
 	$author_id	= (int) $message_row['author_id'];
 	$view		= $request->variable('view', '');

+	/**
+	* Modify private message data before it is prepared to be displayed
+	*
+	* @event core.ucp_pm_view_message_before
+	* @var int		folder_id		ID of the folder the message is in
+	* @var array	folder			Array with data of user's message folders
+	* @var int		msg_id			ID of the private message
+	* @var array	message_row		Array with message data
+	* @var int		author_id		ID of the message author
+	* @since 3.2.10-RC1
+	* @since 3.3.1-RC1
+	*/
+	$vars = [
+		'folder_id',
+		'folder',
+		'msg_id',
+		'message_row',
+		'author_id',
+	];
+	extract($phpbb_dispatcher->trigger_event('core.ucp_pm_view_message_before', compact($vars)));
+
 	// Not able to view message, it was deleted by the sender
 	if ($message_row['pm_deleted'])
 	{
--- a/phpBB/includes/ucp/ucp_register.php
+++ b/phpBB/includes/ucp/ucp_register.php
@@ -411,11 +411,13 @@ class ucp_register
 				* @event core.ucp_register_user_row_after
 				* @var	bool	submit		Do we display the form only
 				*							or did the user press submit
+				* @var	array	data		Array with current ucp registration data
 				* @var	array	cp_data		Array with custom profile fields data
-				* @var	array	user_row	Array with current ucp registration data
+				* @var	array	user_row	Array with user data that will be inserted
 				* @since 3.1.4-RC1
+				* @changed 3.2.10-RC1 Added data array
 				*/
-				$vars = array('submit', 'cp_data', 'user_row');
+				$vars = array('submit', 'data', 'cp_data', 'user_row');
 				extract($phpbb_dispatcher->trigger_event('core.ucp_register_user_row_after', compact($vars)));

 				// Register user...
--- a/phpBB/install/convertors/convert_phpbb20.php
+++ b/phpBB/install/convertors/convert_phpbb20.php
@@ -38,7 +38,7 @@ $dbms = $phpbb_config_php_file->convert_30_dbms_to_31($dbms);
 $convertor_data = array(
 	'forum_name'	=> 'phpBB 2.0.x',
 	'version'		=> '1.0.3',
-	'phpbb_version'	=> '3.2.9',
+	'phpbb_version'	=> '3.2.11',
 	'author'		=> '<a href="https://www.phpbb.com/">phpBB Limited</a>',
 	'dbms'			=> $dbms,
 	'dbhost'		=> $dbhost,
--- a/phpBB/install/phpbbcli.php
+++ b/phpBB/install/phpbbcli.php
@@ -23,7 +23,7 @@ if (php_sapi_name() !== 'cli')
 define('IN_PHPBB', true);
 define('IN_INSTALL', true);
 define('PHPBB_ENVIRONMENT', 'production');
-define('PHPBB_VERSION', '3.2.9-RC1');
+define('PHPBB_VERSION', '3.2.11');
 $phpbb_root_path = __DIR__ . '/../';
 $phpEx = substr(strrchr(__FILE__, '.'), 1);

@@ -42,11 +42,14 @@ $phpbb_installer_container->get('request')->enable_super_globals();
 /** @var \phpbb\filesystem\filesystem $phpbb_filesystem */
 $phpbb_filesystem = $phpbb_installer_container->get('filesystem');

+/** @var \phpbb\config\config $config */
+$config = $phpbb_installer_container->get('config');
+
 /** @var \phpbb\language\language $language */
 $language = $phpbb_installer_container->get('language');
 $language->add_lang(array('common', 'acp/common', 'acp/board', 'install', 'posting', 'cli'));

