[prep-release-3.3.5] Update changelog for 3.3.5

[ticket/16878] Default to threads value of 1 when using argon with libsodium

.appveyor.yml

@@ -1,144 +0,0 @@
-build: false
-clone_folder: c:\projects\phpbb
-version: '{build}'
-
-services:
-  - iis
-
-environment:
-  COMPOSER_AUTH:
-    secure: '{"github-oauth": {"github.com": "zvq38wk7sRe87Y9W2OCYXcK7WKQDsig7GRIUDHGmxm6ZQRK8JswPbi8JoJQbFhM+"}}'
-  matrix:
-  - db: mssql
-    db_version: sql2012sp1
-    php: 7.1
-  - db: mssql
-    db_version: sql2014
-    php: 7.1
-  - db: mssql
-    db_version: sql2016
-    php: 7.2
-#  - db: mssql
-#    db_version: sql2017
-#    php: 7.1
-#  - db: mariadb
-#    php: 7.1
-#  - db: mysqli
-#    php: 7.1
-#  - db: sqlite
-#    php: 7.1
-#  - db: postgresql
-#    php: 7.1
-
-hosts:
-  phpbb.test: 127.0.0.1
-
-init:
-  - SET PATH=%systemroot%\system32\inetsrv\;C:\Program Files\OpenSSL;C:\tools\php;c:\php;%PATH%
-  - SET ANSICON=121x90 (121x90)
-  - REG ADD "HKEY_CURRENT_USER\Software\Microsoft\Command Processor" /v DelayedExpansion /t REG_DWORD /d 1 /f
-
-before_test:
-  - ps: |
-      Set-Service wuauserv -StartupType Manual
-      choco install chocolatey -y --version 0.10.13 --allow-downgrade
-      choco install php -y --version ((choco search php --exact --all-versions -r | select-string -pattern $env:php | sort { [version]($_ -split '\|' | select -last 1) } -Descending | Select-Object -first 1) -replace '[php|]','')
-      Get-ChildItem -Path "c:\tools\php$($env:php -replace '([0-9])[.]([0-9])[.]?([0-9]+)?','$1$2')" -Recurse |
-          Move-Item -destination "c:\tools\php"
-      cd c:\tools\php
-      cat php.ini-development | %{$_ -replace "memory_limit = 128M","memory_limit = 1024M"} | Out-File -Encoding "Default" php.ini
-      Add-Content php.ini "`n date.timezone=UTC"
-      Add-Content php.ini "`n display_errors=On"
-      Add-Content php.ini "`n extension_dir=ext"
-      Add-Content php.ini "`n extension=php_openssl.dll"
-      Add-Content php.ini "`n extension=php_mbstring.dll"
-      Add-Content php.ini "`n extension=php_curl.dll"
-      Add-Content php.ini "`n extension=php_gd2.dll"
-      Add-Content php.ini "`n extension=php_tidy.dll"
-      Add-Content php.ini "`n extension=php_fileinfo.dll"
-      Add-Content php.ini "`n extension=php_pdo_sqlite.dll"
-      Add-Content php.ini "`n extension=php_sqlite3.dll"
-      Add-Content php.ini "`n extension=php_pdo_mysql.dll"
-      Add-Content php.ini "`n extension=php_mysqli.dll"
-      Add-Content php.ini "`n extension=php_pdo_pgsql.dll"
-      Add-Content php.ini "`n extension=php_pgsql.dll"
-
-      # Get MSSQL driver
-      if ($env:db -eq "mssql") {
-        cd c:\tools\php\ext
-        $DLLVersion = "5.3.0"
-        $VCVersion = If ([System.Version]"$($env:php)" -ge [System.Version]"7.2") {"vc15"} Else {"vc14"}
-        curl -o php_sqlsrv-$($DLLVersion)-$($env:php -replace '([0-9])[.]([0-9])[.]?([0-9]+)?','$1.$2')-nts-vc14-x64.zip https://windows.php.net/downloads/pecl/releases/sqlsrv/$($:DLLVersion)/php_sqlsrv-$($DLLVersion)-$($env:php -replace '([0-9])[.]([0-9])[.]?([0-9]+)?','$1.$2')-nts-$($VCVersion)-x64.zip
-        7z x -y php_sqlsrv-$($DLLVersion)-$($env:php -replace '([0-9])[.]([0-9])[.]?([0-9]+)?','$1.$2')-nts-vc14-x64.zip > $null
-        curl -o php_pdo_sqlsrv-$($DLLVersion)-$($env:php -replace '([0-9])[.]([0-9])[.]?([0-9]+)?','$1.$2')-nts-vc14-x64.zip https://windows.php.net/downloads/pecl/releases/pdo_sqlsrv/$($DLLVersion)/php_pdo_sqlsrv-$($DLLVersion)-$($env:php -replace '([0-9])[.]([0-9])[.]?([0-9]+)?','$1.$2')-nts-$($VCVersion)-x64.zip
-        7z x -y php_pdo_sqlsrv-$($DLLVersion)-$($env:php -replace '([0-9])[.]([0-9])[.]?([0-9]+)?','$1.$2')-nts-vc14-x64.zip > $null
-        Remove-Item c:\tools\php\* -include .zip
-        cd c:\tools\php
-        Add-Content php.ini "`nextension=php_sqlsrv.dll"
-        Add-Content php.ini "`nextension=php_pdo_sqlsrv.dll"
-        Add-Content php.ini "`n"
-
-        $instanceName = $env:db_version.ToUpper()
-        Start-Service "MSSQL`$$instanceName"
-        Set-Variable -Name "sqlServerPath" -Value "(local)\$($env:db_version.ToUpper())"
-
-        # Create database write test config
-        sqlcmd -S $sqlServerPath -Q "Use [master]; CREATE DATABASE [phpbb_test] COLLATE Latin1_General_CI_AS"
-        $data = "<?php`n`n`$dbms = 'phpbb\\db\\driver\\mssqlnative';`n`$dbhost = '.\\$env:db_version';`n`$dbport = '';`n`$dbname = 'phpbb_test';`n`$dbuser = 'sa';`n`$dbpasswd = 'Password12!';`n`$phpbb_functional_url = 'http://phpbb.test/';"; $data | Out-File -Encoding "Default" "c:\\projects\\phpbb\\tests\\test_config.php"
-      }
-      elseif ($env:db -eq "mysqli") {
-        Start-Service MySQL57
-        $env:MYSQL_PWD="Password12!"
-        $cmd = '"C:\Program Files\MySQL\MySQL Server 5.7\bin\mysql" -e "create database phpbb_test;" --user=root'
-        iex "& $cmd"
-        $data = "<?php`n`n`$dbms = 'phpbb\\db\\driver\\mysqli';`n`$dbhost = 'localhost';`n`$dbport = '';`n`$dbname = 'phpbb_test';`n`$dbuser = 'root';`n`$dbpasswd = 'Password12!';`n`$phpbb_functional_url = 'http://phpbb.test/';"; $data | Out-File -Encoding "Default" "c:\\projects\\phpbb\\tests\\test_config.php"
-      }
-      elseif ($env:db -eq "postgresql") {
-        Start-Service postgresql-x64-9.5
-        $env:PGUSER="postgres"
-        $env:PGPASSWORD="Password12!"
-        $Env:Path="C:\Program Files\PostgreSQL\9.6\bin\;$($Env:Path)"
-        createdb phpbb_test
-        $data = "<?php`n`n`$dbms = 'phpbb\\db\\driver\\postgres';`n`$dbhost = 'localhost';`n`$dbport = '';`n`$dbname = 'phpbb_test';`n`$dbuser = 'postgres';`n`$dbpasswd = 'Password12!';`n`$phpbb_functional_url = 'http://phpbb.test/';"; $data | Out-File -Encoding "Default" "c:\\projects\\phpbb\\tests\\test_config.php"
-      }
-      elseif ($env:db -eq "mariadb") {
-        appveyor-retry choco install mariadb -y --force
-        $env:MYSQL_PWD=""
-        $cmd = '"C:\Program Files\MariaDB 10.2\bin\mysql" -e "create database phpbb_test;" --user=root'
-        iex "& $cmd"
-        $data = "<?php`n`n`$dbms = 'phpbb\\db\\driver\\mysqli';`n`$dbhost = 'localhost';`n`$dbport = '';`n`$dbname = 'phpbb_test';`n`$dbuser = 'root';`n`$dbpasswd = '';`n`$phpbb_functional_url = 'http://phpbb.test/';"; $data | Out-File -Encoding "Default" "c:\\projects\\phpbb\\tests\\test_config.php"
-      }
-      elseif ($env:db -eq "sqlite") {
-        # install sqlite
-        appveyor-retry choco install sqlite -y
-        sqlite3 c:\projects\test.db "create table aTable(field1 int); drop table aTable;"
-        $data = "<?php`n`n`$dbms = 'phpbb\\db\\driver\\sqlite3';`n`$dbhost = 'c:\\projects\\test.db';`n`$dbport = '';`n`$dbname = '';`n`$dbuser = '';`n`$dbpasswd = '';`n`$phpbb_functional_url = 'http://phpbb.test/';"; $data | Out-File -Encoding "Default" "c:\\projects\\phpbb\\tests\\test_config.php"
-      }
-  - ps: |
-      cd c:\projects\phpbb\phpBB
-      (Get-Content c:\projects\phpbb\phpBB\web.config).replace("<configuration>", "<configuration>`n`t<system.web>`n`t`t<customErrors mode=`"Off`"/>`n`t</system.web>") | Set-Content c:\projects\phpbb\phpBB\web.config
-      (Get-Content c:\projects\phpbb\phpBB\web.config).replace("`t</system.webServer>", "`t`t<httpErrors errorMode=`"Detailed`" />`n`t</system.webServer>") | Set-Content c:\projects\phpbb\phpBB\web.config
-  - cd c:\projects\phpbb\phpBB
-  - php ..\composer.phar install
-  - choco install urlrewrite -y
-  - ps: New-WebSite -Name 'phpBBTest' -PhysicalPath 'c:\projects\phpbb\phpBB' -Force
-  - ps: Import-Module WebAdministration; Set-ItemProperty 'IIS:\Sites\phpBBTest' -name Bindings -value @{protocol='http';bindingInformation='*:80:phpbb.test'}
-  - echo Change default anonymous user AUTH to ApplicationPool
-  - appcmd set config -section:anonymousAuthentication /username:"" --password
-  - echo Setup FAST-CGI configuration
-  - appcmd set config /section:system.webServer/fastCGI /+[fullPath='C:\tools\php\php-cgi.exe']
-  - echo Setup FACT-CGI handler
-  - appcmd set config /section:system.webServer/handlers /+[name='PHP-FastCGI',path='*.php',verb='*',modules='FastCgiModule',scriptProcessor='C:\tools\php\php-cgi.exe',resourceType='Either']
-  - iisreset
-  - NET START W3SVC
-  - mkdir "C:\projects\phpbb\phpBB\cache\test"
-  - mkdir "C:\projects\phpbb\phpBB\cache\installer"
-  - icacls "C:\projects\phpbb\phpBB\cache" /grant Users:F /T
-  - icacls "C:\projects\phpbb\phpBB\files" /grant Users:F /T
-  - icacls "C:\projects\phpbb\phpBB\store" /grant Users:F /T
-  - icacls "C:\projects\phpbb\phpBB\images\avatars\upload" /grant Users:F /T
-
-test_script:
-  - cd c:\projects\phpbb
-  - php -e phpBB\vendor\phpunit\phpunit\phpunit --verbose
-

.github/PULL_REQUEST_TEMPLATE.md

@@ -1,8 +1,8 @@
 Checklist:
 
-- [ ] Correct branch: master for new features; 3.3.x & 3.2.x for fixes
+- [ ] Correct branch: master for new features; 3.3.x for fixes
 - [ ] Tests pass
-- [ ] Code follows coding guidelines: [master](https://area51.phpbb.com/docs/dev/master/development/coding_guidelines.html), [3.3.x](https://area51.phpbb.com/docs/dev/3.3.x/development/coding_guidelines.html) and [3.2.x](https://area51.phpbb.com/docs/dev/3.2.x/development/coding_guidelines.html)
+- [ ] Code follows coding guidelines: [master](https://area51.phpbb.com/docs/dev/master/development/coding_guidelines.html) and [3.3.x](https://area51.phpbb.com/docs/dev/3.3.x/development/coding_guidelines.html)
 - [ ] Commit follows commit message [format](https://area51.phpbb.com/docs/dev/3.3.x/development/git.html)
 
 Tracker ticket (set the ticket ID to **your ticket ID**):

.github/check-doctum-parse-errors.sh

@@ -0,0 +1,27 @@
+#!/bin/bash
+#
+# This file is part of the phpBB Forum Software package.
+#
+# @copyright (c) phpBB Limited <https://www.phpbb.com>
+# @license GNU General Public License, version 2 (GPL-2.0)
+#
+# For full copyright and license information, please see
+# the docs/CREDITS.txt file.
+#
+set -e
+
+if [ ! -f doctum.phar ]; then
+	# Download the latest (5.x.x) release if the file does not exist
+	# Remove it to update your phar
+	curl -O https://doctum.long-term.support/releases/5/doctum.phar
+	rm -f doctum.phar.sha256
+	curl -O https://doctum.long-term.support/releases/5/doctum.phar.sha256
+	sha256sum --strict --check doctum.phar.sha256
+	rm -f doctum.phar.sha256
+	chmod +x ./doctum.phar
+	# You can fetch the latest (5.x.x) version code here:
+	# https://doctum.long-term.support/releases/5/VERSION
+fi
+# Show the version to inform users of the script
+./doctum.phar version --text
+./doctum.phar parse build/doctum-checkout.conf.php -v

.github/check-executable-files.sh

@@ -0,0 +1,63 @@
+#!/bin/bash
+#
+# This file is part of the phpBB Forum Software package.
+#
+# @copyright (c) phpBB Limited <https://www.phpbb.com>
+# @license GNU General Public License, version 2 (GPL-2.0)
+#
+# For full copyright and license information, please see
+# the docs/CREDITS.txt file.
+#
+set -e
+
+root="$1"
+path="${root}phpBB/"
+
+# Check the permissions of the files
+
+# The following variables MUST NOT contain any wildcard
+# Directories to skip
+directories_skipped="-path ${path}develop -o -path ${path}vendor"
+
+# Files to skip
+files_skipped="-false"
+
+# Files which have to be executable
+executable_files="-path ${path}bin/* -o -path ${path}install/phpbbcli.php"
+
+incorrect_files=$( 								\
+	find ${path}								\
+		'('										\
+			'('									\
+				${directories_skipped}			\
+			')'									\
+			-a -type d -prune -a -type f		\
+		')' -o 									\
+		'('										\
+			-type f -a							\
+			-not '('							\
+				${files_skipped}				\
+			')' -a								\
+			'('									\
+				'('								\
+					'('							\
+						${executable_files}		\
+					')' -a						\
+					-not -perm /100				\
+				')' -o							\
+				'('								\
+					-not '('					\
+						${executable_files}		\
+					')' -a						\
+					-perm /111					\
+				')'								\
+			')'									\
+		')'										\
+	)
+
+if [ "${incorrect_files}" != '' ]
+then
+	echo "The following files do not have proper permissions:";
+	ls -la ${incorrect_files}
+	exit 1;
+fi

.github/check-image-icc-profiles.sh

@@ -0,0 +1,14 @@
+#!/bin/bash
+#
+# This file is part of the phpBB Forum Software package.
+#
+# @copyright (c) phpBB Limited <https://www.phpbb.com>
+# @license GNU General Public License, version 2 (GPL-2.0)
+#
+# For full copyright and license information, please see
+# the docs/CREDITS.txt file.
+#
+set -e
+
+find . -type f -a -iregex '.*\.\(gif\|jpg\|jpeg\|png\)$' -a -not -wholename '*vendor/*' | \
+	parallel --gnu --keep-order 'phpBB/develop/strip_icc_profiles.sh {}'

.github/ext-check-executable-files.sh

@@ -0,0 +1,64 @@
+#!/bin/bash
+#
+# This file is part of the phpBB Forum Software package.
+#
+# @copyright (c) phpBB Limited <https://www.phpbb.com>
+# @license GNU General Public License, version 2 (GPL-2.0)
+#
+# For full copyright and license information, please see
+# the docs/CREDITS.txt file.
+#
+set -e
+
+root="$1"
+extname="$2"
+path="${root}phpBB/ext/${extname}/"
+
+# Check the permissions of the files
+
+# The following variables MUST NOT contain any wildcard
+# Directories to skip
+directories_skipped="-path ${path}develop -o -path ${path}vendor -o -path ${path}.git"
+
+# Files to skip
+files_skipped="-false"
+
+# Files which have to be executable
+executable_files="-path ${path}bin/* -o -path ${path}install/phpbbcli.php"
+
+incorrect_files=$( 								\
+	find ${path}								\
+		'('										\
+			'('									\
+				${directories_skipped}			\
+			')'									\
+			-a -type d -prune -a -type f		\
+		')' -o 									\
+		'('										\
+			-type f -a							\
+			-not '('							\
+				${files_skipped}				\
+			')' -a								\
+			'('									\
+				'('								\
+					'('							\
+						${executable_files}		\
+					')' -a						\
+					-not -perm /100				\
+				')' -o							\
+				'('								\
+					-not '('					\
+						${executable_files}		\
+					')' -a						\
+					-perm /111					\
+				')'								\
+			')'									\
+		')'										\
+	)
+
+if [ "${incorrect_files}" != '' ]
+then
+	echo "The following files do not have proper permissions:";
+	ls -la ${incorrect_files}
+	exit 1;
+fi

.github/ext-sniff.sh

@@ -0,0 +1,25 @@
+#!/bin/bash
+#
+# This file is part of the phpBB Forum Software package.
+#
+# @copyright (c) phpBB Limited <https://www.phpbb.com>
+# @license GNU General Public License, version 2 (GPL-2.0)
+#
+# For full copyright and license information, please see
+# the docs/CREDITS.txt file.
+#
+set -e
+set -x
+
+EXTNAME=$1
+NOTESTS=$2
+
+if [ "$NOTESTS" == "1" ]
+then
+	phpBB/vendor/bin/phpcs 											\
+		-s															\
+		--extensions=php											\
+		--standard=build/code_sniffer/ruleset-php-extensions.xml	\
+		--ignore=*/"$EXTNAME"/tests/*,*/"$EXTNAME"/vendor/*			\
+		phpBB/ext/"$EXTNAME"
+fi

.github/ldap/base.ldif

@@ -0,0 +1,41 @@
+dn: dc=example,dc=com
+objectClass: top
+objectClass: dcObject
+objectClass: organization
+o: example
+dc: example
+
+dn: ou=foo,dc=example,dc=com
+objectClass: organizationalUnit
+ou: foo
+
+dn: cn=admin,dc=example,dc=com
+objectClass: simpleSecurityObject
+objectClass: organizationalRole
+cn: admin
+description: LDAP administrator
+userPassword:: e1NTSEF9NytMR2gveUxTMzdsc3RRd1V1dENZSVA0TWdYdm9SdDY=
+
+dn: ou=group,dc=example,dc=com
+objectClass: organizationalUnit
+ou: group
+
+dn: cn=admin,ou=foo,dc=example,dc=com
+objectClass: posixAccount
+objectClass: inetOrgPerson
+objectClass: organizationalPerson
+objectClass: person
+loginShell: /bin/bash
+homeDirectory: /home/admin
+uid: admin
+cn: admin
+uidNumber: 10000
+gidNumber: 10000
+sn: admin
+mail: admin@example.com
+userPassword:: e1NTSEF9WHpueGZURHZZc21JSkl6czdMVXBjdCtWYTA1dlMzVlQ=
+
+dn: cn=admin,ou=group,dc=example,dc=com
+objectClass: posixGroup
+gidNumber: 10000
+cn: admin

.github/ldap/slapd.conf

@@ -0,0 +1,17 @@
+# See slapd.conf(5) for details on configuration options.
+include   /etc/ldap/schema/core.schema
+include   /etc/ldap/schema/cosine.schema
+include   /etc/ldap/schema/inetorgperson.schema
+include   /etc/ldap/schema/nis.schema
+
+pidfile         /var/tmp/slapd/slapd.pid
+argsfile        /var/tmp/slapd/slapd.args
+
+modulepath     /usr/lib/openldap
+
+database  ldif
+directory /var/tmp/slapd
+
+suffix    "dc=example,dc=com"
+rootdn    "cn=admin,dc=example,dc=com"
+rootpw    adminadmin

.github/phing-sniff.sh

@@ -0,0 +1,16 @@
+#!/bin/bash
+#
+# This file is part of the phpBB Forum Software package.
+#
+# @copyright (c) phpBB Limited <https://www.phpbb.com>
+# @license GNU General Public License, version 2 (GPL-2.0)
+#
+# For full copyright and license information, please see
+# the docs/CREDITS.txt file.
+#
+set -e
+set -x
+
+cd build
+../phpBB/vendor/bin/phing sniff
+cd ..

.github/phpunit-mariadb-github.xml

@@ -0,0 +1,39 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<phpunit backupGlobals="true"
+         backupStaticAttributes="false"
+         colors="true"
+         convertErrorsToExceptions="true"
+         convertNoticesToExceptions="true"
+         convertWarningsToExceptions="true"
+         processIsolation="false"
+         stopOnFailure="false"
+         verbose="true"
+         bootstrap="../tests/bootstrap.php">
+	<testsuites>
+		<testsuite name="phpBB Test Suite">
+			<directory suffix="_test.php">../tests</directory>
+			<exclude>../tests/functional</exclude>
+			<exclude>../tests/lint_test.php</exclude>
+		</testsuite>
+		<testsuite name="phpBB Functional Tests">
+			<directory suffix="_test.php">../tests/functional</directory>
+		</testsuite>
+	</testsuites>
+
+	<groups>
+		<exclude>
+			<group>slow</group>
+		</exclude>
+	</groups>
+
+	<php>
+		<server name="PHPBB_TEST_DBMS" value="mysqli" />
+		<server name="PHPBB_TEST_DBHOST" value="0.0.0.0" />
+		<server name="PHPBB_TEST_DBPORT" value="3306" />
+		<server name="PHPBB_TEST_DBNAME" value="phpbb_tests" />
+		<server name="PHPBB_TEST_DBUSER" value="root" />
+		<server name="PHPBB_TEST_DBPASSWD" value="" />
+		<server name="PHPBB_TEST_TABLE_PREFIX" value="phpbb_"/>
+		<server name="PHPBB_FUNCTIONAL_URL" value="http://localhost/" />
+	</php>
+</phpunit>

.github/phpunit-mssql-github.xml

@@ -0,0 +1,41 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<phpunit backupGlobals="true"
+         backupStaticAttributes="false"
+         colors="true"
+         convertErrorsToExceptions="true"
+         convertNoticesToExceptions="true"
+         convertWarningsToExceptions="true"
+         processIsolation="false"
+         stopOnFailure="false"
+         verbose="true"
+         bootstrap="../tests/bootstrap.php">
+	<testsuites>
+		<testsuite name="phpBB Test Suite">
+			<directory suffix="_test.php">../tests</directory>
+			<exclude>../tests/functional</exclude>
+			<exclude>../tests/lint_test.php</exclude>
+		</testsuite>
+		<testsuite name="phpBB Functional Tests">
+			<directory suffix="_test.php">../tests/functional</directory>
+		</testsuite>
+	</testsuites>
+
+	<groups>
+		<exclude>
+			<group>slow</group>
+		</exclude>
+	</groups>
+
+	<php>
+		<server name="PHPBB_TEST_DBMS" value="phpbb\db\driver\mssqlnative" />
+		<server name="PHPBB_TEST_DBHOST" value="127.0.0.1" />
+		<server name="PHPBB_TEST_DBPORT" value="" />
+		<server name="PHPBB_TEST_DBNAME" value="phpbb_tests" />
+		<server name="PHPBB_TEST_DBUSER" value="sa" />
+		<server name="PHPBB_TEST_DBPASSWD" value="Pssw0rd_12" />
+		<server name="PHPBB_TEST_REDIS_HOST" value="localhost" />
+		<server name="PHPBB_TEST_MEMCACHED_HOST" value="localhost" />
+		<server name="PHPBB_TEST_TABLE_PREFIX" value="phpbb_"/>
+		<server name="PHPBB_FUNCTIONAL_URL" value="http://localhost/" />
+	</php>
+</phpunit>

.github/phpunit-mysql-github.xml

@@ -0,0 +1,41 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<phpunit backupGlobals="true"
+         backupStaticAttributes="false"
+         colors="true"
+         convertErrorsToExceptions="true"
+         convertNoticesToExceptions="true"
+         convertWarningsToExceptions="true"
+         processIsolation="false"
+         stopOnFailure="false"
+         verbose="true"
+         bootstrap="../tests/bootstrap.php">
+	<testsuites>
+		<testsuite name="phpBB Test Suite">
+			<directory suffix="_test.php">../tests</directory>
+			<exclude>../tests/functional</exclude>
+			<exclude>../tests/lint_test.php</exclude>
+		</testsuite>
+		<testsuite name="phpBB Functional Tests">
+			<directory suffix="_test.php">../tests/functional</directory>
+		</testsuite>
+	</testsuites>
+
+	<groups>
+		<exclude>
+			<group>slow</group>
+		</exclude>
+	</groups>
+
+	<php>
+		<server name="PHPBB_TEST_DBMS" value="phpbb\db\driver\mysqli" />
+		<server name="PHPBB_TEST_DBHOST" value="0.0.0.0" />
+		<server name="PHPBB_TEST_DBPORT" value="3306" />
+		<server name="PHPBB_TEST_DBNAME" value="phpbb_tests" />
+		<server name="PHPBB_TEST_DBUSER" value="root" />
+		<server name="PHPBB_TEST_DBPASSWD" value="" />
+		<server name="PHPBB_TEST_REDIS_HOST" value="localhost" />
+		<server name="PHPBB_TEST_MEMCACHED_HOST" value="localhost" />
+		<server name="PHPBB_TEST_TABLE_PREFIX" value="phpbb_"/>
+		<server name="PHPBB_FUNCTIONAL_URL" value="http://localhost/" />
+	</php>
+</phpunit>

.github/phpunit-postgres-github.xml

@@ -0,0 +1,41 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<phpunit backupGlobals="true"
+         backupStaticAttributes="false"
+         colors="true"
+         convertErrorsToExceptions="true"
+         convertNoticesToExceptions="true"
+         convertWarningsToExceptions="true"
+         processIsolation="false"
+         stopOnFailure="false"
+         verbose="true"
+         bootstrap="../tests/bootstrap.php">
+	<testsuites>
+		<testsuite name="phpBB Test Suite">
+			<directory suffix="_test.php">../tests</directory>
+			<exclude>../tests/functional</exclude>
+			<exclude>../tests/lint_test.php</exclude>
+		</testsuite>
+		<testsuite name="phpBB Functional Tests">
+			<directory suffix="_test.php">../tests/functional</directory>
+		</testsuite>
+	</testsuites>
+
+	<groups>
+		<exclude>
+			<group>slow</group>
+		</exclude>
+	</groups>
+
+	<php>
+		<server name="PHPBB_TEST_DBMS" value="phpbb\db\driver\postgres"/>
+		<server name="PHPBB_TEST_DBHOST" value="localhost" />
+		<server name="PHPBB_TEST_DBPORT" value="5432" />
+		<server name="PHPBB_TEST_DBNAME" value="phpbb_tests" />
+		<server name="PHPBB_TEST_DBUSER" value="postgres" />
+		<server name="PHPBB_TEST_DBPASSWD" value="postgres" />
+		<server name="PHPBB_TEST_REDIS_HOST" value="localhost" />
+		<server name="PHPBB_TEST_MEMCACHED_HOST" value="localhost" />
+		<server name="PHPBB_TEST_TABLE_PREFIX" value="phpbb_"/>
+		<server name="PHPBB_FUNCTIONAL_URL" value="http://localhost/" />
+	</php>
+</phpunit>

.github/phpunit-psql-windows-github.xml

@@ -0,0 +1,41 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<phpunit backupGlobals="true"
+         backupStaticAttributes="false"
+         colors="true"
+         convertErrorsToExceptions="true"
+         convertNoticesToExceptions="true"
+         convertWarningsToExceptions="true"
+         processIsolation="false"
+         stopOnFailure="false"
+         verbose="true"
+         bootstrap="../tests/bootstrap.php">
+	<testsuites>
+		<testsuite name="phpBB Test Suite">
+			<directory suffix="_test.php">../tests</directory>
+			<exclude>../tests/functional</exclude>
+			<exclude>../tests/lint_test.php</exclude>
+		</testsuite>
+		<testsuite name="phpBB Functional Tests">
+			<directory suffix="_test.php">../tests/functional</directory>
+		</testsuite>
+	</testsuites>
+
+	<groups>
+		<exclude>
+			<group>slow</group>
+		</exclude>
+	</groups>
+
+	<php>
+		<server name="PHPBB_TEST_DBMS" value="phpbb\db\driver\postgres"/>
+		<server name="PHPBB_TEST_DBHOST" value="localhost" />
+		<server name="PHPBB_TEST_DBPORT" value="5432" />
+		<server name="PHPBB_TEST_DBNAME" value="phpbb_tests" />
+		<server name="PHPBB_TEST_DBUSER" value="postgres" />
+		<server name="PHPBB_TEST_DBPASSWD" value="root" />
+		<server name="PHPBB_TEST_REDIS_HOST" value="localhost" />
+		<server name="PHPBB_TEST_MEMCACHED_HOST" value="localhost" />
+		<server name="PHPBB_TEST_TABLE_PREFIX" value="phpbb_"/>
+		<server name="PHPBB_FUNCTIONAL_URL" value="http://phpbb.test/" />
+	</php>
+</phpunit>

.github/phpunit-sqlite3-github.xml

@@ -0,0 +1,35 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<phpunit backupGlobals="true"
+         backupStaticAttributes="false"
+         colors="true"
+         convertErrorsToExceptions="true"
+         convertNoticesToExceptions="true"
+         convertWarningsToExceptions="true"
+         processIsolation="false"
+         stopOnFailure="false"
+         verbose="true"
+         bootstrap="../tests/bootstrap.php">
+	<testsuites>
+		<testsuite name="phpBB Test Suite">
+			<directory suffix="_test.php">../tests</directory>
+			<exclude>../tests/functional</exclude>
+			<exclude>../tests/lint_test.php</exclude>
+		</testsuite>
+		<testsuite name="phpBB Functional Tests">
+			<directory suffix="_test.php">../tests/functional</directory>
+		</testsuite>
+	</testsuites>
+
+	<groups>
+		<exclude>
+			<group>slow</group>
+		</exclude>
+	</groups>
+
+	<php>
+		<server name="PHPBB_TEST_REDIS_HOST" value="localhost" />
+		<server name="PHPBB_TEST_MEMCACHED_HOST" value="localhost" />
+		<server name="PHPBB_TEST_TABLE_PREFIX" value="phpbb_"/>
+		<server name="PHPBB_FUNCTIONAL_URL" value="http://localhost/" />
+	</php>
+</phpunit>

