[prep-release-3.3.4] Update changelog for 3.3.4-RC1

[ticket/16726] Update composer & vendor packages to latest versions

.appveyor.yml

@@ -1,144 +0,0 @@
-build: false
-clone_folder: c:\projects\phpbb
-version: '{build}'
-
-services:
-  - iis
-
-environment:
-  COMPOSER_AUTH:
-    secure: '{"github-oauth": {"github.com": "zvq38wk7sRe87Y9W2OCYXcK7WKQDsig7GRIUDHGmxm6ZQRK8JswPbi8JoJQbFhM+"}}'
-  matrix:
-  - db: mssql
-    db_version: sql2012sp1
-    php: 7.1
-  - db: mssql
-    db_version: sql2014
-    php: 7.1
-  - db: mssql
-    db_version: sql2016
-    php: 7.2
-#  - db: mssql
-#    db_version: sql2017
-#    php: 7.1
-#  - db: mariadb
-#    php: 7.1
-#  - db: mysqli
-#    php: 7.1
-#  - db: sqlite
-#    php: 7.1
-#  - db: postgresql
-#    php: 7.1
-
-hosts:
-  phpbb.test: 127.0.0.1
-
-init:
-  - SET PATH=%systemroot%\system32\inetsrv\;C:\Program Files\OpenSSL;C:\tools\php;c:\php;%PATH%
-  - SET ANSICON=121x90 (121x90)
-  - REG ADD "HKEY_CURRENT_USER\Software\Microsoft\Command Processor" /v DelayedExpansion /t REG_DWORD /d 1 /f
-
-before_test:
-  - ps: |
-      Set-Service wuauserv -StartupType Manual
-      choco install chocolatey -y --version 0.10.13 --allow-downgrade
-      choco install php -y --version ((choco search php --exact --all-versions -r | select-string -pattern $env:php | sort { [version]($_ -split '\|' | select -last 1) } -Descending | Select-Object -first 1) -replace '[php|]','')
-      Get-ChildItem -Path "c:\tools\php$($env:php -replace '([0-9])[.]([0-9])[.]?([0-9]+)?','$1$2')" -Recurse |
-          Move-Item -destination "c:\tools\php"
-      cd c:\tools\php
-      cat php.ini-development | %{$_ -replace "memory_limit = 128M","memory_limit = 1024M"} | Out-File -Encoding "Default" php.ini
-      Add-Content php.ini "`n date.timezone=UTC"
-      Add-Content php.ini "`n display_errors=On"
-      Add-Content php.ini "`n extension_dir=ext"
-      Add-Content php.ini "`n extension=php_openssl.dll"
-      Add-Content php.ini "`n extension=php_mbstring.dll"
-      Add-Content php.ini "`n extension=php_curl.dll"
-      Add-Content php.ini "`n extension=php_gd2.dll"
-      Add-Content php.ini "`n extension=php_tidy.dll"
-      Add-Content php.ini "`n extension=php_fileinfo.dll"
-      Add-Content php.ini "`n extension=php_pdo_sqlite.dll"
-      Add-Content php.ini "`n extension=php_sqlite3.dll"
-      Add-Content php.ini "`n extension=php_pdo_mysql.dll"
-      Add-Content php.ini "`n extension=php_mysqli.dll"
-      Add-Content php.ini "`n extension=php_pdo_pgsql.dll"
-      Add-Content php.ini "`n extension=php_pgsql.dll"
-
-      # Get MSSQL driver
-      if ($env:db -eq "mssql") {
-        cd c:\tools\php\ext
-        $DLLVersion = "5.3.0"
-        $VCVersion = If ([System.Version]"$($env:php)" -ge [System.Version]"7.2") {"vc15"} Else {"vc14"}
-        curl -o php_sqlsrv-$($DLLVersion)-$($env:php -replace '([0-9])[.]([0-9])[.]?([0-9]+)?','$1.$2')-nts-vc14-x64.zip https://windows.php.net/downloads/pecl/releases/sqlsrv/$($:DLLVersion)/php_sqlsrv-$($DLLVersion)-$($env:php -replace '([0-9])[.]([0-9])[.]?([0-9]+)?','$1.$2')-nts-$($VCVersion)-x64.zip
-        7z x -y php_sqlsrv-$($DLLVersion)-$($env:php -replace '([0-9])[.]([0-9])[.]?([0-9]+)?','$1.$2')-nts-vc14-x64.zip > $null
-        curl -o php_pdo_sqlsrv-$($DLLVersion)-$($env:php -replace '([0-9])[.]([0-9])[.]?([0-9]+)?','$1.$2')-nts-vc14-x64.zip https://windows.php.net/downloads/pecl/releases/pdo_sqlsrv/$($DLLVersion)/php_pdo_sqlsrv-$($DLLVersion)-$($env:php -replace '([0-9])[.]([0-9])[.]?([0-9]+)?','$1.$2')-nts-$($VCVersion)-x64.zip
-        7z x -y php_pdo_sqlsrv-$($DLLVersion)-$($env:php -replace '([0-9])[.]([0-9])[.]?([0-9]+)?','$1.$2')-nts-vc14-x64.zip > $null
-        Remove-Item c:\tools\php\* -include .zip
-        cd c:\tools\php
-        Add-Content php.ini "`nextension=php_sqlsrv.dll"
-        Add-Content php.ini "`nextension=php_pdo_sqlsrv.dll"
-        Add-Content php.ini "`n"
-
-        $instanceName = $env:db_version.ToUpper()
-        Start-Service "MSSQL`$$instanceName"
-        Set-Variable -Name "sqlServerPath" -Value "(local)\$($env:db_version.ToUpper())"
-
-        # Create database write test config
-        sqlcmd -S $sqlServerPath -Q "Use [master]; CREATE DATABASE [phpbb_test] COLLATE Latin1_General_CI_AS"
-        $data = "<?php`n`n`$dbms = 'phpbb\\db\\driver\\mssqlnative';`n`$dbhost = '.\\$env:db_version';`n`$dbport = '';`n`$dbname = 'phpbb_test';`n`$dbuser = 'sa';`n`$dbpasswd = 'Password12!';`n`$phpbb_functional_url = 'http://phpbb.test/';"; $data | Out-File -Encoding "Default" "c:\\projects\\phpbb\\tests\\test_config.php"
-      }
-      elseif ($env:db -eq "mysqli") {
-        Start-Service MySQL57
-        $env:MYSQL_PWD="Password12!"
-        $cmd = '"C:\Program Files\MySQL\MySQL Server 5.7\bin\mysql" -e "create database phpbb_test;" --user=root'
-        iex "& $cmd"
-        $data = "<?php`n`n`$dbms = 'phpbb\\db\\driver\\mysqli';`n`$dbhost = 'localhost';`n`$dbport = '';`n`$dbname = 'phpbb_test';`n`$dbuser = 'root';`n`$dbpasswd = 'Password12!';`n`$phpbb_functional_url = 'http://phpbb.test/';"; $data | Out-File -Encoding "Default" "c:\\projects\\phpbb\\tests\\test_config.php"
-      }
-      elseif ($env:db -eq "postgresql") {
-        Start-Service postgresql-x64-9.5
-        $env:PGUSER="postgres"
-        $env:PGPASSWORD="Password12!"
-        $Env:Path="C:\Program Files\PostgreSQL\9.6\bin\;$($Env:Path)"
-        createdb phpbb_test
-        $data = "<?php`n`n`$dbms = 'phpbb\\db\\driver\\postgres';`n`$dbhost = 'localhost';`n`$dbport = '';`n`$dbname = 'phpbb_test';`n`$dbuser = 'postgres';`n`$dbpasswd = 'Password12!';`n`$phpbb_functional_url = 'http://phpbb.test/';"; $data | Out-File -Encoding "Default" "c:\\projects\\phpbb\\tests\\test_config.php"
-      }
-      elseif ($env:db -eq "mariadb") {
-        appveyor-retry choco install mariadb -y --force
-        $env:MYSQL_PWD=""
-        $cmd = '"C:\Program Files\MariaDB 10.2\bin\mysql" -e "create database phpbb_test;" --user=root'
-        iex "& $cmd"
-        $data = "<?php`n`n`$dbms = 'phpbb\\db\\driver\\mysqli';`n`$dbhost = 'localhost';`n`$dbport = '';`n`$dbname = 'phpbb_test';`n`$dbuser = 'root';`n`$dbpasswd = '';`n`$phpbb_functional_url = 'http://phpbb.test/';"; $data | Out-File -Encoding "Default" "c:\\projects\\phpbb\\tests\\test_config.php"
-      }
-      elseif ($env:db -eq "sqlite") {
-        # install sqlite
-        appveyor-retry choco install sqlite -y
-        sqlite3 c:\projects\test.db "create table aTable(field1 int); drop table aTable;"
-        $data = "<?php`n`n`$dbms = 'phpbb\\db\\driver\\sqlite3';`n`$dbhost = 'c:\\projects\\test.db';`n`$dbport = '';`n`$dbname = '';`n`$dbuser = '';`n`$dbpasswd = '';`n`$phpbb_functional_url = 'http://phpbb.test/';"; $data | Out-File -Encoding "Default" "c:\\projects\\phpbb\\tests\\test_config.php"
-      }
-  - ps: |
-      cd c:\projects\phpbb\phpBB
-      (Get-Content c:\projects\phpbb\phpBB\web.config).replace("<configuration>", "<configuration>`n`t<system.web>`n`t`t<customErrors mode=`"Off`"/>`n`t</system.web>") | Set-Content c:\projects\phpbb\phpBB\web.config
-      (Get-Content c:\projects\phpbb\phpBB\web.config).replace("`t</system.webServer>", "`t`t<httpErrors errorMode=`"Detailed`" />`n`t</system.webServer>") | Set-Content c:\projects\phpbb\phpBB\web.config
-  - cd c:\projects\phpbb\phpBB
-  - php ..\composer.phar install
-  - choco install urlrewrite -y
-  - ps: New-WebSite -Name 'phpBBTest' -PhysicalPath 'c:\projects\phpbb\phpBB' -Force
-  - ps: Import-Module WebAdministration; Set-ItemProperty 'IIS:\Sites\phpBBTest' -name Bindings -value @{protocol='http';bindingInformation='*:80:phpbb.test'}
-  - echo Change default anonymous user AUTH to ApplicationPool
-  - appcmd set config -section:anonymousAuthentication /username:"" --password
-  - echo Setup FAST-CGI configuration
-  - appcmd set config /section:system.webServer/fastCGI /+[fullPath='C:\tools\php\php-cgi.exe']
-  - echo Setup FACT-CGI handler
-  - appcmd set config /section:system.webServer/handlers /+[name='PHP-FastCGI',path='*.php',verb='*',modules='FastCgiModule',scriptProcessor='C:\tools\php\php-cgi.exe',resourceType='Either']
-  - iisreset
-  - NET START W3SVC
-  - mkdir "C:\projects\phpbb\phpBB\cache\test"
-  - mkdir "C:\projects\phpbb\phpBB\cache\installer"
-  - icacls "C:\projects\phpbb\phpBB\cache" /grant Users:F /T
-  - icacls "C:\projects\phpbb\phpBB\files" /grant Users:F /T
-  - icacls "C:\projects\phpbb\phpBB\store" /grant Users:F /T
-  - icacls "C:\projects\phpbb\phpBB\images\avatars\upload" /grant Users:F /T
-
-test_script:
-  - cd c:\projects\phpbb
-  - php -e phpBB\vendor\phpunit\phpunit\phpunit --verbose
-

.github/PULL_REQUEST_TEMPLATE.md

@@ -1,8 +1,8 @@
 Checklist:
 
-- [ ] Correct branch: master for new features; 3.3.x & 3.2.x for fixes
+- [ ] Correct branch: master for new features; 3.3.x for fixes
 - [ ] Tests pass
-- [ ] Code follows coding guidelines: [master](https://area51.phpbb.com/docs/dev/master/development/coding_guidelines.html), [3.3.x](https://area51.phpbb.com/docs/dev/3.3.x/development/coding_guidelines.html) and [3.2.x](https://area51.phpbb.com/docs/dev/3.2.x/development/coding_guidelines.html)
+- [ ] Code follows coding guidelines: [master](https://area51.phpbb.com/docs/dev/master/development/coding_guidelines.html) and [3.3.x](https://area51.phpbb.com/docs/dev/3.3.x/development/coding_guidelines.html)
 - [ ] Commit follows commit message [format](https://area51.phpbb.com/docs/dev/3.3.x/development/git.html)
 
 Tracker ticket (set the ticket ID to **your ticket ID**):

.github/check-doctum-parse-errors.sh

@@ -0,0 +1,26 @@
+#!/bin/bash
+#
+# This file is part of the phpBB Forum Software package.
+#
+# @copyright (c) phpBB Limited <https://www.phpbb.com>
+# @license GNU General Public License, version 2 (GPL-2.0)
+#
+# For full copyright and license information, please see
+# the docs/CREDITS.txt file.
+#
+set -e
+
+if [ ! -f doctum.phar ]; then
+	# Download the latest (5.1.x) release if the file does not exist
+	# Remove it to update your phar
+	curl -O https://doctum.long-term.support/releases/5.1/doctum.phar
+	rm -f doctum.phar.sha256
+	curl -O https://doctum.long-term.support/releases/5.1/doctum.phar.sha256
+	sha256sum --strict --check doctum.phar.sha256
+	rm -f doctum.phar.sha256
+	# You can fetch the latest (5.1.x) version code here:
+	# https://doctum.long-term.support/releases/5.1/VERSION
+fi
+# Show the version to inform users of the script
+php doctum.phar --version
+php doctum.phar parse build/doctum-checkout.conf.php -v

.github/check-executable-files.sh

@@ -0,0 +1,63 @@
+#!/bin/bash
+#
+# This file is part of the phpBB Forum Software package.
+#
+# @copyright (c) phpBB Limited <https://www.phpbb.com>
+# @license GNU General Public License, version 2 (GPL-2.0)
+#
+# For full copyright and license information, please see
+# the docs/CREDITS.txt file.
+#
+set -e
+
+root="$1"
+path="${root}phpBB/"
+
+# Check the permissions of the files
+
+# The following variables MUST NOT contain any wildcard
+# Directories to skip
+directories_skipped="-path ${path}develop -o -path ${path}vendor"
+
+# Files to skip
+files_skipped="-false"
+
+# Files which have to be executable
+executable_files="-path ${path}bin/* -o -path ${path}install/phpbbcli.php"
+
+incorrect_files=$( 								\
+	find ${path}								\
+		'('										\
+			'('									\
+				${directories_skipped}			\
+			')'									\
+			-a -type d -prune -a -type f		\
+		')' -o 									\
+		'('										\
+			-type f -a							\
+			-not '('							\
+				${files_skipped}				\
+			')' -a								\
+			'('									\
+				'('								\
+					'('							\
+						${executable_files}		\
+					')' -a						\
+					-not -perm /100				\
+				')' -o							\
+				'('								\
+					-not '('					\
+						${executable_files}		\
+					')' -a						\
+					-perm /111					\
+				')'								\
+			')'									\
+		')'										\
+	)
+
+if [ "${incorrect_files}" != '' ]
+then
+	echo "The following files do not have proper permissions:";
+	ls -la ${incorrect_files}
+	exit 1;
+fi

.github/check-image-icc-profiles.sh

@@ -0,0 +1,14 @@
+#!/bin/bash
+#
+# This file is part of the phpBB Forum Software package.
+#
+# @copyright (c) phpBB Limited <https://www.phpbb.com>
+# @license GNU General Public License, version 2 (GPL-2.0)
+#
+# For full copyright and license information, please see
+# the docs/CREDITS.txt file.
+#
+set -e
+
+find . -type f -a -iregex '.*\.\(gif\|jpg\|jpeg\|png\)$' -a -not -wholename '*vendor/*' | \
+	parallel --gnu --keep-order 'phpBB/develop/strip_icc_profiles.sh {}'

.github/ext-check-executable-files.sh

@@ -0,0 +1,64 @@
+#!/bin/bash
+#
+# This file is part of the phpBB Forum Software package.
+#
+# @copyright (c) phpBB Limited <https://www.phpbb.com>
+# @license GNU General Public License, version 2 (GPL-2.0)
+#
+# For full copyright and license information, please see
+# the docs/CREDITS.txt file.
+#
+set -e
+
+root="$1"
+extname="$2"
+path="${root}phpBB/ext/${extname}/"
+
+# Check the permissions of the files
+
+# The following variables MUST NOT contain any wildcard
+# Directories to skip
+directories_skipped="-path ${path}develop -o -path ${path}vendor -o -path ${path}.git"
+
+# Files to skip
+files_skipped="-false"
+
+# Files which have to be executable
+executable_files="-path ${path}bin/* -o -path ${path}install/phpbbcli.php"
+
+incorrect_files=$( 								\
+	find ${path}								\
+		'('										\
+			'('									\
+				${directories_skipped}			\
+			')'									\
+			-a -type d -prune -a -type f		\
+		')' -o 									\
+		'('										\
+			-type f -a							\
+			-not '('							\
+				${files_skipped}				\
+			')' -a								\
+			'('									\
+				'('								\
+					'('							\
+						${executable_files}		\
+					')' -a						\
+					-not -perm /100				\
+				')' -o							\
+				'('								\
+					-not '('					\
+						${executable_files}		\
+					')' -a						\
+					-perm /111					\
+				')'								\
+			')'									\
+		')'										\
+	)
+
+if [ "${incorrect_files}" != '' ]
+then
+	echo "The following files do not have proper permissions:";
+	ls -la ${incorrect_files}
+	exit 1;
+fi

.github/ext-sniff.sh

@@ -0,0 +1,25 @@
+#!/bin/bash
+#
+# This file is part of the phpBB Forum Software package.
+#
+# @copyright (c) phpBB Limited <https://www.phpbb.com>
+# @license GNU General Public License, version 2 (GPL-2.0)
+#
+# For full copyright and license information, please see
+# the docs/CREDITS.txt file.
+#
+set -e
+set -x
+
+EXTNAME=$1
+NOTESTS=$2
+
+if [ "$NOTESTS" == "1" ]
+then
+	phpBB/vendor/bin/phpcs 											\
+		-s															\
+		--extensions=php											\
+		--standard=build/code_sniffer/ruleset-php-extensions.xml	\
+		--ignore=*/"$EXTNAME"/tests/*,*/"$EXTNAME"/vendor/*			\
+		phpBB/ext/"$EXTNAME"
+fi

.github/ldap/base.ldif

@@ -0,0 +1,41 @@
+dn: dc=example,dc=com
+objectClass: top
+objectClass: dcObject
+objectClass: organization
+o: example
+dc: example
+
+dn: ou=foo,dc=example,dc=com
+objectClass: organizationalUnit
+ou: foo
+
+dn: cn=admin,dc=example,dc=com
+objectClass: simpleSecurityObject
+objectClass: organizationalRole
+cn: admin
+description: LDAP administrator
+userPassword:: e1NTSEF9NytMR2gveUxTMzdsc3RRd1V1dENZSVA0TWdYdm9SdDY=
+
+dn: ou=group,dc=example,dc=com
+objectClass: organizationalUnit
+ou: group
+
+dn: cn=admin,ou=foo,dc=example,dc=com
+objectClass: posixAccount
+objectClass: inetOrgPerson
+objectClass: organizationalPerson
+objectClass: person
+loginShell: /bin/bash
+homeDirectory: /home/admin
+uid: admin
+cn: admin
+uidNumber: 10000
+gidNumber: 10000
+sn: admin
+mail: admin@example.com
+userPassword:: e1NTSEF9WHpueGZURHZZc21JSkl6czdMVXBjdCtWYTA1dlMzVlQ=
+
+dn: cn=admin,ou=group,dc=example,dc=com
+objectClass: posixGroup
+gidNumber: 10000
+cn: admin

.github/ldap/slapd.conf

@@ -0,0 +1,17 @@
+# See slapd.conf(5) for details on configuration options.
+include   /etc/ldap/schema/core.schema
+include   /etc/ldap/schema/cosine.schema
+include   /etc/ldap/schema/inetorgperson.schema
+include   /etc/ldap/schema/nis.schema
+
+pidfile         /var/tmp/slapd/slapd.pid
+argsfile        /var/tmp/slapd/slapd.args
+
+modulepath     /usr/lib/openldap
+
+database  ldif
+directory /var/tmp/slapd
+
+suffix    "dc=example,dc=com"
+rootdn    "cn=admin,dc=example,dc=com"
+rootpw    adminadmin

.github/phing-sniff.sh

@@ -0,0 +1,16 @@
+#!/bin/bash
+#
+# This file is part of the phpBB Forum Software package.
+#
+# @copyright (c) phpBB Limited <https://www.phpbb.com>
+# @license GNU General Public License, version 2 (GPL-2.0)
+#
+# For full copyright and license information, please see
+# the docs/CREDITS.txt file.
+#
+set -e
+set -x
+
+cd build
+../phpBB/vendor/bin/phing sniff
+cd ..