-$application = new \phpbb\console\application('phpBB Installer', PHPBB_VERSION, $language);
+$application = new \phpbb\console\application('phpBB Installer', PHPBB_VERSION, $language, $config);
 $application->setDispatcher($phpbb_installer_container->get('dispatcher'));
 $application->register_container_commands($phpbb_installer_container->get('console.installer.command_collection'));
 $application->run($input);
--- a/phpBB/install/schemas/schema_data.sql
+++ b/phpBB/install/schemas/schema_data.sql
@@ -12,20 +12,21 @@ INSERT INTO phpbb_config (config_name, config_value) VALUES ('allow_avatar', '1'
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('allow_avatar_gravatar', '0');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('allow_avatar_local', '0');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('allow_avatar_remote', '0');
-INSERT INTO phpbb_config (config_name, config_value) VALUES ('allow_avatar_upload', '1');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('allow_avatar_remote_upload', '0');
+INSERT INTO phpbb_config (config_name, config_value) VALUES ('allow_avatar_upload', '1');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('allow_bbcode', '1');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('allow_birthdays', '1');
+INSERT INTO phpbb_config (config_name, config_value) VALUES ('allow_board_notifications', '1');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('allow_bookmarks', '1');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('allow_cdn', '0');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('allow_emailreuse', '0');
-INSERT INTO phpbb_config (config_name, config_value) VALUES ('allow_password_reset', '1');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('allow_forum_notify', '1');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('allow_live_searches', '1');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('allow_mass_pm', '1');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('allow_name_chars', 'USERNAME_CHARS_ANY');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('allow_namechange', '0');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('allow_nocensors', '0');
+INSERT INTO phpbb_config (config_name, config_value) VALUES ('allow_password_reset', '1');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('allow_pm_attach', '0');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('allow_pm_report', '1');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('allow_post_flash', '1');
@@ -71,21 +72,22 @@ INSERT INTO phpbb_config (config_name, config_value) VALUES ('browser_check', '1
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('bump_interval', '10');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('bump_type', 'd');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('cache_gc', '7200');
-INSERT INTO phpbb_config (config_name, config_value) VALUES ('captcha_plugin', 'core.captcha.plugins.nogd');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('captcha_gd', '0');
-INSERT INTO phpbb_config (config_name, config_value) VALUES ('captcha_gd_foreground_noise', '0');
-INSERT INTO phpbb_config (config_name, config_value) VALUES ('captcha_gd_x_grid', '25');
-INSERT INTO phpbb_config (config_name, config_value) VALUES ('captcha_gd_y_grid', '25');
-INSERT INTO phpbb_config (config_name, config_value) VALUES ('captcha_gd_wave', '0');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('captcha_gd_3d_noise', '1');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('captcha_gd_fonts', '1');
-INSERT INTO phpbb_config (config_name, config_value) VALUES ('confirm_refresh', '1');
+INSERT INTO phpbb_config (config_name, config_value) VALUES ('captcha_gd_foreground_noise', '0');
+INSERT INTO phpbb_config (config_name, config_value) VALUES ('captcha_gd_wave', '0');
+INSERT INTO phpbb_config (config_name, config_value) VALUES ('captcha_gd_x_grid', '25');
+INSERT INTO phpbb_config (config_name, config_value) VALUES ('captcha_gd_y_grid', '25');
+INSERT INTO phpbb_config (config_name, config_value) VALUES ('captcha_plugin', 'core.captcha.plugins.nogd');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('check_attachment_content', '1');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('check_dnsbl', '0');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('chg_passforce', '0');
+INSERT INTO phpbb_config (config_name, config_value) VALUES ('confirm_refresh', '1');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('contact_admin_form_enable', '1');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('cookie_domain', '');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('cookie_name', 'phpbb3');
+INSERT INTO phpbb_config (config_name, config_value) VALUES ('cookie_notice', '0');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('cookie_path', '/');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('cookie_secure', '0');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('coppa_enable', '0');
@@ -95,12 +97,11 @@ INSERT INTO phpbb_config (config_name, config_value) VALUES ('database_gc', '604
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('dbms_version', '');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('default_dateformat', 'D M d, Y g:i a');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('default_style', '1');
+INSERT INTO phpbb_config (config_name, config_value) VALUES ('delete_time', '0');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('display_last_edited', '1');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('display_last_subject', '1');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('display_order', '0');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('edit_time', '0');
-INSERT INTO phpbb_config (config_name, config_value) VALUES ('extension_force_unstable', '0');
-INSERT INTO phpbb_config (config_name, config_value) VALUES ('delete_time', '0');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('email_check_mx', '1');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('email_enable', '1');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('email_force_sender', '0');
@@ -109,20 +110,26 @@ INSERT INTO phpbb_config (config_name, config_value) VALUES ('email_package_size
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('enable_accurate_pm_button', '1');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('enable_confirm', '1');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('enable_mod_rewrite', '0');
-INSERT INTO phpbb_config (config_name, config_value) VALUES ('allow_board_notifications', '1');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('enable_pm_icons', '1');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('enable_post_confirm', '1');
+INSERT INTO phpbb_config (config_name, config_value) VALUES ('enable_queue_trigger', '0');
+INSERT INTO phpbb_config (config_name, config_value) VALUES ('enable_update_hashes', '1');
+INSERT INTO phpbb_config (config_name, config_value) VALUES ('extension_force_unstable', '0');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('feed_enable', '1');
+INSERT INTO phpbb_config (config_name, config_value) VALUES ('feed_forum', '1');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('feed_http_auth', '0');
+INSERT INTO phpbb_config (config_name, config_value) VALUES ('feed_item_statistics', '1');
+INSERT INTO phpbb_config (config_name, config_value) VALUES ('feed_limit', '10');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('feed_limit_post', '15');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('feed_limit_topic', '10');
-INSERT INTO phpbb_config (config_name, config_value) VALUES ('feed_overall_forums', '0');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('feed_overall', '1');
-INSERT INTO phpbb_config (config_name, config_value) VALUES ('feed_forum', '1');
+INSERT INTO phpbb_config (config_name, config_value) VALUES ('feed_overall_forums', '0');
+INSERT INTO phpbb_config (config_name, config_value) VALUES ('feed_overall_forums_limit', '15');
+INSERT INTO phpbb_config (config_name, config_value) VALUES ('feed_overall_topics', '0');
+INSERT INTO phpbb_config (config_name, config_value) VALUES ('feed_overall_topics_limit', '15');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('feed_topic', '1');
-INSERT INTO phpbb_config (config_name, config_value) VALUES ('feed_topics_new', '1');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('feed_topics_active', '0');
-INSERT INTO phpbb_config (config_name, config_value) VALUES ('feed_item_statistics', '1');
+INSERT INTO phpbb_config (config_name, config_value) VALUES ('feed_topics_new', '1');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('flood_interval', '15');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('force_server_vars', '0');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('form_token_lifetime', '7200');
@@ -155,17 +162,22 @@ INSERT INTO phpbb_config (config_name, config_value) VALUES ('img_max_height', '
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('img_max_thumb_width', '400');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('img_max_width', '0');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('img_min_thumb_filesize', '12000');
+INSERT INTO phpbb_config (config_name, config_value) VALUES ('img_quality', '85');
+INSERT INTO phpbb_config (config_name, config_value) VALUES ('img_strip_metadata', '0');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('ip_check', '3');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('ip_login_limit_max', '50');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('ip_login_limit_time', '21600');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('ip_login_limit_use_forwarded', '0');
+INSERT INTO phpbb_config (config_name, config_value) VALUES ('jab_allow_self_signed', '0');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('jab_enable', '0');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('jab_host', '');
-INSERT INTO phpbb_config (config_name, config_value) VALUES ('jab_password', '');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('jab_package_size', '20');
+INSERT INTO phpbb_config (config_name, config_value) VALUES ('jab_password', '');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('jab_port', '5222');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('jab_use_ssl', '0');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('jab_username', '');
+INSERT INTO phpbb_config (config_name, config_value) VALUES ('jab_verify_peer', '1');
+INSERT INTO phpbb_config (config_name, config_value) VALUES ('jab_verify_peer_name', '1');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('ldap_base_dn', '');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('ldap_email', '');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('ldap_password', '');
@@ -185,7 +197,8 @@ INSERT INTO phpbb_config (config_name, config_value) VALUES ('load_cpf_viewprofi
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('load_cpf_viewtopic', '1');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('load_db_lastread', '1');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('load_db_track', '1');
-INSERT INTO phpbb_config (config_name, config_value) VALUES ('load_jquery_url', '//ajax.googleapis.com/ajax/libs/jquery/1.11.0/jquery.min.js');
+INSERT INTO phpbb_config (config_name, config_value) VALUES ('load_font_awesome_url', 'https://maxcdn.bootstrapcdn.com/font-awesome/4.4.0/css/font-awesome.min.css');
+INSERT INTO phpbb_config (config_name, config_value) VALUES ('load_jquery_url', '//ajax.googleapis.com/ajax/libs/jquery/1.12.4/jquery.min.js');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('load_jumpbox', '1');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('load_moderators', '1');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('load_notifications', '1');
@@ -222,13 +235,13 @@ INSERT INTO phpbb_config (config_name, config_value) VALUES ('max_sig_img_height
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('max_sig_img_width', '0');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('max_sig_smilies', '0');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('max_sig_urls', '5');
+INSERT INTO phpbb_config (config_name, config_value) VALUES ('mime_triggers', 'body|head|html|img|plaintext|a href|pre|script|table|title');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('min_name_chars', '3');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('min_pass_chars', '6');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('min_post_chars', '1');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('min_search_author_chars', '3');
-INSERT INTO phpbb_config (config_name, config_value) VALUES ('mime_triggers', 'body|head|html|img|plaintext|a href|pre|script|table|title');
-INSERT INTO phpbb_config (config_name, config_value) VALUES ('new_member_post_limit', '3');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('new_member_group_default', '0');
+INSERT INTO phpbb_config (config_name, config_value) VALUES ('new_member_post_limit', '3');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('override_user_style', '0');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('pass_complex', 'PASS_TYPE_ANY');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('plupload_salt', 'phpbb_plupload');
@@ -239,19 +252,20 @@ INSERT INTO phpbb_config (config_name, config_value) VALUES ('pm_max_recipients'
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('posts_per_page', '10');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('print_pm', '1');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('queue_interval', '60');
+INSERT INTO phpbb_config (config_name, config_value) VALUES ('queue_trigger_posts', '3');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('ranks_path', 'images/ranks');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('read_notification_expire_days', '30');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('read_notification_gc', '86400');
+INSERT INTO phpbb_config (config_name, config_value) VALUES ('referer_validation', '1');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('remote_upload_verify', '0');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('require_activation', '0');
-INSERT INTO phpbb_config (config_name, config_value) VALUES ('referer_validation', '1');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('script_path', '');
+INSERT INTO phpbb_config (config_name, config_value) VALUES ('search_anonymous_interval', '0');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('search_block_size', '250');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('search_gc', '7200');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('search_interval', '0');
-INSERT INTO phpbb_config (config_name, config_value) VALUES ('search_anonymous_interval', '0');
-INSERT INTO phpbb_config (config_name, config_value) VALUES ('search_type', '\phpbb\search\fulltext_native');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('search_store_results', '1800');
+INSERT INTO phpbb_config (config_name, config_value) VALUES ('search_type', '\phpbb\search\fulltext_native');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('secure_allow_deny', '1');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('secure_allow_empty_referer', '1');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('secure_downloads', '0');
@@ -261,25 +275,38 @@ INSERT INTO phpbb_config (config_name, config_value) VALUES ('server_protocol',
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('session_gc', '3600');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('session_length', '3600');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('site_desc', '{L_CONFIG_SITE_DESC}');
-INSERT INTO phpbb_config (config_name, config_value) VALUES ('site_home_url', '');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('site_home_text', '');
+INSERT INTO phpbb_config (config_name, config_value) VALUES ('site_home_url', '');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('sitename', '{L_CONFIG_SITENAME}');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('smilies_path', 'images/smilies');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('smilies_per_page', '50');
+INSERT INTO phpbb_config (config_name, config_value) VALUES ('smtp_allow_self_signed', '0');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('smtp_auth_method', 'PLAIN');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('smtp_delivery', '0');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('smtp_host', '');
-INSERT INTO phpbb_config (config_name, config_value, is_dynamic) VALUES ('smtp_password', '', 1);
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('smtp_port', '25');
-INSERT INTO phpbb_config (config_name, config_value, is_dynamic) VALUES ('smtp_username', '', 1);
-INSERT INTO phpbb_config (config_name, config_value) VALUES ('teampage_memberships', '1');
+INSERT INTO phpbb_config (config_name, config_value) VALUES ('smtp_verify_peer', '1');
+INSERT INTO phpbb_config (config_name, config_value) VALUES ('smtp_verify_peer_name', '1');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('teampage_forums', '1');
+INSERT INTO phpbb_config (config_name, config_value) VALUES ('teampage_memberships', '1');
+INSERT INTO phpbb_config (config_name, config_value) VALUES ('text_reparser.pm_text_cron_interval', '10');
+INSERT INTO phpbb_config (config_name, config_value) VALUES ('text_reparser.pm_text_last_cron', '0');
+INSERT INTO phpbb_config (config_name, config_value) VALUES ('text_reparser.poll_option_cron_interval', '10');
+INSERT INTO phpbb_config (config_name, config_value) VALUES ('text_reparser.poll_option_last_cron', '0');
+INSERT INTO phpbb_config (config_name, config_value) VALUES ('text_reparser.poll_title_cron_interval', '10');
+INSERT INTO phpbb_config (config_name, config_value) VALUES ('text_reparser.poll_title_last_cron', '0');
+INSERT INTO phpbb_config (config_name, config_value) VALUES ('text_reparser.post_text_cron_interval', '10');
+INSERT INTO phpbb_config (config_name, config_value) VALUES ('text_reparser.post_text_last_cron', '0');
+INSERT INTO phpbb_config (config_name, config_value) VALUES ('text_reparser.user_signature_cron_interval', '10');
+INSERT INTO phpbb_config (config_name, config_value) VALUES ('text_reparser.user_signature_last_cron', '0');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('topics_per_page', '25');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('tpl_allow_php', '0');
+INSERT INTO phpbb_config (config_name, config_value) VALUES ('update_hashes_last_cron', '0');
+INSERT INTO phpbb_config (config_name, config_value) VALUES ('update_hashes_lock', '0');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('upload_icons_path', 'images/upload_icons');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('upload_path', 'files');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('use_system_cron', '0');
-INSERT INTO phpbb_config (config_name, config_value) VALUES ('version', '3.2.9-RC1');
+INSERT INTO phpbb_config (config_name, config_value) VALUES ('version', '3.2.11');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('warnings_expire_days', '90');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('warnings_gc', '14400');