.github/prepare-extension.sh

@@ -0,0 +1,22 @@
+#!/bin/bash
+#
+# This file is part of the phpBB Forum Software package.
+#
+# @copyright (c) phpBB Limited <https://www.phpbb.com>
+# @license GNU General Public License, version 2 (GPL-2.0)
+#
+# For full copyright and license information, please see
+# the docs/CREDITS.txt file.
+#
+set -e
+set -x
+
+EXTNAME=$1
+
+# Move the extension in place
+mkdir --parents phpBB/ext/$EXTNAME
+cp -R ../tmp/* phpBB/ext/$EXTNAME
+
+# Move the test files for extensions in place
+cp -R .github/*.xml phpBB/ext/$EXTNAME/.github
+cp -R .github/*.sh phpBB/ext/$EXTNAME/.github

.github/setup-database.sh

@@ -0,0 +1,26 @@
+#!/bin/bash
+#
+# This file is part of the phpBB Forum Software package.
+#
+# @copyright (c) phpBB Limited <https://www.phpbb.com>
+# @license GNU General Public License, version 2 (GPL-2.0)
+#
+# For full copyright and license information, please see
+# the docs/CREDITS.txt file.
+#
+set -e
+set -x
+
+DB=$1
+MYISAM=$2
+
+if [ "$DB" == "postgres" ]
+then
+	psql -c 'DROP DATABASE IF EXISTS phpbb_tests;' -U postgres
+	psql -c 'create database phpbb_tests;' -U postgres
+fi
+
+if [ "$MYISAM" == '1' ]
+then
+	mysql -h 127.0.0.1 -u root -e 'SET GLOBAL storage_engine=MyISAM;'
+fi

.github/setup-exiftool.sh

@@ -0,0 +1,14 @@
+#!/bin/sh
+#
+# This file is part of the phpBB Forum Software package.
+#
+# @copyright (c) phpBB Limited <https://www.phpbb.com>
+# @license GNU General Public License, version 2 (GPL-2.0)
+#
+# For full copyright and license information, please see
+# the docs/CREDITS.txt file.
+#
+set -e
+
+sudo apt-get update
+sudo apt-get install -y parallel libimage-exiftool-perl

.github/setup-ldap.sh

@@ -0,0 +1,19 @@
+#!/bin/bash
+#
+# This file is part of the phpBB Forum Software package.
+#
+# @copyright (c) phpBB Limited <https://www.phpbb.com>
+# @license GNU General Public License, version 2 (GPL-2.0)
+#
+# For full copyright and license information, please see
+# the docs/CREDITS.txt file.
+#
+set -e
+set -x
+
+sudo apt-get -y install ldap-utils slapd
+mkdir /var/tmp/slapd
+cp .github/ldap/slapd.conf /var/tmp/slapd/slapd.conf
+slapd -d 256 -d 128 -f /var/tmp/slapd/slapd.conf -h ldap://localhost:3389 &
+sleep 3
+ldapadd -h localhost:3389 -D "cn=admin,dc=example,dc=com" -w adminadmin -f .github/ldap/base.ldif

.github/setup-phpbb.sh

@@ -0,0 +1,36 @@
+#!/bin/bash
+#
+# This file is part of the phpBB Forum Software package.
+#
+# @copyright (c) phpBB Limited <https://www.phpbb.com>
+# @license GNU General Public License, version 2 (GPL-2.0)
+#
+# For full copyright and license information, please see
+# the docs/CREDITS.txt file.
+#
+set -e
+set -x
+
+DB=$1
+PHP_VERSION=$2
+NOTESTS=$3
+
+if [ "$NOTESTS" == '1' ]
+then
+	.github/setup-exiftool.sh
+	.github/setup-unbuffer.sh
+fi
+
+if [ "$NOTESTS" != '1' ]
+then
+	.github/setup-webserver.sh
+fi
+
+cd phpBB
+php ../composer.phar install --dev --no-interaction
+if [[ "$PHP_VERSION" =~ ^nightly$ || "$PHP_VERSION" =~ ^8 ]]
+then
+	php ../composer.phar remove phpunit/dbunit --dev --update-with-dependencies \
+	&& php ../composer.phar require symfony/yaml:~4.4 misantron/dbunit:~5.0 phpunit/phpunit:^9.3 --dev --update-with-all-dependencies --ignore-platform-reqs
+fi
+cd ..

.github/setup-unbuffer.sh

@@ -0,0 +1,14 @@
+#!/bin/sh
+#
+# This file is part of the phpBB Forum Software package.
+#
+# @copyright (c) phpBB Limited <https://www.phpbb.com>
+# @license GNU General Public License, version 2 (GPL-2.0)
+#
+# For full copyright and license information, please see
+# the docs/CREDITS.txt file.
+#
+set -e
+
+sudo apt-get update
+sudo apt-get install -y expect-dev

.github/setup-webserver.sh

@@ -0,0 +1,81 @@
+#!/bin/bash
+#
+# This file is part of the phpBB Forum Software package.
+#
+# @copyright (c) phpBB Limited <https://www.phpbb.com>
+# @license GNU General Public License, version 2 (GPL-2.0)
+#
+# For full copyright and license information, please see
+# the docs/CREDITS.txt file.
+#
+set -e
+set -x
+
+sudo apt-get update
+sudo apt-get install -y nginx coreutils
+
+sudo service nginx stop
+
+DIR=$(dirname "$0")
+USER=$(whoami)
+PHPBB_ROOT_PATH=$(realpath "$DIR/../phpBB")
+NGINX_SITE_CONF="/etc/nginx/sites-enabled/default"
+NGINX_CONF="/etc/nginx/nginx.conf"
+APP_SOCK=$(realpath "$DIR")/php-app.sock
+NGINX_PHP_CONF="$DIR/nginx-php.conf"
+
+# php-fpm
+PHP_FPM_BIN="/usr/sbin/php-fpm$PHP_VERSION"
+PHP_FPM_CONF="$DIR/php-fpm.conf"
+
+if [ ! -f $PHP_FPM_BIN ] && [ -f "/usr/bin/php-fpm" ]
+then
+	PHP_FPM_BIN="/usr/bin/php-fpm"
+fi
+
+if [ ! -f $PHP_FPM_BIN ]
+then
+	sudo apt-get install php$PHP_VERSION-fpm php$PHP_VERSION-cli \
+						php$PHP_VERSION-curl php$PHP_VERSION-xml php$PHP_VERSION-mbstring \
+						php$PHP_VERSION-zip php$PHP_VERSION-mysql php$PHP_VERSION-sqlite3 \
+						php$PHP_VERSION-intl php$PHP_VERSION-gd php$PHP_VERSION-pgsql
+	sudo service php$PHP_VERSION-fpm start
+	sudo service php$PHP_VERSION-fpm status
+fi
+
+echo "
+	[global]
+
+	[ci]
+	user = $USER
+	group = $USER
+	listen = $APP_SOCK
+	listen.mode = 0666
+	pm = static
+	pm.max_children = 2
+
+	php_admin_value[memory_limit] = 128M
+" > $PHP_FPM_CONF
+
+sudo $PHP_FPM_BIN \
+	--fpm-config "$DIR/php-fpm.conf"
+
+# nginx
+sudo sed -i "s/user www-data;/user $USER;/g" $NGINX_CONF
+sudo cp "$DIR/../phpBB/docs/nginx.sample.conf" "$NGINX_SITE_CONF"
+sudo sed -i \
+	-e "s/example\.com/localhost/g" \
+	-e "s|root /path/to/phpbb;|root $PHPBB_ROOT_PATH;|g" \
+	$NGINX_SITE_CONF
+
+# Generate FastCGI configuration for Nginx
+echo "
+upstream php {
+	server unix:$APP_SOCK;
+}
+" > $NGINX_PHP_CONF
+
+sudo mv "$NGINX_PHP_CONF" /etc/nginx/conf.d/php.conf
+
+sudo nginx -T
+sudo service nginx start

.github/workflows/tests.yml

@@ -0,0 +1,546 @@
+name: Tests
+
+on:
+    push:
+        branches:
+            - 3.3.x
+            - master
+            - 'prep-release-*'
+        tags:
+            - 'release-*'
+    pull_request:
+        branches:
+            - 3.3.x
+            - master
+            - 'prep-release-*'
+
+jobs:
+    # Basic checks, e.g. parse errors, commit messages, etc.
+    basic-checks:
+        runs-on: ubuntu-18.04
+        strategy:
+            matrix:
+                include:
+                    - db: 'none'
+                      php: '7.2'
+                      NOTESTS: 1
+
+        name: PHP ${{ matrix.php }} - ${{ matrix.db }}
+
+        steps:
+            - name: Checkout repository
+              uses: actions/checkout@v2
+              with:
+                  fetch-depth: 100
+
+            - name: Setup PHP
+              uses: shivammathur/setup-php@v2
+              with:
+                  php-version: ${{ matrix.php }}
+                  extensions: dom, curl, libxml, mbstring, zip, pcntl, pdo, mysqli, sqlite, pdo_sqlite, intl, gd, exif, iconv, sqlsrv, pdo_sqlsrv, ldap
+                  coverage: none
+
+            - name: Get Composer Cache Directory
+              id: composer-cache
+              env:
+                  PHP_VERSION: ${{ matrix.php }}
+              run: |
+                  cd phpBB
+                  echo "::set-output name=dir::$(composer config cache-files-dir)"
+                  echo "::set-output name=version::${PHP_VERSION%.*}"
+                  cd ..
+
+            - name: Cache Composer dependencies
+              uses: actions/cache@v2
+              with:
+                  path: ${{ steps.composer-cache.outputs.dir }}
+                  key: composer-${{ steps.composer-cache.outputs.version }}-${{ hashFiles('phpBB/composer.lock') }}
+
+            - name: Setup environment for phpBB
+              env:
+                  DB: ${{ matrix.db }}
+                  PHP_VERSION: ${{ matrix.php }}
+                  NOTESTS: '1'
+              run: |
+                  .github/setup-phpbb.sh $DB $PHP_VERSION $NOTESTS
+
+            - name: Phing sniff
+              run: |
+                  .github/phing-sniff.sh
+
+            - name: Check doctum parse errors
+              run: |
+                  .github/check-doctum-parse-errors.sh
+
+            - name: Check image ICC profiles
+              run: |
+                  .github/check-image-icc-profiles.sh
+
+            - name: Check executable files
+              run: |
+                  .github/check-executable-files.sh ./
+
+            - name: Check commit message
+              if: github.event_name == 'pull_request'
+              run: |
+                  git fetch origin $GITHUB_BASE_REF &> /dev/null
+                  git-tools/commit-msg-hook-range.sh $(git rev-parse origin/$GITHUB_BASE_REF)..$GITHUB_SHA
+
+    # Tests for MySQL and MariaDB
+    mysql-tests:
+        runs-on: ubuntu-18.04
+        strategy:
+            matrix:
+                include:
+                    - php: '7.1'
+                      db: "mariadb:10.1"
+                    - php: '7.1'
+                      db: "mariadb:10.2"
+                    - php: '7.1'
+                      db: "mariadb:10.3"
+                    - php: '7.1'
+                      db: "mariadb:10.4"
+                    - php: '7.1'
+                      db: "mariadb:10.5"
+                    - php: '7.1'
+                      db: "mysql:5.6"
+                      db_alias: "MySQL Slow Tests"
+                      SLOWTESTS: 1
+                    - php: '7.1'
+                      db: "mysql:5.6"
+                      db_alias: "MyISAM Tests"
+                      MYISAM: 1
+                    - php: '7.1'
+                      db: "mysql:5.6"
+                    - php: '7.1'
+                      db: "mysql:5.7"
+                    - php: '7.2'
+                      db: "mysql:5.7"
+                    - php: '7.3'
+                      db: "mysql:5.7"
+                    - php: '7.4'
+                      db: "mysql:5.7"
+                    - php: '7.4'
+                      db: "mysql:8.0"
+                    - php: '8.0'
+                      db: "mysql:5.7"
+                    - php: '8.1'
+                      db: "mysql:5.7"
+
+        name: PHP ${{ matrix.php }} - ${{ matrix.db_alias != '' && matrix.db_alias || matrix.db }}
+
+        services:
+            mysql:
+                image: ${{ matrix.db }}
+                env:
+                    MYSQL_ALLOW_EMPTY_PASSWORD: yes
+                    MYSQL_DATABASE: phpbb_tests
+                ports:
+                    - 3306:3306
+                options: >-
+                    --health-cmd="mysqladmin ping"
+                    --health-interval=10s
+                    --health-timeout=5s
+                    --health-retries=3
+
+            redis:
+                image: redis
+                options: >-
+                    --health-cmd "redis-cli ping"
+                    --health-interval 10s
+                    --health-timeout 5s
+                    --health-retries 5
+                ports:
+                    - 6379:6379
+
+        steps:
+            - name: Checkout repository
+              uses: actions/checkout@v2
+
+            - id: database-type
+              env:
+                  MATRIX_DB: ${{ matrix.db }}
+              run: |
+                  db=$(echo "${MATRIX_DB%%:*}")
+                  echo "::set-output name=db::$db"
+
+            - name: Setup PHP
+              uses: shivammathur/setup-php@v2
+              with:
+                  php-version: ${{ matrix.php }}
+                  extensions: dom, curl, libxml, mbstring, zip, pcntl, pdo, mysqli, sqlite, pdo_sqlite, intl, gd, exif, iconv, sqlsrv, pdo_sqlsrv, ldap
+                  coverage: none
+
+            - name: Get Composer Cache Directory
+              id: composer-cache
+              env:
+                  PHP_VERSION: ${{ matrix.php }}
+              run: |
+                  cd phpBB
+                  echo "::set-output name=dir::$(composer config cache-files-dir)"
+                  echo "::set-output name=version::${PHP_VERSION%.*}"
+                  cd ..
+
+            - name: Cache Composer dependencies
+              uses: actions/cache@v2
+              with:
+                  path: ${{ steps.composer-cache.outputs.dir }}
+                  key: composer-${{ steps.composer-cache.outputs.version }}-${{ hashFiles('phpBB/composer.lock') }}
+
+            - name: Setup environment for phpBB
+              env:
+                  DB: ${{steps.database-type.outputs.db}}
+                  PHP_VERSION: ${{ matrix.php }}
+                  NOTESTS: '0'
+              run: |
+                  .github/setup-phpbb.sh $DB $PHP_VERSION ${NOTESTS:-0}
+
+            - name: Setup database
+              env:
+                  DB: ${{steps.database-type.outputs.db}}
+                  MYISAM: ${{ matrix.MYISAM != 1 && '0' || '1' }}
+              run: |
+                  .github/setup-database.sh $DB $MYISAM
+
+            - name: Setup LDAP
+              if: ${{ matrix.SLOWTESTS == 1 }}
+              run: |
+                  .github/setup-ldap.sh
+
+            - name: Lint tests
+              if: ${{ matrix.SLOWTESTS != 1 && steps.database-type.outputs.db == 'mysql' }}
+              run: phpBB/vendor/bin/phpunit tests/lint_test.php
+
+            - name: Run unit tests
+              env:
+                  DB: ${{steps.database-type.outputs.db}}
+              if: ${{ matrix.SLOWTESTS != 1 && matrix.NOTESTS != 1 }}
+              run: |
+                  phpBB/vendor/bin/phpunit --configuration .github/phpunit-$DB-github.xml --verbose --stop-on-error
+
+            - name: Slow tests
+              env:
+                  DB: ${{steps.database-type.outputs.db}}
+              if: ${{ matrix.SLOWTESTS == 1 }}
+              run: |
+                  phpBB/vendor/bin/phpunit --configuration .github/phpunit-$DB-github.xml --group slow
+
+    # Tests for PostgreSQL
+    postgres-tests:
+        runs-on: ubuntu-18.04
+        strategy:
+            matrix:
+                include:
+                    - php: '7.1'
+                      db: "postgres:9.5"
+                    - php: '7.1'
+                      db: "postgres:9.6"
+                    - php: '7.1'
+                      db: "postgres:10"
+                    - php: '7.1'
+                      db: "postgres:11"
+                    - php: '7.1'
+                      db: "postgres:12"
+                    - php: '7.1'
+                      db: "postgres:13"
+                    - php: '7.2'
+                      db: "postgres:13"
+                    - php: '7.3'
+                      db: "postgres:13"
+                    - php: '7.4'
+                      db: "postgres:13"
+                    - php: '8.0'
+                      db: "postgres:12"
+                    - php: '8.0'
+                      db: "postgres:13"
+
+        name: PHP ${{ matrix.php }} - ${{ matrix.db }}
+
+        services:
+            postgres:
+                image: ${{ matrix.db != 'postgres:9.5' && matrix.db != 'postgres:9.6' && matrix.db != 'postgres:10' && matrix.db != 'postgres:11' && matrix.db != 'postgres:12' && matrix.db != 'postgres:13' && 'postgres:10' || matrix.db }}
+                env:
+                    POSTGRES_HOST: localhost
+                    POSTGRES_USER: postgres
+                    POSTGRES_PASSWORD: postgres
+                ports:
+                    - 5432:5432
+                options: >-
+                    -v /var/run/postgresql:/var/run/postgresql
+                    --health-cmd pg_isready
+                    --health-interval 10s
+                    --health-timeout 5s
+                    --health-retries 5
+
+            redis:
+                image: redis
+                options: >-
+                    --health-cmd "redis-cli ping"
+                    --health-interval 10s
+                    --health-timeout 5s
+                    --health-retries 5
+                ports:
+                    - 6379:6379
+
+        steps:
+            - name: Checkout repository
+              uses: actions/checkout@v2
+
+            - id: database-type
+              env:
+                  MATRIX_DB: ${{ matrix.db }}
+              run: |
+                  db=$(echo "${MATRIX_DB%%:*}")
+                  echo "::set-output name=db::$db"
+
+            - name: Setup PHP
+              uses: shivammathur/setup-php@v2
+              with:
+                  php-version: ${{ matrix.php }}
+                  extensions: dom, curl, libxml, mbstring, zip, pcntl, pdo, mysqli, sqlite, pdo_sqlite, intl, gd, exif, iconv, sqlsrv, pdo_sqlsrv, ldap
+                  coverage: none
+
+            - name: Get Composer Cache Directory
+              id: composer-cache
+              env:
+                  PHP_VERSION: ${{ matrix.php }}
+              run: |
+                  cd phpBB
+                  echo "::set-output name=dir::$(composer config cache-files-dir)"
+                  echo "::set-output name=version::${PHP_VERSION%.*}"
+                  cd ..
+
+            - name: Cache Composer dependencies
+              uses: actions/cache@v2
+              with:
+                  path: ${{ steps.composer-cache.outputs.dir }}
+                  key: composer-${{ steps.composer-cache.outputs.version }}-${{ hashFiles('phpBB/composer.lock') }}
+
+            - name: Setup environment for phpBB
+              env:
+                  DB: ${{steps.database-type.outputs.db}}
+                  PHP_VERSION: ${{ matrix.php }}
+                  NOTESTS: '0'
+              run: |
+                  .github/setup-phpbb.sh $DB $PHP_VERSION ${NOTESTS:-0}
+
+            - name: Setup database
+              env:
+                  DB: ${{steps.database-type.outputs.db}}
+                  MYISAM: '0'
+              run: |
+                  .github/setup-database.sh $DB $MYISAM
+
+            - name: Run unit tests
+              env:
+                  DB: ${{steps.database-type.outputs.db}}
+              run: |
+                  phpBB/vendor/bin/phpunit --configuration .github/phpunit-$DB-github.xml --verbose --stop-on-error
+
+    # Other database types, namely sqlite3 and mssql
+    other-tests:
+        runs-on: ubuntu-18.04
+        strategy:
+            matrix:
+                include:
+                    - php: '7.1'
+                      db: "sqlite3"
+                    - php: '7.2'
+                      db: "mcr.microsoft.com/mssql/server:2017-latest"
+                      db_alias: 'MSSQL 2017'
+                    - php: '7.2'
+                      db: "mcr.microsoft.com/mssql/server:2019-latest"
+                      db_alias: 'MSSQL 2019'
+
+        name: PHP ${{ matrix.php }} - ${{ matrix.db_alias != '' && matrix.db_alias || matrix.db }}
+
+        services:
+            mssql:
+                image: ${{ matrix.db != 'mcr.microsoft.com/mssql/server:2017-latest' && matrix.db != 'mcr.microsoft.com/mssql/server:2019-latest' && 'mcr.microsoft.com/mssql/server:2017-latest' || matrix.db }}
+                env:
+                    SA_PASSWORD: "Pssw0rd_12"
+                    ACCEPT_EULA: "y"
+                ports:
+                    - 1433:1433
+                options: >-
+                    --health-cmd="/opt/mssql-tools/bin/sqlcmd -S localhost -U sa -P 'Pssw0rd_12' -Q \"Use [master]; CREATE DATABASE [phpbb_tests] COLLATE Latin1_General_CI_AS\" || exit 1"
+                    --health-interval 10s
+                    --health-timeout 5s
+                    --health-retries 5
+                    --health-start-period 10s
+
+            redis:
+                image: redis
+                options: >-
+                    --health-cmd "redis-cli ping"
+                    --health-interval 10s
+                    --health-timeout 5s
+                    --health-retries 5
+                ports:
+                    - 6379:6379
+
+
+        steps:
+            - name: Checkout repository
+              uses: actions/checkout@v2
+
+            - id: database-type
+              env:
+                  MATRIX_DB: ${{ matrix.db }}
+              run: |
+                  if [ $MATRIX_DB == 'mcr.microsoft.com/mssql/server:2017-latest' ] || [ $MATRIX_DB == 'mcr.microsoft.com/mssql/server:2019-latest' ]
+                  then
+                      db='mssql'
+                  else
+                      db=$(echo "${MATRIX_DB%%:*}")
+                  fi
+                  echo "::set-output name=db::$db"
+
+            - name: Setup PHP
+              uses: shivammathur/setup-php@v2
+              with:
+                  php-version: ${{ matrix.php }}
+                  extensions: dom, curl, libxml, mbstring, zip, pcntl, pdo, mysqli, sqlite, pdo_sqlite, intl, gd, exif, iconv, sqlsrv, pdo_sqlsrv, ldap
+                  coverage: none
+
+            - name: Get Composer Cache Directory
+              id: composer-cache
+              env:
+                  PHP_VERSION: ${{ matrix.php }}
+              run: |
+                  cd phpBB
+                  echo "::set-output name=dir::$(composer config cache-files-dir)"
+                  echo "::set-output name=version::${PHP_VERSION%.*}"
+                  cd ..
+
+            - name: Cache Composer dependencies
+              uses: actions/cache@v2
+              with:
+                  path: ${{ steps.composer-cache.outputs.dir }}
+                  key: composer-${{ steps.composer-cache.outputs.version }}-${{ hashFiles('phpBB/composer.lock') }}
+
+            - name: Setup environment for phpBB
+              env:
+                  DB: ${{steps.database-type.outputs.db}}
+                  PHP_VERSION: ${{ matrix.php }}
+                  NOTESTS: '0'
+              run: |
+                  .github/setup-phpbb.sh $DB $PHP_VERSION ${NOTESTS:-0}
+
+            - name: Setup database
+              env:
+                  DB: ${{steps.database-type.outputs.db}}
+                  MYISAM: '0'
+              run: |
+                  .github/setup-database.sh $DB $MYISAM
+
+            - name: Run unit tests
+              env:
+                  DB: ${{steps.database-type.outputs.db}}
+              run: |
+                  phpBB/vendor/bin/phpunit --configuration .github/phpunit-$DB-github.xml --verbose --stop-on-error
+
+    # Test with IIS & PostgreSQL on Windows
+    windows-tests:
+        runs-on: windows-2016
+        strategy:
+            matrix:
+                include:
+                    - php: '7.4'
+                      db: "postgres"
+                    - php: '8.0'
+                      db: "postgres"
+                    - php: '8.1'
+                      db: "postgres"
+
+        name: Windows - PHP ${{ matrix.php }} - ${{ matrix.db }}
+
+        steps:
+            - name: Prepare git for Windows
+              run: |
+                  git config --system core.autocrlf false
+                  git config --system core.eol lf
+            - name: Checkout repository
+              uses: actions/checkout@v2
+
+            - name: Setup PHP
+              uses: shivammathur/setup-php@v2
+              with:
+                  php-version: ${{ matrix.php }}
+                  extensions: dom, curl, libxml, mbstring, zip, pcntl, pdo, intl, gd, exif, iconv, pgsql, pdo_pgsql
+                  ini-values: upload_tmp_dir=${{ runner.temp }}, sys_temp_dir=${{ runner.temp }}
+                  coverage: none
+
+            - name: Get Composer Cache Directory
+              id: composer-cache
+              run: |
+                  cd phpBB
+                  echo "::set-output name=dir::$(composer config cache-files-dir)"
+                  $major_version="${{ matrix.php }}".substring(0,1)
+                  echo "::set-output name=version::$major_version"
+                  cd ..
+
+            - name: Cache Composer dependencies
+              uses: actions/cache@v2
+              with:
+                  path: ${{ steps.composer-cache.outputs.dir }}
+                  key: composer-${{ steps.composer-cache.outputs.version }}-${{ hashFiles('phpBB/composer.lock') }}
+
+            - name: Setup environment for phpBB
+              env:
+                  GITHUB_WORKSPACE: ${{ github.workspace }}
+                  TEMP_DIR: ${{ runner.temp }}
+              run: |
+                  Enable-WindowsOptionalFeature -Online -FeatureName IIS-WebServerRole, IIS-WebServer, IIS-CommonHttpFeatures, IIS-ManagementConsole, IIS-HttpErrors, IIS-HttpRedirect, IIS-WindowsAuthentication, IIS-StaticContent, IIS-DefaultDocument, IIS-HttpCompressionStatic, IIS-DirectoryBrowsing, IIS-WebServerManagementTools, IIS-CGI -All
+                  Set-Service wuauserv -StartupType Manual
+                  (Get-Content ${env:GITHUB_WORKSPACE}\phpBB\web.config).replace("<configuration>", "<configuration>`n`t<system.web>`n`t`t<customErrors mode=`"Off`"/>`n`t</system.web>") | Set-Content ${env:GITHUB_WORKSPACE}\phpBB\web.config
+                  (Get-Content ${env:GITHUB_WORKSPACE}\phpBB\web.config).replace("`t</system.webServer>", "`t`t<httpErrors errorMode=`"Detailed`" />`n`t</system.webServer>") | Set-Content ${env:GITHUB_WORKSPACE}\phpBB\web.config
+                  choco install urlrewrite -y
+                  Import-Module WebAdministration
+                  New-WebSite -Name 'phpBBTest' -PhysicalPath "${env:GITHUB_WORKSPACE}\phpBB" -Force
+                  $session = Get-PSSession -Name WinPSCompatSession
+                  $sb = {Set-ItemProperty 'IIS:\Sites\phpBBTest' -name Bindings -value @{protocol='http';bindingInformation='*:80:phpbb.test'}}
+                  Invoke-Command -Scriptblock $sb -Session $session
+                  $sb = {Set-WebConfigurationProperty -filter /system.WebServer/security/authentication/AnonymousAuthentication -name enabled -value true -location "IIS:\Sites\phpBBTest"}
+                  Invoke-Command -Scriptblock $sb -Session $session
+                  Add-Content -Path $env:windir\System32\drivers\etc\hosts -Value "`r`n127.0.0.1`tphpbb.test" -Force
+                  [System.Environment]::SetEnvironmentVariable('PATH',$Env:PATH+";%windir%\system32\inetsrv")
+                  echo Setup FAST-CGI configuration
+                  Add-WebConfiguration -Filter /system.webServer/fastCgi -PSPath IIS:\ -Value @{fullpath="C:\tools\php\php-cgi.exe"}
+                  echo Setup FACT-CGI handler
+                  New-WebHandler -Name "PHP-FastCGI" -Path "*.php" -Modules FastCgiModule -ScriptProcessor "C:\tools\php\php-cgi.exe" -Verb '*' -ResourceType Either
+                  iisreset
+                  NET START W3SVC
+                  mkdir "${env:GITHUB_WORKSPACE}\phpBB\cache\test"
+                  mkdir "${env:GITHUB_WORKSPACE}\phpBB\cache\installer"
+                  icacls "${env:GITHUB_WORKSPACE}\phpBB\cache" /grant Users:F /T
+                  icacls "${env:GITHUB_WORKSPACE}\phpBB\files" /grant Users:F /T
+                  icacls "${env:GITHUB_WORKSPACE}\phpBB\store" /grant Users:F /T
+                  icacls "${env:GITHUB_WORKSPACE}\phpBB\images\avatars\upload" /grant Users:F /T
+                  $accessRule = New-Object System.Security.AccessControl.FileSystemAccessRule("IIS_IUSRS", "FullControl", "ContainerInherit,ObjectInherit", "None", "Allow")
+                  $acl = Get-ACL "${env:TEMP_DIR}"
+                  $acl.AddAccessRule($accessRule)
+                  Set-ACL -Path "${env:TEMP_DIR}" -ACLObject $acl
+                  cd ${env:GITHUB_WORKSPACE}\phpBB
+                  php ..\composer.phar install
+                  php ..\composer.phar remove phpunit/dbunit --dev --update-with-dependencies
+                  php ..\composer.phar require symfony/yaml:~4.4 misantron/dbunit:~5.0 phpunit/phpunit:^9.3 --dev --update-with-all-dependencies --ignore-platform-reqs
+                  cd ..
+            - name: Setup database
+              run: |
+                  $postgreSqlSvc = Get-Service "postgresql*"
+                  Set-Service $postgreSqlSvc.Name -StartupType manual
+                  $postgreSqlSvc.Start()
+                  try {
+                    (Get-Service "postgresql*").Start()
+                  } catch  {
+                    $_ | select *
+                  }
+                  [System.Environment]::SetEnvironmentVariable('PATH',$Env:PATH+";${env:PGBIN}")
+                  $env:PGPASSWORD = 'root'
+                  psql -c 'DROP DATABASE IF EXISTS phpbb_tests;' -U postgres
+                  psql -c 'create database phpbb_tests;' -U postgres
+                  Add-MpPreference -ExclusionPath "${env:PGDATA}" # Exclude PGDATA directory from Windows Defender
+            - name: Run unit tests
+              run: |
+                  phpBB/vendor/bin/phpunit --configuration .github/phpunit-psql-windows-github.xml --verbose --stop-on-error

.gitignore

@@ -30,3 +30,4 @@ node_modules
 .vagrant
 .idea
 *.DS_Store*
+/.vscode

.travis.yml

@@ -1,51 +0,0 @@
-language: php
-dist: xenial
-
-matrix:
-  include:
-    - php: 7.1
-      env: DB=none;NOTESTS=1
-    - php: 7.1
-      env: DB=mariadb
-    - php: 7.1
-      env: DB=postgres
-    - php: 7.1
-      env: DB=sqlite3
-    - php: 7.1
-      env: DB=mysqli;SLOWTESTS=1
-    - php: 7.1
-      env: DB=mysqli # MyISAM
-    - php: 7.2
-      env: DB=mysqli
-    - php: 7.3
-      env: DB=mysqli
-    - php: 7.4
-      env: DB=mysqli
-    - php: nightly
-      env: DB=mysqli
-  allow_failures:
-    - php: nightly
-  fast_finish: true
-
-services:
-  - redis-server
-  - postgresql
-  - mysql
-  - memcached
-
-install:
-  - travis/setup-phpbb.sh $DB $TRAVIS_PHP_VERSION $NOTESTS
-
-before_script:
-  - travis/setup-database.sh $DB $TRAVIS_PHP_VERSION $NOTESTS
-  - travis/setup-ldap.sh $SLOWTESTS
-
-script:
-  - travis/phing-sniff.sh $DB $TRAVIS_PHP_VERSION $NOTESTS
-  - travis/check-doctum-parse-errors.sh $DB $TRAVIS_PHP_VERSION $NOTESTS
-  - travis/check-image-icc-profiles.sh $DB $TRAVIS_PHP_VERSION $NOTESTS
-  - travis/check-executable-files.sh $DB $TRAVIS_PHP_VERSION $NOTESTS ./
-  - sh -c "if [ '$SLOWTESTS' != '1' -a '$DB' = 'mysqli' ]; then phpBB/vendor/bin/phpunit tests/lint_test.php; fi"
-  - sh -c "if [ '$NOTESTS' != '1' -a '$SLOWTESTS' != '1' ]; then phpBB/vendor/bin/phpunit --configuration travis/phpunit-$DB-travis.xml --verbose --stop-on-error; fi"
-  - sh -c "if [ '$SLOWTESTS' = '1' ]; then phpBB/vendor/bin/phpunit --configuration travis/phpunit-$DB-travis.xml --group slow; fi"
-  - sh -c "set -x;if [ '$NOTESTS' = '1' -a '$TRAVIS_PULL_REQUEST' != 'false' ]; then git remote set-branches --add origin $TRAVIS_BRANCH && git fetch && git-tools/commit-msg-hook-range.sh origin/$TRAVIS_BRANCH..$TRAVIS_PULL_REQUEST_SHA; fi"

README.md

@@ -1,4 +1,4 @@
-[![phpBB](phpBB/styles/all/imgs/svg/phpbb_logo_large_cosmic.svg)](https://www.phpbb.com)
+[<img src="phpBB/styles/all/imgs/svg/phpbb_logo_large_cosmic.svg" alt="phpBB" style="max-width:40%" width="400">](https://www.phpbb.com)
 
 phpBB is a free open-source bulletin board written in PHP.
 
