[prep-release-3.3.12] Update changelog for 3.3.12

These have default values and do not require setting in user_add().

.github/setup-ldap.sh

@@ -16,4 +16,4 @@ mkdir /var/tmp/slapd
 cp .github/ldap/slapd.conf /var/tmp/slapd/slapd.conf
 slapd -d 256 -d 128 -f /var/tmp/slapd/slapd.conf -h ldap://localhost:3389 &
 sleep 3
-ldapadd -h localhost:3389 -D "cn=admin,dc=example,dc=com" -w adminadmin -f .github/ldap/base.ldif
+ldapadd -H ldap://localhost:3389 -D "cn=admin,dc=example,dc=com" -w adminadmin -f .github/ldap/base.ldif

.github/workflows/tests.yml

@@ -17,7 +17,7 @@ on:
 jobs:
     # Basic checks, e.g. parse errors, commit messages, etc.
     basic-checks:
-        runs-on: ubuntu-20.04
+        runs-on: ubuntu-22.04
         strategy:
             matrix:
                 include:
@@ -29,7 +29,7 @@ jobs:
 
         steps:
             - name: Checkout repository
-              uses: actions/checkout@v3
+              uses: actions/checkout@v4
               with:
                   fetch-depth: 100
 
@@ -51,7 +51,7 @@ jobs:
                   cd ..
 
             - name: Cache Composer dependencies
-              uses: actions/cache@v3
+              uses: actions/cache@v4
               with:
                   path: ${{ steps.composer-cache.outputs.dir }}
                   key: composer-${{ steps.composer-cache.outputs.version }}-${{ hashFiles('phpBB/composer.lock') }}
@@ -88,7 +88,7 @@ jobs:
 
     # Tests for MySQL and MariaDB
     mysql-tests:
-        runs-on: ubuntu-20.04
+        runs-on: ubuntu-22.04
         strategy:
             matrix:
                 include:
@@ -126,6 +126,8 @@ jobs:
                       db: "mysql:5.7"
                     - php: '8.2'
                       db: "mysql:5.7"
+                    - php: '8.3'
+                      db: "mysql:5.7"
 
         name: PHP ${{ matrix.php }} - ${{ matrix.db_alias != '' && matrix.db_alias || matrix.db }}
 
@@ -155,7 +157,7 @@ jobs:
 
         steps:
             - name: Checkout repository
-              uses: actions/checkout@v3
+              uses: actions/checkout@v4
 
             - id: database-type
               env:
@@ -182,7 +184,7 @@ jobs:
                   cd ..
 
             - name: Cache Composer dependencies
-              uses: actions/cache@v3
+              uses: actions/cache@v4
               with:
                   path: ${{ steps.composer-cache.outputs.dir }}
                   key: composer-${{ steps.composer-cache.outputs.version }}-${{ hashFiles('phpBB/composer.lock') }}
@@ -227,7 +229,7 @@ jobs:
 
     # Tests for PostgreSQL
     postgres-tests:
-        runs-on: ubuntu-20.04
+        runs-on: ubuntu-22.04
         strategy:
             matrix:
                 include:
@@ -257,6 +259,8 @@ jobs:
                       db: "postgres:14"
                     - php: '8.2'
                       db: "postgres:14"
+                    - php: '8.3'
+                      db: "postgres:14"
 
         name: PHP ${{ matrix.php }} - ${{ matrix.db }}
 
@@ -288,7 +292,7 @@ jobs:
 
         steps:
             - name: Checkout repository
-              uses: actions/checkout@v3
+              uses: actions/checkout@v4
 
             - id: database-type
               env:
@@ -315,7 +319,7 @@ jobs:
                   cd ..
 
             - name: Cache Composer dependencies
-              uses: actions/cache@v3
+              uses: actions/cache@v4
               with:
                   path: ${{ steps.composer-cache.outputs.dir }}
                   key: composer-${{ steps.composer-cache.outputs.version }}-${{ hashFiles('phpBB/composer.lock') }}
@@ -343,7 +347,7 @@ jobs:
 
     # Other database types, namely sqlite3 and mssql
     other-tests:
-        runs-on: ubuntu-20.04
+        runs-on: ubuntu-22.04
         strategy:
             matrix:
                 include:
@@ -386,7 +390,7 @@ jobs:
 
         steps:
             - name: Checkout repository
-              uses: actions/checkout@v3
+              uses: actions/checkout@v4
 
             - id: database-type
               env:
@@ -418,7 +422,7 @@ jobs:
                   cd ..
 
             - name: Cache Composer dependencies
-              uses: actions/cache@v3
+              uses: actions/cache@v4
               with:
                   path: ${{ steps.composer-cache.outputs.dir }}
                   key: composer-${{ steps.composer-cache.outputs.version }}-${{ hashFiles('phpBB/composer.lock') }}
@@ -462,6 +466,9 @@ jobs:
                     - php: '8.2'
                       db: "postgres"
                       type: 'unit'
+                    - php: '8.3'
+                      db: "postgres"
+                      type: 'unit'
                     - php: '7.4'
                       db: "postgres"
                       type: 'functional'
@@ -474,6 +481,9 @@ jobs:
                     - php: '8.2'
                       db: "postgres"
                       type: 'functional'
+                    - php: '8.3'
+                      db: "postgres"
+                      type: 'functional'
 
         name: Windows - PHP ${{ matrix.php }} - ${{ matrix.db }} - ${{ matrix.type }}
 
@@ -483,7 +493,7 @@ jobs:
                   git config --system core.autocrlf false
                   git config --system core.eol lf
             - name: Checkout repository
-              uses: actions/checkout@v3
+              uses: actions/checkout@v4
 
             - name: Setup PHP
               uses: shivammathur/setup-php@v2
@@ -503,7 +513,7 @@ jobs:
                   cd ..
 
             - name: Cache Composer dependencies
-              uses: actions/cache@v3
+              uses: actions/cache@v4
               with:
                   path: ${{ steps.composer-cache.outputs.dir }}
                   key: composer-${{ steps.composer-cache.outputs.version }}-${{ hashFiles('phpBB/composer.lock') }}

build/build.xml

@@ -2,9 +2,9 @@
 
 <project name="phpBB" description="The phpBB forum software" default="all" basedir="../">
 	<!-- a few settings for the build -->
-	<property name="newversion" value="3.3.11" />
-	<property name="prevversion" value="3.3.10" />
-	<property name="olderversions" value="3.1.0, 3.1.1, 3.1.2, 3.1.3, 3.1.4, 3.1.5, 3.1.6, 3.1.7, 3.1.7-pl1, 3.1.8, 3.1.9, 3.1.10, 3.1.11, 3.1.12, 3.2.0, 3.2.1, 3.2.2, 3.2.3, 3.2.4, 3.2.5, 3.2.6, 3.2.7, 3.2.8, 3.2.9, 3.2.10, 3.2.11, 3.3.0, 3.3.1, 3.3.2, 3.3.3, 3.3.4, 3.3.5, 3.3.6, 3.3.7, 3.3.8, 3.3.9" />
+	<property name="newversion" value="3.3.12" />
+	<property name="prevversion" value="3.3.11" />
+	<property name="olderversions" value="3.1.0, 3.1.1, 3.1.2, 3.1.3, 3.1.4, 3.1.5, 3.1.6, 3.1.7, 3.1.7-pl1, 3.1.8, 3.1.9, 3.1.10, 3.1.11, 3.1.12, 3.2.0, 3.2.1, 3.2.2, 3.2.3, 3.2.4, 3.2.5, 3.2.6, 3.2.7, 3.2.8, 3.2.9, 3.2.10, 3.2.11, 3.3.0, 3.3.1, 3.3.2, 3.3.3, 3.3.4, 3.3.5, 3.3.6, 3.3.7, 3.3.8, 3.3.9, 3.3.10, 3.3.12-RC1" />
 	<!-- no configuration should be needed beyond this point -->
 
 	<property name="oldversions" value="${olderversions}, ${prevversion}" />

git-tools/hooks/prepare-commit-msg

@@ -34,6 +34,12 @@ then
 	ticket_id=$(sed -E 's/(ticket\/)(security\/)?([0-9]+)(.+$)?/\3/gm;t;d' <<< "$branch");
 	branch_title=$(sed -E 's/(ticket\/)(security\/)?([0-9]+)(.+$)?/\1\2\3/gm;t;d' <<< "$branch");
 
+	# Fall back to branch name if no ticket ID
+	if [ -z "$branch_title" ];
+	then
+		branch_title="$branch";
+	fi
+
 	if [ "security/" = "$(sed -E 's/(ticket\/)(security\/)?([0-9]+)(.+$)?/\2/gm;t;d' <<< "$branch")" ];
 	then
 		tail="$(printf '\n\nSECURITY-%s' "$ticket_id")";

phpBB/adm/index.php

@@ -61,8 +61,8 @@ $template->set_custom_style(array(
 	),
 ), $phpbb_admin_path . 'style');
 
-$template->assign_var('T_ASSETS_PATH', $phpbb_root_path . 'assets');
-$template->assign_var('T_TEMPLATE_PATH', $phpbb_admin_path . 'style');
+$template->assign_var('T_ASSETS_PATH', $phpbb_path_helper->update_web_root_path($phpbb_root_path . 'assets'));
+$template->assign_var('T_TEMPLATE_PATH', $phpbb_path_helper->update_web_root_path($phpbb_root_path . 'style'));
 
 // Instantiate new module
 $module = new p_master();

phpBB/adm/style/installer_footer.html

@@ -23,7 +23,7 @@ installLang = {
 </script>
 
 <script src="{T_JQUERY_LINK}"></script>
-<!-- IF S_ALLOW_CDN --><script>window.jQuery || document.write('\x3Cscript src="{T_ASSETS_PATH}/javascript/jquery-3.6.0.min.js">\x3C/script>');</script><!-- ENDIF -->
+<!-- IF S_ALLOW_CDN --><script>window.jQuery || document.write('\x3Cscript src="{T_ASSETS_PATH}/javascript/jquery-3.7.1.min.js">\x3C/script>');</script><!-- ENDIF -->
 <script src="{T_ASSETS_PATH}/javascript/core.js?assets_version={T_ASSETS_VERSION}"></script>
 <!-- INCLUDEJS admin.js -->
 {$SCRIPTS}

phpBB/adm/style/overall_footer.html

@@ -34,7 +34,7 @@
 </div>
 
 <script src="{T_JQUERY_LINK}"></script>
-<!-- IF S_ALLOW_CDN --><script>window.jQuery || document.write('\x3Cscript src="{T_ASSETS_PATH}/javascript/jquery-3.6.0.min.js?assets_version={T_ASSETS_VERSION}">\x3C/script>');</script><!-- ENDIF -->
+<!-- IF S_ALLOW_CDN --><script>window.jQuery || document.write('\x3Cscript src="{T_ASSETS_PATH}/javascript/jquery-3.7.1.min.js?assets_version={T_ASSETS_VERSION}">\x3C/script>');</script><!-- ENDIF -->
 <script src="{T_ASSETS_PATH}/javascript/core.js?assets_version={T_ASSETS_VERSION}"></script>
 <!-- INCLUDEJS ajax.js -->
 <!-- INCLUDEJS admin.js -->

phpBB/adm/style/simple_footer.html

@@ -17,7 +17,7 @@
 </div>
 
 <script src="{T_JQUERY_LINK}"></script>
-<!-- IF S_ALLOW_CDN --><script>window.jQuery || document.write('\x3Cscript src="{T_ASSETS_PATH}/javascript/jquery-3.6.0.min.js?assets_version={T_ASSETS_VERSION}">\x3C/script>');</script><!-- ENDIF -->
+<!-- IF S_ALLOW_CDN --><script>window.jQuery || document.write('\x3Cscript src="{T_ASSETS_PATH}/javascript/jquery-3.7.1.min.js?assets_version={T_ASSETS_VERSION}">\x3C/script>');</script><!-- ENDIF -->
 <script src="{T_ASSETS_PATH}/javascript/core.js?assets_version={T_ASSETS_VERSION}"></script>
 
 <!-- EVENT acp_simple_footer_after -->

phpBB/common.php

@@ -51,20 +51,10 @@ if (!defined('PHPBB_INSTALLED'))
 		$server_port = 443;
 	}
 
-	$script_name = (!empty($_SERVER['REQUEST_URI'])) ? $_SERVER['REQUEST_URI'] : getenv('REQUEST_URI');
-	if (!$script_name)
-	{
-		$script_name = (!empty($_SERVER['PHP_SELF'])) ? $_SERVER['PHP_SELF'] : getenv('PHP_SELF');
-	}
-
-	// $phpbb_root_path accounts for redirects from e.g. /adm
-	$script_path = trim(dirname($script_name)) . '/' . $phpbb_root_path . 'install/app.' . $phpEx;
-	// Replace any number of consecutive backslashes and/or slashes with a single slash
-	// (could happen on some proxy setups and/or Windows servers)
-	$script_path = preg_replace('#[\\\\/]{2,}#', '/', $script_path);
+	$script_path = phpbb_get_install_redirect($phpbb_root_path, $phpEx);
 
 	// Eliminate . and .. from the path
-	require($phpbb_root_path . 'phpbb/filesystem.' . $phpEx);
+	require($phpbb_root_path . 'phpbb/filesystem/filesystem.' . $phpEx);
 	$phpbb_filesystem = new phpbb\filesystem\filesystem();
 	$script_path = $phpbb_filesystem->clean_path($script_path);
 