.github/phpunit-mariadb-github.xml

@@ -0,0 +1,39 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<phpunit backupGlobals="true"
+         backupStaticAttributes="false"
+         colors="true"
+         convertErrorsToExceptions="true"
+         convertNoticesToExceptions="true"
+         convertWarningsToExceptions="true"
+         processIsolation="false"
+         stopOnFailure="false"
+         verbose="true"
+         bootstrap="../tests/bootstrap.php">
+	<testsuites>
+		<testsuite name="phpBB Test Suite">
+			<directory suffix="_test.php">../tests</directory>
+			<exclude>../tests/functional</exclude>
+			<exclude>../tests/lint_test.php</exclude>
+		</testsuite>
+		<testsuite name="phpBB Functional Tests">
+			<directory suffix="_test.php">../tests/functional</directory>
+		</testsuite>
+	</testsuites>
+
+	<groups>
+		<exclude>
+			<group>slow</group>
+		</exclude>
+	</groups>
+
+	<php>
+		<server name="PHPBB_TEST_DBMS" value="mysqli" />
+		<server name="PHPBB_TEST_DBHOST" value="0.0.0.0" />
+		<server name="PHPBB_TEST_DBPORT" value="3306" />
+		<server name="PHPBB_TEST_DBNAME" value="phpbb_tests" />
+		<server name="PHPBB_TEST_DBUSER" value="root" />
+		<server name="PHPBB_TEST_DBPASSWD" value="" />
+		<server name="PHPBB_TEST_TABLE_PREFIX" value="phpbb_"/>
+		<server name="PHPBB_FUNCTIONAL_URL" value="http://localhost/" />
+	</php>
+</phpunit>

.github/phpunit-mssql-github.xml

@@ -0,0 +1,41 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<phpunit backupGlobals="true"
+         backupStaticAttributes="false"
+         colors="true"
+         convertErrorsToExceptions="true"
+         convertNoticesToExceptions="true"
+         convertWarningsToExceptions="true"
+         processIsolation="false"
+         stopOnFailure="false"
+         verbose="true"
+         bootstrap="../tests/bootstrap.php">
+	<testsuites>
+		<testsuite name="phpBB Test Suite">
+			<directory suffix="_test.php">../tests</directory>
+			<exclude>../tests/functional</exclude>
+			<exclude>../tests/lint_test.php</exclude>
+		</testsuite>
+		<testsuite name="phpBB Functional Tests">
+			<directory suffix="_test.php">../tests/functional</directory>
+		</testsuite>
+	</testsuites>
+
+	<groups>
+		<exclude>
+			<group>slow</group>
+		</exclude>
+	</groups>
+
+	<php>
+		<server name="PHPBB_TEST_DBMS" value="phpbb\db\driver\mssqlnative" />
+		<server name="PHPBB_TEST_DBHOST" value="127.0.0.1" />
+		<server name="PHPBB_TEST_DBPORT" value="" />
+		<server name="PHPBB_TEST_DBNAME" value="phpbb_tests" />
+		<server name="PHPBB_TEST_DBUSER" value="sa" />
+		<server name="PHPBB_TEST_DBPASSWD" value="Pssw0rd_12" />
+		<server name="PHPBB_TEST_REDIS_HOST" value="localhost" />
+		<server name="PHPBB_TEST_MEMCACHED_HOST" value="localhost" />
+		<server name="PHPBB_TEST_TABLE_PREFIX" value="phpbb_"/>
+		<server name="PHPBB_FUNCTIONAL_URL" value="http://localhost/" />
+	</php>
+</phpunit>

.github/phpunit-mysql-github.xml

@@ -0,0 +1,41 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<phpunit backupGlobals="true"
+         backupStaticAttributes="false"
+         colors="true"
+         convertErrorsToExceptions="true"
+         convertNoticesToExceptions="true"
+         convertWarningsToExceptions="true"
+         processIsolation="false"
+         stopOnFailure="false"
+         verbose="true"
+         bootstrap="../tests/bootstrap.php">
+	<testsuites>
+		<testsuite name="phpBB Test Suite">
+			<directory suffix="_test.php">../tests</directory>
+			<exclude>../tests/functional</exclude>
+			<exclude>../tests/lint_test.php</exclude>
+		</testsuite>
+		<testsuite name="phpBB Functional Tests">
+			<directory suffix="_test.php">../tests/functional</directory>
+		</testsuite>
+	</testsuites>
+
+	<groups>
+		<exclude>
+			<group>slow</group>
+		</exclude>
+	</groups>
+
+	<php>
+		<server name="PHPBB_TEST_DBMS" value="phpbb\db\driver\mysqli" />
+		<server name="PHPBB_TEST_DBHOST" value="0.0.0.0" />
+		<server name="PHPBB_TEST_DBPORT" value="3306" />
+		<server name="PHPBB_TEST_DBNAME" value="phpbb_tests" />
+		<server name="PHPBB_TEST_DBUSER" value="root" />
+		<server name="PHPBB_TEST_DBPASSWD" value="" />
+		<server name="PHPBB_TEST_REDIS_HOST" value="localhost" />
+		<server name="PHPBB_TEST_MEMCACHED_HOST" value="localhost" />
+		<server name="PHPBB_TEST_TABLE_PREFIX" value="phpbb_"/>
+		<server name="PHPBB_FUNCTIONAL_URL" value="http://localhost/" />
+	</php>
+</phpunit>

.github/phpunit-postgres-github.xml

@@ -0,0 +1,41 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<phpunit backupGlobals="true"
+         backupStaticAttributes="false"
+         colors="true"
+         convertErrorsToExceptions="true"
+         convertNoticesToExceptions="true"
+         convertWarningsToExceptions="true"
+         processIsolation="false"
+         stopOnFailure="false"
+         verbose="true"
+         bootstrap="../tests/bootstrap.php">
+	<testsuites>
+		<testsuite name="phpBB Test Suite">
+			<directory suffix="_test.php">../tests</directory>
+			<exclude>../tests/functional</exclude>
+			<exclude>../tests/lint_test.php</exclude>
+		</testsuite>
+		<testsuite name="phpBB Functional Tests">
+			<directory suffix="_test.php">../tests/functional</directory>
+		</testsuite>
+	</testsuites>
+
+	<groups>
+		<exclude>
+			<group>slow</group>
+		</exclude>
+	</groups>
+
+	<php>
+		<server name="PHPBB_TEST_DBMS" value="phpbb\db\driver\postgres"/>
+		<server name="PHPBB_TEST_DBHOST" value="localhost" />
+		<server name="PHPBB_TEST_DBPORT" value="5432" />
+		<server name="PHPBB_TEST_DBNAME" value="phpbb_tests" />
+		<server name="PHPBB_TEST_DBUSER" value="postgres" />
+		<server name="PHPBB_TEST_DBPASSWD" value="postgres" />
+		<server name="PHPBB_TEST_REDIS_HOST" value="localhost" />
+		<server name="PHPBB_TEST_MEMCACHED_HOST" value="localhost" />
+		<server name="PHPBB_TEST_TABLE_PREFIX" value="phpbb_"/>
+		<server name="PHPBB_FUNCTIONAL_URL" value="http://localhost/" />
+	</php>
+</phpunit>

.github/phpunit-psql-windows-github.xml

@@ -0,0 +1,41 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<phpunit backupGlobals="true"
+         backupStaticAttributes="false"
+         colors="true"
+         convertErrorsToExceptions="true"
+         convertNoticesToExceptions="true"
+         convertWarningsToExceptions="true"
+         processIsolation="false"
+         stopOnFailure="false"
+         verbose="true"
+         bootstrap="../tests/bootstrap.php">
+	<testsuites>
+		<testsuite name="phpBB Test Suite">
+			<directory suffix="_test.php">../tests</directory>
+			<exclude>../tests/functional</exclude>
+			<exclude>../tests/lint_test.php</exclude>
+		</testsuite>
+		<testsuite name="phpBB Functional Tests">
+			<directory suffix="_test.php">../tests/functional</directory>
+		</testsuite>
+	</testsuites>
+
+	<groups>
+		<exclude>
+			<group>slow</group>
+		</exclude>
+	</groups>
+
+	<php>
+		<server name="PHPBB_TEST_DBMS" value="phpbb\db\driver\postgres"/>
+		<server name="PHPBB_TEST_DBHOST" value="localhost" />
+		<server name="PHPBB_TEST_DBPORT" value="5432" />
+		<server name="PHPBB_TEST_DBNAME" value="phpbb_tests" />
+		<server name="PHPBB_TEST_DBUSER" value="postgres" />
+		<server name="PHPBB_TEST_DBPASSWD" value="root" />
+		<server name="PHPBB_TEST_REDIS_HOST" value="localhost" />
+		<server name="PHPBB_TEST_MEMCACHED_HOST" value="localhost" />
+		<server name="PHPBB_TEST_TABLE_PREFIX" value="phpbb_"/>
+		<server name="PHPBB_FUNCTIONAL_URL" value="http://phpbb.test/" />
+	</php>
+</phpunit>

.github/phpunit-sqlite3-github.xml

@@ -0,0 +1,35 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<phpunit backupGlobals="true"
+         backupStaticAttributes="false"
+         colors="true"
+         convertErrorsToExceptions="true"
+         convertNoticesToExceptions="true"
+         convertWarningsToExceptions="true"
+         processIsolation="false"
+         stopOnFailure="false"
+         verbose="true"
+         bootstrap="../tests/bootstrap.php">
+	<testsuites>
+		<testsuite name="phpBB Test Suite">
+			<directory suffix="_test.php">../tests</directory>
+			<exclude>../tests/functional</exclude>
+			<exclude>../tests/lint_test.php</exclude>
+		</testsuite>
+		<testsuite name="phpBB Functional Tests">
+			<directory suffix="_test.php">../tests/functional</directory>
+		</testsuite>
+	</testsuites>
+
+	<groups>
+		<exclude>
+			<group>slow</group>
+		</exclude>
+	</groups>
+
+	<php>
+		<server name="PHPBB_TEST_REDIS_HOST" value="localhost" />
+		<server name="PHPBB_TEST_MEMCACHED_HOST" value="localhost" />
+		<server name="PHPBB_TEST_TABLE_PREFIX" value="phpbb_"/>
+		<server name="PHPBB_FUNCTIONAL_URL" value="http://localhost/" />
+	</php>
+</phpunit>

.github/prepare-extension.sh

@@ -0,0 +1,22 @@
+#!/bin/bash
+#
+# This file is part of the phpBB Forum Software package.
+#
+# @copyright (c) phpBB Limited <https://www.phpbb.com>
+# @license GNU General Public License, version 2 (GPL-2.0)
+#
+# For full copyright and license information, please see
+# the docs/CREDITS.txt file.
+#
+set -e
+set -x
+
+EXTNAME=$1
+
+# Move the extension in place
+mkdir --parents phpBB/ext/$EXTNAME
+cp -R ../tmp/* phpBB/ext/$EXTNAME
+
+# Move the test files for extensions in place
+cp -R .github/*.xml phpBB/ext/$EXTNAME/.github
+cp -R .github/*.sh phpBB/ext/$EXTNAME/.github

.github/setup-database.sh

@@ -0,0 +1,26 @@
+#!/bin/bash
+#
+# This file is part of the phpBB Forum Software package.
+#
+# @copyright (c) phpBB Limited <https://www.phpbb.com>
+# @license GNU General Public License, version 2 (GPL-2.0)
+#
+# For full copyright and license information, please see
+# the docs/CREDITS.txt file.
+#
+set -e
+set -x
+
+DB=$1
+MYISAM=$2
+
+if [ "$DB" == "postgres" ]
+then
+	psql -c 'DROP DATABASE IF EXISTS phpbb_tests;' -U postgres
+	psql -c 'create database phpbb_tests;' -U postgres
+fi
+
+if [ "$MYISAM" == '1' ]
+then
+	mysql -h 127.0.0.1 -u root -e 'SET GLOBAL storage_engine=MyISAM;'
+fi

.github/setup-exiftool.sh

@@ -0,0 +1,14 @@
+#!/bin/sh
+#
+# This file is part of the phpBB Forum Software package.
+#
+# @copyright (c) phpBB Limited <https://www.phpbb.com>
+# @license GNU General Public License, version 2 (GPL-2.0)
+#
+# For full copyright and license information, please see
+# the docs/CREDITS.txt file.
+#
+set -e
+
+sudo apt-get update
+sudo apt-get install -y parallel libimage-exiftool-perl

.github/setup-ldap.sh

@@ -0,0 +1,19 @@
+#!/bin/bash
+#
+# This file is part of the phpBB Forum Software package.
+#
+# @copyright (c) phpBB Limited <https://www.phpbb.com>
+# @license GNU General Public License, version 2 (GPL-2.0)
+#
+# For full copyright and license information, please see
+# the docs/CREDITS.txt file.
+#
+set -e
+set -x
+
+sudo apt-get -y install ldap-utils slapd
+mkdir /var/tmp/slapd
+cp .github/ldap/slapd.conf /var/tmp/slapd/slapd.conf
+slapd -d 256 -d 128 -f /var/tmp/slapd/slapd.conf -h ldap://localhost:3389 &
+sleep 3
+ldapadd -h localhost:3389 -D "cn=admin,dc=example,dc=com" -w adminadmin -f .github/ldap/base.ldif

.github/setup-phpbb.sh

@@ -0,0 +1,36 @@
+#!/bin/bash
+#
+# This file is part of the phpBB Forum Software package.
+#
+# @copyright (c) phpBB Limited <https://www.phpbb.com>
+# @license GNU General Public License, version 2 (GPL-2.0)
+#
+# For full copyright and license information, please see
+# the docs/CREDITS.txt file.
+#
+set -e
+set -x
+
+DB=$1
+PHP_VERSION=$2
+NOTESTS=$3
+
+if [ "$NOTESTS" == '1' ]
+then
+	.github/setup-exiftool.sh
+	.github/setup-unbuffer.sh
+fi
+
+if [ "$NOTESTS" != '1' ]
+then
+	.github/setup-webserver.sh
+fi
+
+cd phpBB
+php ../composer.phar install --dev --no-interaction
+if [[ "$PHP_VERSION" =~ ^nightly$ || "$PHP_VERSION" =~ ^8 ]]
+then
+	php ../composer.phar remove phpunit/dbunit --dev --update-with-dependencies \
+	&& php ../composer.phar require symfony/yaml:~4.4 misantron/dbunit:~5.0 phpunit/phpunit:^9.3 --dev --update-with-all-dependencies --ignore-platform-reqs
+fi
+cd ..

.github/setup-unbuffer.sh

@@ -0,0 +1,14 @@
+#!/bin/sh
+#
+# This file is part of the phpBB Forum Software package.
+#
+# @copyright (c) phpBB Limited <https://www.phpbb.com>
+# @license GNU General Public License, version 2 (GPL-2.0)
+#
+# For full copyright and license information, please see
+# the docs/CREDITS.txt file.
+#
+set -e
+
+sudo apt-get update
+sudo apt-get install -y expect-dev

.github/setup-webserver.sh

@@ -0,0 +1,87 @@
+#!/bin/bash
+#
+# This file is part of the phpBB Forum Software package.
+#
+# @copyright (c) phpBB Limited <https://www.phpbb.com>
+# @license GNU General Public License, version 2 (GPL-2.0)
+#
+# For full copyright and license information, please see
+# the docs/CREDITS.txt file.
+#
+set -e
+set -x
+
+sudo apt-get update
+sudo apt-get install -y nginx coreutils
+
+sudo service nginx stop
+
+DIR=$(dirname "$0")
+USER=$(whoami)
+PHPBB_ROOT_PATH=$(realpath "$DIR/../phpBB")
+NGINX_SITE_CONF="/etc/nginx/sites-enabled/default"
+NGINX_CONF="/etc/nginx/nginx.conf"
+APP_SOCK=$(realpath "$DIR")/php-app.sock
+NGINX_PHP_CONF="$DIR/nginx-php.conf"
+
+# php-fpm
+PHP_FPM_BIN="/usr/sbin/php-fpm$PHP_VERSION"
+PHP_FPM_CONF="$DIR/php-fpm.conf"
+
+if [ "$PHP_VERSION" == '8.1' ]
+then
+	if [ -f "/usr/sbin/php-fpm8.0" ]
+	then
+		PHP_FPM_BIN="/usr/sbin/php-fpm8.0"
+	elif [ ! -f $PHP_FPM_BIN ] && [ -f "/usr/bin/php-fpm" ]
+	then
+		PHP_FPM_BIN="/usr/bin/php-fpm"
+	fi
+fi
+
+if [ ! -f $PHP_FPM_BIN ] && [ "$PHP_VERSION" != '8.1' ]
+then
+	sudo apt-get install php$PHP_VERSION-fpm php$PHP_VERSION-cli \
+						php$PHP_VERSION-curl php$PHP_VERSION-xml php$PHP_VERSION-mbstring \
+						php$PHP_VERSION-zip php$PHP_VERSION-mysql php$PHP_VERSION-sqlite3 \
+						php$PHP_VERSION-intl php$PHP_VERSION-gd php$PHP_VERSION-pgsql
+	sudo service php$PHP_VERSION-fpm start
+	sudo service php$PHP_VERSION-fpm status
+fi
+
+echo "
+	[global]
+
+	[ci]
+	user = $USER
+	group = $USER
+	listen = $APP_SOCK
+	listen.mode = 0666
+	pm = static
+	pm.max_children = 2
+
+	php_admin_value[memory_limit] = 128M
+" > $PHP_FPM_CONF
+
+sudo $PHP_FPM_BIN \
+	--fpm-config "$DIR/php-fpm.conf"
+
+# nginx
+sudo sed -i "s/user www-data;/user $USER;/g" $NGINX_CONF
+sudo cp "$DIR/../phpBB/docs/nginx.sample.conf" "$NGINX_SITE_CONF"
+sudo sed -i \
+	-e "s/example\.com/localhost/g" \
+	-e "s|root /path/to/phpbb;|root $PHPBB_ROOT_PATH;|g" \
+	$NGINX_SITE_CONF
+
+# Generate FastCGI configuration for Nginx
+echo "
+upstream php {
+	server unix:$APP_SOCK;
+}
+" > $NGINX_PHP_CONF
+
+sudo mv "$NGINX_PHP_CONF" /etc/nginx/conf.d/php.conf
+
+sudo nginx -T
+sudo service nginx start