@@ -37,11 +37,10 @@ phpBB's [Development Documentation](https://area51.phpbb.com/docs/dev/index.html
 
 We have unit and functional tests in order to prevent regressions. You can view the bamboo continuous integration [here](https://bamboo.phpbb.com) or check our travis builds below:
 
-Branch  | Description | Travis CI  | AppVeyor
-------- | ----------- | ---------- | --------
-**master** | Latest development version | [![Build Status](https://travis-ci.org/phpbb/phpbb.svg?branch=master)](http://travis-ci.org/phpbb/phpbb) | [![Build status](https://ci.appveyor.com/api/projects/status/8g98ybngd2f3axy1/branch/master?svg=true)](https://ci.appveyor.com/project/phpBB/phpbb/branch/master)
-**3.3.x** | Development of version 3.3.x | [![Build Status](https://travis-ci.org/phpbb/phpbb.svg?branch=3.3.x)](http://travis-ci.org/phpbb/phpbb) | [![Build status](https://ci.appveyor.com/api/projects/status/8g98ybngd2f3axy1/branch/3.3.x?svg=true)](https://ci.appveyor.com/project/phpBB/phpbb/branch/3.3.x)
-**3.2.x** | Development of version 3.2.x | [![Build Status](https://travis-ci.org/phpbb/phpbb.svg?branch=3.2.x)](http://travis-ci.org/phpbb/phpbb) | [![Build status](https://ci.appveyor.com/api/projects/status/8g98ybngd2f3axy1/branch/3.2.x?svg=true)](https://ci.appveyor.com/project/phpBB/phpbb/branch/3.2.x)
+Branch  | Description | Github Actions |
+------- | ----------- | -------------- |
+**master** | Latest development version | ![Tests](https://github.com/phpbb/phpbb/workflows/Tests/badge.svg?branch=master) |
+**3.3.x** | Development of version 3.3.x | ![Tests](https://github.com/phpbb/phpbb/workflows/Tests/badge.svg?branch=3.3.x) |
 
 ## 📜 License
 

build/build.xml

@@ -2,9 +2,9 @@
 
 <project name="phpBB" description="The phpBB forum software" default="all" basedir="../">
 	<!-- a few settings for the build -->
-	<property name="newversion" value="3.3.2" />
-	<property name="prevversion" value="3.3.1" />
-	<property name="olderversions" value="3.1.0, 3.1.1, 3.1.2, 3.1.3, 3.1.4, 3.1.5, 3.1.6, 3.1.7, 3.1.7-pl1, 3.1.8, 3.1.9, 3.1.10, 3.1.11, 3.1.12, 3.2.0, 3.2.1, 3.2.2, 3.2.3, 3.2.4, 3.2.5, 3.2.6, 3.2.7, 3.2.8, 3.2.9, 3.2.10, 3.2.11, 3.3.0, 3.3.2-RC1" />
+	<property name="newversion" value="3.3.5" />
+	<property name="prevversion" value="3.3.4" />
+	<property name="olderversions" value="3.1.0, 3.1.1, 3.1.2, 3.1.3, 3.1.4, 3.1.5, 3.1.6, 3.1.7, 3.1.7-pl1, 3.1.8, 3.1.9, 3.1.10, 3.1.11, 3.1.12, 3.2.0, 3.2.1, 3.2.2, 3.2.3, 3.2.4, 3.2.5, 3.2.6, 3.2.7, 3.2.8, 3.2.9, 3.2.10, 3.2.11, 3.3.0, 3.3.1, 3.3.2, 3.3.3, 3.3.5-RC1" />
 	<!-- no configuration should be needed beyond this point -->
 
 	<property name="oldversions" value="${olderversions}, ${prevversion}" />
@@ -128,13 +128,13 @@
 	<!-- Builds docs for current branch into build/api/output/master -->
 	<target name="docs">
 		<exec dir="."
-			command="php doctum.phar update build/doctum-checkout.conf.php"
+			command="./doctum.phar update build/doctum-checkout.conf.php"
 			passthru="true" />
 	</target>
 	<!-- Builds docs for multiple branches/tags into build/api/output/$branch -->
 	<target name="docs-all">
 		<exec dir="."
-			command="php doctum.phar update build/doctum-all.conf.php"
+			command="./doctum.phar update build/doctum-all.conf.php"
 			passthru="true" />
 	</target>
 

build/build_changelog.php

@@ -38,6 +38,7 @@ else
 	$xml = simplexml_load_string(file_get_contents($url));
 }
 
+$types = [];
 foreach ($xml->xpath('//item') as $item)
 {
 	$key = (string) $item->key;
@@ -45,23 +46,26 @@ foreach ($xml->xpath('//item') as $item)
 	$keyUrl = 'https://tracker.phpbb.com/browse/' . $key;
 	$keyLink = '<a href="' . $keyUrl . '">' . $key . '</a>';
 
-	$value = str_replace($key, $keyLink, htmlspecialchars($item->title));
+	$value = str_replace($key, $keyLink, htmlspecialchars($item->title, ENT_COMPAT));
 	$value = str_replace(']', '] -', $value);
 
 	$types[(string) $item->type][$key] = $value;
 }
 
-ksort($types);
-foreach ($types as $type => $tickets)
+if (count($types))
 {
-	echo "<h4>$type</h4>\n";
-	echo "<ul>\n";
-
-	uksort($tickets, 'strnatcasecmp');
-
-	foreach ($tickets as $ticket)
+	ksort($types);
+	foreach ($types as $type => $tickets)
 	{
-		echo "<li>$ticket</li>\n";
+		echo "<h4>$type</h4>\n";
+		echo "<ul>\n";
+
+		uksort($tickets, 'strnatcasecmp');
+
+		foreach ($tickets as $ticket)
+		{
+			echo "<li>$ticket</li>\n";
+		}
+		echo "</ul>\n";
 	}
-	echo "</ul>\n";
 }

build/build_helper.php

@@ -43,10 +43,10 @@ class build_package
 		$_before = $this->versions[count($this->versions) - 2];
 
 		$this->locations = array(
-			'new_version'	=> dirname(dirname(__FILE__)) . '/phpBB/',
-			'old_versions'	=> dirname(__FILE__) . '/old_versions/',
-			'root'			=> dirname(__FILE__) . '/',
-			'package_dir'	=> dirname(__FILE__) . '/new_version/'
+			'new_version'	=> dirname(__DIR__) . '/phpBB/',
+			'old_versions'	=> __DIR__ . '/old_versions/',
+			'root'			=> __DIR__ . '/',
+			'package_dir'	=> __DIR__ . '/new_version/'
 		);
 
 		$this->package_infos = array(

build/code_sniffer/phpbb/Sniffs/ControlStructures/StaticKeywordSniff.php

@@ -0,0 +1,57 @@
+<?php
+/**
+ *
+ * This file is part of the phpBB Forum Software package.
+ *
+ * @copyright (c) phpBB Limited <https://www.phpbb.com>
+ * @license GNU General Public License, version 2 (GPL-2.0)
+ *
+ * For full copyright and license information, please see
+ * the docs/CREDITS.txt file.
+ *
+ */
+
+use PHP_CodeSniffer\Files\File;
+use PHP_CodeSniffer\Sniffs\Sniff;
+
+/**
+ * Checks that the visibility qualifiers are placed after the static keyword
+ * according to the coding guidelines
+ */
+class phpbb_Sniffs_ControlStructures_StaticKeywordSniff implements Sniff
+{
+	/**
+	 * Registers the tokens that this sniff wants to listen for.
+	 */
+	public function register()
+	{
+		return [
+			T_STATIC,
+		];
+	}
+
+	/**
+	 * Processes this test, when one of its tokens is encountered.
+	 *
+	 * @param File $phpcsFile The file being scanned.
+	 * @param int $stackPtr  The position of the current token in the stack passed in $tokens.
+	 *
+	 * @return void
+	 */
+	public function process(File $phpcsFile, $stackPtr)
+	{
+		$tokens = $phpcsFile->getTokens();
+
+		$disallowed_after_tokens = [
+			T_PUBLIC,
+			T_PROTECTED,
+			T_PRIVATE,
+		];
+
+		if (in_array($tokens[$stackPtr + 2]['code'], $disallowed_after_tokens))
+		{
+			$error = 'Access specifier (e.g. public) should not follow static scope attribute. Encountered "' . $tokens[$stackPtr + 2]['content'] . '" after static';
+			$phpcsFile->addWarning($error, $stackPtr, 'InvalidStaticFunctionDeclaration', [], 1);
+		}
+	}
+}

build/code_sniffer/phpbb/Sniffs/Namespaces/UnusedUseSniff.php

@@ -19,21 +19,34 @@ use PHP_CodeSniffer\Sniffs\Sniff;
 */
 class phpbb_Sniffs_Namespaces_UnusedUseSniff implements Sniff
 {
+	const FIND = [
+		T_NS_SEPARATOR,
+		T_STRING,
+		T_WHITESPACE,
+	];
+
 	/**
 	* {@inheritdoc}
 	*/
 	public function register()
 	{
-		return array(T_USE);
+		return [T_USE];
 	}
 
-	protected function check(File $phpcsFile, $found_name, $full_name, $short_name, $line)
+	protected function check(File $phpcsFile, $found_name, $full_name, $short_name, $stack_pointer)
 	{
+		$found_name_normalized = ltrim($found_name, '\\');
+		$full_name = ltrim($full_name, '\\');
 
-		if ($found_name === $full_name)
+		$is_global = ($full_name === $short_name);
+		$unnecessarily_fully_qualified = ($is_global)
+			? ($found_name_normalized !== $found_name && $found_name_normalized === $short_name)
+			: ($found_name_normalized === $full_name);
+
+		if ($unnecessarily_fully_qualified)
 		{
 			$error = 'Either use statement or full name must be used.';
-			$phpcsFile->addError($error, $line, 'FullName');
+			$phpcsFile->addError($error, $stack_pointer, 'FullName');
 		}
 
 		if ($found_name === $short_name)
@@ -58,27 +71,50 @@ class phpbb_Sniffs_Namespaces_UnusedUseSniff implements Sniff
 
 		$class_name_start = $phpcsFile->findNext(array(T_NS_SEPARATOR, T_STRING), ($stackPtr + 1));
 
-		$find = array(
-			T_NS_SEPARATOR,
-			T_STRING,
-			T_WHITESPACE,
-		);
-
-		$class_name_end = $phpcsFile->findNext($find, ($stackPtr + 1), null, true);
+		$class_name_end = $phpcsFile->findNext(self::FIND, ($stackPtr + 1), null, true);
 
 		$aliasing_as_position = $phpcsFile->findNext(T_AS, $class_name_end, null, false, null, true);
 		if ($aliasing_as_position !== false)
 		{
 			$alias_position = $phpcsFile->findNext(T_STRING, $aliasing_as_position, null, false, null, true);
-			$class_name_short = $tokens[$alias_position]['content'];
-			$class_name_full = $phpcsFile->getTokensAsString($class_name_start, ($class_name_end - $class_name_start - 1));
+			$name_short = $tokens[$alias_position]['content'];
+			$name_full = $phpcsFile->getTokensAsString($class_name_start, ($class_name_end - $class_name_start - 1));
 		}
 		else
 		{
-			$class_name_full = $phpcsFile->getTokensAsString($class_name_start, ($class_name_end - $class_name_start));
-			$class_name_short = $tokens[$class_name_end - 1]['content'];
+			$name_full = $phpcsFile->getTokensAsString($class_name_start, ($class_name_end - $class_name_start));
+			$name_short = $tokens[$class_name_end - 1]['content'];
 		}
 
+		if ($tokens[$class_name_start]['content'] === 'function'
+			&& $tokens[$class_name_start + 1]['code'] === T_WHITESPACE)
+		{
+			$class_name_start += 2;
+			$name_full = $phpcsFile->getTokensAsString(
+				$class_name_start,
+				($class_name_end - $class_name_start - (int) ($aliasing_as_position !== false))
+			);
+			$ok = $this->findFunctionUsage($phpcsFile, $stackPtr, $tokens, $name_full, $name_short);
+		}
+		else
+		{
+			$ok = $this->findClassUsage($phpcsFile, $stackPtr, $tokens, $name_full, $name_short);
+		}
+
+		if ($name_full[0] === '\\')
+		{
+			$phpcsFile->addError("There must not be a leading '\\' in use statements.", $stackPtr, 'Malformed');
+		}
+
+		if (!$ok)
+		{
+			$error = 'There must not be unused USE statements.';
+			$phpcsFile->addError($error, $stackPtr, 'Unused');
+		}
+	}
+
+	private function findClassUsage(File $phpcsFile, $stackPtr, $tokens, $class_name_full, $class_name_short)
+	{
 		$ok = false;
 
 		// Checks in simple statements (new, instanceof and extends)
@@ -95,11 +131,11 @@ class phpbb_Sniffs_Namespaces_UnusedUseSniff implements Sniff
 					continue;
 				}
 
-				$simple_class_name_end = $phpcsFile->findNext($find, ($simple_statement + 1), null, true);
+				$simple_class_name_end = $phpcsFile->findNext(self::FIND, ($simple_statement + 1), null, true);
 
 				$simple_class_name = trim($phpcsFile->getTokensAsString($simple_class_name_start, ($simple_class_name_end - $simple_class_name_start)));
 
-				$ok = $this->check($phpcsFile, $simple_class_name, $class_name_full, $class_name_short, $simple_statement) ? true : $ok;
+				$ok = $this->check($phpcsFile, $simple_class_name, $class_name_full, $class_name_short, $simple_statement) || $ok;
 			}
 		}
 
@@ -109,12 +145,12 @@ class phpbb_Sniffs_Namespaces_UnusedUseSniff implements Sniff
 		{
 			$old_paamayim_nekudotayim = $paamayim_nekudotayim;
 
-			$paamayim_nekudotayim_class_name_start = $phpcsFile->findPrevious($find, $paamayim_nekudotayim - 1, null, true);
+			$paamayim_nekudotayim_class_name_start = $phpcsFile->findPrevious(self::FIND, $paamayim_nekudotayim - 1, null, true);
 			$paamayim_nekudotayim_class_name_end = $paamayim_nekudotayim - 1;
 
 			$paamayim_nekudotayim_class_name = trim($phpcsFile->getTokensAsString($paamayim_nekudotayim_class_name_start + 1, ($paamayim_nekudotayim_class_name_end - $paamayim_nekudotayim_class_name_start)));
 
-			$ok = $this->check($phpcsFile, $paamayim_nekudotayim_class_name, $class_name_full, $class_name_short, $paamayim_nekudotayim) ? true : $ok;
+			$ok = $this->check($phpcsFile, $paamayim_nekudotayim_class_name, $class_name_full, $class_name_short, $paamayim_nekudotayim) || $ok;
 		}
 
 		// Checks in implements
@@ -129,11 +165,11 @@ class phpbb_Sniffs_Namespaces_UnusedUseSniff implements Sniff
 				$old_implemented_class = $implemented_class;
 
 				$implements_class_name_start = $phpcsFile->findNext(array(T_NS_SEPARATOR, T_STRING), ($implemented_class - 1));
-				$implements_class_name_end = $phpcsFile->findNext($find, ($implemented_class - 1), null, true);
+				$implements_class_name_end = $phpcsFile->findNext(self::FIND, ($implemented_class - 1), null, true);
 
 				$implements_class_name = trim($phpcsFile->getTokensAsString($implements_class_name_start, ($implements_class_name_end - $implements_class_name_start)));
 
-				$ok = $this->check($phpcsFile, $implements_class_name, $class_name_full, $class_name_short, $implements) ? true : $ok;
+				$ok = $this->check($phpcsFile, $implements_class_name, $class_name_full, $class_name_short, $implements) || $ok;
 			}
 		}
 
@@ -141,7 +177,7 @@ class phpbb_Sniffs_Namespaces_UnusedUseSniff implements Sniff
 		while (($docblock = $phpcsFile->findNext(T_DOC_COMMENT_CLOSE_TAG, ($old_docblock + 1))) !== false)
 		{
 			$old_docblock = $docblock;
-			$ok = $this->checkDocblock($phpcsFile, $docblock, $tokens, $class_name_full, $class_name_short) ? true : $ok;
+			$ok = $this->checkDocblock($phpcsFile, $docblock, $tokens, $class_name_full, $class_name_short) || $ok;
 		}
 
 		// Checks in type hinting
@@ -154,7 +190,7 @@ class phpbb_Sniffs_Namespaces_UnusedUseSniff implements Sniff
 			$params = $phpcsFile->getMethodParameters($function_declaration);
 			foreach ($params as $param)
 			{
-				$ok = $this->check($phpcsFile, $param['type_hint'], $class_name_full, $class_name_short, $function_declaration) ? true : $ok;
+				$ok = $this->check($phpcsFile, $param['type_hint'], $class_name_full, $class_name_short, $function_declaration) || $ok;
 			}
 		}
 
@@ -165,18 +201,106 @@ class phpbb_Sniffs_Namespaces_UnusedUseSniff implements Sniff
 			$old_catch = $catch;
 
 			$caught_class_name_start = $phpcsFile->findNext(array(T_NS_SEPARATOR, T_STRING), $catch + 1);
-			$caught_class_name_end = $phpcsFile->findNext($find, $caught_class_name_start + 1, null, true);
+			$caught_class_name_end = $phpcsFile->findNext(self::FIND, $caught_class_name_start + 1, null, true);
 
 			$caught_class_name = trim($phpcsFile->getTokensAsString($caught_class_name_start, ($caught_class_name_end - $caught_class_name_start)));
 
-			$ok = $this->check($phpcsFile, $caught_class_name, $class_name_full, $class_name_short, $catch) ? true : $ok;
+			$ok = $this->check($phpcsFile, $caught_class_name, $class_name_full, $class_name_short, $catch) || $ok;
 		}
 
-		if (!$ok)
+		$old_use = $stackPtr;
+		while (($use = $phpcsFile->findNext(T_USE, ($old_use + 1))) !== false)
 		{
-			$error = 'There must not be unused USE statements.';
-			$phpcsFile->addError($error, $stackPtr, 'Unused');
+			$old_use = $use;
+
+			// Needs to be inside a class and must not be inside a function scope.
+			if (!$phpcsFile->hasCondition($use, [T_CLASS, T_TRAIT]) || $phpcsFile->hasCondition($use, T_FUNCTION))
+			{
+				continue;
+			}
+
+			$next = $phpcsFile->findNext(T_WHITESPACE, ($use + 1), null, true, null, true);
+			if ($tokens[$next]['code'] === T_OPEN_PARENTHESIS)
+			{
+				continue;
+			}
+
+			$class_name_start = $phpcsFile->findNext(array(T_NS_SEPARATOR, T_STRING), $use + 1, null, false, null, true);
+			$class_name_end = $phpcsFile->findNext(self::FIND, $class_name_start + 1, null, true, null, true);
+			$found_name = trim($phpcsFile->getTokensAsString($class_name_start, ($class_name_end - $class_name_start)));
+
+			$ok = $this->check($phpcsFile, $found_name, $class_name_full, $class_name_short, $use) || $ok;
 		}
+
+		return $ok;
+	}
+
+	private function findFunctionUsage(File $phpcsFile, $stackPtr, $tokens, $name_full, $name_short)
+	{
+		$ok = false;
+		$position = $phpcsFile->findNext(T_OPEN_PARENTHESIS, $stackPtr + 1);
+		while ($position !== false)
+		{
+			$function_name_end = $position;
+			$found_start = 1 + $phpcsFile->findPrevious(
+				[T_NS_SEPARATOR, T_STRING, T_WHITESPACE],
+				$function_name_end - 1,
+				null,
+				true
+			);
+
+			$position = $phpcsFile->findNext(T_OPEN_PARENTHESIS, $position + 1);
+			if ($found_start === null)
+			{
+				continue;
+			}
+
+			$function_name_start = $found_start;
+
+			// Trim the output.
+			while ($tokens[$function_name_start]['code'] === T_WHITESPACE && $function_name_start < $function_name_end)
+			{
+				++$function_name_start;
+			}
+
+			while ($tokens[$function_name_end]['code'] === T_WHITESPACE && $function_name_end > $function_name_start)
+			{
+				--$function_name_end;
+			}
+
+			$function_name_length = $function_name_end - $function_name_start;
+
+			// Filter out control structures, built in type constructors, etc.
+			if ($function_name_length <= 0)
+			{
+				continue;
+			}
+
+			// This doesn't seem to be valid PHP, where is the opening tag?
+			if ($found_start === 0)
+			{
+				continue;
+			}
+
+			$previous_token = $found_start - 1;
+			$filter = [
+				T_FUNCTION, // Function declaration
+				T_OBJECT_OPERATOR, // Method call
+				T_DOUBLE_COLON, // Static method call
+				T_NEW, // Constructors
+			];
+
+			// Filter out calls to methods and function declarations.
+			if (in_array($tokens[$previous_token]['code'], $filter))
+			{
+				continue;
+			}
+
+			$function_name = $phpcsFile->getTokensAsString($function_name_start, $function_name_length);
+			$ok = $this->check($phpcsFile, $function_name, $name_full, $name_short, $function_name_start) || $ok;
+		}
+
+		return $ok;
 	}
 
 	/**
@@ -247,7 +371,7 @@ class phpbb_Sniffs_Namespaces_UnusedUseSniff implements Sniff
 			$classes = explode('|', str_replace('[]', '', $classes));
 			foreach ($classes as $class)
 			{
-				$ok = $this->check($phpcsFile, $class, $class_name_full, $class_name_short, $tokens[$tag + 2]['line']) ? true : $ok;
+				$ok = $this->check($phpcsFile, $class, $class_name_full, $class_name_short, $tag + 2) || $ok;
 			}
 		}
 

build/code_sniffer/ruleset-php-legacy.xml

@@ -89,4 +89,7 @@
  <!-- There MUST be one space between control structure and opening parenthesis -->
  <rule ref="./phpbb/Sniffs/ControlStructures/OpeningParenthesisSniff.php" />
 
+ <!-- Static qualifier MUST be placed before the visibility qualifiers. -->
+ <rule ref="./phpbb/Sniffs/ControlStructures/StaticKeywordSniff.php" />
+
 </ruleset>

git-tools/commit-msg-hook-range.sh

@@ -24,7 +24,17 @@ COMMIT_MSG_HOOK_FATAL=$(git config --bool phpbb.hooks.commit-msg.fatal 2> /dev/n
 git config phpbb.hooks.commit-msg.fatal true
 
 EXIT_STATUS=0
-for COMMIT_HASH in $(git rev-list --no-merges "$COMMIT_RANGE")
+
+COMMIT_HASHES=$(git rev-list --no-merges "$COMMIT_RANGE")
+
+# If any message have been returned instead of commit hashes list
+# send a non-zero exit status upstream.
+if ! [[ "$COMMIT_HASHES" =~ ^[0-9a-f]{5,40} ]]
+then
+	EXIT_STATUS=1
+fi
+
+for COMMIT_HASH in $COMMIT_HASHES
 do
 	echo "Inspecting commit message of commit $COMMIT_HASH"
 

git-tools/hooks/commit-msg

@@ -1,7 +1,7 @@
 #!/bin/sh
 #
 # A hook to check syntax of a phpBB3 commit message, per:
-# * <http://wiki.phpbb.com/display/DEV/Git>
+# * <https://area51.phpbb.com/docs/dev/master/development/git.html>
 # * <http://area51.phpbb.com/phpBB/viewtopic.php?p=209919#p209919>
 #
 # This is a commit-msg hook.

phpBB/adm/style/acp_bbcodes.html

@@ -31,11 +31,11 @@
 	</fieldset>
 
 	<fieldset>
-		<legend>{L_BBCODE_HELPLINE}</legend>
-		<p>{L_BBCODE_HELPLINE_EXPLAIN}</p>
+		<legend>{{ lang('BBCODE_HELPLINE') }}</legend>
+		<p>{{ lang('BBCODE_HELPLINE_EXPLAIN') }}</p>
 	<dl>
-		<dt><label for="bbcode_helpline">{L_BBCODE_HELPLINE_TEXT}</label></dt>
-		<dd><input type="text" id="bbcode_helpline" name="bbcode_helpline" size="60" maxlength="255" value="{BBCODE_HELPLINE}" /></dd>
+		<dt><label for="bbcode_helpline">{{ lang('BBCODE_HELPLINE_TEXT') }}</label></dt>
+		<dd><textarea id="bbcode_helpline" name="bbcode_helpline" cols="60" rows="4">{{ BBCODE_HELPLINE }}</textarea></dd>
 	</dl>
 	</fieldset>
 

phpBB/adm/style/acp_database.html

@@ -58,7 +58,6 @@
 	<dl>
 		<dt><label for="type">{L_BACKUP_TYPE}{L_COLON}</label></dt>
 		<dd><label><input type="radio" class="radio" name="type" value="full" id="type" checked="checked" /> {L_FULL_BACKUP}</label>
-			<label><input type="radio" name="type" class="radio" value="structure" /> {L_STRUCTURE_ONLY}</label>
 			<label><input type="radio" class="radio" name="type" value="data" /> {L_DATA_ONLY}</label></dd>
 	</dl>
 	<dl>

phpBB/adm/style/acp_inactive.html

@@ -45,7 +45,7 @@
 	</tr>
 <!-- BEGINELSE -->
 	<tr>
-		<td colspan="6" style="text-align: center;">{L_NO_INACTIVE_USERS}</td>
+		<td colspan="7" style="text-align: center;">{L_NO_INACTIVE_USERS}</td>
 	</tr>
 <!-- END inactive -->
 </tbody>

phpBB/adm/style/acp_main.html

@@ -78,6 +78,13 @@
 				<p>{L_ERROR_MBSTRING_HTTP_OUTPUT_EXPLAIN}</p>
 			</div>
 		<!-- ENDIF -->
+
+		{% if S_DEFAULT_CHARSET_FAIL %}
+			<div class="errorbox">
+				<h3>{{ lang('ERROR_DEFAULT_CHARSET') }}</h3>
+				<p>{{ lang('ERROR_DEFAULT_CHARSET_EXPLAIN') }}</p>
+			</div>
+		{% endif %}
 	<!-- ENDIF -->
 
