[prep-release-3.3.0-RC1] Update changelog for 3.3.0-RC1

[ticket/16250] Add a service to check BBCodes safeness in ACP

.gitignore

@@ -27,3 +27,4 @@
 /tests/vendor
 /vagrant/phpbb-install-config.yml
 .vagrant
+*.DS_Store*

.travis.yml

@@ -31,12 +31,14 @@ services:
   - redis-server
   - postgresql
   - mysql
+  - memcached
 
 install:
   - travis/setup-phpbb.sh $DB $TRAVIS_PHP_VERSION $NOTESTS
 
 before_script:
   - travis/setup-database.sh $DB $TRAVIS_PHP_VERSION $NOTESTS
+  - travis/setup-ldap.sh $SLOWTESTS
   - phantomjs --webdriver=8910 > /dev/null &
 
 script:

README.md

@@ -31,9 +31,11 @@ Read our [Vagrant documentation](phpBB/docs/vagrant.md) to find out how to use V
 
 We have unit and functional tests in order to prevent regressions. You can view the bamboo continuous integration [here](https://bamboo.phpbb.com) or check our travis builds below:
 
-* [![Build Status](https://travis-ci.org/phpbb/phpbb.svg?branch=master)](http://travis-ci.org/phpbb/phpbb)[![Build status](https://ci.appveyor.com/api/projects/status/8g98ybngd2f3axy1/branch/master?svg=true)](https://ci.appveyor.com/project/phpBB/phpbb/branch/master) **master** - Latest development version
-* [![Build Status](https://travis-ci.org/phpbb/phpbb.svg?branch=3.3.x)](http://travis-ci.org/phpbb/phpbb)[![Build status](https://ci.appveyor.com/api/projects/status/8g98ybngd2f3axy1/branch/3.3.x?svg=true)](https://ci.appveyor.com/project/phpBB/phpbb/branch/3.3.x) **3.3.x** - Development of version 3.3.x
-* [![Build Status](https://travis-ci.org/phpbb/phpbb.svg?branch=3.2.x)](http://travis-ci.org/phpbb/phpbb)[![Build status](https://ci.appveyor.com/api/projects/status/8g98ybngd2f3axy1/branch/3.2.x?svg=true)](https://ci.appveyor.com/project/phpBB/phpbb/branch/3.2.x) **3.2.x** - Development of version 3.2.x
+Travis CI  | AppVeyor | Branch  | Description
+---------- | -------- | ------- | -----------
+[![Build Status](https://travis-ci.org/phpbb/phpbb.svg?branch=master)](http://travis-ci.org/phpbb/phpbb) | [![Build status](https://ci.appveyor.com/api/projects/status/8g98ybngd2f3axy1/branch/master?svg=true)](https://ci.appveyor.com/project/phpBB/phpbb/branch/master) | **master** | Latest development version
+[![Build Status](https://travis-ci.org/phpbb/phpbb.svg?branch=3.3.x)](http://travis-ci.org/phpbb/phpbb) | [![Build status](https://ci.appveyor.com/api/projects/status/8g98ybngd2f3axy1/branch/3.3.x?svg=true)](https://ci.appveyor.com/project/phpBB/phpbb/branch/3.3.x) | **3.3.x** | Development of version 3.3.x
+[![Build Status](https://travis-ci.org/phpbb/phpbb.svg?branch=3.2.x)](http://travis-ci.org/phpbb/phpbb) | [![Build status](https://ci.appveyor.com/api/projects/status/8g98ybngd2f3axy1/branch/3.2.x?svg=true)](https://ci.appveyor.com/project/phpBB/phpbb/branch/3.2.x) | **3.2.x** | Development of version 3.2.x
 
 ## LICENSE
 

build/build.xml

@@ -2,9 +2,9 @@
 
 <project name="phpBB" description="The phpBB forum software" default="all" basedir="../">
 	<!-- a few settings for the build -->
-	<property name="newversion" value="3.3.0-b1" />
+	<property name="newversion" value="3.3.0-RC1" />
 	<property name="prevversion" value="3.2.8" />
-	<property name="olderversions" value="3.1.0, 3.1.1, 3.1.2, 3.1.3, 3.1.4, 3.1.5, 3.1.6, 3.1.7, 3.1.7-pl1, 3.1.8, 3.1.9, 3.1.10, 3.1.11, 3.1.12, 3.2.0-a1, 3.2.0-a2, 3.2.0-b1, 3.2.0-b2, 3.2.0-RC1, 3.2.0-RC2, 3.2.0, 3.2.1, 3.2.2, 3.2.3, 3.2.4, 3.2.5, 3.2.6, 3.2.7" />
+	<property name="olderversions" value="3.1.0, 3.1.1, 3.1.2, 3.1.3, 3.1.4, 3.1.5, 3.1.6, 3.1.7, 3.1.7-pl1, 3.1.8, 3.1.9, 3.1.10, 3.1.11, 3.1.12, 3.2.0-a1, 3.2.0-a2, 3.2.0-b1, 3.2.0-b2, 3.2.0-RC1, 3.2.0-RC2, 3.2.0, 3.2.1, 3.2.2, 3.2.3, 3.2.4, 3.2.5, 3.2.6, 3.2.7, 3.3.0-b1, 3.3.0-b2" />
 	<!-- no configuration should be needed beyond this point -->
 
 	<property name="oldversions" value="${olderversions}, ${prevversion}" />

phpBB/.htaccess

@@ -36,6 +36,13 @@ RewriteRule ^(.*)$ app.php [QSA,L]
 #Options +FollowSymLinks
 </IfModule>
 
+# Apache content negotation tries to interpret non-existent paths as files if
+# MultiViews is enabled. This will however cause issues with paths containg
+# dots, e.g. for the cron tasks
+<IfModule mod_negotiation.c>
+	Options -MultiViews
+</IfModule>
+
 # With Apache 2.4 the "Order, Deny" syntax has been deprecated and moved from
 # module mod_authz_host to a new module called mod_access_compat (which may be
 # disabled) and a new "Require" syntax has been introduced to mod_authz_host.

phpBB/adm/style/acp_forums.html

@@ -210,6 +210,11 @@
 			<dd><label><input type="radio" class="radio" name="display_subforum_list" value="1"<!-- IF S_DISPLAY_SUBFORUM_LIST --> id="display_subforum_list" checked="checked"<!-- ENDIF --> /> {L_YES}</label>
 				<label><input type="radio" class="radio" name="display_subforum_list" value="0"<!-- IF not S_DISPLAY_SUBFORUM_LIST --> id="display_subforum_list" checked="checked"<!-- ENDIF --> /> {L_NO}</label></dd>
 		</dl>
+		<dl>
+			<dt><label for="display_subforum_limit">{L_LIMIT_SUBFORUMS}{L_COLON}</label><br /><span>{L_LIMIT_SUBFORUMS_EXPLAIN}</span></dt>
+			<dd><label><input type="radio" class="radio" name="display_subforum_limit" value="1"<!-- IF S_DISPLAY_SUBFORUM_LIMIT --> id="display_subforum_limit" checked="checked"<!-- ENDIF --> /> {L_YES}</label>
+				<label><input type="radio" class="radio" name="display_subforum_limit" value="0"<!-- IF not S_DISPLAY_SUBFORUM_LIMIT --> id="display_subforum_limit" checked="checked"<!-- ENDIF --> /> {L_NO}</label></dd>
+		</dl>
 		<dl>
 			<dt><label for="display_on_index">{L_LIST_INDEX}{L_COLON}</label><br /><span>{L_LIST_INDEX_EXPLAIN}</span></dt>
 			<dd><label><input type="radio" class="radio" name="display_on_index" value="1"<!-- IF S_DISPLAY_ON_INDEX --> id="display_on_index" checked="checked"<!-- ENDIF --> /> {L_YES}</label>

phpBB/adm/style/admin.css

@@ -191,7 +191,7 @@ li {
 
 #page-header {
 	text-align: right;
-	background: url("../images/phpbb_logo.png") top left no-repeat;
+	background: url("../images/phpbb_logo.svg") top left no-repeat;
 	height: 54px;
 	font-size: 0.85em;
 	margin-bottom: 10px;
@@ -199,7 +199,7 @@ li {
 
 .rtl #page-header {
 	text-align: left;
-	background: url("../images/phpbb_logo.png") top right no-repeat;
+	background: url("../images/phpbb_logo.svg") top right no-repeat;
 }
 
 #page-header h1 {
@@ -728,13 +728,6 @@ td {
 	border-collapse: separate;
 }
 
-@media only screen and (min-width: 1100px), only screen and (min-device-width: 1100px) {
-	.lside .table1 {
-		display: inline-table;
-		width: 49.7%;
-	}
-}
-
 .tabled {
 	width: 25%;
 }

phpBB/adm/style/permission_forum_copy.html

@@ -4,7 +4,7 @@
 
 	<h1>{L_ACP_FORUM_PERMISSIONS_COPY}</h1>
 
-	{L_ACP_FORUM_PERMISSIONS_COPY_EXPLAIN}
+	<p>{L_ACP_FORUM_PERMISSIONS_COPY_EXPLAIN}</p>
 
 	<form id="forum_perm_copy" method="post" action="{U_ACTION}">
 

phpBB/assets/javascript/core.js

@@ -11,7 +11,9 @@ phpbb.alertTime = 100;
 var keymap = {
 	TAB: 9,
 	ENTER: 13,
-	ESC: 27
+	ESC: 27,
+	ARROW_UP: 38,
+	ARROW_DOWN: 40
 };
 
 var $dark = $('#darkenwrapper');
@@ -561,7 +563,7 @@ phpbb.search.setValue = function($input, value, multiline) {
 phpbb.search.setValueOnClick = function($input, value, $row, $container) {
 	$row.click(function() {
 		phpbb.search.setValue($input, value.result, $input.attr('data-multiline'));
-		$container.hide();
+		phpbb.search.closeResults($input, $container);
 	});
 };
 
@@ -575,7 +577,7 @@ phpbb.search.setValueOnClick = function($input, value, $row, $container) {
  * @param {object} event			Onkeyup event object.
  * @param {function} sendRequest	Function to execute AJAX request.
  *
- * @returns {bool} Returns false.
+ * @returns {boolean} Returns false.
  */
 phpbb.search.filter = function(data, event, sendRequest) {
 	var $this = $(this),
@@ -584,9 +586,16 @@ phpbb.search.filter = function(data, event, sendRequest) {
 		searchID = $this.attr('data-results'),
 		keyword = phpbb.search.getKeyword($this, data[dataName], $this.attr('data-multiline')),
 		cache = phpbb.search.cache.get(searchID),
+		key = event.keyCode || event.which,
 		proceed = true;
 	data[dataName] = keyword;
 
+	// No need to search if enter was pressed
+	// for selecting a value from the results.
+	if (key === keymap.ENTER) {
+		return false;
+	}
+
 	if (cache.timeout) {
 		clearTimeout(cache.timeout);
 	}
@@ -697,22 +706,108 @@ phpbb.search.showResults = function(results, $input, $container, callback) {
 		row.appendTo($resultContainer).show();
 	});
 	$container.show();
+
+	phpbb.search.navigateResults($input, $container, $resultContainer);
 };
 
 /**
  * Clear search results.
  *
- * @param {jQuery} $container Search results container.
+ * @param {jQuery} $container		Search results container.
  */
 phpbb.search.clearResults = function($container) {
 	$container.children(':not(.search-result-tpl)').remove();
 };
 
+/**
+ * Close search results.
+ *
+ * @param {jQuery} $input			Search input|textarea.
+ * @param {jQuery} $container		Search results container.
+ */
+phpbb.search.closeResults = function($input, $container) {
+	$input.off('.phpbb.search');
+	$container.hide();
+};
+
+/**
+ * Navigate search results.
+ *
+ * @param {jQuery} $input			Search input|textarea.
+ * @param {jQuery} $container		Search results container.
+ * @param {jQuery} $resultContainer	Search results list container.
+ */
+phpbb.search.navigateResults = function($input, $container, $resultContainer) {
+	// Add a namespace to the event (.phpbb.search),
+	// so it can be unbound specifically later on.
+	// Rebind it, to ensure the event is 'dynamic'.
+	$input.off('.phpbb.search');
+	$input.on('keydown.phpbb.search', function(event) {
+		var key = event.keyCode || event.which,
+			$active = $resultContainer.children('.active');
+
+		switch (key) {
+			// Close the results
+			case keymap.ESC:
+				phpbb.search.closeResults($input, $container);
+			break;
+
+			// Set the value for the selected result
+			case keymap.ENTER:
+				if ($active.length) {
+					var value = $active.find('.search-result > span').text();
+
+					phpbb.search.setValue($input, value, $input.attr('data-multiline'));
+				}
+
+				phpbb.search.closeResults($input, $container);
+
+				// Do not submit the form
+				event.preventDefault();
+			break;
+
+			// Navigate the results
+			case keymap.ARROW_DOWN:
+			case keymap.ARROW_UP:
+				var up = key === keymap.ARROW_UP,
+					$children = $resultContainer.children();
+
+				if (!$active.length) {
+					if (up) {
+						$children.last().addClass('active');
+					} else {
+						$children.first().addClass('active');
+					}
+				} else if ($children.length > 1) {
+					if (up) {
+						if ($active.is(':first-child')) {
+							$children.last().addClass('active');
+						} else {
+							$active.prev().addClass('active');
+						}
+					} else {
+						if ($active.is(':last-child')) {
+							$children.first().addClass('active');
+						} else {
+							$active.next().addClass('active');
+						}
+					}
+
+					$active.removeClass('active');
+				}
+
+				// Do not change cursor position in the input element
+				event.preventDefault();
+			break;
+		}
+	});
+};
+
 $('#phpbb').click(function() {
 	var $this = $(this);
 
 	if (!$this.is('.live-search') && !$this.parents().is('.live-search')) {
-		$('.live-search').hide();
+		phpbb.search.closeResults($('input, textarea'), $('.live-search'));
 	}
 });
 
@@ -1492,7 +1587,7 @@ phpbb.colorPalette = function(dir, width, height) {
 * @param {jQuery} el jQuery object for the palette container.
 */
 phpbb.registerPalette = function(el) {
-	var	orientation	= el.attr('data-color-palette'),
+	var	orientation	= el.attr('data-color-palette') || el.attr('data-orientation'), // data-orientation kept for backwards compat.
 		height		= el.attr('data-height'),
 		width		= el.attr('data-width'),
 		target		= el.attr('data-target'),
@@ -1706,7 +1801,7 @@ $(function() {
 
 	phpbb.registerPageDropdowns();
 
-	$('[data-color-palette]').each(function() {
+	$('[data-color-palette], [data-orientation]').each(function() {
 		phpbb.registerPalette($(this));
 	});
 

phpBB/composer.json

@@ -32,7 +32,6 @@
 		"guzzlehttp/guzzle": "~6.3",
 		"lusitanian/oauth": "^0.8.1",
 		"marc1706/fast-image-size": "^1.1",
-		"paragonie/random_compat": "^2.0",
 		"patchwork/utf8": "^1.1",
 		"s9e/text-formatter": "^2.0",
 		"symfony/config": "~3.4",

phpBB/config/default/container/services_auth.yml

@@ -15,12 +15,12 @@ services:
     auth.provider.db:
         class: phpbb\auth\provider\db
         arguments:
-            - '@dbal.conn'
+            - '@captcha.factory'
             - '@config'
+            - '@dbal.conn'
             - '@passwords.manager'
             - '@request'
             - '@user'
-            - '@service_container'
             - '%core.root_path%'
             - '%core.php_ext%'
         tags:
@@ -29,9 +29,9 @@ services:
     auth.provider.apache:
         class: phpbb\auth\provider\apache
         arguments:
-            - '@dbal.conn'
             - '@config'
-            - '@passwords.manager'
+            - '@dbal.conn'
+            - '@language'
             - '@request'
             - '@user'
             - '%core.root_path%'
@@ -42,9 +42,9 @@ services:
     auth.provider.ldap:
         class: phpbb\auth\provider\ldap
         arguments:
-            - '@dbal.conn'
             - '@config'
-            - '@passwords.manager'
+            - '@dbal.conn'
+            - '@language'
             - '@user'
         tags:
             - { name: auth.provider }
@@ -52,18 +52,18 @@ services:
     auth.provider.oauth:
         class: phpbb\auth\provider\oauth\oauth
         arguments:
-            - '@dbal.conn'
             - '@config'
-            - '@passwords.manager'
+            - '@dbal.conn'
+            - '@auth.provider.db'
+            - '@dispatcher'
+            - '@language'
             - '@request'
+            - '@auth.provider.oauth.service_collection'
             - '@user'
             - '%tables.auth_provider_oauth_token_storage%'
             - '%tables.auth_provider_oauth_states%'
             - '%tables.auth_provider_oauth_account_assoc%'
-            - '@auth.provider.oauth.service_collection'
             - '%tables.users%'
-            - '@service_container'
-            - '@dispatcher'
             - '%core.root_path%'
             - '%core.php_ext%'
         tags:

phpBB/config/default/container/services_console.yml

@@ -158,14 +158,6 @@ services:
         tags:
             - { name: console.command }
 
-    console.command.fixup.recalculate_email_hash:
-        class: phpbb\console\command\fixup\recalculate_email_hash
-        arguments:
-            - '@user'
-            - '@dbal.conn'
-        tags:
-            - { name: console.command }
-
     console.command.fixup.update_hashes:
         class: phpbb\console\command\fixup\update_hashes
         arguments:

phpBB/config/default/container/services_text_formatter.yml

@@ -4,6 +4,11 @@ parameters:
     text_formatter.cache.renderer.key: _text_formatter_renderer
 
 services:
+    text_formatter.acp_utils:
+        class: phpbb\textformatter\s9e\acp_utils
+        arguments:
+            - '@text_formatter.s9e.factory'
+
     text_formatter.cache:
         alias: text_formatter.s9e.factory
 

phpBB/develop/calc_email_hash.php

@@ -1,74 +0,0 @@
-<?php
-/**
-*
-* This file is part of the phpBB Forum Software package.
-*
-* @copyright (c) phpBB Limited <https://www.phpbb.com>
-* @license GNU General Public License, version 2 (GPL-2.0)
-*
-* For full copyright and license information, please see
-* the docs/CREDITS.txt file.
-*
-*/
-
-//
-// Security message:
-//
-// This script is potentially dangerous.
-// Remove or comment the next line (die(".... ) to enable this script.
-// Do NOT FORGET to either remove this script or disable it after you have used it.
-//
-die("Please read the first lines of this script for instructions on how to enable it");
-@set_time_limit(300);
-
-$db = $dbhost = $dbuser = $dbpasswd = $dbport = $dbname = '';
-
-define('IN_PHPBB', 1);
-define('ANONYMOUS', 1);
-$phpEx = substr(strrchr(__FILE__, '.'), 1);
-$phpbb_root_path='./../';
-include($phpbb_root_path . 'config.'.$phpEx);
-require($phpbb_root_path . 'includes/acm/acm_' . $acm_type . '.'.$phpEx);
-require($phpbb_root_path . 'includes/db/' . $dbms . '.'.$phpEx);
-include($phpbb_root_path . 'includes/functions.'.$phpEx);
-
-$cache		= new acm();
-$db			= new sql_db();
-
-// Connect to DB
-$db->sql_connect($dbhost, $dbuser, $dbpasswd, $dbname, $dbport, false);
-
-$start = 0;
-do
-{
-	// Batch query for group members, call group_user_del
-	$sql = "SELECT user_id, user_email 
-		FROM  {$table_prefix}users
-		LIMIT $start, 100";
-	$result = $db->sql_query($sql);
-
-	if ($row = $db->sql_fetchrow($result))
-	{
-		do
-		{
-			$sql = "UPDATE {$table_prefix}users 
-				SET user_email_hash = " . (crc32(strtolower($row['user_email'])) . strlen($row['user_email'])) . '
-				WHERE user_id = ' . $row['user_id'];
-			$db->sql_query($sql);
-
-			$start++;
-		}
-		while ($row = $db->sql_fetchrow($result));
-
-		echo "<br />Batch -> $start\n";
-		flush();
-	}
-	else
-	{
-		$start = 0;
-	}
-	$db->sql_freeresult($result);
-}
-while ($start);
-
-echo "<p><b>Done</b></p>\n";

phpBB/develop/regex.php

@@ -8,46 +8,6 @@
 //
 die("Please read the first lines of this script for instructions on how to enable it");
 
-
-// IP regular expressions
-
-$dec_octet = '(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])';
-$h16 = '[\dA-F]{1,4}';
-$ipv4 = "(?:$dec_octet\.){3}$dec_octet";
-$ls32 = "(?:$h16:$h16|$ipv4)";
-
-$ipv6_construct = array(
-	array(false,	'',		'{6}',	$ls32),
-	array(false,	'::',	'{0,5}', "(?:$h16(?::$h16)?|$ipv4)"),
-	array('',		':',	'{4}',	$ls32),
-	array('{1,2}',	':',	'{3}',	$ls32),
-	array('{1,3}',	':',	'{2}',	$ls32),
-	array('{1,4}',	':',	'',		$ls32),
-	array('{1,5}',	':',	false,	$ls32),
-	array('{1,6}',	':',	false,	$h16),
-	array('{1,7}',	':',	false,	''),
-	array(false, '::', false, '')
-);
-
-$ipv6 = '(?:';
-foreach ($ipv6_construct as $ip_type)
-{
-	$ipv6 .= '(?:';
-	if ($ip_type[0] !== false)
-	{
-		$ipv6 .= "(?:$h16:)" . $ip_type[0];
-	}
-	$ipv6 .= $ip_type[1];
-	if ($ip_type[2] !== false)
-	{
-		$ipv6 .= "(?:$h16:)" . $ip_type[2];
-	}
-	$ipv6 .= $ip_type[3] . ')|';
-}
-$ipv6 = substr($ipv6, 0, -1) . ')';
-
-echo 'IPv4: ' . $ipv4 . "<br />\nIPv6: " . $ipv6 . "<br />\n";
-
 // URL regular expressions
 
 $pct_encoded = "%[\dA-F]{2}";

phpBB/develop/regex_idn.php

@@ -8,45 +8,6 @@
 //
 die("Please read the first lines of this script for instructions on how to enable it");
 
-// IP regular expressions
-
-$dec_octet = '(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])';
-$h16 = '[\dA-F]{1,4}';
-$ipv4 = "(?:$dec_octet\.){3}$dec_octet";
-$ls32 = "(?:$h16:$h16|$ipv4)";
-
-$ipv6_construct = array(
-	array(false,	'',		'{6}',	$ls32),
-	array(false,	'::',	'{0,5}', "(?:$h16(?::$h16)?|$ipv4)"),
-	array('',		':',	'{4}',	$ls32),
-	array('{1,2}',	':',	'{3}',	$ls32),
-	array('{1,3}',	':',	'{2}',	$ls32),
-	array('{1,4}',	':',	'',		$ls32),
-	array('{1,5}',	':',	false,	$ls32),
-	array('{1,6}',	':',	false,	$h16),
-	array('{1,7}',	':',	false,	''),
-	array(false, '::', false, '')
-);
-
-$ipv6 = '(?:';
-foreach ($ipv6_construct as $ip_type)
-{
-	$ipv6 .= '(?:';
-	if ($ip_type[0] !== false)
-	{
-		$ipv6 .= "(?:$h16:)" . $ip_type[0];
-	}
-	$ipv6 .= $ip_type[1];
-	if ($ip_type[2] !== false)
-	{
-		$ipv6 .= "(?:$h16:)" . $ip_type[2];
-	}
-	$ipv6 .= $ip_type[3] . ')|';
-}
-$ipv6 = substr($ipv6, 0, -1) . ')';
-
-echo 'IPv4: ' . $ipv4 . "<br /><br />\n\nIPv6: " . $ipv6 . "<br /><br />\n\n";
-
 // URL regular expressions
 
 /* IDN2008 characters derivation
@@ -72,7 +33,7 @@ $no_hangul = '\x{1100}-\x{115F}\x{A960}-\x{A97C}\x{1160}-\x{11A7}\x{D7B0}-\x{D7C
 */
 $no_cdm = '\x{20D0}-\x{20FF}';						// \p{block=Combining_Diacritical_Marks_For_Symbols}
 $no_musical = '\x{1D100}-\x{1D1FF}';					// \p{block=Musical_Symbols}
-$no_ancient_greek_musical = '\x{1D200}-\x{1D24F}';	// \p{block=Ancient_Greek_Musical_Notation}	
+$no_ancient_greek_musical = '\x{1D200}-\x{1D24F}';	// \p{block=Ancient_Greek_Musical_Notation}
 /* Remove certain exceptions:
 ** U+0640 ARABIC TATWEEL
 ** U+07FA NKO LAJANYALAN

phpBB/develop/update_email_hash.php

@@ -1,56 +0,0 @@
-<?php
-/**
-* Corrects user_email_hash values if DB moved from 32-bit system to 64-bit system or vice versa.
-* The CRC32 function in PHP generates different results for both systems.
-* @PHP dev team: no, a hexdec() applied to it does not solve the issue. And please document it.
-*
-*/
-die("Please read the first lines of this script for instructions on how to enable it");
-
-set_time_limit(0);
-
-define('IN_PHPBB', true);
-$phpbb_root_path = './../';
-$phpEx = substr(strrchr(__FILE__, '.'), 1);
-include($phpbb_root_path . 'common.' . $phpEx);
-
-// Start session management
-$user->session_begin();
-$auth->acl($user->data);
-$user->setup();
-
-$start = $request->variable('start', 0);
-$num_items = 1000;
-
-echo '<br />Updating user email hashes' . "\n";
-
-$sql = 'SELECT user_id, user_email
-	FROM ' . USERS_TABLE . '
-	ORDER BY user_id ASC';
-$result = $db->sql_query($sql);
-
-$echos = 0;
-while ($row = $db->sql_fetchrow($result))
-{
-	$echos++;
-
-	$sql = 'UPDATE ' . USERS_TABLE . "
-		SET user_email_hash = '" . $db->sql_escape(phpbb_email_hash($row['user_email'])) . "'
-		WHERE user_id = " . (int) $row['user_id'];
-	$db->sql_query($sql);
-
-	if ($echos == 200)
-	{
-		echo '<br />';
-		$echos = 0;
-	}
-
-	echo '.';
-	flush();
-}
-$db->sql_freeresult($result);
-
-echo 'FINISHED';
-
-// Done
-$db->sql_close();

phpBB/docs/CHANGELOG.html

@@ -50,6 +50,8 @@
 <ol>
 	<li><a href="#changelog">Changelog</a>
 	<ul>
+		<li><a href="#v330b2">Changes since 3.3.0-b2</a></li>
+		<li><a href="#v330b1">Changes since 3.3.0-b1</a></li>
 		<li><a href="#v32x">Changes since 3.2.x</a></li>
 		<li><a href="#v328rc1">Changes since 3.2.8-RC1</a></li>
 		<li><a href="#v327">Changes since 3.2.7</a></li>
@@ -141,6 +143,60 @@
 		<div class="inner">
 