@@ -300,9 +327,12 @@ INSERT INTO phpbb_config (config_name, config_value, is_dynamic) VALUES ('rand_s
 INSERT INTO phpbb_config (config_name, config_value, is_dynamic) VALUES ('read_notification_last_gc', '0', 1);
 INSERT INTO phpbb_config (config_name, config_value, is_dynamic) VALUES ('record_online_date', '0', 1);
 INSERT INTO phpbb_config (config_name, config_value, is_dynamic) VALUES ('record_online_users', '0', 1);
+INSERT INTO phpbb_config (config_name, config_value, is_dynamic) VALUES ('reparse_lock', '0', 1);
 INSERT INTO phpbb_config (config_name, config_value, is_dynamic) VALUES ('search_indexing_state', '', 1);
 INSERT INTO phpbb_config (config_name, config_value, is_dynamic) VALUES ('search_last_gc', '0', 1);
 INSERT INTO phpbb_config (config_name, config_value, is_dynamic) VALUES ('session_last_gc', '0', 1);
+INSERT INTO phpbb_config (config_name, config_value, is_dynamic) VALUES ('smtp_password', '', 1);
+INSERT INTO phpbb_config (config_name, config_value, is_dynamic) VALUES ('smtp_username', '', 1);
 INSERT INTO phpbb_config (config_name, config_value, is_dynamic) VALUES ('upload_dir_size', '0', 1);
 INSERT INTO phpbb_config (config_name, config_value, is_dynamic) VALUES ('warnings_last_gc', '0', 1);