.github/workflows/tests.yml

@@ -0,0 +1,529 @@
+name: Tests
+
+on:
+    push:
+        branches:
+            - 3.3.x
+            - master
+            - 'prep-release-*'
+        tags:
+            - 'release-*'
+    pull_request:
+        branches:
+            - 3.3.x
+            - master
+            - 'prep-release-*'
+
+jobs:
+    # Basic checks, e.g. parse errors, commit messages, etc.
+    basic-checks:
+        runs-on: ubuntu-18.04
+        strategy:
+            matrix:
+                include:
+                    - db: 'none'
+                      php: '7.1'
+                      NOTESTS: 1
+
+        name: PHP ${{ matrix.php }} - ${{ matrix.db }}
+
+        steps:
+            - name: Checkout repository
+              uses: actions/checkout@v2
+              with:
+                  fetch-depth: 100
+
+            - name: Setup PHP
+              uses: shivammathur/setup-php@v2
+              with:
+                  php-version: ${{ matrix.php }}
+                  extensions: dom, curl, libxml, mbstring, zip, pcntl, pdo, mysqli, sqlite, pdo_sqlite, intl, gd, exif, iconv, sqlsrv, pdo_sqlsrv, ldap
+                  coverage: none
+
+            - name: Get Composer Cache Directory
+              id: composer-cache
+              env:
+                  PHP_VERSION: ${{ matrix.php }}
+              run: |
+                  cd phpBB
+                  echo "::set-output name=dir::$(composer config cache-files-dir)"
+                  echo "::set-output name=version::${PHP_VERSION%.*}"
+                  cd ..
+
+            - name: Cache Composer dependencies
+              uses: actions/cache@v2
+              with:
+                  path: ${{ steps.composer-cache.outputs.dir }}
+                  key: composer-${{ steps.composer-cache.outputs.version }}-${{ hashFiles('phpBB/composer.lock') }}
+
+            - name: Setup environment for phpBB
+              env:
+                  DB: ${{ matrix.db }}
+                  PHP_VERSION: ${{ matrix.php }}
+                  NOTESTS: '1'
+              run: |
+                  .github/setup-phpbb.sh $DB $PHP_VERSION $NOTESTS
+
+            - name: Phing sniff
+              run: |
+                  .github/phing-sniff.sh
+
+            - name: Check doctum parse errors
+              run: |
+                  .github/check-doctum-parse-errors.sh
+
+            - name: Check image ICC profiles
+              run: |
+                  .github/check-image-icc-profiles.sh
+
+            - name: Check executable files
+              run: |
+                  .github/check-executable-files.sh ./
+
+            - name: Check commit message
+              if: github.event_name == 'pull_request'
+              run: |
+                  git-tools/commit-msg-hook-range.sh $(git rev-list --merges -n 1 HEAD^1)..$GITHUB_SHA
+
+    # Tests for MySQL and MariaDB
+    mysql-tests:
+        runs-on: ubuntu-18.04
+        strategy:
+            matrix:
+                include:
+                    - php: '7.1'
+                      db: "mariadb:10.1"
+                    - php: '7.1'
+                      db: "mariadb:10.2"
+                    - php: '7.1'
+                      db: "mariadb:10.3"
+                    - php: '7.1'
+                      db: "mariadb:10.4"
+                    - php: '7.1'
+                      db: "mariadb:10.5"
+                    - php: '7.1'
+                      db: "mysql:5.6"
+                      db_alias: "MySQL Slow Tests"
+                      SLOWTESTS: 1
+                    - php: '7.1'
+                      db: "mysql:5.6"
+                      db_alias: "MyISAM Tests"
+                      MYISAM: 1
+                    - php: '7.1'
+                      db: "mysql:5.6"
+                    - php: '7.1'
+                      db: "mysql:5.7"
+                    - php: '7.2'
+                      db: "mysql:5.7"
+                    - php: '7.3'
+                      db: "mysql:5.7"
+                    - php: '7.4'
+                      db: "mysql:5.7"
+                    - php: '7.4'
+                      db: "mysql:8.0"
+                    - php: '8.0'
+                      db: "mysql:5.7"
+                    - php: '8.1'
+                      db: "mysql:5.7"
+
+        name: PHP ${{ matrix.php }} - ${{ matrix.db_alias != '' && matrix.db_alias || matrix.db }}
+
+        services:
+            mysql:
+                image: ${{ matrix.db }}
+                env:
+                    MYSQL_ALLOW_EMPTY_PASSWORD: yes
+                    MYSQL_DATABASE: phpbb_tests
+                ports:
+                    - 3306:3306
+                options: >-
+                    --health-cmd="mysqladmin ping"
+                    --health-interval=10s
+                    --health-timeout=5s
+                    --health-retries=3
+
+            redis:
+                image: redis
+                options: >-
+                    --health-cmd "redis-cli ping"
+                    --health-interval 10s
+                    --health-timeout 5s
+                    --health-retries 5
+                ports:
+                    - 6379:6379
+
+        steps:
+            - name: Checkout repository
+              uses: actions/checkout@v2
+
+            - id: database-type
+              env:
+                  MATRIX_DB: ${{ matrix.db }}
+              run: |
+                  db=$(echo "${MATRIX_DB%%:*}")
+                  echo "::set-output name=db::$db"
+
+            - name: Setup PHP
+              uses: shivammathur/setup-php@v2
+              with:
+                  php-version: ${{ matrix.php }}
+                  extensions: dom, curl, libxml, mbstring, zip, pcntl, pdo, mysqli, sqlite, pdo_sqlite, intl, gd, exif, iconv, sqlsrv, pdo_sqlsrv, ldap
+                  coverage: none
+
+            - name: Get Composer Cache Directory
+              id: composer-cache
+              env:
+                  PHP_VERSION: ${{ matrix.php }}
+              run: |
+                  cd phpBB
+                  echo "::set-output name=dir::$(composer config cache-files-dir)"
+                  echo "::set-output name=version::${PHP_VERSION%.*}"
+                  cd ..
+
+            - name: Cache Composer dependencies
+              uses: actions/cache@v2
+              with:
+                  path: ${{ steps.composer-cache.outputs.dir }}
+                  key: composer-${{ steps.composer-cache.outputs.version }}-${{ hashFiles('phpBB/composer.lock') }}
+
+            - name: Setup environment for phpBB
+              env:
+                  DB: ${{steps.database-type.outputs.db}}
+                  PHP_VERSION: ${{ matrix.php }}
+                  NOTESTS: '0'
+              run: |
+                  .github/setup-phpbb.sh $DB $PHP_VERSION ${NOTESTS:-0}
+
+            - name: Setup database
+              env:
+                  DB: ${{steps.database-type.outputs.db}}
+                  MYISAM: ${{ matrix.MYISAM != 1 && '0' || '1' }}
+              run: |
+                  .github/setup-database.sh $DB $MYISAM
+
+            - name: Setup LDAP
+              if: ${{ matrix.SLOWTESTS == 1 }}
+              run: |
+                  .github/setup-ldap.sh
+
+            - name: Lint tests
+              if: ${{ matrix.SLOWTESTS != 1 && steps.database-type.outputs.db == 'mysql' }}
+              run: phpBB/vendor/bin/phpunit tests/lint_test.php
+
+            - name: Run unit tests
+              env:
+                  DB: ${{steps.database-type.outputs.db}}
+              if: ${{ matrix.SLOWTESTS != 1 && matrix.NOTESTS != 1 }}
+              run: |
+                  phpBB/vendor/bin/phpunit --configuration .github/phpunit-$DB-github.xml --verbose --stop-on-error
+
+            - name: Slow tests
+              env:
+                  DB: ${{steps.database-type.outputs.db}}
+              if: ${{ matrix.SLOWTESTS == 1 }}
+              run: |
+                  phpBB/vendor/bin/phpunit --configuration .github/phpunit-$DB-github.xml --group slow
+
+    # Tests for PostgreSQL
+    postgres-tests:
+        runs-on: ubuntu-18.04
+        strategy:
+            matrix:
+                include:
+                    - php: '7.1'
+                      db: "postgres:9.5"
+                    - php: '7.1'
+                      db: "postgres:9.6"
+                    - php: '7.1'
+                      db: "postgres:10"
+                    - php: '7.1'
+                      db: "postgres:11"
+                    - php: '7.1'
+                      db: "postgres:12"
+                    - php: '7.1'
+                      db: "postgres:13"
+
+        name: PHP ${{ matrix.php }} - ${{ matrix.db }}
+
+        services:
+            postgres:
+                image: ${{ matrix.db != 'postgres:9.5' && matrix.db != 'postgres:9.6' && matrix.db != 'postgres:10' && matrix.db != 'postgres:11' && matrix.db != 'postgres:12' && matrix.db != 'postgres:13' && 'postgres:10' || matrix.db }}
+                env:
+                    POSTGRES_HOST: localhost
+                    POSTGRES_USER: postgres
+                    POSTGRES_PASSWORD: postgres
+                ports:
+                    - 5432:5432
+                options: >-
+                    -v /var/run/postgresql:/var/run/postgresql
+                    --health-cmd pg_isready
+                    --health-interval 10s
+                    --health-timeout 5s
+                    --health-retries 5
+
+            redis:
+                image: redis
+                options: >-
+                    --health-cmd "redis-cli ping"
+                    --health-interval 10s
+                    --health-timeout 5s
+                    --health-retries 5
+                ports:
+                    - 6379:6379
+
+        steps:
+            - name: Checkout repository
+              uses: actions/checkout@v2
+
+            - id: database-type
+              env:
+                  MATRIX_DB: ${{ matrix.db }}
+              run: |
+                  db=$(echo "${MATRIX_DB%%:*}")
+                  echo "::set-output name=db::$db"
+
+            - name: Setup PHP
+              uses: shivammathur/setup-php@v2
+              with:
+                  php-version: ${{ matrix.php }}
+                  extensions: dom, curl, libxml, mbstring, zip, pcntl, pdo, mysqli, sqlite, pdo_sqlite, intl, gd, exif, iconv, sqlsrv, pdo_sqlsrv, ldap
+                  coverage: none
+
+            - name: Get Composer Cache Directory
+              id: composer-cache
+              env:
+                  PHP_VERSION: ${{ matrix.php }}
+              run: |
+                  cd phpBB
+                  echo "::set-output name=dir::$(composer config cache-files-dir)"
+                  echo "::set-output name=version::${PHP_VERSION%.*}"
+                  cd ..
+
+            - name: Cache Composer dependencies
+              uses: actions/cache@v2
+              with:
+                  path: ${{ steps.composer-cache.outputs.dir }}
+                  key: composer-${{ steps.composer-cache.outputs.version }}-${{ hashFiles('phpBB/composer.lock') }}
+
+            - name: Setup environment for phpBB
+              env:
+                  DB: ${{steps.database-type.outputs.db}}
+                  PHP_VERSION: ${{ matrix.php }}
+                  NOTESTS: '0'
+              run: |
+                  .github/setup-phpbb.sh $DB $PHP_VERSION ${NOTESTS:-0}
+
+            - name: Setup database
+              env:
+                  DB: ${{steps.database-type.outputs.db}}
+                  MYISAM: '0'
+              run: |
+                  .github/setup-database.sh $DB $MYISAM
+
+            - name: Run unit tests
+              env:
+                  DB: ${{steps.database-type.outputs.db}}
+              run: |
+                  phpBB/vendor/bin/phpunit --configuration .github/phpunit-$DB-github.xml --verbose --stop-on-error
+
+    # Other database types, namely sqlite3 and mssql
+    other-tests:
+        runs-on: ubuntu-18.04
+        strategy:
+            matrix:
+                include:
+                    - php: '7.1'
+                      db: "sqlite3"
+                    - php: '7.2'
+                      db: "mcr.microsoft.com/mssql/server:2017-latest"
+                      db_alias: 'MSSQL 2017'
+                    - php: '7.2'
+                      db: "mcr.microsoft.com/mssql/server:2019-latest"
+                      db_alias: 'MSSQL 2019'
+
+        name: PHP ${{ matrix.php }} - ${{ matrix.db_alias != '' && matrix.db_alias || matrix.db }}
+
+        services:
+            mssql:
+                image: ${{ matrix.db != 'mcr.microsoft.com/mssql/server:2017-latest' && matrix.db != 'mcr.microsoft.com/mssql/server:2019-latest' && 'mcr.microsoft.com/mssql/server:2017-latest' || matrix.db }}
+                env:
+                    SA_PASSWORD: "Pssw0rd_12"
+                    ACCEPT_EULA: "y"
+                ports:
+                    - 1433:1433
+                options: >-
+                    --health-cmd="/opt/mssql-tools/bin/sqlcmd -S localhost -U sa -P 'Pssw0rd_12' -Q \"Use [master]; CREATE DATABASE [phpbb_tests] COLLATE Latin1_General_CI_AS\" || exit 1"
+                    --health-interval 10s
+                    --health-timeout 5s
+                    --health-retries 5
+                    --health-start-period 10s
+
+            redis:
+                image: redis
+                options: >-
+                    --health-cmd "redis-cli ping"
+                    --health-interval 10s
+                    --health-timeout 5s
+                    --health-retries 5
+                ports:
+                    - 6379:6379
+
+
+        steps:
+            - name: Checkout repository
+              uses: actions/checkout@v2
+
+            - id: database-type
+              env:
+                  MATRIX_DB: ${{ matrix.db }}
+              run: |
+                  if [ $MATRIX_DB == 'mcr.microsoft.com/mssql/server:2017-latest' ] || [ $MATRIX_DB == 'mcr.microsoft.com/mssql/server:2019-latest' ]
+                  then
+                      db='mssql'
+                  else
+                      db=$(echo "${MATRIX_DB%%:*}")
+                  fi
+                  echo "::set-output name=db::$db"
+
+            - name: Setup PHP
+              uses: shivammathur/setup-php@v2
+              with:
+                  php-version: ${{ matrix.php }}
+                  extensions: dom, curl, libxml, mbstring, zip, pcntl, pdo, mysqli, sqlite, pdo_sqlite, intl, gd, exif, iconv, sqlsrv, pdo_sqlsrv, ldap
+                  coverage: none
+
+            - name: Get Composer Cache Directory
+              id: composer-cache
+              env:
+                  PHP_VERSION: ${{ matrix.php }}
+              run: |
+                  cd phpBB
+                  echo "::set-output name=dir::$(composer config cache-files-dir)"
+                  echo "::set-output name=version::${PHP_VERSION%.*}"
+                  cd ..
+
+            - name: Cache Composer dependencies
+              uses: actions/cache@v2
+              with:
+                  path: ${{ steps.composer-cache.outputs.dir }}
+                  key: composer-${{ steps.composer-cache.outputs.version }}-${{ hashFiles('phpBB/composer.lock') }}
+
+            - name: Setup environment for phpBB
+              env:
+                  DB: ${{steps.database-type.outputs.db}}
+                  PHP_VERSION: ${{ matrix.php }}
+                  NOTESTS: '0'
+              run: |
+                  .github/setup-phpbb.sh $DB $PHP_VERSION ${NOTESTS:-0}
+
+            - name: Setup database
+              env:
+                  DB: ${{steps.database-type.outputs.db}}
+                  MYISAM: '0'
+              run: |
+                  .github/setup-database.sh $DB $MYISAM
+
+            - name: Run unit tests
+              env:
+                  DB: ${{steps.database-type.outputs.db}}
+              run: |
+                  phpBB/vendor/bin/phpunit --configuration .github/phpunit-$DB-github.xml --verbose --stop-on-error
+
+    # Test with IIS & PostgreSQL on Windows
+    windows-tests:
+        runs-on: windows-2016
+        strategy:
+            matrix:
+                include:
+                    - php: '7.4'
+                      db: "postgres"
+
+        name: Windows - PHP ${{ matrix.php }} - ${{ matrix.db }}
+
+        steps:
+            - name: Prepare git for Windows
+              run: |
+                  git config --system core.autocrlf false
+                  git config --system core.eol lf
+            - name: Checkout repository
+              uses: actions/checkout@v2
+
+            - name: Setup PHP
+              uses: shivammathur/setup-php@v2
+              with:
+                  php-version: ${{ matrix.php }}
+                  extensions: dom, curl, libxml, mbstring, zip, pcntl, pdo, intl, gd, exif, iconv, pgsql, pdo_pgsql
+                  ini-values: upload_tmp_dir=${{ runner.temp }}, sys_temp_dir=${{ runner.temp }}
+                  coverage: none
+
+            - name: Get Composer Cache Directory
+              id: composer-cache
+              run: |
+                  cd phpBB
+                  echo "::set-output name=dir::$(composer config cache-files-dir)"
+                  $major_version="${{ matrix.php }}".substring(0,1)
+                  echo "::set-output name=version::$major_version"
+                  cd ..
+
+            - name: Cache Composer dependencies
+              uses: actions/cache@v2
+              with:
+                  path: ${{ steps.composer-cache.outputs.dir }}
+                  key: composer-${{ steps.composer-cache.outputs.version }}-${{ hashFiles('phpBB/composer.lock') }}
+
+            - name: Setup environment for phpBB
+              env:
+                  GITHUB_WORKSPACE: ${{ github.workspace }}
+                  TEMP_DIR: ${{ runner.temp }}
+              run: |
+                  Enable-WindowsOptionalFeature -Online -FeatureName IIS-WebServerRole, IIS-WebServer, IIS-CommonHttpFeatures, IIS-ManagementConsole, IIS-HttpErrors, IIS-HttpRedirect, IIS-WindowsAuthentication, IIS-StaticContent, IIS-DefaultDocument, IIS-HttpCompressionStatic, IIS-DirectoryBrowsing, IIS-WebServerManagementTools, IIS-CGI -All
+                  Set-Service wuauserv -StartupType Manual
+                  (Get-Content ${env:GITHUB_WORKSPACE}\phpBB\web.config).replace("<configuration>", "<configuration>`n`t<system.web>`n`t`t<customErrors mode=`"Off`"/>`n`t</system.web>") | Set-Content ${env:GITHUB_WORKSPACE}\phpBB\web.config
+                  (Get-Content ${env:GITHUB_WORKSPACE}\phpBB\web.config).replace("`t</system.webServer>", "`t`t<httpErrors errorMode=`"Detailed`" />`n`t</system.webServer>") | Set-Content ${env:GITHUB_WORKSPACE}\phpBB\web.config
+                  choco install urlrewrite -y
+                  Import-Module WebAdministration
+                  New-WebSite -Name 'phpBBTest' -PhysicalPath "${env:GITHUB_WORKSPACE}\phpBB" -Force
+                  $session = Get-PSSession -Name WinPSCompatSession
+                  $sb = {Set-ItemProperty 'IIS:\Sites\phpBBTest' -name Bindings -value @{protocol='http';bindingInformation='*:80:phpbb.test'}}
+                  Invoke-Command -Scriptblock $sb -Session $session
+                  $sb = {Set-WebConfigurationProperty -filter /system.WebServer/security/authentication/AnonymousAuthentication -name enabled -value true -location "IIS:\Sites\phpBBTest"}
+                  Invoke-Command -Scriptblock $sb -Session $session
+                  Add-Content -Path $env:windir\System32\drivers\etc\hosts -Value "`r`n127.0.0.1`tphpbb.test" -Force
+                  [System.Environment]::SetEnvironmentVariable('PATH',$Env:PATH+";%windir%\system32\inetsrv")
+                  echo Setup FAST-CGI configuration
+                  Add-WebConfiguration -Filter /system.webServer/fastCgi -PSPath IIS:\ -Value @{fullpath="C:\tools\php\php-cgi.exe"}
+                  echo Setup FACT-CGI handler
+                  New-WebHandler -Name "PHP-FastCGI" -Path "*.php" -Modules FastCgiModule -ScriptProcessor "C:\tools\php\php-cgi.exe" -Verb '*' -ResourceType Either
+                  iisreset
+                  NET START W3SVC
+                  mkdir "${env:GITHUB_WORKSPACE}\phpBB\cache\test"
+                  mkdir "${env:GITHUB_WORKSPACE}\phpBB\cache\installer"
+                  icacls "${env:GITHUB_WORKSPACE}\phpBB\cache" /grant Users:F /T
+                  icacls "${env:GITHUB_WORKSPACE}\phpBB\files" /grant Users:F /T
+                  icacls "${env:GITHUB_WORKSPACE}\phpBB\store" /grant Users:F /T
+                  icacls "${env:GITHUB_WORKSPACE}\phpBB\images\avatars\upload" /grant Users:F /T
+                  $accessRule = New-Object System.Security.AccessControl.FileSystemAccessRule("IIS_IUSRS", "FullControl", "ContainerInherit,ObjectInherit", "None", "Allow")
+                  $acl = Get-ACL "${env:TEMP_DIR}"
+                  $acl.AddAccessRule($accessRule)
+                  Set-ACL -Path "${env:TEMP_DIR}" -ACLObject $acl
+                  cd ${env:GITHUB_WORKSPACE}\phpBB
+                  php ..\composer.phar install
+                  cd ..
+            - name: Setup database
+              run: |
+                  $postgreSqlSvc = Get-Service "postgresql*"
+                  Set-Service $postgreSqlSvc.Name -StartupType manual
+                  $postgreSqlSvc.Start()
+                  try {
+                    (Get-Service "postgresql*").Start()
+                  } catch  {
+                    $_ | select *
+                  }
+                  [System.Environment]::SetEnvironmentVariable('PATH',$Env:PATH+";${env:PGBIN}")
+                  $env:PGPASSWORD = 'root'
+                  psql -c 'DROP DATABASE IF EXISTS phpbb_tests;' -U postgres
+                  psql -c 'create database phpbb_tests;' -U postgres
+                  Add-MpPreference -ExclusionPath "${env:PGDATA}" # Exclude PGDATA directory from Windows Defender
+            - name: Run unit tests
+              run: |
+                  phpBB/vendor/bin/phpunit --configuration .github/phpunit-psql-windows-github.xml --verbose --stop-on-error

.travis.yml

@@ -1,51 +0,0 @@
-language: php
-dist: xenial
-
-matrix:
-  include:
-    - php: 7.1
-      env: DB=none;NOTESTS=1
-    - php: 7.1
-      env: DB=mariadb
-    - php: 7.1
-      env: DB=postgres
-    - php: 7.1
-      env: DB=sqlite3
-    - php: 7.1
-      env: DB=mysqli;SLOWTESTS=1
-    - php: 7.1
-      env: DB=mysqli # MyISAM
-    - php: 7.2
-      env: DB=mysqli
-    - php: 7.3
-      env: DB=mysqli
-    - php: 7.4
-      env: DB=mysqli
-    - php: nightly
-      env: DB=mysqli
-  allow_failures:
-    - php: nightly
-  fast_finish: true
-
-services:
-  - redis-server
-  - postgresql
-  - mysql
-  - memcached
-
-install:
-  - travis/setup-phpbb.sh $DB $TRAVIS_PHP_VERSION $NOTESTS
-
-before_script:
-  - travis/setup-database.sh $DB $TRAVIS_PHP_VERSION $NOTESTS
-  - travis/setup-ldap.sh $SLOWTESTS
-
-script:
-  - travis/phing-sniff.sh $DB $TRAVIS_PHP_VERSION $NOTESTS
-  - travis/check-doctum-parse-errors.sh $DB $TRAVIS_PHP_VERSION $NOTESTS
-  - travis/check-image-icc-profiles.sh $DB $TRAVIS_PHP_VERSION $NOTESTS
-  - travis/check-executable-files.sh $DB $TRAVIS_PHP_VERSION $NOTESTS ./
-  - sh -c "if [ '$SLOWTESTS' != '1' -a '$DB' = 'mysqli' ]; then phpBB/vendor/bin/phpunit tests/lint_test.php; fi"
-  - sh -c "if [ '$NOTESTS' != '1' -a '$SLOWTESTS' != '1' ]; then phpBB/vendor/bin/phpunit --configuration travis/phpunit-$DB-travis.xml --verbose --stop-on-error; fi"
-  - sh -c "if [ '$SLOWTESTS' = '1' ]; then phpBB/vendor/bin/phpunit --configuration travis/phpunit-$DB-travis.xml --group slow; fi"
-  - sh -c "set -x;if [ '$NOTESTS' = '1' -a '$TRAVIS_PULL_REQUEST' != 'false' ]; then git remote set-branches --add origin $TRAVIS_BRANCH && git fetch && git-tools/commit-msg-hook-range.sh origin/$TRAVIS_BRANCH..$TRAVIS_PULL_REQUEST_SHA; fi"

README.md

@@ -37,11 +37,10 @@ phpBB's [Development Documentation](https://area51.phpbb.com/docs/dev/index.html
 
 We have unit and functional tests in order to prevent regressions. You can view the bamboo continuous integration [here](https://bamboo.phpbb.com) or check our travis builds below:
 
-Branch  | Description | Travis CI  | AppVeyor
-------- | ----------- | ---------- | --------
-**master** | Latest development version | [![Build Status](https://travis-ci.org/phpbb/phpbb.svg?branch=master)](http://travis-ci.org/phpbb/phpbb) | [![Build status](https://ci.appveyor.com/api/projects/status/8g98ybngd2f3axy1/branch/master?svg=true)](https://ci.appveyor.com/project/phpBB/phpbb/branch/master)
-**3.3.x** | Development of version 3.3.x | [![Build Status](https://travis-ci.org/phpbb/phpbb.svg?branch=3.3.x)](http://travis-ci.org/phpbb/phpbb) | [![Build status](https://ci.appveyor.com/api/projects/status/8g98ybngd2f3axy1/branch/3.3.x?svg=true)](https://ci.appveyor.com/project/phpBB/phpbb/branch/3.3.x)
-**3.2.x** | Development of version 3.2.x | [![Build Status](https://travis-ci.org/phpbb/phpbb.svg?branch=3.2.x)](http://travis-ci.org/phpbb/phpbb) | [![Build status](https://ci.appveyor.com/api/projects/status/8g98ybngd2f3axy1/branch/3.2.x?svg=true)](https://ci.appveyor.com/project/phpBB/phpbb/branch/3.2.x)
+Branch  | Description | Github Actions |
+------- | ----------- | -------------- |
+**master** | Latest development version | ![Tests](https://github.com/phpbb/phpbb/workflows/Tests/badge.svg?branch=master) |
+**3.3.x** | Development of version 3.3.x | ![Tests](https://github.com/phpbb/phpbb/workflows/Tests/badge.svg?branch=3.3.x) |
 
 ## 📜 License
 

build/build.xml

@@ -2,9 +2,9 @@
 
 <project name="phpBB" description="The phpBB forum software" default="all" basedir="../">
 	<!-- a few settings for the build -->
-	<property name="newversion" value="3.3.2" />
-	<property name="prevversion" value="3.3.1" />
-	<property name="olderversions" value="3.1.0, 3.1.1, 3.1.2, 3.1.3, 3.1.4, 3.1.5, 3.1.6, 3.1.7, 3.1.7-pl1, 3.1.8, 3.1.9, 3.1.10, 3.1.11, 3.1.12, 3.2.0, 3.2.1, 3.2.2, 3.2.3, 3.2.4, 3.2.5, 3.2.6, 3.2.7, 3.2.8, 3.2.9, 3.2.10, 3.2.11, 3.3.0, 3.3.2-RC1" />
+	<property name="newversion" value="3.3.4-RC1" />
+	<property name="prevversion" value="3.3.3" />
+	<property name="olderversions" value="3.1.0, 3.1.1, 3.1.2, 3.1.3, 3.1.4, 3.1.5, 3.1.6, 3.1.7, 3.1.7-pl1, 3.1.8, 3.1.9, 3.1.10, 3.1.11, 3.1.12, 3.2.0, 3.2.1, 3.2.2, 3.2.3, 3.2.4, 3.2.5, 3.2.6, 3.2.7, 3.2.8, 3.2.9, 3.2.10, 3.2.11, 3.3.0, 3.3.1, 3.3.2" />
 	<!-- no configuration should be needed beyond this point -->
 
 	<property name="oldversions" value="${olderversions}, ${prevversion}" />

build/build_changelog.php

@@ -45,7 +45,7 @@ foreach ($xml->xpath('//item') as $item)
 	$keyUrl = 'https://tracker.phpbb.com/browse/' . $key;
 	$keyLink = '<a href="' . $keyUrl . '">' . $key . '</a>';
 
-	$value = str_replace($key, $keyLink, htmlspecialchars($item->title));
+	$value = str_replace($key, $keyLink, htmlspecialchars($item->title, ENT_COMPAT));
 	$value = str_replace(']', '] -', $value);
 
 	$types[(string) $item->type][$key] = $value;

build/build_helper.php

@@ -43,10 +43,10 @@ class build_package
 		$_before = $this->versions[count($this->versions) - 2];
 
 		$this->locations = array(
-			'new_version'	=> dirname(dirname(__FILE__)) . '/phpBB/',
-			'old_versions'	=> dirname(__FILE__) . '/old_versions/',
-			'root'			=> dirname(__FILE__) . '/',
-			'package_dir'	=> dirname(__FILE__) . '/new_version/'
+			'new_version'	=> dirname(__DIR__) . '/phpBB/',
+			'old_versions'	=> __DIR__ . '/old_versions/',
+			'root'			=> __DIR__ . '/',
+			'package_dir'	=> __DIR__ . '/new_version/'
 		);
 
 		$this->package_infos = array(

build/code_sniffer/phpbb/Sniffs/Namespaces/UnusedUseSniff.php

@@ -19,21 +19,34 @@ use PHP_CodeSniffer\Sniffs\Sniff;
 */
 class phpbb_Sniffs_Namespaces_UnusedUseSniff implements Sniff
 {
+	const FIND = [
+		T_NS_SEPARATOR,
+		T_STRING,
+		T_WHITESPACE,
+	];
+
 	/**
 	* {@inheritdoc}
 	*/
 	public function register()
 	{
-		return array(T_USE);
+		return [T_USE];
 	}
 
-	protected function check(File $phpcsFile, $found_name, $full_name, $short_name, $line)
+	protected function check(File $phpcsFile, $found_name, $full_name, $short_name, $stack_pointer)
 	{
+		$found_name_normalized = ltrim($found_name, '\\');
+		$full_name = ltrim($full_name, '\\');
 
-		if ($found_name === $full_name)
+		$is_global = ($full_name === $short_name);
+		$unnecessarily_fully_qualified = ($is_global)
+			? ($found_name_normalized !== $found_name && $found_name_normalized === $short_name)
+			: ($found_name_normalized === $full_name);
+
+		if ($unnecessarily_fully_qualified)
 		{
 			$error = 'Either use statement or full name must be used.';
-			$phpcsFile->addError($error, $line, 'FullName');
+			$phpcsFile->addError($error, $stack_pointer, 'FullName');
 		}
 
 		if ($found_name === $short_name)
@@ -58,27 +71,50 @@ class phpbb_Sniffs_Namespaces_UnusedUseSniff implements Sniff
 
 		$class_name_start = $phpcsFile->findNext(array(T_NS_SEPARATOR, T_STRING), ($stackPtr + 1));
 
-		$find = array(
-			T_NS_SEPARATOR,
-			T_STRING,
-			T_WHITESPACE,
-		);
-
-		$class_name_end = $phpcsFile->findNext($find, ($stackPtr + 1), null, true);
+		$class_name_end = $phpcsFile->findNext(self::FIND, ($stackPtr + 1), null, true);
 
 		$aliasing_as_position = $phpcsFile->findNext(T_AS, $class_name_end, null, false, null, true);
 		if ($aliasing_as_position !== false)
 		{
 			$alias_position = $phpcsFile->findNext(T_STRING, $aliasing_as_position, null, false, null, true);
-			$class_name_short = $tokens[$alias_position]['content'];
-			$class_name_full = $phpcsFile->getTokensAsString($class_name_start, ($class_name_end - $class_name_start - 1));
+			$name_short = $tokens[$alias_position]['content'];
+			$name_full = $phpcsFile->getTokensAsString($class_name_start, ($class_name_end - $class_name_start - 1));
 		}
 		else
 		{
-			$class_name_full = $phpcsFile->getTokensAsString($class_name_start, ($class_name_end - $class_name_start));
-			$class_name_short = $tokens[$class_name_end - 1]['content'];
+			$name_full = $phpcsFile->getTokensAsString($class_name_start, ($class_name_end - $class_name_start));
+			$name_short = $tokens[$class_name_end - 1]['content'];
 		}
 
+		if ($tokens[$class_name_start]['content'] === 'function'
+			&& $tokens[$class_name_start + 1]['code'] === T_WHITESPACE)
+		{
+			$class_name_start += 2;
+			$name_full = $phpcsFile->getTokensAsString(
+				$class_name_start,
+				($class_name_end - $class_name_start - (int) ($aliasing_as_position !== false))
+			);
+			$ok = $this->findFunctionUsage($phpcsFile, $stackPtr, $tokens, $name_full, $name_short);
+		}
+		else
+		{
+			$ok = $this->findClassUsage($phpcsFile, $stackPtr, $tokens, $name_full, $name_short);
+		}
+
+		if ($name_full[0] === '\\')
+		{
+			$phpcsFile->addError("There must not be a leading '\\' in use statements.", $stackPtr, 'Malformed');
+		}
+
+		if (!$ok)
+		{
+			$error = 'There must not be unused USE statements.';
+			$phpcsFile->addError($error, $stackPtr, 'Unused');
+		}
+	}
+
+	private function findClassUsage(File $phpcsFile, $stackPtr, $tokens, $class_name_full, $class_name_short)
+	{
 		$ok = false;
 
 		// Checks in simple statements (new, instanceof and extends)
@@ -95,11 +131,11 @@ class phpbb_Sniffs_Namespaces_UnusedUseSniff implements Sniff
 					continue;
 				}
 
-				$simple_class_name_end = $phpcsFile->findNext($find, ($simple_statement + 1), null, true);
+				$simple_class_name_end = $phpcsFile->findNext(self::FIND, ($simple_statement + 1), null, true);
 