 		<div class="content">
+			<a name="v330b2"></a><h3>Changes since 3.3.0-b2</h3>
+			<h4>Bug</h4>
+			<ul>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16056">PHPBB3-16056</a>] - JPEG dimensions undetectable for some kind of jpeg files</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16211">PHPBB3-16211</a>] - COPPA should not be skippable</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16226">PHPBB3-16226</a>] - Cron Tasks are not running on some Apache Server</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16227">PHPBB3-16227</a>] - If click login or acp login add errors</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16228">PHPBB3-16228</a>] - BBCode definitions with an optional attribute and a non-TEXT content are not merged correctly</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16235">PHPBB3-16235</a>] - Ignore patterns in ext-sniff.sh are not processed</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16242">PHPBB3-16242</a>] - Redirect loop when install folder doesn't exist</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16255">PHPBB3-16255</a>] - PHP 7.4 Deprecation warning on curly braces offsets</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16258">PHPBB3-16258</a>] - Sample Sphinx configuration file causes delta index to only include the most recent post</li>
+			</ul>
+			<h4>Improvement</h4>
+			<ul>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-15294">PHPBB3-15294</a>] - Server slowed down when having high session count</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16203">PHPBB3-16203</a>] - Enable Emojis and rich text in sent Emails</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16223">PHPBB3-16223</a>] - Remove no longer supported memcache</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16236">PHPBB3-16236</a>] - Bump phpBB 3.3 maximum PHP version requirement to PHP 7.4</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16239">PHPBB3-16239</a>] - Remove deprecated phpbb\db\tools</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16247">PHPBB3-16247</a>] - Quote PM has no identifier.</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16248">PHPBB3-16248</a>] - update to new svg version of logo</li>
+			</ul>
+			<h4>Task</h4>
+			<ul>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16224">PHPBB3-16224</a>] - Update composer dependencies</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16241">PHPBB3-16241</a>] - Color Palette Syntax Breaks Backwards Compatibility</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16246">PHPBB3-16246</a>] - Prettify and update README Automated Testing section</li>
+			</ul>
+
+			<a name="v330b1"></a><h3>Changes since 3.3.0-b1</h3>
+			<h4>Bug</h4>
+			<ul>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16008">PHPBB3-16008</a>] - oAuth does not respect custom server settings</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16167">PHPBB3-16167</a>] - phpbb_email_hash creates false duplicates</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16188">PHPBB3-16188</a>] - Statistics Panel in ACP</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16192">PHPBB3-16192</a>] - Installing Extensions Via CLI Broken</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16205">PHPBB3-16205</a>] - Undefined variable 'zebra' in search.php</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16210">PHPBB3-16210</a>] - Terms of use should not be skippable</li>
+			</ul>
+			<h4>Improvement</h4>
+			<ul>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12539">PHPBB3-12539</a>] - Live Member Search Improvements</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12559">PHPBB3-12559</a>] - Add forum setting to limit subforums legend to direct children only</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-12574">PHPBB3-12574</a>] - Don't require the passwords_manager in the constructor of the auth plugins</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-15958">PHPBB3-15958</a>] - Created forums and default forum created during install have diferent options</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16187">PHPBB3-16187</a>] - Correctly display registration using external services</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16189">PHPBB3-16189</a>] - Deprecate inet_ntop and inet_pton wrappers</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16190">PHPBB3-16190</a>] - Deprecate phpbb's checkdnsrr wrapper</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16195">PHPBB3-16195</a>] - Copy forum permissions missing paragraph</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16196">PHPBB3-16196</a>] - Remove random_compat</li>
+				<li>[<a href="http://tracker.phpbb.com/browse/PHPBB3-16206">PHPBB3-16206</a>] - Remove offsetExists reimplementation in service_collection</li>
+			</ul>
+
 			<a name="v32x"></a><h3>Changes since 3.2.x</h3>
 			<h4>Bug</h4>
 			<ul>

phpBB/docs/INSTALL.html

@@ -147,7 +147,7 @@
 			<li>Oracle</li>
 		</ul>
 		</li>
-		<li><strong>PHP 7.1.0+</strong> but less than <strong>PHP 7.4</strong> with support for the database you intend to use.</li>
+		<li><strong>PHP 7.1.0+</strong> up to and including <strong>PHP 7.4</strong> with support for the database you intend to use.</li>
 		<li>The following PHP modules are required:
 		<ul>
 			<li>json</li>

phpBB/docs/coding-guidelines.html

@@ -234,9 +234,9 @@ PHPBB_USE_BOARD_URL_PATH   (use generate_board_url() for image paths instead of
 PHPBB_DISABLE_ACP_EDITOR   (disable ACP style editor for templates)
 PHPBB_DISABLE_CONFIG_CHECK (disable ACP config.php writeable check)
 
-PHPBB_ACM_MEMCACHE_PORT     (overwrite memcached port, default is 11211)
-PHPBB_ACM_MEMCACHE_COMPRESS (overwrite memcached compress setting, default is disabled)
-PHPBB_ACM_MEMCACHE_HOST     (overwrite memcached host name, default is localhost)
+PHPBB_ACM_MEMCACHED_PORT     (overwrite memcached port, default is 11211)
+PHPBB_ACM_MEMCACHED_COMPRESS (overwrite memcached compress setting, default is disabled)
+PHPBB_ACM_MEMCACHED_HOST     (overwrite memcached host name, default is localhost)
 
 PHPBB_ACM_REDIS_HOST        (overwrite redis host name, default is localhost)
 PHPBB_ACM_REDIS_PORT        (overwrite redis port, default is 6379)

phpBB/docs/events.md

@@ -2646,6 +2646,13 @@ ucp_profile_profile_info_before
 * Since: 3.1.4-RC1
 * Purpose: Add options in profile page fieldset - before jabber field.
 
+ucp_profile_profile_info_birthday_label_append
+===
+* Locations:
+    + styles/prosilver/template/ucp_profile_profile_info.html
+* Since: 3.2.9-RC1
+* Purpose: Add more text to birthday label, such as required asterisk
+
 ucp_profile_register_details_after
 ===
 * Locations:

phpBB/docs/nginx.sample.conf

@@ -93,7 +93,7 @@ http {
         # Correctly pass scripts for installer
         location /install/ {
             # phpBB uses index.htm
-            try_files $uri $uri/ @rewrite_installapp;
+            try_files $uri $uri/ @rewrite_installapp =404;
 
             # Pass the php scripts to fastcgi server specified in upstream declaration.
             location ~ \.php(/|$) {
@@ -104,7 +104,7 @@ http {
                 fastcgi_param PATH_INFO $fastcgi_path_info;
                 fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
                 fastcgi_param DOCUMENT_ROOT $realpath_root;
-                try_files $uri $uri/ /install/app.php$is_args$args;
+                try_files $uri $uri/ /install/app.php$is_args$args =404;
                 fastcgi_pass php;
             }
         }

phpBB/docs/sphinx.sample.conf

@@ -41,7 +41,7 @@ source source_phpbb_{SPHINX_ID}_main
 }
 source source_phpbb_{SPHINX_ID}_delta : source_phpbb_{SPHINX_ID}_main
 {
-	sql_query_pre =
+	sql_query_pre = SET NAMES 'utf8'
 	sql_query_range =
 	sql_range_step =
 	sql_query = SELECT \
@@ -61,7 +61,7 @@ source source_phpbb_{SPHINX_ID}_delta : source_phpbb_{SPHINX_ID}_main
 						WHERE \
 							p.topic_id = t.topic_id \
 							AND p.post_id >= ( SELECT max_doc_id FROM phpbb_sphinx WHERE counter_id=1 )
-	sql_query_pre =
+	sql_query_post_index =
 }
 index index_phpbb_{SPHINX_ID}_main
 {

phpBB/includes/acp/acp_bbcodes.php

@@ -157,7 +157,7 @@ class acp_bbcodes
 				* @var	string	bbcode_tpl			The bbcode HTML replacement string
 				* @var	string	bbcode_helpline		The bbcode help line string
 				* @var	array	hidden_fields		Array of hidden fields for use when
-				*									submitting form when $warn_text is true
+				*									submitting form when $warn_unsafe is true
 				* @since 3.1.0-a3
 				*/
 				$vars = array(
@@ -172,14 +172,25 @@ class acp_bbcodes
 				);
 				extract($phpbb_dispatcher->trigger_event('core.acp_bbcodes_modify_create', compact($vars)));
 
-				$warn_text = preg_match('%<[^>]*\{text[\d]*\}[^>]*>%i', $bbcode_tpl);
+				$acp_utils   = $phpbb_container->get('text_formatter.acp_utils');
+				$bbcode_info = $acp_utils->analyse_bbcode($bbcode_match, $bbcode_tpl);
+				$warn_unsafe = ($bbcode_info['status'] === $acp_utils::BBCODE_STATUS_UNSAFE);
 
-				if (!$warn_text && !check_form_key($form_key))
+				if ($bbcode_info['status'] === $acp_utils::BBCODE_STATUS_INVALID_TEMPLATE)
+				{
+					trigger_error($user->lang['BBCODE_INVALID_TEMPLATE'] . adm_back_link($this->u_action), E_USER_WARNING);
+				}
+				if ($bbcode_info['status'] === $acp_utils::BBCODE_STATUS_INVALID_DEFINITION)
+				{
+					trigger_error($user->lang['BBCODE_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING);
+				}
+
+				if (!$warn_unsafe && !check_form_key($form_key))
 				{
 					trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING);
 				}
 
-				if (!$warn_text || confirm_box(true))
+				if (!$warn_unsafe || confirm_box(true))
 				{
 					$data = $this->build_regexp($bbcode_match, $bbcode_tpl);
 
@@ -211,11 +222,6 @@ class acp_bbcodes
 						$test = $data['bbcode_tag'];
 					}
 
-					if (!preg_match('%\\[' . $test . '[^]]*].*?\\[/' . $test . ']%s', $bbcode_match))
-					{
-						trigger_error($user->lang['BBCODE_OPEN_ENDED_TAG'] . adm_back_link($this->u_action), E_USER_WARNING);
-					}
-
 					if (strlen($data['bbcode_tag']) > 16)
 					{
 						trigger_error($user->lang['BBCODE_TAG_TOO_LONG'] . adm_back_link($this->u_action), E_USER_WARNING);

phpBB/includes/acp/acp_board.php

@@ -101,6 +101,7 @@ class acp_board
 						'allow_bookmarks'				=> array('lang' => 'ALLOW_BOOKMARKS',				'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
 						'allow_birthdays'				=> array('lang' => 'ALLOW_BIRTHDAYS',				'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
 						'display_last_subject'			=> array('lang' => 'DISPLAY_LAST_SUBJECT',			'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
+						'display_unapproved_posts'		=> array('lang' => 'DISPLAY_UNAPPROVED_POSTS',		'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
 						'allow_quick_reply'				=> array('lang' => 'ALLOW_QUICK_REPLY',				'validate' => 'bool',	'type' => 'custom', 'method' => 'quick_reply', 'explain' => true),
 
 						'legend2'							=> 'ACP_SUBMIT_CHANGES',

phpBB/includes/acp/acp_forums.php

@@ -131,11 +131,12 @@ class acp_forums
 						'forum_rules_link'		=> $request->variable('forum_rules_link', ''),
 						'forum_image'			=> $request->variable('forum_image', ''),
 						'forum_style'			=> $request->variable('forum_style', 0),
-						'display_subforum_list'	=> $request->variable('display_subforum_list', false),
-						'display_on_index'		=> $request->variable('display_on_index', false),
+						'display_subforum_list'	=> $request->variable('display_subforum_list', true),
+						'display_subforum_limit'=> $request->variable('display_subforum_limit', false),
+						'display_on_index'		=> $request->variable('display_on_index', true),
 						'forum_topics_per_page'	=> $request->variable('topics_per_page', 0),
 						'enable_indexing'		=> $request->variable('enable_indexing', true),
-						'enable_icons'			=> $request->variable('enable_icons', false),
+						'enable_icons'			=> $request->variable('enable_icons', true),
 						'enable_prune'			=> $request->variable('enable_prune', false),
 						'enable_post_review'	=> $request->variable('enable_post_review', true),
 						'enable_quick_reply'	=> $request->variable('enable_quick_reply', false),
@@ -454,10 +455,11 @@ class acp_forums
 							'forum_image'			=> '',
 							'forum_style'			=> 0,
 							'display_subforum_list'	=> true,
-							'display_on_index'		=> false,
+							'display_subforum_limit'	=> false,
+							'display_on_index'		=> true,
 							'forum_topics_per_page'	=> 0,
 							'enable_indexing'		=> true,
-							'enable_icons'			=> false,
+							'enable_icons'			=> true,
 							'enable_prune'			=> false,
 							'prune_days'			=> 7,
 							'prune_viewed'			=> 7,
@@ -676,6 +678,7 @@ class acp_forums
 					'S_ENABLE_INDEXING'			=> ($forum_data['enable_indexing']) ? true : false,
 					'S_TOPIC_ICONS'				=> ($forum_data['enable_icons']) ? true : false,
 					'S_DISPLAY_SUBFORUM_LIST'	=> ($forum_data['display_subforum_list']) ? true : false,
+					'S_DISPLAY_SUBFORUM_LIMIT'	=> ($forum_data['display_subforum_limit']) ? true : false,
 					'S_DISPLAY_ON_INDEX'		=> ($forum_data['display_on_index']) ? true : false,
 					'S_PRUNE_ENABLE'			=> ($forum_data['enable_prune']) ? true : false,
 					'S_PRUNE_SHADOW_ENABLE'			=> ($forum_data['enable_shadow_prune']) ? true : false,
@@ -986,10 +989,20 @@ class acp_forums
 			$errors[] = $user->lang['FORUM_NAME_EMPTY'];
 		}
 
-		// No Emojis
+		/**
+		 * Replace Emojis and other 4bit UTF-8 chars not allowed by MySql to UCR / NCR.
+		 * Using their Numeric Character Reference's Hexadecimal notation.
+		 */
+		$forum_data_ary['forum_name'] = utf8_encode_ucr($forum_data_ary['forum_name']);
+
+		/**
+		 * This should never happen again.
+		 * Leaving the fallback here just in case there will be the need of it.
+		 */
 		if (preg_match_all('/[\x{10000}-\x{10FFFF}]/u', $forum_data_ary['forum_name'], $matches))
 		{
 			$character_list = implode('<br>', $matches[0]);
+
 			$errors[] = $user->lang('FORUM_NAME_EMOJI', $character_list);
 		}
 
@@ -1423,8 +1436,8 @@ class acp_forums
 		* This event may be triggered, when a forum is deleted
 		*
 		* @event core.acp_manage_forums_move_children
-		* @var	int		from_id		If of the current parent forum
-		* @var	int		to_id		If of the new parent forum
+		* @var	int		from_id		Id of the current parent forum
+		* @var	int		to_id		Id of the new parent forum
 		* @var	array	errors		Array of errors, should be strings and not
 		*							language key.
 		* @since 3.1.0-a1
@@ -1529,8 +1542,8 @@ class acp_forums
 		* Event when we move content from one forum to another
 		*
 		* @event core.acp_manage_forums_move_content
-		* @var	int		from_id		If of the current parent forum
-		* @var	int		to_id		If of the new parent forum
+		* @var	int		from_id		Id of the current parent forum
+		* @var	int		to_id		Id of the new parent forum
 		* @var	bool	sync		Shall we sync the "to"-forum's data
 		* @var	array	errors		Array of errors, should be strings and not
 		*							language key. If this array is not empty,
@@ -1576,6 +1589,19 @@ class acp_forums
 			$db->sql_query($sql);
 		}
 
+		/**
+		 * Event when content has been moved from one forum to another
+		 *
+		 * @event core.acp_manage_forums_move_content_after
+		 * @var	int		from_id		Id of the current parent forum
+		 * @var	int		to_id		Id of the new parent forum
+		 * @var	bool	sync		Shall we sync the "to"-forum's data
+		 *
+		 * @since 3.2.9-RC1
+		 */
+		$vars = array('from_id', 'to_id', 'sync');
+		extract($phpbb_dispatcher->trigger_event('core.acp_manage_forums_move_content_after', compact($vars)));
+
 		if ($sync)
 		{
 			// Delete ghost topics that link back to the same forum then resync counters

phpBB/includes/acp/acp_users.php

@@ -966,10 +966,7 @@ class acp_users
 
 						if ($update_email !== false)
 						{
-							$sql_ary += array(
-								'user_email'		=> $update_email,
-								'user_email_hash'	=> phpbb_email_hash($update_email),
-							);
+							$sql_ary += ['user_email'		=> $update_email];
 
 							$phpbb_log->add('user', $user->data['user_id'], $user->ip, 'LOG_USER_UPDATE_EMAIL', false, array(
 								'reportee_id' => $user_id,

phpBB/includes/constants.php

@@ -28,7 +28,7 @@ if (!defined('IN_PHPBB'))
 */
 
 // phpBB Version
-@define('PHPBB_VERSION', '3.3.0-b1');
+@define('PHPBB_VERSION', '3.3.0-RC1');
 
 // QA-related
 // define('PHPBB_QA', 1);

phpBB/includes/functions.php

@@ -263,18 +263,6 @@ function still_on_time($extra_time = 15)
 	return (ceil($current_time - $start_time) < $max_execution_time) ? true : false;
 }
 
-/**
-* Hashes an email address to a big integer
-*
-* @param string $email		Email address
-*
-* @return string			Unsigned Big Integer
-*/
-function phpbb_email_hash($email)
-{
-	return sprintf('%u', crc32(strtolower($email))) . strlen($email);
-}
-
 /**
 * Wrapper for version_compare() that allows using uppercase A and B
 * for alpha and beta releases.
@@ -2276,6 +2264,7 @@ function login_box($redirect = '', $l_explain = '', $l_success = '', $admin = fa
 
 	$err = '';
 	$form_name = 'login';
+	$username = $autologin = false;
 
 	// Make sure user->setup() has been called
 	if (!$user->is_setup())
@@ -2851,10 +2840,13 @@ function get_preg_expression($mode)
 		// Whoa these look impressive!
 		// The code to generate the following two regular expressions which match valid IPv4/IPv6 addresses
 		// can be found in the develop directory
+
+		// @deprecated
 		case 'ipv4':
 			return '#^(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])$#';
 		break;
 
+		// @deprecated
 		case 'ipv6':
 			return '#^(?:(?:(?:[\dA-F]{1,4}:){6}(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:::(?:[\dA-F]{1,4}:){0,5}(?:[\dA-F]{1,4}(?::[\dA-F]{1,4})?|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:):(?:[\dA-F]{1,4}:){4}(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,2}:(?:[\dA-F]{1,4}:){3}(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,3}:(?:[\dA-F]{1,4}:){2}(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,4}:(?:[\dA-F]{1,4}:)(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,5}:(?:[\dA-F]{1,4}:[\dA-F]{1,4}|(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])))|(?:(?:[\dA-F]{1,4}:){1,6}:[\dA-F]{1,4})|(?:(?:[\dA-F]{1,4}:){1,7}:)|(?:::))$#i';
 		break;
@@ -2980,331 +2972,26 @@ function short_ipv6($ip, $length)
 * @return mixed		false if specified address is not valid,
 *					string otherwise
 */
-function phpbb_ip_normalise($address)
+function phpbb_ip_normalise(string $address)
 {
-	$address = trim($address);
+	$ip_normalised = false;
 
-	if (empty($address) || !is_string($address))
+	if (filter_var($address, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4))
 	{
-		return false;
+		$ip_normalised = $address;
+	}
+	else if (filter_var($address, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6))
+	{
+		$ip_normalised = inet_ntop(inet_pton($address));
+
+		// If is ipv4
+		if (stripos($ip_normalised, '::ffff:') === 0)
+		{
+			$ip_normalised = substr($ip_normalised, 7);
+		}
 	}
 
-	if (preg_match(get_preg_expression('ipv4'), $address))
-	{
-		return $address;
-	}
-
-	return phpbb_inet_ntop(phpbb_inet_pton($address));
-}
-
-/**
-* Wrapper for inet_ntop()
-*
-* Converts a packed internet address to a human readable representation
-* inet_ntop() is supported by PHP since 5.1.0, since 5.3.0 also on Windows.
-*
-* @param string $in_addr	A 32bit IPv4, or 128bit IPv6 address.
-*
-* @return mixed		false on failure,
-*					string otherwise
-*/
-function phpbb_inet_ntop($in_addr)
-{
-	$in_addr = bin2hex($in_addr);
-
-	switch (strlen($in_addr))
-	{
-		case 8:
-			return implode('.', array_map('hexdec', str_split($in_addr, 2)));
-
-		case 32:
-			if (substr($in_addr, 0, 24) === '00000000000000000000ffff')
-			{
-				return phpbb_inet_ntop(pack('H*', substr($in_addr, 24)));
-			}
-
-			$parts = str_split($in_addr, 4);
-			$parts = preg_replace('/^0+(?!$)/', '', $parts);
-			$ret = implode(':', $parts);
-
-			$matches = array();
-			preg_match_all('/(?<=:|^)(?::?0){2,}/', $ret, $matches, PREG_OFFSET_CAPTURE);
-			$matches = $matches[0];
-
-			if (empty($matches))
-			{
-				return $ret;
-			}
-
-			$longest_match = '';
-			$longest_match_offset = 0;
-			foreach ($matches as $match)
-			{
-				if (strlen($match[0]) > strlen($longest_match))
-				{
-					$longest_match = $match[0];
-					$longest_match_offset = $match[1];
-				}
-			}
-
-			$ret = substr_replace($ret, '', $longest_match_offset, strlen($longest_match));
-
-			if ($longest_match_offset == strlen($ret))
-			{
-				$ret .= ':';
-			}
-
-			if ($longest_match_offset == 0)
-			{
-				$ret = ':' . $ret;
-			}
-
-			return $ret;
-
-		default:
-			return false;
-	}
-}
-
-/**
-* Wrapper for inet_pton()
-*
-* Converts a human readable IP address to its packed in_addr representation
-* inet_pton() is supported by PHP since 5.1.0, since 5.3.0 also on Windows.
-*
-* @param string $address	A human readable IPv4 or IPv6 address.
-*
-* @return mixed		false if address is invalid,
-*					in_addr representation of the given address otherwise (string)
-*/
-function phpbb_inet_pton($address)
-{
-	$ret = '';
-	if (preg_match(get_preg_expression('ipv4'), $address))
-	{
-		foreach (explode('.', $address) as $part)
-		{
-			$ret .= ($part <= 0xF ? '0' : '') . dechex($part);
-		}
-
-		return pack('H*', $ret);
-	}
-
-	if (preg_match(get_preg_expression('ipv6'), $address))
-	{
-		$parts = explode(':', $address);
-		$missing_parts = 8 - count($parts) + 1;
-
-		if (substr($address, 0, 2) === '::')
-		{
-			++$missing_parts;
-		}
-
-		if (substr($address, -2) === '::')
-		{
-			++$missing_parts;
-		}
-
-		$embedded_ipv4 = false;
-		$last_part = end($parts);
-
-		if (preg_match(get_preg_expression('ipv4'), $last_part))
-		{
-			$parts[count($parts) - 1] = '';
-			$last_part = phpbb_inet_pton($last_part);
-			$embedded_ipv4 = true;
-			--$missing_parts;
-		}
-
-		foreach ($parts as $i => $part)
-		{
-			if (strlen($part))
-			{
-				$ret .= str_pad($part, 4, '0', STR_PAD_LEFT);
-			}
-			else if ($i && $i < count($parts) - 1)
-			{
-				$ret .= str_repeat('0000', $missing_parts);
-			}
-		}
-
-		$ret = pack('H*', $ret);
-
-		if ($embedded_ipv4)
-		{
-			$ret .= $last_part;
-		}
-
-		return $ret;
-	}
-
-	return false;
-}
-
-/**
-* Wrapper for php's checkdnsrr function.
-*
-* @param string $host	Fully-Qualified Domain Name
-* @param string $type	Resource record type to lookup
-*						Supported types are: MX (default), A, AAAA, NS, TXT, CNAME
-*						Other types may work or may not work
-*
-* @return mixed		true if entry found,
-*					false if entry not found,
-*					null if this function is not supported by this environment
-*
-* Since null can also be returned, you probably want to compare the result
-* with === true or === false,
-*/
-function phpbb_checkdnsrr($host, $type = 'MX')
-{
-	// The dot indicates to search the DNS root (helps those having DNS prefixes on the same domain)
-	if (substr($host, -1) == '.')
-	{
-		$host_fqdn = $host;
-		$host = substr($host, 0, -1);
-	}
-	else
-	{
-		$host_fqdn = $host . '.';
-	}
-	// $host		has format	some.host.example.com
-	// $host_fqdn	has format	some.host.example.com.
-
-	// If we're looking for an A record we can use gethostbyname()
-	if ($type == 'A' && function_exists('gethostbyname'))
-	{
-		return (@gethostbyname($host_fqdn) == $host_fqdn) ? false : true;
-	}
-
-	if (function_exists('checkdnsrr'))
-	{
-		return checkdnsrr($host_fqdn, $type);
-	}
-
-	if (function_exists('dns_get_record'))
-	{
-		// dns_get_record() expects an integer as second parameter
-		// We have to convert the string $type to the corresponding integer constant.
-		$type_constant = 'DNS_' . $type;
-		$type_param = (defined($type_constant)) ? constant($type_constant) : DNS_ANY;
-
-		// dns_get_record() might throw E_WARNING and return false for records that do not exist
-		$resultset = @dns_get_record($host_fqdn, $type_param);
-
-		if (empty($resultset) || !is_array($resultset))
-		{
-			return false;
-		}
-		else if ($type_param == DNS_ANY)
-		{
-			// $resultset is a non-empty array
-			return true;
-		}
-
-		foreach ($resultset as $result)
-		{
-			if (
-				isset($result['host']) && $result['host'] == $host &&
-				isset($result['type']) && $result['type'] == $type
-			)
-			{
-				return true;
-			}
-		}
-
-		return false;
-	}
-
-	// If we're on Windows we can still try to call nslookup via exec() as a last resort
-	if (DIRECTORY_SEPARATOR == '\\' && function_exists('exec'))
-	{
-		@exec('nslookup -type=' . escapeshellarg($type) . ' ' . escapeshellarg($host_fqdn), $output);
-
-		// If output is empty, the nslookup failed
-		if (empty($output))
-		{
-			return NULL;
-		}
-
-		foreach ($output as $line)
-		{
-			$line = trim($line);
-
-			if (empty($line))
-			{
-				continue;
-			}
-
-			// Squash tabs and multiple whitespaces to a single whitespace.
-			$line = preg_replace('/\s+/', ' ', $line);
-
-			switch ($type)
-			{
-				case 'MX':
-					if (stripos($line, "$host MX") === 0)
-					{
-						return true;
-					}
-				break;
-
-				case 'NS':
-					if (stripos($line, "$host nameserver") === 0)
-					{
-						return true;
-					}
-				break;
-
-				case 'TXT':
-					if (stripos($line, "$host text") === 0)
-					{
-						return true;
-					}
-				break;
-
-				case 'CNAME':
-					if (stripos($line, "$host canonical name") === 0)
-					{
-						return true;
-					}
-				break;
-
-				default:
-				case 'AAAA':
-					// AAAA records returned by nslookup on Windows XP/2003 have this format.
-					// Later Windows versions use the A record format below for AAAA records.
-					if (stripos($line, "$host AAAA IPv6 address") === 0)
-					{
-						return true;
-					}
-				// No break
-
-				case 'A':
-					if (!empty($host_matches))
-					{
-						// Second line
-						if (stripos($line, "Address: ") === 0)
-						{
-							return true;
-						}
-						else
-						{
-							$host_matches = false;
-						}
-					}
-					else if (stripos($line, "Name: $host") === 0)
-					{
-						// First line
-						$host_matches = true;
-					}
-				break;
-			}
-		}
-
-		return false;
-	}
-
-	return NULL;
+	return $ip_normalised;
 }
 