@@ -421,6 +451,7 @@ INSERT INTO phpbb_acl_options (auth_option, is_global) VALUES ('u_chgname', 1);
 INSERT INTO phpbb_acl_options (auth_option, is_global) VALUES ('u_chgpasswd', 1);
 INSERT INTO phpbb_acl_options (auth_option, is_global) VALUES ('u_chgprofileinfo', 1);
 INSERT INTO phpbb_acl_options (auth_option, is_global) VALUES ('u_download', 1);
+INSERT INTO phpbb_acl_options (auth_option, is_global) VALUES ('u_emoji', 1);
 INSERT INTO phpbb_acl_options (auth_option, is_global) VALUES ('u_hideonline', 1);
 INSERT INTO phpbb_acl_options (auth_option, is_global) VALUES ('u_ignoreflood', 1);
 INSERT INTO phpbb_acl_options (auth_option, is_global) VALUES ('u_masspm', 1);
--- a/phpBB/language/en/acp/attachments.php
+++ b/phpBB/language/en/acp/attachments.php
@@ -111,6 +111,10 @@ $lang = array_merge($lang, array(

 	'IMAGE_LINK_SIZE'			=> 'Image link dimensions',
 	'IMAGE_LINK_SIZE_EXPLAIN'	=> 'Display image attachment as an inline text link if image is larger than this. To disable this behaviour, set the values to 0px by 0px.',
+	'IMAGE_QUALITY'				=> 'Quality of uploaded image attachments (JPEG only)',
+	'IMAGE_QUALITY_EXPLAIN'		=> 'Specify value between 50% (smaller file size) and 90% (higher quality). Quality higher than 90% increases filesize and is disabled. Setting only applies if maximum image dimensions are set to a value other than 0px by 0px.',
+	'IMAGE_STRIP_METADATA'		=> 'Strip image metadata (JPEG only)',
+	'IMAGE_STRIP_METADATA_EXPLAIN'	=> 'Strip Exif metadata, e.g. author name, GPS coordinates and camera details. Setting only applies if maximum image dimensions are set to a value other than 0px by 0px.',