 				$simple_class_name = trim($phpcsFile->getTokensAsString($simple_class_name_start, ($simple_class_name_end - $simple_class_name_start)));
 
-				$ok = $this->check($phpcsFile, $simple_class_name, $class_name_full, $class_name_short, $simple_statement) ? true : $ok;
+				$ok = $this->check($phpcsFile, $simple_class_name, $class_name_full, $class_name_short, $simple_statement) || $ok;
 			}
 		}
 
@@ -109,12 +145,12 @@ class phpbb_Sniffs_Namespaces_UnusedUseSniff implements Sniff
 		{
 			$old_paamayim_nekudotayim = $paamayim_nekudotayim;
 
-			$paamayim_nekudotayim_class_name_start = $phpcsFile->findPrevious($find, $paamayim_nekudotayim - 1, null, true);
+			$paamayim_nekudotayim_class_name_start = $phpcsFile->findPrevious(self::FIND, $paamayim_nekudotayim - 1, null, true);
 			$paamayim_nekudotayim_class_name_end = $paamayim_nekudotayim - 1;
 
 			$paamayim_nekudotayim_class_name = trim($phpcsFile->getTokensAsString($paamayim_nekudotayim_class_name_start + 1, ($paamayim_nekudotayim_class_name_end - $paamayim_nekudotayim_class_name_start)));
 
-			$ok = $this->check($phpcsFile, $paamayim_nekudotayim_class_name, $class_name_full, $class_name_short, $paamayim_nekudotayim) ? true : $ok;
+			$ok = $this->check($phpcsFile, $paamayim_nekudotayim_class_name, $class_name_full, $class_name_short, $paamayim_nekudotayim) || $ok;
 		}
 
 		// Checks in implements
@@ -129,11 +165,11 @@ class phpbb_Sniffs_Namespaces_UnusedUseSniff implements Sniff
 				$old_implemented_class = $implemented_class;
 
 				$implements_class_name_start = $phpcsFile->findNext(array(T_NS_SEPARATOR, T_STRING), ($implemented_class - 1));
-				$implements_class_name_end = $phpcsFile->findNext($find, ($implemented_class - 1), null, true);
+				$implements_class_name_end = $phpcsFile->findNext(self::FIND, ($implemented_class - 1), null, true);
 
 				$implements_class_name = trim($phpcsFile->getTokensAsString($implements_class_name_start, ($implements_class_name_end - $implements_class_name_start)));
 
-				$ok = $this->check($phpcsFile, $implements_class_name, $class_name_full, $class_name_short, $implements) ? true : $ok;
+				$ok = $this->check($phpcsFile, $implements_class_name, $class_name_full, $class_name_short, $implements) || $ok;
 			}
 		}
 
@@ -141,7 +177,7 @@ class phpbb_Sniffs_Namespaces_UnusedUseSniff implements Sniff
 		while (($docblock = $phpcsFile->findNext(T_DOC_COMMENT_CLOSE_TAG, ($old_docblock + 1))) !== false)
 		{
 			$old_docblock = $docblock;
-			$ok = $this->checkDocblock($phpcsFile, $docblock, $tokens, $class_name_full, $class_name_short) ? true : $ok;
+			$ok = $this->checkDocblock($phpcsFile, $docblock, $tokens, $class_name_full, $class_name_short) || $ok;
 		}
 
 		// Checks in type hinting
@@ -154,7 +190,7 @@ class phpbb_Sniffs_Namespaces_UnusedUseSniff implements Sniff
 			$params = $phpcsFile->getMethodParameters($function_declaration);
 			foreach ($params as $param)
 			{
-				$ok = $this->check($phpcsFile, $param['type_hint'], $class_name_full, $class_name_short, $function_declaration) ? true : $ok;
+				$ok = $this->check($phpcsFile, $param['type_hint'], $class_name_full, $class_name_short, $function_declaration) || $ok;
 			}
 		}
 
@@ -165,18 +201,106 @@ class phpbb_Sniffs_Namespaces_UnusedUseSniff implements Sniff
 			$old_catch = $catch;
 
 			$caught_class_name_start = $phpcsFile->findNext(array(T_NS_SEPARATOR, T_STRING), $catch + 1);
-			$caught_class_name_end = $phpcsFile->findNext($find, $caught_class_name_start + 1, null, true);
+			$caught_class_name_end = $phpcsFile->findNext(self::FIND, $caught_class_name_start + 1, null, true);
 
 			$caught_class_name = trim($phpcsFile->getTokensAsString($caught_class_name_start, ($caught_class_name_end - $caught_class_name_start)));
 
-			$ok = $this->check($phpcsFile, $caught_class_name, $class_name_full, $class_name_short, $catch) ? true : $ok;
+			$ok = $this->check($phpcsFile, $caught_class_name, $class_name_full, $class_name_short, $catch) || $ok;
 		}
 
-		if (!$ok)
+		$old_use = $stackPtr;
+		while (($use = $phpcsFile->findNext(T_USE, ($old_use + 1))) !== false)
 		{
-			$error = 'There must not be unused USE statements.';
-			$phpcsFile->addError($error, $stackPtr, 'Unused');
+			$old_use = $use;
+
+			// Needs to be inside a class and must not be inside a function scope.
+			if (!$phpcsFile->hasCondition($use, [T_CLASS, T_TRAIT]) || $phpcsFile->hasCondition($use, T_FUNCTION))
+			{
+				continue;
+			}
+
+			$next = $phpcsFile->findNext(T_WHITESPACE, ($use + 1), null, true, null, true);
+			if ($tokens[$next]['code'] === T_OPEN_PARENTHESIS)
+			{
+				continue;
+			}
+
+			$class_name_start = $phpcsFile->findNext(array(T_NS_SEPARATOR, T_STRING), $use + 1, null, false, null, true);
+			$class_name_end = $phpcsFile->findNext(self::FIND, $class_name_start + 1, null, true, null, true);
+			$found_name = trim($phpcsFile->getTokensAsString($class_name_start, ($class_name_end - $class_name_start)));
+
+			$ok = $this->check($phpcsFile, $found_name, $class_name_full, $class_name_short, $use) || $ok;
 		}
+
+		return $ok;
+	}
+
+	private function findFunctionUsage(File $phpcsFile, $stackPtr, $tokens, $name_full, $name_short)
+	{
+		$ok = false;
+		$position = $phpcsFile->findNext(T_OPEN_PARENTHESIS, $stackPtr + 1);
+		while ($position !== false)
+		{
+			$function_name_end = $position;
+			$found_start = 1 + $phpcsFile->findPrevious(
+				[T_NS_SEPARATOR, T_STRING, T_WHITESPACE],
+				$function_name_end - 1,
+				null,
+				true
+			);
+
+			$position = $phpcsFile->findNext(T_OPEN_PARENTHESIS, $position + 1);
+			if ($found_start === null)
+			{
+				continue;
+			}
+
+			$function_name_start = $found_start;
+
+			// Trim the output.
+			while ($tokens[$function_name_start]['code'] === T_WHITESPACE && $function_name_start < $function_name_end)
+			{
+				++$function_name_start;
+			}
+
+			while ($tokens[$function_name_end]['code'] === T_WHITESPACE && $function_name_end > $function_name_start)
+			{
+				--$function_name_end;
+			}
+
+			$function_name_length = $function_name_end - $function_name_start;
+
+			// Filter out control structures, built in type constructors, etc.
+			if ($function_name_length <= 0)
+			{
+				continue;
+			}
+
+			// This doesn't seem to be valid PHP, where is the opening tag?
+			if ($found_start === 0)
+			{
+				continue;
+			}
+
+			$previous_token = $found_start - 1;
+			$filter = [
+				T_FUNCTION, // Function declaration
+				T_OBJECT_OPERATOR, // Method call
+				T_DOUBLE_COLON, // Static method call
+				T_NEW, // Constructors
+			];
+
+			// Filter out calls to methods and function declarations.
+			if (in_array($tokens[$previous_token]['code'], $filter))
+			{
+				continue;
+			}
+
+			$function_name = $phpcsFile->getTokensAsString($function_name_start, $function_name_length);
+			$ok = $this->check($phpcsFile, $function_name, $name_full, $name_short, $function_name_start) || $ok;
+		}
+
+		return $ok;
 	}
 
 	/**
@@ -247,7 +371,7 @@ class phpbb_Sniffs_Namespaces_UnusedUseSniff implements Sniff
 			$classes = explode('|', str_replace('[]', '', $classes));
 			foreach ($classes as $class)
 			{
-				$ok = $this->check($phpcsFile, $class, $class_name_full, $class_name_short, $tokens[$tag + 2]['line']) ? true : $ok;
+				$ok = $this->check($phpcsFile, $class, $class_name_full, $class_name_short, $tag + 2) || $ok;
 			}
 		}
 

git-tools/commit-msg-hook-range.sh

@@ -24,7 +24,17 @@ COMMIT_MSG_HOOK_FATAL=$(git config --bool phpbb.hooks.commit-msg.fatal 2> /dev/n
 git config phpbb.hooks.commit-msg.fatal true
 
 EXIT_STATUS=0
-for COMMIT_HASH in $(git rev-list --no-merges "$COMMIT_RANGE")
+
+COMMIT_HASHES=$(git rev-list --no-merges "$COMMIT_RANGE")
+
+# If any message have been returned instead of commit hashes list
+# send a non-zero exit status upstream.
+if ! [[ "$COMMIT_HASHES" =~ ^[0-9a-f]{5,40} ]]
+then
+	EXIT_STATUS=1
+fi
+
+for COMMIT_HASH in $COMMIT_HASHES
 do
 	echo "Inspecting commit message of commit $COMMIT_HASH"
 

phpBB/adm/style/acp_main.html

@@ -78,6 +78,13 @@
 				<p>{L_ERROR_MBSTRING_HTTP_OUTPUT_EXPLAIN}</p>
 			</div>
 		<!-- ENDIF -->
+
+		{% if S_DEFAULT_CHARSET_FAIL %}
+			<div class="errorbox">
+				<h3>{{ lang('ERROR_DEFAULT_CHARSET') }}</h3>
+				<p>{{ lang('ERROR_DEFAULT_CHARSET_EXPLAIN') }}</p>
+			</div>
+		{% endif %}
 	<!-- ENDIF -->
 
 	<!-- IF S_WRITABLE_CONFIG -->

phpBB/adm/style/admin.css

@@ -2738,4 +2738,29 @@ fieldset.permissions .padding {
 	height: 1em;
 	width: 1em;
 }
+
+.acp-icon {
+	font-size: 1.5em;
+}
 /* stylelint-enable declaration-property-unit-whitelist */
+
+.acp-icon-move-up,
+.acp-icon-move-down {
+	color: #4ba5de;
+}
+
+.acp-icon-settings {
+	color: #62c046;
+}
+
+.acp-icon-delete {
+	color: #d74558;
+}
+
+.acp-icon-resync {
+	color: #f69934;
+}
+
+.acp-icon-disabled {
+	color: #d0d0d0;
+}

phpBB/adm/style/admin.js

@@ -254,5 +254,10 @@ function parse_document(container)
 		});
 
 		$('#configlist').closest('.send-stats-data-row').addClass('send-stats-data-hidden');
+
+		// Do not underline actions icons on hover (could not be done via CSS)
+		$('.actions a:has(i.acp-icon)').mouseover(function () {
+			$(this).css("text-decoration", "none");
+		});
 	});
 })(jQuery);

phpBB/composer.json

@@ -29,6 +29,7 @@
 		"ext-json": "*",
 		"ext-mbstring": "*",
 		"bantu/ini-get-wrapper": "~1.0",
+		"composer/package-versions-deprecated": "^1.11",
 		"google/recaptcha": "~1.1",
 		"guzzlehttp/guzzle": "~6.3",
 		"lusitanian/oauth": "^0.8.1",
@@ -44,7 +45,6 @@
 		"symfony/finder": "~3.4",
 		"symfony/http-foundation": "~3.4",
 		"symfony/http-kernel": "~3.4",
-		"symfony/polyfill-intl-idn": "~1.17.0",
 		"symfony/process": "^3.4",
 		"symfony/proxy-manager-bridge": "~3.4",
 		"symfony/routing": "~3.4",

phpBB/config/default/container/services_text_reparser.yml

@@ -73,6 +73,7 @@ services:
         class: phpbb\textreparser\plugins\poll_option
         arguments:
             - '@dbal.conn'
+            - '%tables.poll_options%'
         calls:
             - [set_name, [poll_option]]
         tags:

phpBB/develop/create_schema_files.php

@@ -18,7 +18,7 @@
 * If you overwrite the original schema files please make sure you save the file with UNIX linefeeds.
 */
 
-$schema_path = dirname(__FILE__) . '/../install/schemas/';
+$schema_path = __DIR__ . '/../install/schemas/';
 $supported_dbms = array(
 	'mssql',
 	'mysql_41',
@@ -34,7 +34,7 @@ if (!is_writable($schema_path))
 }
 
 define('IN_PHPBB', true);
-$phpbb_root_path = dirname(__FILE__) . '/../';
+$phpbb_root_path = __DIR__ . '/../';
 $phpEx = substr(strrchr(__FILE__, '.'), 1);
 
 include($phpbb_root_path . 'vendor/autoload.php');

phpBB/develop/create_variable_overview.php

@@ -220,7 +220,7 @@ foreach ($files_to_parse as $file_num => $data)
 			{
 				$_var = str_replace(array('{', '}'), array('', ''), $var);
 				$lang_references[$_var][] = $data['single_filename'];
-				$lang_data .= '<li>' . $var . '<br>' . "\n" . ((isset($lang[$_var])) ? htmlspecialchars(str_replace("\\'", "'", $lang[$_var])) : '<span style="color:red">No Language Variable available</span>') . '<br></li><br>' . "\n";
+				$lang_data .= '<li>' . $var . '<br>' . "\n" . ((isset($lang[$_var])) ? htmlspecialchars(str_replace("\\'", "'", $lang[$_var]), ENT_COMPAT) : '<span style="color:red">No Language Variable available</span>') . '<br></li><br>' . "\n";
 			}
 		}
 		$lang_data .= '</ul>';

phpBB/develop/imageset_to_css.php

@@ -290,7 +290,7 @@ function dump_code($code, $filename = 'file.txt')
 	$list = explode("\n", $code);
 	$height = 15 * count($list);
 	echo ' [ <a href="?download=', $hash, '">download</a> <a href="javascript:void(0);" onclick="document.getElementById(\'code-', $hash, '\').style.height = \'', $height, 'px\'; this.style.display = \'none\'; return false;">expand</a> ]<br />';
-	echo '<textarea id="code-', $hash, '" onfocus="this.select();" style="width: 98%; height: 200px;">', htmlspecialchars($code), '</textarea><br />';
+	echo '<textarea id="code-', $hash, '" onfocus="this.select();" style="width: 98%; height: 200px;">', htmlspecialchars($code, ENT_COMPAT), '</textarea><br />';
 }
 
 function css($list, $path = './', $bidi = false)

phpBB/develop/lang_duplicates.php

@@ -34,7 +34,7 @@ $mode = $request->variable('mode', '');
 $modules = find_modules($phpbb_root_path . 'language/en');
 
 $kkeys = $keys = array();
-$langdir = dirname(__FILE__);
+$langdir = __DIR__;
 
 if (isset($lang))
 {

phpBB/develop/namespacify.php

@@ -191,4 +191,3 @@ foreach ($iterator as $file)
 		file_put_contents($file->getPathname(), $code);
 	}
 }
-

phpBB/docs/CHANGELOG.html

@@ -50,6 +50,8 @@
 <ol>
 	<li><a href="#changelog">Changelog</a>
 	<ul>
+		<li><a href="#v333">Changes since 3.3.3</a></li>
+		<li><a href="#v332">Changes since 3.3.2</a></li>
 		<li><a href="#v331">Changes since 3.3.1</a></li>
 		<li><a href="#v331rc1">Changes since 3.3.1-RC1</a></li>
 		<li><a href="#v330">Changes since 3.3.0</a></li>
@@ -153,6 +155,91 @@
 		<div class="inner">
 
 		<div class="content">
+			<a name="v333"></a><h3>Changes since 3.3.3</h3>
+			<h4>Bug</h4>
+			<ul>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16655">PHPBB3-16655</a>] - Suppress &quot;you now also have to pass the CAPTCHA test&quot; message for invisible CAPTCHAs</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16685">PHPBB3-16685</a>] - SQL error in ACP if database name contains a dash</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16690">PHPBB3-16690</a>] - Changing default argument in htmlspecialchars* functions causes test fail</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16691">PHPBB3-16691</a>] - Illegal string offset 'username' on MCP PM report pages</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16696">PHPBB3-16696</a>] - Unsupported operand types in viewforum.php - PHP8</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16697">PHPBB3-16697</a>] - Unable to login after conversion from phpBB2</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16698">PHPBB3-16698</a>] - Check for default char set in includes/acp_main.php checks only for 'UTF-8'</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16705">PHPBB3-16705</a>] - File upload fails with PHP 8 - Error parsing server response</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16706">PHPBB3-16706</a>] - Undefined array key when user is banned</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16707">PHPBB3-16707</a>] - Disable unstable PHP 8.1 builds on Github Actions</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16719">PHPBB3-16719</a>] - PHP notice/warning on installation</li>
+			</ul>
+			<h4>Improvement</h4>
+			<ul>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-15392">PHPBB3-15392</a>] - Change dirname(__FILE__) to __DIR__ everywhere</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16589">PHPBB3-16589</a>] - Change wording of e-mail templates to decrease word count</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16620">PHPBB3-16620</a>] - Output short array syntax in dev:migration-tips</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16660">PHPBB3-16660</a>] - Remove or Rename &quot;Reset&quot; Button in &quot;Reset Password&quot; Dialogue </li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16681">PHPBB3-16681</a>] - Replace action icons with font icons</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16684">PHPBB3-16684</a>] - GitHub Actions should run on newly created tag and release branches</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16686">PHPBB3-16686</a>] - Simplify get_database_size() SQL query for PostgreSQL</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16689">PHPBB3-16689</a>] - Bitly oauth SQL error if identifier is null</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16709">PHPBB3-16709</a>] - Update s9e/text-formatter to latest release</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16710">PHPBB3-16710</a>] - Allow WEBP images in attachments</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16712">PHPBB3-16712</a>] - Implement thumbnails for WEBP images in attachments</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16724">PHPBB3-16724</a>] - Add some template events</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16725">PHPBB3-16725</a>] - Add MCP core event</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16728">PHPBB3-16728</a>] - Add search result template event</li>
+			</ul>
+			<h4>Task</h4>
+			<ul>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16726">PHPBB3-16726</a>] - Update composer packages to latest versions</li>
+			</ul>
+
+			<a name="v332"></a><h3>Changes since 3.3.2</h3>
+			<h4>Bug</h4>
+			<ul>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16178">PHPBB3-16178</a>] - Container_builder and Container don't use the same cache_dir when cache dir is overridden via env parameter</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16535">PHPBB3-16535</a>] - Migration from phpBB 2.0.x broken with MySQL 8.x</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16582">PHPBB3-16582</a>] - SQL error when saving profile with empty custom field of type &quot;Numbers&quot;</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16619">PHPBB3-16619</a>] - Spelling on non-existant</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16629">PHPBB3-16629</a>] - ACP get_database_size() fails on MySql 8.0.xx</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16630">PHPBB3-16630</a>] - Preserve the text manipulation API</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16640">PHPBB3-16640</a>] - MCP link not showing in menubar</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16641">PHPBB3-16641</a>] - Failure in config.php validation in ACP (Windows) - PHP 8</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16646">PHPBB3-16646</a>] - PHP fatal error while installing</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16648">PHPBB3-16648</a>] - &quot;Access to undeclared static property&quot; error on setExpectedTriggerError() tests</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16653">PHPBB3-16653</a>] - Recaptcha v3 - Request method is set even though that default isn't actually available</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16656">PHPBB3-16656</a>] - Outdated check in code for mbstring http_input &amp; output</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16665">PHPBB3-16665</a>] - Fix Emoji for strings in board settings + new event</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16666">PHPBB3-16666</a>] - Windows tests in github actions can't write file in postgres</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16667">PHPBB3-16667</a>] - Remove unused create_schema install task</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16670">PHPBB3-16670</a>] - OAuth provider unique secret and key check fails on PHP 8 </li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16673">PHPBB3-16673</a>] - Invalid Atom feed</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16677">PHPBB3-16677</a>] - Event handlers inside dropdown containers not working in mobile view</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16679">PHPBB3-16679</a>] - Login form should respect setting for &quot;Allow password reset&quot;</li>
+			</ul>
+			<h4>Improvement</h4>
+			<ul>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-15722">PHPBB3-15722</a>] - Allow forum topicrow pagination to use topicrow values</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16538">PHPBB3-16538</a>] - Add MySQL 8 tests</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16549">PHPBB3-16549</a>] - Use PHPUnit 9.3+ for PHP 8.0+ tests</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16606">PHPBB3-16606</a>] - UCP_PM_VIEWMESSAGE.HTML Event Request</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16607">PHPBB3-16607</a>] - Oracle DBAL driver uses obsoleted PHP OCI8 aliases and functions</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16617">PHPBB3-16617</a>] - Add events to modify content status variables</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16632">PHPBB3-16632</a>] - Update composer to version 2</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16636">PHPBB3-16636</a>] - Add PHP 8.0 builds to TravisCI</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16659">PHPBB3-16659</a>] - Use Github Actions instead of TravisCI and AppVeyor</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16661">PHPBB3-16661</a>] - Clean up github actions tasks after merge</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16675">PHPBB3-16675</a>] - Restore checking commit messages</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16676">PHPBB3-16676</a>] - Make Github actions cache composer dependendencies</li>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16678">PHPBB3-16678</a>] - Add support for Traits in code sniffer</li>
+			</ul>
+			<h4>New Feature</h4>
+			<ul>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-15951">PHPBB3-15951</a>] - Add core events to core.mcp_delete_topic_modify_*</li>
+			</ul>
+			<h4>Task</h4>
+			<ul>
+				<li>[<a href="https://tracker.phpbb.com/browse/PHPBB3-16633">PHPBB3-16633</a>] - Update pull request template after end of life of 3.2</li>
+			</ul>
+
 			<a name="v331"></a><h3>Changes since 3.3.1</h3>
 			<h4>Bug</h4>
 			<ul>

phpBB/docs/CREDITS.txt

@@ -1,6 +1,6 @@
 /**
 *
-* phpBB © Copyright phpBB Limited 2003-2020
+* phpBB © Copyright phpBB Limited 2003-2021
 * https://www.phpbb.com
 *
 * phpBB is free software. You can redistribute it and/or modify it

phpBB/docs/events.md

@@ -986,6 +986,34 @@ mcp_forum_actions_before
 * Since: 3.1.11-RC1
 * Purpose: Add some information before actions fieldset
 
+mcp_forum_last_post_author_username_append
+===
+* Locations:
+    + styles/prosilver/template/mcp_forum.html (2)
+* Since: 3.3.4-RC1
+* Purpose: Append information to last post author username of member
+
+mcp_forum_last_post_author_username_prepend
+===
+* Locations:
+    + styles/prosilver/template/mcp_forum.html (2)
+* Since: 3.3.4-RC1
+* Purpose: Prepend information to last post author username of member
+
+mcp_forum_topic_author_username_append
+===
+* Locations:
+    + styles/prosilver/template/mcp_forum.html
+* Since: 3.3.4-RC1
+* Purpose: Append information to topic author username of member
+
+mcp_forum_topic_author_username_prepend
+===
+* Locations:
+    + styles/prosilver/template/mcp_forum.html
+* Since: 3.3.4-RC1
+* Purpose: Prepend information to topic author username of member
+
 mcp_forum_topic_title_after
 ===
 * Locations:
@@ -2237,6 +2265,13 @@ search_results_header_before
 * Since: 3.1.4-RC1
 * Purpose: Add content before the header of the search results.
 