phpBB/composer.lock

@@ -4,7 +4,7 @@
         "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
         "This file is @generated automatically"
     ],
-    "content-hash": "50f5adcf8f574163ea58373031852768",
+    "content-hash": "eb658f95a4047347f31406a96a021c80",
     "packages": [
         {
             "name": "bantu/ini-get-wrapper",
@@ -915,16 +915,16 @@
         },
         {
             "name": "s9e/sweetdom",
-            "version": "2.1.0",
+            "version": "2.1.0.1",
             "source": {
                 "type": "git",
                 "url": "https://github.com/s9e/SweetDOM.git",
-                "reference": "9e34ff8f353234daed102274012c840bda56aff2"
+                "reference": "daf6c04c56ef986d346c2fd57c2cf03406307dad"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/s9e/SweetDOM/zipball/9e34ff8f353234daed102274012c840bda56aff2",
-                "reference": "9e34ff8f353234daed102274012c840bda56aff2",
+                "url": "https://api.github.com/repos/s9e/SweetDOM/zipball/daf6c04c56ef986d346c2fd57c2cf03406307dad",
+                "reference": "daf6c04c56ef986d346c2fd57c2cf03406307dad",
                 "shasum": ""
             },
             "require": {
@@ -953,9 +953,9 @@
             ],
             "support": {
                 "issues": "https://github.com/s9e/SweetDOM/issues",
-                "source": "https://github.com/s9e/SweetDOM/tree/2.1.0"
+                "source": "https://github.com/s9e/SweetDOM/tree/2.1.0.1"
             },
-            "time": "2021-05-24T21:06:33+00:00"
+            "time": "2023-11-27T20:27:28+00:00"
         },
         {
             "name": "s9e/text-formatter",
@@ -1712,16 +1712,16 @@
         },
         {
             "name": "symfony/polyfill-ctype",
-            "version": "v1.27.0",
+            "version": "v1.29.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/polyfill-ctype.git",
-                "reference": "5bbc823adecdae860bb64756d639ecfec17b050a"
+                "reference": "ef4d7e442ca910c4764bce785146269b30cb5fc4"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/polyfill-ctype/zipball/5bbc823adecdae860bb64756d639ecfec17b050a",
-                "reference": "5bbc823adecdae860bb64756d639ecfec17b050a",
+                "url": "https://api.github.com/repos/symfony/polyfill-ctype/zipball/ef4d7e442ca910c4764bce785146269b30cb5fc4",
+                "reference": "ef4d7e442ca910c4764bce785146269b30cb5fc4",
                 "shasum": ""
             },
             "require": {
@@ -1735,9 +1735,6 @@
             },
             "type": "library",
             "extra": {
-                "branch-alias": {
-                    "dev-main": "1.27-dev"
-                },
                 "thanks": {
                     "name": "symfony/polyfill",
                     "url": "https://github.com/symfony/polyfill"
@@ -1774,7 +1771,7 @@
                 "portable"
             ],
             "support": {
-                "source": "https://github.com/symfony/polyfill-ctype/tree/v1.27.0"
+                "source": "https://github.com/symfony/polyfill-ctype/tree/v1.29.0"
             },
             "funding": [
                 {
@@ -1790,20 +1787,20 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2022-11-03T14:55:06+00:00"
+            "time": "2024-01-29T20:11:03+00:00"
         },
         {
             "name": "symfony/polyfill-intl-idn",
-            "version": "v1.27.0",
+            "version": "v1.29.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/polyfill-intl-idn.git",
-                "reference": "639084e360537a19f9ee352433b84ce831f3d2da"
+                "reference": "a287ed7475f85bf6f61890146edbc932c0fff919"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/polyfill-intl-idn/zipball/639084e360537a19f9ee352433b84ce831f3d2da",
-                "reference": "639084e360537a19f9ee352433b84ce831f3d2da",
+                "url": "https://api.github.com/repos/symfony/polyfill-intl-idn/zipball/a287ed7475f85bf6f61890146edbc932c0fff919",
+                "reference": "a287ed7475f85bf6f61890146edbc932c0fff919",
                 "shasum": ""
             },
             "require": {
@@ -1816,9 +1813,6 @@
             },
             "type": "library",
             "extra": {
-                "branch-alias": {
-                    "dev-main": "1.27-dev"
-                },
                 "thanks": {
                     "name": "symfony/polyfill",
                     "url": "https://github.com/symfony/polyfill"
@@ -1861,7 +1855,7 @@
                 "shim"
             ],
             "support": {
-                "source": "https://github.com/symfony/polyfill-intl-idn/tree/v1.27.0"
+                "source": "https://github.com/symfony/polyfill-intl-idn/tree/v1.29.0"
             },
             "funding": [
                 {
@@ -1877,20 +1871,20 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2022-11-03T14:55:06+00:00"
+            "time": "2024-01-29T20:11:03+00:00"
         },
         {
             "name": "symfony/polyfill-intl-normalizer",
-            "version": "v1.27.0",
+            "version": "v1.29.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/polyfill-intl-normalizer.git",
-                "reference": "19bd1e4fcd5b91116f14d8533c57831ed00571b6"
+                "reference": "bc45c394692b948b4d383a08d7753968bed9a83d"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/polyfill-intl-normalizer/zipball/19bd1e4fcd5b91116f14d8533c57831ed00571b6",
-                "reference": "19bd1e4fcd5b91116f14d8533c57831ed00571b6",
+                "url": "https://api.github.com/repos/symfony/polyfill-intl-normalizer/zipball/bc45c394692b948b4d383a08d7753968bed9a83d",
+                "reference": "bc45c394692b948b4d383a08d7753968bed9a83d",
                 "shasum": ""
             },
             "require": {
@@ -1901,9 +1895,6 @@
             },
             "type": "library",
             "extra": {
-                "branch-alias": {
-                    "dev-main": "1.27-dev"
-                },
                 "thanks": {
                     "name": "symfony/polyfill",
                     "url": "https://github.com/symfony/polyfill"
@@ -1945,7 +1936,7 @@
                 "shim"
             ],
             "support": {
-                "source": "https://github.com/symfony/polyfill-intl-normalizer/tree/v1.27.0"
+                "source": "https://github.com/symfony/polyfill-intl-normalizer/tree/v1.29.0"
             },
             "funding": [
                 {
@@ -1961,20 +1952,20 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2022-11-03T14:55:06+00:00"
+            "time": "2024-01-29T20:11:03+00:00"
         },
         {
             "name": "symfony/polyfill-mbstring",
-            "version": "v1.27.0",
+            "version": "v1.29.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/polyfill-mbstring.git",
-                "reference": "8ad114f6b39e2c98a8b0e3bd907732c207c2b534"
+                "reference": "9773676c8a1bb1f8d4340a62efe641cf76eda7ec"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/polyfill-mbstring/zipball/8ad114f6b39e2c98a8b0e3bd907732c207c2b534",
-                "reference": "8ad114f6b39e2c98a8b0e3bd907732c207c2b534",
+                "url": "https://api.github.com/repos/symfony/polyfill-mbstring/zipball/9773676c8a1bb1f8d4340a62efe641cf76eda7ec",
+                "reference": "9773676c8a1bb1f8d4340a62efe641cf76eda7ec",
                 "shasum": ""
             },
             "require": {
@@ -1988,9 +1979,6 @@
             },
             "type": "library",
             "extra": {
-                "branch-alias": {
-                    "dev-main": "1.27-dev"
-                },
                 "thanks": {
                     "name": "symfony/polyfill",
                     "url": "https://github.com/symfony/polyfill"
@@ -2028,7 +2016,7 @@
                 "shim"
             ],
             "support": {
-                "source": "https://github.com/symfony/polyfill-mbstring/tree/v1.27.0"
+                "source": "https://github.com/symfony/polyfill-mbstring/tree/v1.29.0"
             },
             "funding": [
                 {
@@ -2044,7 +2032,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2022-11-03T14:55:06+00:00"
+            "time": "2024-01-29T20:11:03+00:00"
         },
         {
             "name": "symfony/polyfill-php56",
@@ -2184,16 +2172,16 @@
         },
         {
             "name": "symfony/polyfill-php72",
-            "version": "v1.27.0",
+            "version": "v1.29.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/polyfill-php72.git",
-                "reference": "869329b1e9894268a8a61dabb69153029b7a8c97"
+                "reference": "861391a8da9a04cbad2d232ddd9e4893220d6e25"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/polyfill-php72/zipball/869329b1e9894268a8a61dabb69153029b7a8c97",
-                "reference": "869329b1e9894268a8a61dabb69153029b7a8c97",
+                "url": "https://api.github.com/repos/symfony/polyfill-php72/zipball/861391a8da9a04cbad2d232ddd9e4893220d6e25",
+                "reference": "861391a8da9a04cbad2d232ddd9e4893220d6e25",
                 "shasum": ""
             },
             "require": {
@@ -2201,9 +2189,6 @@
             },
             "type": "library",
             "extra": {
-                "branch-alias": {
-                    "dev-main": "1.27-dev"
-                },
                 "thanks": {
                     "name": "symfony/polyfill",
                     "url": "https://github.com/symfony/polyfill"
@@ -2240,7 +2225,7 @@
                 "shim"
             ],
             "support": {
-                "source": "https://github.com/symfony/polyfill-php72/tree/v1.27.0"
+                "source": "https://github.com/symfony/polyfill-php72/tree/v1.29.0"
             },
             "funding": [
                 {
@@ -2256,7 +2241,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2022-11-03T14:55:06+00:00"
+            "time": "2024-01-29T20:11:03+00:00"
         },
         {
             "name": "symfony/process",
@@ -2650,16 +2635,16 @@
         },
         {
             "name": "twig/twig",
-            "version": "v2.15.5",
+            "version": "v2.16.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/twigphp/Twig.git",
-                "reference": "fc02a6af3eeb97c4bf5650debc76c2eda85ac22e"
+                "reference": "0c9cc7ef2e0ec6d20c5af1200522a89ba101f623"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/twigphp/Twig/zipball/fc02a6af3eeb97c4bf5650debc76c2eda85ac22e",
-                "reference": "fc02a6af3eeb97c4bf5650debc76c2eda85ac22e",
+                "url": "https://api.github.com/repos/twigphp/Twig/zipball/0c9cc7ef2e0ec6d20c5af1200522a89ba101f623",
+                "reference": "0c9cc7ef2e0ec6d20c5af1200522a89ba101f623",
                 "shasum": ""
             },
             "require": {
@@ -2670,12 +2655,12 @@
             },
             "require-dev": {
                 "psr/container": "^1.0",
-                "symfony/phpunit-bridge": "^4.4.9|^5.0.9|^6.0"
+                "symfony/phpunit-bridge": "^5.4.9|^6.3"
             },
             "type": "library",
             "extra": {
                 "branch-alias": {
-                    "dev-master": "2.15-dev"
+                    "dev-master": "2.16-dev"
                 }
             },
             "autoload": {
@@ -2714,7 +2699,7 @@
             ],
             "support": {
                 "issues": "https://github.com/twigphp/Twig/issues",
-                "source": "https://github.com/twigphp/Twig/tree/v2.15.5"
+                "source": "https://github.com/twigphp/Twig/tree/v2.16.0"
             },
             "funding": [
                 {
@@ -2726,7 +2711,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2023-05-03T17:49:41+00:00"
+            "time": "2023-12-22T07:22:15+00:00"
         },
         {
             "name": "zendframework/zend-code",
@@ -3548,29 +3533,29 @@
         },
         {
             "name": "phpspec/prophecy",
-            "version": "v1.17.0",
+            "version": "v1.18.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/phpspec/prophecy.git",
-                "reference": "15873c65b207b07765dbc3c95d20fdf4a320cbe2"
+                "reference": "d4f454f7e1193933f04e6500de3e79191648ed0c"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/phpspec/prophecy/zipball/15873c65b207b07765dbc3c95d20fdf4a320cbe2",
-                "reference": "15873c65b207b07765dbc3c95d20fdf4a320cbe2",
+                "url": "https://api.github.com/repos/phpspec/prophecy/zipball/d4f454f7e1193933f04e6500de3e79191648ed0c",
+                "reference": "d4f454f7e1193933f04e6500de3e79191648ed0c",
                 "shasum": ""
             },
             "require": {
                 "doctrine/instantiator": "^1.2 || ^2.0",
-                "php": "^7.2 || 8.0.* || 8.1.* || 8.2.*",
+                "php": "^7.2 || 8.0.* || 8.1.* || 8.2.* || 8.3.*",
                 "phpdocumentor/reflection-docblock": "^5.2",
-                "sebastian/comparator": "^3.0 || ^4.0",
-                "sebastian/recursion-context": "^3.0 || ^4.0"
+                "sebastian/comparator": "^3.0 || ^4.0 || ^5.0",
+                "sebastian/recursion-context": "^3.0 || ^4.0 || ^5.0"
             },
             "require-dev": {
                 "phpspec/phpspec": "^6.0 || ^7.0",
                 "phpstan/phpstan": "^1.9",
-                "phpunit/phpunit": "^8.0 || ^9.0"
+                "phpunit/phpunit": "^8.0 || ^9.0 || ^10.0"
             },
             "type": "library",
             "extra": {
@@ -3603,6 +3588,7 @@
             "keywords": [
                 "Double",
                 "Dummy",
+                "dev",
                 "fake",
                 "mock",
                 "spy",
@@ -3610,9 +3596,9 @@
             ],
             "support": {
                 "issues": "https://github.com/phpspec/prophecy/issues",
-                "source": "https://github.com/phpspec/prophecy/tree/v1.17.0"
+                "source": "https://github.com/phpspec/prophecy/tree/v1.18.0"
             },
-            "time": "2023-02-02T15:41:36+00:00"
+            "time": "2023-12-07T16:22:33+00:00"
         },
         {
             "name": "phpunit/dbunit",
@@ -4716,16 +4702,16 @@
         },
         {
             "name": "squizlabs/php_codesniffer",
-            "version": "3.7.2",
+            "version": "3.9.0",
             "source": {
                 "type": "git",
-                "url": "https://github.com/squizlabs/PHP_CodeSniffer.git",
-                "reference": "ed8e00df0a83aa96acf703f8c2979ff33341f879"
+                "url": "https://github.com/PHPCSStandards/PHP_CodeSniffer.git",
+                "reference": "d63cee4890a8afaf86a22e51ad4d97c91dd4579b"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/squizlabs/PHP_CodeSniffer/zipball/ed8e00df0a83aa96acf703f8c2979ff33341f879",
-                "reference": "ed8e00df0a83aa96acf703f8c2979ff33341f879",
+                "url": "https://api.github.com/repos/PHPCSStandards/PHP_CodeSniffer/zipball/d63cee4890a8afaf86a22e51ad4d97c91dd4579b",
+                "reference": "d63cee4890a8afaf86a22e51ad4d97c91dd4579b",
                 "shasum": ""
             },
             "require": {
@@ -4735,11 +4721,11 @@
                 "php": ">=5.4.0"
             },
             "require-dev": {
-                "phpunit/phpunit": "^4.0 || ^5.0 || ^6.0 || ^7.0"
+                "phpunit/phpunit": "^4.0 || ^5.0 || ^6.0 || ^7.0 || ^8.0 || ^9.3.4"
             },
             "bin": [
-                "bin/phpcs",
-                "bin/phpcbf"
+                "bin/phpcbf",
+                "bin/phpcs"
             ],
             "type": "library",
             "extra": {
@@ -4754,22 +4740,45 @@
             "authors": [
                 {
                     "name": "Greg Sherwood",
-                    "role": "lead"
+                    "role": "Former lead"
+                },
+                {
+                    "name": "Juliette Reinders Folmer",
+                    "role": "Current lead"
+                },
+                {
+                    "name": "Contributors",
+                    "homepage": "https://github.com/PHPCSStandards/PHP_CodeSniffer/graphs/contributors"
                 }
             ],
             "description": "PHP_CodeSniffer tokenizes PHP, JavaScript and CSS files and detects violations of a defined set of coding standards.",
-            "homepage": "https://github.com/squizlabs/PHP_CodeSniffer",
+            "homepage": "https://github.com/PHPCSStandards/PHP_CodeSniffer",
             "keywords": [
                 "phpcs",
                 "standards",
                 "static analysis"
             ],
             "support": {
-                "issues": "https://github.com/squizlabs/PHP_CodeSniffer/issues",
-                "source": "https://github.com/squizlabs/PHP_CodeSniffer",
-                "wiki": "https://github.com/squizlabs/PHP_CodeSniffer/wiki"
+                "issues": "https://github.com/PHPCSStandards/PHP_CodeSniffer/issues",
+                "security": "https://github.com/PHPCSStandards/PHP_CodeSniffer/security/policy",
+                "source": "https://github.com/PHPCSStandards/PHP_CodeSniffer",
+                "wiki": "https://github.com/PHPCSStandards/PHP_CodeSniffer/wiki"
             },
-            "time": "2023-02-22T23:07:41+00:00"
+            "funding": [
+                {
+                    "url": "https://github.com/PHPCSStandards",
+                    "type": "github"
+                },
+                {
+                    "url": "https://github.com/jrfnl",
+                    "type": "github"
+                },
+                {
+                    "url": "https://opencollective.com/php_codesniffer",
+                    "type": "open_collective"
+                }
+            ],
+            "time": "2024-02-16T15:06:51+00:00"
         },
         {
             "name": "symfony/browser-kit",
@@ -4976,16 +4985,16 @@
         },
         {
             "name": "theseer/tokenizer",
-            "version": "1.2.1",
+            "version": "1.2.2",
             "source": {
                 "type": "git",
                 "url": "https://github.com/theseer/tokenizer.git",
-                "reference": "34a41e998c2183e22995f158c581e7b5e755ab9e"
+                "reference": "b2ad5003ca10d4ee50a12da31de12a5774ba6b96"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/theseer/tokenizer/zipball/34a41e998c2183e22995f158c581e7b5e755ab9e",
-                "reference": "34a41e998c2183e22995f158c581e7b5e755ab9e",
+                "url": "https://api.github.com/repos/theseer/tokenizer/zipball/b2ad5003ca10d4ee50a12da31de12a5774ba6b96",
+                "reference": "b2ad5003ca10d4ee50a12da31de12a5774ba6b96",
                 "shasum": ""
             },
             "require": {
@@ -5014,7 +5023,7 @@
             "description": "A small library for converting tokenized PHP source code into XML and potentially other formats",
             "support": {
                 "issues": "https://github.com/theseer/tokenizer/issues",
-                "source": "https://github.com/theseer/tokenizer/tree/1.2.1"
+                "source": "https://github.com/theseer/tokenizer/tree/1.2.2"
             },
             "funding": [
                 {
@@ -5022,7 +5031,7 @@
                     "type": "github"
                 }
             ],
-            "time": "2021-07-28T10:34:58+00:00"
+            "time": "2023-11-20T00:12:19+00:00"
         },
         {
             "name": "webmozart/assert",
@@ -5089,7 +5098,7 @@
     "prefer-stable": false,
     "prefer-lowest": false,
     "platform": {
-        "php": "^7.1.3 || ^8.0.0",
+        "php": "^7.2 || ^8.0.0",
         "ext-json": "*",
         "ext-mbstring": "*"
     },
@@ -5097,5 +5106,5 @@
     "platform-overrides": {
         "php": "7.2"
     },
-    "plugin-api-version": "2.2.0"
+    "plugin-api-version": "2.6.0"
 }

phpBB/config/default/container/services_content.yml

@@ -67,6 +67,13 @@ services:
             - '@controller.helper'
             - '@dispatcher'
 
+    posting.lock:
+        class: phpbb\lock\posting
+        shared: false
+        arguments:
+            - '@cache.driver'
+            - '@config'
+
     viewonline_helper:
         class: phpbb\viewonline_helper
         arguments:

phpBB/config/default/container/services_event.yml

@@ -9,6 +9,7 @@ services:
         arguments:
             - '@template'
             - '@language'
+            - '@user'
             - '%debug.exceptions%'
         tags:
             - { name: kernel.event_subscriber }

phpBB/docs/CHANGELOG.html

@@ -50,6 +50,8 @@
 <ol>
 	<li><a href="#changelog">Changelog</a>
 	<ul>
+		<li><a href="#v3312rc1">Changes since 3.3.12-RC1</a></li>
+		<li><a href="#v3311">Changes since 3.3.11</a></li>
 		<li><a href="#v3310">Changes since 3.3.10</a></li>
 		<li><a href="#v3310rc1">Changes since 3.3.10-RC1</a></li>
 		<li><a href="#v339">Changes since 3.3.9</a></li>
@@ -167,6 +169,66 @@
 		<div class="inner">
 
 		<div class="content">
+			<a name="v3312rc1"></a><h3>Changes since 3.3.12-RC1</h3>
+			<h4>Bug</h4>
+			<ul>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17312">PHPBB3-17312</a>] - User last visit gets updated too often</li>
+			</ul>
+			<h4>Improvement</h4>
+			<ul>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17324">PHPBB3-17324</a>] - Add template event to notification_dropdown.html</li>
+			</ul>
+			<h4>Hardening</h4>
+			<ul>
+				<li>[<a href="https://tracker.phpbb.com/browse/SECURITY-276">SECURITY-276</a>] - Prevent resending activation email too often</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/SECURITY-278">SECURITY-278</a>] - Always release cron lock, even invalid task is passed</li>
+			</ul>
+
+			<a name="v3311"></a><h3>Changes since 3.3.11</h3>
+			<h4>Bug</h4>
+			<ul>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-14047">PHPBB3-14047</a>] - Jabber discards messages when stream gets closed without waiting for acknowledgement</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-15325">PHPBB3-15325</a>] - Global moderator permissions shown in forum moderator permissions</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16470">PHPBB3-16470</a>] - Memberlist bug - sorting by Last active date is incorrect</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17077">PHPBB3-17077</a>] - Multiple posts at once, even if the user shouldn't ignore the flood interval</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17117">PHPBB3-17117</a>] - Deactivated notification method leads to crash</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17130">PHPBB3-17130</a>] - Text reparser changes magic URL state in posts</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17187">PHPBB3-17187</a>] - Unread Topic URL Link Not Working On MCP View Forum Topic List</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17200">PHPBB3-17200</a>] - Color Parse Error In viewonline.php Legend</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17201">PHPBB3-17201</a>] - Redirect to installer might be invalid when accessing subfolder</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17202">PHPBB3-17202</a>] - The bidi.css File Is Loaded When Viewing LTR Topic Print View Page</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17203">PHPBB3-17203</a>] - Group Description With BBCode Ordered List Breaks Layout</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17207">PHPBB3-17207</a>] - Extensions are unable to use PHPBB_USE_BOARD_URL_PATH</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17208">PHPBB3-17208</a>] - Update Error YouTube Profilfeld</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17212">PHPBB3-17212</a>] - Who is online incorrectly reports page when posting with only post URL parameter</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17237">PHPBB3-17237</a>] - QUICKMOD_ACTION_NOT_ALLOWED uses &quot; instead of ' </li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17286">PHPBB3-17286</a>] - Non-existent urls to be written down to session_page</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17292">PHPBB3-17292</a>] - Link to spamhaus.org no longer valid</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17296">PHPBB3-17296</a>] - mod_security false positive denies access to ACP</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17302">PHPBB3-17302</a>] - Password reset function does not update all necessary data</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17306">PHPBB3-17306</a>] - Wrong declaration of function input values</li>
+			</ul>
+			<h4>Improvement</h4>
+			<ul>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17230">PHPBB3-17230</a>] - Update doctum for PHP 8.1 support</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17232">PHPBB3-17232</a>] - Improve MySQL error messages in PHP 8.1+</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17233">PHPBB3-17233</a>] - Add PHP 8.3 tests to the 3.3.x branch</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17235">PHPBB3-17235</a>] - Missing autocomplete for username &amp; password</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17236">PHPBB3-17236</a>] - Update symfony dependencies to improve PHP 8.3 compatibility</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17277">PHPBB3-17277</a>] - Add template events to UCP</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17284">PHPBB3-17284</a>] - Add event to add content after the online users list in viewtopic</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17293">PHPBB3-17293</a>] - Update composer and dependencies to latest versions</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17299">PHPBB3-17299</a>] - Allow core event to modify variables while sending email</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17303">PHPBB3-17303</a>] - Update jQuery to 3.7+</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17305">PHPBB3-17305</a>] - Improve queries for unanswered topics and posts</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17310">PHPBB3-17310</a>] - Update GitHub actions workflows to Node.js 20</li>
+			</ul>
+			<h4>Task</h4>
+			<ul>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17204">PHPBB3-17204</a>] - Update composer and node dependencies</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-17280">PHPBB3-17280</a>] - Fallback to branch name on branches without ticket ID</li>
+			</ul>
+
 			<a name="v3310"></a><h3>Changes since 3.3.10</h3>
 			<h4>Bug</h4>
 			<ul>

phpBB/docs/INSTALL.html

@@ -147,7 +147,7 @@
 			<li>Oracle</li>
 		</ul>
 		</li>
-		<li><strong>PHP 7.2.0+</strong> up to and including <strong>PHP 8.1</strong> with support for the database you intend to use.</li>
+		<li><strong>PHP 7.2.0+</strong> up to and including <strong>PHP 8.3</strong> with support for the database you intend to use.</li>
 		<li>The following PHP modules are required:
 		<ul>
 			<li>json</li>

phpBB/docs/README.html

@@ -327,7 +327,7 @@
 
 	<p>Please remember that running any application on a development (unstable, e.g. a beta release) version of PHP can lead to strange/unexpected results which may appear to be bugs in the application. Therefore, we recommend you upgrade to the newest stable version of PHP before running phpBB. If you are running a development version of PHP please check any bugs you find on a system running a stable release before submitting.</p>
 
-	<p>This board has been developed and tested under Linux and Windows (amongst others) running Apache using MySQLi 4.1.3, 4.x, 5.x, MariaDB 5.x, PostgreSQL 8.x, Oracle 8 and SQLite 3. Versions of PHP used range from 7.2.0 to 7.4.x, 8.0.x and 8.1.x.</p>
+	<p>This board has been developed and tested under Linux and Windows (amongst others) running Apache using MySQLi 4.1.3, 4.x, 5.x, MariaDB 5.x, PostgreSQL 8.x, Oracle 8 and SQLite 3. Versions of PHP used range from 7.2.0 to 7.4.x and 8.0.x to 8.3.x.</p>
 
 <a name="phpsec"></a><h3>7.i. Notice on PHP security issues</h3>
 

phpBB/docs/events.md

@@ -1597,6 +1597,20 @@ navbar_header_username_prepend
 * Since: 3.1.0-RC1
 * Purpose: Add text and HTMl before the username shown in the navbar.
 