 // Handler, header and footer
@@ -4432,7 +4119,7 @@ function page_header($page_title = '', $display_online_list = false, $item_id =
 
 	/**
 	 * Workaround for missing template variable in pre phpBB 3.2.6 styles.
-	 * @deprecated 3.2.7 (To be removed: 3.3.0-a1)
+	 * @deprecated 3.2.7 (To be removed: 4.0.0-a1)
 	 */
 	$form_token_login = $template->retrieve_var('S_FORM_TOKEN_LOGIN');
 	if (!empty($form_token_login))

phpBB/includes/functions_compatibility.php

@@ -601,3 +601,75 @@ function upload_attachment($form_name, $forum_id, $local = false, $local_storage
 
 	return $file;
 }
+
+/**
+* Wrapper for php's checkdnsrr function.
+*
+* @param string $host	Fully-Qualified Domain Name
+* @param string $type	Resource record type to lookup
+*						Supported types are: MX (default), A, AAAA, NS, TXT, CNAME
+*						Other types may work or may not work
+*
+* @return mixed		true if entry found,
+*					false if entry not found,
+*					null if this function is not supported by this environment
+*
+* Since null can also be returned, you probably want to compare the result
+* with === true or === false,
+*
+* @deprecated 3.3.0-b2 (To be removed: 4.0.0)
+*/
+function phpbb_checkdnsrr($host, $type = 'MX')
+{
+	return checkdnsrr($host, $type);
+}
+
+/*
+ * Wrapper for inet_ntop()
+ *
+ * Converts a packed internet address to a human readable representation
+ * inet_ntop() is supported by PHP since 5.1.0, since 5.3.0 also on Windows.
+ *
+ * @param string $in_addr	A 32bit IPv4, or 128bit IPv6 address.
+ *
+ * @return mixed		false on failure,
+ *					string otherwise
+  *
+ * @deprecated 3.3.0-b2 (To be removed: 4.0.0)
+ */
+function phpbb_inet_ntop($in_addr)
+{
+	return inet_ntop($in_addr);
+}
+
+/**
+ * Wrapper for inet_pton()
+ *
+ * Converts a human readable IP address to its packed in_addr representation
+ * inet_pton() is supported by PHP since 5.1.0, since 5.3.0 also on Windows.
+ *
+ * @param string $address	A human readable IPv4 or IPv6 address.
+ *
+ * @return mixed		false if address is invalid,
+ *					in_addr representation of the given address otherwise (string)
+ *
+ * @deprecated 3.3.0-b2 (To be removed: 4.0.0)
+ */
+function phpbb_inet_pton($address)
+{
+	return inet_pton($address);
+}
+
+/**
+ * Hashes an email address to a big integer
+ *
+ * @param string $email		Email address
+ *
+ * @return string			Unsigned Big Integer
+ *
+ * @deprecated 3.3.0-b2 (To be removed: 4.0.0)
+ */
+function phpbb_email_hash($email)
+{
+	return sprintf('%u', crc32(strtolower($email))) . strlen($email);
+}

phpBB/includes/functions_convert.php

@@ -206,16 +206,6 @@ function get_group_id($group_name)
 	return $group_mapping['REGISTERED'];
 }
 
-/**
-* Generate the email hash stored in the users table
-*
-* Note: Deprecated, calls should directly go to phpbb_email_hash()
-*/
-function gen_email_hash($email)
-{
-	return phpbb_email_hash($email);
-}
-
 /**
 * Convert a boolean into the appropriate phpBB constant indicating whether the topic is locked
 */

phpBB/includes/functions_display.php

@@ -30,6 +30,7 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod
 
 	$forum_rows = $subforums = $forum_ids = $forum_ids_moderator = $forum_moderators = $active_forum_ary = array();
 	$parent_id = $visible_forums = 0;
+	$parent_subforum_limit = false;
 
 	// Mark forums read?
 	$mark_read = $request->variable('mark', '');
@@ -70,7 +71,7 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod
 				$data = array(
 					'NO_UNREAD_POSTS'	=> $user->lang['NO_UNREAD_POSTS'],
 					'UNREAD_POSTS'		=> $user->lang['UNREAD_POSTS'],
-					'U_MARK_FORUMS'		=> ($user->data['is_registered'] || $config['load_anon_lastread']) ? append_sid("{$phpbb_root_path}index.$phpEx", 'hash=' . generate_link_hash('global') . '&mark=forums&mark_time=' . time()) : '',
+					'U_MARK_FORUMS'		=> ($user->data['is_registered'] || $config['load_anon_lastread']) ? append_sid("{$phpbb_root_path}index.$phpEx", 'hash=' . generate_link_hash('global') . '&mark=forums&mark_time=' . time(), false) : '',
 					'MESSAGE_TITLE'		=> $user->lang['INFORMATION'],
 					'MESSAGE_TEXT'		=> $user->lang['FORUMS_MARKED']
 				);
@@ -266,6 +267,7 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod
 
 			// Direct child of current branch
 			$parent_id = $forum_id;
+			$parent_subforum_limit = $row['display_subforum_limit'];
 			$forum_rows[$forum_id] = $row;
 
 			if ($row['forum_type'] == FORUM_CAT && $row['parent_id'] == $root_data['forum_id'])
@@ -278,7 +280,7 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod
 		}
 		else if ($row['forum_type'] != FORUM_CAT)
 		{
-			$subforums[$parent_id][$forum_id]['display'] = ($row['display_on_index']) ? true : false;
+			$subforums[$parent_id][$forum_id]['display'] = ($row['display_on_index'] && (!$parent_subforum_limit || $parent_id == $row['parent_id']));
 			$subforums[$parent_id][$forum_id]['name'] = $row['forum_name'];
 			$subforums[$parent_id][$forum_id]['orig_forum_last_post_time'] = $row['forum_last_post_time'];
 			$subforums[$parent_id][$forum_id]['children'] = array();
@@ -355,7 +357,7 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod
 				$data = array(
 					'NO_UNREAD_POSTS'	=> $user->lang['NO_UNREAD_POSTS'],
 					'UNREAD_POSTS'		=> $user->lang['UNREAD_POSTS'],
-					'U_MARK_FORUMS'		=> ($user->data['is_registered'] || $config['load_anon_lastread']) ? append_sid("{$phpbb_root_path}viewforum.$phpEx", 'hash=' . generate_link_hash('global') . '&f=' . $root_data['forum_id'] . '&mark=forums&mark_time=' . time()) : '',
+					'U_MARK_FORUMS'		=> ($user->data['is_registered'] || $config['load_anon_lastread']) ? append_sid("{$phpbb_root_path}viewforum.$phpEx", 'hash=' . generate_link_hash('global') . '&f=' . $root_data['forum_id'] . '&mark=forums&mark_time=' . time(), false) : '',
 					'MESSAGE_TITLE'		=> $user->lang['INFORMATION'],
 					'MESSAGE_TEXT'		=> $user->lang['FORUMS_MARKED']
 				);
@@ -539,7 +541,8 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod
 		{
 			if ($row['forum_password_last_post'] === '' && $auth->acl_gets('f_read', 'f_list_topics', $row['forum_id_last_post']))
 			{
-				$last_post_subject = censor_text($row['forum_last_post_subject']);
+				$last_post_subject = utf8_decode_ncr(censor_text($row['forum_last_post_subject']));
+
 				$last_post_subject_truncated = truncate_string($last_post_subject, 30, 255, false, $user->lang['ELLIPSIS']);
 			}
 			else

phpBB/includes/functions_messenger.php

@@ -1893,14 +1893,21 @@ function mail_encode($str, $eol = "\r\n")
 }
 
 /**
-* Wrapper for sending out emails with the PHP's mail function
-*/
+ * Wrapper for sending out emails with the PHP's mail function
+ */
 function phpbb_mail($to, $subject, $msg, $headers, $eol, &$err_msg)
 {
 	global $config, $phpbb_root_path, $phpEx;
 
-	// We use the EOL character for the OS here because the PHP mail function does not correctly transform line endings. On Windows SMTP is used (SMTP is \r\n), on UNIX a command is used...
-	// Reference: http://bugs.php.net/bug.php?id=15841
+	// Convert Numeric Character References to UTF-8 chars (ie. Emojis)
+	$subject = utf8_decode_ncr($subject);
+	$msg = utf8_decode_ncr($msg);
+
+	/**
+	 * We use the EOL character for the OS here because the PHP mail function does not correctly transform line endings.
+	 * On Windows SMTP is used (SMTP is \r\n), on UNIX a command is used...
+	 * Reference: http://bugs.php.net/bug.php?id=15841
+	 */
 	$headers = implode($eol, $headers);
 
 	if (!class_exists('\phpbb\error_collector'))
@@ -1911,10 +1918,14 @@ function phpbb_mail($to, $subject, $msg, $headers, $eol, &$err_msg)
 	$collector = new \phpbb\error_collector;
 	$collector->install();
 
-	// On some PHP Versions mail() *may* fail if there are newlines within the subject.
-	// Newlines are used as a delimiter for lines in mail_encode() according to RFC 2045 section 6.8.
-	// Because PHP can't decide what is wanted we revert back to the non-RFC-compliant way of separating by one space (Use '' as parameter to mail_encode() results in SPACE used)
+	/**
+	 * On some PHP Versions mail() *may* fail if there are newlines within the subject.
+	 * Newlines are used as a delimiter for lines in mail_encode() according to RFC 2045 section 6.8.
+	 * Because PHP can't decide what is wanted we revert back to the non-RFC-compliant way of separating by one space
+	 * (Use '' as parameter to mail_encode() results in SPACE used)
+	 */
 	$additional_parameters = $config['email_force_sender'] ? '-f' . $config['board_email'] : '';
+
 	$result = mail($to, mail_encode($subject, ''), wordwrap(utf8_wordwrap($msg), 997, "\n", true), $headers, $additional_parameters);
 
 	$collector->uninstall();

phpBB/includes/functions_posting.php

@@ -52,9 +52,29 @@ function generate_smilies($mode, $forum_id)
 
 		page_header($user->lang['SMILIES']);
 
-		$sql = 'SELECT COUNT(smiley_id) AS item_count
-			FROM ' . SMILIES_TABLE . '
-			GROUP BY smiley_url';
+		$sql_ary = [
+			'SELECT'	=> 'COUNT(s.smiley_id) AS item_count',
+			'FROM'		=> [
+				SMILIES_TABLE => 's',
+			],
+			'GROUP_BY'	=> 's.smiley_url',
+		];
+
+		/**
+		* Modify SQL query that fetches the total number of smilies in window mode
+		*
+		* @event core.generate_smilies_count_sql_before
+		* @var int		forum_id	Forum where smilies are generated
+		* @var array	sql_ary		Array with the SQL query
+		* @since 3.2.9-RC1
+		*/
+		$vars = [
+			'forum_id',
+			'sql_ary',
+		];
+		extract($phpbb_dispatcher->trigger_event('core.generate_smilies_count_sql_before', compact($vars)));
+
+		$sql = $db->sql_build_query('SELECT', $sql_ary);
 		$result = $db->sql_query($sql, 3600);
 
 		$smiley_count = 0;
@@ -114,6 +134,22 @@ function generate_smilies($mode, $forum_id)
 	}
 	$db->sql_freeresult($result);
 
+	/**
+	* Modify smilies before they are assigned to the template
+	*
+	* @event core.generate_smilies_modify_rowset
+	* @var string	mode		Smiley mode, either window or inline
+	* @var int		forum_id	Forum where smilies are generated
+	* @var array	smilies		Smiley rows fetched from the database
+	* @since 3.2.9-RC1
+	*/
+	$vars = [
+		'mode',
+		'forum_id',
+		'smilies',
+	];
+	extract($phpbb_dispatcher->trigger_event('core.generate_smilies_modify_rowset', compact($vars)));
+
 	if (count($smilies))
 	{
 		$root_path = (defined('PHPBB_USE_BOARD_URL_PATH') && PHPBB_USE_BOARD_URL_PATH) ? generate_board_url() . '/' : $phpbb_path_helper->get_web_root_path();

phpBB/includes/functions_transfer.php

@@ -810,7 +810,7 @@ class ftp_fsock extends transfer
 			$server_ip = substr($socket_name, 0, strrpos($socket_name, ':'));
 		}
 
-		if (!isset($server_ip) || preg_match(get_preg_expression('ipv4'), $server_ip))
+		if (isset($server_ip) && filter_var($server_ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4)) // ipv4
 		{
 			// Passive mode
 			$this->_send_command('PASV', '', false);
@@ -831,7 +831,7 @@ class ftp_fsock extends transfer
 			$server_ip = $temp[0] . '.' . $temp[1] . '.' . $temp[2] . '.' . $temp[3];
 			$server_port = $temp[4] * 256 + $temp[5];
 		}
-		else
+		else // ipv6
 		{
 			// Extended Passive Mode - RFC2428
 			$this->_send_command('EPSV', '', false);

phpBB/includes/functions_user.php

@@ -204,7 +204,6 @@ function user_add($user_row, $cp_data = false, $notifications_data = null)
 		'username_clean'	=> $username_clean,
 		'user_password'		=> (isset($user_row['user_password'])) ? $user_row['user_password'] : '',
 		'user_email'		=> strtolower($user_row['user_email']),
-		'user_email_hash'	=> phpbb_email_hash($user_row['user_email']),
 		'group_id'			=> $user_row['group_id'],
 		'user_type'			=> $user_row['user_type'],
 	);
@@ -1455,12 +1454,7 @@ function user_unban($mode, $ban)
 */
 function user_ipwhois($ip)
 {
-	if (empty($ip))
-	{
-		return '';
-	}
-
-	if (!preg_match(get_preg_expression('ipv4'), $ip) && !preg_match(get_preg_expression('ipv6'), $ip))
+	if (!filter_var($ip, FILTER_VALIDATE_IP))
 	{
 		return '';
 	}
@@ -1910,7 +1904,7 @@ function phpbb_validate_email($email, $config = null)
 	{
 		list(, $domain) = explode('@', $email);
 
-		if (phpbb_checkdnsrr($domain, 'A') === false && phpbb_checkdnsrr($domain, 'MX') === false)
+		if (checkdnsrr($domain, 'A') === false && checkdnsrr($domain, 'MX') === false)
 		{
 			return 'DOMAIN_NO_MX_RECORD';
 		}
@@ -1953,9 +1947,9 @@ function validate_user_email($email, $allowed_email = false)
 
 	if (!$config['allow_emailreuse'])
 	{
-		$sql = 'SELECT user_email_hash
+		$sql = 'SELECT user_email
 			FROM ' . USERS_TABLE . "
-			WHERE user_email_hash = " . $db->sql_escape(phpbb_email_hash($email));
+			WHERE user_email = '" . $db->sql_escape($email) . "'";
 		$result = $db->sql_query($sql);
 		$row = $db->sql_fetchrow($result);
 		$db->sql_freeresult($result);

phpBB/includes/ucp/ucp_pm_compose.php

@@ -999,7 +999,10 @@ function compose_pm($id, $mode, $action, $user_folders = array())
 		{
 			$quote_attributes['post_id'] = $post['msg_id'];
 		}
-
+		if ($action === 'quote')
+		{
+			$quote_attributes['msg_id'] = $post['msg_id'];
+		}
 		/** @var \phpbb\language\language $language */
 		$language = $phpbb_container->get('language');
 		/** @var \phpbb\textformatter\utils_interface $text_formatter_utils */

phpBB/includes/ucp/ucp_profile.php

@@ -131,7 +131,6 @@ class ucp_profile
 							'username'			=> ($auth->acl_get('u_chgname') && $config['allow_namechange']) ? $data['username'] : $user->data['username'],
 							'username_clean'	=> ($auth->acl_get('u_chgname') && $config['allow_namechange']) ? utf8_clean_string($data['username']) : $user->data['username_clean'],
 							'user_email'		=> ($auth->acl_get('u_chgemail')) ? $data['email'] : $user->data['user_email'],
-							'user_email_hash'	=> ($auth->acl_get('u_chgemail')) ? phpbb_email_hash($data['email']) : $user->data['user_email_hash'],
 							'user_password'		=> ($auth->acl_get('u_chgpasswd') && $data['new_password']) ? $passwords_manager->hash($data['new_password']) : $user->data['user_password'],
 						);
 

phpBB/includes/ucp/ucp_register.php

@@ -39,12 +39,23 @@ class ucp_register
 			trigger_error('UCP_REGISTER_DISABLE');
 		}
 
-		$coppa			= $request->is_set('coppa') ? (int) $request->variable('coppa', false) : false;
+		$coppa			= $request->is_set('coppa_yes') ? 1 : ($request->is_set('coppa_no') ? 0 : false);
+		$coppa			= $request->is_set('coppa') ? $request->variable('coppa', 0) : $coppa;
 		$agreed			= $request->variable('agreed', false);
 		$submit			= $request->is_set_post('submit');
 		$change_lang	= $request->variable('change_lang', '');
 		$user_lang		= $request->variable('lang', $user->lang_name);
 
+		if ($agreed && !check_form_key('ucp_register'))
+		{
+			$agreed = false;
+		}
+
+		if ($coppa !== false && !check_form_key('ucp_register'))
+		{
+			$coppa = false;
+		}
+
 		/**
 		* Add UCP register data before they are assigned to the template or submitted
 		*
@@ -67,14 +78,7 @@ class ucp_register
 		);
 		extract($phpbb_dispatcher->trigger_event('core.ucp_register_requests_after', compact($vars)));
 
-		if ($agreed)
-		{
-			add_form_key('ucp_register');
-		}
-		else
-		{
-			add_form_key('ucp_register_terms');
-		}
+		add_form_key('ucp_register');
 
 		if ($change_lang || $user_lang != $config['default_lang'])
 		{
@@ -168,11 +172,8 @@ class ucp_register
 
 				$template_vars = array(
 					'S_LANG_OPTIONS'	=> (count($lang_row) > 1) ? language_select($user_lang) : '',
-					'L_COPPA_NO'		=> sprintf($user->lang['UCP_COPPA_BEFORE'], $coppa_birthday),
-					'L_COPPA_YES'		=> sprintf($user->lang['UCP_COPPA_ON_AFTER'], $coppa_birthday),
-
-					'U_COPPA_NO'		=> append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=register&coppa=0'),
-					'U_COPPA_YES'		=> append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=register&coppa=1'),
+					'L_COPPA_NO'		=> $user->lang('UCP_COPPA_BEFORE', $coppa_birthday),
+					'L_COPPA_YES'		=> $user->lang('UCP_COPPA_ON_AFTER', $coppa_birthday),
 
 					'S_SHOW_COPPA'		=> true,
 					'S_HIDDEN_FIELDS'	=> build_hidden_fields($s_hidden_fields),

phpBB/includes/ucp/ucp_resend.php

@@ -47,7 +47,7 @@ class ucp_resend
 
 			$sql = 'SELECT user_id, group_id, username, user_email, user_type, user_lang, user_actkey, user_inactive_reason
 				FROM ' . USERS_TABLE . "
-				WHERE user_email_hash = '" . $db->sql_escape(phpbb_email_hash($email)) . "'
+				WHERE user_email = '" . $db->sql_escape($email) . "'
 					AND username_clean = '" . $db->sql_escape(utf8_clean_string($username)) . "'";
 			$result = $db->sql_query($sql);
 			$user_row = $db->sql_fetchrow($result);

phpBB/includes/utf/utf_tools.php

@@ -418,24 +418,43 @@ function utf8_recode($string, $encoding)
 }
 
 /**
-* Replace all UTF-8 chars that are not in ASCII with their NCR
-*
-* @param	string	$text		UTF-8 string in NFC
-* @return	string				ASCII string using NCRs for non-ASCII chars
-*/
+ * Replace some special UTF-8 chars that are not in ASCII with their UCR.
+ * using their Numeric Character Reference's Hexadecimal notation.
+ *
+ * Doesn't interfere with Japanese or Cyrillic etc.
+ * Unicode character visualization will depend on the character support
+ * of your web browser and the fonts installed on your system.
+ *
+ * @see https://en.wikibooks.org/wiki/Unicode/Character_reference/1F000-1FFFF
+ *
+ * @param	string	$text		UTF-8 string in NFC
+ * @return	string				ASCII string using NCR for non-ASCII chars
+ */
+function utf8_encode_ucr($text)
+{
+	return preg_replace_callback('/[\\xF0-\\xF4].../', 'utf8_encode_ncr_callback', $text);
+}
+
+/**
+ * Replace all UTF-8 chars that are not in ASCII with their NCR
+ * using their Numeric Character Reference's Hexadecimal notation.
+ *
+ * @param	string	$text		UTF-8 string in NFC
+ * @return	string				ASCII string using NCRs for non-ASCII chars
+ */
 function utf8_encode_ncr($text)
 {
 	return preg_replace_callback('#[\\xC2-\\xF4][\\x80-\\xBF]{1,3}#', 'utf8_encode_ncr_callback', $text);
 }
 
 /**
-* Callback used in encode_ncr()
-*
-* Takes a UTF-8 char and replaces it with its NCR. Attention, $m is an array
-*
-* @param	array	$m			0-based numerically indexed array passed by preg_replace_callback()
-* @return	string				A HTML NCR if the character is valid, or the original string otherwise
-*/
+ * Callback used in utf8_encode_ncr() and utf8_encode_ucr()
+ *
+ * Takes a UTF-8 char and replaces it with its NCR. Attention, $m is an array
+ *
+ * @param	array	$m			0-based numerically indexed array passed by preg_replace_callback()
+ * @return	string				A HTML NCR if the character is valid, or the original string otherwise
+ */
 function utf8_encode_ncr_callback($m)
 {
 	return '&#' . utf8_ord($m[0]) . ';';

phpBB/install/convertors/convert_phpbb20.php

@@ -38,7 +38,7 @@ $dbms = $phpbb_config_php_file->convert_30_dbms_to_31($dbms);
 $convertor_data = array(
 	'forum_name'	=> 'phpBB 2.0.x',
 	'version'		=> '1.0.3',
-	'phpbb_version'	=> '3.3.0',
+	'phpbb_version'	=> '3.3.0-RC1',
 	'author'		=> '<a href="https://www.phpbb.com/">phpBB Limited</a>',
 	'dbms'			=> $dbms,
 	'dbhost'		=> $dbhost,
@@ -899,7 +899,6 @@ if (!$get_info)
 				array('user_password',			'users.user_password',				'phpbb_convert_password_hash'),
 				array('user_posts',				'users.user_posts',					'intval'),
 				array('user_email',				'users.user_email',					'strtolower'),
-				array('user_email_hash',		'users.user_email',					'gen_email_hash'),
 				array('user_birthday',			((defined('MOD_BIRTHDAY')) ? 'users.user_birthday' : ''),	'phpbb_get_birthday'),
 				array('user_lastvisit',			'users.user_lastvisit',				'intval'),
 				array('user_lastmark',			'users.user_lastvisit',				'intval'),

phpBB/install/phpbbcli.php

@@ -23,7 +23,7 @@ if (php_sapi_name() !== 'cli')
 define('IN_PHPBB', true);
 define('IN_INSTALL', true);
 define('PHPBB_ENVIRONMENT', 'production');
-define('PHPBB_VERSION', '3.3.0-b1');
+define('PHPBB_VERSION', '3.3.0-RC1');
 $phpbb_root_path = __DIR__ . '/../';
 $phpEx = substr(strrchr(__FILE__, '.'), 1);
 

phpBB/install/schemas/schema_data.sql

@@ -278,7 +278,7 @@ INSERT INTO phpbb_config (config_name, config_value) VALUES ('tpl_allow_php', '0
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('upload_icons_path', 'images/upload_icons');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('upload_path', 'files');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('use_system_cron', '0');
-INSERT INTO phpbb_config (config_name, config_value) VALUES ('version', '3.3.0-b1');
+INSERT INTO phpbb_config (config_name, config_value) VALUES ('version', '3.3.0-RC1');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('warnings_expire_days', '90');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('warnings_gc', '14400');
 