 	'MAX_ATTACHMENTS'				=> 'Maximum number of attachments per post',
 	'MAX_ATTACHMENTS_PM'			=> 'Maximum number of attachments per private message',
@@ -129,6 +133,8 @@ $lang = array_merge($lang, array(
 	'NOT_ASSIGNED'				=> 'Not assigned',
 	'NO_ATTACHMENTS'			=> 'No attachments found for this period.',
 	'NO_EXT_GROUP'				=> 'None',
+	'NO_EXT_GROUP_ALLOWED_PM'	=> 'There are no <a href="%s">allowed extension groups</a> for private messages.',
+	'NO_EXT_GROUP_ALLOWED_POST'	=> 'There are no <a href="%s">allowed extension groups</a> for posts.',
 	'NO_EXT_GROUP_NAME'			=> 'No group name entered',
 	'NO_EXT_GROUP_SPECIFIED'	=> 'No extension group specified.',
 	'NO_FILE_CAT'				=> 'None',
--- a/phpBB/language/en/acp/board.php
+++ b/phpBB/language/en/acp/board.php
@@ -183,10 +183,10 @@ $lang = array_merge($lang, array(
 	'MAX_POLL_OPTIONS'				=> 'Maximum number of poll options',
 	'MAX_POST_FONT_SIZE'			=> 'Maximum font size per post',
 	'MAX_POST_FONT_SIZE_EXPLAIN'	=> 'Maximum font size allowed in a post. Set to 0 for unlimited font size.',
-	'MAX_POST_IMG_HEIGHT'			=> 'Maximum image height per post',
-	'MAX_POST_IMG_HEIGHT_EXPLAIN'	=> 'Maximum height of an image/flash file in postings. Set to 0 for unlimited size.',
-	'MAX_POST_IMG_WIDTH'			=> 'Maximum image width per post',
-	'MAX_POST_IMG_WIDTH_EXPLAIN'	=> 'Maximum width of an image/flash file in postings. Set to 0 for unlimited size.',
+	'MAX_POST_IMG_HEIGHT'			=> 'Maximum flash height per post',
+	'MAX_POST_IMG_HEIGHT_EXPLAIN'	=> 'Maximum height of a flash file in postings. Set to 0 for unlimited size.',
+	'MAX_POST_IMG_WIDTH'			=> 'Maximum flash width per post',
+	'MAX_POST_IMG_WIDTH_EXPLAIN'	=> 'Maximum width of a flash file in postings. Set to 0 for unlimited size.',
 	'MAX_POST_URLS'					=> 'Maximum links per post',
 	'MAX_POST_URLS_EXPLAIN'			=> 'Maximum number of URLs in a post. Set to 0 for unlimited links.',
 	'MIN_CHAR_LIMIT'				=> 'Minimum characters per post/message',
--- a/phpBB/language/en/acp/common.php
+++ b/phpBB/language/en/acp/common.php
@@ -510,13 +510,13 @@ $lang = array_merge($lang, array(
 	'LOG_ACL_ADD_ADMIN_GLOBAL_A_'		=> '<strong>Added or edited Administrators</strong><br />» %s',
 	'LOG_ACL_ADD_MOD_GLOBAL_M_'			=> '<strong>Added or edited Global Moderators</strong><br />» %s',

-	'LOG_ACL_ADD_USER_LOCAL_F_'			=> '<strong>Added or edited users’ forum access</strong> from %1$s<br />» %2$s',
-	'LOG_ACL_ADD_USER_LOCAL_M_'			=> '<strong>Added or edited users’ forum moderator access</strong> from %1$s<br />» %2$s',
-	'LOG_ACL_ADD_GROUP_LOCAL_F_'		=> '<strong>Added or edited groups’ forum access</strong> from %1$s<br />» %2$s',
-	'LOG_ACL_ADD_GROUP_LOCAL_M_'		=> '<strong>Added or edited groups’ forum moderator access</strong> from %1$s<br />» %2$s',
+	'LOG_ACL_ADD_USER_LOCAL_F_'			=> '<strong>Added or edited users’ forum access</strong> to %1$s<br />» %2$s',
+	'LOG_ACL_ADD_USER_LOCAL_M_'			=> '<strong>Added or edited users’ forum moderator access</strong> to %1$s<br />» %2$s',
+	'LOG_ACL_ADD_GROUP_LOCAL_F_'		=> '<strong>Added or edited groups’ forum access</strong> to %1$s<br />» %2$s',
+	'LOG_ACL_ADD_GROUP_LOCAL_M_'		=> '<strong>Added or edited groups’ forum moderator access</strong> to %1$s<br />» %2$s',

-	'LOG_ACL_ADD_MOD_LOCAL_M_'			=> '<strong>Added or edited Moderators</strong> from %1$s<br />» %2$s',
-	'LOG_ACL_ADD_FORUM_LOCAL_F_'		=> '<strong>Added or edited forum permissions</strong> from %1$s<br />» %2$s',
+	'LOG_ACL_ADD_MOD_LOCAL_M_'			=> '<strong>Added or edited Moderators</strong> for %1$s<br />» %2$s',
+	'LOG_ACL_ADD_FORUM_LOCAL_F_'		=> '<strong>Added or edited forum permissions</strong> for %1$s<br />» %2$s',

 	'LOG_ACL_DEL_ADMIN_GLOBAL_A_'		=> '<strong>Removed Administrators</strong><br />» %s',
 	'LOG_ACL_DEL_MOD_GLOBAL_M_'			=> '<strong>Removed Global Moderators</strong><br />» %s',
--- a/phpBB/language/en/acp/permissions_phpbb.php
+++ b/phpBB/language/en/acp/permissions_phpbb.php
@@ -79,6 +79,7 @@ $lang = array_merge($lang, array(
 	'ACL_U_SAVEDRAFTS'	=> 'Can save drafts',
 	'ACL_U_CHGCENSORS'	=> 'Can disable word censors',
 	'ACL_U_SIG'			=> 'Can use signature',
+	'ACL_U_EMOJI'		=> 'Can use emoji and rich text characters in topic title',

 	'ACL_U_SENDPM'		=> 'Can send private messages',
 	'ACL_U_MASSPM'		=> 'Can send private messages to multiple users',
--- a/phpBB/language/en/cli.php
+++ b/phpBB/language/en/cli.php
@@ -35,6 +35,8 @@ if (empty($lang) || !is_array($lang))
 // in a url you again do not need to specify an order e.g., 'Click %sHERE%s' is fine