+search_results_jumpbox_before
+===
+* Locations:
+    + styles/prosilver/template/search_results.html
+* Since: 3.3.4-RC1
+* Purpose: Add content before the jumpbox of the search results.
+
 search_results_last_post_author_username_append
 ===
 * Locations:
@@ -2279,6 +2314,13 @@ search_results_post_before
 * Since: 3.1.0-b3
 * Purpose: Add data before search result posts
 
+search_results_post_subject_before
+===
+* Locations:
+    + styles/prosilver/template/search_results.html
+* Since: 3.3.4-RC1
+* Purpose: Add data before search result posts subject
+
 search_results_postprofile_after
 ===
 * Locations:
@@ -2328,6 +2370,20 @@ search_results_topic_before
 * Since: 3.1.0-b4
 * Purpose: Add data before search result topics
 
+search_results_topic_header_lastpost_after
+===
+* Locations:
+    + styles/prosilver/template/search_results.html
+* Since: 3.3.4-RC1
+* Purpose: Add header column(s) after `lastpost` column in search result topics
+
+search_results_topic_row_lastpost_after
+===
+* Locations:
+    + styles/prosilver/template/search_results.html
+* Since: 3.3.4-RC1
+* Purpose: Add data column(s) after `lastpost` column in search result topics
+
 search_results_topic_title_after
 ===
 * Locations:
@@ -2562,6 +2618,20 @@ ucp_pm_history_row_message_author_username_prepend
 * Since: 3.2.8-RC1
 * Purpose: Prepend information to message author username of member
 
+ucp_pm_viewmessage_author_full_after
+===
+* Locations:
+    + styles/prosilver/template/ucp_pm_viewmessage.html
+* Since: 3.3.3-RC1
+* Purpose: Add content right after the message author when viewing a private message
+
+ucp_pm_viewmessage_author_full_before
+===
+* Locations:
+    + styles/prosilver/template/ucp_pm_viewmessage.html
+* Since: 3.3.3-RC1
+* Purpose: Add content right before the message author when viewing a private message
+
 ucp_pm_viewmessage_avatar_after
 ===
 * Locations:

phpBB/includes/acp/acp_attachments.php

@@ -759,7 +759,7 @@ class acp_attachments
 									continue;
 								}
 
-								$filename_list .= '<option value="' . htmlspecialchars($img) . '"' . $selected . '>' . htmlspecialchars($img) . '</option>';
+								$filename_list .= '<option value="' . htmlspecialchars($img, ENT_COMPAT) . '"' . $selected . '>' . htmlspecialchars($img, ENT_COMPAT) . '</option>';
 							}
 						}
 

phpBB/includes/acp/acp_bbcodes.php

@@ -62,7 +62,7 @@ class acp_bbcodes
 				}
 
 				$bbcode_match = $row['bbcode_match'];
-				$bbcode_tpl = htmlspecialchars($row['bbcode_tpl']);
+				$bbcode_tpl = htmlspecialchars($row['bbcode_tpl'], ENT_COMPAT);
 				$display_on_posting = $row['display_on_posting'];
 				$bbcode_helpline = $row['bbcode_helpline'];
 			break;
@@ -86,7 +86,7 @@ class acp_bbcodes
 				$display_on_posting = $request->variable('display_on_posting', 0);
 
 				$bbcode_match = $request->variable('bbcode_match', '');
-				$bbcode_tpl = htmlspecialchars_decode($request->variable('bbcode_tpl', '', true));
+				$bbcode_tpl = htmlspecialchars_decode($request->variable('bbcode_tpl', '', true), ENT_COMPAT);
 				$bbcode_helpline = $request->variable('bbcode_helpline', '', true);
 			break;
 		}
@@ -334,7 +334,7 @@ class acp_bbcodes
 						'action'				=> $action,
 						'bbcode'				=> $bbcode_id,
 						'bbcode_match'			=> $bbcode_match,
-						'bbcode_tpl'			=> htmlspecialchars($bbcode_tpl),
+						'bbcode_tpl'			=> htmlspecialchars($bbcode_tpl, ENT_COMPAT),
 						'bbcode_helpline'		=> $bbcode_helpline,
 						'display_on_posting'	=> $display_on_posting,
 						)))

phpBB/includes/acp/acp_board.php

@@ -582,7 +582,37 @@ class acp_board
 					continue;
 				}
 
-				$config->set($config_name, $config_value);
+				// Array of emoji-enabled configurations
+				$config_name_ary = [
+					'sitename',
+					'site_desc',
+					'site_home_text',
+					'board_index_text',
+					'board_disable_msg',
+				];
+
+				/**
+				 * Event to manage the array of emoji-enabled configurations
+				 *
+				 * @event core.acp_board_config_emoji_enabled
+				 * @var array	config_name_ary		Array of config names to process
+				 * @since 3.3.3-RC1
+				 */
+				$vars = ['config_name_ary'];
+				extract($phpbb_dispatcher->trigger_event('core.acp_board_config_emoji_enabled', compact($vars)));
+
+				if (in_array($config_name, $config_name_ary))
+				{
+					/**
+					 * Replace Emojis and other 4bit UTF-8 chars not allowed by MySQL to UCR/NCR.
+					 * Using their Numeric Character Reference's Hexadecimal notation.
+					 */
+					$config->set($config_name, utf8_encode_ucr($config_value));
+				}
+				else
+				{
+					$config->set($config_name, $config_value);
+				}
 
 				if ($config_name == 'allow_quick_reply' && isset($_POST['allow_quick_reply_enable']))
 				{
@@ -658,7 +688,7 @@ class acp_board
 			if ($submit && (($cfg_array['auth_method'] != $this->new_config['auth_method']) || $updated_auth_settings))
 			{
 				$method = basename($cfg_array['auth_method']);
-				if (array_key_exists('auth.provider.' . $method, $auth_providers))
+				if (array_key_exists('auth.provider.' . $method, (array) $auth_providers))
 				{
 					$provider = $auth_providers['auth.provider.' . $method];
 					if ($error = $provider->init())
@@ -689,8 +719,8 @@ class acp_board
 				$messenger->set_addresses($user->data);
 				$messenger->anti_abuse_headers($config, $user);
 				$messenger->assign_vars(array(
-					'USERNAME'	=> htmlspecialchars_decode($user->data['username']),
-					'MESSAGE'	=> htmlspecialchars_decode($request->variable('send_test_email_text', '', true)),
+					'USERNAME'	=> htmlspecialchars_decode($user->data['username'], ENT_COMPAT),
+					'MESSAGE'	=> htmlspecialchars_decode($request->variable('send_test_email_text', '', true), ENT_COMPAT),
 				));
 				$messenger->send(NOTIFY_EMAIL);
 

phpBB/includes/acp/acp_email.php

@@ -205,7 +205,7 @@ class acp_email
 				$email_template = 'admin_send_email';
 				$template_data = array(
 					'CONTACT_EMAIL' => phpbb_get_board_contact($config, $phpEx),
-					'MESSAGE'		=> htmlspecialchars_decode($message),
+					'MESSAGE'		=> htmlspecialchars_decode($message, ENT_COMPAT),
 				);
 				$generate_log_entry = true;
 
@@ -252,7 +252,7 @@ class acp_email
 
 					$messenger->anti_abuse_headers($config, $user);
 
-					$messenger->subject(htmlspecialchars_decode($subject));
+					$messenger->subject(htmlspecialchars_decode($subject, ENT_COMPAT));
 					$messenger->set_mail_priority($priority);
 
 					$messenger->assign_vars($template_data);

phpBB/includes/acp/acp_help_phpbb.php

@@ -90,7 +90,7 @@ class acp_help_phpbb
 
 			if (!empty($response))
 			{
-				$decoded_response = json_decode(htmlspecialchars_decode($response), true);
+				$decoded_response = json_decode(htmlspecialchars_decode($response, ENT_COMPAT), true);
 
 				if ($decoded_response && isset($decoded_response['status']) && $decoded_response['status'] == 'ok')
 				{
@@ -126,7 +126,7 @@ class acp_help_phpbb
 			}
 
 			$template->assign_block_vars('providers', array(
-				'NAME'	=> htmlspecialchars($provider),
+				'NAME'	=> htmlspecialchars($provider, ENT_COMPAT),
 			));
 
 			foreach ($data as $key => $value)

phpBB/includes/acp/acp_icons.php

@@ -693,7 +693,7 @@ class acp_icons
 
 					foreach ($_paks as $pak)
 					{
-						$pak_options .= '<option value="' . $pak . '">' . htmlspecialchars($pak) . '</option>';
+						$pak_options .= '<option value="' . $pak . '">' . htmlspecialchars($pak, ENT_COMPAT) . '</option>';
 					}
 
 					$template->assign_vars(array(

phpBB/includes/acp/acp_inactive.php

@@ -130,7 +130,7 @@ class acp_inactive
 								$messenger->anti_abuse_headers($config, $user);
 
 								$messenger->assign_vars(array(
-									'USERNAME'	=> htmlspecialchars_decode($row['username']))
+									'USERNAME'	=> htmlspecialchars_decode($row['username'], ENT_COMPAT))
 								);
 
 								$messenger->send(NOTIFY_EMAIL);
@@ -224,7 +224,7 @@ class acp_inactive
 							$messenger->anti_abuse_headers($config, $user);
 
 							$messenger->assign_vars(array(
-								'USERNAME'		=> htmlspecialchars_decode($row['username']),
+								'USERNAME'		=> htmlspecialchars_decode($row['username'], ENT_COMPAT),
 								'REGISTER_DATE'	=> $user->format_date($row['user_regdate'], false, true),
 								'U_ACTIVATE'	=> generate_board_url() . "/ucp.$phpEx?mode=activate&u=" . $row['user_id'] . '&k=' . $row['user_actkey'])
 							);

phpBB/includes/acp/acp_language.php

@@ -274,7 +274,7 @@ class acp_language
 
 				$lang_pack = array(
 					'iso'		=> $lang_iso,
-					'name'		=> trim(htmlspecialchars($file[0])),
+					'name'		=> trim(htmlspecialchars($file[0], ENT_COMPAT)),
 					'local_name'=> trim(htmlspecialchars($file[1], ENT_COMPAT, 'UTF-8')),
 					'author'	=> trim(htmlspecialchars($file[2], ENT_COMPAT, 'UTF-8'))
 				);
@@ -420,7 +420,7 @@ class acp_language
 			foreach ($new_ary as $iso => $lang_ary)
 			{
 				$template->assign_block_vars('notinst', array(
-					'ISO'			=> htmlspecialchars($lang_ary['iso']),
+					'ISO'			=> htmlspecialchars($lang_ary['iso'], ENT_COMPAT),
 					'LOCAL_NAME'	=> htmlspecialchars($lang_ary['local_name'], ENT_COMPAT, 'UTF-8'),
 					'NAME'			=> htmlspecialchars($lang_ary['name'], ENT_COMPAT, 'UTF-8'),
 					'U_INSTALL'		=> $this->u_action . '&action=install&iso=' . urlencode($lang_ary['iso']) . '&hash=' . generate_link_hash('acp_language'))

phpBB/includes/acp/acp_logs.php

@@ -108,7 +108,7 @@ class acp_logs
 		$sql_sort = $sort_by_sql[$sort_key] . ' ' . (($sort_dir == 'd') ? 'DESC' : 'ASC');
 
 		$keywords = $request->variable('keywords', '', true);
-		$keywords_param = !empty($keywords) ? '&keywords=' . urlencode(htmlspecialchars_decode($keywords)) : '';
+		$keywords_param = !empty($keywords) ? '&keywords=' . urlencode(htmlspecialchars_decode($keywords, ENT_COMPAT)) : '';
 
 		$l_title = $user->lang['ACP_' . strtoupper($mode) . '_LOGS'];
 		$l_title_explain = $user->lang['ACP_' . strtoupper($mode) . '_LOGS_EXPLAIN'];

phpBB/includes/acp/acp_main.php

@@ -679,26 +679,33 @@ class acp_main
 			}
 		}
 
-		if (!defined('PHPBB_DISABLE_CONFIG_CHECK') && file_exists($phpbb_root_path . 'config.' . $phpEx) && $phpbb_filesystem->is_writable($phpbb_root_path . 'config.' . $phpEx))
+		if (!defined('PHPBB_DISABLE_CONFIG_CHECK'))
 		{
 			// World-Writable? (000x)
 			$template->assign_var('S_WRITABLE_CONFIG', (bool) (@fileperms($phpbb_root_path . 'config.' . $phpEx) & 0x0002));
 		}
 
-		$this->php_ini = $phpbb_container->get('php_ini');
-		$func_overload = $this->php_ini->getNumeric('mbstring.func_overload');
-		$encoding_translation = $this->php_ini->getString('mbstring.encoding_translation');
-		$http_input = $this->php_ini->getString('mbstring.http_input');
-		$http_output = $this->php_ini->getString('mbstring.http_output');
+		$this->php_ini			= $phpbb_container->get('php_ini');
+		$func_overload			= $this->php_ini->getNumeric('mbstring.func_overload');
+		$encoding_translation	= $this->php_ini->getString('mbstring.encoding_translation');
+		$http_input				= $this->php_ini->getString('mbstring.http_input');
+		$http_output			= $this->php_ini->getString('mbstring.http_output');
+		$default_charset		= $this->php_ini->getString('default_charset');
+
 		if (extension_loaded('mbstring'))
 		{
-			$template->assign_vars(array(
+			/**
+			 * “mbstring.http_input” and “mbstring.http_output” are deprecated as of PHP 5.6.0
+			 * @link https://www.php.net/manual/mbstring.configuration.php#ini.mbstring.http-input
+			 */
+			$template->assign_vars([
 				'S_MBSTRING_LOADED'						=> true,
 				'S_MBSTRING_FUNC_OVERLOAD_FAIL'			=> $func_overload && ($func_overload & (MB_OVERLOAD_MAIL | MB_OVERLOAD_STRING)),
 				'S_MBSTRING_ENCODING_TRANSLATION_FAIL'	=> $encoding_translation && ($encoding_translation != 0),
-				'S_MBSTRING_HTTP_INPUT_FAIL'			=> $http_input && !in_array($http_input, array('pass', '')),
-				'S_MBSTRING_HTTP_OUTPUT_FAIL'			=> $http_output && !in_array($http_output, array('pass', '')),
-			));
+				'S_MBSTRING_HTTP_INPUT_FAIL'			=> !empty($http_input),
+				'S_MBSTRING_HTTP_OUTPUT_FAIL'			=> !empty($http_output),
+				'S_DEFAULT_CHARSET_FAIL'				=> $default_charset !== null && strtolower($default_charset) !== 'utf-8',
+			]);
 		}
 
 		// Fill dbms version if not yet filled

phpBB/includes/acp/acp_ranks.php

@@ -70,7 +70,7 @@ class acp_ranks
 					'rank_title'		=> $rank_title,
 					'rank_special'		=> $special_rank,
 					'rank_min'			=> $min_posts,
-					'rank_image'		=> htmlspecialchars_decode($rank_image)
+					'rank_image'		=> htmlspecialchars_decode($rank_image, ENT_COMPAT)
 				);
 
 				/**
@@ -206,7 +206,7 @@ class acp_ranks
 							continue;
 						}
 
-						$filename_list .= '<option value="' . htmlspecialchars($img) . '"' . $selected . '>' . $img . ((in_array($img, $existing_imgs)) ? ' ' . $user->lang['RANK_IMAGE_IN_USE'] : '') . '</option>';
+						$filename_list .= '<option value="' . htmlspecialchars($img, ENT_COMPAT) . '"' . $selected . '>' . $img . ((in_array($img, $existing_imgs)) ? ' ' . $user->lang['RANK_IMAGE_IN_USE'] : '') . '</option>';
 					}
 				}
 
@@ -221,7 +221,7 @@ class acp_ranks
 
 					'RANK_TITLE'		=> (isset($ranks['rank_title'])) ? $ranks['rank_title'] : '',
 					'S_FILENAME_LIST'	=> $filename_list,
-					'RANK_IMAGE'		=> ($edit_img) ? $phpbb_root_path . $config['ranks_path'] . '/' . $edit_img : htmlspecialchars($phpbb_admin_path) . 'images/spacer.gif',
+					'RANK_IMAGE'		=> ($edit_img) ? $phpbb_root_path . $config['ranks_path'] . '/' . $edit_img : htmlspecialchars($phpbb_admin_path, ENT_COMPAT) . 'images/spacer.gif',
 					'S_SPECIAL_RANK'	=> (isset($ranks['rank_special']) && $ranks['rank_special']) ? true : false,
 					'MIN_POSTS'			=> (isset($ranks['rank_min']) && !$ranks['rank_special']) ? $ranks['rank_min'] : 0,
 				);

phpBB/includes/acp/acp_styles.php

@@ -205,7 +205,7 @@ class acp_styles
 		{
 			if (in_array($dir, $this->reserved_style_names))
 			{
-				$messages[] = $this->user->lang('STYLE_NAME_RESERVED', htmlspecialchars($dir));
+				$messages[] = $this->user->lang('STYLE_NAME_RESERVED', htmlspecialchars($dir, ENT_COMPAT));
 				continue;
 			}
 
@@ -225,12 +225,12 @@ class acp_styles
 					$found = true;
 					$installed_names[] = $style['style_name'];
 					$installed_dirs[] = $style['style_path'];
-					$messages[] = sprintf($this->user->lang['STYLE_INSTALLED'], htmlspecialchars($style['style_name']));
+					$messages[] = sprintf($this->user->lang['STYLE_INSTALLED'], htmlspecialchars($style['style_name'], ENT_COMPAT));
 				}
 			}
 			if (!$found)
 			{
-				$messages[] = sprintf($this->user->lang['STYLE_NOT_INSTALLED'], htmlspecialchars($dir));
+				$messages[] = sprintf($this->user->lang['STYLE_NOT_INSTALLED'], htmlspecialchars($dir, ENT_COMPAT));
 			}
 		}
 
@@ -598,7 +598,7 @@ class acp_styles
 		{
 			$this->template->assign_block_vars('parent_styles', array(
 				'STYLE_ID'		=> $row['style_id'],
-				'STYLE_NAME'	=> htmlspecialchars($row['style_name']),
+				'STYLE_NAME'	=> htmlspecialchars($row['style_name'], ENT_COMPAT),
 				'LEVEL'			=> $row['level'],
 				'SPACER'		=> str_repeat('  ', $row['level']),
 				)
@@ -609,9 +609,9 @@ class acp_styles
 		$this->template->assign_vars(array(
 			'S_STYLE_DETAILS'	=> true,
 			'STYLE_ID'			=> $style['style_id'],
-			'STYLE_NAME'		=> htmlspecialchars($style['style_name']),
-			'STYLE_PATH'		=> htmlspecialchars($style['style_path']),
-			'STYLE_VERSION'		=> htmlspecialchars($style_cfg['style_version']),
+			'STYLE_NAME'		=> htmlspecialchars($style['style_name'], ENT_COMPAT),
+			'STYLE_PATH'		=> htmlspecialchars($style['style_path'], ENT_COMPAT),
+			'STYLE_VERSION'		=> htmlspecialchars($style_cfg['style_version'], ENT_COMPAT),
 			'STYLE_COPYRIGHT'	=> strip_tags($style['style_copyright']),
 			'STYLE_PARENT'		=> $style['style_parent_id'],
 			'S_STYLE_ACTIVE'	=> $style['style_active'],
@@ -657,7 +657,7 @@ class acp_styles
 		{
 			if (empty($style['_shown']))
 			{
-				$style['_note'] = sprintf($this->user->lang['REQUIRES_STYLE'], htmlspecialchars($style['style_parent_tree']));
+				$style['_note'] = sprintf($this->user->lang['REQUIRES_STYLE'], htmlspecialchars($style['style_parent_tree'], ENT_COMPAT));
 				$this->list_style($style, 0);
 			}
 		}
@@ -826,7 +826,7 @@ class acp_styles
 				{
 					// Parent style is not installed yet
 					$style['_available'] = false;
-					$style['_note'] = sprintf($this->user->lang['REQUIRES_STYLE'], htmlspecialchars($parent));
+					$style['_note'] = sprintf($this->user->lang['REQUIRES_STYLE'], htmlspecialchars($parent, ENT_COMPAT));
 				}
 			}
 
@@ -966,10 +966,10 @@ class acp_styles
 		$row = array(
 			// Style data
 			'STYLE_ID'				=> $style['style_id'],
-			'STYLE_NAME'			=> htmlspecialchars($style['style_name']),
+			'STYLE_NAME'			=> htmlspecialchars($style['style_name'], ENT_COMPAT),
 			'STYLE_VERSION'			=> $style_cfg['style_version'] ?? '-',
 			'STYLE_PHPBB_VERSION'	=> $style_cfg['phpbb_version'],
-			'STYLE_PATH'			=> htmlspecialchars($style['style_path']),
+			'STYLE_PATH'			=> htmlspecialchars($style['style_path'], ENT_COMPAT),
 			'STYLE_COPYRIGHT'		=> strip_tags($style['style_copyright']),
 			'STYLE_ACTIVE'			=> $style['style_active'],
 
@@ -979,7 +979,7 @@ class acp_styles
 			'LEVEL'				=> $level,
 			'PADDING'			=> (4 + 16 * $level),
 			'SHOW_COPYRIGHT'	=> ($style['style_id']) ? false : true,
-			'STYLE_PATH_FULL'	=> htmlspecialchars($this->styles_path_absolute . '/' . $style['style_path']) . '/',
+			'STYLE_PATH_FULL'	=> htmlspecialchars($this->styles_path_absolute . '/' . $style['style_path'], ENT_COMPAT) . '/',
 
 			// Comment to show below style
 			'COMMENT'		=> (isset($style['_note'])) ? $style['_note'] : '',

phpBB/includes/acp/acp_users.php

@@ -402,8 +402,8 @@ class acp_users
 								$messenger->anti_abuse_headers($config, $user);
 
 								$messenger->assign_vars(array(
-									'WELCOME_MSG'	=> htmlspecialchars_decode(sprintf($user->lang['WELCOME_SUBJECT'], $config['sitename'])),
-									'USERNAME'		=> htmlspecialchars_decode($user_row['username']),
+									'WELCOME_MSG'	=> htmlspecialchars_decode(sprintf($user->lang['WELCOME_SUBJECT'], $config['sitename']), ENT_COMPAT),
+									'USERNAME'		=> htmlspecialchars_decode($user_row['username'], ENT_COMPAT),
 									'U_ACTIVATE'	=> "$server_url/ucp.$phpEx?mode=activate&u={$user_row['user_id']}&k=$user_actkey")
 								);
 
@@ -466,7 +466,7 @@ class acp_users
 									$messenger->anti_abuse_headers($config, $user);
 
 									$messenger->assign_vars(array(
-										'USERNAME'	=> htmlspecialchars_decode($user_row['username']))
+										'USERNAME'	=> htmlspecialchars_decode($user_row['username'], ENT_COMPAT))
 									);
 
 									$messenger->send(NOTIFY_EMAIL);

phpBB/includes/acp/auth.php

@@ -488,7 +488,7 @@ class auth_admin extends \phpbb\auth\auth
 
 					if ($s_role_options)
 					{
-						$s_role_options = '<option value="0"' . ((!$current_role_id) ? ' selected="selected"' : '') . ' title="' . htmlspecialchars($user->lang['NO_ROLE_ASSIGNED_EXPLAIN']) . '">' . $user->lang['NO_ROLE_ASSIGNED'] . '</option>' . $s_role_options;
+						$s_role_options = '<option value="0"' . ((!$current_role_id) ? ' selected="selected"' : '') . ' title="' . htmlspecialchars($user->lang['NO_ROLE_ASSIGNED_EXPLAIN'], ENT_COMPAT) . '">' . $user->lang['NO_ROLE_ASSIGNED'] . '</option>' . $s_role_options;
 					}
 
 					if (!$current_role_id && $mode != 'view')
@@ -585,7 +585,7 @@ class auth_admin extends \phpbb\auth\auth
 
 					if ($s_role_options)
 					{
-						$s_role_options = '<option value="0"' . ((!$current_role_id) ? ' selected="selected"' : '') . ' title="' . htmlspecialchars($user->lang['NO_ROLE_ASSIGNED_EXPLAIN']) . '">' . $user->lang['NO_ROLE_ASSIGNED'] . '</option>' . $s_role_options;
+						$s_role_options = '<option value="0"' . ((!$current_role_id) ? ' selected="selected"' : '') . ' title="' . htmlspecialchars($user->lang['NO_ROLE_ASSIGNED_EXPLAIN'], ENT_COMPAT) . '">' . $user->lang['NO_ROLE_ASSIGNED'] . '</option>' . $s_role_options;
 					}
 
 					if (!$current_role_id && $mode != 'view')

phpBB/includes/constants.php

@@ -28,7 +28,7 @@ if (!defined('IN_PHPBB'))
 */
 
 // phpBB Version
-@define('PHPBB_VERSION', '3.3.2');
+@define('PHPBB_VERSION', '3.3.4-RC1');
 