@@ -482,7 +482,7 @@ INSERT INTO phpbb_styles (style_name, style_copyright, style_active, style_path,
 # -- Forums
 INSERT INTO phpbb_forums (forum_name, forum_desc, left_id, right_id, parent_id, forum_type, forum_posts_approved, forum_posts_unapproved, forum_posts_softdeleted, forum_topics_approved, forum_topics_unapproved, forum_topics_softdeleted, forum_last_post_id, forum_last_poster_id, forum_last_poster_name, forum_last_poster_colour, forum_last_post_time, forum_link, forum_password, forum_image, forum_rules, forum_rules_link, forum_rules_uid, forum_desc_uid, prune_days, prune_viewed, forum_parents) VALUES ('{L_FORUMS_FIRST_CATEGORY}', '', 1, 4, 0, 0, 0, 0, 0, 0, 0, 0, 1, 2, 'Admin', 'AA0000', 972086460, '', '', '', '', '', '', '', 0, 0, '');
 
-INSERT INTO phpbb_forums (forum_name, forum_desc, left_id, right_id, parent_id, forum_type, forum_posts_approved, forum_posts_unapproved, forum_posts_softdeleted, forum_topics_approved, forum_topics_unapproved, forum_topics_softdeleted, forum_last_post_id, forum_last_poster_id, forum_last_poster_name, forum_last_poster_colour, forum_last_post_subject, forum_last_post_time, forum_link, forum_password, forum_image, forum_rules, forum_rules_link, forum_rules_uid, forum_desc_uid, prune_days, prune_viewed, forum_parents, forum_flags) VALUES ('{L_FORUMS_TEST_FORUM_TITLE}', '{L_FORUMS_TEST_FORUM_DESC}', 2, 3, 1, 1, 1, 0, 0, 1, 0, 0, 1, 2, 'Admin', 'AA0000', '{L_TOPICS_TOPIC_TITLE}', 972086460, '', '', '', '', '', '', '', 0, 0, '', 48);
+INSERT INTO phpbb_forums (forum_name, forum_desc, left_id, right_id, parent_id, forum_type, forum_posts_approved, forum_posts_unapproved, forum_posts_softdeleted, forum_topics_approved, forum_topics_unapproved, forum_topics_softdeleted, forum_last_post_id, forum_last_poster_id, forum_last_poster_name, forum_last_poster_colour, forum_last_post_subject, forum_last_post_time, forum_link, forum_password, forum_image, forum_rules, forum_rules_link, forum_rules_uid, forum_desc_uid, prune_freq, prune_days, prune_viewed, forum_parents, forum_flags) VALUES ('{L_FORUMS_TEST_FORUM_TITLE}', '{L_FORUMS_TEST_FORUM_DESC}', 2, 3, 1, 1, 1, 0, 0, 1, 0, 0, 1, 2, 'Admin', 'AA0000', '{L_TOPICS_TOPIC_TITLE}', 972086460, '', '', '', '', '', '', '', 1, 7, 7, '', 48);
 
 # -- Users / Anonymous user
 INSERT INTO phpbb_users (user_type, group_id, username, username_clean, user_regdate, user_password, user_email, user_lang, user_style, user_rank, user_colour, user_posts, user_permissions, user_ip, user_birthday, user_lastpage, user_last_confirm_key, user_post_sortby_type, user_post_sortby_dir, user_topic_sortby_type, user_topic_sortby_dir, user_avatar, user_sig, user_sig_bbcode_uid, user_jabber, user_actkey, user_newpasswd, user_allow_massemail) VALUES (2, 1, 'Anonymous', 'anonymous', 0, '', '', 'en', 1, 0, '', 0, '', '', '', '', '', 't', 'a', 't', 'd', '', '', '', '', '', '', 0);

phpBB/language/en/acp/board.php

@@ -52,6 +52,8 @@ $lang = array_merge($lang, array(
 	'DISABLE_BOARD_EXPLAIN'			=> 'This will make the board unavailable to users who are neither administrators nor moderators. You can also enter a short (255 character) message to display if you wish.',
 	'DISPLAY_LAST_SUBJECT'			=> 'Display subject of last added post on forum list',
 	'DISPLAY_LAST_SUBJECT_EXPLAIN'	=> 'The subject of the last added post will be displayed in the forum list with a hyperlink to the post. Subjects from password protected forums and forums in which user doesn’t have read access are not shown.',
+	'DISPLAY_UNAPPROVED_POSTS'		=> 'Display unapproved posts to the author',
+	'DISPLAY_UNAPPROVED_POSTS_EXPLAIN'	=> 'Unapproved posts can be viewed by the author. Does not apply to Guest posts.',
 	'GUEST_STYLE'					=> 'Guest style',
 	'GUEST_STYLE_EXPLAIN'			=> 'The board style for guests.',
 	'OVERRIDE_STYLE'				=> 'Override user style',

phpBB/language/en/acp/forums.php

@@ -129,6 +129,8 @@ $lang = array_merge($lang, array(
 	'GENERAL_FORUM_SETTINGS'	=> 'General forum settings',
 
 	'LINK'						=> 'Link',
+	'LIMIT_SUBFORUMS'			=> 'Limit legend to direct child-subforums',
+	'LIMIT_SUBFORUMS_EXPLAIN'	=> 'Limits the subforums to be displayed to subforums that are direct descendants (children) of the current forum. Disabling this will display all subforums with the “List subforums in legend” option enabled, regardless of depth.',
 	'LIST_INDEX'				=> 'List subforum in parent-forum’s legend',
 	'LIST_INDEX_EXPLAIN'		=> 'Displays this forum on the index and elsewhere as a link within the legend of its parent-forum if the parent-forum’s “List subforums in legend” option is enabled.',
 	'LIST_SUBFORUMS'			=> 'List subforums in legend',

phpBB/language/en/acp/posting.php

@@ -42,7 +42,7 @@ $lang = array_merge($lang, array(
 	'ACP_BBCODES_EXPLAIN'		=> 'BBCode is a special implementation of HTML offering greater control over what and how something is displayed. From this page you can add, remove and edit custom BBCodes.',
 	'ADD_BBCODE'				=> 'Add a new BBCode',
 
-	'BBCODE_DANGER'				=> 'The BBCode you are trying to add seems to use a {TEXT} token inside a HTML attribute. This is a possible XSS security issue. Try using the more restrictive {SIMPLETEXT} or {INTTEXT} types instead. Only proceed if you understand the risks involved and you consider the use of {TEXT} absolutely unavoidable.',
+	'BBCODE_DANGER'				=> 'The BBCode you are trying to add seems unsafe. If the BBCode uses a {TEXT} token in a sensitive context, try using a more restrictive type instead. Only proceed if you understand the risks involved.',
 	'BBCODE_DANGER_PROCEED'		=> 'Proceed', //'I understand the risk',
 
 	'BBCODE_ADDED'				=> 'BBCode added successfully.',
@@ -56,7 +56,7 @@ $lang = array_merge($lang, array(
 
 	'BBCODE_INVALID_TAG_NAME'	=> 'The BBCode tag name that you selected already exists.',
 	'BBCODE_INVALID'			=> 'Your BBCode is constructed in an invalid form.',
-	'BBCODE_OPEN_ENDED_TAG'		=> 'Your custom BBCode must contain both an opening and a closing tag.',
+	'BBCODE_INVALID_TEMPLATE'	=> 'Your BBCode’s template is invalid.',
 	'BBCODE_TAG'				=> 'Tag',
 	'BBCODE_TAG_TOO_LONG'		=> 'The tag name you selected is too long.',
 	'BBCODE_TAG_DEF_TOO_LONG'	=> 'The tag definition that you have entered is too long, please shorten your tag definition.',
@@ -78,13 +78,13 @@ $lang = array_merge($lang, array(
 	'TOO_MANY_BBCODES'		=> 'You cannot create any more BBCodes. Please remove one or more BBCodes then try again.',
 
 	'tokens'	=>	array(
-		'TEXT'			=> 'Any text, including foreign characters, numbers, etc… You should not use this token in HTML tags. Instead try to use IDENTIFIER, INTTEXT or SIMPLETEXT.',
+		'TEXT'			=> 'Any text, including foreign characters, numbers, etc…',
 		'SIMPLETEXT'	=> 'Characters from the latin alphabet (A-Z), numbers, spaces, commas, dots, minus, plus, hyphen and underscore',
 		'INTTEXT'		=> 'Unicode letter characters, numbers, spaces, commas, dots, minus, plus, hyphen, underscore and whitespaces.',
 		'IDENTIFIER'	=> 'Characters from the latin alphabet (A-Z), numbers, hyphen and underscore',
 		'NUMBER'		=> 'Any series of digits',
 		'EMAIL'			=> 'A valid email address',
-		'URL'			=> 'A valid URL using any protocol (http, ftp, etc… cannot be used for javascript exploits). If none is given, “http://” is prefixed to the string.',
+		'URL'			=> 'A valid URL using any allowed protocol (http, ftp, etc… cannot be used for javascript exploits). If none is given, “http://” is prefixed to the string.',
 		'LOCAL_URL'		=> 'A local URL. The URL must be relative to the topic page and cannot contain a server name or protocol, as links are prefixed with “%s”',
 		'RELATIVE_URL'	=> 'A relative URL. You can use this to match parts of a URL, but be careful: a full URL is a valid relative URL. When you want to use relative URLs of your board, use the LOCAL_URL token.',
 		'COLOR'			=> 'A HTML colour, can be either in the numeric form <samp>#FF1234</samp> or a <a href="http://www.w3.org/TR/CSS21/syndata.html#value-def-color">CSS colour keyword</a> such as <samp>fuchsia</samp> or <samp>InactiveBorder</samp>',

phpBB/language/en/cli.php

@@ -78,8 +78,6 @@ $lang = array_merge($lang, array(
 	'CLI_DESCRIPTION_REPARSER_REPARSE_OPT_RANGE_SIZE'	=> 'Approximate number of records to process at a time',
 	'CLI_DESCRIPTION_REPARSER_REPARSE_OPT_RESUME'		=> 'Start reparsing where the last execution stopped',
 
-	'CLI_DESCRIPTION_RECALCULATE_EMAIL_HASH'			=> 'Recalculates the user_email_hash column of the users table.',
-
 	'CLI_DESCRIPTION_SET_ATOMIC_CONFIG'					=> 'Sets a configuration option’s value only if the old matches the current value',
 	'CLI_DESCRIPTION_SET_CONFIG'						=> 'Sets a configuration option’s value',
 
@@ -130,7 +128,6 @@ $lang = array_merge($lang, array(
 	'CLI_EXTENSIONS_ENABLED'			=> 'Enabled',
 
 	'CLI_FIXUP_FIX_LEFT_RIGHT_IDS_SUCCESS'		=> 'Successfully repaired the tree structure of the forums and modules.',
-	'CLI_FIXUP_RECALCULATE_EMAIL_HASH_SUCCESS'	=> 'Successfully recalculated all email hashes.',
 	'CLI_FIXUP_UPDATE_HASH_BCRYPT_SUCCESS'		=> 'Successfully updated outdated password hashes to bcrypt.',
 
 	'CLI_MIGRATION_NAME'					=> 'Migration name, including the namespace (use forward slashes instead of backslashes to avoid problems).',

phpBB/language/en/common.php

@@ -94,6 +94,7 @@ $lang = array_merge($lang, array(
 	'AUTH_PROVIDER_OAUTH_ERROR_ALREADY_LINKED'				=> 'This external service is already associated with another board account.',
 	'AUTH_PROVIDER_OAUTH_ERROR_INVALID_ENTRY'				=> 'Invalid database entry.',
 	'AUTH_PROVIDER_OAUTH_ERROR_INVALID_SERVICE_TYPE'		=> 'Invalid service type provided to OAuth service handler.',
+	'AUTH_PROVIDER_OAUTH_ERROR_REQUEST'						=> 'Something went wrong when processing your OAuth request.',
 	'AUTH_PROVIDER_OAUTH_ERROR_SERVICE_NOT_CREATED'			=> 'OAuth service not created',
 	'AUTH_PROVIDER_OAUTH_SERVICE_BITLY'						=> 'Bitly',
 	'AUTH_PROVIDER_OAUTH_SERVICE_FACEBOOK'					=> 'Facebook',
@@ -615,6 +616,7 @@ $lang = array_merge($lang, array(
 	'POST_TOPIC'			=> 'Post a new topic',
 	'POST_UNAPPROVED_ACTION'	=> 'Post awaiting approval:',
 	'POST_UNAPPROVED'		=> 'This post has not been approved.',
+	'POST_UNAPPROVED_EXPLAIN'	=> 'This post is not visible to other users until it has been approved by a moderator.',
 	'POWERED_BY'			=> 'Powered by %s',
 	'PREVIEW'				=> 'Preview',
 	'PREVIOUS'				=> 'Previous',		// Used in pagination

phpBB/phpbb/auth/provider/apache.php

@@ -13,34 +13,55 @@
 
 namespace phpbb\auth\provider;
 
+use phpbb\config\config;
+use phpbb\db\driver\driver_interface;
+use phpbb\language\language;
+use phpbb\request\request_interface;
+use phpbb\request\type_cast_helper;
+use phpbb\user;
+
 /**
 * Apache authentication provider for phpBB3
 */
-class apache extends \phpbb\auth\provider\base
+class apache extends base
 {
-	/**
-	* phpBB passwords manager
-	*
-	* @var \phpbb\passwords\manager
-	*/
-	protected $passwords_manager;
+	/** @var config phpBB config */
+	protected $config;
+
+	/** @var driver_interface Database object */
+	protected $db;
+
+	/** @var language Language object */
+	protected $language;
+
+	/** @var request_interface Request object */
+	protected $request;
+
+	/** @var user User object */
+	protected $user;
+
+	/** @var string Relative path to phpBB root */
+	protected $phpbb_root_path;
+
+	/** @var string PHP file extension */
+	protected $php_ext;
 
 	/**
 	 * Apache Authentication Constructor
 	 *
-	 * @param	\phpbb\db\driver\driver_interface 	$db		Database object
-	 * @param	\phpbb\config\config 		$config		Config object
-	 * @param	\phpbb\passwords\manager	$passwords_manager		Passwords Manager object
-	 * @param	\phpbb\request\request 		$request		Request object
-	 * @param	\phpbb\user 			$user		User object
+	 * @param	config 				$config		Config object
+	 * @param	driver_interface 	$db		Database object
+	 * @param	language			$language Language object
+	 * @param	request_interface 	$request		Request object
+	 * @param	user 				$user		User object
 	 * @param	string 				$phpbb_root_path		Relative path to phpBB root
 	 * @param	string 				$php_ext		PHP file extension
 	 */
-	public function __construct(\phpbb\db\driver\driver_interface $db, \phpbb\config\config $config, \phpbb\passwords\manager $passwords_manager, \phpbb\request\request $request, \phpbb\user $user, $phpbb_root_path, $php_ext)
+	public function __construct(config $config, driver_interface $db, language $language, request_interface $request, user $user, $phpbb_root_path, $php_ext)
 	{
-		$this->db = $db;
 		$this->config = $config;
-		$this->passwords_manager = $passwords_manager;
+		$this->db = $db;
+		$this->language = $language;
 		$this->request = $request;
 		$this->user = $user;
 		$this->phpbb_root_path = $phpbb_root_path;
@@ -52,9 +73,9 @@ class apache extends \phpbb\auth\provider\base
 	 */
 	public function init()
 	{
-		if (!$this->request->is_set('PHP_AUTH_USER', \phpbb\request\request_interface::SERVER) || $this->user->data['username'] !== htmlspecialchars_decode($this->request->server('PHP_AUTH_USER')))
+		if (!$this->request->is_set('PHP_AUTH_USER', request_interface::SERVER) || $this->user->data['username'] !== htmlspecialchars_decode($this->request->server('PHP_AUTH_USER')))
 		{
-			return $this->user->lang['APACHE_SETUP_BEFORE_USE'];
+			return $this->language->lang('APACHE_SETUP_BEFORE_USE');
 		}
 		return false;
 	}
@@ -83,7 +104,7 @@ class apache extends \phpbb\auth\provider\base
 			);
 		}
 
-		if (!$this->request->is_set('PHP_AUTH_USER', \phpbb\request\request_interface::SERVER))
+		if (!$this->request->is_set('PHP_AUTH_USER', request_interface::SERVER))
 		{
 			return array(
 				'status'		=> LOGIN_ERROR_EXTERNAL_AUTH,
@@ -137,7 +158,7 @@ class apache extends \phpbb\auth\provider\base
 			return array(
 				'status'		=> LOGIN_SUCCESS_CREATE_PROFILE,
 				'error_msg'		=> false,
-				'user_row'		=> $this->user_row($php_auth_user, $php_auth_pw),
+				'user_row'		=> $this->user_row($php_auth_user),
 			);
 		}
 
@@ -154,7 +175,7 @@ class apache extends \phpbb\auth\provider\base
 	 */
 	public function autologin()
 	{
-		if (!$this->request->is_set('PHP_AUTH_USER', \phpbb\request\request_interface::SERVER))
+		if (!$this->request->is_set('PHP_AUTH_USER', request_interface::SERVER))
 		{
 			return array();
 		}
@@ -164,8 +185,8 @@ class apache extends \phpbb\auth\provider\base
 
 		if (!empty($php_auth_user) && !empty($php_auth_pw))
 		{
-			set_var($php_auth_user, $php_auth_user, 'string', true);
-			set_var($php_auth_pw, $php_auth_pw, 'string', true);
+			$type_cast_helper = new type_cast_helper();
+			$type_cast_helper->set_var($php_auth_user, $php_auth_user, 'string', true);
 
 			$sql = 'SELECT *
 				FROM ' . USERS_TABLE . "
@@ -185,7 +206,7 @@ class apache extends \phpbb\auth\provider\base
 			}
 
 			// create the user if he does not exist yet
-			user_add($this->user_row($php_auth_user, $php_auth_pw));
+			user_add($this->user_row($php_auth_user));
 
 			$sql = 'SELECT *
 				FROM ' . USERS_TABLE . "
@@ -208,11 +229,11 @@ class apache extends \phpbb\auth\provider\base
 	 * function in order to create a user
 	 *
 	 * @param 	string	$username 	The username of the new user.
-	 * @param 	string	$password 	The password of the new user.
+	 *
 	 * @return 	array 				Contains data that can be passed directly to
 	 *								the user_add function.
 	 */
-	private function user_row($username, $password)
+	private function user_row($username)
 	{
 		// first retrieve default group id
 		$sql = 'SELECT group_id
@@ -231,7 +252,7 @@ class apache extends \phpbb\auth\provider\base
 		// generate user account data
 		return array(
 			'username'		=> $username,
-			'user_password'	=> $this->passwords_manager->hash($password),
+			'user_password'	=> '',
 			'user_email'	=> '',
 			'group_id'		=> (int) $row['group_id'],
 			'user_type'		=> USER_NORMAL,
@@ -246,7 +267,7 @@ class apache extends \phpbb\auth\provider\base
 	public function validate_session($user)
 	{
 		// Check if PHP_AUTH_USER is set and handle this case
-		if ($this->request->is_set('PHP_AUTH_USER', \phpbb\request\request_interface::SERVER))
+		if ($this->request->is_set('PHP_AUTH_USER', request_interface::SERVER))
 		{
 			$php_auth_user = $this->request->server('PHP_AUTH_USER');
 

phpBB/phpbb/auth/provider/base.php

@@ -16,7 +16,7 @@ namespace phpbb\auth\provider;
 /**
 * Base authentication provider class that all other providers should implement
 */
-abstract class base implements \phpbb\auth\provider\provider_interface
+abstract class base implements provider_interface
 {
 	/**
 	* {@inheritdoc}

phpBB/phpbb/auth/provider/db.php

@@ -13,48 +13,69 @@
 
 namespace phpbb\auth\provider;
 
+use phpbb\captcha\factory;
+use phpbb\config\config;
+use phpbb\db\driver\driver_interface;
+use phpbb\passwords\manager;
+use phpbb\request\request_interface;
+use phpbb\user;
+
 /**
  * Database authentication provider for phpBB3
  * This is for authentication via the integrated user table
  */
-class db extends \phpbb\auth\provider\base
+class db extends base
 {
+	/** @var factory CAPTCHA factory */
+	protected $captcha_factory;
+
+	/** @var config phpBB config */
+	protected $config;
+
+	/** @var driver_interface DBAL driver instance */
+	protected $db;
+
+	/** @var request_interface Request object */
+	protected $request;
+
+	/** @var user User object */
+	protected $user;
+
+	/** @var string phpBB root path */
+	protected $phpbb_root_path;
+
+	/** @var string PHP file extension */
+	protected $php_ext;
+
 	/**
 	* phpBB passwords manager
 	*
-	* @var \phpbb\passwords\manager
+	* @var manager
 	*/
 	protected $passwords_manager;
 
-	/**
-	* DI container
-	*
-	* @var \Symfony\Component\DependencyInjection\ContainerInterface
-	*/
-	protected $phpbb_container;
-
 	/**
 	 * Database Authentication Constructor
 	 *
-	 * @param	\phpbb\db\driver\driver_interface		$db
-	 * @param	\phpbb\config\config 		$config
-	 * @param	\phpbb\passwords\manager	$passwords_manager
-	 * @param	\phpbb\request\request		$request
-	 * @param	\phpbb\user			$user
-	 * @param	\Symfony\Component\DependencyInjection\ContainerInterface $phpbb_container DI container
+	 * @param factory $captcha_factory
+	 * @param	config 		$config
+	 * @param	driver_interface		$db
+	 * @param	manager	$passwords_manager
+	 * @param	request_interface		$request
+	 * @param	user			$user
 	 * @param	string				$phpbb_root_path
 	 * @param	string				$php_ext
 	 */
-	public function __construct(\phpbb\db\driver\driver_interface $db, \phpbb\config\config $config, \phpbb\passwords\manager $passwords_manager, \phpbb\request\request $request, \phpbb\user $user, \Symfony\Component\DependencyInjection\ContainerInterface $phpbb_container, $phpbb_root_path, $php_ext)
+	public function __construct(factory $captcha_factory, config $config, driver_interface $db, manager $passwords_manager, request_interface $request, user $user, $phpbb_root_path, $php_ext)
 	{
-		$this->db = $db;
+		$this->captcha_factory = $captcha_factory;
 		$this->config = $config;
+		$this->db = $db;
 		$this->passwords_manager = $passwords_manager;
 		$this->request = $request;
 		$this->user = $user;
 		$this->phpbb_root_path = $phpbb_root_path;
 		$this->php_ext = $php_ext;
-		$this->phpbb_container = $phpbb_container;
 	}
 
 	/**
@@ -155,9 +176,7 @@ class db extends \phpbb\auth\provider\base
 		// Every auth module is able to define what to do by itself...
 		if ($show_captcha)
 		{
-			/* @var $captcha_factory \phpbb\captcha\factory */
-			$captcha_factory = $this->phpbb_container->get('captcha.factory');
-			$captcha = $captcha_factory->get_instance($this->config['captcha_plugin']);
+			$captcha = $this->captcha_factory->get_instance($this->config['captcha_plugin']);
 			$captcha->init(CONFIRM_LOGIN);
 			$vc_response = $captcha->validate($row);
 			if ($vc_response)

phpBB/phpbb/auth/provider/ldap.php

@@ -1,4 +1,5 @@
 <?php
+
 /**
 *
 * This file is part of the phpBB Forum Software package.
@@ -13,32 +14,42 @@
 
 namespace phpbb\auth\provider;
 
+use phpbb\config\config;
+use phpbb\db\driver\driver_interface;
+use phpbb\language\language;
+use phpbb\user;
+
 /**
  * Database authentication provider for phpBB3
  * This is for authentication via the integrated user table
  */
-class ldap extends \phpbb\auth\provider\base
+class ldap extends base
 {
-	/**
-	* phpBB passwords manager
-	*
-	* @var \phpbb\passwords\manager
-	*/
-	protected $passwords_manager;
+	/** @var config phpBB config */
+	protected $config;
+
+	/** @var driver_interface DBAL driver interface */
+	protected $db;
+
+	/** @var language phpBB language class */
+	protected $language;
+
+	/** @var user phpBB user */
+	protected $user;
 
 	/**
 	 * LDAP Authentication Constructor
 	 *
-	 * @param	\phpbb\db\driver\driver_interface		$db		Database object
-	 * @param	\phpbb\config\config		$config		Config object
-	 * @param	\phpbb\passwords\manager	$passwords_manager		Passwords manager object
-	 * @param	\phpbb\user			$user		User object
+	 * @param	driver_interface	$db			DBAL driver interface
+	 * @param	config				$config		Config object
+	 * @param	language			$language	Language object
+	 * @param	user				$user		User object
 	 */
-	public function __construct(\phpbb\db\driver\driver_interface $db, \phpbb\config\config $config, \phpbb\passwords\manager $passwords_manager, \phpbb\user $user)
+	public function __construct(config $config, driver_interface $db, language $language, user $user)
 	{
-		$this->db = $db;
 		$this->config = $config;
-		$this->passwords_manager = $passwords_manager;
+		$this->db = $db;
+		$this->language = $language;
 		$this->user = $user;
 	}
 
@@ -49,7 +60,7 @@ class ldap extends \phpbb\auth\provider\base
 	{
 		if (!@extension_loaded('ldap'))
 		{
-			return $this->user->lang['LDAP_NO_LDAP_EXTENSION'];
+			return $this->language->lang('LDAP_NO_LDAP_EXTENSION');
 		}
 