 $lang = array_merge($lang, array(
+	'CLI_APCU_CACHE_NOTICE'				=> 'APCu cache has to be purged through the Administration Control Panel.',
+
 	'CLI_CONFIG_CANNOT_CACHED'			=> 'Set this option if the configuration option changes too frequently to be efficiently cached.',
 	'CLI_CONFIG_CURRENT'				=> 'Current configuration value, use 0 and 1 to specify boolean values',
 	'CLI_CONFIG_DELETE_SUCCESS'			=> 'Successfully deleted config %s.',
--- a/phpBB/language/en/common.php
+++ b/phpBB/language/en/common.php
@@ -167,6 +167,7 @@ $lang = array_merge($lang, array(
 	),
 	'COLLAPSE_VIEW'			=> 'Collapse view',
 	'CLOSE_WINDOW'			=> 'Close window',
+	'CODE'					=> 'Code',
 	'COLOUR_SWATCH'			=> 'Colour swatch',
 	'COLON'					=> ':',
 	'COMMA_SEPARATOR'		=> ', ',	// Comma used to join lists into a single string, use localised comma if appropriate, eg: Ideographic or Arabic
@@ -204,6 +205,7 @@ $lang = array_merge($lang, array(
 	'DISPLAY_MESSAGES'		=> 'Display messages from previous',
 	'DISPLAY_POSTS'			=> 'Display posts from previous',
 	'DISPLAY_TOPICS'		=> 'Display topics from previous',
+	'DOMAIN_NO_MX_RECORD_EMAIL'	=> 'The entered email domain has no valid MX record.',
 	'DOWNLOADED'			=> 'Downloaded',
 	'DOWNLOADING_FILE'		=> 'Downloading file',
 	'DOWNLOAD_COUNTS'		=> array(
@@ -605,6 +607,9 @@ $lang = array_merge($lang, array(
 	'POST_UNAPPROVED_ACTION'	=> 'Post awaiting approval:',
 	'POST_UNAPPROVED'		=> 'This post has not been approved.',
 	'POWERED_BY'			=> 'Powered by %s',
+
+	'QUOTE'					=> 'Quote',
+
 	'PREVIEW'				=> 'Preview',
 	'PREVIOUS'				=> 'Previous',		// Used in pagination
 	'PREVIOUS_STEP'			=> 'Previous',
--- a/phpBB/language/en/ucp.php
+++ b/phpBB/language/en/ucp.php
@@ -179,7 +179,6 @@ $lang = array_merge($lang, array(
 	'DEMOTE_SELECTED'			=> 'Demote selected',
 	'DISABLE_CENSORS'			=> 'Enable word censoring',
 	'DISPLAY_GALLERY'			=> 'Display gallery',
-	'DOMAIN_NO_MX_RECORD_EMAIL'	=> 'The entered email domain has no valid MX record.',
 	'DOWNLOADS'					=> 'Downloads',
 	'DRAFTS_DELETED'			=> 'All selected drafts were successfully deleted.',
 	'DRAFTS_EXPLAIN'			=> 'Here you can view, edit and delete your saved drafts.',
--- a/phpBB/language/en/viewtopic.php
+++ b/phpBB/language/en/viewtopic.php
@@ -49,8 +49,6 @@ $lang = array_merge($lang, array(
 	'BUMPED_BY'				=> 'Last bumped by %1$s on %2$s.',
 	'BUMP_TOPIC'			=> 'Bump topic',

-	'CODE'					=> 'Code',
-
 	'DELETE_TOPIC'			=> 'Delete topic',
 	'DELETED_INFORMATION'	=> 'Deleted by %1$s on %2$s',
 	'DISAPPROVE'					=> 'Disapprove',
@@ -98,7 +96,6 @@ $lang = array_merge($lang, array(

 	'QUICK_MOD'				=> 'Quick-mod tools',
 	'QUICKREPLY'			=> 'Quick Reply',
-	'QUOTE'					=> 'Quote',

 	'REPLY_TO_TOPIC'		=> 'Reply to topic',
 	'RESTORE'				=> 'Restore',
--- a/phpBB/memberlist.php
+++ b/phpBB/memberlist.php
@@ -958,7 +958,7 @@ switch ($mode)
 		$sort_key_text = array('a' => $user->lang['SORT_USERNAME'], 'c' => $user->lang['SORT_JOINED'], 'd' => $user->lang['SORT_POST_COUNT']);
 		$sort_key_sql = array('a' => 'u.username_clean', 'c' => 'u.user_regdate', 'd' => 'u.user_posts');

-		if ($config['jab_enable'])
+		if ($config['jab_enable'] && $auth->acl_get('u_sendim'))
 		{
 			$sort_key_text['k'] = $user->lang['JABBER'];
 			$sort_key_sql['k'] = 'u.user_jabber';
--- a/phpBB/phpbb/cache/driver/apcu.php
+++ b/phpBB/phpbb/cache/driver/apcu.php
@@ -25,11 +25,14 @@ class apcu extends \phpbb\cache\driver\memory
 	*/
 	function purge()
 	{
-		/*
-		* Use an iterator to selectively delete our cache entries without disturbing
-		* any other cache users (e.g. other phpBB boards hosted on this server)
-		*/
-		apcu_delete(new \APCUIterator('#^' . $this->key_prefix . '#'));
+		if (PHP_SAPI !== 'cli' || @ini_get('apc.enable_cli'))
+		{
+			/*
+			 * Use an iterator to selectively delete our cache entries without disturbing
+			 * any other cache users (e.g. other phpBB boards hosted on this server)
+			 */
+			apcu_delete(new \APCUIterator('#^' . $this->key_prefix . '#'));
+		}

 		parent::purge();
 	}
--- a/phpBB/phpbb/cache/driver/file.php
+++ b/phpBB/phpbb/cache/driver/file.php
@@ -581,7 +581,7 @@ class file extends \phpbb\cache\driver\base

 			try
 			{
-				$this->filesystem->phpbb_chmod($file, CHMOD_READ | CHMOD_WRITE);
+				$this->filesystem->phpbb_chmod($file, \phpbb\filesystem\filesystem_interface::CHMOD_READ | \phpbb\filesystem\filesystem_interface::CHMOD_WRITE);
 			}
 			catch (\phpbb\filesystem\exception\filesystem_exception $e)
 			{
--- a/phpBB/phpbb/console/application.php
+++ b/phpBB/phpbb/console/application.php
@@ -27,7 +27,12 @@ class application extends \Symfony\Component\Console\Application
 	protected $in_shell = false;