 // QA-related
 // define('PHPBB_QA', 1);

phpBB/includes/diff/renderer.php

@@ -322,17 +322,17 @@ class diff_renderer_unified extends diff_renderer
 
 	function _context($lines)
 	{
-		return '<pre class="diff context">' . htmlspecialchars($this->_lines($lines, ' ')) . '<br /></pre>';
+		return '<pre class="diff context">' . htmlspecialchars($this->_lines($lines, ' '), ENT_COMPAT) . '<br /></pre>';
 	}
 
 	function _added($lines)
 	{
-		return '<pre class="diff added">' . htmlspecialchars($this->_lines($lines, '+')) . '<br /></pre>';
+		return '<pre class="diff added">' . htmlspecialchars($this->_lines($lines, '+'), ENT_COMPAT) . '<br /></pre>';
 	}
 
 	function _deleted($lines)
 	{
-		return '<pre class="diff removed">' . htmlspecialchars($this->_lines($lines, '-')) . '<br /></pre>';
+		return '<pre class="diff removed">' . htmlspecialchars($this->_lines($lines, '-'), ENT_COMPAT) . '<br /></pre>';
 	}
 
 	function _changed($orig, $final)
@@ -519,7 +519,7 @@ class diff_renderer_inline extends diff_renderer
 
 	function _encode(&$string)
 	{
-		$string = htmlspecialchars($string);
+		$string = htmlspecialchars($string, ENT_COMPAT);
 	}
 }
 
@@ -539,7 +539,7 @@ class diff_renderer_raw extends diff_renderer
 	*/
 	function get_diff_content($diff)
 	{
-		return '<textarea style="height: 290px;" rows="15" cols="76" class="full">' . htmlspecialchars($this->render($diff)) . '</textarea>';
+		return '<textarea style="height: 290px;" rows="15" cols="76" class="full">' . htmlspecialchars($this->render($diff), ENT_COMPAT) . '</textarea>';
 	}
 
 	function _block_header($xbeg, $xlen, $ybeg, $ylen)
@@ -649,7 +649,7 @@ class diff_renderer_side_by_side extends diff_renderer
 
 							foreach ($change['lines'] as $_line)
 							{
-								$line .= htmlspecialchars($_line) . '<br />';
+								$line .= htmlspecialchars($_line, ENT_COMPAT) . '<br />';
 							}
 
 							$output .= '<tr><td class="added_empty">&nbsp;</td><td class="added"><pre>' . ((strlen($line)) ? $line : '&nbsp;') . '<br /></pre></td></tr>';
@@ -660,14 +660,14 @@ class diff_renderer_side_by_side extends diff_renderer
 
 							foreach ($change['lines'] as $_line)
 							{
-								$line .= htmlspecialchars($_line) . '<br />';
+								$line .= htmlspecialchars($_line, ENT_COMPAT) . '<br />';
 							}
 
 							$output .= '<tr><td class="removed"><pre>' . ((strlen($line)) ? $line : '&nbsp;') . '<br /></pre></td><td class="removed_empty">&nbsp;</td></tr>';
 						break;
 
 						case 'empty':
-							$current_context .= htmlspecialchars($change['line']) . '<br />';
+							$current_context .= htmlspecialchars($change['line'], ENT_COMPAT) . '<br />';
 						break;
 
 						case 'change':
@@ -678,9 +678,9 @@ class diff_renderer_side_by_side extends diff_renderer
 
 							for ($row = 0, $row_max = max($oldsize, $newsize); $row < $row_max; ++$row)
 							{
-								$left .= isset($change['old'][$row]) ? htmlspecialchars($change['old'][$row]) : '';
+								$left .= isset($change['old'][$row]) ? htmlspecialchars($change['old'][$row], ENT_COMPAT) : '';
 								$left .= '<br />';
-								$right .= isset($change['new'][$row]) ? htmlspecialchars($change['new'][$row]) : '';
+								$right .= isset($change['new'][$row]) ? htmlspecialchars($change['new'][$row], ENT_COMPAT) : '';
 								$right .= '<br />';
 							}
 

phpBB/includes/functions.php

@@ -2484,7 +2484,7 @@ function login_box($redirect = '', $l_explain = '', $l_success = '', $admin = fa
 		'LOGIN_ERROR'		=> $err,
 		'LOGIN_EXPLAIN'		=> $l_explain,
 
-		'U_SEND_PASSWORD' 		=> ($config['email_enable']) ? $controller_helper->route('phpbb_ucp_forgot_password_controller') : '',
+		'U_SEND_PASSWORD' 		=> ($config['email_enable'] && $config['allow_password_reset']) ? $controller_helper->route('phpbb_ucp_forgot_password_controller') : '',
 		'U_RESEND_ACTIVATION'	=> ($config['require_activation'] == USER_ACTIVATION_SELF && $config['email_enable']) ? append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=resend_act') : '',
 		'U_TERMS_USE'			=> append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=terms'),
 		'U_PRIVACY'				=> append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=privacy'),
@@ -2703,7 +2703,7 @@ function parse_cfg_file($filename, $lines = false)
 		}
 
 		// Determine first occurrence, since in values the equal sign is allowed
-		$key = htmlspecialchars(strtolower(trim(substr($line, 0, $delim_pos))));
+		$key = htmlspecialchars(strtolower(trim(substr($line, 0, $delim_pos))), ENT_COMPAT);
 		$value = trim(substr($line, $delim_pos + 1));
 
 		if (in_array($value, array('off', 'false', '0')))
@@ -2720,11 +2720,11 @@ function parse_cfg_file($filename, $lines = false)
 		}
 		else if (($value[0] == "'" && $value[strlen($value) - 1] == "'") || ($value[0] == '"' && $value[strlen($value) - 1] == '"'))
 		{
-			$value = htmlspecialchars(substr($value, 1, strlen($value)-2));
+			$value = htmlspecialchars(substr($value, 1, strlen($value)-2), ENT_COMPAT);
 		}
 		else
 		{
-			$value = htmlspecialchars($value);
+			$value = htmlspecialchars($value, ENT_COMPAT);
 		}
 
 		$parsed_items[$key] = $value;
@@ -2757,7 +2757,7 @@ function get_backtrace()
 	foreach ($backtrace as $trace)
 	{
 		// Strip the current directory from path
-		$trace['file'] = (empty($trace['file'])) ? '(not given by php)' : htmlspecialchars(phpbb_filter_root_path($trace['file']));
+		$trace['file'] = (empty($trace['file'])) ? '(not given by php)' : htmlspecialchars(phpbb_filter_root_path($trace['file']), ENT_COMPAT);
 		$trace['line'] = (empty($trace['line'])) ? '(not given by php)' : $trace['line'];
 
 		// Only show function arguments for include etc.
@@ -2765,7 +2765,7 @@ function get_backtrace()
 		$argument = '';
 		if (!empty($trace['args'][0]) && in_array($trace['function'], array('include', 'require', 'include_once', 'require_once')))
 		{
-			$argument = htmlspecialchars(phpbb_filter_root_path($trace['args'][0]));
+			$argument = htmlspecialchars(phpbb_filter_root_path($trace['args'][0]), ENT_COMPAT);
 		}
 
 		$trace['class'] = (!isset($trace['class'])) ? '' : $trace['class'];
@@ -2775,7 +2775,7 @@ function get_backtrace()
 		$output .= '<b>FILE:</b> ' . $trace['file'] . '<br />';
 		$output .= '<b>LINE:</b> ' . ((!empty($trace['line'])) ? $trace['line'] : '') . '<br />';
 
-		$output .= '<b>CALL:</b> ' . htmlspecialchars($trace['class'] . $trace['type'] . $trace['function']);
+		$output .= '<b>CALL:</b> ' . htmlspecialchars($trace['class'] . $trace['type'] . $trace['function'], ENT_COMPAT);
 		$output .= '(' . (($argument !== '') ? "'$argument'" : '') . ')<br />';
 	}
 	$output .= '</div>';
@@ -3240,12 +3240,12 @@ function phpbb_filter_root_path($errfile)
 	{
 		if ($phpbb_filesystem)
 		{
-			$root_path = $phpbb_filesystem->realpath(dirname(__FILE__) . '/../');
+			$root_path = $phpbb_filesystem->realpath(__DIR__ . '/../');
 		}
 		else
 		{
 			$filesystem = new \phpbb\filesystem\filesystem();
-			$root_path = $filesystem->realpath(dirname(__FILE__) . '/../');
+			$root_path = $filesystem->realpath(__DIR__ . '/../');
 		}
 	}
 
@@ -4049,7 +4049,7 @@ function page_header($page_title = '', $display_online_list = false, $item_id =
 		'S_ENABLE_FEEDS_TOPICS_ACTIVE'	=> ($config['feed_topics_active']) ? true : false,
 		'S_ENABLE_FEEDS_NEWS'		=> ($s_feed_news) ? true : false,
 
-		'S_LOAD_UNREADS'			=> ($config['load_unreads_search'] && ($config['load_anon_lastread'] || $user->data['is_registered'])) ? true : false,
+		'S_LOAD_UNREADS'			=> (bool) $config['load_unreads_search'] && ($config['load_anon_lastread'] || !empty($user->data['is_registered'])),
 
 		'S_SEARCH_HIDDEN_FIELDS'	=> build_hidden_fields($s_search_hidden_fields),
 
@@ -4405,6 +4405,6 @@ function phpbb_get_board_contact_link(\phpbb\config\config $config, $phpbb_root_
 	}
 	else
 	{
-		return 'mailto:' . htmlspecialchars($config['board_contact']);
+		return 'mailto:' . htmlspecialchars($config['board_contact'], ENT_COMPAT);
 	}
 }

phpBB/includes/functions_acp.php

@@ -93,16 +93,16 @@ function adm_page_header($page_title)
 
 		'T_ASSETS_VERSION'		=> $config['assets_version'],
 
-		'ICON_MOVE_UP'				=> '<img src="' . htmlspecialchars($phpbb_admin_path) . 'images/icon_up.gif" alt="' . $user->lang['MOVE_UP'] . '" title="' . $user->lang['MOVE_UP'] . '" />',
-		'ICON_MOVE_UP_DISABLED'		=> '<img src="' . htmlspecialchars($phpbb_admin_path) . 'images/icon_up_disabled.gif" alt="' . $user->lang['MOVE_UP'] . '" title="' . $user->lang['MOVE_UP'] . '" />',
-		'ICON_MOVE_DOWN'			=> '<img src="' . htmlspecialchars($phpbb_admin_path) . 'images/icon_down.gif" alt="' . $user->lang['MOVE_DOWN'] . '" title="' . $user->lang['MOVE_DOWN'] . '" />',
-		'ICON_MOVE_DOWN_DISABLED'	=> '<img src="' . htmlspecialchars($phpbb_admin_path) . 'images/icon_down_disabled.gif" alt="' . $user->lang['MOVE_DOWN'] . '" title="' . $user->lang['MOVE_DOWN'] . '" />',
-		'ICON_EDIT'					=> '<img src="' . htmlspecialchars($phpbb_admin_path) . 'images/icon_edit.gif" alt="' . $user->lang['EDIT'] . '" title="' . $user->lang['EDIT'] . '" />',
-		'ICON_EDIT_DISABLED'		=> '<img src="' . htmlspecialchars($phpbb_admin_path) . 'images/icon_edit_disabled.gif" alt="' . $user->lang['EDIT'] . '" title="' . $user->lang['EDIT'] . '" />',
-		'ICON_DELETE'				=> '<img src="' . htmlspecialchars($phpbb_admin_path) . 'images/icon_delete.gif" alt="' . $user->lang['DELETE'] . '" title="' . $user->lang['DELETE'] . '" />',
-		'ICON_DELETE_DISABLED'		=> '<img src="' . htmlspecialchars($phpbb_admin_path) . 'images/icon_delete_disabled.gif" alt="' . $user->lang['DELETE'] . '" title="' . $user->lang['DELETE'] . '" />',
-		'ICON_SYNC'					=> '<img src="' . htmlspecialchars($phpbb_admin_path) . 'images/icon_sync.gif" alt="' . $user->lang['RESYNC'] . '" title="' . $user->lang['RESYNC'] . '" />',
-		'ICON_SYNC_DISABLED'		=> '<img src="' . htmlspecialchars($phpbb_admin_path) . 'images/icon_sync_disabled.gif" alt="' . $user->lang['RESYNC'] . '" title="' . $user->lang['RESYNC'] . '" />',
+		'ICON_MOVE_UP'				=> '<i class="icon acp-icon acp-icon-move-up fa-arrow-circle-up fa-fw" title="' . $user->lang('MOVE_UP') . '"></i>',
+		'ICON_MOVE_UP_DISABLED'		=> '<i class="icon acp-icon acp-icon-disabled fa-arrow-circle-up fa-fw" title="' . $user->lang('MOVE_UP') . '"></i>',
+		'ICON_MOVE_DOWN'			=> '<i class="icon acp-icon acp-icon-move-down fa-arrow-circle-down fa-fw" title="' . $user->lang('MOVE_DOWN') . '"></i>',
+		'ICON_MOVE_DOWN_DISABLED'	=> '<i class="icon acp-icon acp-icon-disabled fa-arrow-circle-down fa-fw" title="' . $user->lang('MOVE_DOWN') . '"></i>',
+		'ICON_EDIT'					=> '<i class="icon acp-icon acp-icon-settings fa-cog fa-fw" title="' . $user->lang('EDIT') . '"></i>',
+		'ICON_EDIT_DISABLED'		=> '<i class="icon acp-icon acp-icon-disabled fa-cog fa-fw" title="' . $user->lang('EDIT') . '"></i>',
+		'ICON_DELETE'				=> '<i class="icon acp-icon acp-icon-delete fa-times-circle fa-fw" title="' . $user->lang('DELETE') . '"></i>',
+		'ICON_DELETE_DISABLED'		=> '<i class="icon acp-icon acp-icon-disabled fa-times-circle fa-fw" title="' . $user->lang('DELETE') . '"></i>',
+		'ICON_SYNC'					=> '<i class="icon acp-icon acp-icon-resync fa-refresh fa-fw" title="' . $user->lang('RESYNC') . '"></i>',
+		'ICON_SYNC_DISABLED'		=> '<i class="icon acp-icon acp-icon-disabled fa-refresh fa-fw" title="' . $user->lang('RESYNC') . '"></i>',
 
 		'S_USER_LANG'			=> $user->lang['USER_LANG'],
 		'S_CONTENT_DIRECTION'	=> $user->lang['DIRECTION'],

phpBB/includes/functions_admin.php

@@ -2832,56 +2832,36 @@ function view_warned_users(&$users, &$user_count, $limit = 0, $offset = 0, $limi
 
 /**
 * Get database size
-* Currently only mysql and mssql are supported
 */
 function get_database_size()
 {
-	global $db, $user, $table_prefix;
+	global $db, $user;
 
 	$database_size = false;
 
-	// This code is heavily influenced by a similar routine in phpMyAdmin 2.2.0
 	switch ($db->get_sql_layer())
 	{
 		case 'mysqli':
-			$sql = 'SELECT VERSION() AS mysql_version';
-			$result = $db->sql_query($sql);
-			$row = $db->sql_fetchrow($result);
-			$db->sql_freeresult($result);
+			$mysql_engine	= ['MyISAM', 'InnoDB', 'Aria'];
+			$db_name		= $db->get_db_name();
+			$database_size	= 0;
 
-			if ($row)
+			$sql = 'SHOW TABLE STATUS
+				FROM ' . $db->sql_quote($db_name);
+			$result = $db->sql_query($sql, 7200);
+
+			while ($row = $db->sql_fetchrow($result))
 			{
-				$version = $row['mysql_version'];
-
-				if (preg_match('#(3\.23|[45]\.|10\.[0-9]\.[0-9]{1,2}-+Maria)#', $version))
+				if (isset($row['Engine']) && in_array($row['Engine'], $mysql_engine))
 				{
-					$db_name = (preg_match('#^(?:3\.23\.(?:[6-9]|[1-9]{2}))|[45]\.|10\.[0-9]\.[0-9]{1,2}-+Maria#', $version)) ? "`{$db->get_db_name()}`" : $db->get_db_name();
-
-					$sql = 'SHOW TABLE STATUS
-						FROM ' . $db_name;
-					$result = $db->sql_query($sql, 7200);
-
-					$database_size = 0;
-					while ($row = $db->sql_fetchrow($result))
-					{
-						if ((isset($row['Type']) && $row['Type'] != 'MRG_MyISAM') || (isset($row['Engine']) && ($row['Engine'] == 'MyISAM' || $row['Engine'] == 'InnoDB' || $row['Engine'] == 'Aria')))
-						{
-							if ($table_prefix != '')
-							{
-								if (strpos($row['Name'], $table_prefix) !== false)
-								{
-									$database_size += $row['Data_length'] + $row['Index_length'];
-								}
-							}
-							else
-							{
-								$database_size += $row['Data_length'] + $row['Index_length'];
-							}
-						}
-					}
-					$db->sql_freeresult($result);
+					$database_size += $row['Data_length'] + $row['Index_length'];
 				}
 			}
+
+			$db->sql_freeresult($result);
+
+			$database_size = $database_size ? $database_size : false;
+
 		break;
 
 		case 'sqlite3':
@@ -2920,37 +2900,18 @@ function get_database_size()
 		break;
 
 		case 'postgres':
-			$sql = "SELECT proname
-				FROM pg_proc
-				WHERE proname = 'pg_database_size'";
-			$result = $db->sql_query($sql);
-			$row = $db->sql_fetchrow($result);
-			$db->sql_freeresult($result);
+			$database = $db->get_db_name();
 
-			if ($row['proname'] == 'pg_database_size')
+			if (strpos($database, '.') !== false)
 			{
-				$database = $db->get_db_name();
-				if (strpos($database, '.') !== false)
-				{
-					list($database, ) = explode('.', $database);
-				}
-
-				$sql = "SELECT oid
-					FROM pg_database
-					WHERE datname = '$database'";
-				$result = $db->sql_query($sql);
-				$row = $db->sql_fetchrow($result);
-				$db->sql_freeresult($result);
-
-				$oid = $row['oid'];
-
-				$sql = 'SELECT pg_database_size(' . $oid . ') as size';
-				$result = $db->sql_query($sql);
-				$row = $db->sql_fetchrow($result);
-				$db->sql_freeresult($result);
-
-				$database_size = $row['size'];
+				$database = explode('.', $database)[0];
 			}
+
+			$sql = "SELECT pg_database_size('" . $database . "') AS dbsize";
+			$result = $db->sql_query($sql, 7200);
+			$row = $db->sql_fetchrow($result);
+			$database_size = !empty($row['dbsize']) ? $row['dbsize'] : false;
+			$db->sql_freeresult($result);
 		break;
 
 		case 'oracle':

phpBB/includes/functions_compatibility.php

@@ -758,7 +758,7 @@ function phpbb_http_login($param)
 	{
 		if ($request->is_set($k, \phpbb\request\request_interface::SERVER))
 		{
-			$username = htmlspecialchars_decode($request->server($k));
+			$username = htmlspecialchars_decode($request->server($k), ENT_COMPAT);
 			break;
 		}
 	}
@@ -768,7 +768,7 @@ function phpbb_http_login($param)
 	{
 		if ($request->is_set($k, \phpbb\request\request_interface::SERVER))
 		{
-			$password = htmlspecialchars_decode($request->server($k));
+			$password = htmlspecialchars_decode($request->server($k), ENT_COMPAT);
 			break;
 		}
 	}

phpBB/includes/functions_content.php

@@ -532,7 +532,7 @@ function strip_bbcode(&$text, $uid = '')
 
 	if (preg_match('#^<[rt][ >]#', $text))
 	{
-		$text = $phpbb_container->get('text_formatter.utils')->clean_formatting($text);
+		$text = utf8_htmlspecialchars($phpbb_container->get('text_formatter.utils')->clean_formatting($text));
 	}
 	else
 	{
@@ -803,8 +803,8 @@ function make_clickable_callback($type, $whitespace, $url, $relative_url, $class
 	$orig_url		= $url;
 	$orig_relative	= $relative_url;
 	$append			= '';
-	$url			= htmlspecialchars_decode($url);
-	$relative_url	= htmlspecialchars_decode($relative_url);
+	$url			= htmlspecialchars_decode($url, ENT_COMPAT);
+	$relative_url	= htmlspecialchars_decode($relative_url, ENT_COMPAT);
 
 	// make sure no HTML entities were matched
 	$chars = array('<', '>', '"');
@@ -911,9 +911,9 @@ function make_clickable_callback($type, $whitespace, $url, $relative_url, $class
 		break;
 	}
 
-	$url	= htmlspecialchars($url);
-	$text	= htmlspecialchars($text);
-	$append	= htmlspecialchars($append);
+	$url	= htmlspecialchars($url, ENT_COMPAT);
+	$text	= htmlspecialchars($text, ENT_COMPAT);
+	$append	= htmlspecialchars($append, ENT_COMPAT);
 
 	$html	= "$whitespace<!-- $tag --><a$class href=\"$url\">$text</a><!-- $tag -->$append";
 
@@ -1011,7 +1011,7 @@ function make_clickable($text, $server_url = false, string $class = 'postlink')
 		if (preg_match($magic_args[0], $text, $matches))
 		{
 			// Only apply $class from the corresponding function call argument (excepting emails which never has a class)
-			if ($magic_args[3] != $static_class && $magic_args[1] != MAGIC_URL_EMAIL)
+			if ($magic_args[1] != MAGIC_URL_EMAIL && $magic_args[3] != $static_class)
 			{
 				continue;
 			}
@@ -1456,7 +1456,7 @@ function truncate_string($string, $max_length = 60, $max_store_length = 255, $al
 		$string = substr($string, 4);
 	}
 
-	$_chars = utf8_str_split(htmlspecialchars_decode($string));
+	$_chars = utf8_str_split(htmlspecialchars_decode($string, ENT_COMPAT));
 	$chars = array_map('utf8_htmlspecialchars', $_chars);
 
 	// Now check the length ;)
@@ -1471,7 +1471,7 @@ function truncate_string($string, $max_length = 60, $max_store_length = 255, $al
 	if (utf8_strlen($string) > $max_store_length)
 	{
 		// let's split again, we do not want half-baked strings where entities are split
-		$_chars = utf8_str_split(htmlspecialchars_decode($string));
+		$_chars = utf8_str_split(htmlspecialchars_decode($string, ENT_COMPAT));
 		$chars = array_map('utf8_htmlspecialchars', $_chars);
 
 		do

phpBB/includes/functions_download.php

@@ -208,7 +208,7 @@ function send_file_to_browser($attachment, $upload_dir, $category)
 
 	if (empty($user->browser) || ((strpos(strtolower($user->browser), 'msie') !== false) && !phpbb_is_greater_ie_version($user->browser, 7)))
 	{
-		header('Content-Disposition: attachment; ' . header_filename(htmlspecialchars_decode($attachment['real_filename'])));
+		header('Content-Disposition: attachment; ' . header_filename(htmlspecialchars_decode($attachment['real_filename'], ENT_COMPAT)));
 		if (empty($user->browser) || (strpos(strtolower($user->browser), 'msie 6.0') !== false))
 		{
 			header('Expires: ' . gmdate('D, d M Y H:i:s', time()) . ' GMT');
@@ -216,7 +216,7 @@ function send_file_to_browser($attachment, $upload_dir, $category)
 	}
 	else
 	{
-		header('Content-Disposition: ' . ((strpos($attachment['mimetype'], 'image') === 0) ? 'inline' : 'attachment') . '; ' . header_filename(htmlspecialchars_decode($attachment['real_filename'])));
+		header('Content-Disposition: ' . ((strpos($attachment['mimetype'], 'image') === 0) ? 'inline' : 'attachment') . '; ' . header_filename(htmlspecialchars_decode($attachment['real_filename'], ENT_COMPAT)));
 		if (phpbb_is_greater_ie_version($user->browser, 7) && (strpos($attachment['mimetype'], 'image') !== 0))
 		{
 			header('X-Download-Options: noopen');
@@ -242,7 +242,7 @@ function send_file_to_browser($attachment, $upload_dir, $category)
 			// X-Sendfile - http://blog.lighttpd.net/articles/2006/07/02/x-sendfile
 			// Lighttpd's X-Sendfile does not support range requests as of 1.4.26
 			// and always requires an absolute path.
-			header('X-Sendfile: ' . dirname(__FILE__) . "/../$upload_dir/{$attachment['physical_filename']}");
+			header('X-Sendfile: ' . __DIR__ . "/../$upload_dir/{$attachment['physical_filename']}");
 			exit;
 		}
 