 		$this->config['ldap_port'] = (int) $this->config['ldap_port'];
@@ -64,7 +75,7 @@ class ldap extends \phpbb\auth\provider\base
 
 		if (!$ldap)
 		{
-			return $this->user->lang['LDAP_NO_SERVER_CONNECTION'];
+			return $this->language->lang('LDAP_NO_SERVER_CONNECTION');
 		}
 
 		@ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3);
@@ -74,7 +85,7 @@ class ldap extends \phpbb\auth\provider\base
 		{
 			if (!@ldap_bind($ldap, htmlspecialchars_decode($this->config['ldap_user']), htmlspecialchars_decode($this->config['ldap_password'])))
 			{
-				return $this->user->lang['LDAP_INCORRECT_USER_PASSWORD'];
+				return $this->language->lang('LDAP_INCORRECT_USER_PASSWORD');
 			}
 		}
 
@@ -92,7 +103,7 @@ class ldap extends \phpbb\auth\provider\base
 
 		if ($search === false)
 		{
-			return $this->user->lang['LDAP_SEARCH_FAILED'];
+			return $this->language->lang('LDAP_SEARCH_FAILED');
 		}
 
 		$result = @ldap_get_entries($ldap, $search);
@@ -101,12 +112,12 @@ class ldap extends \phpbb\auth\provider\base
 
 		if (!is_array($result) || count($result) < 2)
 		{
-			return sprintf($this->user->lang['LDAP_NO_IDENTITY'], $this->user->data['username']);
+			return $this->language->lang('LDAP_NO_IDENTITY', $this->user->data['username']);
 		}
 
 		if (!empty($this->config['ldap_email']) && !isset($result[0][htmlspecialchars_decode($this->config['ldap_email'])]))
 		{
-			return $this->user->lang['LDAP_NO_EMAIL'];
+			return $this->language->lang('LDAP_NO_EMAIL');
 		}
 
 		return false;
@@ -245,7 +256,7 @@ class ldap extends \phpbb\auth\provider\base
 					// generate user account data
 					$ldap_user_row = array(
 						'username'		=> $username,
-						'user_password'	=> $this->passwords_manager->hash($password),
+						'user_password'	=> '',
 						'user_email'	=> (!empty($this->config['ldap_email'])) ? utf8_htmlspecialchars($ldap_result[0][htmlspecialchars_decode($this->config['ldap_email'])][0]) : '',
 						'group_id'		=> (int) $row['group_id'],
 						'user_type'		=> USER_NORMAL,

phpBB/phpbb/auth/provider/oauth/service/base.php

@@ -1,49 +1,57 @@
 <?php
 /**
-*
-* This file is part of the phpBB Forum Software package.
-*
-* @copyright (c) phpBB Limited <https://www.phpbb.com>
-* @license GNU General Public License, version 2 (GPL-2.0)
-*
-* For full copyright and license information, please see
-* the docs/CREDITS.txt file.
-*
-*/
+ *
+ * This file is part of the phpBB Forum Software package.
+ *
+ * @copyright (c) phpBB Limited <https://www.phpbb.com>
+ * @license GNU General Public License, version 2 (GPL-2.0)
+ *
+ * For full copyright and license information, please see
+ * the docs/CREDITS.txt file.
+ *
+ */
 
 namespace phpbb\auth\provider\oauth\service;
 
 /**
-* Base OAuth abstract class that all OAuth services should implement
-*/
-abstract class base implements \phpbb\auth\provider\oauth\service\service_interface
+ * Base OAuth abstract class that all OAuth services should implement
+ */
+abstract class base implements service_interface
 {
 	/**
-	* External OAuth service provider
-	*
-	* @var \OAuth\Common\Service\ServiceInterface
-	*/
+	 * External OAuth service provider
+	 *
+	 * @var \OAuth\Common\Service\ServiceInterface
+	 */
 	protected $service_provider;
 
 	/**
-	* {@inheritdoc}
-	*/
+	 * {@inheritdoc}
+	 */
+	public function get_auth_scope()
+	{
+		return [];
+	}
+
+	/**
+	 * {@inheritdoc}
+	 */
+	public function get_external_service_class()
+	{
+		return '';
+	}
+
+	/**
+	 * {@inheritdoc}
+	 */
 	public function get_external_service_provider()
 	{
 		return $this->service_provider;
 	}
 
 	/**
-	* {@inheritdoc}
-	*/
-	public function get_auth_scope()
-	{
-		return array();
-	}
-
-	/**
-	* {@inheritdoc}
-	*/
+	 * {@inheritdoc}
+	 */
 	public function set_external_service_provider(\OAuth\Common\Service\ServiceInterface $service_provider)
 	{
 		$this->service_provider = $service_provider;

phpBB/phpbb/auth/provider/oauth/service/bitly.php

@@ -1,94 +1,107 @@
 <?php
 /**
-*
-* This file is part of the phpBB Forum Software package.
-*
-* @copyright (c) phpBB Limited <https://www.phpbb.com>
-* @license GNU General Public License, version 2 (GPL-2.0)
-*
-* For full copyright and license information, please see
-* the docs/CREDITS.txt file.
-*
-*/
+ *
+ * This file is part of the phpBB Forum Software package.
+ *
+ * @copyright (c) phpBB Limited <https://www.phpbb.com>
+ * @license GNU General Public License, version 2 (GPL-2.0)
+ *
+ * For full copyright and license information, please see
+ * the docs/CREDITS.txt file.
+ *
+ */
 
 namespace phpbb\auth\provider\oauth\service;
 
 /**
-* Bitly OAuth service
-*/
-class bitly extends \phpbb\auth\provider\oauth\service\base
+ * Bitly OAuth service
+ */
+class bitly extends base
 {
-	/**
-	* phpBB config
-	*
-	* @var \phpbb\config\config
-	*/
+	/** @var \phpbb\config\config */
 	protected $config;
 
-	/**
-	* phpBB request
-	*
-	* @var \phpbb\request\request_interface
-	*/
+	/** @var \phpbb\request\request_interface */
 	protected $request;
 
 	/**
-	* Constructor
-	*
-	* @param	\phpbb\config\config				$config
-	* @param	\phpbb\request\request_interface	$request
-	*/
+	 * Constructor.
+	 *
+	 * @param \phpbb\config\config				$config		Config object
+	 * @param \phpbb\request\request_interface	$request	Request object
+	 */
 	public function __construct(\phpbb\config\config $config, \phpbb\request\request_interface $request)
 	{
-		$this->config = $config;
-		$this->request = $request;
+		$this->config	= $config;
+		$this->request	= $request;
 	}
 
 	/**
-	* {@inheritdoc}
-	*/
+	 * {@inheritdoc}
+	 */
 	public function get_service_credentials()
 	{
-		return array(
+		return [
 			'key'		=> $this->config['auth_oauth_bitly_key'],
 			'secret'	=> $this->config['auth_oauth_bitly_secret'],
-		);
+		];
 	}
 
 	/**
-	* {@inheritdoc}
-	*/
+	 * {@inheritdoc}
+	 */
 	public function perform_auth_login()
 	{
 		if (!($this->service_provider instanceof \OAuth\OAuth2\Service\Bitly))
 		{
-			throw new \phpbb\auth\provider\oauth\service\exception('AUTH_PROVIDER_OAUTH_ERROR_INVALID_SERVICE_TYPE');
+			throw new exception('AUTH_PROVIDER_OAUTH_ERROR_INVALID_SERVICE_TYPE');
 		}
 
-		// This was a callback request from bitly, get the token
-		$this->service_provider->requestAccessToken($this->request->variable('code', ''));
+		try
+		{
+			// This was a callback request, get the token
+			$this->service_provider->requestAccessToken($this->request->variable('code', ''));
+		}
+		catch (\OAuth\Common\Http\Exception\TokenResponseException $e)
+		{
+			throw new exception('AUTH_PROVIDER_OAUTH_ERROR_REQUEST');
+		}
 
-		// Send a request with it
-		$result = json_decode($this->service_provider->request('user/info'), true);
+		try
+		{
+			// Send a request with it
+			$result = (array) json_decode($this->service_provider->request('user/info'), true);
+		}
+		catch (\OAuth\Common\Exception\Exception $e)
+		{
+			throw new exception('AUTH_PROVIDER_OAUTH_ERROR_REQUEST');
+		}
 
 		// Return the unique identifier returned from bitly
 		return $result['data']['login'];
 	}
 
 	/**
-	* {@inheritdoc}
-	*/
+	 * {@inheritdoc}
+	 */
 	public function perform_token_auth()
 	{
 		if (!($this->service_provider instanceof \OAuth\OAuth2\Service\Bitly))
 		{
-			throw new \phpbb\auth\provider\oauth\service\exception('AUTH_PROVIDER_OAUTH_ERROR_INVALID_SERVICE_TYPE');
+			throw new exception('AUTH_PROVIDER_OAUTH_ERROR_INVALID_SERVICE_TYPE');
 		}
 
-		// Send a request with it
-		$result = json_decode($this->service_provider->request('user/info'), true);
+		try
+		{
+			// Send a request with it
+			$result = (array) json_decode($this->service_provider->request('user/info'), true);
+		}
+		catch (\OAuth\Common\Exception\Exception $e)
+		{
+			throw new exception('AUTH_PROVIDER_OAUTH_ERROR_REQUEST');
+		}
 
-		// Return the unique identifier returned from bitly
+		// Return the unique identifier
 		return $result['data']['login'];
 	}
 }

phpBB/phpbb/auth/provider/oauth/service/facebook.php

@@ -1,63 +1,55 @@
 <?php
 /**
-*
-* This file is part of the phpBB Forum Software package.
-*
-* @copyright (c) phpBB Limited <https://www.phpbb.com>
-* @license GNU General Public License, version 2 (GPL-2.0)
-*
-* For full copyright and license information, please see
-* the docs/CREDITS.txt file.
-*
-*/
+ *
+ * This file is part of the phpBB Forum Software package.
+ *
+ * @copyright (c) phpBB Limited <https://www.phpbb.com>
+ * @license GNU General Public License, version 2 (GPL-2.0)
+ *
+ * For full copyright and license information, please see
+ * the docs/CREDITS.txt file.
+ *
+ */
 
 namespace phpbb\auth\provider\oauth\service;
 
 /**
-* Facebook OAuth service
-*/
+ * Facebook OAuth service
+ */
 class facebook extends base
 {
-	/**
-	* phpBB config
-	*
-	* @var \phpbb\config\config
-	*/
+	/** @var \phpbb\config\config */
 	protected $config;
 
-	/**
-	* phpBB request
-	*
-	* @var \phpbb\request\request_interface
-	*/
+	/** @var \phpbb\request\request_interface */
 	protected $request;
 
 	/**
-	* Constructor
-	*
-	* @param	\phpbb\config\config				$config
-	* @param	\phpbb\request\request_interface 	$request
-	*/
+	 * Constructor.
+	 *
+	 * @param \phpbb\config\config				$config		Config object
+	 * @param \phpbb\request\request_interface	$request	Request object
+	 */
 	public function __construct(\phpbb\config\config $config, \phpbb\request\request_interface $request)
 	{
-		$this->config = $config;
-		$this->request = $request;
+		$this->config	= $config;
+		$this->request	= $request;
 	}
 
 	/**
-	* {@inheritdoc}
-	*/
+	 * {@inheritdoc}
+	 */
 	public function get_service_credentials()
 	{
-		return array(
+		return [
 			'key'		=> $this->config['auth_oauth_facebook_key'],
 			'secret'	=> $this->config['auth_oauth_facebook_secret'],
-		);
+		];
 	}
 
 	/**
-	* {@inheritdoc}
-	*/
+	 * {@inheritdoc}
+	 */
 	public function perform_auth_login()
 	{
 		if (!($this->service_provider instanceof \OAuth\OAuth2\Service\Facebook))
@@ -65,19 +57,33 @@ class facebook extends base
 			throw new exception('AUTH_PROVIDER_OAUTH_ERROR_INVALID_SERVICE_TYPE');
 		}
 
-		// This was a callback request, get the token
-		$this->service_provider->requestAccessToken($this->request->variable('code', ''));
+		try
+		{
+			// This was a callback request, get the token
+			$this->service_provider->requestAccessToken($this->request->variable('code', ''));
+		}
+		catch (\OAuth\Common\Http\Exception\TokenResponseException $e)
+		{
+			throw new exception('AUTH_PROVIDER_OAUTH_ERROR_REQUEST');
+		}
 
-		// Send a request with it
-		$result = json_decode($this->service_provider->request('/me'), true);
+		try
+		{
+			// Send a request with it
+			$result = (array) json_decode($this->service_provider->request('/me'), true);
+		}
+		catch (\OAuth\Common\Exception\Exception $e)
+		{
+			throw new exception('AUTH_PROVIDER_OAUTH_ERROR_REQUEST');
+		}
 
 		// Return the unique identifier
 		return $result['id'];
 	}
 
 	/**
-	* {@inheritdoc}
-	*/
+	 * {@inheritdoc}
+	 */
 	public function perform_token_auth()
 	{
 		if (!($this->service_provider instanceof \OAuth\OAuth2\Service\Facebook))
@@ -85,8 +91,15 @@ class facebook extends base
 			throw new exception('AUTH_PROVIDER_OAUTH_ERROR_INVALID_SERVICE_TYPE');
 		}
 
-		// Send a request with it
-		$result = json_decode($this->service_provider->request('/me'), true);
+		try
+		{
+			// Send a request with it
+			$result = (array) json_decode($this->service_provider->request('/me'), true);
+		}
+		catch (\OAuth\Common\Exception\Exception $e)
+		{
+			throw new exception('AUTH_PROVIDER_OAUTH_ERROR_REQUEST');
+		}
 
 		// Return the unique identifier
 		return $result['id'];

phpBB/phpbb/auth/provider/oauth/service/google.php

@@ -1,74 +1,66 @@
 <?php
 /**
-*
-* This file is part of the phpBB Forum Software package.
-*
-* @copyright (c) phpBB Limited <https://www.phpbb.com>
-* @license GNU General Public License, version 2 (GPL-2.0)
-*
-* For full copyright and license information, please see
-* the docs/CREDITS.txt file.
-*
-*/
+ *
+ * This file is part of the phpBB Forum Software package.
+ *
+ * @copyright (c) phpBB Limited <https://www.phpbb.com>
+ * @license GNU General Public License, version 2 (GPL-2.0)
+ *
+ * For full copyright and license information, please see
+ * the docs/CREDITS.txt file.
+ *
+ */
 
 namespace phpbb\auth\provider\oauth\service;
 
 /**
-* Google OAuth service
-*/
+ * Google OAuth service
+ */
 class google extends base
 {
-	/**
-	* phpBB config
-	*
-	* @var \phpbb\config\config
-	*/
+	/** @var \phpbb\config\config */
 	protected $config;
 
-	/**
-	* phpBB request
-	*
-	* @var \phpbb\request\request_interface
-	*/
+	/** @var \phpbb\request\request_interface */
 	protected $request;
 
 	/**
-	* Constructor
-	*
-	* @param	\phpbb\config\config				$config
-	* @param	\phpbb\request\request_interface 	$request
-	*/
+	 * Constructor.
+	 *
+	 * @param \phpbb\config\config				$config		Config object
+	 * @param \phpbb\request\request_interface	$request	Request object
+	 */
 	public function __construct(\phpbb\config\config $config, \phpbb\request\request_interface $request)
 	{
-		$this->config = $config;
-		$this->request = $request;
+		$this->config	= $config;
+		$this->request	= $request;
 	}
 
 	/**
-	* {@inheritdoc}
-	*/
+	 * {@inheritdoc}
+	 */
 	public function get_auth_scope()
 	{
-		return array(
+		return [
 			'userinfo_email',
 			'userinfo_profile',
-		);
+		];
 	}
 
 	/**
-	* {@inheritdoc}
-	*/
+	 * {@inheritdoc}
+	 */
 	public function get_service_credentials()
 	{
-		return array(
+		return [
 			'key'		=> $this->config['auth_oauth_google_key'],
 			'secret'	=> $this->config['auth_oauth_google_secret'],
-		);
+		];
 	}
 
 	/**
-	* {@inheritdoc}
-	*/
+	 * {@inheritdoc}
+	 */
 	public function perform_auth_login()
 	{
 		if (!($this->service_provider instanceof \OAuth\OAuth2\Service\Google))
@@ -76,19 +68,33 @@ class google extends base
 			throw new exception('AUTH_PROVIDER_OAUTH_ERROR_INVALID_SERVICE_TYPE');
 		}
 
-		// This was a callback request, get the token
-		$this->service_provider->requestAccessToken($this->request->variable('code', ''));
+		try
+		{
+			// This was a callback request, get the token
+			$this->service_provider->requestAccessToken($this->request->variable('code', ''));
+		}
+		catch (\OAuth\Common\Http\Exception\TokenResponseException $e)
+		{
+			throw new exception('AUTH_PROVIDER_OAUTH_ERROR_REQUEST');
+		}
 
-		// Send a request with it
-		$result = json_decode($this->service_provider->request('https://www.googleapis.com/oauth2/v1/userinfo'), true);
+		try
+		{
+			// Send a request with it
+			$result = (array) json_decode($this->service_provider->request('https://www.googleapis.com/oauth2/v1/userinfo'), true);
+		}
+		catch (\OAuth\Common\Exception\Exception $e)
+		{
+			throw new exception('AUTH_PROVIDER_OAUTH_ERROR_REQUEST');
+		}
 
 		// Return the unique identifier
 		return $result['id'];
 	}
 
 	/**
-	* {@inheritdoc}
-	*/
+	 * {@inheritdoc}
+	 */
 	public function perform_token_auth()
 	{
 		if (!($this->service_provider instanceof \OAuth\OAuth2\Service\Google))
@@ -96,8 +102,15 @@ class google extends base
 			throw new exception('AUTH_PROVIDER_OAUTH_ERROR_INVALID_SERVICE_TYPE');
 		}
 
-		// Send a request with it
-		$result = json_decode($this->service_provider->request('https://www.googleapis.com/oauth2/v1/userinfo'), true);
+		try
+		{
+			// Send a request with it
+			$result = (array) json_decode($this->service_provider->request('https://www.googleapis.com/oauth2/v1/userinfo'), true);
+		}
+		catch (\OAuth\Common\Exception\Exception $e)
+		{
+			throw new exception('AUTH_PROVIDER_OAUTH_ERROR_REQUEST');
+		}
 
 		// Return the unique identifier
 		return $result['id'];

phpBB/phpbb/auth/provider/oauth/service/service_interface.php

@@ -1,73 +1,87 @@
 <?php
 /**
-*
-* This file is part of the phpBB Forum Software package.
-*
-* @copyright (c) phpBB Limited <https://www.phpbb.com>
-* @license GNU General Public License, version 2 (GPL-2.0)
-*
-* For full copyright and license information, please see
-* the docs/CREDITS.txt file.
-*
-*/
+ *
+ * This file is part of the phpBB Forum Software package.
+ *
+ * @copyright (c) phpBB Limited <https://www.phpbb.com>
+ * @license GNU General Public License, version 2 (GPL-2.0)
+ *
+ * For full copyright and license information, please see
+ * the docs/CREDITS.txt file.
+ *
+ */
 
 namespace phpbb\auth\provider\oauth\service;
 
 /**
-* OAuth service interface
-*/
+ * OAuth service interface
+ */
 interface service_interface
 {
 	/**
-	* Returns an array of the scopes necessary for auth
-	*
-	* @return	array	An array of the required scopes
-	*/
+	 * Returns an array of the scopes necessary for auth
+	 *
+	 * @return array	An array of the required scopes
+	 */
 	public function get_auth_scope();
 
 	/**
-	* Returns the external library service provider once it has been set
-	*
-	* @param	\OAuth\Common\Service\ServiceInterface|null
-	*/
-	public function get_external_service_provider();
-
-	/**
-	* Returns an array containing the service credentials belonging to requested
-	* service.
-	*
-	* @return	array	An array containing the 'key' and the 'secret' of the
-	*					service in the form:
-	*						array(
-	*							'key'		=> string
-	*							'secret'	=> string
-	*						)
-	*/
+	 * Returns an array containing the service credentials belonging to requested
+	 * service.
+	 *
+	 * @return array	An array containing the 'key' and the 'secret' of the
+	 *					service in the form:
+	 *						array(
+	 *							'key'		=> string
+	 *							'secret'	=> string
+	 *						)
+	 */
 	public function get_service_credentials();
 
 	/**
-	* Returns the results of the authentication in json format
-	*
-	* @throws	\phpbb\auth\provider\oauth\service\exception
-	* @return	string	The unique identifier returned by the service provider
-	*					that is used to authenticate the user with phpBB.
-	*/
+	 * Returns the results of the authentication in json format
+	 *
+	 * @throws \phpbb\auth\provider\oauth\service\exception
+	 * @return string	The unique identifier returned by the service provider
+	 *					that is used to authenticate the user with phpBB.
+	 */
 	public function perform_auth_login();
 
 	/**
-	* Returns the results of the authentication in json format
-	* Use this function when the user already has an access token
-	*
-	* @throws	\phpbb\auth\provider\oauth\service\exception
-	* @return	string	The unique identifier returned by the service provider
-	*					that is used to authenticate the user with phpBB.
-	*/
+	 * Returns the results of the authentication in json format
+	 * Use this function when the user already has an access token
+	 *
+	 * @throws \phpbb\auth\provider\oauth\service\exception
+	 * @return string	The unique identifier returned by the service provider
+	 *					that is used to authenticate the user with phpBB.
+	 */
 	public function perform_token_auth();
 
 	/**
-	* Sets the external library service provider
-	*
-	* @param	\OAuth\Common\Service\ServiceInterface	$service_provider
-	*/
+	 * Returns the class of external library service provider that has to be used.
+	 *
+	 * @return string	If the string is a class, it will register the provided string as a class,
+	 *						which later will be generated as the OAuth external service provider.
+	 * 					If the string is not a class, it will use this string,
+	 * 						trying to generate a service for the version 2 and 1 respectively:
+	 * 						\OAuth\OAuth2\Service\<string>
+	 * 					If the string is empty, it will default to OAuth's standard service classes,
+	 * 						trying to generate a service for the version 2 and 1 respectively:
+	 * 						\OAuth\OAuth2\Service\Facebook
+	 */
+	public function get_external_service_class();
+
+	/**
+	 * Returns the external library service provider once it has been set
+	 *
+	 * @param \OAuth\Common\Service\ServiceInterface|null
+	 */
+	public function get_external_service_provider();
+
+	/**
+	 * Sets the external library service provider
+	 *
+	 * @param \OAuth\Common\Service\ServiceInterface	$service_provider
+	 */
 	public function set_external_service_provider(\OAuth\Common\Service\ServiceInterface $service_provider);
 }

phpBB/phpbb/auth/provider/oauth/service/twitter.php

@@ -1,102 +1,111 @@
 <?php
 /**
-*
-* This file is part of the phpBB Forum Software package.
-*
-* @copyright (c) phpBB Limited <https://www.phpbb.com>
-* @license GNU General Public License, version 2 (GPL-2.0)
-*
-* For full copyright and license information, please see
-* the docs/CREDITS.txt file.
-*
-*/
+ *
+ * This file is part of the phpBB Forum Software package.
+ *
+ * @copyright (c) phpBB Limited <https://www.phpbb.com>
+ * @license GNU General Public License, version 2 (GPL-2.0)
+ *
+ * For full copyright and license information, please see
+ * the docs/CREDITS.txt file.
+ *
+ */
 
 namespace phpbb\auth\provider\oauth\service;
 
 /**
-* Twitter OAuth service
-*/
-class twitter extends \phpbb\auth\provider\oauth\service\base
+ * Twitter OAuth service
+ */
+class twitter extends base
 {
-	/**
-	* phpBB config
-	*
-	* @var \phpbb\config\config
-	*/
+	/** @var \phpbb\config\config */
 	protected $config;
 
-	/**
-	* phpBB request
-	*
-	* @var \phpbb\request\request_interface
-	*/
+	/** @var \phpbb\request\request_interface */
 	protected $request;
 
 	/**
-	* Constructor
-	*
-	* @param	\phpbb\config\config				$config
-	* @param	\phpbb\request\request_interface	$request
-	*/
+	 * Constructor.
+	 *
+	 * @param \phpbb\config\config				$config		Config object
+	 * @param \phpbb\request\request_interface	$request	Request object
+	 */
 	public function __construct(\phpbb\config\config $config, \phpbb\request\request_interface $request)
 	{
-		$this->config = $config;
-		$this->request = $request;
+		$this->config	= $config;
+		$this->request	= $request;
 	}
 
 	/**
-	* {@inheritdoc}
-	*/
+	 * {@inheritdoc}
+	 */
 	public function get_service_credentials()
 	{
-		return array(
+		return [
 			'key'		=> $this->config['auth_oauth_twitter_key'],
 			'secret'	=> $this->config['auth_oauth_twitter_secret'],
-		);
+		];
 	}
 
 	/**
-	* {@inheritdoc}
-	*/
+	 * {@inheritdoc}
+	 */
 	public function perform_auth_login()
 	{
 		if (!($this->service_provider instanceof \OAuth\OAuth1\Service\Twitter))
 		{
-			throw new \phpbb\auth\provider\oauth\service\exception('AUTH_PROVIDER_OAUTH_ERROR_INVALID_SERVICE_TYPE');
+			throw new exception('AUTH_PROVIDER_OAUTH_ERROR_INVALID_SERVICE_TYPE');
 		}
 
 		$storage = $this->service_provider->getStorage();
-		$token = $storage->retrieveAccessToken('Twitter');
-		$tokensecret = $token->getRequestTokenSecret();
 
-		// This was a callback request from twitter, get the token
-		$this->service_provider->requestAccessToken(
-			$this->request->variable('oauth_token', ''),
-			$this->request->variable('oauth_verifier', ''),
-			$tokensecret
-		);
+		try
+		{
+			/** @var \OAuth\OAuth1\Token\TokenInterface $token */
+			$token = $storage->retrieveAccessToken('Twitter');
+		}
+		catch (\OAuth\Common\Storage\Exception\TokenNotFoundException $e)
+		{
+			throw new exception('AUTH_PROVIDER_OAUTH_ERROR_REQUEST');
+		}
+
+		$secret = $token->getRequestTokenSecret();
+
+		try
+		{
+			// This was a callback request, get the token
+			$this->service_provider->requestAccessToken(
+				$this->request->variable('oauth_token', ''),
+				$this->request->variable('oauth_verifier', ''),
+				$secret
+			);
+		}
+		catch (\OAuth\Common\Http\Exception\TokenResponseException $e)
+		{
+			throw new exception('AUTH_PROVIDER_OAUTH_ERROR_REQUEST');
+		}
 