 	<!-- IF S_WRITABLE_CONFIG -->

phpBB/adm/style/acp_styles.html

@@ -96,10 +96,10 @@
 	<thead>
 	<tr>
 		<th>{L_STYLE_NAME}</th>
-		<th width="10%" style="white-space: nowrap; text-align: center;">{{ lang('STYLE_VERSION') }}</th>
-		<th width="10%" style="white-space: nowrap; text-align: center;">{L_STYLE_PHPBB_VERSION}</th>
-		<!-- IF not STYLES_LIST_HIDE_COUNT --><th width="10%" style="white-space: nowrap; text-align: center;">{L_STYLE_USED_BY}</th><!-- ENDIF -->
-		<th width="25%" style="white-space: nowrap; text-align: center;">{L_ACTIONS}</th>
+		<th style="width: 10%; white-space: nowrap; text-align: center;">{{ lang('STYLE_VERSION') }}</th>
+		<th style="width: 10%; white-space: nowrap; text-align: center;">{L_STYLE_PHPBB_VERSION}</th>
+		<!-- IF not STYLES_LIST_HIDE_COUNT --><th style="width: 10%; white-space: nowrap; text-align: center;">{L_STYLE_USED_BY}</th><!-- ENDIF -->
+		<th style="width: 25%; white-space: nowrap; text-align: center;">{L_ACTIONS}</th>
 		{STYLES_LIST_EXTRA}
 		<th>&nbsp;</th>
 	</tr>
@@ -146,7 +146,7 @@
 			<!-- END actions -->
 		</td>
 		{styles_list.EXTRA}
-		<td class="{$ROW_CLASS} mark" width="20">
+		<td class="{$ROW_CLASS} mark" style="width: 20px;">
 			<!-- IF styles_list.STYLE_ID -->
 				{% if styles_list.STYLE_NAME !== 'prosilver' %}
 					<input class="checkbox" type="checkbox" name="ids[]" value="{styles_list.STYLE_ID}" />

phpBB/adm/style/admin.css

@@ -2738,4 +2738,29 @@ fieldset.permissions .padding {
 	height: 1em;
 	width: 1em;
 }
+
+.acp-icon {
+	font-size: 1.5em;
+}
 /* stylelint-enable declaration-property-unit-whitelist */
+
+.acp-icon-move-up,
+.acp-icon-move-down {
+	color: #4ba5de;
+}
+
+.acp-icon-settings {
+	color: #62c046;
+}
+
+.acp-icon-delete {
+	color: #d74558;
+}
+
+.acp-icon-resync {
+	color: #f69934;
+}
+
+.acp-icon-disabled {
+	color: #d0d0d0;
+}

phpBB/adm/style/admin.js

@@ -254,5 +254,10 @@ function parse_document(container)
 		});
 
 		$('#configlist').closest('.send-stats-data-row').addClass('send-stats-data-hidden');
+
+		// Do not underline actions icons on hover (could not be done via CSS)
+		$('.actions a:has(i.acp-icon)').mouseover(function () {
+			$(this).css("text-decoration", "none");
+		});
 	});
 })(jQuery);

phpBB/adm/style/captcha_qa_acp.html

@@ -2,7 +2,6 @@
 
 <a id="maincontent"></a>
 
-
 	<a href="<!-- IF U_LIST -->{U_LIST}<!-- ELSE -->{U_ACTION}<!-- ENDIF -->" style="float: {S_CONTENT_FLOW_END};">&laquo; {L_BACK}</a>
 
 	<h1>{L_QUESTIONS}</h1>
@@ -25,15 +24,18 @@
 		<td style="vertical-align: top; width: 50px; text-align: center; white-space: nowrap;">{L_ACTION}</td>
 	</tr>
 	</thead>
+
 	<tbody>
-	<!-- BEGIN questions -->
-	<tr>
-		<td style="text-align: left;">{questions.QUESTION_TEXT}</td>
-		<td style="text-align: center;">{questions.QUESTION_LANG}</td>
-		<td style="text-align: center;"><a href="{questions.U_EDIT}">{ICON_EDIT}</a>&nbsp;<a href="{questions.U_DELETE}">{ICON_DELETE}</a></td>
-	</tr>
-	<!-- END questions -->
+	{% for question in questions %}
+		<tr>
+			{# RTL is already managed by CSS #}
+			<td>{{ question.QUESTION_TEXT }}</td>
+			<td style="text-align: center;">{{ question.QUESTION_LANG }}</td>
+			<td style="text-align: center;"><a href="{{ question.U_EDIT }}">{{ ICON_EDIT }}</a> <a href="{{ question.U_DELETE }}">{{ ICON_DELETE }}</a></td>
+		</tr>
+	{% endfor %}
 	</tbody>
+
 	</table>
 	<fieldset class="quick">
 		<input class="button1" type="submit" name="add" value="{L_ADD}" />

phpBB/adm/style/installer_footer.html

@@ -23,7 +23,7 @@ installLang = {
 </script>
 
 <script src="{T_JQUERY_LINK}"></script>
-<!-- IF S_ALLOW_CDN --><script>window.jQuery || document.write('\x3Cscript src="{T_ASSETS_PATH}/javascript/jquery-3.5.1.min.js">\x3C/script>');</script><!-- ENDIF -->
+<!-- IF S_ALLOW_CDN --><script>window.jQuery || document.write('\x3Cscript src="{T_ASSETS_PATH}/javascript/jquery-3.6.0.min.js">\x3C/script>');</script><!-- ENDIF -->
 <script src="{T_ASSETS_PATH}/javascript/core.js?assets_version={T_ASSETS_VERSION}"></script>
 <!-- INCLUDEJS admin.js -->
 {$SCRIPTS}

phpBB/adm/style/overall_footer.html

@@ -24,7 +24,7 @@
 
 		<div id="phpbb_alert" class="phpbb_alert" data-l-err="{L_ERROR}" data-l-timeout-processing-req="{L_TIMEOUT_PROCESSING_REQ}">
 			<a href="#" class="alert_close"></a>
-			<h3 class="alert_title"></h3><p class="alert_text"></p>
+			<h3 class="alert_title">&nbsp;</h3><p class="alert_text"></p>
 		</div>
 		<div id="phpbb_confirm" class="phpbb_alert">
 			<a href="#" class="alert_close"></a>
@@ -34,7 +34,7 @@
 </div>
 
 <script src="{T_JQUERY_LINK}"></script>
-<!-- IF S_ALLOW_CDN --><script>window.jQuery || document.write('\x3Cscript src="{T_ASSETS_PATH}/javascript/jquery-3.5.1.min.js?assets_version={T_ASSETS_VERSION}">\x3C/script>');</script><!-- ENDIF -->
+<!-- IF S_ALLOW_CDN --><script>window.jQuery || document.write('\x3Cscript src="{T_ASSETS_PATH}/javascript/jquery-3.6.0.min.js?assets_version={T_ASSETS_VERSION}">\x3C/script>');</script><!-- ENDIF -->
 <script src="{T_ASSETS_PATH}/javascript/core.js?assets_version={T_ASSETS_VERSION}"></script>
 <!-- INCLUDEJS ajax.js -->
 <!-- INCLUDEJS admin.js -->

phpBB/adm/style/overall_header.html

@@ -12,10 +12,10 @@
 
 <script>
 // <![CDATA[
-var jump_page = '{LA_JUMP_PAGE}{L_COLON}';
-var on_page = '{CURRENT_PAGE}';
-var per_page = '{PER_PAGE}';
-var base_url = '{BASE_URL|e('js')}';
+var jump_page = "{{ lang_js('JUMP_PAGE') ~ lang_js('COLON') }}";
+var on_page = '{{ CURRENT_PAGE }}';
+var per_page = '{{ PER_PAGE }}';
+var base_url = "{{ BASE_URL|e('js') }}";
 
 /**
 * Jump to page

phpBB/adm/style/simple_footer.html

@@ -17,7 +17,7 @@
 </div>
 
 <script src="{T_JQUERY_LINK}"></script>
-<!-- IF S_ALLOW_CDN --><script>window.jQuery || document.write('\x3Cscript src="{T_ASSETS_PATH}/javascript/jquery-3.5.1.min.js?assets_version={T_ASSETS_VERSION}">\x3C/script>');</script><!-- ENDIF -->
+<!-- IF S_ALLOW_CDN --><script>window.jQuery || document.write('\x3Cscript src="{T_ASSETS_PATH}/javascript/jquery-3.6.0.min.js?assets_version={T_ASSETS_VERSION}">\x3C/script>');</script><!-- ENDIF -->
 <script src="{T_ASSETS_PATH}/javascript/core.js?assets_version={T_ASSETS_VERSION}"></script>
 
 <!-- EVENT acp_simple_footer_after -->

phpBB/composer.json

@@ -15,8 +15,9 @@
 	"support": {
 		"issues": "https://tracker.phpbb.com",
 		"forum": "https://www.phpbb.com/community/",
-		"wiki": "https://wiki.phpbb.com",
-		"irc": "irc://irc.freenode.org/phpbb"
+		"docs": "https://www.phpbb.com/support/docs/",
+		"irc": "irc://irc.libera.chat/phpbb",
+		"chat": "https://www.phpbb.com/support/chat/"
 	},
 	"scripts": {
 		"post-update-cmd": "echo 'You MUST manually modify the clean-vendor-dir target in build/build.xml when adding or upgrading dependencies.'"
@@ -29,11 +30,11 @@
 		"ext-json": "*",
 		"ext-mbstring": "*",
 		"bantu/ini-get-wrapper": "~1.0",
+		"composer/package-versions-deprecated": "^1.11",
 		"google/recaptcha": "~1.1",
 		"guzzlehttp/guzzle": "~6.3",
 		"lusitanian/oauth": "^0.8.1",
 		"marc1706/fast-image-size": "^1.1",
-		"patchwork/utf8": "^1.1",
 		"s9e/text-formatter": "^2.0",
 		"symfony/config": "~3.4",
 		"symfony/console": "~3.4",
@@ -44,7 +45,9 @@
 		"symfony/finder": "~3.4",
 		"symfony/http-foundation": "~3.4",
 		"symfony/http-kernel": "~3.4",
-		"symfony/polyfill-intl-idn": "~1.17.0",
+		"symfony/polyfill-intl-normalizer": "^1.23",
+		"symfony/polyfill-mbstring": "^1.23",
+		"symfony/polyfill-php72": "^1.23",
 		"symfony/process": "^3.4",
 		"symfony/proxy-manager-bridge": "~3.4",
 		"symfony/routing": "~3.4",

phpBB/config/default/container/services_text_reparser.yml

@@ -73,6 +73,7 @@ services:
         class: phpbb\textreparser\plugins\poll_option
         arguments:
             - '@dbal.conn'
+            - '%tables.poll_options%'
         calls:
             - [set_name, [poll_option]]
         tags:

phpBB/develop/create_schema_files.php

@@ -18,7 +18,7 @@
 * If you overwrite the original schema files please make sure you save the file with UNIX linefeeds.
 */
 
-$schema_path = dirname(__FILE__) . '/../install/schemas/';
+$schema_path = __DIR__ . '/../install/schemas/';
 $supported_dbms = array(
 	'mssql',
 	'mysql_41',
@@ -34,7 +34,7 @@ if (!is_writable($schema_path))
 }
 
 define('IN_PHPBB', true);
-$phpbb_root_path = dirname(__FILE__) . '/../';
+$phpbb_root_path = __DIR__ . '/../';
 $phpEx = substr(strrchr(__FILE__, '.'), 1);
 
 include($phpbb_root_path . 'vendor/autoload.php');

phpBB/develop/create_variable_overview.php

@@ -220,7 +220,7 @@ foreach ($files_to_parse as $file_num => $data)
 			{
 				$_var = str_replace(array('{', '}'), array('', ''), $var);
 				$lang_references[$_var][] = $data['single_filename'];
-				$lang_data .= '<li>' . $var . '<br>' . "\n" . ((isset($lang[$_var])) ? htmlspecialchars(str_replace("\\'", "'", $lang[$_var])) : '<span style="color:red">No Language Variable available</span>') . '<br></li><br>' . "\n";
+				$lang_data .= '<li>' . $var . '<br>' . "\n" . ((isset($lang[$_var])) ? htmlspecialchars(str_replace("\\'", "'", $lang[$_var]), ENT_COMPAT) : '<span style="color:red">No Language Variable available</span>') . '<br></li><br>' . "\n";
 			}
 		}
 		$lang_data .= '</ul>';

phpBB/develop/export_events_for_rst.php

@@ -0,0 +1,140 @@
+<?php
+/**
+*
+* This file is part of the phpBB Forum Software package.
+*
+* @copyright (c) phpBB Limited <https://www.phpbb.com>
+* @license GNU General Public License, version 2 (GPL-2.0)
+*
+* For full copyright and license information, please see
+* the docs/CREDITS.txt file.
+*
+*/
+
+if (php_sapi_name() != 'cli')
+{
+	die("This program must be run from the command line.\n");
+}
+
+$phpEx = substr(strrchr(__FILE__, '.'), 1);
+$phpbb_root_path = __DIR__ . '/../';
+define('IN_PHPBB', true);
+
+function usage()
+{
+	echo "Usage: export_events_for_rst.php COMMAND [VERSION] [EXTENSION]\n";
+	echo "\n";
+	echo "COMMAND:\n";
+	echo "    all:\n";
+	echo "        Generate the complete rst for the Event List\n";
+	echo "\n";
+	echo "    diff:\n";
+	echo "        Generate the Event Diff for the release highlights\n";
+	echo "\n";
+	echo "    php:\n";
+	echo "        Generate the PHP event section of Event_List\n";
+	echo "\n";
+	echo "    adm:\n";
+	echo "        Generate the ACP Template event section of Event_List\n";
+	echo "\n";
+	echo "    styles:\n";
+	echo "        Generate the Styles Template event section of Event_List\n";
+	echo "\n";
+	echo "VERSION (diff only):\n";
+	echo "    Filter events (minimum version)\n";
+	echo "\n";
+	echo "EXTENSION (Optional):\n";
+	echo "    If not given, only core events will be exported.\n";
+	echo "    Otherwise only events from the extension will be exported.\n";
+	echo "\n";
+	exit(2);
+}
+
+function validate_argument_count($arguments, $count)
+{
+	if ($arguments <= $count)
+	{
+		usage();
+	}
+}
+
+validate_argument_count($argc, 1);
+
+$action = $argv[1];
+$extension = isset($argv[2]) ? $argv[2] : null;
+$min_version = null;
+require __DIR__ . '/../phpbb/event/php_exporter.' . $phpEx;
+require __DIR__ . '/../phpbb/event/md_exporter.' . $phpEx;
+require __DIR__ . '/../phpbb/event/rst_exporter.' . $phpEx;
+require __DIR__ . '/../includes/functions.' . $phpEx;
+require __DIR__ . '/../phpbb/event/recursive_event_filter_iterator.' . $phpEx;
+require __DIR__ . '/../phpbb/recursive_dot_prefix_filter_iterator.' . $phpEx;
+
+switch ($action)
+{
+
+	case 'diff':
+		echo '== Event changes ==' . "\n";
+		echo "Event changes\n";
+		echo "=============\n\n";
+		$min_version = $extension;
+		$extension = isset($argv[3]) ? $argv[3] : null;
+
+	case 'all':
+		if ($action === 'all')
+		{
+			echo "==========================\n";
+			echo "Events List\n";
+			echo "==========================\n\n";
+		}
+
+
+	case 'php':
+		$exporter = new \phpbb\event\php_exporter($phpbb_root_path, $extension, $min_version);
+		$exporter->crawl_phpbb_directory_php();
+		echo $exporter->export_events_for_rst($action);
+
+		if ($action === 'php')
+		{
+			break;
+		}
+		echo "\n\n";
+		// no break;
+
+	case 'styles':
+		$exporter = new \phpbb\event\md_exporter($phpbb_root_path, $extension, $min_version);
+		if ($min_version && $action === 'diff')
+		{
+			$exporter->crawl_eventsmd('docs/events.md', 'styles');
+		}
+		else
+		{
+			$exporter->crawl_phpbb_directory_styles('docs/events.md');
+		}
+		echo $exporter->export_events_for_rst($action);
+
+		if ($action === 'styles')
+		{
+			break;
+		}
+		echo "\n\n";
+		// no break;
+
+	case 'adm':
+		$exporter = new \phpbb\event\md_exporter($phpbb_root_path, $extension, $min_version);
+		if ($min_version && $action === 'diff')
+		{
+			$exporter->crawl_eventsmd('docs/events.md', 'adm');
+		}
+		else
+		{
+			$exporter->crawl_phpbb_directory_adm('docs/events.md');
+		}
+		echo $exporter->export_events_for_rst($action);
+
+		echo "\n";
+	break;
+
+	default:
+		usage();
+}

phpBB/develop/imageset_to_css.php

@@ -290,7 +290,7 @@ function dump_code($code, $filename = 'file.txt')
 	$list = explode("\n", $code);
 	$height = 15 * count($list);
 	echo ' [ <a href="?download=', $hash, '">download</a> <a href="javascript:void(0);" onclick="document.getElementById(\'code-', $hash, '\').style.height = \'', $height, 'px\'; this.style.display = \'none\'; return false;">expand</a> ]<br />';
-	echo '<textarea id="code-', $hash, '" onfocus="this.select();" style="width: 98%; height: 200px;">', htmlspecialchars($code), '</textarea><br />';
+	echo '<textarea id="code-', $hash, '" onfocus="this.select();" style="width: 98%; height: 200px;">', htmlspecialchars($code, ENT_COMPAT), '</textarea><br />';
 }
 
 function css($list, $path = './', $bidi = false)

phpBB/develop/lang_duplicates.php

@@ -34,7 +34,7 @@ $mode = $request->variable('mode', '');
 $modules = find_modules($phpbb_root_path . 'language/en');
 
 $kkeys = $keys = array();
-$langdir = dirname(__FILE__);
+$langdir = __DIR__;
 
 if (isset($lang))
 {

phpBB/develop/namespacify.php

@@ -191,4 +191,3 @@ foreach ($iterator as $file)
 		file_put_contents($file->getPathname(), $code);
 	}
 }
-

phpBB/develop/repair_bots.php

@@ -2,7 +2,7 @@
 /**
 * Rebuild BOTS
 *
-* You should make a backup from your whole database. Things can and will go wrong. 
+* You should make a backup from your whole database. Things can and will go wrong.
 * This will only work if no BOTs were added.
 *
 */
@@ -24,10 +24,14 @@ $user->setup();
 
 $bots = array(
 	'AdsBot [Google]'			=> array('AdsBot-Google', ''),
+	'Ahrefs [Bot]'				=> array('AhrefsBot/', ''),
 	'Alexa [Bot]'				=> array('ia_archiver', ''),
 	'Alta Vista [Bot]'			=> array('Scooter/', ''),
+	'Amazon [Bot]'				=> array('Amazonbot/', ''),
 	'Ask Jeeves [Bot]'			=> array('Ask Jeeves', ''),
-	'Baidu [Spider]'			=> array('Baiduspider+(', ''),
+	'Baidu [Spider]'			=> array('Baiduspider', ''),
+	'Bing [Bot]'				=> array('bingbot/', ''),
+	'DuckDuckGo [Bot]'			=> array('DuckDuckBot/', ''),
 	'Exabot [Bot]'				=> array('Exabot/', ''),
 	'FAST Enterprise [Crawler]'	=> array('FAST Enterprise Crawler', ''),
 	'FAST WebCrawler [Crawler]'	=> array('FAST-WebCrawler/', ''),
@@ -41,7 +45,7 @@ $bots = array(
 	'Heritrix [Crawler]'		=> array('heritrix/1.', ''),
 	'IBM Research [Bot]'		=> array('ibm.com/cs/crawler', ''),
 	'ICCrawler - ICjobs'		=> array('ICCrawler - ICjobs', ''),
-	'ichiro [Crawler]'			=> array('ichiro/2', ''),
+	'ichiro [Crawler]'			=> array('ichiro/', ''),
 	'Majestic-12 [Bot]'			=> array('MJ12bot/', ''),
 	'Metager [Bot]'				=> array('MetagerBot/', ''),
 	'MSN NewsBlogs'				=> array('msnbot-NewsBlogs/', ''),
@@ -54,6 +58,7 @@ $bots = array(
 	'Online link [Validator]'	=> array('online link validator', ''),
 	'psbot [Picsearch]'			=> array('psbot/0', ''),
 	'Seekport [Bot]'			=> array('Seekbot/', ''),
+	'Semrush [Bot]'				=> array('SemrushBot/', ''),
 	'Sensis [Crawler]'			=> array('Sensis Web Crawler', ''),
 	'SEO Crawler'				=> array('SEO search Crawler/', ''),
 	'Seoma [Crawler]'			=> array('Seoma [SEO Crawler]', ''),
@@ -63,7 +68,7 @@ $bots = array(
 	'Synoo [Bot]'				=> array('SynooBot/', ''),
 	'Telekom [Bot]'				=> array('crawleradmin.t-info@telekom.de', ''),
 	'TurnitinBot [Bot]'			=> array('TurnitinBot/', ''),
-	'Voyager [Bot]'				=> array('voyager/1.0', ''),
+	'Voyager [Bot]'				=> array('voyager/', ''),
 	'W3 [Sitesearch]'			=> array('W3 SiteSearch Crawler', ''),
 	'W3C [Linkcheck]'			=> array('W3C-checklink/', ''),
 	'W3C [Validator]'			=> array('W3C_*Validator', ''),
@@ -74,7 +79,7 @@ $bots = array(
 	'Yahoo [Bot]'				=> array('Yahoo! Slurp', ''),
 	'YahooSeeker [Bot]'			=> array('YahooSeeker/', ''),
 );
-	
+
 $bot_ids = array();
 user_get_id_name($bot_ids, array_keys($bots), USER_IGNORE);
 foreach($bot_ids as $bot)

phpBB/docs/CHANGELOG.html

@@ -50,6 +50,11 @@
 <ol>
 	<li><a href="#changelog">Changelog</a>
 	<ul>
+		<li><a href="#v335rc1">Changes since 3.3.5-RC1</a></li>
+		<li><a href="#v334">Changes since 3.3.4</a></li>
+		<li><a href="#v334rc1">Changes since 3.3.4-RC1</a></li>
+		<li><a href="#v333">Changes since 3.3.3</a></li>
+		<li><a href="#v332">Changes since 3.3.2</a></li>
 		<li><a href="#v331">Changes since 3.3.1</a></li>
 		<li><a href="#v331rc1">Changes since 3.3.1-RC1</a></li>
 		<li><a href="#v330">Changes since 3.3.0</a></li>
@@ -153,6 +158,177 @@
 		<div class="inner">
 
 		<div class="content">
+			<a name="v335rc1"></a><h3>Changes since 3.3.5-RC1</h3>
+			<h4>Bug</h4>
+			<ul>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16878">PHPBB3-16878</a>] - Error in password_hash() with ARGON2 + Sodium &amp; threadcount &gt; 1</li>
+			</ul>
+			<h4>Hardening</h4>
+			<ul>
+				<li>[<a href="https://tracker.phpbb.com/browse/SECURITY-254">SECURITY-254</a>] - Disallow whitespace characters that might be invisible</li>
+			</ul>
+
+			<a name="v334"></a><h3>Changes since 3.3.4</h3>
+			<h4>Bug</h4>
+			<ul>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-12075">PHPBB3-12075</a>] - Language file Modules needs to be added to acp_extensions</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-13700">PHPBB3-13700</a>] - Column 'field_show_on_pm' not created before migration profilefield_interests</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16292">PHPBB3-16292</a>] - Database errors during conversion not propagated</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16570">PHPBB3-16570</a>] - Automatic updater no longer handles merge conflicts</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16657">PHPBB3-16657</a>] - Encoded characters inserted from live search for usernames</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16729">PHPBB3-16729</a>] - Unknown named parameter $log_data in phpbb/log/log.php</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16730">PHPBB3-16730</a>] - Build changelog throwing PHP warnings on no changes in version</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16749">PHPBB3-16749</a>] - SQL error on installation</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16757">PHPBB3-16757</a>] - RTL problem in random question text in ACP</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16765">PHPBB3-16765</a>] - contact_admin_acp_module migration lacks effectively_installed check</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16766">PHPBB3-16766</a>] - Updater only shows truncated error messages</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16767">PHPBB3-16767</a>] - Migrator shows wrong migration as missing if unfulfillable</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16770">PHPBB3-16770</a>] - Invalid position of static qualifier in 3.3.4 migration</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16772">PHPBB3-16772</a>] - Emoji not supported in email signature</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16773">PHPBB3-16773</a>] - PostgreSQL backups are missing constraint declarations</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16784">PHPBB3-16784</a>] - Ignore .vscode files in git</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16785">PHPBB3-16785</a>] - Latest release missing from previous versions in build.xml</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16787">PHPBB3-16787</a>] - Error message when &quot;fsockopen&quot; is deactivated</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16789">PHPBB3-16789</a>] - user_delete documentation incorrect</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16793">PHPBB3-16793</a>] - PHP Warning when checking topic/post attachment visibility in PHP 8</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16799">PHPBB3-16799</a>] - OAuth external account linking triggers fatal error on PHP 8</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16808">PHPBB3-16808</a>] - Container used before initialization causes error in PHP8</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16810">PHPBB3-16810</a>] - The no closing tag in Custom BBCodes is still shown onclick</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16812">PHPBB3-16812</a>] - login_body.html missing dt tag for autologin</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16823">PHPBB3-16823</a>] - Datetime class incorrectly handles edge yesterday/today/tomorrow cases</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16832">PHPBB3-16832</a>] - Wrong singular language shown in UCP attachments</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16865">PHPBB3-16865</a>] - Update IRC + discord links in composer and documentation and update docs</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16870">PHPBB3-16870</a>] - Setting float config value can fail with CLI db:migrate</li>
+			</ul>
+			<h4>Improvement</h4>
+			<ul>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-15729">PHPBB3-15729</a>] - Don't unnecessarily encode email headers in Base64</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-15925">PHPBB3-15925</a>] - Add core events for sync and mcp functions</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16138">PHPBB3-16138</a>] - Eliminate redundant f= and t= parameters from board urls</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16736">PHPBB3-16736</a>] - Enforce placement of visibility qualifiers after static</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16748">PHPBB3-16748</a>] - Update coding guidelines to place static after visibility qualifiers</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16752">PHPBB3-16752</a>] - Create event exporter to restructured text</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16754">PHPBB3-16754</a>] - Update doctum</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16771">PHPBB3-16771</a>] - Add core events to MCP</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16783">PHPBB3-16783</a>] - Remove structure only backup</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16788">PHPBB3-16788</a>] - Update s9e/text-formatter to latest</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16795">PHPBB3-16795</a>] - Add template events around signature in viewtopic</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16798">PHPBB3-16798</a>] - Scale down phpBB logo in readme</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16804">PHPBB3-16804</a>] - Extend bbcode help line tooltip</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16809">PHPBB3-16809</a>] - Reset UCP preferences at end of test</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16816">PHPBB3-16816</a>] - acp style html validation fixes</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16822">PHPBB3-16822</a>] - Replace patchwork/utf8 with symfony/polyfill</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16829">PHPBB3-16829</a>] - Add forumtitle and lastsubject text decoration hover</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16831">PHPBB3-16831</a>] - fix tabs missing delimiters and remove old commented classes</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16850">PHPBB3-16850</a>] - Update webfont.js to latest</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16851">PHPBB3-16851</a>] - Add Amazonbot, AhrefsBot and SemrushBot</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16858">PHPBB3-16858</a>] - Update to the latest version of jQuery 3.6.0</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16867">PHPBB3-16867</a>] - Update symfony and text-formatter to latest versions</li>
+			</ul>
+			<h4>New Feature</h4>
+			<ul>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16856">PHPBB3-16856</a>] - Add lang_js() function to twig as replacement for LA_</li>
+			</ul>
+			<h4>Task</h4>
+			<ul>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16769">PHPBB3-16769</a>] - Update composer to latest version</li>
+			</ul>
+
+			<a name="v334rc1"></a><h3>Changes since 3.3.4-RC1</h3>
+			<h4>Bug</h4>
+			<ul>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16735">PHPBB3-16735</a>] - Trying to access array offset on value of type bool</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16739">PHPBB3-16739</a>] - Wrong variable in report_pm.txt subject</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16740">PHPBB3-16740</a>] - Installation errors in php 8 when using postgresql</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16743">PHPBB3-16743</a>] - Properly check if TMP file exists - PHP 8</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16747">PHPBB3-16747</a>] - Typo in phpBB/language/en/email/post_in_queue.txt </li>
+			</ul>
+
+			<a name="v333"></a><h3>Changes since 3.3.3</h3>
+			<h4>Bug</h4>
+			<ul>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16655">PHPBB3-16655</a>] - Suppress &quot;you now also have to pass the CAPTCHA test&quot; message for invisible CAPTCHAs</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16685">PHPBB3-16685</a>] - SQL error in ACP if database name contains a dash</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16690">PHPBB3-16690</a>] - Changing default argument in htmlspecialchars* functions causes test fail</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16691">PHPBB3-16691</a>] - Illegal string offset 'username' on MCP PM report pages</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16696">PHPBB3-16696</a>] - Unsupported operand types in viewforum.php - PHP8</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16697">PHPBB3-16697</a>] - Unable to login after conversion from phpBB2</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16698">PHPBB3-16698</a>] - Check for default char set in includes/acp_main.php checks only for 'UTF-8'</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16705">PHPBB3-16705</a>] - File upload fails with PHP 8 - Error parsing server response</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16706">PHPBB3-16706</a>] - Undefined array key when user is banned</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16707">PHPBB3-16707</a>] - Disable unstable PHP 8.1 builds on Github Actions</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16719">PHPBB3-16719</a>] - PHP notice/warning on installation</li>
+			</ul>
+			<h4>Improvement</h4>
+			<ul>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-15392">PHPBB3-15392</a>] - Change dirname(__FILE__) to __DIR__ everywhere</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16589">PHPBB3-16589</a>] - Change wording of e-mail templates to decrease word count</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16620">PHPBB3-16620</a>] - Output short array syntax in dev:migration-tips</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16660">PHPBB3-16660</a>] - Remove or Rename &quot;Reset&quot; Button in &quot;Reset Password&quot; Dialogue </li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16681">PHPBB3-16681</a>] - Replace action icons with font icons</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16684">PHPBB3-16684</a>] - GitHub Actions should run on newly created tag and release branches</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16686">PHPBB3-16686</a>] - Simplify get_database_size() SQL query for PostgreSQL</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16689">PHPBB3-16689</a>] - Bitly oauth SQL error if identifier is null</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16709">PHPBB3-16709</a>] - Update s9e/text-formatter to latest release</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16710">PHPBB3-16710</a>] - Allow WEBP images in attachments</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16712">PHPBB3-16712</a>] - Implement thumbnails for WEBP images in attachments</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16724">PHPBB3-16724</a>] - Add some template events</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16725">PHPBB3-16725</a>] - Add MCP core event</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16728">PHPBB3-16728</a>] - Add search result template event</li>
+			</ul>
+			<h4>Task</h4>
+			<ul>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16726">PHPBB3-16726</a>] - Update composer packages to latest versions</li>
+			</ul>
+
+			<a name="v332"></a><h3>Changes since 3.3.2</h3>
+			<h4>Bug</h4>
+			<ul>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16178">PHPBB3-16178</a>] - Container_builder and Container don't use the same cache_dir when cache dir is overridden via env parameter</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16535">PHPBB3-16535</a>] - Migration from phpBB 2.0.x broken with MySQL 8.x</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16582">PHPBB3-16582</a>] - SQL error when saving profile with empty custom field of type &quot;Numbers&quot;</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16619">PHPBB3-16619</a>] - Spelling on non-existant</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16629">PHPBB3-16629</a>] - ACP get_database_size() fails on MySql 8.0.xx</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16630">PHPBB3-16630</a>] - Preserve the text manipulation API</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16640">PHPBB3-16640</a>] - MCP link not showing in menubar</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16641">PHPBB3-16641</a>] - Failure in config.php validation in ACP (Windows) - PHP 8</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16646">PHPBB3-16646</a>] - PHP fatal error while installing</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16648">PHPBB3-16648</a>] - &quot;Access to undeclared static property&quot; error on setExpectedTriggerError() tests</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16653">PHPBB3-16653</a>] - Recaptcha v3 - Request method is set even though that default isn't actually available</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16656">PHPBB3-16656</a>] - Outdated check in code for mbstring http_input &amp; output</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16665">PHPBB3-16665</a>] - Fix Emoji for strings in board settings + new event</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16666">PHPBB3-16666</a>] - Windows tests in github actions can't write file in postgres</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16667">PHPBB3-16667</a>] - Remove unused create_schema install task</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16670">PHPBB3-16670</a>] - OAuth provider unique secret and key check fails on PHP 8 </li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16673">PHPBB3-16673</a>] - Invalid Atom feed</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16677">PHPBB3-16677</a>] - Event handlers inside dropdown containers not working in mobile view</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16679">PHPBB3-16679</a>] - Login form should respect setting for &quot;Allow password reset&quot;</li>
+			</ul>
+			<h4>Improvement</h4>
+			<ul>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-15722">PHPBB3-15722</a>] - Allow forum topicrow pagination to use topicrow values</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16538">PHPBB3-16538</a>] - Add MySQL 8 tests</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16549">PHPBB3-16549</a>] - Use PHPUnit 9.3+ for PHP 8.0+ tests</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16606">PHPBB3-16606</a>] - UCP_PM_VIEWMESSAGE.HTML Event Request</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16607">PHPBB3-16607</a>] - Oracle DBAL driver uses obsoleted PHP OCI8 aliases and functions</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16617">PHPBB3-16617</a>] - Add events to modify content status variables</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16632">PHPBB3-16632</a>] - Update composer to version 2</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16636">PHPBB3-16636</a>] - Add PHP 8.0 builds to TravisCI</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16659">PHPBB3-16659</a>] - Use Github Actions instead of TravisCI and AppVeyor</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16661">PHPBB3-16661</a>] - Clean up github actions tasks after merge</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16675">PHPBB3-16675</a>] - Restore checking commit messages</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16676">PHPBB3-16676</a>] - Make Github actions cache composer dependendencies</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16678">PHPBB3-16678</a>] - Add support for Traits in code sniffer</li>
+			</ul>
+			<h4>New Feature</h4>
+			<ul>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-15951">PHPBB3-15951</a>] - Add core events to core.mcp_delete_topic_modify_*</li>
+			</ul>
+			<h4>Task</h4>
+			<ul>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16633">PHPBB3-16633</a>] - Update pull request template after end of life of 3.2</li>
+			</ul>
+
 			<a name="v331"></a><h3>Changes since 3.3.1</h3>
 			<h4>Bug</h4>
 			<ul>

phpBB/docs/CREDITS.txt

@@ -1,6 +1,6 @@
 /**
 *
-* phpBB © Copyright phpBB Limited 2003-2020
+* phpBB © Copyright phpBB Limited 2003-2021
 * https://www.phpbb.com
 *
 * phpBB is free software. You can redistribute it and/or modify it

phpBB/docs/README.html

@@ -204,7 +204,7 @@
 
 	<a name="irc"></a><h3>3.iv Internet Relay Chat</h3>
 
-	<p>Another place you may find help is our IRC channel. This operates on the Freenode IRC network, <a href="irc://irc.freenode.net">irc.freenode.net</a> and the channel is <em>#phpbb</em> and can be accessed by any decent IRC client such as mIRC, XChat, etc. Again, please do not abuse this service and be respectful of other users.</p>
+	<p>Another place you may find help is our IRC channel. This operates on the Libera IRC network, <a href="irc://irc.libera.chat">irc.libera.chat</a> and the channel is <em>#phpbb</em> and can be accessed by any decent IRC client such as mIRC, XChat, etc. Again, please do not abuse this service and be respectful of other users.</p>
 
 	<p>There are other IRC channels available, please see <a href="https://www.phpbb.com/support/irc/">https://www.phpbb.com/support/irc/</a> for the complete list.</p>
 

phpBB/docs/coding-guidelines.html

@@ -718,18 +718,18 @@ switch ($mode)
 	<h4>Class Members</h4>
 	<p>Use the explicit visibility qualifiers <code>public</code>, <code>private</code> and <code>protected</code> for all properties instead of <code>var</code>.
 