 	/**
-	* @var \phpbb\language\language User object
+	* @var \phpbb\config\config Config object
+	*/
+	protected $config;
+
+	/**
+	* @var \phpbb\language\language Language object
 	*/
 	protected $language;

@@ -35,10 +40,12 @@ class application extends \Symfony\Component\Console\Application
 	* @param string						$name		The name of the application
 	* @param string						$version	The version of the application
 	* @param \phpbb\language\language	$language	The user which runs the application (used for translation)
+	* @param \phpbb\config\config		$config		Config object
 	*/
-	public function __construct($name, $version, \phpbb\language\language $language)
+	public function __construct($name, $version, \phpbb\language\language $language, \phpbb\config\config $config)
 	{
 		$this->language = $language;
+		$this->config = $config;

 		parent::__construct($name, $version);
 	}
@@ -97,9 +104,17 @@ class application extends \Symfony\Component\Console\Application
 	*/
 	public function register_container_commands(\phpbb\di\service_collection $command_collection)
 	{
-		foreach ($command_collection as $service_command)
+		$commands_list = array_keys($command_collection->getArrayCopy());
+		foreach ($commands_list as $service_command)
 		{
-			$this->add($service_command);
+			// config_text DB table does not exist in phpBB prior to 3.1
+			// Hence skip cron tasks as they include reparser cron as it uses config_text table
+			if (phpbb_version_compare($this->config['version'], '3.1.0', '<') && strpos($service_command, 'cron') !== false)
+			{
+				continue;
+			}
+			$this->add($command_collection[$service_command]);
+
 		}
 	}

--- a/phpBB/phpbb/console/command/extension/command.php
+++ b/phpBB/phpbb/console/command/extension/command.php
@@ -12,6 +12,8 @@
 */
 namespace phpbb\console\command\extension;

+use Symfony\Component\Console\Style\SymfonyStyle;
+
 abstract class command extends \phpbb\console\command\command
 {
 	/** @var \phpbb\extension\manager */
@@ -20,11 +22,37 @@ abstract class command extends \phpbb\console\command\command
 	/** @var \phpbb\log\log */
 	protected $log;

-	public function __construct(\phpbb\user $user, \phpbb\extension\manager $manager, \phpbb\log\log $log)
+	/** @var string Cache driver class */
+	protected $cache_driver_class;
+
+	/**
+	 * Constructor.
+	 *
+	 * @param \phpbb\user				$user				User object
+	 * @param \phpbb\extension\manager	$manager			Extension manager object
+	 * @param \phpbb\log\log			$log				Log object
+	 * @param string					$cache_driver_class	Cache driver class
+	 */
+	public function __construct(\phpbb\user $user, \phpbb\extension\manager $manager, \phpbb\log\log $log, $cache_driver_class)
 	{
 		$this->manager = $manager;
 		$this->log = $log;
+		$this->cache_driver_class = $cache_driver_class;

 		parent::__construct($user);
 	}
+
+	/**
+	 * Check if APCu cache driver is used and enabled for CLI, otherwise display a notice.
+	 *
+	 * @param SymfonyStyle $io
+	 * @return void
+	 */
+	protected function check_apcu_cache(SymfonyStyle $io)
+	{
+		if ($this->cache_driver_class === 'phpbb\\cache\\driver\\apcu' && !@ini_get('apc.enable_cli'))
+		{
+			$io->note($this->user->lang('CLI_APCU_CACHE_NOTICE'));
+		}
+	}
 }
--- a/phpBB/phpbb/console/command/extension/disable.php
+++ b/phpBB/phpbb/console/command/extension/disable.php
@@ -55,6 +55,7 @@ class disable extends command
 		else
 		{
 			$this->log->add('admin', ANONYMOUS, '', 'LOG_EXT_DISABLE', time(), array($name));
+			$this->check_apcu_cache($io);
 			$io->success($this->user->lang('CLI_EXTENSION_DISABLE_SUCCESS', $name));
 			return 0;
 		}
--- a/phpBB/phpbb/console/command/extension/enable.php
+++ b/phpBB/phpbb/console/command/extension/enable.php
@@ -64,6 +64,7 @@ class enable extends command
 		if ($this->manager->is_enabled($name))
 		{
 			$this->log->add('admin', ANONYMOUS, '', 'LOG_EXT_ENABLE', time(), array($name));
+			$this->check_apcu_cache($io);
 			$io->success($this->user->lang('CLI_EXTENSION_ENABLE_SUCCESS', $name));
 			return 0;
 		}
--- a/phpBB/phpbb/console/command/extension/purge.php
+++ b/phpBB/phpbb/console/command/extension/purge.php
@@ -48,6 +48,7 @@ class purge extends command
 		else
 		{
 			$this->log->add('admin', ANONYMOUS, '', 'LOG_EXT_PURGE', time(), array($name));
+			$this->check_apcu_cache($io);
 			$io->success($this->user->lang('CLI_EXTENSION_PURGE_SUCCESS', $name));
 			return 0;
 		}
--- a/phpBB/phpbb/cron/task/core/prune_all_forums.php
+++ b/phpBB/phpbb/cron/task/core/prune_all_forums.php
@@ -60,21 +60,26 @@ class prune_all_forums extends \phpbb\cron\task\base
 		$result = $this->db->sql_query($sql);
 		while ($row = $this->db->sql_fetchrow($result))
 		{
+			$log_prune = true;
+
 			if ($row['enable_prune'] && $row['prune_next'] < time())
 			{
 				if ($row['prune_days'])
 				{
-					auto_prune($row['forum_id'], 'posted', $row['forum_flags'], $row['prune_days'], $row['prune_freq']);
+					auto_prune($row['forum_id'], 'posted', $row['forum_flags'], $row['prune_days'], $row['prune_freq'], $log_prune);
+					$log_prune = false;
 				}