 		// Send a request with it
-		$result = json_decode($this->service_provider->request('account/verify_credentials.json'), true);
+		$result = (array) json_decode($this->service_provider->request('account/verify_credentials.json'), true);
 
-		// Return the unique identifier returned from twitter
+		// Return the unique identifier
 		return $result['id'];
 	}
 
 	/**
-	* {@inheritdoc}
-	*/
+	 * {@inheritdoc}
+	 */
 	public function perform_token_auth()
 	{
 		if (!($this->service_provider instanceof \OAuth\OAuth1\Service\Twitter))
 		{
-			throw new \phpbb\auth\provider\oauth\service\exception('AUTH_PROVIDER_OAUTH_ERROR_INVALID_SERVICE_TYPE');
+			throw new exception('AUTH_PROVIDER_OAUTH_ERROR_INVALID_SERVICE_TYPE');
 		}
 
 		// Send a request with it
-		$result = json_decode($this->service_provider->request('account/verify_credentials.json'), true);
+		$result = (array) json_decode($this->service_provider->request('account/verify_credentials.json'), true);
 
-		// Return the unique identifier returned from twitter
+		// Return the unique identifier
 		return $result['id'];
 	}
 }

phpBB/phpbb/auth/provider/oauth/token_storage.php

@@ -1,15 +1,15 @@
 <?php
 /**
-*
-* This file is part of the phpBB Forum Software package.
-*
-* @copyright (c) phpBB Limited <https://www.phpbb.com>
-* @license GNU General Public License, version 2 (GPL-2.0)
-*
-* For full copyright and license information, please see
-* the docs/CREDITS.txt file.
-*
-*/
+ *
+ * This file is part of the phpBB Forum Software package.
+ *
+ * @copyright (c) phpBB Limited <https://www.phpbb.com>
+ * @license GNU General Public License, version 2 (GPL-2.0)
+ *
+ * For full copyright and license information, please see
+ * the docs/CREDITS.txt file.
+ *
+ */
 
 namespace phpbb\auth\provider\oauth;
 
@@ -20,67 +20,48 @@ use OAuth\Common\Storage\Exception\TokenNotFoundException;
 use OAuth\Common\Storage\Exception\AuthorizationStateNotFoundException;
 
 /**
-* OAuth storage wrapper for phpbb's cache
-*/
+ * OAuth storage wrapper for phpBB's cache
+ */
 class token_storage implements TokenStorageInterface
 {
-	/**
-	* Cache driver.
-	*
-	* @var \phpbb\db\driver\driver_interface
-	*/
+	/** @var \phpbb\db\driver\driver_interface */
 	protected $db;
 
-	/**
-	* phpBB user
-	*
-	* @var \phpbb\user
-	*/
+	/** @var \phpbb\user */
 	protected $user;
 
-	/**
-	* OAuth token table
-	*
-	* @var string
-	*/
+	/** @var string OAuth table: token storage */
 	protected $oauth_token_table;
 
-	/**
-	* OAuth state table
-	*
-	* @var string
-	*/
+	/** @var string OAuth table: state */
 	protected $oauth_state_table;
 
-	/**
-	* @var object|TokenInterface
-	*/
+	/** @var TokenInterface OAuth token */
 	protected $cachedToken;
 
-	/**
-	* @var string
-	*/
+	/** @var string OAuth state */
 	protected $cachedState;
 
 	/**
-	* Creates token storage for phpBB.
-	*
-	* @param	\phpbb\db\driver\driver_interface	$db
-	* @param	\phpbb\user		$user
-	* @param	string			$oauth_token_table
-	* @param	string			$oauth_state_table
-	*/
+	 * Constructor.
+	 *
+	 * @param \phpbb\db\driver\driver_interface	$db					Database object
+	 * @param \phpbb\user						$user				User object
+	 * @param string							$oauth_token_table	OAuth table: token storage
+	 * @param string							$oauth_state_table	OAuth table: state
+	 */
 	public function __construct(\phpbb\db\driver\driver_interface $db, \phpbb\user $user, $oauth_token_table, $oauth_state_table)
 	{
-		$this->db = $db;
-		$this->user = $user;
+		$this->db	= $db;
+		$this->user	= $user;
+
 		$this->oauth_token_table = $oauth_token_table;
 		$this->oauth_state_table = $oauth_state_table;
 	}
 
 	/**
-	* {@inheritdoc}
-	*/
+	 * {@inheritdoc}
+	 */
 	public function retrieveAccessToken($service)
 	{
 		$service = $this->get_service_name_for_db($service);
@@ -90,10 +71,10 @@ class token_storage implements TokenStorageInterface
 			return $this->cachedToken;
 		}
 
-		$data = array(
+		$data = [
 			'user_id'	=> (int) $this->user->data['user_id'],
 			'provider'	=> $service,
-		);
+		];
 
 		if ((int) $this->user->data['user_id'] === ANONYMOUS)
 		{
@@ -104,33 +85,38 @@ class token_storage implements TokenStorageInterface
 	}
 
 	/**
-	* {@inheritdoc}
-	*/
+	 * {@inheritdoc}
+	 */
 	public function storeAccessToken($service, TokenInterface $token)
 	{
 		$service = $this->get_service_name_for_db($service);
 
 		$this->cachedToken = $token;
 
-		$data = array(
+		$data = [
 			'oauth_token'	=> $this->json_encode_token($token),
-		);
+		];
 
 		$sql = 'UPDATE ' . $this->oauth_token_table . '
-				SET ' . $this->db->sql_build_array('UPDATE', $data) . '
-				WHERE user_id = ' . (int) $this->user->data['user_id'] . '
-					' . ((int) $this->user->data['user_id'] === ANONYMOUS ? "AND session_id = '" . $this->db->sql_escape($this->user->data['session_id']) . "'" : '') . "
-					AND provider = '" . $this->db->sql_escape($service) . "'";
+			SET ' . $this->db->sql_build_array('UPDATE', $data) . '
+			WHERE user_id = ' . (int) $this->user->data['user_id'] . "
+				AND provider = '" . $this->db->sql_escape($service) . "'";
+
+		if ((int) $this->user->data['user_id'] === ANONYMOUS)
+		{
+			$sql .= " AND session_id = '" . $this->db->sql_escape($this->user->data['session_id']) . "'";
+		}
+
 		$this->db->sql_query($sql);
 
 		if (!$this->db->sql_affectedrows())
 		{
-			$data = array(
+			$data = [
 				'user_id'		=> (int) $this->user->data['user_id'],
 				'provider'		=> $service,
 				'oauth_token'	=> $this->json_encode_token($token),
 				'session_id'	=> $this->user->data['session_id'],
-			);
+			];
 
 			$sql = 'INSERT INTO ' . $this->oauth_token_table . $this->db->sql_build_array('INSERT', $data);
 
@@ -141,8 +127,8 @@ class token_storage implements TokenStorageInterface
 	}
 
 	/**
-	* {@inheritdoc}
-	*/
+	 * {@inheritdoc}
+	 */
 	public function hasAccessToken($service)
 	{
 		$service = $this->get_service_name_for_db($service);
@@ -152,22 +138,22 @@ class token_storage implements TokenStorageInterface
 			return true;
 		}
 
-		$data = array(
+		$data = [
 			'user_id'	=> (int) $this->user->data['user_id'],
 			'provider'	=> $service,
-		);
+		];
 
 		if ((int) $this->user->data['user_id'] === ANONYMOUS)
 		{
 			$data['session_id']	= $this->user->data['session_id'];
 		}
 
-		return $this->_has_acess_token($data);
+		return $this->has_access_token($data);
 	}
 
 	/**
-	* {@inheritdoc}
-	*/
+	 * {@inheritdoc}
+	 */
 	public function clearToken($service)
 	{
 		$service = $this->get_service_name_for_db($service);
@@ -189,13 +175,13 @@ class token_storage implements TokenStorageInterface
 	}
 
 	/**
-	* {@inheritdoc}
-	*/
+	 * {@inheritdoc}
+	 */
 	public function clearAllTokens()
 	{
 		$this->cachedToken = null;
 
-		$sql = 'DELETE FROM ' . $this->oauth_token_table . '
+		$sql = 'DELETE FROM ' . $this->oauth_token_table . ' 
 			WHERE user_id = ' . (int) $this->user->data['user_id'];
 
 		if ((int) $this->user->data['user_id'] === ANONYMOUS)
@@ -209,31 +195,30 @@ class token_storage implements TokenStorageInterface
 	}
 
 	/**
-	* {@inheritdoc}
-	*/
+	 * {@inheritdoc}
+	 */
 	public function storeAuthorizationState($service, $state)
 	{
 		$service = $this->get_service_name_for_db($service);
 
 		$this->cachedState = $state;
 
-		$data = array(
+		$data = [
 			'user_id'		=> (int) $this->user->data['user_id'],
 			'provider'		=> $service,
 			'oauth_state'	=> $state,
 			'session_id'	=> $this->user->data['session_id'],
-		);
+		];
 
-		$sql = 'INSERT INTO ' . $this->oauth_state_table . '
-			' . $this->db->sql_build_array('INSERT', $data);
+		$sql = 'INSERT INTO ' . $this->oauth_state_table . ' ' . $this->db->sql_build_array('INSERT', $data);
 		$this->db->sql_query($sql);
 
 		return $this;
 	}
 
 	/**
-	* {@inheritdoc}
-	*/
+	 * {@inheritdoc}
+	 */
 	public function hasAuthorizationState($service)
 	{
 		$service = $this->get_service_name_for_db($service);
@@ -243,10 +228,10 @@ class token_storage implements TokenStorageInterface
 			return true;
 		}
 
-		$data = array(
+		$data = [
 			'user_id'	=> (int) $this->user->data['user_id'],
 			'provider'	=> $service,
-		);
+		];
 
 		if ((int) $this->user->data['user_id'] === ANONYMOUS)
 		{
@@ -257,8 +242,8 @@ class token_storage implements TokenStorageInterface
 	}
 
 	/**
-	* {@inheritdoc}
-	*/
+	 * {@inheritdoc}
+	 */
 	public function retrieveAuthorizationState($service)
 	{
 		$service = $this->get_service_name_for_db($service);
@@ -268,10 +253,10 @@ class token_storage implements TokenStorageInterface
 			return $this->cachedState;
 		}
 
-		$data = array(
+		$data = [
 			'user_id'	=> (int) $this->user->data['user_id'],
 			'provider'	=> $service,
-		);
+		];
 
 		if ((int) $this->user->data['user_id'] === ANONYMOUS)
 		{
@@ -282,8 +267,8 @@ class token_storage implements TokenStorageInterface
 	}
 
 	/**
-	* {@inheritdoc}
-	*/
+	 * {@inheritdoc}
+	 */
 	public function clearAuthorizationState($service)
 	{
 		$service = $this->get_service_name_for_db($service);
@@ -305,8 +290,8 @@ class token_storage implements TokenStorageInterface
 	}
 
 	/**
-	* {@inheritdoc}
-	*/
+	 * {@inheritdoc}
+	 */
 	public function clearAllAuthorizationStates()
 	{
 		$this->cachedState = null;
@@ -325,10 +310,11 @@ class token_storage implements TokenStorageInterface
 	}
 
 	/**
-	* Updates the user_id field in the database assosciated with the token
-	*
-	* @param	int	$user_id
-	*/
+	 * Updates the user_id field in the database associated with the token.
+	 *
+	 * @param int		$user_id	The user identifier
+	 * @return void
+	 */
 	public function set_user_id($user_id)
 	{
 		if (!$this->cachedToken)
@@ -336,21 +322,24 @@ class token_storage implements TokenStorageInterface
 			return;
 		}
 
+		$data = [
+			'user_id' => (int) $user_id,
+		];
+
 		$sql = 'UPDATE ' . $this->oauth_token_table . '
-			SET ' . $this->db->sql_build_array('UPDATE', array(
-					'user_id' => (int) $user_id
-				)) . '
-				WHERE user_id = ' . (int) $this->user->data['user_id'] . "
-					AND session_id = '" . $this->db->sql_escape($this->user->data['session_id']) . "'";
+			SET ' . $this->db->sql_build_array('UPDATE', $data) . '
+			WHERE user_id = ' . (int) $this->user->data['user_id'] . "
+				AND session_id = '" . $this->db->sql_escape($this->user->data['session_id']) . "'";
 		$this->db->sql_query($sql);
 	}
 
 	/**
-	* Checks to see if an access token exists solely by the session_id of the user
-	*
-	* @param	string	$service	The name of the OAuth service
-	* @return	bool	true if they have token, false if they don't
-	*/
+	 * Checks to see if an access token exists solely by the session_id of the user.
+	 *
+	 * @param string	$service	The OAuth service name
+	 * @return bool					true if the user's access token exists,
+	 * 								false if the user's access token does not exist
+	 */
 	public function has_access_token_by_session($service)
 	{
 		$service = $this->get_service_name_for_db($service);
@@ -360,20 +349,21 @@ class token_storage implements TokenStorageInterface
 			return true;
 		}
 
-		$data = array(
+		$data = [
 			'session_id'	=> $this->user->data['session_id'],
 			'provider'		=> $service,
-		);
+		];
 
-		return $this->_has_acess_token($data);
+		return $this->has_access_token($data);
 	}
 
 	/**
-	* Checks to see if a state exists solely by the session_id of the user
-	*
-	* @param	string	$service	The name of the OAuth service
-	* @return	bool	true if they have state, false if they don't
-	*/
+	 * Checks to see if a state exists solely by the session_id of the user.
+	 *
+	 * @param string	$service	The OAuth service name
+	 * @return bool					true if the user's state exists,
+	 * 								false if the user's state does not exist
+	 */
 	public function has_state_by_session($service)
 	{
 		$service = $this->get_service_name_for_db($service);
@@ -383,25 +373,34 @@ class token_storage implements TokenStorageInterface
 			return true;
 		}
 
-		$data = array(
+		$data = [
 			'session_id'	=> $this->user->data['session_id'],
 			'provider'		=> $service,
-		);
+		];
 
 		return (bool) $this->get_state_row($data);
 	}
 
 	/**
-	* A helper function that performs the query for has access token functions
-	*
-	* @param	array	$data
-	* @return	bool
-	*/
-	protected function _has_acess_token($data)
+	 * A helper function that performs the query for has access token functions.
+	 *
+	 * @param array		$data		The SQL WHERE data
+	 * @return bool					true if the user's access token exists,
+	 * 								false if the user's access token does not exist
+	 */
+	protected function has_access_token($data)
 	{
 		return (bool) $this->get_access_token_row($data);
 	}
 
+	/**
+	 * A helper function that performs the query for retrieving access token functions by session.
+	 * Also checks if the token is a valid token.
+	 *
+	 * @param string	$service	The OAuth service provider name
+	 * @return TokenInterface
+	 * @throws TokenNotFoundException
+	 */
 	public function retrieve_access_token_by_session($service)
 	{
 		$service = $this->get_service_name_for_db($service);
@@ -411,14 +410,21 @@ class token_storage implements TokenStorageInterface
 			return $this->cachedToken;
 		}
 
-		$data = array(
+		$data = [
 			'session_id'	=> $this->user->data['session_id'],
-			'provider'	=> $service,
-		);
+			'provider'		=> $service,
+		];
 
 		return $this->_retrieve_access_token($data);
 	}
 
+	/**
+	 * A helper function that performs the query for retrieving state functions by session.
+	 *
+	 * @param string	$service	The OAuth service provider name
+	 * @return string				The OAuth state
+	 * @throws AuthorizationStateNotFoundException
+	 */
 	public function retrieve_state_by_session($service)
 	{
 		$service = $this->get_service_name_for_db($service);
@@ -428,22 +434,22 @@ class token_storage implements TokenStorageInterface
 			return $this->cachedState;
 		}
 
-		$data = array(
+		$data = [
 			'session_id'	=> $this->user->data['session_id'],
-			'provider'	=> $service,
-		);
+			'provider'		=> $service,
+		];
 
 		return $this->_retrieve_state($data);
 	}
 
 	/**
-	* A helper function that performs the query for retrieve access token functions
-	* Also checks if the token is a valid token
-	*
-	* @param	array	$data
-	* @return	mixed
-	* @throws \OAuth\Common\Storage\Exception\TokenNotFoundException
-	*/
+	 * A helper function that performs the query for retrieve access token functions.
+	 * Also checks if the token is a valid token.
+	 *
+	 * @param array		$data		The SQL WHERE data
+	 * @return TokenInterface
+	 * @throws TokenNotFoundException
+	 */
 	protected function _retrieve_access_token($data)
 	{
 		$row = $this->get_access_token_row($data);
@@ -459,19 +465,21 @@ class token_storage implements TokenStorageInterface
 		if (!($token instanceof TokenInterface))
 		{
 			$this->clearToken($data['provider']);
+
 			throw new TokenNotFoundException('AUTH_PROVIDER_OAUTH_TOKEN_ERROR_INCORRECTLY_STORED');
 		}
 
 		$this->cachedToken = $token;
+
 		return $token;
 	}
 
 	/**
-	 * A helper function that performs the query for retrieve state functions
+	 * A helper function that performs the query for retrieve state functions.
 	 *
-	 * @param	array	$data
-	 * @return	mixed
-	 * @throws \OAuth\Common\Storage\Exception\AuthorizationStateNotFoundException
+	 * @param array		$data		The SQL WHERE data
+	 * @return string				The OAuth state
+	 * @throws AuthorizationStateNotFoundException
 	 */
 	protected function _retrieve_state($data)
 	{
@@ -483,18 +491,21 @@ class token_storage implements TokenStorageInterface
 		}
 
 		$this->cachedState = $row['oauth_state'];
+
 		return $this->cachedState;
 	}
 
 	/**
-	* A helper function that performs the query for retrieving an access token
-	*
-	* @param	array	$data
-	* @return	mixed
-	*/
+	 * A helper function that performs the query for retrieving an access token.
+	 *
+	 * @param array		$data		The SQL WHERE data
+	 * @return array|false			array with the OAuth token row,
+	 *                       		false if the token does not exist
+	 */
 	protected function get_access_token_row($data)
 	{
-		$sql = 'SELECT oauth_token FROM ' . $this->oauth_token_table . '
+		$sql = 'SELECT oauth_token 
+			FROM ' . $this->oauth_token_table . '
 			WHERE ' . $this->db->sql_build_array('SELECT', $data);
 		$result = $this->db->sql_query($sql);
 		$row = $this->db->sql_fetchrow($result);
@@ -504,14 +515,16 @@ class token_storage implements TokenStorageInterface
 	}
 
 	/**
-	 * A helper function that performs the query for retrieving a state
+	 * A helper function that performs the query for retrieving a state.
 	 *
-	 * @param	array	$data
-	 * @return	mixed
+	 * @param array		$data		The SQL WHERE data
+	 * @return array|false			array with the OAuth state row,
+	 *                       		false if the state does not exist
 	 */
 	protected function get_state_row($data)
 	{
-		$sql = 'SELECT oauth_state FROM ' . $this->oauth_state_table . '
+		$sql = 'SELECT oauth_state 
+			FROM ' . $this->oauth_state_table . '
 			WHERE ' . $this->db->sql_build_array('SELECT', $data);
 		$result = $this->db->sql_query($sql);
 		$row = $this->db->sql_fetchrow($result);
@@ -520,16 +533,22 @@ class token_storage implements TokenStorageInterface
 		return $row;
 	}
 
+	/**
+	 * A helper function that JSON encodes a TokenInterface's data.
+	 *
+	 * @param TokenInterface	$token
+	 * @return string					The json encoded TokenInterface's data
+	 */
 	public function json_encode_token(TokenInterface $token)
 	{
-		$members = array(
+		$members = [
 			'accessToken'	=> $token->getAccessToken(),
 			'endOfLife'		=> $token->getEndOfLife(),
 			'extraParams'	=> $token->getExtraParams(),
 			'refreshToken'	=> $token->getRefreshToken(),
 
 			'token_class'	=> get_class($token),
-		);
+		];
 
 		// Handle additional data needed for OAuth1 tokens
 		if ($token instanceof StdOAuth1Token)
@@ -542,6 +561,13 @@ class token_storage implements TokenStorageInterface
 		return json_encode($members);
 	}
 
+	/**
+	 * A helper function that JSON decodes a data string and creates a TokenInterface.
+	 *
+	 * @param string	$json			The json encoded TokenInterface's data
+	 * @return TokenInterface
+	 * @throws TokenNotFoundException
+	 */
 	public function json_decode_token($json)
 	{
 		$token_data = json_decode($json, true);
@@ -557,7 +583,10 @@ class token_storage implements TokenStorageInterface
 		$endOfLife		= $token_data['endOfLife'];
 		$extra_params	= $token_data['extraParams'];
 
-		// Create the token
+		/**
+		 * Create the token
+		 * @var TokenInterface	$token
+		 */
 		$token = new $token_class($access_token, $refresh_token, TokenInterface::EOL_NEVER_EXPIRES, $extra_params);
 		$token->setEndOfLife($endOfLife);
 
@@ -573,20 +602,19 @@ class token_storage implements TokenStorageInterface
 	}
 
 	/**
-	* Returns the name of the service as it must be stored in the database.
-	*
-	* @param	string	$service	The name of the OAuth service
-	* @return	string	The name of the OAuth service as it needs to be stored
-	*					in the database.
-	*/
-	protected function get_service_name_for_db($service)
+	 * Returns the service name as it must be stored in the database.
+	 *
+	 * @param string	$provider	The OAuth provider name
+	 * @return string				The OAuth service name
+	 */
+	protected function get_service_name_for_db($provider)
 	{
 		// Enforce the naming convention for oauth services
-		if (strpos($service, 'auth.provider.oauth.service.') !== 0)
+		if (strpos($provider, 'auth.provider.oauth.service.') !== 0)
 		{
-			$service = 'auth.provider.oauth.service.' . strtolower($service);
+			$provider = 'auth.provider.oauth.service.' . strtolower($provider);
 		}
 
-		return $service;
+		return $provider;
 	}
 }

phpBB/phpbb/auth/provider/provider_interface.php

@@ -53,7 +53,7 @@ interface provider_interface
 	 * Autologin function
 	 *
 	 * @return 	array|null	containing the user row, empty if no auto login
-	 * 						should take place, or null if not impletmented.
+	 * 						should take place, or null if not implemented.
 	 */
 	public function autologin();
 
@@ -68,7 +68,7 @@ interface provider_interface
 
 	/**
 	 * This function updates the template with variables related to the acp
-	 * options with whatever configuraton values are passed to it as an array.
+	 * options with whatever configuration values are passed to it as an array.
 	 * It then returns the name of the acp file related to this authentication
 	 * provider.
 	 *

phpBB/phpbb/cache/driver/memcache.php

@@ -1,122 +0,0 @@
-<?php
-/**
-*
-* This file is part of the phpBB Forum Software package.
-*
-* @copyright (c) phpBB Limited <https://www.phpbb.com>
-* @license GNU General Public License, version 2 (GPL-2.0)
-*
-* For full copyright and license information, please see
-* the docs/CREDITS.txt file.
-*
-*/
-
-namespace phpbb\cache\driver;
-
-if (!defined('PHPBB_ACM_MEMCACHE_PORT'))
-{
-	define('PHPBB_ACM_MEMCACHE_PORT', 11211);
-}
-
-if (!defined('PHPBB_ACM_MEMCACHE_COMPRESS'))
-{
-	define('PHPBB_ACM_MEMCACHE_COMPRESS', false);
-}
-
-if (!defined('PHPBB_ACM_MEMCACHE_HOST'))
-{
-	define('PHPBB_ACM_MEMCACHE_HOST', 'localhost');
-}
-
-if (!defined('PHPBB_ACM_MEMCACHE'))
-{
-	//can define multiple servers with host1/port1,host2/port2 format
-	define('PHPBB_ACM_MEMCACHE', PHPBB_ACM_MEMCACHE_HOST . '/' . PHPBB_ACM_MEMCACHE_PORT);
-}
-
-/**
-* ACM for Memcached
-*/
-class memcache extends \phpbb\cache\driver\memory
-{
-	var $extension = 'memcache';
-
-	var $memcache;
-	var $flags = 0;
-
-	function __construct()
-	{
-		// Call the parent constructor
-		parent::__construct();
-
-		$this->memcache = new \Memcache;
-		foreach (explode(',', PHPBB_ACM_MEMCACHE) as $u)
-		{
-			preg_match('#(.*)/(\d+)#', $u, $parts);
-			$this->memcache->addServer(trim($parts[1]), (int) trim($parts[2]));
-		}
-		$this->flags = (PHPBB_ACM_MEMCACHE_COMPRESS) ? MEMCACHE_COMPRESSED : 0;
-	}
-
-	/**
-	* {@inheritDoc}
-	*/
-	function unload()
-	{
-		parent::unload();
-
-		$this->memcache->close();
-	}
-
-	/**
-	* {@inheritDoc}
-	*/
-	function purge()
-	{
-		$this->memcache->flush();
-
-		parent::purge();
-	}
-
-	/**
-	* Fetch an item from the cache
-	*
-	* @access protected
-	* @param string $var Cache key
-	* @return mixed Cached data
-	*/
-	function _read($var)
-	{
-		return $this->memcache->get($this->key_prefix . $var);
-	}
-
-	/**
-	* Store data in the cache
-	*
-	* @access protected
-	* @param string $var Cache key
-	* @param mixed $data Data to store
-	* @param int $ttl Time-to-live of cached data
-	* @return bool True if the operation succeeded
-	*/
-	function _write($var, $data, $ttl = 2592000)
-	{
-		if (!$this->memcache->replace($this->key_prefix . $var, $data, $this->flags, $ttl))
-		{
-			return $this->memcache->set($this->key_prefix . $var, $data, $this->flags, $ttl);
-		}
-		return true;
-	}
-
-	/**
-	* Remove an item from the cache
-	*
-	* @access protected
-	* @param string $var Cache key
-	* @return bool True if the operation succeeded
-	*/
-	function _delete($var)
-	{
-		return $this->memcache->delete($this->key_prefix . $var);
-	}
-}

phpBB/phpbb/cache/driver/memcached.php

@@ -50,12 +50,16 @@ class memcached extends \phpbb\cache\driver\memory
 
 	/**
 	 * Memcached constructor
+	 *
+	 * @param string $memcached_servers Memcached servers string (optional)
 	 */
-	public function __construct()
+	public function __construct($memcached_servers = '')
 	{
 		// Call the parent constructor
 		parent::__construct();
 