-	<p>Place the <code>static</code> qualifier before the visibility qualifiers.</p>
+	<p>Place the <code>static</code> qualifier after the visibility qualifiers.</p>
 
 	<p class="bad">//Wrong </p>
 	<div class="codebox"><pre>
 var $x;
-private static function f()</pre>
+static private function f()</pre>
 	</div>
 
 	<p class="good">// Right </p>
 	<div class="codebox"><pre>
 public $x;
-static private function f()</pre>
+private static function f()</pre>
 	</div>
 
 	<h4>Constants</h4>

phpBB/docs/events.md

@@ -986,6 +986,34 @@ mcp_forum_actions_before
 * Since: 3.1.11-RC1
 * Purpose: Add some information before actions fieldset
 
+mcp_forum_last_post_author_username_append
+===
+* Locations:
+    + styles/prosilver/template/mcp_forum.html (2)
+* Since: 3.3.4-RC1
+* Purpose: Append information to last post author username of member
+
+mcp_forum_last_post_author_username_prepend
+===
+* Locations:
+    + styles/prosilver/template/mcp_forum.html (2)
+* Since: 3.3.4-RC1
+* Purpose: Prepend information to last post author username of member
+
+mcp_forum_topic_author_username_append
+===
+* Locations:
+    + styles/prosilver/template/mcp_forum.html
+* Since: 3.3.4-RC1
+* Purpose: Append information to topic author username of member
+
+mcp_forum_topic_author_username_prepend
+===
+* Locations:
+    + styles/prosilver/template/mcp_forum.html
+* Since: 3.3.4-RC1
+* Purpose: Prepend information to topic author username of member
+
 mcp_forum_topic_title_after
 ===
 * Locations:
@@ -2237,6 +2265,13 @@ search_results_header_before
 * Since: 3.1.4-RC1
 * Purpose: Add content before the header of the search results.
 
+search_results_jumpbox_before
+===
+* Locations:
+    + styles/prosilver/template/search_results.html
+* Since: 3.3.4-RC1
+* Purpose: Add content before the jumpbox of the search results.
+
 search_results_last_post_author_username_append
 ===
 * Locations:
@@ -2279,6 +2314,13 @@ search_results_post_before
 * Since: 3.1.0-b3
 * Purpose: Add data before search result posts
 
+search_results_post_subject_before
+===
+* Locations:
+    + styles/prosilver/template/search_results.html
+* Since: 3.3.4-RC1
+* Purpose: Add data before search result posts subject
+
 search_results_postprofile_after
 ===
 * Locations:
@@ -2328,6 +2370,20 @@ search_results_topic_before
 * Since: 3.1.0-b4
 * Purpose: Add data before search result topics
 
+search_results_topic_header_lastpost_after
+===
+* Locations:
+    + styles/prosilver/template/search_results.html
+* Since: 3.3.4-RC1
+* Purpose: Add header column(s) after `lastpost` column in search result topics
+
+search_results_topic_row_lastpost_after
+===
+* Locations:
+    + styles/prosilver/template/search_results.html
+* Since: 3.3.4-RC1
+* Purpose: Add data column(s) after `lastpost` column in search result topics
+
 search_results_topic_title_after
 ===
 * Locations:
@@ -2562,6 +2618,20 @@ ucp_pm_history_row_message_author_username_prepend
 * Since: 3.2.8-RC1
 * Purpose: Prepend information to message author username of member
 
+ucp_pm_viewmessage_author_full_after
+===
+* Locations:
+    + styles/prosilver/template/ucp_pm_viewmessage.html
+* Since: 3.3.3-RC1
+* Purpose: Add content right after the message author when viewing a private message
+
+ucp_pm_viewmessage_author_full_before
+===
+* Locations:
+    + styles/prosilver/template/ucp_pm_viewmessage.html
+* Since: 3.3.3-RC1
+* Purpose: Add content right before the message author when viewing a private message
+
 ucp_pm_viewmessage_avatar_after
 ===
 * Locations:
@@ -3289,6 +3359,20 @@ viewtopic_body_postrow_rank_before
 * Purpose: Add data before the rank on the user profile when viewing
 a post
 
+viewtopic_body_postrow_signature_after
+===
+* Locations:
+    + styles/prosilver/template/viewtopic_body.html
+* Since: 3.3.5-RC1
+* Purpose: Add content after the signature
+
+viewtopic_body_postrow_signature_before
+===
+* Locations:
+    + styles/prosilver/template/viewtopic_body.html
+* Since: 3.3.5-RC1
+* Purpose: Add content before the signature
+
 viewtopic_body_topic_actions_before
 ===
 * Locations:

phpBB/download/file.php

@@ -220,7 +220,7 @@ else
 		{
 			phpbb_download_handle_forum_auth($db, $auth, $attachment['topic_id']);
 
-			$sql = 'SELECT forum_id, post_visibility
+			$sql = 'SELECT forum_id, poster_id, post_visibility
 				FROM ' . POSTS_TABLE . '
 				WHERE post_id = ' . (int) $attachment['post_msg_id'];
 			$result = $db->sql_query($sql);

phpBB/includes/acp/acp_attachments.php

@@ -759,7 +759,7 @@ class acp_attachments
 									continue;
 								}
 
-								$filename_list .= '<option value="' . htmlspecialchars($img) . '"' . $selected . '>' . htmlspecialchars($img) . '</option>';
+								$filename_list .= '<option value="' . htmlspecialchars($img, ENT_COMPAT) . '"' . $selected . '>' . htmlspecialchars($img, ENT_COMPAT) . '</option>';
 							}
 						}
 
@@ -1278,7 +1278,7 @@ class acp_attachments
 
 						'S_IN_MESSAGE'		=> (bool) $row['in_message'],
 
-						'U_VIEW_TOPIC'		=> append_sid("{$phpbb_root_path}viewtopic.$phpEx", "t={$row['topic_id']}&amp;p={$row['post_msg_id']}") . "#p{$row['post_msg_id']}",
+						'U_VIEW_TOPIC'		=> append_sid("{$phpbb_root_path}viewtopic.$phpEx", "p={$row['post_msg_id']}") . "#p{$row['post_msg_id']}",
 						'U_FILE'			=> append_sid($phpbb_root_path . 'download/file.' . $phpEx, 'mode=view&amp;id=' . $row['attach_id']))
 					);
 				}

phpBB/includes/acp/acp_bbcodes.php

@@ -62,7 +62,7 @@ class acp_bbcodes
 				}
 
 				$bbcode_match = $row['bbcode_match'];
-				$bbcode_tpl = htmlspecialchars($row['bbcode_tpl']);
+				$bbcode_tpl = htmlspecialchars($row['bbcode_tpl'], ENT_COMPAT);
 				$display_on_posting = $row['display_on_posting'];
 				$bbcode_helpline = $row['bbcode_helpline'];
 			break;
@@ -86,7 +86,7 @@ class acp_bbcodes
 				$display_on_posting = $request->variable('display_on_posting', 0);
 
 				$bbcode_match = $request->variable('bbcode_match', '');
-				$bbcode_tpl = htmlspecialchars_decode($request->variable('bbcode_tpl', '', true));
+				$bbcode_tpl = htmlspecialchars_decode($request->variable('bbcode_tpl', '', true), ENT_COMPAT);
 				$bbcode_helpline = $request->variable('bbcode_helpline', '', true);
 			break;
 		}
@@ -235,7 +235,7 @@ class acp_bbcodes
 						trigger_error($user->lang['BBCODE_TAG_DEF_TOO_LONG'] . adm_back_link($this->u_action), E_USER_WARNING);
 					}
 
-					if (strlen($bbcode_helpline) > 255)
+					if (strlen($bbcode_helpline) > 3000)
 					{
 						trigger_error($user->lang['BBCODE_HELPLINE_TOO_LONG'] . adm_back_link($this->u_action), E_USER_WARNING);
 					}
@@ -334,7 +334,7 @@ class acp_bbcodes
 						'action'				=> $action,
 						'bbcode'				=> $bbcode_id,
 						'bbcode_match'			=> $bbcode_match,
-						'bbcode_tpl'			=> htmlspecialchars($bbcode_tpl),
+						'bbcode_tpl'			=> htmlspecialchars($bbcode_tpl, ENT_COMPAT),
 						'bbcode_helpline'		=> $bbcode_helpline,
 						'display_on_posting'	=> $display_on_posting,
 						)))

phpBB/includes/acp/acp_board.php

@@ -582,7 +582,38 @@ class acp_board
 					continue;
 				}
 
-				$config->set($config_name, $config_value);
+				// Array of emoji-enabled configurations
+				$config_name_ary = [
+					'sitename',
+					'site_desc',
+					'site_home_text',
+					'board_index_text',
+					'board_disable_msg',
+					'board_email_sig',
+				];
+
+				/**
+				 * Event to manage the array of emoji-enabled configurations
+				 *
+				 * @event core.acp_board_config_emoji_enabled
+				 * @var array	config_name_ary		Array of config names to process
+				 * @since 3.3.3-RC1
+				 */
+				$vars = ['config_name_ary'];
+				extract($phpbb_dispatcher->trigger_event('core.acp_board_config_emoji_enabled', compact($vars)));
+
+				if (in_array($config_name, $config_name_ary))
+				{
+					/**
+					 * Replace Emojis and other 4bit UTF-8 chars not allowed by MySQL to UCR/NCR.
+					 * Using their Numeric Character Reference's Hexadecimal notation.
+					 */
+					$config->set($config_name, utf8_encode_ucr($config_value));
+				}
+				else
+				{
+					$config->set($config_name, $config_value);
+				}
 
 				if ($config_name == 'allow_quick_reply' && isset($_POST['allow_quick_reply_enable']))
 				{
@@ -658,7 +689,7 @@ class acp_board
 			if ($submit && (($cfg_array['auth_method'] != $this->new_config['auth_method']) || $updated_auth_settings))
 			{
 				$method = basename($cfg_array['auth_method']);
-				if (array_key_exists('auth.provider.' . $method, $auth_providers))
+				if (array_key_exists('auth.provider.' . $method, (array) $auth_providers))
 				{
 					$provider = $auth_providers['auth.provider.' . $method];
 					if ($error = $provider->init())
@@ -689,8 +720,8 @@ class acp_board
 				$messenger->set_addresses($user->data);
 				$messenger->anti_abuse_headers($config, $user);
 				$messenger->assign_vars(array(
-					'USERNAME'	=> htmlspecialchars_decode($user->data['username']),
-					'MESSAGE'	=> htmlspecialchars_decode($request->variable('send_test_email_text', '', true)),
+					'USERNAME'	=> htmlspecialchars_decode($user->data['username'], ENT_COMPAT),
+					'MESSAGE'	=> htmlspecialchars_decode($request->variable('send_test_email_text', '', true), ENT_COMPAT),
 				));
 				$messenger->send(NOTIFY_EMAIL);
 

phpBB/includes/acp/acp_database.php

@@ -69,20 +69,6 @@ class acp_database
 							trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING);
 						}
 
-						$store = true;
-						$structure = false;
-						$schema_data = false;
-
-						if ($type == 'full' || $type == 'structure')
-						{
-							$structure = true;
-						}
-
-						if ($type == 'full' || $type == 'data')
-						{
-							$schema_data = true;
-						}
-
 						@set_time_limit(1200);
 						@set_time_limit(0);
 
@@ -92,14 +78,14 @@ class acp_database
 
 						/** @var phpbb\db\extractor\extractor_interface $extractor Database extractor */
 						$extractor = $phpbb_container->get('dbal.extractor');
-						$extractor->init_extractor($format, $filename, $time, false, $store);
+						$extractor->init_extractor($format, $filename, $time, false, true);
 
 						$extractor->write_start($table_prefix);
 
 						foreach ($table as $table_name)
 						{
 							// Get the table structure
-							if ($structure)
+							if ($type == 'full')
 							{
 								$extractor->write_table($table_name);
 							}
@@ -123,15 +109,11 @@ class acp_database
 
 									default:
 										$extractor->flush('TRUNCATE TABLE ' . $table_name . ";\n");
-									break;
 								}
 							}
 
-							// Data
-							if ($schema_data)
-							{
-								$extractor->write_data($table_name);
-							}
+							// Only supported types are full and data, therefore always write the data
+							$extractor->write_data($table_name);
 						}
 
 						$extractor->write_end();

phpBB/includes/acp/acp_email.php

@@ -205,7 +205,7 @@ class acp_email
 				$email_template = 'admin_send_email';
 				$template_data = array(
 					'CONTACT_EMAIL' => phpbb_get_board_contact($config, $phpEx),
-					'MESSAGE'		=> htmlspecialchars_decode($message),
+					'MESSAGE'		=> htmlspecialchars_decode($message, ENT_COMPAT),
 				);
 				$generate_log_entry = true;
 
@@ -252,7 +252,7 @@ class acp_email
 
 					$messenger->anti_abuse_headers($config, $user);
 
-					$messenger->subject(htmlspecialchars_decode($subject));
+					$messenger->subject(htmlspecialchars_decode($subject, ENT_COMPAT));
 					$messenger->set_mail_priority($priority);
 
 					$messenger->assign_vars($template_data);

phpBB/includes/acp/acp_extensions.php

@@ -53,7 +53,7 @@ class acp_extensions
 		$this->phpbb_container = $phpbb_container;
 		$this->php_ini = $this->phpbb_container->get('php_ini');
 
-		$this->user->add_lang(array('install', 'acp/extensions', 'migrator'));
+		$this->user->add_lang(array('install', 'acp/extensions', 'acp/modules', 'migrator'));
 
 		$this->page_title = 'ACP_EXTENSIONS';
 

phpBB/includes/acp/acp_help_phpbb.php

@@ -90,7 +90,7 @@ class acp_help_phpbb
 
 			if (!empty($response))
 			{
-				$decoded_response = json_decode(htmlspecialchars_decode($response), true);
+				$decoded_response = json_decode(htmlspecialchars_decode($response, ENT_COMPAT), true);
 
 				if ($decoded_response && isset($decoded_response['status']) && $decoded_response['status'] == 'ok')
 				{
@@ -126,7 +126,7 @@ class acp_help_phpbb
 			}
 
 			$template->assign_block_vars('providers', array(
-				'NAME'	=> htmlspecialchars($provider),
+				'NAME'	=> htmlspecialchars($provider, ENT_COMPAT),
 			));
 
 			foreach ($data as $key => $value)

phpBB/includes/acp/acp_icons.php

@@ -693,7 +693,7 @@ class acp_icons
 
 					foreach ($_paks as $pak)
 					{
-						$pak_options .= '<option value="' . $pak . '">' . htmlspecialchars($pak) . '</option>';
+						$pak_options .= '<option value="' . $pak . '">' . htmlspecialchars($pak, ENT_COMPAT) . '</option>';
 					}
 
 					$template->assign_vars(array(

phpBB/includes/acp/acp_inactive.php

@@ -130,7 +130,7 @@ class acp_inactive
 								$messenger->anti_abuse_headers($config, $user);
 
 								$messenger->assign_vars(array(
-									'USERNAME'	=> htmlspecialchars_decode($row['username']))
+									'USERNAME'	=> htmlspecialchars_decode($row['username'], ENT_COMPAT))
 								);
 
 								$messenger->send(NOTIFY_EMAIL);
@@ -224,7 +224,7 @@ class acp_inactive
 							$messenger->anti_abuse_headers($config, $user);
 
 							$messenger->assign_vars(array(
-								'USERNAME'		=> htmlspecialchars_decode($row['username']),
+								'USERNAME'		=> htmlspecialchars_decode($row['username'], ENT_COMPAT),
 								'REGISTER_DATE'	=> $user->format_date($row['user_regdate'], false, true),
 								'U_ACTIVATE'	=> generate_board_url() . "/ucp.$phpEx?mode=activate&u=" . $row['user_id'] . '&k=' . $row['user_actkey'])
 							);

phpBB/includes/acp/acp_language.php

@@ -274,7 +274,7 @@ class acp_language
 
 				$lang_pack = array(
 					'iso'		=> $lang_iso,
-					'name'		=> trim(htmlspecialchars($file[0])),
+					'name'		=> trim(htmlspecialchars($file[0], ENT_COMPAT)),
 					'local_name'=> trim(htmlspecialchars($file[1], ENT_COMPAT, 'UTF-8')),
 					'author'	=> trim(htmlspecialchars($file[2], ENT_COMPAT, 'UTF-8'))
 				);
@@ -420,7 +420,7 @@ class acp_language
 			foreach ($new_ary as $iso => $lang_ary)
 			{
 				$template->assign_block_vars('notinst', array(
-					'ISO'			=> htmlspecialchars($lang_ary['iso']),
+					'ISO'			=> htmlspecialchars($lang_ary['iso'], ENT_COMPAT),
 					'LOCAL_NAME'	=> htmlspecialchars($lang_ary['local_name'], ENT_COMPAT, 'UTF-8'),
 					'NAME'			=> htmlspecialchars($lang_ary['name'], ENT_COMPAT, 'UTF-8'),
 					'U_INSTALL'		=> $this->u_action . '&action=install&iso=' . urlencode($lang_ary['iso']) . '&hash=' . generate_link_hash('acp_language'))

phpBB/includes/acp/acp_logs.php

@@ -108,7 +108,7 @@ class acp_logs
 		$sql_sort = $sort_by_sql[$sort_key] . ' ' . (($sort_dir == 'd') ? 'DESC' : 'ASC');
 
 		$keywords = $request->variable('keywords', '', true);
-		$keywords_param = !empty($keywords) ? '&keywords=' . urlencode(htmlspecialchars_decode($keywords)) : '';
+		$keywords_param = !empty($keywords) ? '&keywords=' . urlencode(htmlspecialchars_decode($keywords, ENT_COMPAT)) : '';
 
 		$l_title = $user->lang['ACP_' . strtoupper($mode) . '_LOGS'];
 		$l_title_explain = $user->lang['ACP_' . strtoupper($mode) . '_LOGS_EXPLAIN'];

phpBB/includes/acp/acp_main.php

@@ -679,26 +679,33 @@ class acp_main
 			}
 		}
 
-		if (!defined('PHPBB_DISABLE_CONFIG_CHECK') && file_exists($phpbb_root_path . 'config.' . $phpEx) && $phpbb_filesystem->is_writable($phpbb_root_path . 'config.' . $phpEx))
+		if (!defined('PHPBB_DISABLE_CONFIG_CHECK'))
 		{
 			// World-Writable? (000x)
 			$template->assign_var('S_WRITABLE_CONFIG', (bool) (@fileperms($phpbb_root_path . 'config.' . $phpEx) & 0x0002));
 		}
 
-		$this->php_ini = $phpbb_container->get('php_ini');
-		$func_overload = $this->php_ini->getNumeric('mbstring.func_overload');
-		$encoding_translation = $this->php_ini->getString('mbstring.encoding_translation');
-		$http_input = $this->php_ini->getString('mbstring.http_input');
-		$http_output = $this->php_ini->getString('mbstring.http_output');
+		$this->php_ini			= $phpbb_container->get('php_ini');
+		$func_overload			= $this->php_ini->getNumeric('mbstring.func_overload');
+		$encoding_translation	= $this->php_ini->getString('mbstring.encoding_translation');
+		$http_input				= $this->php_ini->getString('mbstring.http_input');
+		$http_output			= $this->php_ini->getString('mbstring.http_output');
+		$default_charset		= $this->php_ini->getString('default_charset');
+
 		if (extension_loaded('mbstring'))
 		{
-			$template->assign_vars(array(
+			/**
+			 * “mbstring.http_input” and “mbstring.http_output” are deprecated as of PHP 5.6.0
+			 * @link https://www.php.net/manual/mbstring.configuration.php#ini.mbstring.http-input
+			 */
+			$template->assign_vars([
 				'S_MBSTRING_LOADED'						=> true,
 				'S_MBSTRING_FUNC_OVERLOAD_FAIL'			=> $func_overload && ($func_overload & (MB_OVERLOAD_MAIL | MB_OVERLOAD_STRING)),
 				'S_MBSTRING_ENCODING_TRANSLATION_FAIL'	=> $encoding_translation && ($encoding_translation != 0),
-				'S_MBSTRING_HTTP_INPUT_FAIL'			=> $http_input && !in_array($http_input, array('pass', '')),
-				'S_MBSTRING_HTTP_OUTPUT_FAIL'			=> $http_output && !in_array($http_output, array('pass', '')),
-			));
+				'S_MBSTRING_HTTP_INPUT_FAIL'			=> !empty($http_input),
+				'S_MBSTRING_HTTP_OUTPUT_FAIL'			=> !empty($http_output),
+				'S_DEFAULT_CHARSET_FAIL'				=> $default_charset !== null && strtolower($default_charset) !== 'utf-8',
+			]);
 		}
 
 		// Fill dbms version if not yet filled

phpBB/includes/acp/acp_ranks.php

@@ -70,7 +70,7 @@ class acp_ranks
 					'rank_title'		=> $rank_title,
 					'rank_special'		=> $special_rank,
 					'rank_min'			=> $min_posts,
-					'rank_image'		=> htmlspecialchars_decode($rank_image)
+					'rank_image'		=> htmlspecialchars_decode($rank_image, ENT_COMPAT)
 				);
 
 				/**
@@ -206,7 +206,7 @@ class acp_ranks
 							continue;
 						}
 
-						$filename_list .= '<option value="' . htmlspecialchars($img) . '"' . $selected . '>' . $img . ((in_array($img, $existing_imgs)) ? ' ' . $user->lang['RANK_IMAGE_IN_USE'] : '') . '</option>';
+						$filename_list .= '<option value="' . htmlspecialchars($img, ENT_COMPAT) . '"' . $selected . '>' . $img . ((in_array($img, $existing_imgs)) ? ' ' . $user->lang['RANK_IMAGE_IN_USE'] : '') . '</option>';
 					}
 				}
 
@@ -221,7 +221,7 @@ class acp_ranks
 
 					'RANK_TITLE'		=> (isset($ranks['rank_title'])) ? $ranks['rank_title'] : '',
 					'S_FILENAME_LIST'	=> $filename_list,
-					'RANK_IMAGE'		=> ($edit_img) ? $phpbb_root_path . $config['ranks_path'] . '/' . $edit_img : htmlspecialchars($phpbb_admin_path) . 'images/spacer.gif',
+					'RANK_IMAGE'		=> ($edit_img) ? $phpbb_root_path . $config['ranks_path'] . '/' . $edit_img : htmlspecialchars($phpbb_admin_path, ENT_COMPAT) . 'images/spacer.gif',
 					'S_SPECIAL_RANK'	=> (isset($ranks['rank_special']) && $ranks['rank_special']) ? true : false,
 					'MIN_POSTS'			=> (isset($ranks['rank_min']) && !$ranks['rank_special']) ? $ranks['rank_min'] : 0,
 				);

phpBB/includes/acp/acp_styles.php

@@ -205,7 +205,7 @@ class acp_styles
 		{
 			if (in_array($dir, $this->reserved_style_names))
 			{
-				$messages[] = $this->user->lang('STYLE_NAME_RESERVED', htmlspecialchars($dir));
+				$messages[] = $this->user->lang('STYLE_NAME_RESERVED', htmlspecialchars($dir, ENT_COMPAT));
 				continue;
 			}
 
@@ -225,12 +225,12 @@ class acp_styles
 					$found = true;
 					$installed_names[] = $style['style_name'];
 					$installed_dirs[] = $style['style_path'];
-					$messages[] = sprintf($this->user->lang['STYLE_INSTALLED'], htmlspecialchars($style['style_name']));
+					$messages[] = sprintf($this->user->lang['STYLE_INSTALLED'], htmlspecialchars($style['style_name'], ENT_COMPAT));
 				}
 			}
 			if (!$found)
 			{
-				$messages[] = sprintf($this->user->lang['STYLE_NOT_INSTALLED'], htmlspecialchars($dir));
+				$messages[] = sprintf($this->user->lang['STYLE_NOT_INSTALLED'], htmlspecialchars($dir, ENT_COMPAT));
 			}
 		}
 
@@ -598,7 +598,7 @@ class acp_styles
 		{
 			$this->template->assign_block_vars('parent_styles', array(
 				'STYLE_ID'		=> $row['style_id'],
-				'STYLE_NAME'	=> htmlspecialchars($row['style_name']),
+				'STYLE_NAME'	=> htmlspecialchars($row['style_name'], ENT_COMPAT),
 				'LEVEL'			=> $row['level'],
 				'SPACER'		=> str_repeat('  ', $row['level']),
 				)
@@ -609,9 +609,9 @@ class acp_styles
 		$this->template->assign_vars(array(
 			'S_STYLE_DETAILS'	=> true,
 			'STYLE_ID'			=> $style['style_id'],
-			'STYLE_NAME'		=> htmlspecialchars($style['style_name']),
-			'STYLE_PATH'		=> htmlspecialchars($style['style_path']),
-			'STYLE_VERSION'		=> htmlspecialchars($style_cfg['style_version']),
+			'STYLE_NAME'		=> htmlspecialchars($style['style_name'], ENT_COMPAT),
+			'STYLE_PATH'		=> htmlspecialchars($style['style_path'], ENT_COMPAT),
+			'STYLE_VERSION'		=> htmlspecialchars($style_cfg['style_version'], ENT_COMPAT),
 			'STYLE_COPYRIGHT'	=> strip_tags($style['style_copyright']),
 			'STYLE_PARENT'		=> $style['style_parent_id'],
 			'S_STYLE_ACTIVE'	=> $style['style_active'],
@@ -657,7 +657,7 @@ class acp_styles
 		{
 			if (empty($style['_shown']))
 			{
-				$style['_note'] = sprintf($this->user->lang['REQUIRES_STYLE'], htmlspecialchars($style['style_parent_tree']));
+				$style['_note'] = sprintf($this->user->lang['REQUIRES_STYLE'], htmlspecialchars($style['style_parent_tree'], ENT_COMPAT));
 				$this->list_style($style, 0);
 			}
 		}
@@ -826,7 +826,7 @@ class acp_styles
 				{
 					// Parent style is not installed yet
 					$style['_available'] = false;
-					$style['_note'] = sprintf($this->user->lang['REQUIRES_STYLE'], htmlspecialchars($parent));
+					$style['_note'] = sprintf($this->user->lang['REQUIRES_STYLE'], htmlspecialchars($parent, ENT_COMPAT));
 				}
 			}
 
@@ -966,10 +966,10 @@ class acp_styles
 		$row = array(
 			// Style data
 			'STYLE_ID'				=> $style['style_id'],
-			'STYLE_NAME'			=> htmlspecialchars($style['style_name']),
+			'STYLE_NAME'			=> htmlspecialchars($style['style_name'], ENT_COMPAT),
 			'STYLE_VERSION'			=> $style_cfg['style_version'] ?? '-',
 			'STYLE_PHPBB_VERSION'	=> $style_cfg['phpbb_version'],
-			'STYLE_PATH'			=> htmlspecialchars($style['style_path']),
+			'STYLE_PATH'			=> htmlspecialchars($style['style_path'], ENT_COMPAT),
 			'STYLE_COPYRIGHT'		=> strip_tags($style['style_copyright']),
 			'STYLE_ACTIVE'			=> $style['style_active'],
 
@@ -979,7 +979,7 @@ class acp_styles
 			'LEVEL'				=> $level,
 			'PADDING'			=> (4 + 16 * $level),
 			'SHOW_COPYRIGHT'	=> ($style['style_id']) ? false : true,
-			'STYLE_PATH_FULL'	=> htmlspecialchars($this->styles_path_absolute . '/' . $style['style_path']) . '/',
+			'STYLE_PATH_FULL'	=> htmlspecialchars($this->styles_path_absolute . '/' . $style['style_path'], ENT_COMPAT) . '/',
 
 			// Comment to show below style
 			'COMMENT'		=> (isset($style['_note'])) ? $style['_note'] : '',

phpBB/includes/acp/acp_users.php

@@ -402,8 +402,8 @@ class acp_users
 								$messenger->anti_abuse_headers($config, $user);
 
 								$messenger->assign_vars(array(
-									'WELCOME_MSG'	=> htmlspecialchars_decode(sprintf($user->lang['WELCOME_SUBJECT'], $config['sitename'])),
-									'USERNAME'		=> htmlspecialchars_decode($user_row['username']),
+									'WELCOME_MSG'	=> htmlspecialchars_decode(sprintf($user->lang['WELCOME_SUBJECT'], $config['sitename']), ENT_COMPAT),
+									'USERNAME'		=> htmlspecialchars_decode($user_row['username'], ENT_COMPAT),
 									'U_ACTIVATE'	=> "$server_url/ucp.$phpEx?mode=activate&u={$user_row['user_id']}&k=$user_actkey")
 								);
 
@@ -466,7 +466,7 @@ class acp_users
 									$messenger->anti_abuse_headers($config, $user);
 
 									$messenger->assign_vars(array(
-										'USERNAME'	=> htmlspecialchars_decode($user_row['username']))
+										'USERNAME'	=> htmlspecialchars_decode($user_row['username'], ENT_COMPAT))
 									);
 
 									$messenger->send(NOTIFY_EMAIL);
@@ -2277,7 +2277,7 @@ class acp_users
 					}
 					else
 					{
-						$view_topic = append_sid("{$phpbb_root_path}viewtopic.$phpEx", "t={$row['topic_id']}&p={$row['post_msg_id']}") . '#p' . $row['post_msg_id'];
+						$view_topic = append_sid("{$phpbb_root_path}viewtopic.$phpEx", "p={$row['post_msg_id']}") . '#p' . $row['post_msg_id'];
 					}
 
 					$template->assign_block_vars('attach', array(

phpBB/includes/acp/auth.php

@@ -488,7 +488,7 @@ class auth_admin extends \phpbb\auth\auth
 
 					if ($s_role_options)
 					{
-						$s_role_options = '<option value="0"' . ((!$current_role_id) ? ' selected="selected"' : '') . ' title="' . htmlspecialchars($user->lang['NO_ROLE_ASSIGNED_EXPLAIN']) . '">' . $user->lang['NO_ROLE_ASSIGNED'] . '</option>' . $s_role_options;
+						$s_role_options = '<option value="0"' . ((!$current_role_id) ? ' selected="selected"' : '') . ' title="' . htmlspecialchars($user->lang['NO_ROLE_ASSIGNED_EXPLAIN'], ENT_COMPAT) . '">' . $user->lang['NO_ROLE_ASSIGNED'] . '</option>' . $s_role_options;
 					}
 
 					if (!$current_role_id && $mode != 'view')
@@ -585,7 +585,7 @@ class auth_admin extends \phpbb\auth\auth
 
 					if ($s_role_options)
 					{
-						$s_role_options = '<option value="0"' . ((!$current_role_id) ? ' selected="selected"' : '') . ' title="' . htmlspecialchars($user->lang['NO_ROLE_ASSIGNED_EXPLAIN']) . '">' . $user->lang['NO_ROLE_ASSIGNED'] . '</option>' . $s_role_options;
+						$s_role_options = '<option value="0"' . ((!$current_role_id) ? ' selected="selected"' : '') . ' title="' . htmlspecialchars($user->lang['NO_ROLE_ASSIGNED_EXPLAIN'], ENT_COMPAT) . '">' . $user->lang['NO_ROLE_ASSIGNED'] . '</option>' . $s_role_options;
 					}
 
 					if (!$current_role_id && $mode != 'view')

phpBB/includes/constants.php

@@ -28,7 +28,7 @@ if (!defined('IN_PHPBB'))
 */
 
 // phpBB Version
-@define('PHPBB_VERSION', '3.3.2');
+@define('PHPBB_VERSION', '3.3.5');
 
 // QA-related
 // define('PHPBB_QA', 1);
@@ -247,7 +247,10 @@ define('BANLIST_TABLE',				$table_prefix . 'banlist');
 define('BBCODES_TABLE',				$table_prefix . 'bbcodes');
 define('BOOKMARKS_TABLE',			$table_prefix . 'bookmarks');
 define('BOTS_TABLE',				$table_prefix . 'bots');
-@define('CONFIG_TABLE',				$table_prefix . 'config');
+if (!defined('CONFIG_TABLE'))
+{
+	define('CONFIG_TABLE',			$table_prefix . 'config');
+}
 define('CONFIG_TEXT_TABLE',			$table_prefix . 'config_text');
 define('CONFIRM_TABLE',				$table_prefix . 'confirm');
 define('DISALLOW_TABLE',			$table_prefix . 'disallow');

phpBB/includes/diff/renderer.php

@@ -322,17 +322,17 @@ class diff_renderer_unified extends diff_renderer
 
 	function _context($lines)
 	{
-		return '<pre class="diff context">' . htmlspecialchars($this->_lines($lines, ' ')) . '<br /></pre>';
+		return '<pre class="diff context">' . htmlspecialchars($this->_lines($lines, ' '), ENT_COMPAT) . '<br /></pre>';
 	}
 
 	function _added($lines)
 	{
-		return '<pre class="diff added">' . htmlspecialchars($this->_lines($lines, '+')) . '<br /></pre>';
+		return '<pre class="diff added">' . htmlspecialchars($this->_lines($lines, '+'), ENT_COMPAT) . '<br /></pre>';
 	}
 
 	function _deleted($lines)
 	{
-		return '<pre class="diff removed">' . htmlspecialchars($this->_lines($lines, '-')) . '<br /></pre>';
+		return '<pre class="diff removed">' . htmlspecialchars($this->_lines($lines, '-'), ENT_COMPAT) . '<br /></pre>';
 	}
 
 	function _changed($orig, $final)
@@ -519,7 +519,7 @@ class diff_renderer_inline extends diff_renderer
 
 	function _encode(&$string)
 	{
-		$string = htmlspecialchars($string);
+		$string = htmlspecialchars($string, ENT_COMPAT);
 	}
 }
 
@@ -539,7 +539,7 @@ class diff_renderer_raw extends diff_renderer
 	*/
 	function get_diff_content($diff)
 	{
-		return '<textarea style="height: 290px;" rows="15" cols="76" class="full">' . htmlspecialchars($this->render($diff)) . '</textarea>';
+		return '<textarea style="height: 290px;" rows="15" cols="76" class="full">' . htmlspecialchars($this->render($diff), ENT_COMPAT) . '</textarea>';
 	}
 
 	function _block_header($xbeg, $xlen, $ybeg, $ylen)
@@ -649,7 +649,7 @@ class diff_renderer_side_by_side extends diff_renderer
 
 							foreach ($change['lines'] as $_line)
 							{
-								$line .= htmlspecialchars($_line) . '<br />';
+								$line .= htmlspecialchars($_line, ENT_COMPAT) . '<br />';
 							}
 
 							$output .= '<tr><td class="added_empty">&nbsp;</td><td class="added"><pre>' . ((strlen($line)) ? $line : '&nbsp;') . '<br /></pre></td></tr>';
@@ -660,14 +660,14 @@ class diff_renderer_side_by_side extends diff_renderer
 
 							foreach ($change['lines'] as $_line)
 							{
-								$line .= htmlspecialchars($_line) . '<br />';
+								$line .= htmlspecialchars($_line, ENT_COMPAT) . '<br />';
 							}
 
 							$output .= '<tr><td class="removed"><pre>' . ((strlen($line)) ? $line : '&nbsp;') . '<br /></pre></td><td class="removed_empty">&nbsp;</td></tr>';
 						break;
 
 						case 'empty':
-							$current_context .= htmlspecialchars($change['line']) . '<br />';
+							$current_context .= htmlspecialchars($change['line'], ENT_COMPAT) . '<br />';
 						break;
 
 						case 'change':
@@ -678,9 +678,9 @@ class diff_renderer_side_by_side extends diff_renderer
 
 							for ($row = 0, $row_max = max($oldsize, $newsize); $row < $row_max; ++$row)
 							{
-								$left .= isset($change['old'][$row]) ? htmlspecialchars($change['old'][$row]) : '';
+								$left .= isset($change['old'][$row]) ? htmlspecialchars($change['old'][$row], ENT_COMPAT) : '';
 								$left .= '<br />';
-								$right .= isset($change['new'][$row]) ? htmlspecialchars($change['new'][$row]) : '';
+								$right .= isset($change['new'][$row]) ? htmlspecialchars($change['new'][$row], ENT_COMPAT) : '';
 								$right .= '<br />';
 							}
 

phpBB/includes/functions.php

@@ -1075,7 +1075,7 @@ function get_complete_topic_tracking($forum_id, $topic_ids, $global_announce_lis
 * @param string $sql_limit		Limits the size of unread topics list, 0 for unlimited query
 * @param string $sql_limit_offset  Sets the offset of the first row to search, 0 to search from the start
 *
-* @return array[int][int]		Topic ids as keys, mark_time of topic as value
+* @return int[]		Topic ids as keys, mark_time of topic as value
 */
 function get_unread_topics($user_id = false, $sql_extra = '', $sql_sort = '', $sql_limit = 1001, $sql_limit_offset = 0)
 {
@@ -1464,10 +1464,9 @@ function tracking_unserialize($string, $max_depth = 3)
 * @return string The corrected url.
 *
 * Examples:
-* <code>
-* append_sid("{$phpbb_root_path}viewtopic.$phpEx?t=1&amp;f=2");
-* append_sid("{$phpbb_root_path}viewtopic.$phpEx", 't=1&amp;f=2');
-* append_sid("{$phpbb_root_path}viewtopic.$phpEx", 't=1&f=2', false);
+* <code> append_sid("{$phpbb_root_path}viewtopic.$phpEx?t=1");
+* append_sid("{$phpbb_root_path}viewtopic.$phpEx", 't=1');
+* append_sid("{$phpbb_root_path}viewtopic.$phpEx", 't=1', false);
 * append_sid("{$phpbb_root_path}viewtopic.$phpEx", array('t' => 1, 'f' => 2));
 * </code>
 *
@@ -2484,7 +2483,7 @@ function login_box($redirect = '', $l_explain = '', $l_success = '', $admin = fa
 		'LOGIN_ERROR'		=> $err,
 		'LOGIN_EXPLAIN'		=> $l_explain,
 
-		'U_SEND_PASSWORD' 		=> ($config['email_enable']) ? $controller_helper->route('phpbb_ucp_forgot_password_controller') : '',
+		'U_SEND_PASSWORD' 		=> ($config['email_enable'] && $config['allow_password_reset']) ? $controller_helper->route('phpbb_ucp_forgot_password_controller') : '',
 		'U_RESEND_ACTIVATION'	=> ($config['require_activation'] == USER_ACTIVATION_SELF && $config['email_enable']) ? append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=resend_act') : '',
 		'U_TERMS_USE'			=> append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=terms'),
 		'U_PRIVACY'				=> append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=privacy'),
@@ -2703,7 +2702,7 @@ function parse_cfg_file($filename, $lines = false)
 		}
 
 		// Determine first occurrence, since in values the equal sign is allowed
-		$key = htmlspecialchars(strtolower(trim(substr($line, 0, $delim_pos))));
+		$key = htmlspecialchars(strtolower(trim(substr($line, 0, $delim_pos))), ENT_COMPAT);
 		$value = trim(substr($line, $delim_pos + 1));
 
 		if (in_array($value, array('off', 'false', '0')))
@@ -2720,11 +2719,11 @@ function parse_cfg_file($filename, $lines = false)
 		}
 		else if (($value[0] == "'" && $value[strlen($value) - 1] == "'") || ($value[0] == '"' && $value[strlen($value) - 1] == '"'))
 		{
-			$value = htmlspecialchars(substr($value, 1, strlen($value)-2));
+			$value = htmlspecialchars(substr($value, 1, strlen($value)-2), ENT_COMPAT);
 		}
 		else
 		{
-			$value = htmlspecialchars($value);
+			$value = htmlspecialchars($value, ENT_COMPAT);
 		}
 
 		$parsed_items[$key] = $value;
@@ -2757,7 +2756,7 @@ function get_backtrace()
 	foreach ($backtrace as $trace)
 	{
 		// Strip the current directory from path
-		$trace['file'] = (empty($trace['file'])) ? '(not given by php)' : htmlspecialchars(phpbb_filter_root_path($trace['file']));
+		$trace['file'] = (empty($trace['file'])) ? '(not given by php)' : htmlspecialchars(phpbb_filter_root_path($trace['file']), ENT_COMPAT);
 		$trace['line'] = (empty($trace['line'])) ? '(not given by php)' : $trace['line'];
 
 		// Only show function arguments for include etc.
@@ -2765,7 +2764,7 @@ function get_backtrace()
 		$argument = '';
 		if (!empty($trace['args'][0]) && in_array($trace['function'], array('include', 'require', 'include_once', 'require_once')))
 		{
-			$argument = htmlspecialchars(phpbb_filter_root_path($trace['args'][0]));
+			$argument = htmlspecialchars(phpbb_filter_root_path($trace['args'][0]), ENT_COMPAT);
 		}
 
 		$trace['class'] = (!isset($trace['class'])) ? '' : $trace['class'];
@@ -2775,7 +2774,7 @@ function get_backtrace()
 		$output .= '<b>FILE:</b> ' . $trace['file'] . '<br />';
 		$output .= '<b>LINE:</b> ' . ((!empty($trace['line'])) ? $trace['line'] : '') . '<br />';
 
-		$output .= '<b>CALL:</b> ' . htmlspecialchars($trace['class'] . $trace['type'] . $trace['function']);
+		$output .= '<b>CALL:</b> ' . htmlspecialchars($trace['class'] . $trace['type'] . $trace['function'], ENT_COMPAT);
 		$output .= '(' . (($argument !== '') ? "'$argument'" : '') . ')<br />';
 	}
 	$output .= '</div>';
@@ -2996,7 +2995,7 @@ function msg_handler($errno, $msg_text, $errfile, $errline)
 
 			// Check the error reporting level and return if the error level does not match
 			// If DEBUG is defined the default level is E_ALL
-			if (($errno & ($phpbb_container->getParameter('debug.show_errors') ? E_ALL : error_reporting())) == 0)
+			if (($errno & ($phpbb_container != null && $phpbb_container->getParameter('debug.show_errors') ? E_ALL : error_reporting())) == 0)
 			{
 				return;
 			}
@@ -3240,12 +3239,12 @@ function phpbb_filter_root_path($errfile)
 	{
 		if ($phpbb_filesystem)
 		{
-			$root_path = $phpbb_filesystem->realpath(dirname(__FILE__) . '/../');
+			$root_path = $phpbb_filesystem->realpath(__DIR__ . '/../');
 		}
 		else
 		{
 			$filesystem = new \phpbb\filesystem\filesystem();
-			$root_path = $filesystem->realpath(dirname(__FILE__) . '/../');
+			$root_path = $filesystem->realpath(__DIR__ . '/../');
 		}
 	}
 
@@ -4049,7 +4048,7 @@ function page_header($page_title = '', $display_online_list = false, $item_id =
 		'S_ENABLE_FEEDS_TOPICS_ACTIVE'	=> ($config['feed_topics_active']) ? true : false,
 		'S_ENABLE_FEEDS_NEWS'		=> ($s_feed_news) ? true : false,
 
-		'S_LOAD_UNREADS'			=> ($config['load_unreads_search'] && ($config['load_anon_lastread'] || $user->data['is_registered'])) ? true : false,
+		'S_LOAD_UNREADS'			=> (bool) $config['load_unreads_search'] && ($config['load_anon_lastread'] || !empty($user->data['is_registered'])),
 
 		'S_SEARCH_HIDDEN_FIELDS'	=> build_hidden_fields($s_search_hidden_fields),
 
@@ -4070,7 +4069,7 @@ function page_header($page_title = '', $display_online_list = false, $item_id =
 
 		'T_FONT_AWESOME_LINK'	=> !empty($config['allow_cdn']) && !empty($config['load_font_awesome_url']) ? $config['load_font_awesome_url'] : "{$web_path}assets/css/font-awesome.min.css?assets_version=" . $config['assets_version'],
 
-		'T_JQUERY_LINK'			=> !empty($config['allow_cdn']) && !empty($config['load_jquery_url']) ? $config['load_jquery_url'] : "{$web_path}assets/javascript/jquery-3.5.1.min.js?assets_version=" . $config['assets_version'],
+		'T_JQUERY_LINK'			=> !empty($config['allow_cdn']) && !empty($config['load_jquery_url']) ? $config['load_jquery_url'] : "{$web_path}assets/javascript/jquery-3.6.0.min.js?assets_version=" . $config['assets_version'],
 		'S_ALLOW_CDN'			=> !empty($config['allow_cdn']),
 		'S_COOKIE_NOTICE'		=> !empty($config['cookie_notice']),
 
@@ -4405,6 +4404,6 @@ function phpbb_get_board_contact_link(\phpbb\config\config $config, $phpbb_root_
 	}
 	else
 	{
-		return 'mailto:' . htmlspecialchars($config['board_contact']);
+		return 'mailto:' . htmlspecialchars($config['board_contact'], ENT_COMPAT);
 	}
 }

phpBB/includes/functions_acp.php

@@ -93,16 +93,16 @@ function adm_page_header($page_title)
 
 		'T_ASSETS_VERSION'		=> $config['assets_version'],
 
-		'ICON_MOVE_UP'				=> '<img src="' . htmlspecialchars($phpbb_admin_path) . 'images/icon_up.gif" alt="' . $user->lang['MOVE_UP'] . '" title="' . $user->lang['MOVE_UP'] . '" />',
-		'ICON_MOVE_UP_DISABLED'		=> '<img src="' . htmlspecialchars($phpbb_admin_path) . 'images/icon_up_disabled.gif" alt="' . $user->lang['MOVE_UP'] . '" title="' . $user->lang['MOVE_UP'] . '" />',
-		'ICON_MOVE_DOWN'			=> '<img src="' . htmlspecialchars($phpbb_admin_path) . 'images/icon_down.gif" alt="' . $user->lang['MOVE_DOWN'] . '" title="' . $user->lang['MOVE_DOWN'] . '" />',
-		'ICON_MOVE_DOWN_DISABLED'	=> '<img src="' . htmlspecialchars($phpbb_admin_path) . 'images/icon_down_disabled.gif" alt="' . $user->lang['MOVE_DOWN'] . '" title="' . $user->lang['MOVE_DOWN'] . '" />',
-		'ICON_EDIT'					=> '<img src="' . htmlspecialchars($phpbb_admin_path) . 'images/icon_edit.gif" alt="' . $user->lang['EDIT'] . '" title="' . $user->lang['EDIT'] . '" />',
-		'ICON_EDIT_DISABLED'		=> '<img src="' . htmlspecialchars($phpbb_admin_path) . 'images/icon_edit_disabled.gif" alt="' . $user->lang['EDIT'] . '" title="' . $user->lang['EDIT'] . '" />',
-		'ICON_DELETE'				=> '<img src="' . htmlspecialchars($phpbb_admin_path) . 'images/icon_delete.gif" alt="' . $user->lang['DELETE'] . '" title="' . $user->lang['DELETE'] . '" />',
-		'ICON_DELETE_DISABLED'		=> '<img src="' . htmlspecialchars($phpbb_admin_path) . 'images/icon_delete_disabled.gif" alt="' . $user->lang['DELETE'] . '" title="' . $user->lang['DELETE'] . '" />',
-		'ICON_SYNC'					=> '<img src="' . htmlspecialchars($phpbb_admin_path) . 'images/icon_sync.gif" alt="' . $user->lang['RESYNC'] . '" title="' . $user->lang['RESYNC'] . '" />',
-		'ICON_SYNC_DISABLED'		=> '<img src="' . htmlspecialchars($phpbb_admin_path) . 'images/icon_sync_disabled.gif" alt="' . $user->lang['RESYNC'] . '" title="' . $user->lang['RESYNC'] . '" />',
+		'ICON_MOVE_UP'				=> '<i class="icon acp-icon acp-icon-move-up fa-arrow-circle-up fa-fw" title="' . $user->lang('MOVE_UP') . '"></i>',
+		'ICON_MOVE_UP_DISABLED'		=> '<i class="icon acp-icon acp-icon-disabled fa-arrow-circle-up fa-fw" title="' . $user->lang('MOVE_UP') . '"></i>',
+		'ICON_MOVE_DOWN'			=> '<i class="icon acp-icon acp-icon-move-down fa-arrow-circle-down fa-fw" title="' . $user->lang('MOVE_DOWN') . '"></i>',
+		'ICON_MOVE_DOWN_DISABLED'	=> '<i class="icon acp-icon acp-icon-disabled fa-arrow-circle-down fa-fw" title="' . $user->lang('MOVE_DOWN') . '"></i>',
+		'ICON_EDIT'					=> '<i class="icon acp-icon acp-icon-settings fa-cog fa-fw" title="' . $user->lang('EDIT') . '"></i>',
+		'ICON_EDIT_DISABLED'		=> '<i class="icon acp-icon acp-icon-disabled fa-cog fa-fw" title="' . $user->lang('EDIT') . '"></i>',
+		'ICON_DELETE'				=> '<i class="icon acp-icon acp-icon-delete fa-times-circle fa-fw" title="' . $user->lang('DELETE') . '"></i>',
+		'ICON_DELETE_DISABLED'		=> '<i class="icon acp-icon acp-icon-disabled fa-times-circle fa-fw" title="' . $user->lang('DELETE') . '"></i>',
+		'ICON_SYNC'					=> '<i class="icon acp-icon acp-icon-resync fa-refresh fa-fw" title="' . $user->lang('RESYNC') . '"></i>',
+		'ICON_SYNC_DISABLED'		=> '<i class="icon acp-icon acp-icon-disabled fa-refresh fa-fw" title="' . $user->lang('RESYNC') . '"></i>',
 
 		'S_USER_LANG'			=> $user->lang['USER_LANG'],
 		'S_CONTENT_DIRECTION'	=> $user->lang['DIRECTION'],
@@ -178,7 +178,7 @@ function adm_page_footer($copyright_html = true)
 		'TRANSLATION_INFO'	=> (!empty($user->lang['TRANSLATION_INFO'])) ? $user->lang['TRANSLATION_INFO'] : '',
 		'S_COPYRIGHT_HTML'	=> $copyright_html,
 		'CREDIT_LINE'		=> $user->lang('POWERED_BY', '<a href="https://www.phpbb.com/">phpBB</a>&reg; Forum Software &copy; phpBB Limited'),
-		'T_JQUERY_LINK'		=> !empty($config['allow_cdn']) && !empty($config['load_jquery_url']) ? $config['load_jquery_url'] : "{$phpbb_root_path}assets/javascript/jquery-3.5.1.min.js",
+		'T_JQUERY_LINK'		=> !empty($config['allow_cdn']) && !empty($config['load_jquery_url']) ? $config['load_jquery_url'] : "{$phpbb_root_path}assets/javascript/jquery-3.6.0.min.js",
 		'S_ALLOW_CDN'		=> !empty($config['allow_cdn']),
 		'VERSION'			=> $config['version'])
 	);

phpBB/includes/functions_admin.php

@@ -1324,7 +1324,7 @@ function update_posted_info(&$topic_ids)
 */
 function sync($mode, $where_type = '', $where_ids = '', $resync_parents = false, $sync_extra = false)
 {
-	global $db;
+	global $db, $phpbb_dispatcher;
 
 	if (is_array($where_ids))
 	{
@@ -1826,11 +1826,26 @@ function sync($mode, $where_type = '', $where_ids = '', $resync_parents = false,
 			// 5: Retrieve last_post infos
 			if (count($post_ids))
 			{
-				$sql = 'SELECT p.post_id, p.poster_id, p.post_subject, p.post_time, p.post_username, u.username, u.user_colour
-					FROM ' . POSTS_TABLE . ' p, ' . USERS_TABLE . ' u
-					WHERE ' . $db->sql_in_set('p.post_id', $post_ids) . '
-						AND p.poster_id = u.user_id';
-				$result = $db->sql_query($sql);
+				$sql_ary = array(
+					'SELECT'	=> 'p.post_id, p.poster_id, p.post_subject, p.post_time, p.post_username, u.username, u.user_colour',
+					'FROM'		=> array(
+						POSTS_TABLE	=> 'p',
+						USERS_TABLE => 'u',
+					),
+					'WHERE'		=> $db->sql_in_set('p.post_id', $post_ids) . '
+						AND p.poster_id = u.user_id',
+				);
+
+				/**
+				* Event to modify the SQL array to get the post and user data from all forums' last posts
+				*
+				* @event core.sync_forum_last_post_info_sql
+				* @var	array	sql_ary		SQL array with some post and user data from the last posts list
+				* @since 3.3.5-RC1
+				*/
+				$vars = ['sql_ary'];
+				extract($phpbb_dispatcher->trigger_event('core.sync_forum_last_post_info_sql', compact($vars)));
+				$result = $db->sql_query($db->sql_build_query('SELECT', $sql_ary));
 
 				while ($row = $db->sql_fetchrow($result))
 				{
@@ -1862,7 +1877,6 @@ function sync($mode, $where_type = '', $where_ids = '', $resync_parents = false,
 						}
 					}
 				}
-				unset($post_info);
 			}
 
 			// 6: Now do that thing
@@ -1873,6 +1887,23 @@ function sync($mode, $where_type = '', $where_ids = '', $resync_parents = false,
 				array_push($fieldnames, 'posts_approved', 'posts_unapproved', 'posts_softdeleted', 'topics_approved', 'topics_unapproved', 'topics_softdeleted');
 			}
 
+			/**
+			* Event to modify the SQL array to get the post and user data from all forums' last posts
+			*
+			* @event core.sync_modify_forum_data
+			* @var	array	forum_data		Array with data to update for all forum ids
+			* @var	array	post_info		Array with some post and user data from the last posts list
+			* @var	array	fieldnames		Array with the partial column names that are being updated
+			* @since 3.3.5-RC1
+			*/
+			$vars = [
+				'forum_data',
+				'post_info',
+				'fieldnames',
+			];
+			extract($phpbb_dispatcher->trigger_event('core.sync_modify_forum_data', compact($vars)));
+			unset($post_info);
+
 			foreach ($forum_data as $forum_id => $row)
 			{
 				$sql_ary = array();
@@ -2041,11 +2072,31 @@ function sync($mode, $where_type = '', $where_ids = '', $resync_parents = false,
 				unset($delete_topics, $delete_topic_ids);
 			}
 
-			$sql = 'SELECT p.post_id, p.topic_id, p.post_visibility, p.poster_id, p.post_subject, p.post_username, p.post_time, u.username, u.user_colour
-				FROM ' . POSTS_TABLE . ' p, ' . USERS_TABLE . ' u
-				WHERE ' . $db->sql_in_set('p.post_id', $post_ids) . '
-					AND u.user_id = p.poster_id';
-			$result = $db->sql_query($sql);
+			$sql_ary = array(
+				'SELECT'	=> 'p.post_id, p.topic_id, p.post_visibility, p.poster_id, p.post_subject, p.post_username, p.post_time, u.username, u.user_colour',
+				'FROM'		=> array(
+					POSTS_TABLE	=> 'p',
+					USERS_TABLE => 'u',
+				),
+				'WHERE'		=> $db->sql_in_set('p.post_id', $post_ids) . '
+					AND u.user_id = p.poster_id',
+			);
+
+			$custom_fieldnames = [];
+			/**
+			* Event to modify the SQL array to get the post and user data from all topics' last posts
+			*
+			* @event core.sync_topic_last_post_info_sql
+			* @var	array	sql_ary					SQL array with some post and user data from the last posts list
+			* @var	array	custom_fieldnames		Empty array for custom fieldnames to update the topics_table with
+			* @since 3.3.5-RC1
+			*/
+			$vars = [
+				'sql_ary',
+				'custom_fieldnames',
+			];
+			extract($phpbb_dispatcher->trigger_event('core.sync_topic_last_post_info_sql', compact($vars)));
+			$result = $db->sql_query($db->sql_build_query('SELECT', $sql_ary));
 
 			while ($row = $db->sql_fetchrow($result))
 			{
@@ -2067,6 +2118,22 @@ function sync($mode, $where_type = '', $where_ids = '', $resync_parents = false,
 					$topic_data[$topic_id]['last_poster_name'] = ($row['poster_id'] == ANONYMOUS) ? $row['post_username'] : $row['username'];
 					$topic_data[$topic_id]['last_poster_colour'] = $row['user_colour'];
 				}
+
+				/**
+				* Event to modify the topic_data when syncing topics
+				*
+				* @event core.sync_modify_topic_data
+				* @var	array	topic_data		Array with the topics' data we are syncing
+				* @var	array	row				Array with some of the current user and post data
+				* @var	int		topic_id		The current topic_id of $row
+				* @since 3.3.5-RC1
+				*/
+				$vars = [
+					'topic_data',
+					'row',
+					'topic_id',
+				];
+				extract($phpbb_dispatcher->trigger_event('core.sync_modify_topic_data', compact($vars)));
 			}
 			$db->sql_freeresult($result);
 