+notification_dropdown_footer_after
+===
+* Locations:
+    + styles/prosilver/template/notification_dropdown.html
+* Since: 3.3.12
+* Purpose: Add content after notifications list footer.
+
+notification_dropdown_footer_before
+===
+* Locations:
+    + styles/prosilver/template/notification_dropdown.html
+* Since: 3.3.12
+* Purpose: Add content before notifications list footer.
+
 overall_footer_after
 ===
 * Locations:
@@ -2500,6 +2514,13 @@ ucp_agreement_terms_before
 * Since: 3.1.0-b3
 * Purpose: Add content before the terms of agreement text at user registration
 
+ucp_footer_content_after
+===
+* Locations:
+    + styles/prosilver/template/ucp_footer.html
+* Since: 3.3.12-RC1
+* Purpose: Add optional elements after tab panels content in UCP
+
 ucp_friend_list_after
 ===
 * Locations:
@@ -2514,6 +2535,13 @@ ucp_friend_list_before
 * Since: 3.1.0-a4
 * Purpose: Add optional elements before list of friends in UCP
 
+ucp_header_content_before
+===
+* Locations:
+    + styles/prosilver/template/ucp_header.html
+* Since: 3.3.12-RC1
+* Purpose: Add optional elements before tab panels content in UCP
+
 ucp_header_friends_offline_username_full_append
 ===
 * Locations:
@@ -2584,6 +2612,34 @@ ucp_main_subscribed_topic_title_after
 * Since: 3.3.8-RC1
 * Purpose: Add content right after the topic title viewing UCP subscribed topics
 
+ucp_notifications_content_after
+===
+* Locations:
+    + styles/prosilver/template/ucp_notifications.html
+* Since: 3.3.12-RC1
+* Purpose: Add optional elements after UCP notification options tab content
+
+ucp_notifications_content_before
+===
+* Locations:
+    + styles/prosilver/template/ucp_notifications.html
+* Since: 3.3.12-RC1
+* Purpose: Add optional elements before UCP notification options tab content
+
+ucp_notifications_form_after
+===
+* Locations:
+    + styles/prosilver/template/ucp_notifications.html
+* Since: 3.3.12-RC1
+* Purpose: Add optional elements after HTMP form in UCP notification options tab
+
+ucp_notifications_form_before
+===
+* Locations:
+    + styles/prosilver/template/ucp_notifications.html
+* Since: 3.3.12-RC1
+* Purpose: Add optional elements before HTMP form in UCP notificationoptions tab
+
 ucp_pm_history_post_buttons_after
 ===
 * Locations:
@@ -3158,6 +3214,13 @@ viewtopic_body_footer_before
 * Purpose: Add content to the bottom of the View topic screen below the posts
 and quick reply, directly before the jumpbox in Prosilver.
 
+viewtopic_body_online_list_after
+===
+* Locations:
+    + styles/prosilver/template/viewtopic_body.html
+* Since: 3.3.12-RC1
+* Purpose: Add content after the online users list
+
 viewtopic_body_online_list_before
 ===
 * Locations:

phpBB/includes/acp/acp_inactive.php

@@ -238,10 +238,11 @@ class acp_inactive
 
 						$messenger->save_queue();
 
-						// Add the remind state to the database
+						// Add the remind state to the database and increase activation expiration by one day
 						$sql = 'UPDATE ' . USERS_TABLE . '
 							SET user_reminded = user_reminded + 1,
-								user_reminded_time = ' . time() . '
+								user_reminded_time = ' . time() . ',
+								user_actkey_expiration = ' . (int) $user::get_token_expiration() . '
 							WHERE ' . $db->sql_in_set('user_id', $user_ids);
 						$db->sql_query($sql);
 

phpBB/includes/acp/acp_users.php

@@ -385,14 +385,18 @@ class acp_users
 									$user_actkey = empty($user_activation_key) ? $user_actkey : $user_activation_key;
 								}
 
-								if ($user_row['user_type'] == USER_NORMAL || empty($user_activation_key))
-								{
-									$sql = 'UPDATE ' . USERS_TABLE . "
-										SET user_actkey = '" . $db->sql_escape($user_actkey) . "'
-										WHERE user_id = $user_id";
-									$db->sql_query($sql);
-								}
+								// Always update actkey even if same and also update actkey expiration to 24 hours from now
+								$sql_ary = [
+									'user_actkey'				=> $user_actkey,
+									'user_actkey_expiration'	=> $user::get_token_expiration(),
+								];
 
+								$sql = 'UPDATE ' . USERS_TABLE . '
+									SET ' . $db->sql_build_array('UPDATE', $sql_ary) . '
+									WHERE user_id = ' . (int) $user_id;
+								$db->sql_query($sql);
+
+								// Start sending email
 								$messenger = new messenger(false);
 
 								$messenger->template($email_template, $user_row['user_lang']);
@@ -1084,7 +1088,7 @@ class acp_users
 					$s_action_options .= '<option value="' . $value . '">' . $user->lang['USER_ADMIN_' . $lang] . '</option>';
 				}
 
-				$last_active = (!empty($user_row['session_time'])) ? $user_row['session_time'] : $user_row['user_lastvisit'];
+				$last_active = (!empty($user_row['session_time'])) ? $user_row['session_time'] : $user_row['user_last_active'];
 
 				$inactive_reason = '';
 				if ($user_row['user_type'] == USER_INACTIVE)

phpBB/includes/acp/auth.php

@@ -95,7 +95,7 @@ class auth_admin extends \phpbb\auth\auth
 			}
 			else
 			{
-				$hold_ary = ($group_id !== false) ? $this->acl_group_raw_data($group_id, $auth_option . '%', ($scope == 'global') ? 0 : false) : $this->$acl_user_function($user_id, $auth_option . '%', ($scope == 'global') ? 0 : false);
+				$hold_ary = ($group_id !== false) ? $this->acl_group_raw_data($group_id, $auth_option . '%') : $this->$acl_user_function($user_id, $auth_option . '%', ($scope == 'global') ? 0 : false);
 			}
 		}
 

phpBB/includes/constants.php

@@ -28,7 +28,7 @@ if (!defined('IN_PHPBB'))
 */
 
 // phpBB Version
-@define('PHPBB_VERSION', '3.3.11');
+@define('PHPBB_VERSION', '3.3.12');
 
 // QA-related
 // define('PHPBB_QA', 1);

phpBB/includes/functions.php

@@ -1814,6 +1814,31 @@ function redirect($url, $return = false, $disable_cd_check = false)
 	exit;
 }
 
+/**
+ * Returns the install redirect path for phpBB.
+ *
+ * @param string $phpbb_root_path The root path of the phpBB installation.
+ * @param string $phpEx The file extension of php files, e.g., "php".
+ * @return string The install redirect path.
+ */
+function phpbb_get_install_redirect(string $phpbb_root_path, string $phpEx): string
+{
+	$script_name = (!empty($_SERVER['REQUEST_URI'])) ? $_SERVER['REQUEST_URI'] : getenv('REQUEST_URI');
+	if (!$script_name)
+	{
+		$script_name = (!empty($_SERVER['PHP_SELF'])) ? $_SERVER['PHP_SELF'] : getenv('PHP_SELF');
+	}
+
+	// Add trailing dot to prevent dirname() from returning parent directory if $script_name is a directory
+	$script_name = substr($script_name, -1) === '/' ? $script_name . '.' : $script_name;
+
+	// $phpbb_root_path accounts for redirects from e.g. /adm
+	$script_path = trim(dirname($script_name)) . '/' . $phpbb_root_path . 'install/app.' . $phpEx;
+	// Replace any number of consecutive backslashes and/or slashes with a single slash
+	// (could happen on some proxy setups and/or Windows servers)
+	return preg_replace('#[\\\\/]{2,}#', '/', $script_path);
+}
+
 /**
 * Re-Apply session id after page reloads
 */
@@ -4090,7 +4115,7 @@ function page_header($page_title = '', $display_online_list = false, $item_id =
 
 		'T_FONT_AWESOME_LINK'	=> !empty($config['allow_cdn']) && !empty($config['load_font_awesome_url']) ? $config['load_font_awesome_url'] : "{$web_path}assets/css/font-awesome.min.css?assets_version=" . $config['assets_version'],
 
-		'T_JQUERY_LINK'			=> !empty($config['allow_cdn']) && !empty($config['load_jquery_url']) ? $config['load_jquery_url'] : "{$web_path}assets/javascript/jquery-3.6.0.min.js?assets_version=" . $config['assets_version'],
+		'T_JQUERY_LINK'			=> !empty($config['allow_cdn']) && !empty($config['load_jquery_url']) ? $config['load_jquery_url'] : "{$web_path}assets/javascript/jquery-3.7.1.min.js?assets_version=" . $config['assets_version'],
 		'S_ALLOW_CDN'			=> !empty($config['allow_cdn']),
 		'S_COOKIE_NOTICE'		=> !empty($config['cookie_notice']),
 

phpBB/includes/functions_acp.php

@@ -178,7 +178,7 @@ function adm_page_footer($copyright_html = true)
 		'TRANSLATION_INFO'	=> (!empty($user->lang['TRANSLATION_INFO'])) ? $user->lang['TRANSLATION_INFO'] : '',
 		'S_COPYRIGHT_HTML'	=> $copyright_html,
 		'CREDIT_LINE'		=> $user->lang('POWERED_BY', '<a href="https://www.phpbb.com/">phpBB</a>&reg; Forum Software &copy; phpBB Limited'),
-		'T_JQUERY_LINK'		=> !empty($config['allow_cdn']) && !empty($config['load_jquery_url']) ? $config['load_jquery_url'] : "{$phpbb_root_path}assets/javascript/jquery-3.6.0.min.js",
+		'T_JQUERY_LINK'		=> !empty($config['allow_cdn']) && !empty($config['load_jquery_url']) ? $config['load_jquery_url'] : "{$phpbb_root_path}assets/javascript/jquery-3.7.1.min.js",
 		'S_ALLOW_CDN'		=> !empty($config['allow_cdn']),
 		'VERSION'			=> $config['version'])
 	);

phpBB/includes/functions_content.php

@@ -320,7 +320,7 @@ function bump_topic_allowed($forum_id, $topic_bumped, $last_post_time, $topic_po
 * Generates a text with approx. the specified length which contains the specified words and their context
 *
 * @param	string	$text	The full text from which context shall be extracted
-* @param	string	$words	An array of words which should be contained in the result, has to be a valid part of a PCRE pattern (escape with preg_quote!)
+* @param	array	$words	An array of words which should be contained in the result, has to be a valid part of a PCRE pattern (escape with preg_quote!)
 * @param	int		$length	The desired length of the resulting text, however the result might be shorter or longer than this value
 *
 * @return	string			Context of the specified words separated by "..."

phpBB/includes/functions_display.php

@@ -1603,7 +1603,7 @@ function phpbb_show_profile($data, $user_notes_enabled = false, $warn_user_enabl
 
 	if ($data['user_allow_viewonline'] || $auth->acl_get('u_viewonline'))
 	{
-		$last_active = (!empty($data['session_time'])) ? $data['session_time'] : $data['user_lastvisit'];
+		$last_active = (!empty($data['session_time'])) ? $data['session_time'] : $data['user_last_active'];
 	}
 	else
 	{

phpBB/includes/functions_jabber.php

@@ -51,6 +51,9 @@ class jabber
 
 	var $features = array();
 
+	/** @var string Stream close handshake */
+	private const STREAM_CLOSE_HANDSHAKE = '</stream:stream>';
+
 	/**
 	* Constructor
 	*
@@ -58,7 +61,7 @@ class jabber
 	* @param int $port Jabber server port
 	* @param string $username Jabber username or JID
 	* @param string $password Jabber password
-	* @param boold $use_ssl Use ssl
+	* @param bool $use_ssl Use ssl
 	* @param bool $verify_peer Verify SSL certificate
 	* @param bool $verify_peer_name Verify Jabber peer name
 	* @param bool $allow_self_signed Allow self signed certificates
@@ -183,7 +186,15 @@ class jabber
 				$this->send_presence('offline', '', true);
 			}
 
-			$this->send('</stream:stream>');
+			$this->send(self::STREAM_CLOSE_HANDSHAKE);
+			// Check stream close handshake reply
+			$stream_close_reply = $this->listen();
+
+			if ($stream_close_reply != self::STREAM_CLOSE_HANDSHAKE)
+			{
+				$this->add_to_log("Error: Unexpected stream close handshake reply ”{$stream_close_reply}”");
+			}
+
 			$this->session = array();
 			return fclose($this->connection);
 		}

phpBB/includes/functions_messenger.php

@@ -582,6 +582,11 @@ class messenger
 		);
 		extract($phpbb_dispatcher->trigger_event('core.notification_message_email', compact($vars)));
 
+		$this->addresses = $addresses;
+		$this->subject = $subject;
+		$this->msg = $msg;
+		unset($addresses, $subject, $msg);
+
 		if ($break)
 		{
 			return true;

phpBB/includes/functions_user.php

@@ -210,18 +210,18 @@ function user_add($user_row, $cp_data = false, $notifications_data = null)
 
 	// These are the additional vars able to be specified
 	$additional_vars = array(
-		'user_permissions'	=> '',
-		'user_timezone'		=> $config['board_timezone'],
-		'user_dateformat'	=> $config['default_dateformat'],
-		'user_lang'			=> $config['default_lang'],
-		'user_style'		=> (int) $config['default_style'],
-		'user_actkey'		=> '',
-		'user_ip'			=> '',
-		'user_regdate'		=> time(),
-		'user_passchg'		=> time(),
-		'user_options'		=> 230271,
+		'user_permissions'			=> '',
+		'user_timezone'				=> $config['board_timezone'],
+		'user_dateformat'			=> $config['default_dateformat'],
+		'user_lang'					=> $config['default_lang'],
+		'user_style'				=> (int) $config['default_style'],
+		'user_actkey'				=> '',
+		'user_ip'					=> '',
+		'user_regdate'				=> time(),
+		'user_passchg'				=> time(),
+		'user_options'				=> 230271,
 		// We do not set the new flag here - registration scripts need to specify it
-		'user_new'			=> 0,
+		'user_new'					=> 0,
 
 		'user_inactive_reason'	=> 0,
 		'user_inactive_time'	=> 0,

phpBB/includes/mcp/mcp_forum.php

@@ -344,6 +344,7 @@ function mcp_forum_view($id, $mode, $action, $forum_info)
 			}
 			$topic_row = array_merge($topic_row, array(
 				'U_VIEW_TOPIC'		=> append_sid("{$phpbb_root_path}mcp.$phpEx", "i=$id&f=$forum_id&t={$row_ary['topic_id']}&mode=topic_view"),
+				'U_NEWEST_POST' 	=> append_sid("{$phpbb_root_path}mcp.$phpEx", "i=$id&f=$forum_id&t={$row_ary['topic_id']}&mode=topic_view&view=unread#unread"),
 
 				'S_SELECT_TOPIC'	=> ($merge_select && !in_array($row_ary['topic_id'], $source_topic_ids)) ? true : false,
 				'U_SELECT_TOPIC'	=> $u_select_topic,

phpBB/includes/mcp/mcp_topic.php

@@ -54,6 +54,7 @@ function mcp_topic_view($id, $mode, $action)
 	$sort			= isset($_POST['sort']) ? true : false;
 	$submitted_id_list	= $request->variable('post_ids', array(0));
 	$checked_ids = $post_id_list = $request->variable('post_id_list', array(0));
+	$view		= $request->variable('view', '');
 
 	// Resync Topic?
 	if ($action == 'resync')
@@ -179,6 +180,7 @@ function mcp_topic_view($id, $mode, $action)
 	{
 		$rowset[] = $row;
 		$post_id_list[] = $row['post_id'];
+		$rowset_posttime['post_time'] = $row['post_time'];
 	}
 	$db->sql_freeresult($result);
 
@@ -194,6 +196,16 @@ function mcp_topic_view($id, $mode, $action)
 		$topic_tracking_info = get_complete_topic_tracking($topic_info['forum_id'], $topic_id);
 	}
 
+	$first_unread = $post_unread = false;
+
+	$post_unread = (isset($topic_tracking_info[$topic_id]) && $rowset_posttime['post_time'] > $topic_tracking_info[$topic_id]) ? true : false;
+
+	$s_first_unread = false;
+	if (!$first_unread && $post_unread)
+	{
+		$s_first_unread = $first_unread = true;
+	}
+
 	$has_unapproved_posts = $has_deleted_posts = false;
 
 	// Grab extensions
@@ -287,10 +299,13 @@ function mcp_topic_view($id, $mode, $action)
 			'S_POST_DELETED'	=> ($row['post_visibility'] == ITEM_DELETED && $auth->acl_get('m_approve', $topic_info['forum_id'])),
 			'S_CHECKED'			=> (($submitted_id_list && !in_array(intval($row['post_id']), $submitted_id_list)) || in_array(intval($row['post_id']), $checked_ids)) ? true : false,
 			'S_HAS_ATTACHMENTS'	=> (!empty($attachments[$row['post_id']])) ? true : false,
+			'S_FIRST_UNREAD'	=> $s_first_unread,
+			'S_UNREAD_VIEW'		=> $view == 'unread',
 
 			'U_POST_DETAILS'	=> "$url&i=$id&p={$row['post_id']}&mode=post_details",
 			'U_MCP_APPROVE'		=> ($auth->acl_get('m_approve', $topic_info['forum_id'])) ? append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=queue&mode=approve_details&p=' . $row['post_id']) : '',
 			'U_MCP_REPORT'		=> ($auth->acl_get('m_report', $topic_info['forum_id'])) ? append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=reports&mode=report_details&p=' . $row['post_id']) : '',
+			'U_MINI_POST'		=> append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'p=' . $row['post_id']) . '#p' . $row['post_id'],
 		);
 
 		/**

phpBB/includes/ucp/ucp_profile.php

@@ -196,9 +196,10 @@ class ucp_profile
 							{
 								$notifications_manager = $phpbb_container->get('notification_manager');
 								$notifications_manager->add_notifications('notification.type.admin_activate_user', array(
-									'user_id'		=> $user->data['user_id'],
-									'user_actkey'	=> $user_actkey,
-									'user_regdate'	=> time(), // Notification time
+									'user_id'					=> $user->data['user_id'],
+									'user_actkey'				=> $user_actkey,
+									'user_actkey_expiration'	=> $user::get_token_expiration(),
+									'user_regdate'				=> time(), // Notification time
 								));
 							}
 

phpBB/includes/ucp/ucp_register.php

@@ -381,18 +381,19 @@ class ucp_register
 				$passwords_manager = $phpbb_container->get('passwords.manager');
 
 				$user_row = array(
-					'username'				=> $data['username'],
-					'user_password'			=> $passwords_manager->hash($data['new_password']),
-					'user_email'			=> $data['email'],
-					'group_id'				=> (int) $group_id,
-					'user_timezone'			=> $data['tz'],
-					'user_lang'				=> $data['lang'],
-					'user_type'				=> $user_type,
-					'user_actkey'			=> $user_actkey,
-					'user_ip'				=> $user->ip,
-					'user_regdate'			=> time(),
-					'user_inactive_reason'	=> $user_inactive_reason,
-					'user_inactive_time'	=> $user_inactive_time,
+					'username'					=> $data['username'],
+					'user_password'				=> $passwords_manager->hash($data['new_password']),
+					'user_email'				=> $data['email'],
+					'group_id'					=> (int) $group_id,
+					'user_timezone'				=> $data['tz'],
+					'user_lang'					=> $data['lang'],
+					'user_type'					=> $user_type,
+					'user_actkey'				=> $user_actkey,
+					'user_actkey_expiration'	=> $user::get_token_expiration(),
+					'user_ip'					=> $user->ip,
+					'user_regdate'				=> time(),
+					'user_inactive_reason'		=> $user_inactive_reason,
+					'user_inactive_time'		=> $user_inactive_time,
 				);
 
 				if ($config['new_member_post_limit'])

phpBB/includes/ucp/ucp_resend.php

@@ -45,7 +45,7 @@ class ucp_resend
 				trigger_error('FORM_INVALID');
 			}
 
-			$sql = 'SELECT user_id, group_id, username, user_email, user_type, user_lang, user_actkey, user_inactive_reason
+			$sql = 'SELECT user_id, group_id, username, user_email, user_type, user_lang, user_actkey, user_actkey_expiration, user_inactive_reason
 				FROM ' . USERS_TABLE . "
 				WHERE user_email = '" . $db->sql_escape($email) . "'
 					AND username_clean = '" . $db->sql_escape(utf8_clean_string($username)) . "'";
@@ -73,6 +73,12 @@ class ucp_resend
 				trigger_error('ACCOUNT_DEACTIVATED');
 			}
 
+			// Do not resend activation email if valid one still exists
+			if (!empty($user_row['user_actkey']) && (int) $user_row['user_actkey_expiration'] >= time())
+			{
+				trigger_error('ACTIVATION_ALREADY_SENT');
+			}
+
 			// Determine coppa status on group (REGISTERED(_COPPA))
 			$sql = 'SELECT group_name, group_type
 				FROM ' . GROUPS_TABLE . '
@@ -144,6 +150,8 @@ class ucp_resend
 				$db->sql_freeresult($result);
 			}
 
+			$this->update_activation_expiration();
+
 			meta_refresh(3, append_sid("{$phpbb_root_path}index.$phpEx"));
 
 			$message = ($config['require_activation'] == USER_ACTIVATION_ADMIN) ? $user->lang['ACTIVATION_EMAIL_SENT_ADMIN'] : $user->lang['ACTIVATION_EMAIL_SENT'];
@@ -160,4 +168,23 @@ class ucp_resend
 		$this->tpl_name = 'ucp_resend';
 		$this->page_title = 'UCP_RESEND';
 	}
+
+	/**
+	 * Update activation expiration to 1 day from now
+	 *
+	 * @return void
+	 */
+	protected function update_activation_expiration(): void
+	{
+		global $db, $user;
+
+		$sql_ary = [
+			'user_actkey_expiration'	=> $user::get_token_expiration(),
+		];
+
+		$sql = 'UPDATE ' . USERS_TABLE . '
+			SET ' . $db->sql_build_array('UPDATE', $sql_ary) . '
+			WHERE user_id = ' . (int) $user->id();
+		$db->sql_query($sql);
+	}
 }

phpBB/install/convertors/convert_phpbb20.php

@@ -38,7 +38,7 @@ $dbms = $phpbb_config_php_file->convert_30_dbms_to_31($dbms);
 $convertor_data = array(
 	'forum_name'	=> 'phpBB 2.0.x',
 	'version'		=> '1.0.3',
-	'phpbb_version'	=> '3.3.11',
+	'phpbb_version'	=> '3.3.12',
 	'author'		=> '<a href="https://www.phpbb.com/">phpBB Limited</a>',
 	'dbms'			=> $dbms,
 	'dbhost'		=> $dbhost,
@@ -901,6 +901,7 @@ if (!$get_info)
 				array('user_email',				'users.user_email',					'strtolower'),
 				array('user_birthday',			((defined('MOD_BIRTHDAY')) ? 'users.user_birthday' : ''),	'phpbb_get_birthday'),
 				array('user_lastvisit',			'users.user_lastvisit',				'intval'),
+				array('user_last_active',		'users.user_lastvisit',				'intval'),
 				array('user_lastmark',			'users.user_lastvisit',				'intval'),
 				array('user_lang',				$config['default_lang'],			''),
 				array('',						'users.user_lang',					''),

phpBB/install/phpbbcli.php

@@ -23,7 +23,7 @@ if (php_sapi_name() !== 'cli')
 define('IN_PHPBB', true);
 define('IN_INSTALL', true);
 define('PHPBB_ENVIRONMENT', 'production');
-define('PHPBB_VERSION', '3.3.11');
+define('PHPBB_VERSION', '3.3.12');
 $phpbb_root_path = __DIR__ . '/../';
 $phpEx = substr(strrchr(__FILE__, '.'), 1);
 

phpBB/install/schemas/schema_data.sql

@@ -200,7 +200,7 @@ INSERT INTO phpbb_config (config_name, config_value) VALUES ('load_cpf_viewtopic
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('load_db_lastread', '1');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('load_db_track', '1');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('load_font_awesome_url', 'https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css');
-INSERT INTO phpbb_config (config_name, config_value) VALUES ('load_jquery_url', '//ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js');
+INSERT INTO phpbb_config (config_name, config_value) VALUES ('load_jquery_url', '//ajax.googleapis.com/ajax/libs/jquery/3.7.1/jquery.min.js');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('load_jumpbox', '1');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('load_moderators', '1');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('load_notifications', '1');
@@ -316,7 +316,7 @@ INSERT INTO phpbb_config (config_name, config_value) VALUES ('update_hashes_lock
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('upload_icons_path', 'images/upload_icons');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('upload_path', 'files');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('use_system_cron', '0');
-INSERT INTO phpbb_config (config_name, config_value) VALUES ('version', '3.3.11');
+INSERT INTO phpbb_config (config_name, config_value) VALUES ('version', '3.3.12');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('warnings_expire_days', '90');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('warnings_gc', '14400');
 
@@ -527,10 +527,10 @@ INSERT INTO phpbb_forums (forum_name, forum_desc, left_id, right_id, parent_id,
 INSERT INTO phpbb_forums (forum_name, forum_desc, left_id, right_id, parent_id, forum_type, forum_posts_approved, forum_posts_unapproved, forum_posts_softdeleted, forum_topics_approved, forum_topics_unapproved, forum_topics_softdeleted, forum_last_post_id, forum_last_poster_id, forum_last_poster_name, forum_last_poster_colour, forum_last_post_subject, forum_last_post_time, forum_link, forum_password, forum_image, forum_rules, forum_rules_link, forum_rules_uid, forum_desc_uid, prune_freq, prune_days, prune_viewed, forum_parents, forum_flags) VALUES ('{L_FORUMS_TEST_FORUM_TITLE}', '{L_FORUMS_TEST_FORUM_DESC}', 2, 3, 1, 1, 1, 0, 0, 1, 0, 0, 1, 2, 'Admin', 'AA0000', '{L_TOPICS_TOPIC_TITLE}', 972086460, '', '', '', '', '', '', '', 1, 7, 7, '', 48);
 
 # -- Users / Anonymous user
-INSERT INTO phpbb_users (user_type, group_id, username, username_clean, user_regdate, user_password, user_email, user_lang, user_style, user_rank, user_colour, user_posts, user_permissions, user_ip, user_birthday, user_lastpage, user_last_confirm_key, user_post_sortby_type, user_post_sortby_dir, user_topic_sortby_type, user_topic_sortby_dir, user_avatar, user_sig, user_sig_bbcode_uid, user_jabber, user_actkey, user_newpasswd, user_allow_massemail) VALUES (2, 1, 'Anonymous', 'anonymous', 0, '', '', 'en', 1, 0, '', 0, '', '', '', '', '', 't', 'a', 't', 'd', '', '', '', '', '', '', 0);
+INSERT INTO phpbb_users (user_type, group_id, username, username_clean, user_regdate, user_password, user_email, user_lang, user_style, user_rank, user_colour, user_posts, user_permissions, user_ip, user_birthday, user_lastpage, user_last_confirm_key, user_post_sortby_type, user_post_sortby_dir, user_topic_sortby_type, user_topic_sortby_dir, user_avatar, user_sig, user_sig_bbcode_uid, user_jabber, user_actkey, user_actkey_expiration, user_newpasswd, user_allow_massemail) VALUES (2, 1, 'Anonymous', 'anonymous', 0, '', '', 'en', 1, 0, '', 0, '', '', '', '', '', 't', 'a', 't', 'd', '', '', '', '', '', 0, '', 0);
 
 # -- username: Admin    password: admin (change this or remove it once everything is working!)
-INSERT INTO phpbb_users (user_type, group_id, username, username_clean, user_regdate, user_password, user_email, user_lang, user_style, user_rank, user_colour, user_posts, user_permissions, user_ip, user_birthday, user_lastpage, user_last_confirm_key, user_post_sortby_type, user_post_sortby_dir, user_topic_sortby_type, user_topic_sortby_dir, user_avatar, user_sig, user_sig_bbcode_uid, user_jabber, user_actkey, user_newpasswd) VALUES (3, 5, 'Admin', 'admin', 0, '21232f297a57a5a743894a0e4a801fc3', 'admin@yourdomain.com', 'en', 1, 1, 'AA0000', 1, '', '', '', '', '', 't', 'a', 't', 'd', '', '', '', '', '', '');
+INSERT INTO phpbb_users (user_type, group_id, username, username_clean, user_regdate, user_password, user_email, user_lang, user_style, user_rank, user_colour, user_posts, user_permissions, user_ip, user_birthday, user_lastpage, user_last_confirm_key, user_post_sortby_type, user_post_sortby_dir, user_topic_sortby_type, user_topic_sortby_dir, user_avatar, user_sig, user_sig_bbcode_uid, user_jabber, user_actkey, user_actkey_expiration, user_newpasswd) VALUES (3, 5, 'Admin', 'admin', 0, '21232f297a57a5a743894a0e4a801fc3', 'admin@yourdomain.com', 'en', 1, 1, 'AA0000', 1, '', '', '', '', '', 't', 'a', 't', 'd', '', '', '', '', '', 0, '');
 
 # -- Groups
 INSERT INTO phpbb_groups (group_name, group_type, group_founder_manage, group_colour, group_legend, group_avatar, group_desc, group_desc_uid, group_max_recipients) VALUES ('GUESTS', 3, 0, '', 0, '', '', '', 5);

phpBB/language/en/acp/permissions_phpbb.php

@@ -159,9 +159,9 @@ $lang = array_merge($lang, array(
 	'ACL_M_MERGE'	=> 'Can merge topics',
 
 	'ACL_M_INFO'		=> 'Can view post details',
-	'ACL_M_WARN'		=> 'Can issue warnings<br /><em>This setting is only assigned globally. It is not forum based.</em>', // This moderator setting is only global (and not local)
-	'ACL_M_PM_REPORT'	=> 'Can close and delete reports of private messages<br /><em>This setting is only assigned globally. It is not forum based.</em>', // This moderator setting is only global (and not local)
-	'ACL_M_BAN'			=> 'Can manage bans<br /><em>This setting is only assigned globally. It is not forum based.</em>', // This moderator setting is only global (and not local)
+	'ACL_M_WARN'		=> 'Can issue warnings',
+	'ACL_M_PM_REPORT'	=> 'Can close and delete reports of private messages',
+	'ACL_M_BAN'			=> 'Can manage bans',
 ));
 
 // Admin Permissions

phpBB/language/en/common.php

@@ -64,6 +64,7 @@ $lang = array_merge($lang, array(
 	'ACCOUNT_DEACTIVATED'			=> 'Your account has been manually deactivated and is only able to be reactivated by an administrator.',
 	'ACP'							=> 'Administration Control Panel',
 	'ACP_SHORT'						=> 'ACP',
+	'ACTIVATION_ALREADY_SENT'		=> 'The activation email has already been sent to your email address. You can try again after 24 hours. If you continue to have problems activating your account, please contact a board administrator.',
 	'ACTIVE'						=> 'active',
 	'ACTIVE_ERROR'					=> 'The specified username is currently inactive. If you have problems activating your account, please contact a board administrator.',
 	'ADMINISTRATOR'					=> 'Administrator',

phpBB/language/en/mcp.php

@@ -259,7 +259,7 @@ $lang = array_merge($lang, array(
 	'ONLY_TOPIC'			=> 'Only topic “%s”',
 	'OTHER_USERS'			=> 'Other users posting from this IP',
 
-	'QUICKMOD_ACTION_NOT_ALLOWED' => "%s not allowed as quickmod",
+	'QUICKMOD_ACTION_NOT_ALLOWED' => '%s not allowed as quickmod',
 
 	'PM_REPORT_CLOSED_SUCCESS'	=> 'The selected PM report has been closed successfully.',
 	'PM_REPORT_DELETED_SUCCESS'	=> 'The selected PM report has been deleted successfully.',

phpBB/memberlist.php

@@ -1036,7 +1036,7 @@ switch ($mode)
 		if ($auth->acl_get('u_viewonline'))
 		{
 			$sort_key_text['l'] = $user->lang['SORT_LAST_ACTIVE'];
-			$sort_key_sql['l'] = 'u.user_lastvisit';
+			$sort_key_sql['l'] = 'u.user_last_active';
 		}
 
 		$sort_key_text['m'] = $user->lang['SORT_RANK'];
@@ -1138,15 +1138,15 @@ switch ($mode)
 				{
 					if ($active_select === 'lt' && (int) $active[0] == 0 && (int) $active[1] == 0 && (int) $active[2] == 0)
 					{
-						$sql_where .= ' AND u.user_lastvisit = 0';
+						$sql_where .= ' AND u.user_last_active = 0';
 					}
 					else if ($active_select === 'gt')
 					{
-						$sql_where .= ' AND u.user_lastvisit ' . $find_key_match[$active_select] . ' ' . $active_time;
+						$sql_where .= ' AND u.user_last_active ' . $find_key_match[$active_select] . ' ' . $active_time;
 					}
 					else
 					{
-						$sql_where .= ' AND (u.user_lastvisit > 0 AND u.user_lastvisit < ' . $active_time . ')';
+						$sql_where .= ' AND (u.user_last_active > 0 AND u.user_last_active < ' . $active_time . ')';
 					}
 				}
 			}
@@ -1713,7 +1713,7 @@ switch ($mode)
 			{
 				$row['session_time'] = $session_ary[$row['user_id']]['session_time'] ?? 0;
 				$row['session_viewonline'] = $session_ary[$row['user_id']]['session_viewonline'] ?? 0;
-				$row['last_visit'] = (!empty($row['session_time'])) ? $row['session_time'] : $row['user_lastvisit'];
+				$row['last_visit'] = (!empty($row['session_time'])) ? $row['session_time'] : $row['user_last_active'];
 
 				$id_cache[$row['user_id']] = $row;
 			}

phpBB/phpbb/auth/auth.php

@@ -776,6 +776,7 @@ class auth
 
 		$sql_group = ($group_id !== false) ? ((!is_array($group_id)) ? 'group_id = ' . (int) $group_id : $db->sql_in_set('group_id', array_map('intval', $group_id))) : '';
 		$sql_forum = ($forum_id !== false) ? ((!is_array($forum_id)) ? 'AND a.forum_id = ' . (int) $forum_id : 'AND ' . $db->sql_in_set('a.forum_id', array_map('intval', $forum_id))) : '';
+		$sql_is_local = $forum_id !== false ? 'AND ao.is_local <> 0' : '';
 
 		$sql_opts = '';
 		$hold_ary = $sql_ary = array();
@@ -787,9 +788,10 @@ class auth
 
 		// Grab group settings - non-role specific...
 		$sql_ary[] = 'SELECT a.group_id, a.forum_id, a.auth_setting, a.auth_option_id, ao.auth_option
-			FROM ' . ACL_GROUPS_TABLE . ' a, ' . ACL_OPTIONS_TABLE . ' ao
+			FROM ' . ACL_GROUPS_TABLE . ' a, ' . ACL_OPTIONS_TABLE . " ao
 			WHERE a.auth_role_id = 0
-				AND a.auth_option_id = ao.auth_option_id ' .
+				AND a.auth_option_id = ao.auth_option_id
+				$sql_is_local " .
 				(($sql_group) ? 'AND a.' . $sql_group : '') . "
 				$sql_forum
 				$sql_opts
@@ -797,9 +799,10 @@ class auth
 
 		// Now grab group settings - role specific...
 		$sql_ary[] = 'SELECT a.group_id, a.forum_id, r.auth_setting, r.auth_option_id, ao.auth_option
-			FROM ' . ACL_GROUPS_TABLE . ' a, ' . ACL_ROLES_DATA_TABLE . ' r, ' . ACL_OPTIONS_TABLE . ' ao
+			FROM ' . ACL_GROUPS_TABLE . ' a, ' . ACL_ROLES_DATA_TABLE . ' r, ' . ACL_OPTIONS_TABLE . " ao
 			WHERE a.auth_role_id = r.role_id
-				AND r.auth_option_id = ao.auth_option_id ' .
+				$sql_is_local
+				AND r.auth_option_id = ao.auth_option_id " .
 				(($sql_group) ? 'AND a.' . $sql_group : '') . "
 				$sql_forum
 				$sql_opts

phpBB/phpbb/console/command/user/add.php

@@ -290,18 +290,17 @@ class add extends command
 		{
 			case USER_ACTIVATION_SELF:
 				$email_template = 'user_welcome_inactive';
-				$user_actkey = gen_rand_string(mt_rand(6, 10));
 			break;
 			case USER_ACTIVATION_ADMIN:
 				$email_template = 'admin_welcome_inactive';
-				$user_actkey = gen_rand_string(mt_rand(6, 10));
 			break;
 			default:
 				$email_template = 'user_welcome';
-				$user_actkey = '';
 			break;
 		}
 
+		$user_actkey = $this->get_activation_key($user_id);
+
 		if (!class_exists('messenger'))
 		{
 			require($this->phpbb_root_path . 'includes/functions_messenger.' . $this->php_ext);
@@ -321,6 +320,35 @@ class add extends command
 		$messenger->send(NOTIFY_EMAIL);
 	}
 
+	/**
+	 * Get user activation key
+	 *
+	 * @param int $user_id User ID
+	 *
+	 * @return string User activation key for user
+	 */
+	protected function get_activation_key(int $user_id): string
+	{
+		$user_actkey = '';
+
+		if ($this->config['require_activation'] == USER_ACTIVATION_SELF || $this->config['require_activation'] == USER_ACTIVATION_ADMIN)
+		{
+			$user_actkey = gen_rand_string(mt_rand(6, 10));
+
+			$sql_ary = [
+				'user_actkey'				=> $user_actkey,
+				'user_actkey_expiration'	=> \phpbb\user::get_token_expiration(),
+			];
+
+			$sql = 'UPDATE ' . USERS_TABLE . '
+				SET ' . $this->db->sql_build_array('UPDATE', $sql_ary) . '
+				WHERE user_id = ' . (int) $user_id;
+			$this->db->sql_query($sql);
+		}
+
+		return $user_actkey;
+	}
+
 	/**
 	 * Helper to translate questions to the user
 	 *

phpBB/phpbb/cron/event/cron_runner_listener.php

@@ -85,9 +85,8 @@ class cron_runner_listener implements EventSubscriberInterface
 				{
 					$task->run();
 				}
-
-				$this->cron_lock->release();
 			}
+			$this->cron_lock->release();
 		}
 	}
 

phpBB/phpbb/db/driver/mssql_odbc.php

@@ -166,7 +166,16 @@ class mssql_odbc extends \phpbb\db\driver\mssql_base
 
 			if ($this->query_result === false)
 			{
-				if (($this->query_result = @odbc_exec($this->db_connect_id, $query)) === false)
+				try
+				{
+					$this->query_result = @odbc_exec($this->db_connect_id, $query);
+				}
+				catch (\Error $e)
+				{
+					// Do nothing as SQL driver will report the error
+				}
+
+				if ($this->query_result === false)
 				{
 					$this->sql_error($query);
 				}

phpBB/phpbb/db/driver/mssqlnative.php

@@ -138,12 +138,22 @@ class mssqlnative extends \phpbb\db\driver\mssql_base
 
 			if ($this->query_result === false)
 			{
-				if (($this->query_result = @sqlsrv_query($this->db_connect_id, $query, array(), $this->query_options)) === false)
+				try
+				{
+					$this->query_result = @sqlsrv_query($this->db_connect_id, $query, array(), $this->query_options);
+				}
+				catch (\Error $e)
+				{
+					// Do nothing as SQL driver will report the error
+				}
+
+				if ($this->query_result === false)
 				{
 					$this->sql_error($query);
 				}
-				// reset options for next query
-				$this->query_options = array();
+
+				// Reset options for the next query
+				$this->query_options = [];
 
 				if ($this->debug_sql_explain)
 				{

phpBB/phpbb/db/driver/mysqli.php

@@ -197,7 +197,16 @@ class mysqli extends \phpbb\db\driver\mysql_base
 
 			if ($this->query_result === false)
 			{
-				if (($this->query_result = @mysqli_query($this->db_connect_id, $query)) === false)
+				try
+				{
+					$this->query_result = @mysqli_query($this->db_connect_id, $query);
+				}
+				catch (\Error $e)
+				{
+					// Do nothing as SQL driver will report the error
+				}
+
+				if ($this->query_result === false)
 				{
 					$this->sql_error($query);
 				}
@@ -345,24 +354,24 @@ class mysqli extends \phpbb\db\driver\mysql_base
 	{
 		if ($this->db_connect_id)
 		{
-			$error = array(
-				'message'	=> @mysqli_error($this->db_connect_id),
-				'code'		=> @mysqli_errno($this->db_connect_id)
-			);
+			$error = [
+				'message'	=> $this->db_connect_id->error,
+				'code'		=> $this->db_connect_id->errno,
+			];
 		}
 		else if (function_exists('mysqli_connect_error'))
 		{
-			$error = array(
-				'message'	=> @mysqli_connect_error(),
-				'code'		=> @mysqli_connect_errno(),
-			);
+			$error = [
+				'message'	=> $this->db_connect_id->connect_error,
+				'code'		=> $this->db_connect_id->connect_errno,
+			];
 		}
 		else
 		{
-			$error = array(
+			$error = [
 				'message'	=> $this->connect_error,
 				'code'		=> '',
-			);
+			];
 		}
 
 		return $error;

phpBB/phpbb/db/driver/postgres.php

@@ -188,7 +188,16 @@ class postgres extends \phpbb\db\driver\driver
 
 			if ($this->query_result === false)
 			{
-				if (($this->query_result = @pg_query($this->db_connect_id, $query)) === false)
+				try
+				{
+					$this->query_result = @pg_query($this->db_connect_id, $query);
+				}
+				catch (\Error $e)
+				{
+					// Do nothing as SQL driver will report the error
+				}
+
+				if ($this->query_result === false)
 				{
 					$this->sql_error($query);
 				}

phpBB/phpbb/db/driver/sqlite3.php

@@ -138,7 +138,16 @@ class sqlite3 extends \phpbb\db\driver\driver
 					$query = preg_replace('/^INSERT INTO/', 'INSERT OR ROLLBACK INTO', $query);
 				}
 
-				if (($this->query_result = @$this->dbo->query($query)) === false)
+				try
+				{
+					$this->query_result = @$this->dbo->query($query);
+				}
+				catch (\Error $e)
+				{
+					// Do nothing as SQL driver will report the error
+				}
+
+				if ($this->query_result === false)
 				{
 					// Try to recover a lost database connection
 					if ($this->dbo && !@$this->dbo->lastErrorMsg())

phpBB/phpbb/db/migration/data/v33x/add_resend_activation_expiration.php

@@ -0,0 +1,48 @@
+<?php
+/**
+ *
+ * This file is part of the phpBB Forum Software package.
+ *
+ * @copyright (c) phpBB Limited <https://www.phpbb.com>
+ * @license GNU General Public License, version 2 (GPL-2.0)
+ *
+ * For full copyright and license information, please see
+ * the docs/CREDITS.txt file.
+ *
+ */
+
+namespace phpbb\db\migration\data\v33x;
+
+use phpbb\db\migration\migration;
+
+class add_resend_activation_expiration extends migration
+{
+	public static function depends_on(): array
+	{
+		return [
+			'\phpbb\db\migration\data\v33x\v3311',
+		];
+	}
+
+	public function update_schema(): array
+	{
+		return [
+			'add_columns' => [
+				$this->table_prefix . 'users' => [
+					'user_actkey_expiration'	=> ['TIMESTAMP', 0, 'after' => 'user_actkey'],
+				],
+			],
+		];
+	}
+
+	public function revert_schema(): array
+	{
+		return [
+			'drop_columns' => [
+				$this->table_prefix . 'users' => [
+					'user_actkey_expiration',
+				],
+			],
+		];
+	}
+}

phpBB/phpbb/db/migration/data/v33x/add_user_last_active.php

@@ -0,0 +1,79 @@
+<?php
+/**
+ *
+ * This file is part of the phpBB Forum Software package.
+ *
+ * @copyright (c) phpBB Limited <https://www.phpbb.com>
+ * @license GNU General Public License, version 2 (GPL-2.0)
+ *
+ * For full copyright and license information, please see
+ * the docs/CREDITS.txt file.
+ *
+ */
+
+namespace phpbb\db\migration\data\v33x;
+
+use phpbb\db\migration\migration;
+
+class add_user_last_active extends migration
+{
+	public static function depends_on()
+	{
+		return [
+			'\phpbb\db\migration\data\v33x\v3311',
+		];
+	}
+
+	public function update_schema()
+	{
+		return [
+			'add_columns'	=> [
+				$this->table_prefix . 'users'	=> [
+					'user_last_active'		=> ['TIMESTAMP', 0, 'after' => 'user_lastvisit'],
+				],
+			],
+		];
+	}
+
+	public function revert_schema()
+	{
+		return [
+			'drop_columns'	=> [
+				$this->table_prefix . 'users'	=> ['user_last_active'],
+			],
+		];
+	}
+
+	public function update_data()
+	{
+		return [
+			['custom', [[$this, 'set_user_last_active']]],
+		];
+	}
+
+	public function set_user_last_active($start = 0)
+	{
+		// Get maximum user id from database
+		$sql = "SELECT MAX(user_id) AS max_user_id
+			FROM {$this->table_prefix}users";
+		$result = $this->db->sql_query($sql);
+		$max_id = (int) $this->db->sql_fetchfield('max_user_id');
+		$this->db->sql_freeresult($result);
+
+		if ($start > $max_id)
+		{
+			return;
+		}
+
+		// Keep setting user_last_active time
+		$next_start = $start + 10000;
+
+		$sql = 'UPDATE ' . $this->table_prefix . 'users
+			SET user_last_active = user_lastvisit
+			WHERE user_id > ' . (int) $start . '
+				AND user_id <= ' . (int) ($next_start);
+		$this->db->sql_query($sql);
+
+		return $next_start;
+	}
+}

phpBB/phpbb/db/migration/data/v33x/jquery_update_v3.php

@@ -0,0 +1,36 @@
+<?php
+/**
+ *
+ * This file is part of the phpBB Forum Software package.
+ *
+ * @copyright (c) phpBB Limited <https://www.phpbb.com>
+ * @license GNU General Public License, version 2 (GPL-2.0)
+ *
+ * For full copyright and license information, please see
+ * the docs/CREDITS.txt file.
+ *
+ */
+
+namespace phpbb\db\migration\data\v33x;
+
+use phpbb\db\migration\migration;
+
+class jquery_update_v3 extends migration
+{
+	public function effectively_installed()
+	{
+		return $this->config['load_jquery_url'] === '//ajax.googleapis.com/ajax/libs/jquery/3.7.1/jquery.min.js';
+	}
+
+	public static function depends_on()
+	{
+		return ['\phpbb\db\migration\data\v33x\v3311'];
+	}
+
+	public function update_data()
+	{
+		return [
+			['config.update', ['load_jquery_url', '//ajax.googleapis.com/ajax/libs/jquery/3.7.1/jquery.min.js']],
+		];
+	}
+}

phpBB/phpbb/db/migration/data/v33x/profilefield_youtube_update.php

@@ -71,6 +71,12 @@ class profilefield_youtube_update extends \phpbb\db\migration\migration
 				. $this->db->get_any_char()
 		);
 
+		// We're done if the profile field doesn't exist
+		if (!$this->db_tools->sql_column_exists($profile_fields_data, $yt_profile_field))
+		{
+			return;
+		}
+
 		$this->db->sql_query(
 			"UPDATE $profile_fields_data SET
 				$yt_profile_field = $prepend_legacy_youtube_url

phpBB/phpbb/db/migration/data/v33x/profilefields_update.php

@@ -87,6 +87,12 @@ class profilefields_update extends \phpbb\db\migration\migration
 		$yt_profile_field = 'pf_phpbb_youtube';
 		$has_youtube_url = $this->db->sql_like_expression($this->db->get_any_char() . 'youtube.com/' . $this->db->get_any_char());
 
+		// We're done if the profile field doesn't exist
+		if (!$this->db_tools->sql_column_exists($profile_fields_data, $yt_profile_field))
+		{
+			return true;
+		}
+
 		$update_aborted = false;
 
 		$sql = 'SELECT user_id, pf_phpbb_youtube
@@ -153,6 +159,13 @@ class profilefields_update extends \phpbb\db\migration\migration
 		$this->db->sql_query($sql);
 
 		$yt_profile_field = 'pf_phpbb_youtube';
+
+		// We're done if the profile field doesn't exist
+		if (!$this->db_tools->sql_column_exists($profile_fields_data, $yt_profile_field))
+		{
+			return;
+		}
+
 		$prepend_legacy_youtube_url = $this->db->sql_concatenate(
 			"'https://youtube.com/'", $yt_profile_field
 		);

phpBB/phpbb/db/migration/data/v33x/v3312.php

@@ -0,0 +1,38 @@
+<?php
+/**
+ *
+ * This file is part of the phpBB Forum Software package.
+ *
+ * @copyright (c) phpBB Limited <https://www.phpbb.com>
+ * @license GNU General Public License, version 2 (GPL-2.0)
+ *
+ * For full copyright and license information, please see
+ * the docs/CREDITS.txt file.
+ *
+ */
+
+namespace phpbb\db\migration\data\v33x;
+
+class v3312 extends \phpbb\db\migration\migration
+{
+	public function effectively_installed()
+	{
+		return version_compare($this->config['version'], '3.3.12', '>=');
+	}
+
+	public static function depends_on()
+	{
+		return [
+			'\phpbb\db\migration\data\v33x\add_resend_activation_expiration',
+			'\phpbb\db\migration\data\v33x\add_user_last_active',
+			'\phpbb\db\migration\data\v33x\v3312rc1',
+		];
+	}
+
+	public function update_data()
+	{
+		return [
+			['config.update', ['version', '3.3.12']],
+		];
+	}
+}

phpBB/phpbb/db/migration/data/v33x/v3312rc1.php

@@ -0,0 +1,36 @@
+<?php
+/**
+ *
+ * This file is part of the phpBB Forum Software package.
+ *
+ * @copyright (c) phpBB Limited <https://www.phpbb.com>
+ * @license GNU General Public License, version 2 (GPL-2.0)
+ *
+ * For full copyright and license information, please see
+ * the docs/CREDITS.txt file.
+ *
+ */
+
+namespace phpbb\db\migration\data\v33x;
+
+class v3312rc1 extends \phpbb\db\migration\migration
+{
+	public function effectively_installed()
+	{
+		return version_compare($this->config['version'], '3.3.12-RC1', '>=');
+	}
+
+	public static function depends_on()
+	{
+		return [
+			'\phpbb\db\migration\data\v33x\jquery_update_v3',
+		];
+	}
+
+	public function update_data()
+	{
+		return [
+			['config.update', ['version', '3.3.12-RC1']],
+		];
+	}
+}

phpBB/phpbb/db/tools/factory.php

@@ -33,6 +33,10 @@ class factory
 		{
 			return new \phpbb\db\tools\postgres($db_driver, $return_statements);
 		}
+		else if ($db_driver instanceof \phpbb\db\driver\sqlite3)
+		{
+			return new \phpbb\db\tools\sqlite3($db_driver, $return_statements);
+		}
 		else if ($db_driver instanceof \phpbb\db\driver\driver_interface)
 		{
 			return new \phpbb\db\tools\tools($db_driver, $return_statements);

phpBB/phpbb/db/tools/sqlite3.php

@@ -0,0 +1,39 @@
+<?php
+/**
+ *
+ * This file is part of the phpBB Forum Software package.
+ *
+ * @copyright (c) phpBB Limited <https://www.phpbb.com>
+ * @license GNU General Public License, version 2 (GPL-2.0)
+ *
+ * For full copyright and license information, please see
+ * the docs/CREDITS.txt file.
+ *
+ */
+
+namespace phpbb\db\tools;
+
+/**
+ * Database Tools for handling cross-db actions such as altering columns, etc.
+ * Currently not supported is returning SQL for creating tables.
+ */
+class sqlite3 extends tools
+{
+	/**
+	 * {@inheritDoc}
+	 */
+	function sql_table_exists($table_name)
+	{
+		$this->db->sql_return_on_error(true);
+		$result = $this->db->sql_query("SELECT name FROM sqlite_master WHERE type='table' AND name='{$table_name}'");
+		$this->db->sql_return_on_error(false);
+
+		if (!empty($this->db->sql_fetchrowset($result)))
+		{
+			$this->db->sql_freeresult($result);
+			return true;
+		}
+
+		return false;
+	}
+}

phpBB/phpbb/event/kernel_exception_subscriber.php

@@ -44,6 +44,13 @@ class kernel_exception_subscriber implements EventSubscriberInterface
 	*/
 	protected $language;
 
+	/**
+	* User object
+	*
+	* @var \phpbb\user
+	*/
+	protected $user;
+
 	/** @var \phpbb\request\type_cast_helper */
 	protected $type_caster;
 
@@ -52,13 +59,15 @@ class kernel_exception_subscriber implements EventSubscriberInterface
 	*
 	* @param \phpbb\template\template	$template	Template object
 	* @param \phpbb\language\language	$language	Language object
+	* @param \phpbb\user				$user		User object
 	* @param bool						$debug		Set to true to show full exception messages
 	*/
-	public function __construct(\phpbb\template\template $template, \phpbb\language\language $language, $debug = false)
+	public function __construct(\phpbb\template\template $template, \phpbb\language\language $language, \phpbb\user $user, $debug = false)
 	{
 		$this->debug = $debug || defined('DEBUG');
 		$this->template = $template;
 		$this->language = $language;
+		$this->user = $user;
 		$this->type_caster = new \phpbb\request\type_cast_helper();
 	}
 
@@ -84,6 +93,12 @@ class kernel_exception_subscriber implements EventSubscriberInterface
 			$message = $this->language->lang('PAGE_NOT_FOUND');
 		}
 
+		// Do not update user session page if it does not exist
+		if ($exception instanceof NotFoundHttpException)
+		{
+			$this->user->update_session_page = false;
+		}
+
 		// Show <strong> text in bold
 		$message = preg_replace('#&lt;(/?strong)&gt;#i', '<$1>', $message);
 

phpBB/phpbb/install/controller/helper.php

@@ -267,7 +267,7 @@ class helper
 			'L_SKIP'				=> $this->language->lang('SKIP'),
 			'PAGE_TITLE'			=> $this->language->lang($page_title),
 			'T_IMAGE_PATH'			=> $this->path_helper->get_web_root_path() . $path . 'images',
-			'T_JQUERY_LINK'			=> $this->path_helper->get_web_root_path() . $path . '../assets/javascript/jquery-3.6.0.min.js',
+			'T_JQUERY_LINK'			=> $this->path_helper->get_web_root_path() . $path . '../assets/javascript/jquery-3.7.1.min.js',
 			'T_TEMPLATE_PATH'		=> $this->path_helper->get_web_root_path() . $path . 'style',
 			'T_ASSETS_PATH'			=> $this->path_helper->get_web_root_path() . $path . '../assets',
 

phpBB/phpbb/lock/posting.php

@@ -0,0 +1,77 @@
+<?php
+/**
+ *
+ * This file is part of the phpBB Forum Software package.
+ *
+ * @copyright (c) phpBB Limited <https://www.phpbb.com>
+ * @license GNU General Public License, version 2 (GPL-2.0)
+ *
+ * For full copyright and license information, please see
+ * the docs/CREDITS.txt file.
+ *
+ */
+
+namespace phpbb\lock;
+
+use phpbb\cache\driver\driver_interface as cache_interface;
+use phpbb\config\config;
+
+class posting
+{
+	/** @var cache_interface */
+	private $cache;
+
+	/** @var config */
+	private $config;
+
+	/** @var string */
+	private $lock_name = '';
+
+	/**
+	 * Constructor for posting lock
+	 *
+	 * @param cache_interface $cache
+	 * @param config $config
+	 */
+	public function __construct(cache_interface $cache, config $config)
+	{
+		$this->cache = $cache;
+		$this->config = $config;
+	}
+
+	/**
+	 * Set lock name
+	 *
+	 * @param int $creation_time Creation time of form, must be checked already
+	 * @param string $form_token Form token used for form, must be checked already
+	 *
+	 * @return void
+	 */
+	private function set_lock_name(int $creation_time, string $form_token): void
+	{
+		$this->lock_name = sha1(((string) $creation_time) . $form_token) . '_posting_lock';
+	}
+
+	/**
+	 * Acquire lock for current posting form submission
+	 *
+	 * @param int $creation_time Creation time of form, must be checked already
+	 * @param string $form_token Form token used for form, must be checked already
+	 *
+	 * @return bool True if lock could be acquired, false if not
+	 */
+	public function acquire(int $creation_time, string $form_token): bool
+	{
+		$this->set_lock_name($creation_time, $form_token);
+
+		// Lock is held for session, cannot acquire it unless special flag for testing is set
+		if ($this->cache->_exists($this->lock_name) && !$this->config->offsetExists('ci_tests_no_lock_posting'))
+		{
+			return false;
+		}
+
+		$this->cache->put($this->lock_name, true, $this->config['flood_interval']);
+
+		return true;
+	}
+}

phpBB/phpbb/notification/manager.php

@@ -411,12 +411,17 @@ class manager
 
 			foreach ($methods as $method)
 			{
-				// setup the notification methods and add the notification to the queue
+				// Do not load non-existent notification methods
+				if (!isset($this->notification_methods[$method]))
+				{
+					continue;
+				}
+
+				// Setup the notification methods and add the notification to the queue
 				if (!isset($notification_methods[$method]))
 				{
 					$notification_methods[$method] = $this->get_method_class($method);
 				}
-
 				$notification_methods[$method]->add_to_queue($notification);
 			}
 		}

phpBB/phpbb/path_helper.php

@@ -39,6 +39,9 @@ class path_helper
 	/** @var string */
 	protected $web_root_path;
 
+	/** @var bool Flag whether we're in adm path */
+	protected $in_adm_path = false;
+
 	/**
 	* Constructor
 	*
@@ -117,7 +120,13 @@ class path_helper
 				$path = substr($path, 8);
 			}
 
-			return $this->filesystem->clean_path($web_root_path . $path);
+			$path = $this->filesystem->clean_path($web_root_path . $path);
+
+			// Further clean path if we're in adm
+			if ($this->in_adm_path && strpos($path, $this->phpbb_root_path . $this->adm_relative_path) === 0)
+			{
+				$path = substr($path, strlen($this->phpbb_root_path . $this->adm_relative_path));
+			}
 		}
 
 		return $path;
@@ -181,6 +190,11 @@ class path_helper
 			return $this->web_root_path = $this->filesystem->clean_path('./../' . $this->phpbb_root_path);
 		}
 
+		if ($path_info === '/' && defined('ADMIN_START') && preg_match('/\/' . preg_quote($this->adm_relative_path, '/') . 'index\.' . $this->php_ext . '$/', $script_name))
+		{
+			$this->in_adm_path = true;
+		}
+
 		/*
 		* If the path info is empty (single /), then we're not using
 		*	a route like app.php/foo/bar

phpBB/phpbb/session.php

@@ -440,6 +440,12 @@ class session
 						// Is user banned? Are they excluded? Won't return on ban, exists within method
 						$this->check_ban_for_current_session($config);
 
+						// Update user last active time accordingly, but in a minute or so
+						if ((int) $this->data['session_time'] - (int) $this->data['user_last_active'] > 60)
+						{
+							$this->update_last_active_time();
+						}
+
 						return true;
 					}
 				}
@@ -688,10 +694,7 @@ class session
 				if ($this->time_now - $this->data['session_time'] > 60 || ($this->update_session_page && $this->data['session_page'] != $this->page['page']))
 				{
 					// Update the last visit time
-					$sql = 'UPDATE ' . USERS_TABLE . '
-						SET user_lastvisit = ' . (int) $this->data['session_time'] . '
-						WHERE user_id = ' . (int) $this->data['user_id'];
-					$db->sql_query($sql);
+					$this->update_user_lastvisit();
 				}
 
 				$SID = '?sid=';
@@ -815,20 +818,21 @@ class session
 				$this->data['user_form_salt'] = unique_id();
 				// Update the form key
 				$sql = 'UPDATE ' . USERS_TABLE . '
-					SET user_form_salt = \'' . $db->sql_escape($this->data['user_form_salt']) . '\'
+					SET user_form_salt = \'' . $db->sql_escape($this->data['user_form_salt']) . '\',
+						user_last_active = ' . (int) $this->data['session_time'] . '
 					WHERE user_id = ' . (int) $this->data['user_id'];
 				$db->sql_query($sql);
 			}
+			else
+			{
+				$this->update_last_active_time();
+			}
 		}
 		else
 		{
 			$this->data['session_time'] = $this->data['session_last_visit'] = $this->time_now;
 
-			// Update the last visit time
-			$sql = 'UPDATE ' . USERS_TABLE . '
-				SET user_lastvisit = ' . (int) $this->data['session_time'] . '
-				WHERE user_id = ' . (int) $this->data['user_id'];
-			$db->sql_query($sql);
+			$this->update_user_lastvisit();
 
 			$SID = '?sid=';
 			$_SID = '';
@@ -960,8 +964,8 @@ class session
 		}
 
 		/**
-		 * Get expired sessions for registered users, only most recent for each user
-		 * Inner SELECT gets most recent expired sessions for unique session_user_id
+		 * Get most recent session for each registered user to sync user last visit with it
+		 * Inner SELECT gets most recent sessions for each unique session_user_id
 		 * Outer SELECT gets data for them
 		 */
 		$sql_select = 'SELECT s1.session_page, s1.session_user_id, s1.session_time AS recent_time
@@ -969,8 +973,7 @@ class session
 			INNER JOIN (
 				SELECT session_user_id, MAX(session_time) AS recent_time
 				FROM ' . SESSIONS_TABLE . '
-				WHERE session_time < ' . ($this->time_now - (int) $config['session_length']) . '
-					AND session_user_id <> ' . ANONYMOUS . '
+				WHERE session_user_id <> ' . ANONYMOUS . '
 				GROUP BY session_user_id
 			) AS s2
 			ON s1.session_user_id = s2.session_user_id
@@ -1475,12 +1478,12 @@ class session
 		}
 
 		$dnsbl_check = array(
-			'sbl.spamhaus.org'	=> ['http://www.spamhaus.org/query/bl?ip=', 'check_dnsbl_spamhaus'],
+			'sbl.spamhaus.org'	=> ['https://check.spamhaus.org/listed/?searchterm=', 'check_dnsbl_spamhaus'],
 		);
 
 		if ($mode == 'register')
 		{
-			$dnsbl_check['bl.spamcop.net'] = ['http://spamcop.net/bl.shtml?', 'check_dnsbl_ipv4_generic'];
+			$dnsbl_check['bl.spamcop.net'] = ['https://www.spamcop.net/bl.shtml?', 'check_dnsbl_ipv4_generic'];
 		}
 
 		if ($ip)
@@ -1760,7 +1763,7 @@ class session
 		}
 
 		// Do not update the session page for ajax requests, so the view online still works as intended
-		$page_changed = $this->update_session_page && (!isset($this->data['session_page']) || $this->data['session_page'] != $this->page['page']) && !$request->is_ajax();
+		$page_changed = $this->update_session_page && (!isset($this->data['session_page']) || $this->data['session_page'] != $this->page['page'] || $this->data['session_forum_id'] != $this->page['forum']) && !$request->is_ajax();
 
 		// Only update session DB a minute or so after last update or if page changes
 		if ($this->time_now - (isset($this->data['session_time']) ? $this->data['session_time'] : 0) > 60 || $page_changed)
@@ -1797,4 +1800,39 @@ class session
 	{
 		return isset($this->data['user_id']) ? (int) $this->data['user_id'] : ANONYMOUS;
 	}
+
+	/**
+	 * Update user last visit time
+	 */
+	public function update_user_lastvisit()
+	{
+		global $db;
+
+		if (isset($this->data['session_time'], $this->data['user_id']))
+		{
+			$sql = 'UPDATE ' . USERS_TABLE . '
+				SET user_lastvisit = ' . (int) $this->data['session_time'] . ',
+					user_last_active = ' . (int) $this->data['session_time'] . '
+				WHERE user_id = ' . (int) $this->data['user_id'];
+			$db->sql_query($sql);
+		}
+	}
+
+	/**
+	 * Update user's last active time
+	 *
+	 * @return void
+	 */
+	public function update_last_active_time()
+	{
+		global $db;
+
+		if (isset($this->data['session_time'], $this->data['user_id']))
+		{
+			$sql = 'UPDATE ' . USERS_TABLE . '
+				SET user_last_active = ' . (int) $this->data['session_time'] . '
+				WHERE user_id = ' . (int) $this->data['user_id'];
+			$db->sql_query($sql);
+		}
+	}
 }

phpBB/phpbb/template/twig/environment.php

@@ -69,7 +69,6 @@ class environment extends \Twig\Environment
 		$this->phpbb_dispatcher = $phpbb_dispatcher;
 
 		$this->phpbb_root_path = $this->phpbb_path_helper->get_phpbb_root_path();
-		$this->web_root_path = $this->phpbb_path_helper->get_web_root_path();
 
 		$this->assets_bag = new assets_bag();
 
@@ -132,7 +131,7 @@ class environment extends \Twig\Environment
 	*/
 	public function get_web_root_path()
 	{
-		return $this->web_root_path;
+		return $this->web_root_path ?? $this->web_root_path = $this->phpbb_path_helper->get_web_root_path();
 	}
 
 	/**

phpBB/phpbb/textreparser/base.php

@@ -198,8 +198,8 @@ abstract class base implements reparser_interface
 	*/
 	protected function guess_magic_url(array $record)
 	{
-		// Look for <!-- m --> or for a URL tag that's not immediately followed by <s>
-		return (strpos($record['text'], '<!-- m -->') !== false || preg_match('(<URL [^>]++>(?!<s>))', $record['text']));
+		// Look for magic URL markers or for a URL tag that's not immediately followed by <s>
+		return preg_match('#<!-- ([lmwe]) -->.*?<!-- \1 -->#', $record['text']) || preg_match('(<URL [^>]++>(?!<s>))', $record['text']);
 	}
 
 	/**
@@ -231,7 +231,10 @@ abstract class base implements reparser_interface
 	*/
 	protected function reparse_record(array $record)
 	{
+		// Guess magic URL state based on actual record content before adding fields
+		$record['enable_magic_url'] = $this->guess_magic_url($record);
 		$record = $this->add_missing_fields($record);
+
 		$flags = ($record['enable_bbcode']) ? OPTION_FLAG_BBCODE : 0;
 		$flags |= ($record['enable_smilies']) ? OPTION_FLAG_SMILIES : 0;
 		$flags |= ($record['enable_magic_url']) ? OPTION_FLAG_LINKS : 0;

phpBB/phpbb/ucp/controller/reset_password.php

@@ -242,7 +242,7 @@ class reset_password
 
 				$sql_ary = [
 					'reset_token'				=> $reset_token,
-					'reset_token_expiration'	=> strtotime('+1 day'),
+					'reset_token_expiration'	=> $this->user::get_token_expiration(),
 				];
 
 				$sql = 'UPDATE ' . $this->users_table . '
@@ -407,6 +407,7 @@ class reset_password
 			{
 				$sql_ary = [
 					'user_password'				=> $this->passwords_manager->hash($data['new_password']),
+					'user_passchg'				=> time(),
 					'user_login_attempts'		=> 0,
 					'reset_token'				=> '',
 					'reset_token_expiration'	=> 0,

phpBB/phpbb/user.php

@@ -57,7 +57,7 @@ class user extends \phpbb\session
 	* @param \phpbb\language\language	$lang			phpBB's Language loader
 	* @param string						$datetime_class	Class name of datetime class
 	*/
-	function __construct(\phpbb\language\language $lang, $datetime_class)
+	public function __construct(\phpbb\language\language $lang, $datetime_class)
 	{
 		global $phpbb_root_path;
 
@@ -78,6 +78,16 @@ class user extends \phpbb\session
 		return $this->is_setup_flag;
 	}
 
+	/**
+	 * Get expiration time for user tokens, e.g. activation or reset password tokens
+	 *
+	 * @return int Expiration for user tokens
+	 */
+	public static function get_token_expiration(): int
+	{
+		return strtotime('+1 day') ?: 0;
+	}
+
 	/**
 	 * Magic getter for BC compatibility
 	 *

phpBB/posting.php

@@ -104,8 +104,17 @@ switch ($mode)
 			trigger_error('NO_POST');
 		}
 
+		// Need to update session forum_id to valid value for proper viewonline information
+		if (!$forum_id)
+		{
+			$user->page['forum'] = (int) $topic_forum['forum_id'];
+			$user->update_session_page = true;
+			$user->update_session_infos();
+		}
+
 		$topic_id = (int) $topic_forum['topic_id'];
 		$forum_id = (int) $topic_forum['forum_id'];
+
 	break;
 }
 
@@ -1420,7 +1429,14 @@ if ($submit || $preview || $refresh)
 	// Store message, sync counters
 	if (!count($error) && $submit)
 	{
-		if ($submit)
+		/** @var \phpbb\lock\posting $posting_lock */
+		$posting_lock = $phpbb_container->get('posting.lock');
+
+		// Get creation time and form token, must be already checked at this point
+		$creation_time	= abs($request->variable('creation_time', 0));
+		$form_token = $request->variable('form_token', '');
+
+		if ($posting_lock->acquire($creation_time, $form_token))
 		{
 			// Lock/Unlock Topic
 			$change_topic_status = $post_data['topic_status'];
@@ -1611,6 +1627,11 @@ if ($submit || $preview || $refresh)
 
 			redirect($redirect_url);
 		}
+		else
+		{
+			// Posting was already locked before, hence form submission was already attempted once and is now invalid
+			$error[] = $language->lang('FORM_INVALID');
+		}
 	}
 }
 

phpBB/search.php

@@ -337,7 +337,13 @@ if ($keywords || $author || $author_id || $search_id || $submit)
 	}
 
 	// define some variables needed for retrieving post_id/topic_id information
-	$sort_by_sql = array('a' => 'u.username_clean', 't' => (($show_results == 'posts') ? 'p.post_time' : 't.topic_last_post_time'), 'f' => 'f.forum_id', 'i' => 't.topic_title', 's' => (($show_results == 'posts') ? 'p.post_subject' : 't.topic_title'));
+	$sort_by_sql = [
+		'a' => 'u.username_clean',
+		't' => (($show_results == 'posts') ? 'p.post_time' : 't.topic_last_post_time'),
+		'f' => 'f.forum_id',
+		'i' => 't.topic_title',
+		's' => (($show_results == 'posts') ? 'p.post_subject' : 't.topic_title')
+	];
 
 	/**
 	* Event to modify the SQL parameters before pre-made searches
@@ -403,11 +409,11 @@ if ($keywords || $author || $author_id || $search_id || $submit)
 				$sql_sort = 'ORDER BY ' . $sort_by_sql[$sort_key] . (($sort_dir == 'a') ? ' ASC' : ' DESC');
 
 				$sort_join = ($sort_key == 'f') ? FORUMS_TABLE . ' f, ' : '';
-				$sql_sort = ($sort_key == 'f') ? ' AND f.forum_id = p.forum_id ' . $sql_sort : $sql_sort;
+				$sql_sort = ($sort_key == 'f') ? ' AND f.forum_id = t.forum_id ' . $sql_sort : $sql_sort;
 
 				if ($sort_days)
 				{
-					$last_post_time = 'AND p.post_time > ' . (time() - ($sort_days * 24 * 3600));
+					$last_post_time = 'AND ' . ($show_results == 'posts' ? 'p.post_time' : 't.topic_last_post_time') . ' > ' . (time() - ($sort_days * 24 * 3600));
 				}
 				else
 				{
@@ -417,7 +423,7 @@ if ($keywords || $author || $author_id || $search_id || $submit)
 				if ($sort_key == 'a')
 				{
 					$sort_join = USERS_TABLE . ' u, ';
-					$sql_sort = ' AND u.user_id = p.poster_id ' . $sql_sort;
+					$sql_sort = ' AND u.user_id = ' . ($show_results == 'posts' ? 'p.poster_id ' : 't.topic_last_poster_id ') . $sql_sort;
 				}
 				if ($show_results == 'posts')
 				{
@@ -433,14 +439,13 @@ if ($keywords || $author || $author_id || $search_id || $submit)
 				}
 				else
 				{
-					$sql = 'SELECT DISTINCT ' . $sort_by_sql[$sort_key] . ", p.topic_id
-						FROM $sort_join" . POSTS_TABLE . ' p, ' . TOPICS_TABLE . " t
+					$sql = 'SELECT DISTINCT ' . $sort_by_sql[$sort_key] . ", t.topic_id
+						FROM $sort_join" . TOPICS_TABLE . " t
 						WHERE t.topic_posts_approved = 1
 							AND t.topic_moved_id = 0
-							AND p.topic_id = t.topic_id
 							$last_post_time
 							AND $m_approve_topics_fid_sql
-							" . ((count($ex_fid_ary)) ? ' AND ' . $db->sql_in_set('p.forum_id', $ex_fid_ary, true) : '') . "
+							" . ((count($ex_fid_ary)) ? ' AND ' . $db->sql_in_set('t.forum_id', $ex_fid_ary, true) : '') . "
 						$sql_sort";
 					$field = 'topic_id';
 				}

phpBB/styles/prosilver/style.cfg

@@ -21,8 +21,8 @@
 # General Information about this style
 name = prosilver
 copyright = © phpBB Limited, 2007
-style_version = 3.3.11
-phpbb_version = 3.3.11
+style_version = 3.3.12
+phpbb_version = 3.3.12
 
 # Defining a different template bitfield
 # template_bitfield = //g=

phpBB/styles/prosilver/template/ajax.js

@@ -337,6 +337,29 @@ $('[data-ajax]').each(function() {
 	}
 });
 
+// Prevent accidental double submission of form
+$('[data-prevent-flood] input[type=submit]').click(function(event) {
+	const $submitButton = $(this); // Store the button element
+	const $form = $submitButton.closest('form');
+
+	// Always add the disabled class for visual feedback
+	$submitButton.addClass('disabled');
+
+	// Submit form if it hasn't been submitted yet
+	if (!$form.prop('data-form-submitted')) {
+		$form.prop('data-form-submitted', true);
+
+		return;
+	}
+
+	// Prevent default submission for subsequent clicks within 5 seconds
+	event.preventDefault();
+
+	setTimeout(() => {
+		$form.prop('removeProp', 'data-form-submitted');
+		$submitButton.removeClass('disabled'); // Re-enable after 5 seconds
+	}, 5000);
+});
 
 /**
  * This simply appends #preview to the action of the

phpBB/styles/prosilver/template/index_body.html

@@ -19,8 +19,8 @@
 	<form method="post" action="{S_LOGIN_ACTION}" class="headerspace">
 	<h3><a href="{U_LOGIN_LOGOUT}">{L_LOGIN_LOGOUT}</a><!-- IF S_REGISTER_ENABLED -->&nbsp; &bull; &nbsp;<a href="{U_REGISTER}">{L_REGISTER}</a><!-- ENDIF --></h3>
 		<fieldset class="quick-login">
-			<label for="username"><span>{L_USERNAME}{L_COLON}</span> <input type="text" tabindex="1" name="username" id="username" size="10" class="inputbox" title="{L_USERNAME}" /></label>
-			<label for="password"><span>{L_PASSWORD}{L_COLON}</span> <input type="password" tabindex="2" name="password" id="password" size="10" class="inputbox" title="{L_PASSWORD}" autocomplete="off" /></label>
+			<label for="username"><span>{L_USERNAME}{L_COLON}</span> <input type="text" tabindex="1" name="username" id="username" size="10" class="inputbox" title="{L_USERNAME}" autocomplete="username" /></label>
+			<label for="password"><span>{L_PASSWORD}{L_COLON}</span> <input type="password" tabindex="2" name="password" id="password" size="10" class="inputbox" title="{L_PASSWORD}" autocomplete="current-password" /></label>
 			<!-- IF U_SEND_PASSWORD -->
 				<a href="{U_SEND_PASSWORD}">{L_FORGOT_PASS}</a>
 			<!-- ENDIF -->

phpBB/styles/prosilver/template/login_body.html

@@ -11,11 +11,11 @@
 		<!-- IF LOGIN_ERROR --><div class="error">{LOGIN_ERROR}</div><!-- ENDIF -->
 		<dl>
 			<dt><label for="{USERNAME_CREDENTIAL}">{L_USERNAME}{L_COLON}</label></dt>
-			<dd><input type="text" tabindex="1" name="{USERNAME_CREDENTIAL}" id="{USERNAME_CREDENTIAL}" size="25" value="{USERNAME}" class="inputbox autowidth" /></dd>
+			<dd><input type="text" tabindex="1" name="{USERNAME_CREDENTIAL}" id="{USERNAME_CREDENTIAL}" size="25" value="{USERNAME}" class="inputbox autowidth" autocomplete="username" /></dd>
 		</dl>
 		<dl>
 			<dt><label for="{PASSWORD_CREDENTIAL}">{L_PASSWORD}{L_COLON}</label></dt>
-			<dd><input type="password" tabindex="2" id="{PASSWORD_CREDENTIAL}" name="{PASSWORD_CREDENTIAL}" size="25" class="inputbox autowidth" autocomplete="off" /></dd>
+			<dd><input type="password" tabindex="2" id="{PASSWORD_CREDENTIAL}" name="{PASSWORD_CREDENTIAL}" size="25" class="inputbox autowidth" autocomplete="current-password" /></dd>
 			<!-- IF S_DISPLAY_FULL_LOGIN and (U_SEND_PASSWORD or U_RESEND_ACTIVATION) -->
 				<!-- IF U_SEND_PASSWORD --><dd><a href="{U_SEND_PASSWORD}">{L_FORGOT_PASS}</a></dd><!-- ENDIF -->
 				<!-- IF U_RESEND_ACTIVATION --><dd><a href="{U_RESEND_ACTIVATION}">{L_RESEND_ACTIVATION}</a></dd><!-- ENDIF -->

phpBB/styles/prosilver/template/mcp_topic.html

@@ -95,6 +95,9 @@
 	<div id="topicreview" class="topicreview">
 		<!-- BEGIN postrow -->
 		<!-- EVENT mcp_topic_postrow_post_before -->
+		<!-- IF postrow.S_FIRST_UNREAD -->
+			<a id="unread" class="anchor"<!-- IF S_UNREAD_VIEW --> data-url="{postrow.U_MINI_POST}"<!-- ENDIF -->></a>
+		<!-- ENDIF -->
 		<div class="post <!-- IF postrow.S_ROW_COUNT is odd -->bg1<!-- ELSE -->bg2<!-- ENDIF -->">
 			<div class="inner">
 

phpBB/styles/prosilver/template/notification_dropdown.html

@@ -40,8 +40,10 @@
 			<!-- END notifications -->
 		</ul>
 
+		{% EVENT notification_dropdown_footer_before %}
 		<div class="footer">
 			<a href="{U_VIEW_ALL_NOTIFICATIONS}"><span>{L_SEE_ALL}</span></a>
 		</div>
+		{% EVENT notification_dropdown_footer_after %}
 	</div>
 </div>

phpBB/styles/prosilver/template/overall_footer.html

@@ -64,7 +64,7 @@
 </div>
 
 <script src="{T_JQUERY_LINK}"></script>
-<!-- IF S_ALLOW_CDN --><script>window.jQuery || document.write('\x3Cscript src="{T_ASSETS_PATH}/javascript/jquery-3.6.0.min.js?assets_version={T_ASSETS_VERSION}">\x3C/script>');</script><!-- ENDIF -->
+<!-- IF S_ALLOW_CDN --><script>window.jQuery || document.write('\x3Cscript src="{T_ASSETS_PATH}/javascript/jquery-3.7.1.min.js?assets_version={T_ASSETS_VERSION}">\x3C/script>');</script><!-- ENDIF -->
 <script src="{T_ASSETS_PATH}/javascript/core.js?assets_version={T_ASSETS_VERSION}"></script>
 <!-- INCLUDEJS forum_fn.js -->
 <!-- INCLUDEJS ajax.js -->

phpBB/styles/prosilver/template/posting_editor.html

@@ -100,7 +100,7 @@
 	<!-- IF not S_SHOW_DRAFTS and not $SIG_EDIT eq 1 -->
 	<div class="panel bg2">
 		<div class="inner">
-		<fieldset class="submit-buttons">
+		<fieldset class="submit-buttons" data-prevent-flood>
 			{S_HIDDEN_ADDRESS_FIELD}
 			{S_HIDDEN_FIELDS}
 			<!-- EVENT posting_editor_submit_buttons -->

phpBB/styles/prosilver/template/simple_footer.html

@@ -36,7 +36,7 @@
 </div>
 
 <script src="{T_JQUERY_LINK}"></script>
-<!-- IF S_ALLOW_CDN --><script>window.jQuery || document.write('\x3Cscript src="{T_ASSETS_PATH}/javascript/jquery-3.6.0.min.js?assets_version={T_ASSETS_VERSION}">\x3C/script>');</script><!-- ENDIF -->
+<!-- IF S_ALLOW_CDN --><script>window.jQuery || document.write('\x3Cscript src="{T_ASSETS_PATH}/javascript/jquery-3.7.1.min.js?assets_version={T_ASSETS_VERSION}">\x3C/script>');</script><!-- ENDIF -->
 <script src="{T_ASSETS_PATH}/javascript/core.js?assets_version={T_ASSETS_VERSION}"></script>
 <!-- INCLUDEJS forum_fn.js -->
 <!-- INCLUDEJS ajax.js -->

phpBB/styles/prosilver/template/ucp_footer.html

@@ -1,6 +1,6 @@
 
 		</div>
-
+		{% EVENT ucp_footer_content_after %}
 	</div>
 	</div>
 </div>

phpBB/styles/prosilver/template/ucp_header.html

@@ -98,4 +98,6 @@
 
 	</div>
 
+	{% EVENT ucp_header_content_before %}
+
 	<div id="cp-main" class="cp-main ucp-main panel-container">

phpBB/styles/prosilver/template/ucp_login_link.html

@@ -32,11 +32,11 @@
 				<!-- IF LOGIN_ERROR --><div class="error">{LOGIN_ERROR}</div><!-- ENDIF -->
 				<dl>
 					<dt><label for="{USERNAME_CREDENTIAL}">{L_USERNAME}{L_COLON}</label></dt>
-					<dd><input type="text" tabindex="2" name="{USERNAME_CREDENTIAL}" id="{USERNAME_CREDENTIAL}" size="25" value="{LOGIN_USERNAME}" class="inputbox autowidth" /></dd>
+					<dd><input type="text" tabindex="2" name="{USERNAME_CREDENTIAL}" id="{USERNAME_CREDENTIAL}" size="25" value="{LOGIN_USERNAME}" class="inputbox autowidth" autocomplete="username" /></dd>
 				</dl>
 				<dl>
 					<dt><label for="{PASSWORD_CREDENTIAL}">{L_PASSWORD}{L_COLON}</label></dt>
-					<dd><input type="password" tabindex="3" id="{PASSWORD_CREDENTIAL}" name="{PASSWORD_CREDENTIAL}" size="25" class="inputbox autowidth" autocomplete="off" /></dd>
+					<dd><input type="password" tabindex="3" id="{PASSWORD_CREDENTIAL}" name="{PASSWORD_CREDENTIAL}" size="25" class="inputbox autowidth" autocomplete="current-password" /></dd>
 				</dl>
 				<!-- IF CAPTCHA_TEMPLATE and S_CONFIRM_CODE -->
 					<!-- DEFINE $CAPTCHA_TAB_INDEX = 4 -->

phpBB/styles/prosilver/template/ucp_notifications.html

@@ -1,8 +1,13 @@
 <!-- INCLUDE ucp_header.html -->
 
+{% EVENT ucp_notifications_form_before %}
+
 <form id="ucp" method="post" action="{S_UCP_ACTION}"{S_FORM_ENCTYPE}>
 
 <h2>{TITLE}</h2>
+
+{% EVENT ucp_notifications_content_before %}
+
 <div class="panel">
 	<div class="inner">
 
@@ -105,6 +110,8 @@
 	</div>
 </div>
 
+{% EVENT ucp_notifications_content_after %}
+
 <!-- IF .notification_types or .notification_list -->
 <fieldset class="display-actions">
 	<input type="hidden" name="form_time" value="{FORM_TIME}" />
@@ -117,4 +124,6 @@
 
 </form>
 
+{% EVENT ucp_notifications_form_after %}
+
 <!-- INCLUDE ucp_footer.html -->

phpBB/styles/prosilver/template/ucp_register.html

@@ -38,7 +38,7 @@
 	<!-- EVENT ucp_register_credentials_before -->
 	<dl>
 		<dt><label for="username">{L_USERNAME}{L_COLON}</label><br /><span>{L_USERNAME_EXPLAIN}</span></dt>
-		<dd><input type="text" tabindex="1" name="username" id="username" size="25" value="{USERNAME}" class="inputbox autowidth" title="{L_USERNAME}" /></dd>
+		<dd><input type="text" tabindex="1" name="username" id="username" size="25" value="{USERNAME}" class="inputbox autowidth" title="{L_USERNAME}" autocomplete="off" /></dd>
 	</dl>
 	<dl>
 		<dt><label for="new_password">{L_PASSWORD}{L_COLON}</label><br /><span>{L_PASSWORD_EXPLAIN}</span></dt>

phpBB/styles/prosilver/template/viewforum_body.html

@@ -101,11 +101,11 @@
 				<fieldset class="fields1">
 				<dl>
 					<dt><label for="username">{L_USERNAME}{L_COLON}</label></dt>
-					<dd><input type="text" tabindex="1" name="username" id="username" size="25" value="{USERNAME}" class="inputbox autowidth" /></dd>
+					<dd><input type="text" tabindex="1" name="username" id="username" size="25" value="{USERNAME}" class="inputbox autowidth" autocomplete="username" /></dd>
 				</dl>
 				<dl>
 					<dt><label for="password">{L_PASSWORD}{L_COLON}</label></dt>
-					<dd><input type="password" tabindex="2" id="password" name="password" size="25" class="inputbox autowidth" autocomplete="off" /></dd>
+					<dd><input type="password" tabindex="2" id="password" name="password" size="25" class="inputbox autowidth" autocomplete="current-password" /></dd>
 					<!-- IF S_AUTOLOGIN_ENABLED --><dd><label for="autologin"><input type="checkbox" name="autologin" id="autologin" tabindex="3" /> {L_LOG_ME_IN}</label></dd><!-- ENDIF -->
 					<dd><label for="viewonline"><input type="checkbox" name="viewonline" id="viewonline" tabindex="4" /> {L_HIDE_ME}</label></dd>
 				</dl>

phpBB/styles/prosilver/template/viewtopic_body.html

@@ -467,4 +467,6 @@
 	</div>
 <!-- ENDIF -->
 
+{% EVENT viewtopic_body_online_list_after %}
+
 <!-- INCLUDE overall_footer.html -->

phpBB/styles/prosilver/template/viewtopic_print.html

@@ -8,7 +8,9 @@
 <title>{SITENAME} &bull; {PAGE_TITLE}</title>
 
 <link href="{T_THEME_PATH}/print.css" rel="stylesheet">
-<link href="{T_THEME_PATH}/bidi.css" rel="stylesheet">
+{% if S_CONTENT_DIRECTION eq 'rtl' %}
+	<link href="{T_THEME_PATH}/bidi.css" rel="stylesheet">
+{% endif %}
 <!-- EVENT viewtopic_print_head_append -->
 </head>
 <body id="phpbb" class="{S_CONTENT_DIRECTION}">

phpBB/styles/prosilver/theme/content.css

@@ -878,6 +878,6 @@ table.fixed-width-table {
 	font-size: 1.3em;
 }
 
-.group-description ul {
+.group-description ol, .group-description ul {
 	list-style-position: inside;
 }

phpBB/styles/prosilver/theme/stylesheet.css

@@ -12,10 +12,10 @@
 @import url("utilities.css?hash=d8f72c42");
 @import url("common.css?hash=a9741ba1");
 @import url("links.css?hash=18286e16");
-@import url("content.css?hash=be57a41d");
+@import url("content.css?hash=d0e24377");
 @import url("buttons.css?hash=56f0d25f");
 @import url("cp.css?hash=50d868ab");
-@import url("forms.css?hash=b64464fb");
+@import url("forms.css?hash=9016b55c");
 @import url("icons.css?hash=64da33ce");
 @import url("colours.css?hash=fcb2f289");
-@import url("responsive.css?hash=87b53e08");
+@import url("responsive.css?hash=91525545");

phpBB/viewonline.php

@@ -470,20 +470,25 @@ else
 }
 $result = $db->sql_query($sql);
 
-$legend = '';
+$legend = [];
 while ($row = $db->sql_fetchrow($result))
 {
+	$colour_text = ($row['group_colour']) ? ' style="color:#' . $row['group_colour'] . '"' : '';
+	$group_name = $group_helper->get_name($row['group_name']);
+
 	if ($row['group_name'] == 'BOTS')
 	{
-		$legend .= (($legend != '') ? ', ' : '') . '<span style="color:#' . $row['group_colour'] . '">' . $user->lang['G_BOTS'] . '</span>';
+		$legend[] = '<span' . $colour_text . '>' . $group_name . '</span>';
 	}
 	else
 	{
-		$legend .= (($legend != '') ? ', ' : '') . '<a style="color:#' . $row['group_colour'] . '" href="' . append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=group&amp;g=' . $row['group_id']) . '">' . $group_helper->get_name($row['group_name']) . '</a>';
+		$legend[] = '<a' . $colour_text . ' href="' . append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=group&amp;g=' . $row['group_id']) . '">' . $group_name . '</a>';
 	}
 }
 $db->sql_freeresult($result);
 
+$legend = implode($user->lang['COMMA_SEPARATOR'], $legend);
+
 // Refreshing the page every 60 seconds...
 meta_refresh(60, append_sid("{$phpbb_root_path}viewonline.$phpEx", "sg=$show_guests&amp;sk=$sort_key&amp;sd=$sort_dir&amp;start=$start"));
 

tests/auth/provider_apache_test.php

@@ -115,6 +115,7 @@ class phpbb_auth_provider_apache_test extends phpbb_database_test_case
 			'user_email' => 'example@example.com',
 			'user_birthday' => '',
 			'user_lastvisit' => 0,
+			'user_last_active' => 0,
 			'user_lastmark' => 0,
 			'user_lastpost_time' => 0,
 			'user_lastpage' => '',
@@ -161,6 +162,7 @@ class phpbb_auth_provider_apache_test extends phpbb_database_test_case
 			'user_sig_bbcode_bitfield' => '',
 			'user_jabber' => '',
 			'user_actkey' => '',
+			'user_actkey_expiration' => 0,
 			'user_newpasswd' => '',
 			'user_form_salt' => '',
 			'user_new' => 1,

tests/error_collector_test.php

@@ -53,15 +53,14 @@ class phpbb_error_collector_test extends phpbb_test_case
 		// Division by zero was promoted to fatal error and throws DivisionByZeroError exception in PHP 8+
 		version_compare(PHP_VERSION, '8', '>=') ? '1b'['0xFF'] : 1/0; $line = __LINE__;
 