+		$memcached_servers = $memcached_servers ?: PHPBB_ACM_MEMCACHED;
+
 		$this->memcached = new \Memcached();
 		$this->memcached->setOption(\Memcached::OPT_BINARY_PROTOCOL, true);
 		// Memcached defaults to using compression, disable if we don't want
@@ -65,10 +69,20 @@ class memcached extends \phpbb\cache\driver\memory
 			$this->memcached->setOption(\Memcached::OPT_COMPRESSION, false);
 		}
 
-		foreach (explode(',', PHPBB_ACM_MEMCACHED) as $u)
+		$server_list = [];
+		foreach (explode(',', $memcached_servers) as $u)
 		{
-			preg_match('#(.*)/(\d+)#', $u, $parts);
-			$this->memcached->addServer(trim($parts[1]), (int) trim($parts[2]));
+			if (preg_match('#(.*)/(\d+)#', $u, $parts))
+			{
+				$server_list[] = [trim($parts[1]), (int) trim($parts[2])];
+			}
+		}
+
+		$this->memcached->addServers($server_list);
+
+		if (empty($server_list) || empty($this->memcached->getStats()))
+		{
+			trigger_error('Could not connect to memcached server(s).');
 		}
 	}
 

phpBB/phpbb/captcha/non_gd.php

@@ -78,7 +78,7 @@ class non_gd
 
 				for ($j = 0; $j < $code_len; $j++)
 				{
-					$image .= $this->randomise(substr($hold_chars[$code{$j}][$i - $offset_y - 1], 1), $char_widths[$j]);
+					$image .= $this->randomise(substr($hold_chars[$code[$j]][$i - $offset_y - 1], 1), $char_widths[$j]);
 				}
 
 				for ($j = $offset_x + $img_width; $j < $this->width; $j++)
@@ -117,7 +117,7 @@ class non_gd
 		$end = strlen($scanline) - ceil($width/2);
 		for ($i = (int) floor($width / 2); $i < $end; $i++)
 		{
-			$pixel = ord($scanline{$i});
+			$pixel = ord($scanline[$i]);
 
 			if ($pixel < 190)
 			{
@@ -129,7 +129,7 @@ class non_gd
 			}
 			else
 			{
-				$new_line .= $scanline{$i};
+				$new_line .= $scanline[$i];
 			}
 		}
 

phpBB/phpbb/console/command/extension/enable.php

@@ -46,9 +46,11 @@ class enable extends command
 
 		$extension = $this->manager->get_extension($name);
 
-		if (!$extension->is_enableable())
+		if (($enableable = $extension->is_enableable()) !== true)
 		{
-			$io->error($this->user->lang('CLI_EXTENSION_NOT_ENABLEABLE', $name));
+			$message = !empty($enableable) ? $enableable : $this->user->lang('CLI_EXTENSION_NOT_ENABLEABLE', $name);
+			$message = is_array($message) ? implode(PHP_EOL, $message) : $message;
+			$io->error($message);
 			return 1;
 		}
 
@@ -69,10 +71,7 @@ class enable extends command
 		}
 		else
 		{
-			$enableable = $this->manager->get_extension($name)->is_enableable();
-			$message = !empty($enableable) ? $enableable : $this->user->lang('CLI_EXTENSION_ENABLE_FAILURE');
-			$message = is_array($message) ? implode(PHP_EOL, $message) : $message;
-			$io->error($message, $name);
+			$io->error($this->user->lang('CLI_EXTENSION_ENABLE_FAILURE', $name));
 			return 1;
 		}
 	}

phpBB/phpbb/console/command/fixup/recalculate_email_hash.php

@@ -1,76 +0,0 @@
-<?php
-/**
-*
-* This file is part of the phpBB Forum Software package.
-*
-* @copyright (c) phpBB Limited <https://www.phpbb.com>
-* @license GNU General Public License, version 2 (GPL-2.0)
-*
-* For full copyright and license information, please see
-* the docs/CREDITS.txt file.
-*
-*/
-namespace phpbb\console\command\fixup;
-
-use Symfony\Component\Console\Input\InputInterface;
-use Symfony\Component\Console\Output\OutputInterface;
-use Symfony\Component\Console\Style\SymfonyStyle;
-
-class recalculate_email_hash extends \phpbb\console\command\command
-{
-	/** @var \phpbb\db\driver\driver_interface */
-	protected $db;
-
-	public function __construct(\phpbb\user $user, \phpbb\db\driver\driver_interface $db)
-	{
-		$this->db = $db;
-
-		parent::__construct($user);
-	}
-
-	protected function configure()
-	{
-		$this
-			->setName('fixup:recalculate-email-hash')
-			->setDescription($this->user->lang('CLI_DESCRIPTION_RECALCULATE_EMAIL_HASH'))
-		;
-	}
-
-	protected function execute(InputInterface $input, OutputInterface $output)
-	{
-		$io = new SymfonyStyle($input, $output);
-
-		$sql = 'SELECT user_id, user_email, user_email_hash
-			FROM ' . USERS_TABLE . '
-			WHERE user_type <> ' . USER_IGNORE . "
-				AND user_email <> ''";
-		$result = $this->db->sql_query($sql);
-
-		while ($row = $this->db->sql_fetchrow($result))
-		{
-			$user_email_hash = phpbb_email_hash($row['user_email']);
-			if ($user_email_hash !== $row['user_email_hash'])
-			{
-				$sql_ary = array(
-					'user_email_hash'	=> $user_email_hash,
-				);
-
-				$sql = 'UPDATE ' . USERS_TABLE . '
-					SET ' . $this->db->sql_build_array('UPDATE', $sql_ary) . '
-					WHERE user_id = ' . (int) $row['user_id'];
-				$this->db->sql_query($sql);
-
-				if ($output->getVerbosity() >= OutputInterface::VERBOSITY_DEBUG)
-				{
-					$io->table(
-						array('user_id', 'user_email', 'user_email_hash'),
-						array(array($row['user_id'], $row['user_email'], $user_email_hash))
-					);
-				}
-			}
-		}
-		$this->db->sql_freeresult($result);
-
-		$io->success($this->user->lang('CLI_FIXUP_RECALCULATE_EMAIL_HASH_SUCCESS'));
-	}
-}

phpBB/phpbb/content_visibility.php

@@ -144,7 +144,14 @@ class content_visibility
 	*/
 	public function is_visible($mode, $forum_id, $data)
 	{
-		$is_visible = $this->auth->acl_get('m_approve', $forum_id) || $data[$mode . '_visibility'] == ITEM_APPROVED;
+		$visibility = $data[$mode . '_visibility'];
+		$poster_key = ($mode === 'topic') ? 'topic_poster' : 'poster_id';
+		$is_visible = ($visibility == ITEM_APPROVED) ||
+			($this->config['display_unapproved_posts'] &&
+				($this->user->data['user_id'] != ANONYMOUS) &&
+				($visibility == ITEM_UNAPPROVED || $visibility == ITEM_REAPPROVE) &&
+				($this->user->data['user_id'] == $data[$poster_key])) ||
+			 $this->auth->acl_get('m_approve', $forum_id);
 
 		/**
 		* Allow changing the result of calling is_visible
@@ -216,9 +223,16 @@ class content_visibility
 		}
 		else
 		{
-			$where_sql .= $table_alias . $mode . '_visibility = ' . ITEM_APPROVED;
-		}
+			$visibility_query = $table_alias . $mode . '_visibility = ';
 
+			$where_sql .= '(' . $visibility_query . ITEM_APPROVED . ')';
+			if ($this->config['display_unapproved_posts'] && ($this->user->data['user_id'] != ANONYMOUS))
+			{
+				$poster_key = ($mode === 'topic') ? 'topic_poster' : 'poster_id';
+				$where_sql .= ' OR ((' . $visibility_query . ITEM_UNAPPROVED . ' OR ' . $visibility_query . ITEM_REAPPROVE .')';
+				$where_sql .= ' AND ' . $table_alias . $poster_key . ' = ' . ((int) $this->user->data['user_id']) . ')';
+			}
+		}
 		return '(' . $where_sql . ')';
 	}
 

phpBB/phpbb/db/migration/data/v330/add_display_unapproved_posts_config.php

@@ -0,0 +1,24 @@
+<?php
+/**
+*
+* This file is part of the phpBB Forum Software package.
+*
+* @copyright (c) phpBB Limited <https://www.phpbb.com>
+* @license GNU General Public License, version 2 (GPL-2.0)
+*
+* For full copyright and license information, please see
+* the docs/CREDITS.txt file.
+*
+*/
+
+namespace phpbb\db\migration\data\v330;
+
+class add_display_unapproved_posts_config extends \phpbb\db\migration\migration
+{
+	public function update_data()
+	{
+		return [
+			['config.add', ['display_unapproved_posts', 1]],
+		];
+	}
+}

phpBB/phpbb/db/migration/data/v330/forums_legend_limit.php

@@ -0,0 +1,49 @@
+<?php
+/**
+*
+* This file is part of the phpBB Forum Software package.
+*
+* @copyright (c) phpBB Limited <https://www.phpbb.com>
+* @license GNU General Public License, version 2 (GPL-2.0)
+*
+* For full copyright and license information, please see
+* the docs/CREDITS.txt file.
+*
+*/
+
+namespace phpbb\db\migration\data\v330;
+
+class forums_legend_limit extends \phpbb\db\migration\migration
+{
+	public function effectively_installed()
+	{
+		return $this->db_tools->sql_column_exists($this->table_prefix . 'forums', 'display_subforum_limit');
+	}
+
+	static public function depends_on()
+	{
+		return ['\phpbb\db\migration\data\v330\v330b1'];
+	}
+
+	public function update_schema()
+	{
+		return [
+			'add_columns'		=> [
+				$this->table_prefix . 'forums'	=> [
+					'display_subforum_limit'	=> ['BOOL', 0, 'after' => 'display_subforum_list'],
+				],
+			],
+		];
+	}
+
+	public function revert_schema()
+	{
+		return [
+			'drop_columns'		=> [
+				$this->table_prefix . 'forums'		=> [
+					'display_subforum_limit',
+				],
+			],
+		];
+	}
+}

phpBB/phpbb/db/migration/data/v330/remove_email_hash.php

@@ -0,0 +1,57 @@
+<?php
+/**
+ *
+ * This file is part of the phpBB Forum Software package.
+ *
+ * @copyright (c) phpBB Limited <https://www.phpbb.com>
+ * @license GNU General Public License, version 2 (GPL-2.0)
+ *
+ * For full copyright and license information, please see
+ * the docs/CREDITS.txt file.
+ *
+ */
+
+namespace phpbb\db\migration\data\v330;
+
+class remove_email_hash extends \phpbb\db\migration\migration
+{
+	public function update_schema()
+	{
+		return [
+			'add_index' => [
+				$this->table_prefix . 'users' => [
+					'user_email' => ['user_email'],
+				],
+			],
+			'drop_keys' => [
+				$this->table_prefix . 'users' => [
+					'user_email_hash',
+				],
+			],
+			'drop_columns' => [
+				$this->table_prefix . 'users' => ['user_email_hash'],
+			],
+		];
+	}
+
+	public function revert_schema()
+	{
+		return [
+			'add_columns' => [
+				$this->table_prefix . 'users' => [
+					'user_email_hash' => ['BINT', 0],
+				],
+			],
+			'add_index' => [
+				$this->table_prefix . 'users' => [
+					'user_email_hash',
+				],
+			],
+			'drop_keys' => [
+				$this->table_prefix . 'users' => [
+					'user_email' => ['user_email'],
+				],
+			],
+		];
+	}
+}

phpBB/phpbb/db/migration/data/v330/v330b2.php

@@ -0,0 +1,38 @@
+<?php
+/**
+*
+* This file is part of the phpBB Forum Software package.
+*
+* @copyright (c) phpBB Limited <https://www.phpbb.com>
+* @license GNU General Public License, version 2 (GPL-2.0)
+*
+* For full copyright and license information, please see
+* the docs/CREDITS.txt file.
+*
+*/
+
+namespace phpbb\db\migration\data\v330;
+
+class v330b2 extends \phpbb\db\migration\migration
+{
+	public function effectively_installed()
+	{
+		return version_compare($this->config['version'], '3.3.0-b2', '>=');
+	}
+
+	static public function depends_on()
+	{
+		return array(
+			'\phpbb\db\migration\data\v330\add_display_unapproved_posts_config',
+			'\phpbb\db\migration\data\v330\forums_legend_limit',
+			'\phpbb\db\migration\data\v330\remove_email_hash',
+		);
+	}
+
+	public function update_data()
+	{
+		return array(
+			array('config.update', array('version', '3.3.0-b2')),
+		);
+	}
+}

phpBB/phpbb/db/migration/data/v330/v330rc1.php

@@ -0,0 +1,36 @@
+<?php
+/**
+*
+* This file is part of the phpBB Forum Software package.
+*
+* @copyright (c) phpBB Limited <https://www.phpbb.com>
+* @license GNU General Public License, version 2 (GPL-2.0)
+*
+* For full copyright and license information, please see
+* the docs/CREDITS.txt file.
+*
+*/
+
+namespace phpbb\db\migration\data\v330;
+
+class v330rc1 extends \phpbb\db\migration\migration
+{
+	public function effectively_installed()
+	{
+		return version_compare($this->config['version'], '3.3.0-RC1', '>=');
+	}
+
+	static public function depends_on()
+	{
+		return array(
+			'\phpbb\db\migration\data\v330\v330b2',
+		);
+	}
+
+	public function update_data()
+	{
+		return array(
+			array('config.update', array('version', '3.3.0-RC1')),
+		);
+	}
+}

phpBB/phpbb/di/service_collection.php

@@ -49,21 +49,6 @@ class service_collection extends \ArrayObject
 		return new service_collection_iterator($this);
 	}
 
-	// Because of a PHP issue we have to redefine offsetExists
-	// (even with a call to the parent):
-	// 		https://bugs.php.net/bug.php?id=66834
-	// 		https://bugs.php.net/bug.php?id=67067
-	// But it triggers a sniffer issue that we have to skip
-	// @codingStandardsIgnoreStart
-	/**
-	* {@inheritdoc}
-	*/
-	public function offsetExists($index)
-	{
-		return parent::offsetExists($index);
-	}
-	// @codingStandardsIgnoreEnd
-
 	/**
 	* {@inheritdoc}
 	*/
@@ -76,11 +61,11 @@ class service_collection extends \ArrayObject
 	* Add a service to the collection
 	*
 	* @param string $name The service name
-	* @return null
+	* @return void
 	*/
 	public function add($name)
 	{
-		$this->offsetSet($name, null);
+		$this->offsetSet($name, false);
 	}
 
 	/**

phpBB/phpbb/install/module/install_database/task/add_config_settings.php

@@ -245,7 +245,6 @@ class add_config_settings extends \phpbb\install\task_base
 					user_lang = '" . $this->db->sql_escape($this->install_config->get('user_language', 'en')) . "',
 					user_email='" . $this->db->sql_escape($this->install_config->get('board_email')) . "',
 					user_dateformat='" . $this->db->sql_escape($this->language->lang('default_dateformat')) . "',
-					user_email_hash = " . $this->db->sql_escape(phpbb_email_hash($this->install_config->get('board_email'))) . ",
 					username_clean = '" . $this->db->sql_escape(utf8_clean_string($this->install_config->get('admin_name'))) . "'
 				WHERE username = 'Admin'",
 

phpBB/phpbb/plupload/plupload.php

@@ -274,22 +274,37 @@ class plupload
 	}
 
 	/**
-	* Checks various php.ini values and the maximum file size to determine
-	* the maximum size chunks a file can be split up into for upload
-	*
-	* @return int
-	*/
+	 * Checks various php.ini values to determine the maximum chunk
+	 * size a file should be split into for upload.
+	 *
+	 * The intention is to calculate a value which reflects whatever
+	 * the most restrictive limit is set to.  And to then set the chunk
+	 * size to half that value, to ensure any required transfer overhead
+	 * and POST data remains well within the limit.  Or, if all of the
+	 * limits are set to unlimited, the chunk size will also be unlimited.
+	 *
+	 * @return int
+	 *
+	 * @access public
+	 */
 	public function get_chunk_size()
 	{
-		$max = min(
+		$max = 0;
+
+		$limits = [
+			$this->php_ini->getBytes('memory_limit'),
 			$this->php_ini->getBytes('upload_max_filesize'),
 			$this->php_ini->getBytes('post_max_size'),
-			max(1, $this->php_ini->getBytes('memory_limit')),
-			$this->config['max_filesize']
-		);
+		];
+
+		foreach ($limits as $limit_type)
+		{
+			if ($limit_type > 0)
+			{
+				$max = ($max !== 0) ? min($limit_type, $max) : $limit_type;
+			}
+		}
 
-		// Use half of the maximum possible to leave plenty of room for other
-		// POST data.
 		return floor($max / 2);
 	}
 

phpBB/phpbb/session.php

@@ -250,8 +250,7 @@ class session
 			$ips = explode(' ', $this->forwarded_for);
 			foreach ($ips as $ip)
 			{
-				// check IPv4 first, the IPv6 is hopefully only going to be used very seldom
-				if (!empty($ip) && !preg_match(get_preg_expression('ipv4'), $ip) && !preg_match(get_preg_expression('ipv6'), $ip))
+				if (!filter_var($ip, FILTER_VALIDATE_IP))
 				{
 					// contains invalid data, don't use the forwarded for header
 					$this->forwarded_for = '';
@@ -311,49 +310,17 @@ class session
 
 		foreach ($ips as $ip)
 		{
-			if (function_exists('phpbb_ip_normalise'))
+			// Normalise IP address
+			$ip = phpbb_ip_normalise($ip);
+
+			if ($ip === false)
 			{
-				// Normalise IP address
-				$ip = phpbb_ip_normalise($ip);
-
-				if (empty($ip))
-				{
-					// IP address is invalid.
-					break;
-				}
-
-				// IP address is valid.
-				$this->ip = $ip;
-
-				// Skip legacy code.
-				continue;
-			}
-
-			if (preg_match(get_preg_expression('ipv4'), $ip))
-			{
-				$this->ip = $ip;
-			}
-			else if (preg_match(get_preg_expression('ipv6'), $ip))
-			{
-				// Quick check for IPv4-mapped address in IPv6
-				if (stripos($ip, '::ffff:') === 0)
-				{
-					$ipv4 = substr($ip, 7);
-
-					if (preg_match(get_preg_expression('ipv4'), $ipv4))
-					{
-						$ip = $ipv4;
-					}
-				}
-
-				$this->ip = $ip;
-			}
-			else
-			{
-				// We want to use the last valid address in the chain
-				// Leave foreach loop when address is invalid
+				// IP address is invalid.
 				break;
 			}
+
+			// IP address is valid.
+			$this->ip = $ip;
 		}
 
 		$this->load = false;
@@ -987,72 +954,96 @@ class session
 	{
 		global $db, $config, $phpbb_container, $phpbb_dispatcher;
 
-		$batch_size = 10;
-
 		if (!$this->time_now)
 		{
 			$this->time_now = time();
 		}
 
-		// Firstly, delete guest sessions
+		/**
+		 * Get expired sessions for registered users, only most recent for each user
+		 * Inner SELECT gets most recent expired sessions for unique session_user_id
+		 * Outer SELECT gets data for them
+		 */
+		$sql_select = 'SELECT s1.session_page, s1.session_user_id, s1.session_time AS recent_time
+			FROM ' . SESSIONS_TABLE . ' AS s1
+			INNER JOIN (
+				SELECT session_user_id, MAX(session_time) AS recent_time
+				FROM ' . SESSIONS_TABLE . '
+				WHERE session_time < ' . ($this->time_now - (int) $config['session_length']) . '
+					AND session_user_id <> ' . ANONYMOUS . '
+				GROUP BY session_user_id
+			) AS s2
+			ON s1.session_user_id = s2.session_user_id
+				AND s1.session_time = s2.recent_time';
+
+		switch ($db->get_sql_layer())
+		{
+			case 'sqlite3':
+				if (phpbb_version_compare($db->sql_server_info(true), '3.8.3', '>='))
+				{
+					// For SQLite versions 3.8.3+ which support Common Table Expressions (CTE)
+					$sql = "WITH s3 (session_page, session_user_id, session_time) AS ($sql_select)
+						UPDATE " . USERS_TABLE . '
+						SET (user_lastpage, user_lastvisit) = (SELECT session_page, session_time FROM s3 WHERE session_user_id = user_id)
+						WHERE EXISTS (SELECT session_user_id FROM s3 WHERE session_user_id = user_id)';
+					$db->sql_query($sql);
+
+					break;
+				}
+
+			// No break, for SQLite versions prior to 3.8.3 and Oracle
+			case 'oracle':
+				$result = $db->sql_query($sql_select);
+				while ($row = $db->sql_fetchrow($result))
+				{
+					$sql = 'UPDATE ' . USERS_TABLE . '
+						SET user_lastvisit = ' . (int) $row['recent_time'] . ", user_lastpage = '" . $db->sql_escape($row['session_page']) . "'
+						WHERE user_id = " . (int) $row['session_user_id'];
+					$db->sql_query($sql);
+				}
+				$db->sql_freeresult($result);
+			break;
+
+			case 'mysqli':
+				$sql = 'UPDATE ' . USERS_TABLE . " u,
+					($sql_select) s3
+					SET u.user_lastvisit = s3.recent_time, u.user_lastpage = s3.session_page
+					WHERE u.user_id = s3.session_user_id";
+				$db->sql_query($sql);
+			break;
+
+			default:
+				$sql = 'UPDATE ' . USERS_TABLE . "
+					SET user_lastvisit = s3.recent_time, user_lastpage = s3.session_page
+					FROM ($sql_select) s3
+					WHERE user_id = s3.session_user_id";
+				$db->sql_query($sql);
+			break;
+		}
+
+		// Delete all expired sessions
 		$sql = 'DELETE FROM ' . SESSIONS_TABLE . '
-			WHERE session_user_id = ' . ANONYMOUS . '
-				AND session_time < ' . (int) ($this->time_now - $config['session_length']);
+			WHERE session_time < ' . ($this->time_now - (int) $config['session_length']);
 		$db->sql_query($sql);
 
-		// Get expired sessions, only most recent for each user
-		$sql = 'SELECT session_user_id, session_page, MAX(session_time) AS recent_time
-			FROM ' . SESSIONS_TABLE . '
-			WHERE session_time < ' . ($this->time_now - $config['session_length']) . '
-			GROUP BY session_user_id, session_page';
-		$result = $db->sql_query_limit($sql, $batch_size);
+		// Update gc timer
+		$config->set('session_last_gc', $this->time_now, false);
 
-		$del_user_id = array();
-		$del_sessions = 0;
-
-		while ($row = $db->sql_fetchrow($result))
+		if ($config['max_autologin_time'])
 		{
-			$sql = 'UPDATE ' . USERS_TABLE . '
-				SET user_lastvisit = ' . (int) $row['recent_time'] . ", user_lastpage = '" . $db->sql_escape($row['session_page']) . "'
-				WHERE user_id = " . (int) $row['session_user_id'];
-			$db->sql_query($sql);
-
-			$del_user_id[] = (int) $row['session_user_id'];
-			$del_sessions++;
-		}
-		$db->sql_freeresult($result);
-
-		if (count($del_user_id))
-		{
-			// Delete expired sessions
-			$sql = 'DELETE FROM ' . SESSIONS_TABLE . '
-				WHERE ' . $db->sql_in_set('session_user_id', $del_user_id) . '
-					AND session_time < ' . ($this->time_now - $config['session_length']);
+			$sql = 'DELETE FROM ' . SESSIONS_KEYS_TABLE . '
+				WHERE last_login < ' . (time() - (86400 * (int) $config['max_autologin_time']));
 			$db->sql_query($sql);
 		}
 
-		if ($del_sessions < $batch_size)
-		{
-			// Less than 10 users, update gc timer ... else we want gc
-			// called again to delete other sessions
-			$config->set('session_last_gc', $this->time_now, false);
+		// only called from CRON; should be a safe workaround until the infrastructure gets going
+		/* @var \phpbb\captcha\factory $captcha_factory */
+		$captcha_factory = $phpbb_container->get('captcha.factory');
+		$captcha_factory->garbage_collect($config['captcha_plugin']);
 
-			if ($config['max_autologin_time'])
-			{
-				$sql = 'DELETE FROM ' . SESSIONS_KEYS_TABLE . '
-					WHERE last_login < ' . (time() - (86400 * (int) $config['max_autologin_time']));
-				$db->sql_query($sql);
-			}
-
-			// only called from CRON; should be a safe workaround until the infrastructure gets going
-			/* @var $captcha_factory \phpbb\captcha\factory */
-			$captcha_factory = $phpbb_container->get('captcha.factory');
-			$captcha_factory->garbage_collect($config['captcha_plugin']);
-
-			$sql = 'DELETE FROM ' . LOGIN_ATTEMPT_TABLE . '
-				WHERE attempt_time < ' . (time() - (int) $config['ip_login_limit_time']);
-			$db->sql_query($sql);
-		}
+		$sql = 'DELETE FROM ' . LOGIN_ATTEMPT_TABLE . '
+			WHERE attempt_time < ' . (time() - (int) $config['ip_login_limit_time']);
+		$db->sql_query($sql);
 