 				if ($row['prune_viewed'])
 				{
-					auto_prune($row['forum_id'], 'viewed', $row['forum_flags'], $row['prune_viewed'], $row['prune_freq']);
+					auto_prune($row['forum_id'], 'viewed', $row['forum_flags'], $row['prune_viewed'], $row['prune_freq'], $log_prune);
+					$log_prune = false;
 				}
 			}
+
 			if ($row['enable_shadow_prune'] && $row['prune_shadow_next'] < time() && $row['prune_shadow_days'])
 			{
-				auto_prune($row['forum_id'], 'shadow', $row['forum_flags'], $row['prune_shadow_days'], $row['prune_shadow_freq']);
+				auto_prune($row['forum_id'], 'shadow', $row['forum_flags'], $row['prune_shadow_days'], $row['prune_shadow_freq'], $log_prune);
 			}
 		}
 		$this->db->sql_freeresult($result);
--- a/phpBB/phpbb/cron/task/core/prune_forum.php
+++ b/phpBB/phpbb/cron/task/core/prune_forum.php
@@ -75,14 +75,17 @@ class prune_forum extends \phpbb\cron\task\base implements \phpbb\cron\task\para
 			include($this->phpbb_root_path . 'includes/functions_admin.' . $this->php_ext);
 		}

+		$log_prune = true;
+
 		if ($this->forum_data['prune_days'])
 		{
-			auto_prune($this->forum_data['forum_id'], 'posted', $this->forum_data['forum_flags'], $this->forum_data['prune_days'], $this->forum_data['prune_freq']);
+			auto_prune($this->forum_data['forum_id'], 'posted', $this->forum_data['forum_flags'], $this->forum_data['prune_days'], $this->forum_data['prune_freq'], $log_prune);
+			$log_prune = false;
 		}

 		if ($this->forum_data['prune_viewed'])
 		{
-			auto_prune($this->forum_data['forum_id'], 'viewed', $this->forum_data['forum_flags'], $this->forum_data['prune_viewed'], $this->forum_data['prune_freq']);
+			auto_prune($this->forum_data['forum_id'], 'viewed', $this->forum_data['forum_flags'], $this->forum_data['prune_viewed'], $this->forum_data['prune_freq'], $log_prune);
 		}
 	}

--- a/phpBB/phpbb/db/driver/postgres.php
+++ b/phpBB/phpbb/db/driver/postgres.php
@@ -37,7 +37,7 @@ class postgres extends \phpbb\db\driver\driver

 		if ($sqlpassword)
 		{
-			$connect_string .= "password=$sqlpassword ";
+			$connect_string .= "password='$sqlpassword' ";
 		}

 		if ($sqlserver)
--- a/phpBB/phpbb/db/migration/data/v310/passwords_convert_p1.php
+++ b/phpBB/phpbb/db/migration/data/v310/passwords_convert_p1.php
@@ -27,6 +27,12 @@ class passwords_convert_p1 extends \phpbb\db\migration\migration
 		);
 	}

+	/**
+	 * Update passwords with convert flag to have $CP$ prefix
+	 *
+	 * @param int $start Limit start value
+	 * @return int|void Null if conversion is finished, next start value if not
+	 */
 	public function update_passwords($start)
 	{
 		// Nothing to do if user_pass_convert column doesn't exist
@@ -51,8 +57,8 @@ class passwords_convert_p1 extends \phpbb\db\migration\migration
 			$converted_users++;

 			$user_id = (int) $row['user_id'];
-			// Only prefix passwords without proper prefix
-			if (!isset($update_users[$user_id]) && !preg_match('#^\$([a-zA-Z0-9\\\]*?)\$#', $row['user_password']))
+			// Prefix all passwords that need to be converted
+			if (!isset($update_users[$user_id]))
 			{
 				// Use $CP$ prefix for passwords that need to
 				// be converted and set pass convert to false.
--- a/phpBB/phpbb/db/migration/data/v320/font_awesome_update.php
+++ b/phpBB/phpbb/db/migration/data/v320/font_awesome_update.php
@@ -15,22 +15,22 @@ namespace phpbb\db\migration\data\v320;

 class font_awesome_update extends \phpbb\db\migration\migration
 {
-	static public function depends_on()
-	{
-		return array(
-			'\phpbb\db\migration\data\v320\dev',
-		);
-	}
-
 	public function effectively_installed()
 	{
 		return isset($this->config['load_font_awesome_url']);
 	}

+	static public function depends_on()
+	{
+		return [
+			'\phpbb\db\migration\data\v320\dev',
+		];
+	}
+
 	public function update_data()
 	{
-		return array(
-			array('config.add', array('load_font_awesome_url', 'https://maxcdn.bootstrapcdn.com/font-awesome/4.4.0/css/font-awesome.min.css')),
-		);
+		return [
+			['config.add', ['load_font_awesome_url', 'https://maxcdn.bootstrapcdn.com/font-awesome/4.4.0/css/font-awesome.min.css']],
+		];
 	}
 }
--- a/Show More
+++ b/Show More