@@ -2182,6 +2249,10 @@ function sync($mode, $where_type = '', $where_ids = '', $resync_parents = false,
 			// These are fields that will be synchronised
 			$fieldnames = array('time', 'visibility', 'posts_approved', 'posts_unapproved', 'posts_softdeleted', 'poster', 'first_post_id', 'first_poster_name', 'first_poster_colour', 'last_post_id', 'last_post_subject', 'last_post_time', 'last_poster_id', 'last_poster_name', 'last_poster_colour');
 
+			// Add custom fieldnames
+			$fieldnames = array_merge($fieldnames, $custom_fieldnames);
+			unset($custom_fieldnames);
+
 			if ($sync_extra)
 			{
 				// This routine assumes that post_reported values are correct
@@ -2418,7 +2489,7 @@ function auto_prune($forum_id, $prune_mode, $prune_flags, $prune_days, $prune_fr
 * must be carried through for the moderators table.
 *
 * @param \phpbb\db\driver\driver_interface $db Database connection
-* @param \phpbb\cache\driver\driver_interface Cache driver
+* @param \phpbb\cache\driver\driver_interface $cache Cache driver
 * @param \phpbb\auth\auth $auth Authentication object
 * @return null
 */
@@ -2605,7 +2676,7 @@ function phpbb_cache_moderators($db, $cache, $auth)
 * @param	mixed	$forum_id		Restrict the log entries to the given forum_id (can also be an array of forum_ids)
 * @param	int		$topic_id		Restrict the log entries to the given topic_id
 * @param	int		$user_id		Restrict the log entries to the given user_id
-* @param	int		$log_time		Only get log entries newer than the given timestamp
+* @param	int		$limit_days		Only get log entries newer than the given timestamp
 * @param	string	$sort_by		SQL order option, e.g. 'l.log_time DESC'
 * @param	string	$keywords		Will only return log entries that have the keywords in log_operation or log_data
 *
@@ -2832,56 +2903,36 @@ function view_warned_users(&$users, &$user_count, $limit = 0, $offset = 0, $limi
 
 /**
 * Get database size
-* Currently only mysql and mssql are supported
 */
 function get_database_size()
 {
-	global $db, $user, $table_prefix;
+	global $db, $user;
 
 	$database_size = false;
 
-	// This code is heavily influenced by a similar routine in phpMyAdmin 2.2.0
 	switch ($db->get_sql_layer())
 	{
 		case 'mysqli':
-			$sql = 'SELECT VERSION() AS mysql_version';
-			$result = $db->sql_query($sql);
-			$row = $db->sql_fetchrow($result);
-			$db->sql_freeresult($result);
+			$mysql_engine	= ['MyISAM', 'InnoDB', 'Aria'];
+			$db_name		= $db->get_db_name();
+			$database_size	= 0;
 
-			if ($row)
+			$sql = 'SHOW TABLE STATUS
+				FROM ' . $db->sql_quote($db_name);
+			$result = $db->sql_query($sql, 7200);
+
+			while ($row = $db->sql_fetchrow($result))
 			{
-				$version = $row['mysql_version'];
-
-				if (preg_match('#(3\.23|[45]\.|10\.[0-9]\.[0-9]{1,2}-+Maria)#', $version))
+				if (isset($row['Engine']) && in_array($row['Engine'], $mysql_engine))
 				{
-					$db_name = (preg_match('#^(?:3\.23\.(?:[6-9]|[1-9]{2}))|[45]\.|10\.[0-9]\.[0-9]{1,2}-+Maria#', $version)) ? "`{$db->get_db_name()}`" : $db->get_db_name();
-
-					$sql = 'SHOW TABLE STATUS
-						FROM ' . $db_name;
-					$result = $db->sql_query($sql, 7200);
-
-					$database_size = 0;
-					while ($row = $db->sql_fetchrow($result))
-					{
-						if ((isset($row['Type']) && $row['Type'] != 'MRG_MyISAM') || (isset($row['Engine']) && ($row['Engine'] == 'MyISAM' || $row['Engine'] == 'InnoDB' || $row['Engine'] == 'Aria')))
-						{
-							if ($table_prefix != '')
-							{
-								if (strpos($row['Name'], $table_prefix) !== false)
-								{
-									$database_size += $row['Data_length'] + $row['Index_length'];
-								}
-							}
-							else
-							{
-								$database_size += $row['Data_length'] + $row['Index_length'];
-							}
-						}
-					}
-					$db->sql_freeresult($result);
+					$database_size += $row['Data_length'] + $row['Index_length'];
 				}
 			}
+
+			$db->sql_freeresult($result);
+
+			$database_size = $database_size ? $database_size : false;
+
 		break;
 
 		case 'sqlite3':
@@ -2920,37 +2971,18 @@ function get_database_size()
 		break;
 
 		case 'postgres':
-			$sql = "SELECT proname
-				FROM pg_proc
-				WHERE proname = 'pg_database_size'";
-			$result = $db->sql_query($sql);
-			$row = $db->sql_fetchrow($result);
-			$db->sql_freeresult($result);
+			$database = $db->get_db_name();
 
-			if ($row['proname'] == 'pg_database_size')
+			if (strpos($database, '.') !== false)
 			{
-				$database = $db->get_db_name();
-				if (strpos($database, '.') !== false)
-				{
-					list($database, ) = explode('.', $database);
-				}
-
-				$sql = "SELECT oid
-					FROM pg_database
-					WHERE datname = '$database'";
-				$result = $db->sql_query($sql);
-				$row = $db->sql_fetchrow($result);
-				$db->sql_freeresult($result);
-
-				$oid = $row['oid'];
-
-				$sql = 'SELECT pg_database_size(' . $oid . ') as size';
-				$result = $db->sql_query($sql);
-				$row = $db->sql_fetchrow($result);
-				$db->sql_freeresult($result);
-
-				$database_size = $row['size'];
+				$database = explode('.', $database)[0];
 			}
+
+			$sql = "SELECT pg_database_size('" . $database . "') AS dbsize";
+			$result = $db->sql_query($sql, 7200);
+			$row = $db->sql_fetchrow($result);
+			$database_size = !empty($row['dbsize']) ? $row['dbsize'] : false;
+			$db->sql_freeresult($result);
 		break;
 
 		case 'oracle':

phpBB/includes/functions_compatibility.php

@@ -223,12 +223,12 @@ function get_remote_file($host, $directory, $filename, &$errstr, &$errno, $port
 /**
  * Add log entry
  *
- * @param	string	$mode				The mode defines which log_type is used and from which log the entry is retrieved
- * @param	int		$forum_id			Mode 'mod' ONLY: forum id of the related item, NOT INCLUDED otherwise
- * @param	int		$topic_id			Mode 'mod' ONLY: topic id of the related item, NOT INCLUDED otherwise
- * @param	int		$reportee_id		Mode 'user' ONLY: user id of the reportee, NOT INCLUDED otherwise
- * @param	string	$log_operation		Name of the operation
- * @param	array	$additional_data	More arguments can be added, depending on the log_type
+ * string	$mode				The mode defines which log_type is used and from which log the entry is retrieved
+ * int		$forum_id			Mode 'mod' ONLY: forum id of the related item, NOT INCLUDED otherwise
+ * int		$topic_id			Mode 'mod' ONLY: topic id of the related item, NOT INCLUDED otherwise
+ * int		$reportee_id		Mode 'user' ONLY: user id of the reportee, NOT INCLUDED otherwise
+ * string	$log_operation		Name of the operation
+ * array	$additional_data	More arguments can be added, depending on the log_type
  *
  * @return	int|bool		Returns the log_id, if the entry was added to the database, false otherwise.
  *
@@ -345,7 +345,8 @@ function set_config_count($config_name, $increment, $is_dynamic = false, \phpbb\
  *										Default is false, causing all bytes outside the ASCII range (0-127) to be replaced with question marks
  * @param	bool			$cookie		This param is mapped to \phpbb\request\request_interface::COOKIE as the last param for
  * 										\phpbb\request\request_interface::variable for backwards compatability reasons.
- * @param	\phpbb\request\request_interface|null|false	If an instance of \phpbb\request\request_interface is given the instance is stored in
+ * @param	\phpbb\request\request_interface|null|false	$request
+ * 										If an instance of \phpbb\request\request_interface is given the instance is stored in
  *										a static variable and used for all further calls where this parameters is null. Until
  *										the function is called with an instance it automatically creates a new \phpbb\request\request
  *										instance on every call. By passing false this per-call instantiation can be restored
@@ -758,7 +759,7 @@ function phpbb_http_login($param)
 	{
 		if ($request->is_set($k, \phpbb\request\request_interface::SERVER))
 		{
-			$username = htmlspecialchars_decode($request->server($k));
+			$username = htmlspecialchars_decode($request->server($k), ENT_COMPAT);
 			break;
 		}
 	}
@@ -768,7 +769,7 @@ function phpbb_http_login($param)
 	{
 		if ($request->is_set($k, \phpbb\request\request_interface::SERVER))
 		{
-			$password = htmlspecialchars_decode($request->server($k));
+			$password = htmlspecialchars_decode($request->server($k), ENT_COMPAT);
 			break;
 		}
 	}

phpBB/includes/functions_content.php

@@ -532,7 +532,7 @@ function strip_bbcode(&$text, $uid = '')
 
 	if (preg_match('#^<[rt][ >]#', $text))
 	{
-		$text = $phpbb_container->get('text_formatter.utils')->clean_formatting($text);
+		$text = utf8_htmlspecialchars($phpbb_container->get('text_formatter.utils')->clean_formatting($text));
 	}
 	else
 	{
@@ -803,8 +803,8 @@ function make_clickable_callback($type, $whitespace, $url, $relative_url, $class
 	$orig_url		= $url;
 	$orig_relative	= $relative_url;
 	$append			= '';
-	$url			= htmlspecialchars_decode($url);
-	$relative_url	= htmlspecialchars_decode($relative_url);
+	$url			= htmlspecialchars_decode($url, ENT_COMPAT);
+	$relative_url	= htmlspecialchars_decode($relative_url, ENT_COMPAT);
 
 	// make sure no HTML entities were matched
 	$chars = array('<', '>', '"');
@@ -911,9 +911,9 @@ function make_clickable_callback($type, $whitespace, $url, $relative_url, $class
 		break;
 	}
 
-	$url	= htmlspecialchars($url);
-	$text	= htmlspecialchars($text);
-	$append	= htmlspecialchars($append);
+	$url	= htmlspecialchars($url, ENT_COMPAT);
+	$text	= htmlspecialchars($text, ENT_COMPAT);
+	$append	= htmlspecialchars($append, ENT_COMPAT);
 
 	$html	= "$whitespace<!-- $tag --><a$class href=\"$url\">$text</a><!-- $tag -->$append";
 
@@ -1011,7 +1011,7 @@ function make_clickable($text, $server_url = false, string $class = 'postlink')
 		if (preg_match($magic_args[0], $text, $matches))
 		{
 			// Only apply $class from the corresponding function call argument (excepting emails which never has a class)
-			if ($magic_args[3] != $static_class && $magic_args[1] != MAGIC_URL_EMAIL)
+			if ($magic_args[1] != MAGIC_URL_EMAIL && $magic_args[3] != $static_class)
 			{
 				continue;
 			}
@@ -1456,7 +1456,7 @@ function truncate_string($string, $max_length = 60, $max_store_length = 255, $al
 		$string = substr($string, 4);
 	}
 
-	$_chars = utf8_str_split(htmlspecialchars_decode($string));
+	$_chars = utf8_str_split(htmlspecialchars_decode($string, ENT_COMPAT));
 	$chars = array_map('utf8_htmlspecialchars', $_chars);
 
 	// Now check the length ;)
@@ -1471,7 +1471,7 @@ function truncate_string($string, $max_length = 60, $max_store_length = 255, $al
 	if (utf8_strlen($string) > $max_store_length)
 	{
 		// let's split again, we do not want half-baked strings where entities are split
-		$_chars = utf8_str_split(htmlspecialchars_decode($string));
+		$_chars = utf8_str_split(htmlspecialchars_decode($string, ENT_COMPAT));
 		$chars = array_map('utf8_htmlspecialchars', $_chars);
 
 		do

phpBB/includes/functions_convert.php

@@ -1127,6 +1127,7 @@ function add_user_group($group_id, $user_id, $group_leader = false)
 *
 * @param string $group The name of the special group to add to
 * @param string $select_query An SQL query to retrieve the user(s) to add to the group
+* @param bool $use_src_db
 */
 function user_group_auth($group, $select_query, $use_src_db)
 {
@@ -1835,10 +1836,12 @@ function add_bots()
 
 	$bots = array(
 		'AdsBot [Google]'			=> array('AdsBot-Google', ''),
+		'Ahrefs [Bot]'				=> array('AhrefsBot/', ''),
 		'Alexa [Bot]'				=> array('ia_archiver', ''),
 		'Alta Vista [Bot]'			=> array('Scooter/', ''),
+		'Amazon [Bot]'				=> array('Amazonbot/', ''),
 		'Ask Jeeves [Bot]'			=> array('Ask Jeeves', ''),
-		'Baidu [Spider]'			=> array('Baiduspider+(', ''),
+		'Baidu [Spider]'			=> array('Baiduspider', ''),
 		'Bing [Bot]'				=> array('bingbot/', ''),
 		'DuckDuckGo [Bot]'			=> array('DuckDuckBot/', ''),
 		'Exabot [Bot]'				=> array('Exabot/', ''),
@@ -1854,7 +1857,7 @@ function add_bots()
 		'Heritrix [Crawler]'		=> array('heritrix/1.', ''),
 		'IBM Research [Bot]'		=> array('ibm.com/cs/crawler', ''),
 		'ICCrawler - ICjobs'		=> array('ICCrawler - ICjobs', ''),
-		'ichiro [Crawler]'			=> array('ichiro/2', ''),
+		'ichiro [Crawler]'			=> array('ichiro/', ''),
 		'Majestic-12 [Bot]'			=> array('MJ12bot/', ''),
 		'Metager [Bot]'				=> array('MetagerBot/', ''),
 		'MSN NewsBlogs'				=> array('msnbot-NewsBlogs/', ''),
@@ -1867,6 +1870,7 @@ function add_bots()
 		'Online link [Validator]'	=> array('online link validator', ''),
 		'psbot [Picsearch]'			=> array('psbot/0', ''),
 		'Seekport [Bot]'			=> array('Seekbot/', ''),
+		'Semrush [Bot]'				=> array('SemrushBot/', ''),
 		'Sensis [Crawler]'			=> array('Sensis Web Crawler', ''),
 		'SEO Crawler'				=> array('SEO search Crawler/', ''),
 		'Seoma [Crawler]'			=> array('Seoma [SEO Crawler]', ''),
@@ -1876,7 +1880,7 @@ function add_bots()
 		'Synoo [Bot]'				=> array('SynooBot/', ''),
 		'Telekom [Bot]'				=> array('crawleradmin.t-info@telekom.de', ''),
 		'TurnitinBot [Bot]'			=> array('TurnitinBot/', ''),
-		'Voyager [Bot]'				=> array('voyager/1.0', ''),
+		'Voyager [Bot]'				=> array('voyager/', ''),
 		'W3 [Sitesearch]'			=> array('W3 SiteSearch Crawler', ''),
 		'W3C [Linkcheck]'			=> array('W3C-checklink/', ''),
 		'W3C [Validator]'			=> array('W3C_*Validator', ''),

phpBB/includes/functions_display.php

@@ -551,7 +551,7 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod
 			}
 			$last_post_time = $user->format_date($row['forum_last_post_time']);
 			$last_post_time_rfc3339 = gmdate(DATE_RFC3339, $row['forum_last_post_time']);
-			$last_post_url = append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'f=' . $row['forum_id_last_post'] . '&p=' . $row['forum_last_post_id']) . '#p' . $row['forum_last_post_id'];
+			$last_post_url = append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'p=' . $row['forum_last_post_id']) . '#p' . $row['forum_last_post_id'];
 		}
 		else
 		{
@@ -1086,12 +1086,12 @@ function display_custom_bbcodes()
 	// Start counting from 22 for the bbcode ids (every bbcode takes two ids - opening/closing)
 	$num_predefined_bbcodes = NUM_PREDEFINED_BBCODES;
 
-	$sql_ary = array(
-		'SELECT'	=> 'b.bbcode_id, b.bbcode_tag, b.bbcode_helpline',
-		'FROM'		=> array(BBCODES_TABLE => 'b'),
+	$sql_ary = [
+		'SELECT'	=> 'b.bbcode_id, b.bbcode_tag, b.bbcode_helpline, b.bbcode_match',
+		'FROM'		=> [BBCODES_TABLE => 'b'],
 		'WHERE'		=> 'b.display_on_posting = 1',
 		'ORDER_BY'	=> 'b.bbcode_tag',
-	);
+	];
 
 	/**
 	* Event to modify the SQL query before custom bbcode data is queried
@@ -1119,13 +1119,18 @@ function display_custom_bbcodes()
 		// Convert Numeric Character References to UTF-8 chars.
 		$row['bbcode_helpline'] = utf8_decode_ncr($row['bbcode_helpline']);
 
-		$custom_tags = array(
-			'BBCODE_NAME'		=> "'[{$row['bbcode_tag']}]', '[/" . str_replace('=', '', $row['bbcode_tag']) . "]'",
+		// Does the closing bbcode tag exists? If so display it.
+		$bbcode_close_tag	= '%\[\/' . utf8_strtolower($row['bbcode_tag']) . '\]%';
+		$bbcode_match_str	= utf8_strtolower($row['bbcode_match']);
+		$bbcode_name_clean	= preg_match($bbcode_close_tag, $bbcode_match_str) ? "'[{$row['bbcode_tag']}]', '[/" . str_replace('=', '', $row['bbcode_tag']) . "]'" : "'[{$row['bbcode_tag']}]', ''";
+
+		$custom_tags = [
+			'BBCODE_NAME'		=> $bbcode_name_clean,
 			'BBCODE_ID'			=> $num_predefined_bbcodes + ($i * 2),
 			'BBCODE_TAG'		=> $row['bbcode_tag'],
 			'BBCODE_TAG_CLEAN'	=> str_replace('=', '-', $row['bbcode_tag']),
 			'BBCODE_HELPLINE'	=> $row['bbcode_helpline'],
-		);
+		];
 
 		/**
 		* Event to modify the template data block of a custom bbcode

phpBB/includes/functions_download.php

@@ -208,7 +208,7 @@ function send_file_to_browser($attachment, $upload_dir, $category)
 
 	if (empty($user->browser) || ((strpos(strtolower($user->browser), 'msie') !== false) && !phpbb_is_greater_ie_version($user->browser, 7)))
 	{
-		header('Content-Disposition: attachment; ' . header_filename(htmlspecialchars_decode($attachment['real_filename'])));
+		header('Content-Disposition: attachment; ' . header_filename(htmlspecialchars_decode($attachment['real_filename'], ENT_COMPAT)));
 		if (empty($user->browser) || (strpos(strtolower($user->browser), 'msie 6.0') !== false))
 		{
 			header('Expires: ' . gmdate('D, d M Y H:i:s', time()) . ' GMT');
@@ -216,7 +216,7 @@ function send_file_to_browser($attachment, $upload_dir, $category)
 	}
 	else
 	{
-		header('Content-Disposition: ' . ((strpos($attachment['mimetype'], 'image') === 0) ? 'inline' : 'attachment') . '; ' . header_filename(htmlspecialchars_decode($attachment['real_filename'])));
+		header('Content-Disposition: ' . ((strpos($attachment['mimetype'], 'image') === 0) ? 'inline' : 'attachment') . '; ' . header_filename(htmlspecialchars_decode($attachment['real_filename'], ENT_COMPAT)));
 		if (phpbb_is_greater_ie_version($user->browser, 7) && (strpos($attachment['mimetype'], 'image') !== 0))
 		{
 			header('X-Download-Options: noopen');
@@ -242,7 +242,7 @@ function send_file_to_browser($attachment, $upload_dir, $category)
 			// X-Sendfile - http://blog.lighttpd.net/articles/2006/07/02/x-sendfile
 			// Lighttpd's X-Sendfile does not support range requests as of 1.4.26
 			// and always requires an absolute path.
-			header('X-Sendfile: ' . dirname(__FILE__) . "/../$upload_dir/{$attachment['physical_filename']}");
+			header('X-Sendfile: ' . __DIR__ . "/../$upload_dir/{$attachment['physical_filename']}");
 			exit;
 		}
 
@@ -327,7 +327,7 @@ function download_allowed()
 		return true;
 	}
 
-	$url = htmlspecialchars_decode($request->header('Referer'));
+	$url = htmlspecialchars_decode($request->header('Referer'), ENT_COMPAT);
 
 	if (!$url)
 	{
@@ -656,15 +656,15 @@ function phpbb_download_handle_forum_auth($db, $auth, $topic_id)
 {
 	global $phpbb_container;
 
-	$sql_array = array(
-		'SELECT'	=> 't.topic_visibility, t.forum_id, f.forum_name, f.forum_password, f.parent_id',
-		'FROM'		=> array(
+	$sql_array = [
+		'SELECT'	=> 't.forum_id, t.topic_poster, t.topic_visibility, f.forum_name, f.forum_password, f.parent_id',
+		'FROM'		=> [
 			TOPICS_TABLE => 't',
 			FORUMS_TABLE => 'f',
-		),
-		'WHERE'	=> 't.topic_id = ' . (int) $topic_id . '
+		],
+		'WHERE'		=> 't.topic_id = ' . (int) $topic_id . '
 			AND t.forum_id = f.forum_id',
-	);
+	];
 
 	$sql = $db->sql_build_query('SELECT', $sql_array);
 	$result = $db->sql_query($sql);

phpBB/includes/functions_mcp.php

@@ -51,8 +51,18 @@ function phpbb_module_warn_url($mode, $module_row)
 	{
 		global $forum_id, $post_id;
 
-		$url_extra = ($forum_id) ? "&f=$forum_id" : '';
-		$url_extra .= ($post_id) ? "&p=$post_id" : '';
+		if ($post_id)
+		{
+			$url_extra = "&p=$post_id";
+		}
+		else if ($forum_id)
+		{
+			$url_extra = "&f=$forum_id";
+		}
+		else
+		{
+			$url_extra = '';
+		}
 
 		return $url_extra;
 	}
@@ -93,10 +103,22 @@ function phpbb_extra_url()
 {
 	global $forum_id, $topic_id, $post_id, $report_id, $user_id;
 
-	$url_extra = '';
-	$url_extra .= ($forum_id) ? "&f=$forum_id" : '';
-	$url_extra .= ($topic_id) ? "&t=$topic_id" : '';
-	$url_extra .= ($post_id) ? "&p=$post_id" : '';
+	if ($post_id)
+	{
+		$url_extra = "&p=$post_id";
+	}
+	else if ($topic_id)
+	{
+		$url_extra = "&t=$topic_id";
+	}
+	else if ($forum_id)
+	{
+		$url_extra = "&f=$forum_id";
+	}
+	else
+	{
+		$url_extra = '';
+	}
 	$url_extra .= ($user_id) ? "&u=$user_id" : '';
 	$url_extra .= ($report_id) ? "&r=$report_id" : '';
 
@@ -383,7 +405,7 @@ function phpbb_get_pm_data($pm_ids)
 /**
 * sorting in mcp
 *
-* @param string $where_sql should either be WHERE (default if ommited) or end with AND or OR
+* $where_sql should either be WHERE (default if ommited) or end with AND or OR
 *
 * $mode reports and reports_closed: the $where parameters uses aliases p for posts table and r for report table
 * $mode unapproved_posts: the $where parameters uses aliases p for posts table and t for topic table
@@ -684,7 +706,7 @@ function phpbb_mcp_sorting($mode, &$sort_days_val, &$sort_key_val, &$sort_dir_va
 * @param	string	$table			The table to find the ids in
 * @param	string	$sql_id			The ids relevant column name
 * @param	array	$acl_list		A list of permissions the user need to have
-* @param	mixed	$singe_forum	Limit to one forum id (int) or the first forum found (true)
+* @param	mixed	$single_forum	Limit to one forum id (int) or the first forum found (true)
 *
 * @return	mixed	False if no ids were able to be retrieved, true if at least one id left.
 *					Additionally, this value can be the forum_id assigned if $single_forum was set.

phpBB/includes/functions_messenger.php

@@ -320,8 +320,8 @@ class messenger
 		// We add some standard variables we always use, no need to specify them always
 		$this->assign_vars(array(
 			'U_BOARD'	=> generate_board_url(),
-			'EMAIL_SIG'	=> str_replace('<br />', "\n", "-- \n" . htmlspecialchars_decode($config['board_email_sig'])),
-			'SITENAME'	=> htmlspecialchars_decode($config['sitename']),
+			'EMAIL_SIG'	=> str_replace('<br />', "\n", "-- \n" . htmlspecialchars_decode($config['board_email_sig'], ENT_COMPAT)),
+			'SITENAME'	=> htmlspecialchars_decode($config['sitename'], ENT_COMPAT),
 		));
 
 		$subject = $this->subject;
@@ -427,7 +427,7 @@ class messenger
 			$user->session_begin();
 		}
 
-		$calling_page = htmlspecialchars_decode($request->server('PHP_SELF'));
+		$calling_page = htmlspecialchars_decode($request->server('PHP_SELF'), ENT_COMPAT);
 
 		switch ($type)
 		{
@@ -440,7 +440,7 @@ class messenger
 			break;
 		}
 
-		$message .= '<br /><em>' . htmlspecialchars($calling_page) . '</em><br /><br />' . $msg . '<br />';
+		$message .= '<br /><em>' . htmlspecialchars($calling_page, ENT_COMPAT) . '</em><br /><br />' . $msg . '<br />';
 		$phpbb_log->add('critical', $user->data['user_id'], $user->ip, 'LOG_ERROR_' . $type, false, array($message));
 	}
 
@@ -557,7 +557,7 @@ class messenger
 			$use_queue = true;
 		}
 
-		$contact_name = htmlspecialchars_decode($config['board_contact_name']);
+		$contact_name = htmlspecialchars_decode($config['board_contact_name'], ENT_COMPAT);
 		$board_contact = (($contact_name !== '') ? '"' . mail_encode($contact_name) . '" ' : '') . '<' . $config['board_contact'] . '>';
 
 		$break = false;
@@ -691,7 +691,7 @@ class messenger
 		if (!$use_queue)
 		{
 			include_once($phpbb_root_path . 'includes/functions_jabber.' . $phpEx);
-			$this->jabber = new jabber($config['jab_host'], $config['jab_port'], $config['jab_username'], htmlspecialchars_decode($config['jab_password']), $config['jab_use_ssl'], $config['jab_verify_peer'], $config['jab_verify_peer_name'], $config['jab_allow_self_signed']);
+			$this->jabber = new jabber($config['jab_host'], $config['jab_port'], $config['jab_username'], htmlspecialchars_decode($config['jab_password'], ENT_COMPAT), $config['jab_use_ssl'], $config['jab_verify_peer'], $config['jab_verify_peer_name'], $config['jab_allow_self_signed']);
 
 			if (!$this->jabber->connect())
 			{
@@ -891,7 +891,7 @@ class queue
 					}
 
 					include_once($phpbb_root_path . 'includes/functions_jabber.' . $phpEx);
-					$this->jabber = new jabber($config['jab_host'], $config['jab_port'], $config['jab_username'], htmlspecialchars_decode($config['jab_password']), $config['jab_use_ssl'], $config['jab_verify_peer'], $config['jab_verify_peer_name'], $config['jab_allow_self_signed']);
+					$this->jabber = new jabber($config['jab_host'], $config['jab_port'], $config['jab_username'], htmlspecialchars_decode($config['jab_password'], ENT_COMPAT), $config['jab_use_ssl'], $config['jab_verify_peer'], $config['jab_verify_peer_name'], $config['jab_allow_self_signed']);
 
 					if (!$this->jabber->connect())
 					{
@@ -1196,7 +1196,7 @@ function smtpmail($addresses, $subject, $message, &$err_msg, $headers = false)
 		}
 
 		$err_msg = (isset($user->lang['NO_CONNECT_TO_SMTP_HOST'])) ? sprintf($user->lang['NO_CONNECT_TO_SMTP_HOST'], $errno, $errstr) : "Could not connect to smtp host : $errno : $errstr";
-		$err_msg .= ($error_contents) ? '<br /><br />' . htmlspecialchars($error_contents) : '';
+		$err_msg .= ($error_contents) ? '<br /><br />' . htmlspecialchars($error_contents, ENT_COMPAT) : '';
 		return false;
 	}
 
@@ -1208,7 +1208,7 @@ function smtpmail($addresses, $subject, $message, &$err_msg, $headers = false)
 	}
 
 	// Let me in. This function handles the complete authentication process
-	if ($err_msg = $smtp->log_into_server($config['smtp_host'], $config['smtp_username'], htmlspecialchars_decode($config['smtp_password']), $config['smtp_auth_method']))
+	if ($err_msg = $smtp->log_into_server($config['smtp_host'], $config['smtp_username'], htmlspecialchars_decode($config['smtp_password'], ENT_COMPAT), $config['smtp_auth_method']))
 	{
 		$smtp->close_session($err_msg);
 		return false;
@@ -1259,7 +1259,7 @@ function smtpmail($addresses, $subject, $message, &$err_msg, $headers = false)
 	{
 		$user->session_begin();
 		$err_msg .= '<br /><br />';
-		$err_msg .= (isset($user->lang['INVALID_EMAIL_LOG'])) ? sprintf($user->lang['INVALID_EMAIL_LOG'], htmlspecialchars($mail_to_address)) : '<strong>' . htmlspecialchars($mail_to_address) . '</strong> possibly an invalid email address?';
+		$err_msg .= (isset($user->lang['INVALID_EMAIL_LOG'])) ? sprintf($user->lang['INVALID_EMAIL_LOG'], htmlspecialchars($mail_to_address, ENT_COMPAT)) : '<strong>' . htmlspecialchars($mail_to_address, ENT_COMPAT) . '</strong> possibly an invalid email address?';
 		$smtp->close_session($err_msg);
 		return false;
 	}
@@ -1342,7 +1342,7 @@ class smtp_class
 	{
 		if ($this->backtrace)
 		{
-			$this->backtrace_log[] = utf8_htmlspecialchars($message);
+			$this->backtrace_log[] = utf8_htmlspecialchars($message, ENT_COMPAT);
 		}
 	}
 
@@ -1848,18 +1848,27 @@ class smtp_class
 *
 * Please note that this version fully supports RFC 2045 section 6.8.
 *
+* @param string $str
 * @param string $eol End of line we are using (optional to be backwards compatible)
 */
 function mail_encode($str, $eol = "\r\n")
 {
-	// define start delimimter, end delimiter and spacer
-	$start = "=?UTF-8?B?";
+	// Check if string contains ASCII only characters
+	$is_ascii = strlen($str) === utf8_strlen($str);
+
+	// Define start delimimter, end delimiter and spacer
+	// Use the Quoted-Printable encoding for ASCII strings to avoid unnecessary encoding in Base64
+	$start = $is_ascii ? "=?US-ASCII?Q?" : "=?UTF-8?B?";
 	$end = "?=";
 	$delimiter = "$eol ";
 
-	// Maximum length is 75. $split_length *must* be a multiple of 4, but <= 75 - strlen($start . $delimiter . $end)!!!
-	$split_length = 60;
-	$encoded_str = base64_encode($str);
+	// Maximum encoded-word length is 75 as per RFC 2047 section 2.
+	// $split_length *must* be a multiple of 4, but <= 75 - strlen($start . $delimiter . $end)!!!
+	$split_length = 75 - strlen($start . $delimiter . $end);
+	$split_length = $split_length - $split_length % 4;
+
+	// Use the Quoted-Printable encoding for ASCII strings to avoid unnecessary encoding in Base64
+	$encoded_str = $is_ascii ? quoted_printable_encode($str) : base64_encode($str);
 
 	// If encoded string meets the limits, we just return with the correct data.
 	if (strlen($encoded_str) <= $split_length)
@@ -1868,7 +1877,7 @@ function mail_encode($str, $eol = "\r\n")
 	}
 
 	// If there is only ASCII data, we just return what we want, correctly splitting the lines.
-	if (strlen($str) === utf8_strlen($str))
+	if ($is_ascii)
 	{
 		return $start . implode($end . $delimiter . $start, str_split($encoded_str, $split_length)) . $end;
 	}

phpBB/includes/functions_posting.php

@@ -118,7 +118,7 @@ function generate_smilies($mode, $forum_id)
 				SMILIES_TABLE => 's',
 			],
 			'GROUP_BY'	=> 's.smiley_url, s.smiley_width, s.smiley_height',
-			'ORDER_BY'	=> 'min_smiley_order',
+			'ORDER_BY'	=> $db->sql_quote('min_smiley_order'),
 		];
 	}
 	else
@@ -256,7 +256,7 @@ function generate_smilies($mode, $forum_id)
 */
 function update_post_information($type, $ids, $return_update_sql = false)
 {
-	global $db;
+	global $db, $phpbb_dispatcher;
 
 	if (empty($ids))
 	{
@@ -340,14 +340,35 @@ function update_post_information($type, $ids, $return_update_sql = false)
 
 	if (count($last_post_ids))
 	{
-		$sql = 'SELECT p.' . $type . '_id, p.post_id, p.post_subject, p.post_time, p.poster_id, p.post_username, u.user_id, u.username, u.user_colour
-			FROM ' . POSTS_TABLE . ' p, ' . USERS_TABLE . ' u
-			WHERE p.poster_id = u.user_id
-				AND ' . $db->sql_in_set('p.post_id', $last_post_ids);
-		$result = $db->sql_query($sql);
+		$sql_ary = array(
+			'SELECT'	=> 'p.' . $type . '_id, p.post_id, p.post_subject, p.post_time, p.poster_id, p.post_username, u.user_id, u.username, u.user_colour',
+			'FROM'		=> array(
+				POSTS_TABLE	=> 'p',
+				USERS_TABLE => 'u',
+			),
+			'WHERE'		=> $db->sql_in_set('p.post_id', $last_post_ids) . '
+				AND p.poster_id = u.user_id',
+		);
 
+		/**
+		* Event to modify the SQL array to get the post and user data from all last posts
+		*
+		* @event core.update_post_info_modify_posts_sql
+		* @var	string	type				The table being updated (forum or topic)
+		* @var	array	sql_ary				SQL array to get some of the last posts' data
+		* @since 3.3.5-RC1
+		*/
+		$vars = [
+			'type',
+			'sql_ary',
+		];
+		extract($phpbb_dispatcher->trigger_event('core.update_post_info_modify_posts_sql', compact($vars)));
+		$result = $db->sql_query($db->sql_build_query('SELECT', $sql_ary));
+
+		$rowset = array();
 		while ($row = $db->sql_fetchrow($result))
 		{
+			$rowset[] = $row;
 			$update_sql[$row["{$type}_id"]][] = $type . '_last_post_id = ' . (int) $row['post_id'];
 			$update_sql[$row["{$type}_id"]][] = "{$type}_last_post_subject = '" . $db->sql_escape($row['post_subject']) . "'";
 			$update_sql[$row["{$type}_id"]][] = $type . '_last_post_time = ' . (int) $row['post_time'];
@@ -356,6 +377,23 @@ function update_post_information($type, $ids, $return_update_sql = false)
 			$update_sql[$row["{$type}_id"]][] = "{$type}_last_poster_name = '" . (($row['poster_id'] == ANONYMOUS) ? $db->sql_escape($row['post_username']) : $db->sql_escape($row['username'])) . "'";
 		}
 		$db->sql_freeresult($result);
+
+		/**
+		* Event to modify the update_sql array to add new update data for forum or topic last posts
+		*
+		* @event core.update_post_info_modify_sql
+		* @var	string	type				The table being updated (forum or topic)
+		* @var	array	rowset				Array with the posts data
+		* @var	array	update_sql			Array with SQL data to update the forums or topics table with
+		* @since 3.3.5-RC1
+		*/
+		$vars = [
+			'type',
+			'rowset',
+			'update_sql',
+		];
+		extract($phpbb_dispatcher->trigger_event('core.update_post_info_modify_sql', compact($vars)));
+		unset($rowset);
 	}
 	unset($empty_forums, $ids, $last_post_ids);
 
@@ -542,12 +580,17 @@ function get_supported_image_types($type = false)
 				case IMAGETYPE_WBMP:
 					$new_type = ($format & IMG_WBMP) ? IMG_WBMP : false;
 				break;
+
+				// WEBP
+				case IMAGETYPE_WEBP:
+					$new_type = ($format & IMG_WEBP) ? IMG_WEBP : false;
+				break;
 			}
 		}
 		else
 		{
-			$new_type = array();
-			$go_through_types = array(IMG_GIF, IMG_JPG, IMG_PNG, IMG_WBMP);
+			$new_type = [];
+			$go_through_types = [IMG_GIF, IMG_JPG, IMG_PNG, IMG_WBMP, IMG_WEBP];
 
 			foreach ($go_through_types as $check_type)
 			{
@@ -558,14 +601,14 @@ function get_supported_image_types($type = false)
 			}
 		}
 
-		return array(
+		return [
 			'gd'		=> ($new_type) ? true : false,
 			'format'	=> $new_type,
 			'version'	=> (function_exists('imagecreatetruecolor')) ? 2 : 1
-		);
+		];
 	}
 
-	return array('gd' => false);
+	return ['gd' => false];
 }
 
 /**
@@ -659,6 +702,10 @@ function create_thumbnail($source, $destination, $mimetype)
 				case IMG_WBMP:
 					$image = @imagecreatefromwbmp($source);
 				break;
+
+				case IMG_WEBP:
+					$image = @imagecreatefromwebp($source);
+				break;
 			}
 
 			if (empty($image))
@@ -710,6 +757,10 @@ function create_thumbnail($source, $destination, $mimetype)
 				case IMG_WBMP:
 					imagewbmp($new_image, $destination);
 				break;
+
+				case IMG_WEBP:
+					imagewebp($new_image, $destination);
+				break;
 			}
 
 			imagedestroy($new_image);
@@ -924,10 +975,10 @@ function load_drafts($topic_id = 0, $forum_id = 0, $id = 0, $pm_action = '', $ms
 			$topic_forum_id = ($topic_rows[$draft['topic_id']]['forum_id']) ? $topic_rows[$draft['topic_id']]['forum_id'] : $forum_id;
 
 			$link_topic = true;
-			$view_url = append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'f=' . $topic_forum_id . '&t=' . $draft['topic_id']);
+			$view_url = append_sid("{$phpbb_root_path}viewtopic.$phpEx", 't=' . $draft['topic_id']);
 			$title = $topic_rows[$draft['topic_id']]['topic_title'];
 
-			$insert_url = append_sid("{$phpbb_root_path}posting.$phpEx", 'f=' . $topic_forum_id . '&t=' . $draft['topic_id'] . '&mode=reply&d=' . $draft['draft_id']);
+			$insert_url = append_sid("{$phpbb_root_path}posting.$phpEx", 't=' . $draft['topic_id'] . '&mode=reply&d=' . $draft['draft_id']);
 		}
 		else if ($draft['forum_id'] && $auth->acl_get('f_read', $draft['forum_id']))
 		{
@@ -1147,7 +1198,7 @@ function topic_review($topic_id, $forum_id, $mode = 'topic_review', $cur_post_id
 		$post_subject = censor_text($post_subject);
 
 		$post_anchor = ($mode == 'post_review') ? 'ppr' . $row['post_id'] : 'pr' . $row['post_id'];
-		$u_show_post = append_sid($phpbb_root_path . 'viewtopic.' . $phpEx, "f=$forum_id&t=$topic_id&p={$row['post_id']}&view=show#p{$row['post_id']}");
+		$u_show_post = append_sid($phpbb_root_path . 'viewtopic.' . $phpEx, "t=$topic_id&p={$row['post_id']}&view=show#p{$row['post_id']}");
 
 		$l_deleted_message = '';
 		if ($row['post_visibility'] == ITEM_DELETED)
@@ -1196,7 +1247,7 @@ function topic_review($topic_id, $forum_id, $mode = 'topic_review', $cur_post_id
 			'POST_TIME'			=> $row['post_time'],
 			'USER_ID'			=> $row['user_id'],
 			'U_MINI_POST'		=> append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'p=' . $row['post_id']) . '#p' . $row['post_id'],
-			'U_MCP_DETAILS'		=> ($auth->acl_get('m_info', $forum_id)) ? append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=main&mode=post_details&f=' . $forum_id . '&p=' . $row['post_id'], true, $user->session_id) : '',
+			'U_MCP_DETAILS'		=> ($auth->acl_get('m_info', $forum_id)) ? append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=main&mode=post_details&p=' . $row['post_id'], true, $user->session_id) : '',
 			'POSTER_QUOTE'		=> ($show_quote_button && $auth->acl_get('f_reply', $forum_id)) ? addslashes(get_username_string('username', $poster_id, $row['username'], $row['user_colour'], $row['post_username'])) : '',
 		);
 
@@ -2490,27 +2541,35 @@ function submit_post($mode, $subject, $username, $topic_type, &$poll_ary, &$data
 		}
 	}
 
-	$params = $add_anchor = '';
+	$params = [];
+	$add_anchor = '';
+	$url = "{$phpbb_root_path}viewtopic.$phpEx";
 
 	if ($post_visibility == ITEM_APPROVED ||
 		($auth->acl_get('m_softdelete', $data_ary['forum_id']) && $post_visibility == ITEM_DELETED) ||
 		($auth->acl_get('m_approve', $data_ary['forum_id']) && in_array($post_visibility, array(ITEM_UNAPPROVED, ITEM_REAPPROVE))))
 	{
-		$params .= '&t=' . $data_ary['topic_id'];
-
 		if ($mode != 'post')
 		{
-			$params .= '&p=' . $data_ary['post_id'];
+			$params['p'] = $data_ary['post_id'];
 			$add_anchor = '#p' . $data_ary['post_id'];
 		}
+		else
+		{
+			$params['t'] = $data_ary['topic_id'];
+		}
 	}
 	else if ($mode != 'post' && $post_mode != 'edit_first_post' && $post_mode != 'edit_topic')
 	{
-		$params .= '&t=' . $data_ary['topic_id'];
+		$params['t'] = $data_ary['topic_id'];
+	}
+	else
+	{
+		$url = "{$phpbb_root_path}viewforum.$phpEx";
+		$params['f'] = $data_ary['forum_id'];
 	}
 
-	$url = (!$params) ? "{$phpbb_root_path}viewforum.$phpEx" : "{$phpbb_root_path}viewtopic.$phpEx";
-	$url = append_sid($url, 'f=' . $data_ary['forum_id'] . $params) . $add_anchor;
+	$url = append_sid($url, $params) . $add_anchor;
 
 	$poll = $poll_ary;
 	$data = $data_ary;
@@ -2571,7 +2630,7 @@ function submit_post($mode, $subject, $username, $topic_type, &$poll_ary, &$data
 *				- 'topic_last_poster_name'
 *				- 'topic_last_poster_colour'
 * @param int $bump_time The time at which topic was bumped, usually it is a current time as obtained via time().
-* @return string An URL to the bumped topic, example: ./viewtopic.php?forum_id=1&amptopic_id=2&ampp=3#p3
+* @return string An URL to the bumped topic, example: ./viewtopic.php?p=3#p3
 */
 function phpbb_bump_topic($forum_id, $topic_id, $post_data, $bump_time = false)
 {
@@ -2660,7 +2719,7 @@ function phpbb_bump_topic($forum_id, $topic_id, $post_data, $bump_time = false)
 		$post_data['topic_title']
 	));
 
-	$url = append_sid("{$phpbb_root_path}viewtopic.$phpEx", "f=$forum_id&t=$topic_id&p={$post_data['topic_last_post_id']}") . "#p{$post_data['topic_last_post_id']}";
+	$url = append_sid("{$phpbb_root_path}viewtopic.$phpEx", "p={$post_data['topic_last_post_id']}") . "#p{$post_data['topic_last_post_id']}";
 
 	return $url;
 }
@@ -2791,7 +2850,7 @@ function phpbb_handle_post_delete($forum_id, $topic_id, $post_id, &$post_data, $
 					$delete_reason
 				));
 
-				$meta_info = append_sid("{$phpbb_root_path}viewtopic.$phpEx", "f=$forum_id&t=$topic_id&p=$next_post_id") . "#p$next_post_id";
+				$meta_info = append_sid("{$phpbb_root_path}viewtopic.$phpEx", "p=$next_post_id") . "#p$next_post_id";
 				$message = $user->lang['POST_DELETED'];
 
 				if (!$request->is_ajax())

phpBB/includes/functions_user.php

@@ -425,7 +425,7 @@ function user_add($user_row, $cp_data = false, $notifications_data = null)
 /**
  * Delete user(s) and their related data
  *
- * @param string	$mode				Mode of posts deletion (retain|delete)
+ * @param string	$mode				Mode of posts deletion (retain|remove)
  * @param mixed		$user_ids			Either an array of integers or an integer
  * @param bool		$retain_username	True if username should be retained, false otherwise
  * @return bool
@@ -464,7 +464,7 @@ function user_delete($mode, $user_ids, $retain_username = true)
 	 * Event before of the performing of the user(s) delete action
 	 *
 	 * @event core.delete_user_before
-	 * @var string	mode				Mode of posts deletion (retain|delete)
+	 * @var string	mode				Mode of posts deletion (retain|remove)
 	 * @var array	user_ids			ID(s) of the user(s) bound to be deleted
 	 * @var bool	retain_username		True if username should be retained, false otherwise
 	 * @var array	user_rows			Array containing data of the user(s) bound to be deleted
@@ -774,7 +774,7 @@ function user_delete($mode, $user_ids, $retain_username = true)
 	 * Event after the user(s) delete action has been performed
 	 *
 	 * @event core.delete_user_after
-	 * @var string	mode				Mode of posts deletion (retain|delete)
+	 * @var string	mode				Mode of posts deletion (retain|remove)
 	 * @var array	user_ids			ID(s) of the deleted user(s)
 	 * @var bool	retain_username		True if username should be retained, false otherwise
 	 * @var array	user_rows			Array containing data of the deleted user(s)
@@ -797,6 +797,8 @@ function user_delete($mode, $user_ids, $retain_username = true)
 * Flips user_type from active to inactive and vice versa, handles group membership updates
 *
 * @param string $mode can be flip for flipping from active/inactive, activate or deactivate
+* @param array $user_id_ary
+* @param int $reason
 */
 function user_active_flip($mode, $user_id_ary, $reason = INACTIVE_MANUAL)
 {
@@ -919,6 +921,7 @@ function user_active_flip($mode, $user_id_ary, $reason = INACTIVE_MANUAL)
 * @param string $ban_len_other Ban length as a date (YYYY-MM-DD)
 * @param boolean $ban_exclude Exclude these entities from banning?
 * @param string $ban_reason String describing the reason for this ban
+* @param string $ban_give_reason
 * @return boolean
 */
 function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reason, $ban_give_reason = '')
@@ -1510,7 +1513,7 @@ function user_ipwhois($ip)
 		$ipwhois = (empty($buffer)) ? $ipwhois : $buffer;
 	}
 
-	$ipwhois = htmlspecialchars($ipwhois);
+	$ipwhois = htmlspecialchars($ipwhois, ENT_COMPAT);
 
 	// Magic URL ;)
 	return trim(make_clickable($ipwhois, false, ''));
@@ -1572,11 +1575,11 @@ function validate_string($string, $optional = false, $min = 0, $max = 0)
 		return false;
 	}
 
-	if ($min && utf8_strlen(htmlspecialchars_decode($string)) < $min)
+	if ($min && utf8_strlen(htmlspecialchars_decode($string, ENT_COMPAT)) < $min)
 	{
 		return 'TOO_SHORT';
 	}
-	else if ($max && utf8_strlen(htmlspecialchars_decode($string)) > $max)
+	else if ($max && utf8_strlen(htmlspecialchars_decode($string, ENT_COMPAT)) > $max)
 	{
 		return 'TOO_LONG';
 	}
@@ -1611,6 +1614,7 @@ function validate_num($num, $optional = false, $min = 0, $max = 1E99)
 /**
 * Validate Date
 * @param	string $date_string a date in the dd-mm-yyyy format
+* @param	bool $optional
 * @return	boolean
 */
 function validate_date($date_string, $optional = false)
@@ -1748,7 +1752,8 @@ function validate_username($username, $allowed_username = false, $allow_all_name
 	}
 
 	// ... fast checks first.
-	if (strpos($username, '&quot;') !== false || strpos($username, '"') !== false || empty($clean_username))
+	if (strpos($username, '&quot;') !== false || strpos($username, '"') !== false || empty($clean_username)
+		|| preg_match('/[\x{180E}\x{2005}-\x{200D}\x{202F}\x{205F}\x{2060}\x{FEFF}]/u', $username))
 	{
 		return 'INVALID_CHARS';
 	}
@@ -1882,6 +1887,7 @@ function validate_password($password)
 * Check to see if email address is a valid address and contains a MX record
 *
 * @param string $email The email to check
+* @param $config
 *
 * @return mixed Either false if validation succeeded or a string which will be used as the error message (with the variable name appended)
 */
@@ -3621,7 +3627,8 @@ function group_update_listings($group_id)
 /**
 * Funtion to make a user leave the NEWLY_REGISTERED system group.
 * @access public
-* @param $user_id The id of the user to remove from the group
+* @param int $user_id The id of the user to remove from the group
+* @param mixed $user_data The id of the user to remove from the group
 */
 function remove_newly_registered($user_id, $user_data = false)
 {

phpBB/includes/mcp/mcp_forum.php

@@ -166,12 +166,13 @@ function mcp_forum_view($id, $mode, $action, $forum_info)
 
 	if ($config['load_db_lastread'])
 	{
-		$read_tracking_join = ' LEFT JOIN ' . TOPICS_TRACK_TABLE . ' tt ON (tt.topic_id = t.topic_id AND tt.user_id = ' . $user->data['user_id'] . ')';
-		$read_tracking_select = ', tt.mark_time';
+		$sql_read_tracking['LEFT_JOIN'][] = ['FROM' => [TOPICS_TRACK_TABLE => 'tt'], 'ON' => 'tt.topic_id = t.topic_id AND tt.user_id = ' . $user->data['user_id']];
+		$sql_read_tracking['SELECT'] = ', tt.mark_time';
 	}
 	else
 	{
-		$read_tracking_join = $read_tracking_select = '';
+		$sql_read_tracking['LEFT_JOIN'] = [];
+		$sql_read_tracking['SELECT'] = '';
 	}
 
 	/* @var $phpbb_content_visibility \phpbb\content_visibility */
@@ -209,10 +210,31 @@ function mcp_forum_view($id, $mode, $action, $forum_info)
 	}
 	$db->sql_freeresult($result);
 
-	$sql = "SELECT t.*$read_tracking_select
-		FROM " . TOPICS_TABLE . " t $read_tracking_join
-		WHERE " . $db->sql_in_set('t.topic_id', $topic_list, false, true);
+	$sql_ary = [
+		'SELECT'	=> 't.*' . $sql_read_tracking['SELECT'],
+		'FROM'		=> [TOPICS_TABLE => 't'],
+		'LEFT_JOIN'	=> $sql_read_tracking['LEFT_JOIN'],
+		'WHERE'		=> $db->sql_in_set('t.topic_id', $topic_list, false, true),
+	];
 
+	/**
+	* Event to modify SQL query before MCP forum topic data is queried
+	*
+	* @event core.mcp_forum_topic_data_modify_sql
+	* @var	array	sql_ary		SQL query array to get the MCP forum topic data
+	* @var	int		forum_id	The forum ID
+	* @var	array	topic_list	The array of MCP forum topic IDs
+	*
+	* @since 3.3.4-RC1
+	*/
+	$vars = [
+		'sql_ary',
+		'forum_id',
+		'topic_list',
+	];
+	extract($phpbb_dispatcher->trigger_event('core.mcp_forum_topic_data_modify_sql', compact($vars)));
+
+	$sql = $db->sql_build_query('SELECT', $sql_ary);
 	$result = $db->sql_query($sql);
 	while ($row_ary = $db->sql_fetchrow($result))
 	{
@@ -520,8 +542,8 @@ function merge_topics($forum_id, $topic_ids, $to_topic_id)
 		sync('forum', 'forum_id', $sync_forums, true, true);
 
 		// Link to the new topic
-		$return_link .= (($return_link) ? '<br /><br />' : '') . sprintf($user->lang['RETURN_NEW_TOPIC'], '<a href="' . append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'f=' . $to_forum_id . '&amp;t=' . $to_topic_id) . '">', '</a>');
-		$redirect = $request->variable('redirect', "{$phpbb_root_path}viewtopic.$phpEx?f=$to_forum_id&amp;t=$to_topic_id");
+		$return_link .= (($return_link) ? '<br /><br />' : '') . sprintf($user->lang['RETURN_NEW_TOPIC'], '<a href="' . append_sid("{$phpbb_root_path}viewtopic.$phpEx", 't=' . $to_topic_id) . '">', '</a>');
+		$redirect = $request->variable('redirect', "{$phpbb_root_path}viewtopic.$phpEx?t=$to_topic_id");
 		$redirect = reapply_sid($redirect);
 
 		/**

phpBB/includes/mcp/mcp_front.php

@@ -105,7 +105,7 @@ function mcp_front_view($id, $mode, $action)
 			* @var	int		total						Number of unapproved posts
 			* @var	array	post_list					List of unapproved posts
 			* @var	array	forum_list					List of forums that contain the posts
-			* @var	array	forum_names					Associative array with forum_id as key and it's corresponding forum_name as value
+			* @var	array	forum_names					Associative array with forum_id as key and its corresponding forum_name as value
 			* @since 3.1.0-RC3
 			*/
 			$vars = array('total', 'post_list', 'forum_list', 'forum_names');
@@ -119,16 +119,37 @@ function mcp_front_view($id, $mode, $action)
 						AND t.topic_id = p.topic_id
 						AND p.poster_id = u.user_id
 					ORDER BY p.post_time DESC, p.post_id DESC';
+
+				/**
+				 * Alter posts data SQL query
+				 *
+				 * @event core.mcp_front_view_modify_posts_data_sql
+				 * @var	array	forum_list		List of forums that contain the posts
+				 * @var	array	forum_names		Associative array with forum_id as key and its corresponding forum_name as value
+				 * @var	array	post_list		List of unapproved posts
+				 * @var	string	sql				String with the SQL query to be executed
+				 * @var	int		total			Number of unapproved posts
+				 * @since 3.3.5-RC1
+				 */
+				$vars = [
+					'forum_list',
+					'forum_names',
+					'post_list',
+					'sql',
+					'total',
+				];
+				extract($phpbb_dispatcher->trigger_event('core.mcp_front_view_modify_posts_data_sql', compact($vars)));
+
 				$result = $db->sql_query($sql);
 
 				while ($row = $db->sql_fetchrow($result))
 				{
-					$template->assign_block_vars('unapproved', array(
-						'U_POST_DETAILS'	=> append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=queue&mode=approve_details&f=' . $row['forum_id'] . '&p=' . $row['post_id']),
+					$unapproved_post_row = [
+						'U_POST_DETAILS'	=> append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=queue&mode=approve_details&p=' . $row['post_id']),
 						'U_MCP_FORUM'		=> append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=main&mode=forum_view&f=' . $row['forum_id']),
-						'U_MCP_TOPIC'		=> append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=main&mode=topic_view&f=' . $row['forum_id'] . '&t=' . $row['topic_id']),
+						'U_MCP_TOPIC'		=> append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=main&mode=topic_view&t=' . $row['topic_id']),
 						'U_FORUM'			=> append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $row['forum_id']),
-						'U_TOPIC'			=> append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'f=' . $row['forum_id'] . '&t=' . $row['topic_id']),
+						'U_TOPIC'			=> append_sid("{$phpbb_root_path}viewtopic.$phpEx", 't=' . $row['topic_id']),
 
 						'AUTHOR_FULL'		=> get_username_string('full', $row['poster_id'], $row['username'], $row['user_colour']),
 						'AUTHOR'			=> get_username_string('username', $row['poster_id'], $row['username'], $row['user_colour']),
@@ -141,7 +162,27 @@ function mcp_front_view($id, $mode, $action)
 						'SUBJECT'		=> ($row['post_subject']) ? $row['post_subject'] : $user->lang['NO_SUBJECT'],
 						'POST_TIME'		=> $user->format_date($row['post_time']),
 						'ATTACH_ICON_IMG'	=> ($auth->acl_get('u_download') && $auth->acl_get('f_download', $row['forum_id']) && $row['post_attachment']) ? $user->img('icon_topic_attach', $user->lang['TOTAL_ATTACHMENTS']) : '',
-					));
+					];
+
+					/**
+					 * Alter unapproved posts template block for MCP front page
+					 *
+					 * @event core.mcp_front_view_modify_unapproved_post_row
+					 * @var	array	forum_names				Array containing forum names
+					 * @var	string	mode					MCP front view mode
+					 * @var	array	row						Array with unapproved post data
+					 * @var	array	unapproved_post_row		Template block array of the unapproved post
+					 * @since 3.3.5-RC1
+					 */
+					$vars = [
+						'forum_names',
+						'mode',
+						'row',
+						'unapproved_post_row',
+					];
+					extract($phpbb_dispatcher->trigger_event('core.mcp_front_view_modify_unapproved_post_row', compact($vars)));
+
+					$template->assign_block_vars('unapproved', $unapproved_post_row);
 				}
 				$db->sql_freeresult($result);
 			}
@@ -238,12 +279,12 @@ function mcp_front_view($id, $mode, $action)
 
 				while ($row = $db->sql_fetchrow($result))
 				{
-					$template->assign_block_vars('report', array(
-						'U_POST_DETAILS'	=> append_sid("{$phpbb_root_path}mcp.$phpEx", 'f=' . $row['forum_id'] . '&p=' . $row['post_id'] . "&i=reports&mode=report_details"),
+					$reported_post_row = [
+						'U_POST_DETAILS'	=> append_sid("{$phpbb_root_path}mcp.$phpEx", 'p=' . $row['post_id'] . "&i=reports&mode=report_details"),
 						'U_MCP_FORUM'		=> append_sid("{$phpbb_root_path}mcp.$phpEx", 'f=' . $row['forum_id'] . "&i=$id&mode=forum_view"),
-						'U_MCP_TOPIC'		=> append_sid("{$phpbb_root_path}mcp.$phpEx", 'f=' . $row['forum_id'] . '&t=' . $row['topic_id'] . "&i=$id&mode=topic_view"),
+						'U_MCP_TOPIC'		=> append_sid("{$phpbb_root_path}mcp.$phpEx", 't=' . $row['topic_id'] . "&i=$id&mode=topic_view"),
 						'U_FORUM'			=> append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $row['forum_id']),
-						'U_TOPIC'			=> append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'f=' . $row['forum_id'] . '&t=' . $row['topic_id']),
+						'U_TOPIC'			=> append_sid("{$phpbb_root_path}viewtopic.$phpEx", 't=' . $row['topic_id']),
 
 						'REPORTER_FULL'		=> get_username_string('full', $row['user_id'], $row['username'], $row['user_colour']),
 						'REPORTER'			=> get_username_string('username', $row['user_id'], $row['username'], $row['user_colour']),
@@ -261,7 +302,27 @@ function mcp_front_view($id, $mode, $action)
 						'REPORT_TIME'	=> $user->format_date($row['report_time']),
 						'POST_TIME'		=> $user->format_date($row['post_time']),
 						'ATTACH_ICON_IMG'	=> ($auth->acl_get('u_download') && $auth->acl_get('f_download', $row['forum_id']) && $row['post_attachment']) ? $user->img('icon_topic_attach', $user->lang['TOTAL_ATTACHMENTS']) : '',
-					));
+					];
+
+					/**
+					 * Alter reported posts template block for MCP front page
+					 *
+					 * @event core.mcp_front_view_modify_reported_post_row
+					 * @var	array	forum_list			List of forums that contain the posts
+					 * @var	string	mode				MCP front view mode
+					 * @var	array	reported_post_row	Template block array of the reported post
+					 * @var	array	row					Array with reported post data
+					 * @since 3.3.5-RC1
+					 */
+					$vars = [
+						'forum_list',
+						'mode',
+						'reported_post_row',
+						'row',
+					];
+					extract($phpbb_dispatcher->trigger_event('core.mcp_front_view_modify_reported_post_row', compact($vars)));
+
+					$template->assign_block_vars('report', $reported_post_row);
 				}
 				$db->sql_freeresult($result);
 			}

phpBB/includes/mcp/mcp_logs.php

@@ -179,7 +179,7 @@ class mcp_logs
 		$sql_sort = $sort_by_sql[$sort_key] . ' ' . (($sort_dir == 'd') ? 'DESC' : 'ASC');
 
 		$keywords = $request->variable('keywords', '', true);
-		$keywords_param = !empty($keywords) ? '&keywords=' . urlencode(htmlspecialchars_decode($keywords)) : '';
+		$keywords_param = !empty($keywords) ? '&keywords=' . urlencode(htmlspecialchars_decode($keywords, ENT_COMPAT)) : '';
 
 		// Grab log data
 		$log_data = array();