@@ -327,7 +327,7 @@ function download_allowed()
 		return true;
 	}
 
-	$url = htmlspecialchars_decode($request->header('Referer'));
+	$url = htmlspecialchars_decode($request->header('Referer'), ENT_COMPAT);
 
 	if (!$url)
 	{

phpBB/includes/functions_messenger.php

@@ -320,8 +320,8 @@ class messenger
 		// We add some standard variables we always use, no need to specify them always
 		$this->assign_vars(array(
 			'U_BOARD'	=> generate_board_url(),
-			'EMAIL_SIG'	=> str_replace('<br />', "\n", "-- \n" . htmlspecialchars_decode($config['board_email_sig'])),
-			'SITENAME'	=> htmlspecialchars_decode($config['sitename']),
+			'EMAIL_SIG'	=> str_replace('<br />', "\n", "-- \n" . htmlspecialchars_decode($config['board_email_sig'], ENT_COMPAT)),
+			'SITENAME'	=> htmlspecialchars_decode($config['sitename'], ENT_COMPAT),
 		));
 
 		$subject = $this->subject;
@@ -427,7 +427,7 @@ class messenger
 			$user->session_begin();
 		}
 
-		$calling_page = htmlspecialchars_decode($request->server('PHP_SELF'));
+		$calling_page = htmlspecialchars_decode($request->server('PHP_SELF'), ENT_COMPAT);
 
 		switch ($type)
 		{
@@ -440,7 +440,7 @@ class messenger
 			break;
 		}
 
-		$message .= '<br /><em>' . htmlspecialchars($calling_page) . '</em><br /><br />' . $msg . '<br />';
+		$message .= '<br /><em>' . htmlspecialchars($calling_page, ENT_COMPAT) . '</em><br /><br />' . $msg . '<br />';
 		$phpbb_log->add('critical', $user->data['user_id'], $user->ip, 'LOG_ERROR_' . $type, false, array($message));
 	}
 
@@ -557,7 +557,7 @@ class messenger
 			$use_queue = true;
 		}
 
-		$contact_name = htmlspecialchars_decode($config['board_contact_name']);
+		$contact_name = htmlspecialchars_decode($config['board_contact_name'], ENT_COMPAT);
 		$board_contact = (($contact_name !== '') ? '"' . mail_encode($contact_name) . '" ' : '') . '<' . $config['board_contact'] . '>';
 
 		$break = false;
@@ -691,7 +691,7 @@ class messenger
 		if (!$use_queue)
 		{
 			include_once($phpbb_root_path . 'includes/functions_jabber.' . $phpEx);
-			$this->jabber = new jabber($config['jab_host'], $config['jab_port'], $config['jab_username'], htmlspecialchars_decode($config['jab_password']), $config['jab_use_ssl'], $config['jab_verify_peer'], $config['jab_verify_peer_name'], $config['jab_allow_self_signed']);
+			$this->jabber = new jabber($config['jab_host'], $config['jab_port'], $config['jab_username'], htmlspecialchars_decode($config['jab_password'], ENT_COMPAT), $config['jab_use_ssl'], $config['jab_verify_peer'], $config['jab_verify_peer_name'], $config['jab_allow_self_signed']);
 
 			if (!$this->jabber->connect())
 			{
@@ -891,7 +891,7 @@ class queue
 					}
 
 					include_once($phpbb_root_path . 'includes/functions_jabber.' . $phpEx);
-					$this->jabber = new jabber($config['jab_host'], $config['jab_port'], $config['jab_username'], htmlspecialchars_decode($config['jab_password']), $config['jab_use_ssl'], $config['jab_verify_peer'], $config['jab_verify_peer_name'], $config['jab_allow_self_signed']);
+					$this->jabber = new jabber($config['jab_host'], $config['jab_port'], $config['jab_username'], htmlspecialchars_decode($config['jab_password'], ENT_COMPAT), $config['jab_use_ssl'], $config['jab_verify_peer'], $config['jab_verify_peer_name'], $config['jab_allow_self_signed']);
 
 					if (!$this->jabber->connect())
 					{
@@ -1196,7 +1196,7 @@ function smtpmail($addresses, $subject, $message, &$err_msg, $headers = false)
 		}
 
 		$err_msg = (isset($user->lang['NO_CONNECT_TO_SMTP_HOST'])) ? sprintf($user->lang['NO_CONNECT_TO_SMTP_HOST'], $errno, $errstr) : "Could not connect to smtp host : $errno : $errstr";
-		$err_msg .= ($error_contents) ? '<br /><br />' . htmlspecialchars($error_contents) : '';
+		$err_msg .= ($error_contents) ? '<br /><br />' . htmlspecialchars($error_contents, ENT_COMPAT) : '';
 		return false;
 	}
 
@@ -1208,7 +1208,7 @@ function smtpmail($addresses, $subject, $message, &$err_msg, $headers = false)
 	}
 
 	// Let me in. This function handles the complete authentication process
-	if ($err_msg = $smtp->log_into_server($config['smtp_host'], $config['smtp_username'], htmlspecialchars_decode($config['smtp_password']), $config['smtp_auth_method']))
+	if ($err_msg = $smtp->log_into_server($config['smtp_host'], $config['smtp_username'], htmlspecialchars_decode($config['smtp_password'], ENT_COMPAT), $config['smtp_auth_method']))
 	{
 		$smtp->close_session($err_msg);
 		return false;
@@ -1259,7 +1259,7 @@ function smtpmail($addresses, $subject, $message, &$err_msg, $headers = false)
 	{
 		$user->session_begin();
 		$err_msg .= '<br /><br />';
-		$err_msg .= (isset($user->lang['INVALID_EMAIL_LOG'])) ? sprintf($user->lang['INVALID_EMAIL_LOG'], htmlspecialchars($mail_to_address)) : '<strong>' . htmlspecialchars($mail_to_address) . '</strong> possibly an invalid email address?';
+		$err_msg .= (isset($user->lang['INVALID_EMAIL_LOG'])) ? sprintf($user->lang['INVALID_EMAIL_LOG'], htmlspecialchars($mail_to_address, ENT_COMPAT)) : '<strong>' . htmlspecialchars($mail_to_address, ENT_COMPAT) . '</strong> possibly an invalid email address?';
 		$smtp->close_session($err_msg);
 		return false;
 	}
@@ -1342,7 +1342,7 @@ class smtp_class
 	{
 		if ($this->backtrace)
 		{
-			$this->backtrace_log[] = utf8_htmlspecialchars($message);
+			$this->backtrace_log[] = utf8_htmlspecialchars($message, ENT_COMPAT);
 		}
 	}
 

phpBB/includes/functions_posting.php

@@ -118,7 +118,7 @@ function generate_smilies($mode, $forum_id)
 				SMILIES_TABLE => 's',
 			],
 			'GROUP_BY'	=> 's.smiley_url, s.smiley_width, s.smiley_height',
-			'ORDER_BY'	=> 'min_smiley_order',
+			'ORDER_BY'	=> $db->sql_quote('min_smiley_order'),
 		];
 	}
 	else
@@ -542,12 +542,17 @@ function get_supported_image_types($type = false)
 				case IMAGETYPE_WBMP:
 					$new_type = ($format & IMG_WBMP) ? IMG_WBMP : false;
 				break;
+
+				// WEBP
+				case IMAGETYPE_WEBP:
+					$new_type = ($format & IMG_WEBP) ? IMG_WEBP : false;
+				break;
 			}
 		}
 		else
 		{
-			$new_type = array();
-			$go_through_types = array(IMG_GIF, IMG_JPG, IMG_PNG, IMG_WBMP);
+			$new_type = [];
+			$go_through_types = [IMG_GIF, IMG_JPG, IMG_PNG, IMG_WBMP, IMG_WEBP];
 
 			foreach ($go_through_types as $check_type)
 			{
@@ -558,14 +563,14 @@ function get_supported_image_types($type = false)
 			}
 		}
 
-		return array(
+		return [
 			'gd'		=> ($new_type) ? true : false,
 			'format'	=> $new_type,
 			'version'	=> (function_exists('imagecreatetruecolor')) ? 2 : 1
-		);
+		];
 	}
 
-	return array('gd' => false);
+	return ['gd' => false];
 }
 
 /**
@@ -659,6 +664,10 @@ function create_thumbnail($source, $destination, $mimetype)
 				case IMG_WBMP:
 					$image = @imagecreatefromwbmp($source);
 				break;
+
+				case IMG_WEBP:
+					$image = @imagecreatefromwebp($source);
+				break;
 			}
 
 			if (empty($image))
@@ -710,6 +719,10 @@ function create_thumbnail($source, $destination, $mimetype)
 				case IMG_WBMP:
 					imagewbmp($new_image, $destination);
 				break;
+
+				case IMG_WEBP:
+					imagewebp($new_image, $destination);
+				break;
 			}
 
 			imagedestroy($new_image);

phpBB/includes/functions_user.php

@@ -1510,7 +1510,7 @@ function user_ipwhois($ip)
 		$ipwhois = (empty($buffer)) ? $ipwhois : $buffer;
 	}
 
-	$ipwhois = htmlspecialchars($ipwhois);
+	$ipwhois = htmlspecialchars($ipwhois, ENT_COMPAT);
 
 	// Magic URL ;)
 	return trim(make_clickable($ipwhois, false, ''));
@@ -1572,11 +1572,11 @@ function validate_string($string, $optional = false, $min = 0, $max = 0)
 		return false;
 	}
 
-	if ($min && utf8_strlen(htmlspecialchars_decode($string)) < $min)
+	if ($min && utf8_strlen(htmlspecialchars_decode($string, ENT_COMPAT)) < $min)
 	{
 		return 'TOO_SHORT';
 	}
-	else if ($max && utf8_strlen(htmlspecialchars_decode($string)) > $max)
+	else if ($max && utf8_strlen(htmlspecialchars_decode($string, ENT_COMPAT)) > $max)
 	{
 		return 'TOO_LONG';
 	}

phpBB/includes/mcp/mcp_forum.php

@@ -166,12 +166,13 @@ function mcp_forum_view($id, $mode, $action, $forum_info)
 
 	if ($config['load_db_lastread'])
 	{
-		$read_tracking_join = ' LEFT JOIN ' . TOPICS_TRACK_TABLE . ' tt ON (tt.topic_id = t.topic_id AND tt.user_id = ' . $user->data['user_id'] . ')';
-		$read_tracking_select = ', tt.mark_time';
+		$sql_read_tracking['LEFT_JOIN'][] = ['FROM' => [TOPICS_TRACK_TABLE => 'tt'], 'ON' => 'tt.topic_id = t.topic_id AND tt.user_id = ' . $user->data['user_id']];
+		$sql_read_tracking['SELECT'] = ', tt.mark_time';
 	}
 	else
 	{
-		$read_tracking_join = $read_tracking_select = '';
+		$sql_read_tracking['LEFT_JOIN'] = [];
+		$sql_read_tracking['SELECT'] = '';
 	}
 
 	/* @var $phpbb_content_visibility \phpbb\content_visibility */
@@ -209,10 +210,31 @@ function mcp_forum_view($id, $mode, $action, $forum_info)
 	}
 	$db->sql_freeresult($result);
 
-	$sql = "SELECT t.*$read_tracking_select
-		FROM " . TOPICS_TABLE . " t $read_tracking_join
-		WHERE " . $db->sql_in_set('t.topic_id', $topic_list, false, true);
+	$sql_ary = [
+		'SELECT'	=> 't.*' . $sql_read_tracking['SELECT'],
+		'FROM'		=> [TOPICS_TABLE => 't'],
+		'LEFT_JOIN'	=> $sql_read_tracking['LEFT_JOIN'],
+		'WHERE'		=> $db->sql_in_set('t.topic_id', $topic_list, false, true),
+	];
 
+	/**
+	* Event to modify SQL query before MCP forum topic data is queried
+	*
+	* @event core.mcp_forum_topic_data_modify_sql
+	* @var	array	sql_ary		SQL query array to get the MCP forum topic data
+	* @var	int		forum_id	The forum ID
+	* @var	array	topic_list	The array of MCP forum topic IDs
+	*
+	* @since 3.3.4-RC1
+	*/
+	$vars = [
+		'sql_ary',
+		'forum_id',
+		'topic_list',
+	];
+	extract($phpbb_dispatcher->trigger_event('core.mcp_forum_topic_data_modify_sql', compact($vars)));
+
+	$sql = $db->sql_build_query('SELECT', $sql_ary);
 	$result = $db->sql_query($sql);
 	while ($row_ary = $db->sql_fetchrow($result))
 	{

phpBB/includes/mcp/mcp_logs.php

@@ -179,7 +179,7 @@ class mcp_logs
 		$sql_sort = $sort_by_sql[$sort_key] . ' ' . (($sort_dir == 'd') ? 'DESC' : 'ASC');
 
 		$keywords = $request->variable('keywords', '', true);
-		$keywords_param = !empty($keywords) ? '&keywords=' . urlencode(htmlspecialchars_decode($keywords)) : '';
+		$keywords_param = !empty($keywords) ? '&keywords=' . urlencode(htmlspecialchars_decode($keywords, ENT_COMPAT)) : '';
 
 		// Grab log data
 		$log_data = array();

phpBB/includes/mcp/mcp_main.php

@@ -881,16 +881,38 @@ function mcp_restore_topic($topic_ids)
 */
 function mcp_delete_topic($topic_ids, $is_soft = false, $soft_delete_reason = '', $action = 'delete_topic')
 {
-	global $auth, $user, $db, $phpEx, $phpbb_root_path, $request, $phpbb_container, $phpbb_log;
+	global $auth, $user, $db, $phpEx, $phpbb_root_path, $request, $phpbb_container, $phpbb_log, $phpbb_dispatcher;
 
-	$check_permission = ($is_soft) ? 'm_softdelete' : 'm_delete';
-	if (!phpbb_check_ids($topic_ids, TOPICS_TABLE, 'topic_id', array($check_permission)))
+	$forum_id = $request->variable('f', 0);
+	$check_permission = ($is_soft) ? ['m_softdelete'] : ['m_delete'];
+	/**
+	* This event allows you to modify the current user's checked permissions when deleting a topic
+	*
+	* @event core.mcp_delete_topic_modify_permissions
+	* @var	array	topic_ids				The array of topic IDs to be deleted
+	* @var	int		forum_id				The current forum ID
+	* @var	bool	is_soft					Boolean designating whether we're soft deleting or not
+	* @var	string	soft_delete_reason		The reason we're soft deleting
+	* @var	string	action					The current delete action
+	* @var	array	check_permission		The array with a permission to check for, can be set to false to not check them
+	* @since 3.3.3-RC1
+	*/
+	$vars = array(
+		'topic_ids',
+		'forum_id',
+		'is_soft',
+		'soft_delete_reason',
+		'action',
+		'check_permission',
+	);
+	extract($phpbb_dispatcher->trigger_event('core.mcp_delete_topic_modify_permissions', compact($vars)));
+
+	if (!phpbb_check_ids($topic_ids, TOPICS_TABLE, 'topic_id', $check_permission))
 	{
 		return;
 	}
 
 	$redirect = $request->variable('redirect', build_url(array('action', 'quickmod')));
-	$forum_id = $request->variable('f', 0);
 
 	$s_hidden_fields = array(
 		'topic_id_list'	=> $topic_ids,
@@ -1002,6 +1024,28 @@ function mcp_delete_topic($topic_ids, $is_soft = false, $soft_delete_reason = ''
 			$s_hidden_fields['delete_permanent'] = '1';
 		}
 
+		/**
+		* This event allows you to modify the hidden form fields when deleting topics
+		*
+		* @event core.mcp_delete_topic_modify_hidden_fields
+		* @var	string	l_confirm				The confirmation text language variable (DELETE_TOPIC(S), DELETE_TOPIC(S)_PERMANENTLY)
+		* @var	array	s_hidden_fields			The array holding the hidden form fields
+		* @var	array	topic_ids				The array of topic IDs to be deleted
+		* @var	int		forum_id				The current forum ID
+		* @var	bool	only_softdeleted		If the topic_ids are all soft deleted, this is true
+		* @var	bool	only_shadow				If the topic_ids are all shadow topics, this is true
+		* @since 3.3.3-RC1
+		*/
+		$vars = array(
+			'l_confirm',
+			's_hidden_fields',
+			'topic_ids',
+			'forum_id',
+			'only_softdeleted',
+			'only_shadow',
+		);
+		extract($phpbb_dispatcher->trigger_event('core.mcp_delete_topic_modify_hidden_fields', compact($vars)));
+
 		confirm_box(false, $l_confirm, build_hidden_fields($s_hidden_fields), 'confirm_delete_body.html');
 	}
 

phpBB/includes/mcp/mcp_notes.php

@@ -206,7 +206,7 @@ class mcp_notes
 		$sql_sort = $sort_by_sql[$sk] . ' ' . (($sd == 'd') ? 'DESC' : 'ASC');
 
 		$keywords = $request->variable('keywords', '', true);
-		$keywords_param = !empty($keywords) ? '&keywords=' . urlencode(htmlspecialchars_decode($keywords)) : '';
+		$keywords_param = !empty($keywords) ? '&keywords=' . urlencode(htmlspecialchars_decode($keywords, ENT_COMPAT)) : '';
 
 		$log_data = array();
 		$log_count = 0;

phpBB/includes/message_parser.php

@@ -506,7 +506,7 @@ class bbcode_firstpass extends bbcode
 				}
 
 				// Because highlight_string is specialcharing the text (but we already did this before), we have to reverse this in order to get correct results
-				$code = htmlspecialchars_decode($code);
+				$code = htmlspecialchars_decode($code, ENT_COMPAT);
 				$code = highlight_string($code, true);
 
 				$str_from = array('<span style="color: ', '<font color="syntax', '</font>', '<code>', '</code>','[', ']', '.', ':');

phpBB/includes/questionnaire/questionnaire.php

@@ -150,11 +150,11 @@ class phpbb_questionnaire_system_data_provider
 
 		// Start discovering the IPV4 server address, if available
 		// Try apache, IIS, fall back to 0.0.0.0
-		$server_address = htmlspecialchars_decode($request->server('SERVER_ADDR', $request->server('LOCAL_ADDR', '0.0.0.0')));
+		$server_address = htmlspecialchars_decode($request->server('SERVER_ADDR', $request->server('LOCAL_ADDR', '0.0.0.0')), ENT_COMPAT);
 
 		return array(
 			'os'	=> PHP_OS,
-			'httpd'	=> htmlspecialchars_decode($request->server('SERVER_SOFTWARE')),
+			'httpd'	=> htmlspecialchars_decode($request->server('SERVER_SOFTWARE'), ENT_COMPAT),
 			// we don't want the real IP address (for privacy policy reasons) but only
 			// a network address to see whether your installation is running on a private or public network.
 			'private_ip'	=> $this->is_private_ip($server_address),

phpBB/includes/ucp/ucp_activate.php

@@ -134,7 +134,7 @@ class ucp_activate
 			$messenger->anti_abuse_headers($config, $user);
 
 			$messenger->assign_vars(array(
-				'USERNAME'	=> htmlspecialchars_decode($user_row['username']))
+				'USERNAME'	=> htmlspecialchars_decode($user_row['username'], ENT_COMPAT))
 			);
 
 			$messenger->send($user_row['user_notify_type']);

phpBB/includes/ucp/ucp_login_link.php

@@ -230,7 +230,7 @@ class ucp_login_link
 						$user->lang[$result['error_msg']],
 						($config['email_enable']) ? '<a href="' . append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=sendpassword') . '">' : '',
 						($config['email_enable']) ? '</a>' : '',
-						($config['board_contact']) ? '<a href="mailto:' . htmlspecialchars($config['board_contact']) . '">' : '',
+						($config['board_contact']) ? '<a href="mailto:' . htmlspecialchars($config['board_contact'], ENT_COMPAT) . '">' : '',
 						($config['board_contact']) ? '</a>' : ''
 					);
 				break;
@@ -242,7 +242,7 @@ class ucp_login_link
 					// Assign admin contact to some error messages
 					if ($result['error_msg'] == 'LOGIN_ERROR_USERNAME' || $result['error_msg'] == 'LOGIN_ERROR_PASSWORD')
 					{
-						$login_error = (!$config['board_contact']) ? sprintf($user->lang[$result['error_msg']], '', '') : sprintf($user->lang[$result['error_msg']], '<a href="mailto:' . htmlspecialchars($config['board_contact']) . '">', '</a>');
+						$login_error = (!$config['board_contact']) ? sprintf($user->lang[$result['error_msg']], '', '') : sprintf($user->lang[$result['error_msg']], '<a href="mailto:' . htmlspecialchars($config['board_contact'], ENT_COMPAT) . '">', '</a>');
 					}
 
 				break;

phpBB/includes/ucp/ucp_pm_compose.php

@@ -687,6 +687,27 @@ function compose_pm($id, $mode, $action, $user_folders = array())
 	$flash_status	= ($config['auth_flash_pm'] && $auth->acl_get('u_pm_flash')) ? true : false;
 	$url_status		= ($config['allow_post_links']) ? true : false;
 
+	/**
+	 * Event to override private message BBCode status indications
+	 *
+	 * @event core.ucp_pm_compose_modify_bbcode_status
+	 *
+	 * @var bool	bbcode_status	BBCode status
+	 * @var bool	smilies_status	Smilies status
+	 * @var bool	img_status		Image BBCode status
+	 * @var bool	flash_status	Flash BBCode status
+	 * @var bool	url_status		URL BBCode status
+	 * @since 3.3.3-RC1
+	 */
+	$vars = [
+		'bbcode_status',
+		'smilies_status',
+		'img_status',
+		'flash_status',
+		'url_status',
+	];
+	extract($phpbb_dispatcher->trigger_event('core.ucp_pm_compose_modify_bbcode_status', compact($vars)));
+
 	// Save Draft
 	if ($save && $auth->acl_get('u_savedrafts'))
 	{

phpBB/includes/ucp/ucp_profile.php

@@ -186,7 +186,7 @@ class ucp_profile
 							$messenger->anti_abuse_headers($config, $user);
 
 							$messenger->assign_vars(array(
-								'USERNAME'		=> htmlspecialchars_decode($data['username']),
+								'USERNAME'		=> htmlspecialchars_decode($data['username'], ENT_COMPAT),
 								'U_ACTIVATE'	=> "$server_url/ucp.$phpEx?mode=activate&u={$user->data['user_id']}&k=$user_actkey")
 							);
 

phpBB/includes/ucp/ucp_register.php

@@ -472,9 +472,9 @@ class ucp_register
 					$messenger->anti_abuse_headers($config, $user);
 
 					$messenger->assign_vars(array(
-						'WELCOME_MSG'	=> htmlspecialchars_decode(sprintf($user->lang['WELCOME_SUBJECT'], $config['sitename'])),
-						'USERNAME'		=> htmlspecialchars_decode($data['username']),
-						'PASSWORD'		=> htmlspecialchars_decode($data['new_password']),
+						'WELCOME_MSG'	=> htmlspecialchars_decode(sprintf($user->lang['WELCOME_SUBJECT'], $config['sitename']), ENT_COMPAT),
+						'USERNAME'		=> htmlspecialchars_decode($data['username'], ENT_COMPAT),
+						'PASSWORD'		=> htmlspecialchars_decode($data['new_password'], ENT_COMPAT),
 						'U_ACTIVATE'	=> "$server_url/ucp.$phpEx?mode=activate&u=$user_id&k=$user_actkey")
 					);
 

phpBB/includes/ucp/ucp_resend.php

@@ -99,8 +99,8 @@ class ucp_resend
 				$messenger->anti_abuse_headers($config, $user);
 