-		// Cause a "Notice: unserialize(): Error at offset 0 of 27 bytes in ..."
-		// "Undefined array index" used earlier was promoted to warning in PHP 8.0,
-		// see https://github.com/php/php-src/commit/c48b745f0090c944e77c1fbcfb6c4df3b54356ad
-		unserialize("obvious non-serialized data"); $line2 = __LINE__;
+		// Cause a "Notice: date_default_timezone_set(): Timezone ID 'ThisTimeZoneDoesNotExist' is invalid"
+		// https://github.com/php/php-src/blob/880faa39e8c648bdc3aad7aeca170755c6557831/ext/date/php_date.c#L5205
+		date_default_timezone_set('ThisTimeZoneDoesNotExist'); $line2 = __LINE__;
 
 		$collector->uninstall();
 
 		// The notice should not be collected
-		$this->assertFalse(isset($collector->errors[1]));
+		$this->assertFalse(isset($collector->errors[1]), 'Notice should not be added to errors');
 		$this->assertEquals(count($collector->errors), 1);
 
 		list($errno, $msg_text, $errfile, $errline) = $collector->errors[0];

tests/event/exception_listener_test.php

@@ -81,8 +81,9 @@ class exception_listener extends phpbb_test_case
 
 		$lang_loader = new \phpbb\language\language_file_loader($phpbb_root_path, $phpEx);
 		$lang = new \phpbb\language\language($lang_loader);
+		$user = new \phpbb\user($lang, '\phpbb\datetime');
 
-		$exception_listener = new \phpbb\event\kernel_exception_subscriber($template, $lang);
+		$exception_listener = new \phpbb\event\kernel_exception_subscriber($template, $lang, $user);
 
 		$event = new \Symfony\Component\HttpKernel\Event\GetResponseForExceptionEvent($this->createMock('Symfony\Component\HttpKernel\HttpKernelInterface'), $request, \Symfony\Component\HttpKernel\HttpKernelInterface::MASTER_REQUEST, $exception);
 		$exception_listener->on_kernel_exception($event);

tests/functional/acp_permissions_test.php

@@ -124,4 +124,29 @@ class phpbb_functional_acp_permissions_test extends phpbb_functional_test_case
 		$auth->acl($user_data);
 		$this->assertEquals(0, $auth->acl_get($permission));
 	}
+
+	public function test_forum_permissions_misc()
+	{
+		// Open forum moderators permissions page
+		$crawler = self::request('GET', "adm/index.php?i=acp_permissions&icat=16&mode=setting_mod_local&sid=" . $this->sid);
+
+		// Select "Your first forum"
+		$form = $crawler->filter('#select_victim')->form(['forum_id' => [2]]);
+		$crawler = self::submit($form);
+
+		// Select "Global moderators"
+		$form = $crawler->filter('#add_groups')->form(['group_id' => [4]]);
+		$crawler = self::submit($form);
+
+		// Check that global permissions are not displayed
+		$this->add_lang('acp/permissions_phpbb');
+		$page_text = $crawler->text();
+		$this->assertNotContainsLang('ACL_M_BAN', $page_text);
+		$this->assertNotContainsLang('ACL_M_PM_REPORT', $page_text);
+		$this->assertNotContainsLang('ACL_M_WARN', $page_text);
+
+		// Check that other permissions exist
+		$this->assertContainsLang('ACL_M_EDIT', $page_text);
+		$this->assertContainsLang('ACL_M_MOVE', $page_text);
+	}
 }

tests/functional/session_page_update_test.php

@@ -0,0 +1,55 @@
+<?php
+/**
+*
+* This file is part of the phpBB Forum Software package.
+*
+* @copyright (c) phpBB Limited <https://www.phpbb.com>
+* @license GNU General Public License, version 2 (GPL-2.0)
+*
+* For full copyright and license information, please see
+* the docs/CREDITS.txt file.
+*
+*/
+
+/**
+* @group functional
+*/
+
+class phpbb_functional_session_page_update_test extends phpbb_functional_test_case
+{
+	public function setUp(): void
+	{
+		parent::setUp();
+
+		global $db;
+
+		$db = $this->db;
+
+		// Delete previous session info for admin user
+		$sql = 'DELETE FROM ' . SESSIONS_TABLE . ' WHERE session_user_id = 2';
+		$db->sql_query($sql);
+
+		$this->login();
+	}
+
+	public function test_session_page_update()
+	{
+		$db = $this->get_db();
+
+		// Request index page
+		self::request('GET', 'index.php');
+		$this->assertEquals(200, self::$client->getResponse()->getStatus());
+
+		$sql = 'SELECT session_page FROM ' . SESSIONS_TABLE . ' WHERE session_user_id = 2 ORDER BY session_time DESC';
+		$db->sql_query_limit($sql, 1);
+		$this->assertEquals('index.php', $db->sql_fetchfield('session_page'), 'Failed asserting that session_page is index.php for admin user');
+
+		// Request non-existent url
+		self::request('GET', 'nonexistent.jpg', [], false);
+		$this->assertEquals(404, self::$client->getResponse()->getStatus(), 'Failed asserting that status of non-existent image is 404');
+
+		$db->sql_query_limit($sql, 1);
+		// User page should not be updated to non-existent one
+		$this->assertEquals('index.php', $db->sql_fetchfield('session_page'), 'Failed asserting that session page has not changed after 404');
+	}
+}

tests/functional/user_password_reset_test.php

@@ -18,10 +18,14 @@ class phpbb_functional_user_password_reset_test extends phpbb_functional_test_ca
 {
 	protected $user_data;
 
+	protected const TEST_USER = 'reset-password-test-user';
+
+	protected const TEST_EMAIL = 'reset-password-test-user@test.com';
+
 	public function test_password_reset()
 	{
 		$this->add_lang('ucp');
-		$user_id = $this->create_user('reset-password-test-user', 'reset-password-test-user@test.com');
+		$user_id = $this->create_user(self::TEST_USER, self::TEST_EMAIL);
 
 		// test without email
 		$crawler = self::request('GET', "ucp.php?mode=sendpassword&sid={$this->sid}");
@@ -41,13 +45,13 @@ class phpbb_functional_user_password_reset_test extends phpbb_functional_test_ca
 		// test with correct email
 		$crawler = self::request('GET', "app.php/user/forgot_password?sid={$this->sid}");
 		$form = $crawler->selectButton('submit')->form(array(
-			'email'		=> 'reset-password-test-user@test.com',
+			'email'		=> self::TEST_EMAIL,
 		));
 		$crawler = self::submit($form);
 		$this->assertContainsLang('PASSWORD_RESET_LINK_SENT', $crawler->text());
 
 		// Check if columns in database were updated for password reset
-		$this->get_user_data('reset-password-test-user');
+		$this->get_user_data(self::TEST_USER);
 		$this->assertNotEmpty($this->user_data['reset_token']);
 		$this->assertNotEmpty($this->user_data['reset_token_expiration']);
 		$reset_token = $this->user_data['reset_token'];
@@ -56,31 +60,31 @@ class phpbb_functional_user_password_reset_test extends phpbb_functional_test_ca
 		// Check that reset token is only created once per day
 		$crawler = self::request('GET', "app.php/user/forgot_password?sid={$this->sid}");
 		$form = $crawler->selectButton('submit')->form(array(
-			'email'		=> 'reset-password-test-user@test.com',
+			'email'		=> self::TEST_EMAIL,
 		));
 		$crawler = self::submit($form);
 		$this->assertContainsLang('PASSWORD_RESET_LINK_SENT', $crawler->text());
 
-		$this->get_user_data('reset-password-test-user');
+		$this->get_user_data(self::TEST_USER);
 		$this->assertNotEmpty($this->user_data['reset_token']);
 		$this->assertNotEmpty($this->user_data['reset_token_expiration']);
 		$this->assertEquals($reset_token, $this->user_data['reset_token']);
 		$this->assertEquals($reset_token_expiration, $this->user_data['reset_token_expiration']);
 
 		// Create another user with the same email
-		$this->create_user('reset-password-test-user1', 'reset-password-test-user@test.com');
+		$this->create_user('reset-password-test-user1', self::TEST_EMAIL);
 
 		// Test that username is now also required
 		$crawler = self::request('GET', "app.php/user/forgot_password?sid={$this->sid}");
 		$form = $crawler->selectButton('submit')->form(array(
-			'email'		=> 'reset-password-test-user@test.com',
+			'email'		=> self::TEST_EMAIL,
 		));
 		$crawler = self::submit($form);
 		$this->assertContainsLang('EMAIL_NOT_UNIQUE', $crawler->text());
 
 		// Provide both username and email
 		$form = $crawler->selectButton('submit')->form(array(
-			'email'		=> 'reset-password-test-user@test.com',
+			'email'		=> self::TEST_EMAIL,
 			'username'	=> 'reset-password-test-user1',
 		));
 		$crawler = self::submit($form);
@@ -95,7 +99,7 @@ class phpbb_functional_user_password_reset_test extends phpbb_functional_test_ca
 
 	public function test_login_after_reset()
 	{
-		$this->login('reset-password-test-user');
+		$this->login(self::TEST_USER);
 	}
 
 	public function data_reset_user_password()
@@ -117,7 +121,7 @@ class phpbb_functional_user_password_reset_test extends phpbb_functional_test_ca
 	public function test_reset_user_password($expected, $user_id, $token)
 	{
 		$this->add_lang('ucp');
-		$this->get_user_data('reset-password-test-user');
+		$this->get_user_data(self::TEST_USER);
 		$user_id = !$user_id ? $this->user_data['user_id'] : $user_id;
 		$token = !$token ? $this->user_data['reset_token'] : $token;
 
@@ -131,8 +135,8 @@ class phpbb_functional_user_password_reset_test extends phpbb_functional_test_ca
 		{
 			$form = $crawler->filter('input[type=submit]')->form();
 			$values = array_merge($form->getValues(), [
-				'new_password'			=> 'reset-password-test-user',
-				'new_password_confirm'	=> 'reset-password-test-user',
+				'new_password'			=> self::TEST_USER,
+				'new_password_confirm'	=> self::TEST_USER,
 			]);
 			$crawler = self::submit($form, $values);
 			$this->assertContainsLang('PASSWORD_RESET', $crawler->text());
@@ -146,7 +150,7 @@ class phpbb_functional_user_password_reset_test extends phpbb_functional_test_ca
 		$this->assertStringContainsString($this->lang('LOGIN_EXPLAIN_UCP'), $crawler->filter('html')->text());
 
 		$form = $crawler->selectButton($this->lang('LOGIN'))->form();
-		$crawler = self::submit($form, array('username' => 'reset-password-test-user', 'password' => 'reset-password-test-user'));
+		$crawler = self::submit($form, array('username' => self::TEST_USER, 'password' => self::TEST_USER));
 		$this->assertStringNotContainsString($this->lang('LOGIN'), $crawler->filter('.navbar')->text());
 
 		$cookies = self::$cookieJar->all();
@@ -167,17 +171,17 @@ class phpbb_functional_user_password_reset_test extends phpbb_functional_test_ca
 
 		$form = $crawler->selectButton($this->lang('LOGIN'))->form();
 		// Try logging in with the old password
-		$crawler = self::submit($form, array('username' => 'reset-password-test-user', 'password' => 'reset-password-test-userreset-password-test-user'));
+		$crawler = self::submit($form, array('username' => self::TEST_USER, 'password' => 'reset-password-test-userreset-password-test-user'));
 		$this->assertStringContainsString($this->lang('LOGIN_ERROR_PASSWORD', '', ''), $crawler->filter('html')->text());
 	}
 
 	/**
 	 * @depends test_login
 	 */
-	public function test_acivateAfterDeactivate()
+	public function test_activateAfterDeactivate()
 	{
 		// User is active, actkey should not exist
-		$this->get_user_data('reset-password-test-user');
+		$this->get_user_data(self::TEST_USER);
 		$this->assertEmpty($this->user_data['user_actkey']);
 
 		$this->login();
@@ -189,7 +193,7 @@ class phpbb_functional_user_password_reset_test extends phpbb_functional_test_ca
 		$this->assertContainsLang('FIND_USERNAME', $crawler->filter('html')->text());
 
 		$form = $crawler->selectButton('Submit')->form();
-		$crawler = self::submit($form, array('username' => 'reset-password-test-user'));
+		$crawler = self::submit($form, array('username' => self::TEST_USER));
 
 		// Deactivate account and go back to overview of current user
 		$this->assertContainsLang('USER_TOOLS', $crawler->filter('html')->text());
@@ -201,7 +205,7 @@ class phpbb_functional_user_password_reset_test extends phpbb_functional_test_ca
 		$crawler = self::request('GET', preg_replace('#(.+)(adm/index.php.+)#', '$2', $link->getUri()));
 
 		// Ensure again that actkey is empty after deactivation
-		$this->get_user_data('reset-password-test-user');
+		$this->get_user_data(self::TEST_USER);
 		$this->assertEmpty($this->user_data['user_actkey']);
 
 		// Force reactivation of account and check that act key is not empty anymore
@@ -210,8 +214,50 @@ class phpbb_functional_user_password_reset_test extends phpbb_functional_test_ca
 		$crawler = self::submit($form, array('action' => 'reactivate'));
 		$this->assertContainsLang('FORCE_REACTIVATION_SUCCESS', $crawler->filter('html')->text());
 
-		$this->get_user_data('reset-password-test-user');
+		$this->get_user_data(self::TEST_USER);
 		$this->assertNotEmpty($this->user_data['user_actkey']);
+
+		// Logout and try resending activation email, account is deactivated though
+		$this->logout();
+		$this->add_lang('ucp');
+
+		$crawler = self::request('GET', 'ucp.php?mode=resend_act');
+		$this->assertContainsLang('UCP_RESEND', $crawler->filter('html')->text());
+		$form = $crawler->filter('input[name=submit]')->selectButton('Submit')->form();
+		$crawler = self::submit($form, [
+			'username'		=> self::TEST_USER,
+			'email'			=> self::TEST_EMAIL,
+		]);
+		$this->assertContainsLang('ACCOUNT_DEACTIVATED', $crawler->filter('html')->text());
+	}
+
+	/**
+	 * @depends test_activateAfterDeactivate
+	 */
+	public function test_resendActivation()
+	{
+		// User is deactivated and should have actkey, actkey should not exist
+		$this->get_user_data(self::TEST_USER);
+		$this->assertNotEmpty($this->user_data['user_actkey']);
+
+		// Change reason for inactivity
+		$db = $this->get_db();
+
+		$sql = 'UPDATE ' . USERS_TABLE . '
+			SET user_inactive_reason = ' . INACTIVE_REMIND . '
+			WHERE user_id = ' . (int) $this->user_data['user_id'];
+		$db->sql_query($sql);
+
+		$this->add_lang('ucp');
+
+		$crawler = self::request('GET', 'ucp.php?mode=resend_act');
+		$this->assertContainsLang('UCP_RESEND', $crawler->filter('html')->text());
+		$form = $crawler->filter('input[name=submit]')->selectButton('Submit')->form();
+		$crawler = self::submit($form, [
+			'username'		=> self::TEST_USER,
+			'email'			=> self::TEST_EMAIL,
+		]);
+		$this->assertContainsLang('ACTIVATION_ALREADY_SENT', $crawler->filter('html')->text());
 	}
 
 	protected function get_user_data($username)

tests/functional/viewonline_test.php

@@ -38,7 +38,7 @@ class phpbb_functional_viewonline_test extends phpbb_functional_test_case
 
 		// Forum info
 		$sql =  'SELECT forum_name
-			FROM ' . FORUMS_TABLE . ' 
+			FROM ' . FORUMS_TABLE . '
 			WHERE forum_id = ' . (int) $forum_id;
 		$result = $db->sql_query($sql);
 		$forum_name = $db->sql_fetchfield('forum_name');
@@ -81,6 +81,22 @@ class phpbb_functional_viewonline_test extends phpbb_functional_test_case
 		$this->assertStringContainsString('viewonline-test-user1', $crawler->text());
 		$this->assertStringContainsString($this->lang('POSTING_MESSAGE', $this->get_forum_name_by_forum_id(2)), $crawler->text());
 
+		// Log in as test user
+		self::$client->restart();
+		$this->login('viewonline-test-user1');
+		$test_post_data = $this->create_post(2, 1, 'Viewonline test post #1', 'Viewonline test post message');
+		$crawler = self::request('GET', 'posting.php?mode=edit&p=' . $test_post_data['post_id'] .  '&sid=' . $this->sid);
+		$this->assertContainsLang('EDIT_POST', $crawler->text());
+		// Log in as another user
+		self::$client->restart();
+		$this->login();
+		// PHP goes faster than DBMS, make sure session data got written to the database
+		sleep(1);
+		$crawler = self::request('GET', 'viewonline.php?sid=' . $this->sid);
+		// Make sure posting message page is in the list
+		$this->assertStringContainsString('viewonline-test-user1', $crawler->text());
+		$this->assertStringContainsString($this->lang('POSTING_MESSAGE', $this->get_forum_name_by_forum_id(2)), $crawler->text());
+
 		// Log in as test user
 		self::$client->restart();
 		$this->login('viewonline-test-user1');

tests/functions/phpbb_get_install_redirect_test.php

@@ -0,0 +1,68 @@
+<?php
+/**
+ *
+ * This file is part of the phpBB Forum Software package.
+ *
+ * @copyright (c) phpBB Limited <https://www.phpbb.com>
+ * @license GNU General Public License, version 2 (GPL-2.0)
+ *
+ * For full copyright and license information, please see
+ * the docs/CREDITS.txt file.
+ *
+ */
+
+class phpbb_get_install_redirect_test extends phpbb_test_case
+{
+	public function data_redirect(): array
+	{
+		return [
+			[
+				['REQUEST_URI'	=> '/foo/bar/'],
+				'/foo/bar/install/app.php',
+			],
+			[
+				['REQUEST_URI'	=> '/foo/bar/index.php'],
+				'/foo/bar/install/app.php',
+			],
+			[
+				['REQUEST_URI'	=> '/foo/bar'],
+				'/foo/install/app.php',
+			],
+			[
+				['REQUEST_URI'	=> '/foo/'],
+				'/foo/install/app.php',
+			],
+			[
+				['REQUEST_URI'	=> '/foo/index.php'],
+				'/foo/install/app.php',
+			],
+			[
+				[
+					'REQUEST_URI'	=> '/foo/bar/',
+					'PHP_SELF'		=> '/foo/bar/index.php'
+				],
+				'/foo/bar/install/app.php',
+			],
+			[
+				[
+					'REQUEST_URI'	=> '',
+					'PHP_SELF'		=> '/foo/bar/index.php'
+				],
+				'/foo/bar/install/app.php',
+			],
+		];
+	}
+
+	/**
+	 * @backupGlobals enabled
+	 * @dataProvider data_redirect
+	 */
+	public function test_install_redirect($server_vars, $expected)
+	{
+		$phpbb_root_path = '/';
+		$phpEx = 'php';
+
+		$_SERVER = array_merge($_SERVER, $server_vars);
+		$this->assertEquals($expected, phpbb_get_install_redirect($phpbb_root_path, $phpEx));
+	}
+}