 		/**
 		* Event to trigger extension on session_gc
@@ -1077,7 +1068,7 @@ class session
 	*/
 	function set_cookie($name, $cookiedata, $cookietime, $httponly = true)
 	{
-		global $config;
+		global $config, $phpbb_dispatcher;
 
 		// If headers are already set, we just return
 		if (headers_sent())
@@ -1085,6 +1076,32 @@ class session
 			return;
 		}
 
+		$disable_cookie = false;
+		/**
+		* Event to modify or disable setting cookies
+		*
+		* @event core.set_cookie
+		* @var	bool		disable_cookie	Set to true to disable setting this cookie
+		* @var	string		name			Name of the cookie
+		* @var	string		cookiedata		The data to hold within the cookie
+		* @var	int			cookietime		The expiration time as UNIX timestamp
+		* @var	bool		httponly		Use HttpOnly?
+		* @since 3.2.9-RC1
+		*/
+		$vars = array(
+			'disable_cookie',
+			'name',
+			'cookiedata',
+			'cookietime',
+			'httponly',
+		);
+		extract($phpbb_dispatcher->trigger_event('core.set_cookie', compact($vars)));
+
+		if ($disable_cookie)
+		{
+			return;
+		}
+
 		$name_data = rawurlencode($config['cookie_name'] . '_' . $name) . '=' . rawurlencode($cookiedata);
 		$expire = gmdate('D, d-M-Y H:i:s \\G\\M\\T', $cookietime);
 		$domain = (!$config['cookie_domain'] || $config['cookie_domain'] == '127.0.0.1' || strpos($config['cookie_domain'], '.') === false) ? '' : '; domain=' . $config['cookie_domain'];
@@ -1374,7 +1391,7 @@ class session
 
 			foreach ($dnsbl_check as $dnsbl => $lookup)
 			{
-				if (phpbb_checkdnsrr($reverse_ip . '.' . $dnsbl . '.', 'A') === true)
+				if (checkdnsrr($reverse_ip . '.' . $dnsbl . '.', 'A') === true)
 				{
 					$info = array($dnsbl, $lookup . $ip);
 				}
@@ -1418,7 +1435,7 @@ class session
 		{
 			// One problem here... the return parameter for the "windows" method is different from what
 			// we expect... this may render this check useless...
-			if (phpbb_checkdnsrr($uri . '.multi.uribl.com.', 'A') === true)
+			if (checkdnsrr($uri . '.multi.uribl.com.', 'A') === true)
 			{
 				return true;
 			}

phpBB/phpbb/textformatter/acp_utils_interface.php

@@ -0,0 +1,54 @@
+<?php
+/**
+*
+* This file is part of the phpBB Forum Software package.
+*
+* @copyright (c) phpBB Limited <https://www.phpbb.com>
+* @license GNU General Public License, version 2 (GPL-2.0)
+*
+* For full copyright and license information, please see
+* the docs/CREDITS.txt file.
+*
+*/
+
+namespace phpbb\textformatter;
+
+interface acp_utils_interface
+{
+	/**
+	* There is an issue with the definition
+	*/
+	const BBCODE_STATUS_INVALID_DEFINITION = 'invalid_definition';
+
+	/**
+	* There is an issue with the template
+	*/
+	const BBCODE_STATUS_INVALID_TEMPLATE = 'invalid_template';
+
+	/**
+	* The BBCode is valid and can be safely used by anyone
+	*/
+	const BBCODE_STATUS_SAFE = 'safe';
+
+	/**
+	* The BBCode is valid but may be unsafe to use
+	*/
+	const BBCODE_STATUS_UNSAFE = 'unsafe';
+
+	/**
+	* Analyse given BBCode definition for issues and safeness
+	*
+	* Required elements in the return array:
+	*  - status: see BBCODE_STATUS_* constants
+	*
+	* Optional elements in the return array:
+	*  - name:       Name of the BBCode based on the definition. Required if status is "safe".
+	*  - error_text: Textual description of the issue in plain text or as a L_* string.
+	*  - error_html: Visual description of the issue in HTML.
+	*
+	* @param  string $definition BBCode definition, e.g. [b]{TEXT}[/b]
+	* @param  string $template   BBCode template, e.g. <b>{TEXT}</b>
+	* @return array
+	*/
+	public function analyse_bbcode(string $definition, string $template): array;
+}

phpBB/phpbb/textformatter/s9e/acp_utils.php

@@ -0,0 +1,67 @@
+<?php
+/**
+*
+* This file is part of the phpBB Forum Software package.
+*
+* @copyright (c) phpBB Limited <https://www.phpbb.com>
+* @license GNU General Public License, version 2 (GPL-2.0)
+*
+* For full copyright and license information, please see
+* the docs/CREDITS.txt file.
+*
+*/
+
+namespace phpbb\textformatter\s9e;
+
+use phpbb\textformatter\acp_utils_interface;
+use s9e\TextFormatter\Configurator\Exceptions\UnsafeTemplateException;
+
+class acp_utils implements acp_utils_interface
+{
+	/**
+	* @var factory $factory
+	*/
+	protected $factory;
+
+	/**
+	* @param factory $factory
+	*/
+	public function __construct(factory $factory)
+	{
+		$this->factory = $factory;
+	}
+
+	/**
+	* {@inheritdoc}
+	*/
+	public function analyse_bbcode(string $definition, string $template): array
+	{
+		$configurator = $this->factory->get_configurator();
+		$return       = ['status' => self::BBCODE_STATUS_SAFE];
+
+		// Capture and normalize the BBCode name manually because there's no easy way to retrieve
+		// it in TextFormatter <= 2.x
+		if (preg_match('(\\[([-\\w]++))', $definition, $m))
+		{
+			$return['name'] = strtoupper($m[1]);
+		}
+
+		try
+		{
+			$configurator->BBCodes->addCustom($definition, $template);
+		}
+		catch (UnsafeTemplateException $e)
+		{
+			$return['status']     = self::BBCODE_STATUS_UNSAFE;
+			$return['error_text'] = $e->getMessage();
+			$return['error_html'] = $e->highlightNode('<span class="highlight">');
+		}
+		catch (\Exception $e)
+		{
+			$return['status']     = (preg_match('(xml|xpath|xsl)i', $e->getMessage())) ? self::BBCODE_STATUS_INVALID_TEMPLATE : self::BBCODE_STATUS_INVALID_DEFINITION;
+			$return['error_text'] = $e->getMessage();
+		}
+
+		return $return;
+	}
+}

phpBB/phpbb/textformatter/s9e/bbcode_merger.php

@@ -50,7 +50,7 @@ class bbcode_merger
 		$with    = $this->create_bbcode($with);
 
 		// Select the appropriate strategy for merging this BBCode
-		if ($this->is_content_bbcode($without, $with))
+		if (!$this->is_optional_bbcode($without, $with) && $this->is_content_bbcode($without, $with))
 		{
 			$merged = $this->merge_content_bbcode($without, $with);
 		}
@@ -107,12 +107,12 @@ class bbcode_merger
 	/**
 	* Test whether the two definitions form a "content"-style BBCode
 	*
-	* Such BBCodes include the [URL] BBCode, which uses its text content as
+	* Such BBCodes include the [url] BBCode, which uses its text content as
 	* attribute if none is provided
 	*
 	* @param  array $without BBCode definition without an attribute
 	* @param  array $with    BBCode definition with an attribute
-	* @return array          Merged definition
+	* @return bool
 	*/
 	protected function is_content_bbcode(array $without, array $with)
 	{
@@ -122,6 +122,22 @@ class bbcode_merger
 			&& preg_match('(>[^<]*?' . preg_quote($m[1]) . '[^>]*?<)s', $without['template']));
 	}
 
+	/**
+	* Test whether the two definitions form BBCode with an optional attribute
+	*
+	* @param  array $without BBCode definition without an attribute
+	* @param  array $with    BBCode definition with an attribute
+	* @return bool
+	*/
+	protected function is_optional_bbcode(array $without, array $with)
+	{
+		// Remove the default attribute from the definition
+		$with['usage'] = preg_replace('(=[^\\]]++)', '', $with['usage']);
+
+		// Test whether both definitions are the same, regardless of case
+		return strcasecmp($without['usage'], $with['usage']) === 0;
+	}
+
 	/**
 	* Merge the two BBCode definitions of a "content"-style BBCode
 	*
@@ -131,7 +147,7 @@ class bbcode_merger
 	*/
 	protected function merge_content_bbcode(array $without, array $with)
 	{
-		// Convert [X={X}] into [X={X;useContent}]
+		// Convert [x={X}] into [x={X;useContent}]
 		$usage = preg_replace('(\\})', ';useContent}', $with['usage'], 1);
 
 		// Use the template from the definition that uses an attribute
@@ -143,7 +159,7 @@ class bbcode_merger
 	/**
 	* Merge the two BBCode definitions of a BBCode with an optional argument
 	*
-	* Such BBCodes include the [QUOTE] BBCode, which takes an optional argument
+	* Such BBCodes include the [quote] BBCode, which takes an optional argument
 	* but otherwise does not behave differently
 	*
 	* @param  array $without BBCode definition without an attribute

phpBB/phpbb/textformatter/s9e/factory.php

@@ -89,6 +89,8 @@ class factory implements \phpbb\textformatter\cache_interface
 				author={TEXT1;optional}
 				post_id={UINT;optional}
 				post_url={URL;optional;postFilter=#false}
+				msg_id={UINT;optional}
+				msg_url={URL;optional;postFilter=#false}
 				profile_url={URL;optional;postFilter=#false}
 				time={UINT;optional}
 				url={URL;optional}

phpBB/phpbb/textformatter/s9e/link_helper.php

@@ -61,7 +61,7 @@ class link_helper
 		$text   = substr($parser->getText(), $start, $length);
 
 		// Create a tag that consumes the link's text and make it depends on this tag
-		$link_text_tag = $parser->addSelfClosingTag('LINK_TEXT', $start, $length);
+		$link_text_tag = $parser->addSelfClosingTag('LINK_TEXT', $start, $length, 10);
 		$link_text_tag->setAttribute('text', $text);
 		$tag->cascadeInvalidationTo($link_text_tag);
 	}

phpBB/phpbb/textformatter/s9e/parser.php

@@ -15,6 +15,7 @@ namespace phpbb\textformatter\s9e;
 
 use s9e\TextFormatter\Parser\AttributeFilters\UrlFilter;
 use s9e\TextFormatter\Parser\Logger;
+use s9e\TextFormatter\Parser\Tag;
 
 /**
 * s9e\TextFormatter\Parser adapter
@@ -219,7 +220,7 @@ class parser implements \phpbb\textformatter\parser_interface
 			{
 				$errors[] = array($msg, $context['max_' . strtolower($m[1])]);
 			}
-			else if ($msg === 'Tag is disabled')
+			else if ($msg === 'Tag is disabled' && $this->is_a_bbcode($context['tag']))
 			{
 				$name = strtolower($context['tag']->getName());
 				$errors[] = array('UNAUTHORISED_BBCODE', '[' . $name . ']');
@@ -396,4 +397,21 @@ class parser implements \phpbb\textformatter\parser_interface
 
 		return $url;
 	}
+
+	/**
+	* Test whether given tag consumes text that looks like BBCode-styled markup
+	*
+	* @param  Tag  $tag Original tag
+	* @return bool
+	*/
+	protected function is_a_bbcode(Tag $tag)
+	{
+		if ($tag->getLen() < 3)
+		{
+			return false;
+		}
+		$markup = substr($this->parser->getText(), $tag->getPos(), $tag->getLen());
+
+		return (bool) preg_match('(^\\[\\w++.*?\\]$)s', $markup);
+	}
 }

phpBB/phpbb/textformatter/s9e/quote_helper.php

@@ -20,6 +20,11 @@ class quote_helper
 	*/
 	protected $post_url;
 
+	/**
+	* @var string Base URL for a private message link, uses {MSG_ID} as placeholder
+	*/
+	protected $msg_url;
+
 	/**
 	* @var string Base URL for a profile link, uses {USER_ID} as placeholder
 	*/
@@ -40,6 +45,7 @@ class quote_helper
 	public function __construct(\phpbb\user $user, $root_path, $php_ext)
 	{
 		$this->post_url = append_sid($root_path . 'viewtopic.' . $php_ext, 'p={POST_ID}#p{POST_ID}', false);
+		$this->msg_url = append_sid($root_path . 'ucp.' . $php_ext, 'i=pm&mode=view&p={MSG_ID}', false);
 		$this->profile_url = append_sid($root_path . 'memberlist.' . $php_ext, 'mode=viewprofile&u={USER_ID}', false);
 		$this->user = $user;
 	}
@@ -52,26 +58,26 @@ class quote_helper
 	*/
 	public function inject_metadata($xml)
 	{
-		$post_url = $this->post_url;
-		$profile_url = $this->profile_url;
-		$user = $this->user;
-
 		return \s9e\TextFormatter\Utils::replaceAttributes(
 			$xml,
 			'QUOTE',
-			function ($attributes) use ($post_url, $profile_url, $user)
+			function ($attributes)
 			{
 				if (isset($attributes['post_id']))
 				{
-					$attributes['post_url'] = str_replace('{POST_ID}', $attributes['post_id'], $post_url);
+					$attributes['post_url'] = str_replace('{POST_ID}', $attributes['post_id'], $this->post_url);
+				}
+				if (isset($attributes['msg_id']))
+				{
+					$attributes['msg_url'] = str_replace('{MSG_ID}', $attributes['msg_id'], $this->msg_url);
 				}
 				if (isset($attributes['time']))
 				{
-					$attributes['date'] = $user->format_date($attributes['time']);
+					$attributes['date'] = $this->user->format_date($attributes['time']);
 				}
 				if (isset($attributes['user_id']))
 				{
-					$attributes['profile_url'] = str_replace('{USER_ID}', $attributes['user_id'], $profile_url);
+					$attributes['profile_url'] = str_replace('{USER_ID}', $attributes['user_id'], $this->profile_url);
 				}
 
 				return $attributes;

phpBB/phpbb/ucp/controller/reset_password.php

@@ -173,7 +173,7 @@ class reset_password
 				'SELECT'	=> 'user_id, username, user_permissions, user_email, user_jabber, user_notify_type, user_type,'
 								. ' user_lang, user_inactive_reason, reset_token, reset_token_expiration',
 				'FROM'		=> [$this->users_table => 'u'],
-				'WHERE'		=> "user_email_hash = '" . $this->db->sql_escape(phpbb_email_hash($email)) . "'" .
+				'WHERE'		=> "user_email = '" . $this->db->sql_escape($email) . "'" .
 					(!empty($username) ? " AND username_clean = '" . $this->db->sql_escape(utf8_clean_string($username)) . "'" : ''),
 			];
 

phpBB/posting.php

@@ -256,12 +256,6 @@ if ($mode == 'popup')
 
 $user->setup(array('posting', 'mcp', 'viewtopic'), $post_data['forum_style']);
 
-if ($config['enable_post_confirm'] && !$user->data['is_registered'])
-{
-	$captcha = $phpbb_container->get('captcha.factory')->get_instance($config['captcha_plugin']);
-	$captcha->init(CONFIRM_POST);
-}
-
 // Use post_row values in favor of submitted ones...
 $forum_id	= (!empty($post_data['forum_id'])) ? (int) $post_data['forum_id'] : (int) $forum_id;
 $topic_id	= (!empty($post_data['topic_id'])) ? (int) $post_data['topic_id'] : (int) $topic_id;
@@ -427,6 +421,12 @@ if (!$is_authed || !empty($error))
 	login_box('', $message);
 }
 
+if ($config['enable_post_confirm'] && !$user->data['is_registered'])
+{
+	$captcha = $phpbb_container->get('captcha.factory')->get_instance($config['captcha_plugin']);
+	$captcha->init(CONFIRM_POST);
+}
+
 // Is the user able to post within this forum?
 if ($post_data['forum_type'] != FORUM_POST && in_array($mode, array('post', 'bump', 'quote', 'reply')))
 {
@@ -1181,11 +1181,23 @@ if ($submit || $preview || $refresh)
 		$error[] = $user->lang['EMPTY_SUBJECT'];
 	}
 
-	// Check for out-of-bounds characters that are currently
-	// not supported by utf8_bin in MySQL
+	/**
+	 * Replace Emojis and other 4bit UTF-8 chars not allowed by MySQL to UCR/NCR.
+	 * Using their Numeric Character Reference's Hexadecimal notation.
+	 */
+	$post_data['post_subject'] = utf8_encode_ucr($post_data['post_subject']);
+
+	/**
+	 * This should never happen again.
+	 * Leaving the fallback here just in case there will be the need of it.
+	 *
+	 * Check for out-of-bounds characters that are currently
+	 * not supported by utf8_bin in MySQL
+	 */
 	if (preg_match_all('/[\x{10000}-\x{10FFFF}]/u', $post_data['post_subject'], $matches))
 	{
-		$character_list = implode('<br />', $matches[0]);
+		$character_list = implode('<br>', $matches[0]);
+
 		$error[] = $user->lang('UNSUPPORTED_CHARACTERS_SUBJECT', $character_list);
 	}
 

phpBB/search.php

@@ -720,6 +720,8 @@ if ($keywords || $author || $author_id || $search_id || $submit)
 
 	if ($sql_where)
 	{
+		$zebra = [];
+
 		if ($show_results == 'posts')
 		{
 			// @todo Joining this query to the one below?
@@ -728,7 +730,6 @@ if ($keywords || $author || $author_id || $search_id || $submit)
 				WHERE user_id = ' . $user->data['user_id'];
 			$result = $db->sql_query($sql);
 
-			$zebra = array();
 			while ($row = $db->sql_fetchrow($result))
 			{
 				$zebra[($row['friend']) ? 'friend' : 'foe'][] = $row['zebra_id'];

phpBB/styles/prosilver/style.cfg

@@ -21,8 +21,8 @@
 # General Information about this style
 name = prosilver
 copyright = © phpBB Limited, 2007
-style_version = 3.3.0-b1
-phpbb_version = 3.3.0-b1
+style_version = 3.3.0-RC1
+phpbb_version = 3.3.0-RC1
 
 # Defining a different template bitfield
 # template_bitfield = //g=

phpBB/styles/prosilver/template/bbcode.html

@@ -37,6 +37,10 @@
 					<xsl:text> </xsl:text>
 					<a href="{@post_url}" data-post-id="{@post_id}" onclick="if(document.getElementById(hash.substr(1)))href=hash">&#8593;</a>
 				</xsl:if>
+				<xsl:if test="@msg_url">
+					<xsl:text> </xsl:text>
+					<a href="{@msg_url}" data-msg-id="{@msg_id}">&#8593;</a>
+				</xsl:if>
 				<xsl:if test="@date">
 					<div class="responsive-hide"><xsl:value-of select="@date"/></div>
 				</xsl:if>

phpBB/styles/prosilver/template/mcp_topic.html

@@ -118,7 +118,7 @@
 
 				<!-- EVENT mcp_topic_postrow_post_details_before -->
 				<p class="author">
-					<a href="#pr{postrow.POST_ID}" title="{postrow.MINI_POST}">
+					<a href="{postrow.U_MINI_POST}" title="{postrow.MINI_POST}">
 						<i class="icon fa-file fa-fw icon-lightgray icon-tiny" aria-hidden="true"></i><span class="sr-only">{postrow.MINI_POST}</span>
 					</a> {L_POSTED} {postrow.POST_DATE} {L_POST_BY_AUTHOR} {% EVENT mcp_topic_post_author_full_prepend %}<strong>{postrow.POST_AUTHOR_FULL}</strong>{% EVENT mcp_topic_post_author_full_append %}<!-- IF postrow.U_MCP_DETAILS --> [ <a href="{postrow.U_MCP_DETAILS}">{L_POST_DETAILS}</a> ]<!-- ENDIF -->
 				</p>

phpBB/styles/prosilver/template/memberlist_body.html

@@ -28,8 +28,13 @@
 		<p>
 			<!-- IF AVATAR_IMG -->{AVATAR_IMG}<!-- ENDIF -->
 			{% EVENT memberlist_body_group_rank_before %}
-			<!-- IF RANK_IMG -->{RANK_IMG}<!-- ENDIF -->
-			<!-- IF GROUP_RANK -->{GROUP_RANK}<!-- ENDIF -->
+			{% if RANK_IMG %}{{ RANK_IMG }}{% endif %}
+			{% if GROUP_RANK %}
+				{% if not RANK_IMG %}
+					{{ lang('GROUP_RANK') ~ lang('COLON') }}
+				{% endif %}
+				{{ GROUP_RANK }}
+			{% endif %}
 			{% EVENT memberlist_body_group_rank_after %}
 		</p>
 	<!-- ELSE -->

phpBB/styles/prosilver/template/memberlist_search.html

@@ -12,7 +12,7 @@
 		<dt><label for="username">{L_USERNAME}{L_COLON}</label></dt>
 		<dd>
 			<!-- IF U_LIVE_SEARCH --><div class="dropdown-container dropdown-{S_CONTENT_FLOW_END}"><!-- ENDIF -->
-			<input type="text" name="username" id="username" value="{USERNAME}" class="inputbox"<!-- IF U_LIVE_SEARCH --> autocomplete="off" data-filter="phpbb.search.filter" data-ajax="member_search" data-min-length="3" data-url="{U_LIVE_SEARCH}" data-results="#user-search" data-overlay="false"<!-- ENDIF --> />
+			<input type="text" name="username" id="username" value="{USERNAME}" class="inputbox"<!-- IF U_LIVE_SEARCH --> autocomplete="off" data-filter="phpbb.search.filter" data-ajax="member_search" data-min-length="3" data-url="{U_LIVE_SEARCH}" data-results="#user-search"<!-- ENDIF --> />
 			<!-- IF U_LIVE_SEARCH -->
 				<div class="dropdown live-search hidden" id="user-search">
 					<div class="pointer"><div class="pointer-inner"></div></div>

phpBB/styles/prosilver/template/overall_header.html

@@ -84,7 +84,9 @@
 			<div class="inner">
 
 			<div id="site-description" class="site-description">
-				<a id="logo" class="logo" href="<!-- IF U_SITE_HOME -->{U_SITE_HOME}<!-- ELSE -->{U_INDEX}<!-- ENDIF -->" title="<!-- IF U_SITE_HOME -->{L_SITE_HOME}<!-- ELSE -->{L_INDEX}<!-- ENDIF -->"><span class="site_logo"></span></a>
+		<a id="logo" class="logo" href="{% if U_SITE_HOME %}{{ U_SITE_HOME }}{% else %}{{ U_INDEX }}{% endif %}" title="{% if U_SITE_HOME %}{{ L_SITE_HOME }}{% else %}{{ L_INDEX }}{% endif %}">
+					<span class="site_logo"></span>
+				</a>
 				<h1>{SITENAME}</h1>
 				<p>{SITE_DESCRIPTION}</p>
 				<p class="skiplink"><a href="#start_here">{L_SKIP}</a></p>

phpBB/styles/prosilver/template/posting_review.html

@@ -13,7 +13,7 @@
 <!-- ENDIF -->
 
 	<div class="postbody" id="ppr{post_review_row.POST_ID}">
-		<h3><a href="#ppr{post_review_row.POST_ID}">{post_review_row.POST_SUBJECT}</a></h3>
+		<h3><a href="{post_review_row.U_MINI_POST}">{post_review_row.POST_SUBJECT}</a></h3>
 		<p class="author">
 			<!-- IF S_IS_BOT -->
 				<span><i class="icon fa-file fa-fw icon-lightgray icon-md" aria-hidden="true"></i><span class="sr-only">{post_review_row.MINI_POST}</span></span>

phpBB/styles/prosilver/template/posting_topic_review.html

@@ -24,7 +24,7 @@
 	<!-- ENDIF -->
 
 		<div class="postbody" id="pr{topic_review_row.POST_ID}">
-			<h3><a href="#pr{topic_review_row.POST_ID}">{topic_review_row.POST_SUBJECT}</a></h3>
+			<h3><a href="{topic_review_row.U_MINI_POST}">{topic_review_row.POST_SUBJECT}</a></h3>
 
 			<!-- IF (topic_review_row.POSTER_QUOTE and topic_review_row.DECODED_MESSAGE) or topic_review_row.U_MCP_DETAILS -->
 			<ul class="post-buttons">

phpBB/styles/prosilver/template/ucp_agreement.html

@@ -43,7 +43,8 @@
 		<div class="inner">
 		<fieldset class="submit-buttons">
 			<!-- IF S_SHOW_COPPA -->
-			<strong><a href="{U_COPPA_NO}" class="button1">{L_COPPA_NO}</a></strong>&nbsp; <a href="{U_COPPA_YES}" class="button2">{L_COPPA_YES}</a>
+			<input type="submit" name="coppa_no" id="coppa_no" value="{{ L_COPPA_NO }}" class="button1" />
+			<input type="submit" name="coppa_yes" id="coppa_yes" value="{{ L_COPPA_YES }}" class="button2" />
 			<!-- ELSE -->
 			<input type="submit" name="agreed" id="agreed" value="{L_AGREE}" class="button1" />&nbsp;
 			<input type="submit" name="not_agreed" value="{L_NOT_AGREE}" class="button2" />

phpBB/styles/prosilver/template/ucp_profile_profile_info.html

@@ -13,7 +13,7 @@
 	<!-- EVENT ucp_profile_profile_info_before -->
 	<!-- IF S_BIRTHDAYS_ENABLED -->
 		<dl>
-			<dt><label for="bday_day">{L_BIRTHDAY}{L_COLON}</label><br /><span>{L_BIRTHDAY_EXPLAIN}</span></dt>
+			<dt><label for="bday_day">{L_BIRTHDAY}{L_COLON}{% EVENT ucp_profile_profile_info_birthday_label_append %}</label><br /><span>{L_BIRTHDAY_EXPLAIN}</span></dt>
 			<dd>
 				<label for="bday_day">{L_DAY}{L_COLON} <select name="bday_day" id="bday_day">{S_BIRTHDAY_DAY_OPTIONS}</select></label>
 				<label for="bday_month">{L_MONTH}{L_COLON} <select name="bday_month" id="bday_month">{S_BIRTHDAY_MONTH_OPTIONS}</select></label>