 				$messenger->assign_vars(array(
-					'WELCOME_MSG'	=> htmlspecialchars_decode(sprintf($user->lang['WELCOME_SUBJECT'], $config['sitename'])),
-					'USERNAME'		=> htmlspecialchars_decode($user_row['username']),
+					'WELCOME_MSG'	=> htmlspecialchars_decode(sprintf($user->lang['WELCOME_SUBJECT'], $config['sitename']), ENT_COMPAT),
+					'USERNAME'		=> htmlspecialchars_decode($user_row['username'], ENT_COMPAT),
 					'U_ACTIVATE'	=> generate_board_url() . "/ucp.$phpEx?mode=activate&u={$user_row['user_id']}&k={$user_row['user_actkey']}")
 				);
 
@@ -134,7 +134,7 @@ class ucp_resend
 					$messenger->anti_abuse_headers($config, $user);
 
 					$messenger->assign_vars(array(
-						'USERNAME'			=> htmlspecialchars_decode($user_row['username']),
+						'USERNAME'			=> htmlspecialchars_decode($user_row['username'], ENT_COMPAT),
 						'U_USER_DETAILS'	=> generate_board_url() . "/memberlist.$phpEx?mode=viewprofile&u={$user_row['user_id']}",
 						'U_ACTIVATE'		=> generate_board_url() . "/ucp.$phpEx?mode=activate&u={$user_row['user_id']}&k={$user_row['user_actkey']}")
 					);

phpBB/index.php

@@ -211,6 +211,7 @@ if ($show_birthdays)
 	$template->assign_block_vars_array('birthdays', $birthdays);
 }
 
+$controller_helper = $phpbb_container->get('controller.helper');
 // Assign index specific vars
 $template->assign_vars(array(
 	'TOTAL_POSTS'	=> $user->lang('TOTAL_POSTS_COUNT', (int) $config['num_posts']),
@@ -222,7 +223,7 @@ $template->assign_vars(array(
 	'BIRTHDAY_LIST'	=> (empty($birthday_list)) ? '' : implode($user->lang['COMMA_SEPARATOR'], $birthday_list),
 
 	'S_LOGIN_ACTION'			=> append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=login'),
-	'U_SEND_PASSWORD'           => ($config['email_enable']) ? append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=sendpassword') : '',
+	'U_SEND_PASSWORD'           => ($config['email_enable'] && $config['allow_password_reset']) ? $controller_helper->route('phpbb_ucp_forgot_password_controller') : '',
 	'S_DISPLAY_BIRTHDAY_LIST'	=> $show_birthdays,
 	'S_INDEX'					=> true,
 

phpBB/install/app.php

@@ -16,7 +16,10 @@
  */
 define('IN_PHPBB', true);
 define('IN_INSTALL', true);
-define('PHPBB_ENVIRONMENT', 'production');
+if (!defined('PHPBB_ENVIRONMENT'))
+{
+	define('PHPBB_ENVIRONMENT', 'production');
+}
 $phpbb_root_path = '../';
 $phpEx = substr(strrchr(__FILE__, '.'), 1);
 

phpBB/install/convert/controller/convertor.php

@@ -506,7 +506,7 @@ class convertor
 			{
 				/** @var \phpbb\db\driver\driver_interface $src_db */
 				$src_db = new $src_dbms();
-				$src_db->sql_connect($src_dbhost, $src_dbuser, htmlspecialchars_decode($src_dbpasswd), $src_dbname, $src_dbport, false, true);
+				$src_db->sql_connect($src_dbhost, $src_dbuser, htmlspecialchars_decode($src_dbpasswd, ENT_COMPAT), $src_dbname, $src_dbport, false, true);
 				$same_db = false;
 			}
 			else

phpBB/install/convert/convertor.php

@@ -132,7 +132,7 @@ class convertor
 			$dbms = $convert->src_dbms;
 			/** @var \phpbb\db\driver\driver $src_db */
 			$src_db = new $dbms();
-			$src_db->sql_connect($convert->src_dbhost, $convert->src_dbuser, htmlspecialchars_decode($convert->src_dbpasswd), $convert->src_dbname, $convert->src_dbport, false, true);
+			$src_db->sql_connect($convert->src_dbhost, $convert->src_dbuser, htmlspecialchars_decode($convert->src_dbpasswd, ENT_COMPAT), $convert->src_dbname, $convert->src_dbport, false, true);
 			$same_db = false;
 		}
 		else
@@ -763,7 +763,7 @@ class convertor
 										{
 											if (!$db->sql_query($insert_query . $waiting_sql))
 											{
-												$this->db_error($user->lang['DB_ERR_INSERT'], htmlspecialchars($insert_query . $waiting_sql) . '<br /><br />' . htmlspecialchars(print_r($db->_sql_error(), true)), __LINE__, __FILE__, true);
+												$this->db_error($user->lang['DB_ERR_INSERT'], htmlspecialchars($insert_query . $waiting_sql, ENT_COMPAT) . '<br /><br />' . htmlspecialchars(print_r($db->_sql_error(), true), ENT_COMPAT), __LINE__, __FILE__, true);
 											}
 										}
 
@@ -782,7 +782,7 @@ class convertor
 
 								if (!$db->sql_query($insert_sql))
 								{
-									$this->db_error($user->lang['DB_ERR_INSERT'], htmlspecialchars($insert_sql) . '<br /><br />' . htmlspecialchars(print_r($db->_sql_error(), true)), __LINE__, __FILE__, true);
+									$this->db_error($user->lang['DB_ERR_INSERT'], htmlspecialchars($insert_sql, ENT_COMPAT) . '<br /><br />' . htmlspecialchars(print_r($db->_sql_error(), true), ENT_COMPAT), __LINE__, __FILE__, true);
 								}
 								$db->sql_return_on_error(false);
 
@@ -817,7 +817,7 @@ class convertor
 						foreach ($waiting_rows as $waiting_sql)
 						{
 							$db->sql_query($insert_query . $waiting_sql);
-							$this->db_error($user->lang['DB_ERR_INSERT'], htmlspecialchars($insert_query . $waiting_sql) . '<br /><br />' . htmlspecialchars(print_r($db->_sql_error(), true)), __LINE__, __FILE__, true);
+							$this->db_error($user->lang['DB_ERR_INSERT'], htmlspecialchars($insert_query . $waiting_sql, ENT_COMPAT) . '<br /><br />' . htmlspecialchars(print_r($db->_sql_error(), true), ENT_COMPAT), __LINE__, __FILE__, true);
 						}
 
 						$db->sql_return_on_error(false);
@@ -1300,7 +1300,7 @@ class convertor
 						else
 						{
 							// No table alias
-							$sql_data['source_tables'][$m[1]] = (empty($convert->src_table_prefix)) ? $m[1] : $convert->src_table_prefix . $m[1] . ' ' . $m[1];
+							$sql_data['source_tables'][$m[1]] = (empty($convert->src_table_prefix)) ? $m[1] : $convert->src_table_prefix . $m[1] . ' ' . $db->sql_quote($m[1]);
 						}
 
 						$sql_data['select_fields'][$value_1] = $value_1;
@@ -1314,7 +1314,7 @@ class convertor
 				{
 					foreach ($m[1] as $value)
 					{
-						$sql_data['source_tables'][$value] = (empty($convert->src_table_prefix)) ? $value : $convert->src_table_prefix . $value . ' ' . $value;
+						$sql_data['source_tables'][$value] = (empty($convert->src_table_prefix)) ? $value : $convert->src_table_prefix . $value . ' ' . $db->sql_quote($value);
 					}
 				}
 			}
@@ -1323,7 +1323,7 @@ class convertor
 		// Add the aliases to the list of tables
 		foreach ($aliases as $alias => $table)
 		{
-			$sql_data['source_tables'][$alias] = $convert->src_table_prefix . $table . ' ' . $alias;
+			$sql_data['source_tables'][$alias] = $convert->src_table_prefix . $table . ' ' . $db->sql_quote($alias);
 		}
 
 		// 'left_join'		=> 'forums LEFT JOIN forum_prune ON forums.forum_id = forum_prune.forum_id',
@@ -1468,6 +1468,12 @@ class convertor
 									$value = array($value);
 								}
 
+								// Add ENT_COMPAT default flag to html specialchars/entities functions, see PHPBB3-16690
+								if (in_array($execution, ['htmlspecialchars', 'htmlentities', 'htmlspecialchars_decode', 'html_entitity_decode']))
+								{
+									$value[] = ENT_COMPAT;
+								}
+
 								$value = call_user_func_array($execution, $value);
 							}
 							else if (strpos($type, 'execute') === 0)
@@ -1517,6 +1523,12 @@ class convertor
 									$value = array($value);
 								}
 
+								// Add ENT_COMPAT default flag to html specialchars/entities functions, see PHPBB3-16690
+								if (in_array($execution, ['htmlspecialchars', 'htmlentities', 'htmlspecialchars_decode', 'html_entitity_decode']))
+								{
+									$value[] = ENT_COMPAT;
+								}
+
 								$value = call_user_func_array($execution, $value);
 							}
 							else if (strpos($type, 'execute') === 0)

phpBB/install/convertors/convert_phpbb20.php

@@ -38,7 +38,7 @@ $dbms = $phpbb_config_php_file->convert_30_dbms_to_31($dbms);
 $convertor_data = array(
 	'forum_name'	=> 'phpBB 2.0.x',
 	'version'		=> '1.0.3',
-	'phpbb_version'	=> '3.3.2',
+	'phpbb_version'	=> '3.3.4',
 	'author'		=> '<a href="https://www.phpbb.com/">phpBB Limited</a>',
 	'dbms'			=> $dbms,
 	'dbhost'		=> $dbhost,

phpBB/install/phpbbcli.php

@@ -23,7 +23,7 @@ if (php_sapi_name() !== 'cli')
 define('IN_PHPBB', true);
 define('IN_INSTALL', true);
 define('PHPBB_ENVIRONMENT', 'production');
-define('PHPBB_VERSION', '3.3.2');
+define('PHPBB_VERSION', '3.3.4-RC1');
 $phpbb_root_path = __DIR__ . '/../';
 $phpEx = substr(strrchr(__FILE__, '.'), 1);
 

phpBB/install/schemas/schema_data.sql

@@ -316,7 +316,7 @@ INSERT INTO phpbb_config (config_name, config_value) VALUES ('update_hashes_lock
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('upload_icons_path', 'images/upload_icons');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('upload_path', 'files');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('use_system_cron', '0');
-INSERT INTO phpbb_config (config_name, config_value) VALUES ('version', '3.3.2');
+INSERT INTO phpbb_config (config_name, config_value) VALUES ('version', '3.3.4-RC1');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('warnings_expire_days', '90');
 INSERT INTO phpbb_config (config_name, config_value) VALUES ('warnings_gc', '14400');
 

phpBB/language/en/acp/common.php

@@ -371,9 +371,11 @@ $lang = array_merge($lang, array(
 	'ERROR_MBSTRING_ENCODING_TRANSLATION'			=> 'Transparent character encoding is improperly configured',
 	'ERROR_MBSTRING_ENCODING_TRANSLATION_EXPLAIN'	=> '<var>mbstring.encoding_translation</var> must be set to 0. You can check the current value on the <samp>PHP information</samp> page.',
 	'ERROR_MBSTRING_HTTP_INPUT'						=> 'HTTP input character conversion is improperly configured',
-	'ERROR_MBSTRING_HTTP_INPUT_EXPLAIN'				=> '<var>mbstring.http_input</var> must be set to <samp>pass</samp>. You can check the current value on the <samp>PHP information</samp> page.',
+	'ERROR_MBSTRING_HTTP_INPUT_EXPLAIN'				=> '<var>mbstring.http_input</var> must be left empty. You can check the current value on the <samp>PHP information</samp> page.',
 	'ERROR_MBSTRING_HTTP_OUTPUT'					=> 'HTTP output character conversion is improperly configured',
-	'ERROR_MBSTRING_HTTP_OUTPUT_EXPLAIN'			=> '<var>mbstring.http_output</var> must be set to <samp>pass</samp>. You can check the current value on the <samp>PHP information</samp> page.',
+	'ERROR_MBSTRING_HTTP_OUTPUT_EXPLAIN'			=> '<var>mbstring.http_output</var> must be left empty. You can check the current value on the <samp>PHP information</samp> page.',
+	'ERROR_DEFAULT_CHARSET'							=> 'Default charset is improperly configured',
+	'ERROR_DEFAULT_CHARSET_EXPLAIN'					=> '<var>default_charset</var> must be set to <samp>UTF-8</samp>. You can check the current value on the <samp>PHP information</samp> page.',
 
 	'FILES_PER_DAY'		=> 'Attachments per day',
 	'FORUM_STATS'		=> 'Board statistics',

phpBB/language/en/captcha_recaptcha.php

@@ -21,7 +21,7 @@ if (!defined('IN_PHPBB'))
 
 if (empty($lang) || !is_array($lang))
 {
-	$lang = array();
+	$lang = [];
 }
 
 // DEVELOPERS PLEASE NOTE
@@ -36,7 +36,7 @@ if (empty($lang) || !is_array($lang))
 // equally where a string contains only two placeholders which are used to wrap text
 // in a url you again do not need to specify an order e.g., 'Click %sHERE%s' is fine
 
-$lang = array_merge($lang, array(
+$lang = array_merge($lang, [
 	// Find the language/country code on https://developers.google.com/recaptcha/docs/language
 	// If no code exists for your language you can use "en" or leave the string empty
 	'RECAPTCHA_LANG'				=> 'en-GB',
@@ -44,10 +44,11 @@ $lang = array_merge($lang, array(
 	'CAPTCHA_RECAPTCHA'				=> 'reCaptcha v2',
 	'CAPTCHA_RECAPTCHA_V3'			=> 'reCaptcha v3',
 
-	'RECAPTCHA_INCORRECT'			=> 'The solution you provided was incorrect',
-	'RECAPTCHA_NOSCRIPT'			=> 'Please enable JavaScript in your browser to load the challenge.',
-	'RECAPTCHA_NOT_AVAILABLE'		=> 'In order to use reCaptcha, you must create an account on <a href="https://www.google.com/recaptcha">www.google.com/recaptcha</a>.',
-	'RECAPTCHA_INVISIBLE'			=> 'This CAPTCHA is actually invisible. To verify that it works, a small icon should appear in right bottom corner of this page.',
+	'RECAPTCHA_INCORRECT'				=> 'The solution you provided was incorrect',
+	'RECAPTCHA_NOSCRIPT'				=> 'Please enable JavaScript in your browser to load the challenge.',
+	'RECAPTCHA_NOT_AVAILABLE'			=> 'In order to use reCaptcha, you must create an account on <a href="https://www.google.com/recaptcha">www.google.com/recaptcha</a>.',
+	'RECAPTCHA_INVISIBLE'				=> 'This CAPTCHA is actually invisible. To verify that it works, a small icon should appear in right bottom corner of this page.',
+	'RECAPTCHA_V3_LOGIN_ERROR_ATTEMPTS'	=> 'You have exceeded the maximum number of login attempts allowed.<br>In addition to your username and password the invisible reCAPTCHA v3 will be used to authenticate your session.',
 
 	'RECAPTCHA_PUBLIC'				=> 'Site key',
 	'RECAPTCHA_PUBLIC_EXPLAIN'		=> 'Your site reCAPTCHA key. Keys can be obtained on <a href="https://www.google.com/recaptcha">www.google.com/recaptcha</a>. Please, use reCAPTCHA v2 &gt; Invisible reCAPTCHA badge type.',
@@ -73,4 +74,5 @@ $lang = array_merge($lang, array(
 	'RECAPTCHA_V3_THRESHOLD_REPORT'				=> 'Report threshold',
 	'RECAPTCHA_V3_THRESHOLDS'					=> 'Thresholds',
 	'RECAPTCHA_V3_THRESHOLDS_EXPLAIN'			=> 'reCAPTCHA v3 returns a score (<samp>1.0</samp> is very likely a good interaction, <samp>0.0</samp> is very likely a bot). Here you can set the minimum score per action.',
-));
+	'EMPTY_RECAPTCHA_V3_REQUEST_METHOD'			=> 'reCAPTCHA v3 requires to know which available method you want to use when verifying the request.',
+]);

phpBB/language/en/common.php

@@ -95,6 +95,7 @@ $lang = array_merge($lang, array(
 	'AUTH_PROVIDER_OAUTH_ERROR_INVALID_ENTRY'				=> 'Invalid database entry.',
 	'AUTH_PROVIDER_OAUTH_ERROR_INVALID_SERVICE_TYPE'		=> 'Invalid service type provided to OAuth service handler.',
 	'AUTH_PROVIDER_OAUTH_ERROR_REQUEST'						=> 'Something went wrong when processing your OAuth request.',
+	'AUTH_PROVIDER_OAUTH_RETURN_ERROR'						=> 'The external service returned a wrong value therefore your request can not be processed.',
 	'AUTH_PROVIDER_OAUTH_ERROR_SERVICE_NOT_CREATED'			=> 'OAuth service not created',
 	'AUTH_PROVIDER_OAUTH_SERVICE_BITLY'						=> 'Bitly',
 	'AUTH_PROVIDER_OAUTH_SERVICE_FACEBOOK'					=> 'Facebook',
@@ -398,7 +399,7 @@ $lang = array_merge($lang, array(
 	'LOGIN_CONFIRM_EXPLAIN'				=> 'To prevent brute forcing accounts the board requires you to enter a confirmation code after a maximum amount of failed logins. The code is displayed in the image you should see below. If you are visually impaired or cannot otherwise read this code please contact the %sBoard Administrator%s.', // unused
 	'LOGIN_ERROR_ATTEMPTS'				=> 'You exceeded the maximum allowed number of login attempts. In addition to your username and password you now also have to pass the CAPTCHA test.',
 	'LOGIN_ERROR_EXTERNAL_AUTH_APACHE'	=> 'You have not been authenticated by Apache.',
-	'LOGIN_ERROR_OAUTH_SERVICE_DOES_NOT_EXIST'	=> 'A non-existant OAuth service has been requested.',
+	'LOGIN_ERROR_OAUTH_SERVICE_DOES_NOT_EXIST'	=> 'A non-existent OAuth service has been requested.',
 	'LOGIN_ERROR_PASSWORD'				=> 'You have specified an incorrect password. Please check your password and try again. If you continue to have problems please contact the %sBoard Administrator%s.',
 	'LOGIN_ERROR_PASSWORD_CONVERT'		=> 'It was not possible to convert your password when updating this bulletin board’s software. Please %srequest a new password%s. If you continue to have problems please contact the %sBoard Administrator%s.',
 	'LOGIN_ERROR_USERNAME'				=> 'You have specified an incorrect username. Please check your username and try again. If you continue to have problems please contact the %sBoard Administrator%s.',

phpBB/language/en/email/bookmark.txt

@@ -1,10 +1,10 @@
-Subject: Topic reply notification - "{TOPIC_TITLE}"
+Subject: Reply in "{TOPIC_TITLE}"
 
 Hello {USERNAME},
 
-You are receiving this notification because a topic you bookmarked, "{TOPIC_TITLE}" at "{SITENAME}", has received a reply since your last visit. You can use the following link to view the replies made, no more notifications will be sent until you visit the topic.
+Your bookmarked topic "{TOPIC_TITLE}" received a new reply since your last visit to "{SITENAME}". No more notifications will be sent until you visit the topic.
 
-If you want to view the newest post made since your last visit, click the following link:
+If you want to view the newest post click the following link:
 {U_NEWEST_POST}
 
 If you want to view the topic, click the following link:
@@ -14,7 +14,6 @@ If you want to view the forum, click the following link:
 {U_FORUM}
 
 If you no longer wish to receive updates about replies to bookmarks, please update your notification settings here:
-
 {U_NOTIFICATION_SETTINGS}
 
 {EMAIL_SIG}

phpBB/language/en/email/forum_notify.txt

@@ -1,10 +1,9 @@
-Subject: Forum post notification - "{FORUM_NAME}"
+Subject: Reply in "{FORUM_NAME}"
 List-Unsubscribe: <{U_STOP_WATCHING_FORUM}>
 
 Hello {USERNAME},
 
-You are receiving this notification because you are watching the forum "{FORUM_NAME}" at "{SITENAME}". This forum has received a new reply to the topic "{TOPIC_TITLE}"<!-- IF AUTHOR_NAME != '' --> by {AUTHOR_NAME}<!-- ENDIF --> since your last visit. You can use the following link to view the last unread reply, no more notifications will be sent until you visit the topic.
-
+The "{FORUM_NAME}" received a new reply to the topic "{TOPIC_TITLE}"<!-- IF AUTHOR_NAME != '' --> by {AUTHOR_NAME}<!-- ENDIF --> since your last visit to "{SITENAME}". No more notifications will be sent until you visit the topic.
 {U_NEWEST_POST}
 
 If you want to view the topic, click the following link:
@@ -13,8 +12,7 @@ If you want to view the topic, click the following link:
 If you want to view the forum, click the following link:
 {U_FORUM}
 
-If you no longer wish to watch this forum you can either click the "Unsubscribe forum" link found in the forum above, or by clicking the following link:
-
+If you no longer wish to watch this forum click the following link:
 {U_STOP_WATCHING_FORUM}
 
 {EMAIL_SIG}

phpBB/language/en/email/newtopic_notify.txt

@@ -1,18 +1,15 @@
-Subject: New topic notification - "{FORUM_NAME}"
+Subject: New topic in "{FORUM_NAME}"
 List-Unsubscribe: <{U_STOP_WATCHING_FORUM}>
 
 Hello {USERNAME},
 
-You are receiving this notification because you are watching the forum "{FORUM_NAME}" at "{SITENAME}". This forum has received a new topic<!-- IF AUTHOR_NAME != '' --> by {AUTHOR_NAME}<!-- ENDIF --> since your last visit, "{TOPIC_TITLE}". You can use the following link to view the forum, no more notifications will be sent until you visit the forum.
-
+The forum "{FORUM_NAME}" received a new topic "{TOPIC_TITLE}"<!-- IF AUTHOR_NAME != '' --> by {AUTHOR_NAME}<!-- ENDIF --> since your last visit to "{SITENAME}". No more notifications will be sent until you visit the forum.
 {U_FORUM}
 
-To see new topic directly, visit the following link:
-
+If you want to view the new topic, click the following link:
 {U_TOPIC}
 
-If you no longer wish to watch this forum you can either click the "Unsubscribe forum" link found in the forum above, or by clicking the following link:
-
+If you no longer wish to watch this forum click the following link:
 {U_STOP_WATCHING_FORUM}
 
 {EMAIL_SIG}

phpBB/language/en/email/pm_report_closed.txt

@@ -2,6 +2,8 @@ Subject: Report closed - "{PM_SUBJECT}"
 
 Hello {USERNAME},
 
-You are receiving this notification because the report you filed regarding the private message "{PM_SUBJECT}" at "{SITENAME}" has been tended to by a moderator or administrator. The report is now closed. If you have further questions, please contact {CLOSER_NAME} by private message.
+The report you filed regarding the private message "{PM_SUBJECT}" at "{SITENAME}" has been tended to by a moderator or administrator. The report is now closed.
+
+If you have further questions, please contact {CLOSER_NAME} by private message.
 
 {EMAIL_SIG}

phpBB/language/en/email/pm_report_deleted.txt

@@ -2,6 +2,6 @@ Subject: Report deleted - "{PM_SUBJECT}"
 
 Hello {USERNAME},
 
-You are receiving this notification because the report you filed regarding the private message "{PM_SUBJECT}" at "{SITENAME}" was deleted by a moderator or administrator.
+The report you filed regarding the private message "{PM_SUBJECT}" at "{SITENAME}" was deleted by a moderator or administrator.
 
 {EMAIL_SIG}

phpBB/language/en/email/post_approved.txt

@@ -2,7 +2,7 @@ Subject: Post approved - "{POST_SUBJECT}"
 
 Hello {USERNAME},
 
-You are receiving this notification because your post "{POST_SUBJECT}" at "{SITENAME}" was approved by a moderator or administrator.
+Your post "{POST_SUBJECT}" at "{SITENAME}" was approved by a moderator or administrator.
 
 If you want to view the post, click the following link:
 {U_VIEW_POST}

phpBB/language/en/email/post_disapproved.txt

@@ -2,7 +2,7 @@ Subject: Post disapproved - "{POST_SUBJECT}"
 
 Hello {USERNAME},
 
-You are receiving this notification because your post "{POST_SUBJECT}" at "{SITENAME}" was disapproved by a moderator or administrator.
+Your post "{POST_SUBJECT}" at "{SITENAME}" was disapproved by a moderator or administrator.
 
 The following reason was given for the disapproval: